test_app_pam.py 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. # coding: utf-8
  2. '''
  3. Integration Tests for restcherry salt-api with pam eauth
  4. '''
  5. # Import Python libs
  6. from __future__ import absolute_import
  7. # Import test support libs
  8. from tests.support.case import ModuleCase
  9. from tests.support.unit import skipIf
  10. import tests.support.cherrypy_testclasses as cptc
  11. # Import Salt Libs
  12. import salt.utils.platform
  13. # Import 3rd-party libs
  14. import pytest
  15. from salt.ext.six.moves.urllib.parse import urlencode # pylint: disable=no-name-in-module,import-error
  16. if cptc.HAS_CHERRYPY:
  17. import cherrypy
  18. USERA = 'saltdev'
  19. USERA_PWD = 'saltdev'
  20. HASHED_USERA_PWD = '$6$SALTsalt$ZZFD90fKFWq8AGmmX0L3uBtS9fXL62SrTk5zcnQ6EkD6zoiM3kB88G1Zvs0xm/gZ7WXJRs5nsTBybUvGSqZkT.'
  21. AUTH_CREDS = {
  22. 'username': USERA,
  23. 'password': USERA_PWD,
  24. 'eauth': 'pam'}
  25. @skipIf(cptc.HAS_CHERRYPY is False, 'CherryPy not installed')
  26. class TestAuthPAM(cptc.BaseRestCherryPyTest, ModuleCase):
  27. '''
  28. Test auth with pam using salt-api
  29. '''
  30. @pytest.mark.destructive_test
  31. @pytest.mark.skip_if_not_root
  32. def setUp(self):
  33. super(TestAuthPAM, self).setUp()
  34. try:
  35. add_user = self.run_function('user.add', [USERA], createhome=False)
  36. add_pwd = self.run_function(
  37. 'shadow.set_password',
  38. [
  39. USERA,
  40. USERA_PWD if salt.utils.platform.is_darwin() else HASHED_USERA_PWD
  41. ]
  42. )
  43. self.assertTrue(add_user)
  44. self.assertTrue(add_pwd)
  45. user_list = self.run_function('user.list_users')
  46. self.assertIn(USERA, str(user_list))
  47. except AssertionError:
  48. self.run_function('user.delete', [USERA], remove=True)
  49. self.skipTest(
  50. 'Could not add user or password, skipping test'
  51. )
  52. def test_bad_pwd_pam_chsh_service(self):
  53. '''
  54. Test login while specifying chsh service with bad passwd
  55. This test ensures this PR is working correctly:
  56. https://github.com/saltstack/salt/pull/31826
  57. '''
  58. copyauth_creds = AUTH_CREDS.copy()
  59. copyauth_creds['service'] = 'chsh'
  60. copyauth_creds['password'] = 'wrong_password'
  61. body = urlencode(copyauth_creds)
  62. request, response = self.request('/login', method='POST', body=body,
  63. headers={
  64. 'content-type': 'application/x-www-form-urlencoded'
  65. })
  66. self.assertEqual(response.status, '401 Unauthorized')
  67. def test_bad_pwd_pam_login_service(self):
  68. '''
  69. Test login while specifying login service with bad passwd
  70. This test ensures this PR is working correctly:
  71. https://github.com/saltstack/salt/pull/31826
  72. '''
  73. copyauth_creds = AUTH_CREDS.copy()
  74. copyauth_creds['service'] = 'login'
  75. copyauth_creds['password'] = 'wrong_password'
  76. body = urlencode(copyauth_creds)
  77. request, response = self.request('/login', method='POST', body=body,
  78. headers={
  79. 'content-type': 'application/x-www-form-urlencoded'
  80. })
  81. self.assertEqual(response.status, '401 Unauthorized')
  82. def test_good_pwd_pam_chsh_service(self):
  83. '''
  84. Test login while specifying chsh service with good passwd
  85. This test ensures this PR is working correctly:
  86. https://github.com/saltstack/salt/pull/31826
  87. '''
  88. copyauth_creds = AUTH_CREDS.copy()
  89. copyauth_creds['service'] = 'chsh'
  90. body = urlencode(copyauth_creds)
  91. request, response = self.request('/login', method='POST', body=body,
  92. headers={
  93. 'content-type': 'application/x-www-form-urlencoded'
  94. })
  95. self.assertEqual(response.status, '200 OK')
  96. def test_good_pwd_pam_login_service(self):
  97. '''
  98. Test login while specifying login service with good passwd
  99. This test ensures this PR is working correctly:
  100. https://github.com/saltstack/salt/pull/31826
  101. '''
  102. copyauth_creds = AUTH_CREDS.copy()
  103. copyauth_creds['service'] = 'login'
  104. body = urlencode(copyauth_creds)
  105. request, response = self.request('/login', method='POST', body=body,
  106. headers={
  107. 'content-type': 'application/x-www-form-urlencoded'
  108. })
  109. self.assertEqual(response.status, '200 OK')
  110. @pytest.mark.destructive_test
  111. @pytest.mark.skip_if_not_root
  112. def tearDown(self):
  113. '''
  114. Clean up after tests. Delete user
  115. '''
  116. super(TestAuthPAM, self).tearDown()
  117. user_list = self.run_function('user.list_users')
  118. # Remove saltdev user
  119. if USERA in user_list:
  120. self.run_function('user.delete', [USERA], remove=True)
  121. # need to exit cherypy engine
  122. cherrypy.engine.exit()