123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 |
- # coding: utf-8
- '''
- Integration Tests for restcherry salt-api with pam eauth
- '''
- # Import Python libs
- from __future__ import absolute_import
- # Import test support libs
- from tests.support.case import ModuleCase
- from tests.support.unit import skipIf
- import tests.support.cherrypy_testclasses as cptc
- # Import Salt Libs
- import salt.utils.platform
- # Import 3rd-party libs
- import pytest
- from salt.ext.six.moves.urllib.parse import urlencode # pylint: disable=no-name-in-module,import-error
- if cptc.HAS_CHERRYPY:
- import cherrypy
- USERA = 'saltdev'
- USERA_PWD = 'saltdev'
- HASHED_USERA_PWD = '$6$SALTsalt$ZZFD90fKFWq8AGmmX0L3uBtS9fXL62SrTk5zcnQ6EkD6zoiM3kB88G1Zvs0xm/gZ7WXJRs5nsTBybUvGSqZkT.'
- AUTH_CREDS = {
- 'username': USERA,
- 'password': USERA_PWD,
- 'eauth': 'pam'}
- @skipIf(cptc.HAS_CHERRYPY is False, 'CherryPy not installed')
- class TestAuthPAM(cptc.BaseRestCherryPyTest, ModuleCase):
- '''
- Test auth with pam using salt-api
- '''
- @pytest.mark.destructive_test
- @pytest.mark.skip_if_not_root
- def setUp(self):
- super(TestAuthPAM, self).setUp()
- try:
- add_user = self.run_function('user.add', [USERA], createhome=False)
- add_pwd = self.run_function(
- 'shadow.set_password',
- [
- USERA,
- USERA_PWD if salt.utils.platform.is_darwin() else HASHED_USERA_PWD
- ]
- )
- self.assertTrue(add_user)
- self.assertTrue(add_pwd)
- user_list = self.run_function('user.list_users')
- self.assertIn(USERA, str(user_list))
- except AssertionError:
- self.run_function('user.delete', [USERA], remove=True)
- self.skipTest(
- 'Could not add user or password, skipping test'
- )
- def test_bad_pwd_pam_chsh_service(self):
- '''
- Test login while specifying chsh service with bad passwd
- This test ensures this PR is working correctly:
- https://github.com/saltstack/salt/pull/31826
- '''
- copyauth_creds = AUTH_CREDS.copy()
- copyauth_creds['service'] = 'chsh'
- copyauth_creds['password'] = 'wrong_password'
- body = urlencode(copyauth_creds)
- request, response = self.request('/login', method='POST', body=body,
- headers={
- 'content-type': 'application/x-www-form-urlencoded'
- })
- self.assertEqual(response.status, '401 Unauthorized')
- def test_bad_pwd_pam_login_service(self):
- '''
- Test login while specifying login service with bad passwd
- This test ensures this PR is working correctly:
- https://github.com/saltstack/salt/pull/31826
- '''
- copyauth_creds = AUTH_CREDS.copy()
- copyauth_creds['service'] = 'login'
- copyauth_creds['password'] = 'wrong_password'
- body = urlencode(copyauth_creds)
- request, response = self.request('/login', method='POST', body=body,
- headers={
- 'content-type': 'application/x-www-form-urlencoded'
- })
- self.assertEqual(response.status, '401 Unauthorized')
- def test_good_pwd_pam_chsh_service(self):
- '''
- Test login while specifying chsh service with good passwd
- This test ensures this PR is working correctly:
- https://github.com/saltstack/salt/pull/31826
- '''
- copyauth_creds = AUTH_CREDS.copy()
- copyauth_creds['service'] = 'chsh'
- body = urlencode(copyauth_creds)
- request, response = self.request('/login', method='POST', body=body,
- headers={
- 'content-type': 'application/x-www-form-urlencoded'
- })
- self.assertEqual(response.status, '200 OK')
- def test_good_pwd_pam_login_service(self):
- '''
- Test login while specifying login service with good passwd
- This test ensures this PR is working correctly:
- https://github.com/saltstack/salt/pull/31826
- '''
- copyauth_creds = AUTH_CREDS.copy()
- copyauth_creds['service'] = 'login'
- body = urlencode(copyauth_creds)
- request, response = self.request('/login', method='POST', body=body,
- headers={
- 'content-type': 'application/x-www-form-urlencoded'
- })
- self.assertEqual(response.status, '200 OK')
- @pytest.mark.destructive_test
- @pytest.mark.skip_if_not_root
- def tearDown(self):
- '''
- Clean up after tests. Delete user
- '''
- super(TestAuthPAM, self).tearDown()
- user_list = self.run_function('user.list_users')
- # Remove saltdev user
- if USERA in user_list:
- self.run_function('user.delete', [USERA], remove=True)
- # need to exit cherypy engine
- cherrypy.engine.exit()
|