diff --git a/functional_tests/features/security.feature b/functional_tests/features/security.feature new file mode 100644 index 000000000..0b63b5e3f --- /dev/null +++ b/functional_tests/features/security.feature @@ -0,0 +1,33 @@ +# +# This file is part of FreedomBox. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# + +@security @essential +Feature: Security + Configure security options. + +Background: + Given I'm a logged in user + +Scenario: Enable restricted console logins + Given restricted console logins are disabled + When I enable restricted console logins + Then restricted console logins should be enabled + +Scenario: Disable restricted console logins + Given restricted console logins are enabled + When I disable restricted console logins + Then restricted console logins should be disabled diff --git a/functional_tests/step_definitions/system.py b/functional_tests/step_definitions/system.py index 331ad78c6..3bd88cc00 100644 --- a/functional_tests/step_definitions/system.py +++ b/functional_tests/step_definitions/system.py @@ -209,3 +209,21 @@ def bind_enable_dnssec(browser, enable): @then(parsers.parse('bind DNSSEC should be {enabled:w}')) def bind_assert_dnssec(browser, enabled): assert system.bind_get_dnssec(browser) == (enabled == 'enabled') + + +@given(parsers.parse('restricted console logins are {enabled}')) +def security_given_enable_restricted_logins(browser, enabled): + should_enable = (enabled == 'enabled') + system.security_enable_restricted_logins(browser, should_enable) + + +@when(parsers.parse('I {enable} restricted console logins')) +def security_enable_restricted_logins(browser, enable): + should_enable = (enable == 'enable') + system.security_enable_restricted_logins(browser, should_enable) + + +@then(parsers.parse('restricted console logins should be {enabled}')) +def security_assert_restricted_logins(browser, enabled): + enabled = (enabled == 'enabled') + assert system.security_get_restricted_logins(browser) == enabled diff --git a/functional_tests/support/interface.py b/functional_tests/support/interface.py index bd839e82c..d9895d3d4 100644 --- a/functional_tests/support/interface.py +++ b/functional_tests/support/interface.py @@ -28,7 +28,8 @@ from .service import wait_for_page_update sys_modules = [ 'avahi', 'backups', 'bind', 'cockpit', 'config', 'datetime', 'diagnostics', 'dynamicdns', 'firewall', 'letsencrypt', 'monkeysphere', 'names', - 'networks', 'pagekite', 'power', 'snapshot', 'upgrades', 'users' + 'networks', 'pagekite', 'power', 'security', 'snapshot', 'upgrades', + 'users' ] default_url = config['DEFAULT']['url'] diff --git a/functional_tests/support/system.py b/functional_tests/support/system.py index d7edb5a89..8287b412e 100644 --- a/functional_tests/support/system.py +++ b/functional_tests/support/system.py @@ -258,3 +258,20 @@ def bind_get_dnssec(browser): """Return whether DNSSEC is enabled/disabled in bind configuration.""" nav_to_module(browser, 'bind') return browser.find_by_name('enable_dnssec').first.checked + + +def security_enable_restricted_logins(browser, should_enable): + """Enable/disable restricted logins in security module.""" + nav_to_module(browser, 'security') + if should_enable: + browser.check('security-restricted_access') + else: + browser.uncheck('security-restricted_access') + + submit(browser) + + +def security_get_restricted_logins(browser): + """Return whether restricted console logins is enabled.""" + nav_to_module(browser, 'security') + return browser.find_by_name('security-restricted_access').first.checked