|
20 | 20 |
|
21 | 21 | from robottelo import constants |
22 | 22 | from robottelo.config import ( |
| 23 | + admin_nailgun_config, |
23 | 24 | settings, |
24 | 25 | user_nailgun_config, |
25 | 26 | ) |
@@ -447,3 +448,93 @@ def test_positive_katello_ca_crt_refresh( |
447 | 448 | # check if the certificate file is refreshed |
448 | 449 | ca_file_after_refresh = len(str(rhel_contenthost.execute(f'cat {katello_ca_crt_path}'))) |
449 | 450 | assert ca_cert_file == ca_file_after_refresh |
| 451 | + |
| 452 | + |
| 453 | +@pytest.mark.no_containers |
| 454 | +@pytest.mark.rhel_ver_list([settings.content_host.default_rhel_version]) |
| 455 | +def test_positive_invalidate_users_tokens( |
| 456 | + target_sat, request, module_org, module_location, rhel_contenthost, module_activation_key |
| 457 | +): |
| 458 | + """Verify invalidating single and multiple users tokens. |
| 459 | +
|
| 460 | + :id: ee45cd69-d993-494c-8a14-c977096c1f52 |
| 461 | +
|
| 462 | + :steps: |
| 463 | + 1. Create an admin user and a non-admin user with "edit_users" and "register_hosts" permission. |
| 464 | + 2. Generate a token with admin user and register a host with it, it should be successful. |
| 465 | + 3. Invalidate the token and try to use the generated token again to register the host, it should fail. |
| 466 | + 4. Invalidate tokens for multiple users with "invalidate-multiple" command, it should invalidate all the tokens for provided users. |
| 467 | + 5. Repeat Steps 2,3 and 4 with non-admin user and it should work the same way. |
| 468 | +
|
| 469 | + :expectedresults: Tokens invalidated cannot be used for registration of hosts. |
| 470 | +
|
| 471 | + :CaseImportance: Critical |
| 472 | +
|
| 473 | + :Verifies: SAT-30383 |
| 474 | + """ |
| 475 | + password = settings.server.admin_password |
| 476 | + |
| 477 | + # Admin User |
| 478 | + admin_user = target_sat.api.User().search( |
| 479 | + query={'search': f'login={settings.server.admin_username}'} |
| 480 | + )[0] |
| 481 | + user_cfg = admin_nailgun_config() |
| 482 | + user = admin_user |
| 483 | + |
| 484 | + # Non-Admin user with "edit_users" permission and "Register hosts" role |
| 485 | + roles = [target_sat.api.Role().create()] |
| 486 | + host_register_role = target_sat.api.Role().search(query={'search': 'name="Register hosts"'})[0] |
| 487 | + roles.append(host_register_role) |
| 488 | + user_permissions = { |
| 489 | + 'User': ['edit_users'], |
| 490 | + 'Host': ['create_hosts'], |
| 491 | + } |
| 492 | + target_sat.api_factory.create_role_permissions(roles[0], user_permissions) |
| 493 | + |
| 494 | + non_admin_user = target_sat.api.User( |
| 495 | + login=gen_string('alpha'), |
| 496 | + password=password, |
| 497 | + organization=[module_org], |
| 498 | + location=[module_location], |
| 499 | + role=roles, |
| 500 | + ).create() |
| 501 | + |
| 502 | + # delete the users |
| 503 | + @request.addfinalizer |
| 504 | + def _finalize(): |
| 505 | + target_sat.api.Host(name=rhel_contenthost.hostname).search()[0].delete() |
| 506 | + non_admin_user.delete() |
| 507 | + |
| 508 | + # Generate token and verify token invalidation |
| 509 | + for usertype in (admin_user, non_admin_user): |
| 510 | + if usertype == non_admin_user: |
| 511 | + user_cfg = user_nailgun_config(non_admin_user.login, password) |
| 512 | + user = non_admin_user |
| 513 | + cmd = target_sat.api.RegistrationCommand( |
| 514 | + server_config=user_cfg, |
| 515 | + organization=module_org, |
| 516 | + location=module_location, |
| 517 | + activation_keys=[module_activation_key.name], |
| 518 | + insecure=True, |
| 519 | + ).create() |
| 520 | + result = rhel_contenthost.execute(cmd.strip('\n')) |
| 521 | + assert result.status == 0, f'Failed to register host: {result.stderr}' |
| 522 | + |
| 523 | + # Invalidate JWTs for a single user |
| 524 | + result = target_sat.api.RegistrationTokens( |
| 525 | + server_config=user_cfg, user=user.id |
| 526 | + ).invalidate() |
| 527 | + assert 'Successfully invalidated registration tokens' in result['message'] |
| 528 | + assert user.login in result['user'] |
| 529 | + |
| 530 | + rhel_contenthost.unregister() |
| 531 | + # Re-register the host with invalidated token |
| 532 | + result = rhel_contenthost.execute(cmd.strip('\n')) |
| 533 | + assert result.status == 1 |
| 534 | + assert 'ERROR: unauthorized' in result.stdout |
| 535 | + |
| 536 | + # Invalidate JWTs for multiple users |
| 537 | + result = target_sat.api.RegistrationTokens(server_config=user_cfg).invalidate_multiple( |
| 538 | + search=f'id ^ ({admin_user.id, non_admin_user.id})' |
| 539 | + ) |
| 540 | + assert 'Successfully invalidated registration tokens' in result['message'] |
0 commit comments