nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix failing root tests

Browse Source 
- There are tests checking whether a user can login to ssh which fail with the
  default security settings.
- Toggling the security settings in the setup and teardown of the test suite to
  allow non-admin users to login to ssh as well.

Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Joseph Nuthalapati 2017-11-24 10:37:59 +05:30 committed by James Valleroy
parent 9adc777ae9
commit 8da56c0fb4
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
plinth/modules/users/tests/test_actions.py
View File

@ -28,6 +28,7 @@ import subprocess
import unittest import unittest
from plinth import action_utils from plinth import action_utils
from plinth.modules import security
euid = os.geteuid() euid = os.geteuid()
@ -40,11 +41,8 @@ def random_string(length=8):
def is_exit_zero(args): def is_exit_zero(args):
"""Return whether a command gave exit code zero""" """Return whether a command gave exit code zero"""
process = subprocess.run( process = subprocess.run(args, stdout=subprocess.DEVNULL,
args, stderr=subprocess.DEVNULL, check=False)
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
check=False)
return process.returncode == 0 return process.returncode == 0
@ -55,8 +53,8 @@ def get_password_hash(username):
'-b', 'ou=users,dc=thisbox', '-Q', '(cn={})'.format(username), '-b', 'ou=users,dc=thisbox', '-Q', '(cn={})'.format(username),
'userPassword' 'userPassword'
] ]
process = subprocess.run( process = subprocess.run(query, stdout=subprocess.PIPE,
query, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, check=True) stderr=subprocess.DEVNULL, check=True)
return process.stdout.decode().strip().split()[-1] return process.stdout.decode().strip().split()[-1]
@ -71,11 +69,8 @@ def try_login_to_ssh(username, password, returncode=0):
'-o', 'StrictHostKeyChecking=no', '-o', 'VerifyHostKeyDNS=no', '-o', 'StrictHostKeyChecking=no', '-o', 'VerifyHostKeyDNS=no',
username + '@127.0.0.1', '/bin/true' username + '@127.0.0.1', '/bin/true'
] ]
process = subprocess.run( process = subprocess.run(command, stdout=subprocess.DEVNULL,
command, stderr=subprocess.DEVNULL, check=False)
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
check=False)
return process.returncode == returncode return process.returncode == returncode
@ -89,6 +84,7 @@ class TestActions(unittest.TestCase):
'..', 'actions', 'users') '..', 'actions', 'users')
self.users = set() self.users = set()
self.groups = set() self.groups = set()
security.set_restricted_access(False)
def tearDown(self): def tearDown(self):
for user in self.users: for user in self.users:
@ -100,6 +96,8 @@ class TestActions(unittest.TestCase):
for group in self.groups: for group in self.groups:
self.delete_group(group) self.delete_group(group)
security.set_restricted_access(True)
def call_action(self, arguments, **kwargs): def call_action(self, arguments, **kwargs):
"""Call the action script.""" """Call the action script."""
kwargs['stdout'] = kwargs.get('stdout', subprocess.DEVNULL) kwargs['stdout'] = kwargs.get('stdout', subprocess.DEVNULL)
@ -136,8 +134,8 @@ class TestActions(unittest.TestCase):
def get_user_groups(self, username): def get_user_groups(self, username):
"""Return the list of groups for a user.""" """Return the list of groups for a user."""
process = self.call_action( process = self.call_action(['get-user-groups', username],
['get-user-groups', username], stdout=subprocess.PIPE) stdout=subprocess.PIPE)
return process.stdout.decode().split() return process.stdout.decode().split()
def create_group(self, groupname=None): def create_group(self, groupname=None):
@ -163,8 +161,8 @@ class TestActions(unittest.TestCase):
username, old_password = self.create_user() username, old_password = self.create_user()
old_password_hash = get_password_hash(username) old_password_hash = get_password_hash(username)
new_password = 'pass $123' new_password = 'pass $123'
self.call_action( self.call_action(['set-user-password', username],
['set-user-password', username], input=new_password.encode()) input=new_password.encode())
new_password_hash = get_password_hash(username) new_password_hash = get_password_hash(username)
self.assertNotEqual(old_password_hash, new_password_hash) self.assertNotEqual(old_password_hash, new_password_hash)
@ -178,8 +176,8 @@ class TestActions(unittest.TestCase):
non_existent_user = random_string() non_existent_user = random_string()
fake_password = random_string().encode() fake_password = random_string().encode()
with self.assertRaises(subprocess.CalledProcessError): with self.assertRaises(subprocess.CalledProcessError):
self.call_action( self.call_action(['set-user-password', non_existent_user],
['set-user-password', non_existent_user], input=fake_password) input=fake_password)
@unittest.skipUnless(euid == 0, 'Needs to be root') @unittest.skipUnless(euid == 0, 'Needs to be root')
def test_rename_user(self): def test_rename_user(self):