Skip to content

Commit

Permalink
Add support for Registration Tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@shweta83
shweta83 committed Feb 10, 2025
1 parent 8add939 commit b10038a
Showing 1 changed file with 95 additions and 1 deletion.
96 changes: 95 additions & 1 deletion tests/foreman/api/test_user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
import pytest
from requests.exceptions import HTTPError

from robottelo.config import settings
from robottelo.config import settings, user_nailgun_config
from robottelo.constants import LDAP_ATTR, LDAP_SERVER_TYPE, DataFile
from robottelo.utils import gen_ssh_keypairs
from robottelo.utils.datafactory import (
Expand Down Expand Up @@ -981,3 +981,97 @@ def test_expired_personal_access_token(self):
:CaseImportance: Medium
"""


@pytest.mark.no_containers
@pytest.mark.parametrize('admin_enable', [True, False])
@pytest.mark.rhel_ver_list([settings.content_host.default_rhel_version])
def test_positive_invalidate_users_tokens(
target_sat, admin_enable, module_org, module_location, rhel_contenthost, module_activation_key
):
"""Verify invalidating single and multiple users tokens.
:id: ee45cd69-d993-494c-8a14-c977096c1f52
:steps:
1. Create an admin user and a non-admin user with "edit_users" and "register_hosts" permission.
2. Generate a token with admin user and register a host with it, it should be successful.
3. Invalidate the token and try to use the generated token again to register the host, it should fail.
4. Invalidate tokens for multiple users with "invalidate-multiple" command, it should invalidate all the tokens for provided users.
5. Repeat Steps 2,3 and 4 with non-admin user and it should work the same way.
:expectedresults: Tokens invalidated cannot be used for registration of hosts.
:CaseImportance: Critical
:Verifies: SAT-30383
"""
admin_login = gen_string('alpha')
non_admin_login = gen_string('alpha')
password = gen_string('alpha')

admin_user = target_sat.api.User(
login=admin_login,
password=password,
organization=[module_org],
location=[module_location],
admin=True,
).create()
user = admin_user
login = admin_login

# Non-Admin user with "edit_users" permission and "Register hosts" role
roles = [target_sat.api.Role().create()]
host_register_role = target_sat.api.Role().search(query={'search': 'name="Register hosts"'})[0]
roles.append(host_register_role)
user_permissions = {
'User': ['edit_users'],
'Host': ['create_hosts'],
}
target_sat.api_factory.create_role_permissions(roles[0], user_permissions)

non_admin_user = target_sat.api.User(
login=non_admin_login,
password=password,
organization=[module_org],
location=[module_location],
role=roles,
).create()

if not admin_enable:
login = non_admin_login
user = non_admin_user

# Generate token and verify token invalidation
user_cfg = user_nailgun_config(login, password)
cmd = target_sat.api.RegistrationCommand(
server_config=user_cfg,
organization=module_org,
location=module_location,
activation_keys=[module_activation_key.name],
insecure=True,
).create()
result = rhel_contenthost.execute(cmd.strip('\n'))
assert result.status == 0, f'Failed to register host: {result.stderr}'

# Invalidate JWTs for a single user
result = target_sat.api.RegistrationTokens(server_config=user_cfg, user=user.id).invalidate()
assert 'Successfully invalidated registration tokens' in result['message']
assert user.login in result['user']

rhel_contenthost.unregister()
# Re-register the host with invalidated token
result = rhel_contenthost.execute(cmd.strip('\n'))
assert result.status == 1
assert 'ERROR: unauthorized' in result.stdout

# Invalidate JWTs for multiple users
result = target_sat.api.RegistrationTokens(server_config=user_cfg).invalidate_multiple(
search=f'id ^ ({user.id})'
)
assert 'Successfully invalidated registration tokens' in result['message']

# delete the users
target_sat.api.Host(name=rhel_contenthost.hostname).search()[0].delete()
admin_user.delete()
non_admin_user.delete()

0 comments on commit b10038a

Please sign in to comment.