|
23 | 23 | import pytest |
24 | 24 | from requests.exceptions import HTTPError |
25 | 25 |
|
26 | | -from robottelo.config import settings |
| 26 | +from robottelo.config import settings, user_nailgun_config |
27 | 27 | from robottelo.constants import LDAP_ATTR, LDAP_SERVER_TYPE, DataFile |
28 | 28 | from robottelo.utils import gen_ssh_keypairs |
29 | 29 | from robottelo.utils.datafactory import ( |
@@ -981,3 +981,100 @@ def test_expired_personal_access_token(self): |
981 | 981 | :CaseImportance: Medium |
982 | 982 |
|
983 | 983 | """ |
| 984 | + |
| 985 | + |
| 986 | +@pytest.mark.no_containers |
| 987 | +@pytest.mark.parametrize('admin_enable', [True, False]) |
| 988 | +@pytest.mark.rhel_ver_list([settings.content_host.default_rhel_version]) |
| 989 | +def test_positive_invalidate_users_tokens( |
| 990 | + target_sat, admin_enable, module_org, module_location, rhel_contenthost, module_activation_key |
| 991 | +): |
| 992 | + """Verify invalidating single and multiple users tokens. |
| 993 | +
|
| 994 | + :id: ee45cd69-d993-494c-8a14-c977096c1f52 |
| 995 | +
|
| 996 | + :steps: |
| 997 | + 1. Create an admin user and a non-admin user with "edit_users" and "register_hosts" permission. |
| 998 | + 2. Generate a token with admin user and register a host with it, it should be successful. |
| 999 | + 3. Invalidate the token and try to use the generated token again to register the host, it should fail. |
| 1000 | + 4. Invalidate tokens for multiple users with "invalidate-multiple" command, it should invalidate all the tokens for provided users. |
| 1001 | + 5. Repeat Steps 2,3 and 4 with non-admin user and it should work the same way. |
| 1002 | +
|
| 1003 | + :expectedresults: Tokens invalidated cannot be used for registration of hosts. |
| 1004 | +
|
| 1005 | + :CaseImportance: Critical |
| 1006 | +
|
| 1007 | + :Verifies: SAT-30383 |
| 1008 | + """ |
| 1009 | + admin_login = gen_string('alpha') |
| 1010 | + non_admin_login = gen_string('alpha') |
| 1011 | + password = gen_string('alpha') |
| 1012 | + |
| 1013 | + admin_user = target_sat.api.User( |
| 1014 | + login=admin_login, |
| 1015 | + password=password, |
| 1016 | + organization=[module_org], |
| 1017 | + location=[module_location], |
| 1018 | + admin=True, |
| 1019 | + ).create() |
| 1020 | + user = admin_user |
| 1021 | + login = admin_login |
| 1022 | + |
| 1023 | + # Non-Admin user with "edit_users" permission and "Register hosts" role |
| 1024 | + roles = [target_sat.api.Role().create()] |
| 1025 | + host_register_role = target_sat.api.Role().search(query={'search': 'name="Register hosts"'})[0] |
| 1026 | + roles.append(host_register_role) |
| 1027 | + user_permissions = { |
| 1028 | + 'User': ['edit_users'], |
| 1029 | + 'Host': ['create_hosts'], |
| 1030 | + } |
| 1031 | + target_sat.api_factory.create_role_permissions(roles[0], user_permissions) |
| 1032 | + |
| 1033 | + non_admin_user = target_sat.api.User( |
| 1034 | + login=non_admin_login, |
| 1035 | + password=password, |
| 1036 | + organization=[module_org], |
| 1037 | + location=[module_location], |
| 1038 | + role=roles, |
| 1039 | + ).create() |
| 1040 | + |
| 1041 | + if not admin_enable: |
| 1042 | + login = non_admin_login |
| 1043 | + user = non_admin_user |
| 1044 | + |
| 1045 | + # Generate token and verify token invalidation |
| 1046 | + user_cfg = user_nailgun_config(login, password) |
| 1047 | + cmd = target_sat.api.RegistrationCommand( |
| 1048 | + server_config=user_cfg, |
| 1049 | + organization=module_org, |
| 1050 | + location=module_location, |
| 1051 | + activation_keys=[module_activation_key.name], |
| 1052 | + insecure=True, |
| 1053 | + ).create() |
| 1054 | + result = rhel_contenthost.execute(cmd.strip('\n')) |
| 1055 | + assert result.status == 0, f'Failed to register host: {result.stderr}' |
| 1056 | + |
| 1057 | + server_config = user_nailgun_config(login, password) |
| 1058 | + # Invalidate JWTs for a single user |
| 1059 | + result = target_sat.api.RegistrationTokens( |
| 1060 | + server_config=server_config, user=user.id |
| 1061 | + ).invalidate() |
| 1062 | + assert 'Successfully invalidated registration tokens' in result['message'] |
| 1063 | + assert user.login in result['user'] |
| 1064 | + |
| 1065 | + rhel_contenthost.unregister() |
| 1066 | + # Re-register the host with invalidated token |
| 1067 | + result = rhel_contenthost.execute(cmd.strip('\n')) |
| 1068 | + assert result.status == 1 |
| 1069 | + assert 'ERROR: unauthorized' in result.stdout |
| 1070 | + |
| 1071 | + # Invalidate JWTs for multiple users |
| 1072 | + result = target_sat.api.RegistrationTokens(server_config=server_config).invalidate_multiple( |
| 1073 | + search=f'id ^ ({user.id})' |
| 1074 | + ) |
| 1075 | + assert 'Successfully invalidated registration tokens' in result['message'] |
| 1076 | + |
| 1077 | + # delete the users |
| 1078 | + target_sat.api.Host(name=rhel_contenthost.hostname).search()[0].delete() |
| 1079 | + admin_user.delete() |
| 1080 | + non_admin_user.delete() |
0 commit comments