security: Add functional tests for restricted logins

Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

functional_tests/features/security.feature

@@ -0,0 +1,33 @@
+#
+# This file is part of FreedomBox.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+@security @essential
+Feature: Security
+  Configure security options.
+
+Background:
+  Given I'm a logged in user
+
+Scenario: Enable restricted console logins
+  Given restricted console logins are disabled
+  When I enable restricted console logins
+  Then restricted console logins should be enabled
+
+Scenario: Disable restricted console logins
+  Given restricted console logins are enabled
+  When I disable restricted console logins
+  Then restricted console logins should be disabled

functional_tests/step_definitions/system.py

@@ -209,3 +209,21 @@ def bind_enable_dnssec(browser, enable):
 @then(parsers.parse('bind DNSSEC should be {enabled:w}'))
 def bind_assert_dnssec(browser, enabled):
     assert system.bind_get_dnssec(browser) == (enabled == 'enabled')
+
+
+@given(parsers.parse('restricted console logins are {enabled}'))
+def security_given_enable_restricted_logins(browser, enabled):
+    should_enable = (enabled == 'enabled')
+    system.security_enable_restricted_logins(browser, should_enable)
+
+
+@when(parsers.parse('I {enable} restricted console logins'))
+def security_enable_restricted_logins(browser, enable):
+    should_enable = (enable == 'enable')
+    system.security_enable_restricted_logins(browser, should_enable)
+
+
+@then(parsers.parse('restricted console logins should be {enabled}'))
+def security_assert_restricted_logins(browser, enabled):
+    enabled = (enabled == 'enabled')
+    assert system.security_get_restricted_logins(browser) == enabled

functional_tests/support/interface.py

@@ -28,7 +28,8 @@ from .service import wait_for_page_update
 sys_modules = [
     'avahi', 'backups', 'bind', 'cockpit', 'config', 'datetime', 'diagnostics',
     'dynamicdns', 'firewall', 'letsencrypt', 'monkeysphere', 'names',
-    'networks', 'pagekite', 'power', 'snapshot', 'upgrades', 'users'
+    'networks', 'pagekite', 'power', 'security', 'snapshot', 'upgrades',
+    'users'
 ]
 
 default_url = config['DEFAULT']['url']

functional_tests/support/system.py

@@ -258,3 +258,20 @@ def bind_get_dnssec(browser):
     """Return whether DNSSEC is enabled/disabled in bind configuration."""
     nav_to_module(browser, 'bind')
     return browser.find_by_name('enable_dnssec').first.checked
+
+
+def security_enable_restricted_logins(browser, should_enable):
+    """Enable/disable restricted logins in security module."""
+    nav_to_module(browser, 'security')
+    if should_enable:
+        browser.check('security-restricted_access')
+    else:
+        browser.uncheck('security-restricted_access')
+
+    submit(browser)
+
+
+def security_get_restricted_logins(browser):
+    """Return whether restricted console logins is enabled."""
+    nav_to_module(browser, 'security')
+    return browser.find_by_name('security-restricted_access').first.checked