diff options
authorLars Wirzenius <>2013-10-06 10:51:04 +0100
committerLars Wirzenius <>2013-10-06 10:51:04 +0100
commit9f820e9c5c4ba5ce4be60d818205890a509f1529 (patch)
parent611ca829bf707d80723764633aa497c6aa360483 (diff)
Test that non-admin can't create users
2 files changed, 59 insertions, 5 deletions
diff --git a/ b/
index b064ad5..8e3ecd0 100644
--- a/
+++ b/
@@ -10,6 +10,20 @@ die()
+# Attempt to run something, which may fail. Store the stdout,
+# stderr, and exit code in $DATADIR.
+ if "$@" > "$DATADIR/attempt.stdout" 2> "$DATADIR/attempt.stderr"
+ then
+ echo 0 > "$DATADIR/attempt.exit"
+ else
+ echo $? > "$DATADIR/attempt.exit"
+ fi
# Run gitano on the server using a desired ssh key. The key is
# either the admin key (i.e., they key of whoever invoked the
# test suite), or a test key we've created in $DATADIR.
@@ -23,7 +37,7 @@ run_gitano_as()
ssh "$GITANO@$GITHOST" "$@"
SSH_AUTH_SOCK= ssh -F "ssh.conf" -i "$DATADIR/$keyname.key" \
@@ -36,6 +50,15 @@ user_exists()
+# Create a user, including setting their ssh key.
+ run_gitano_as "$1" user add "$2" name
+ run_gitano_as "$1" as "$2" sshkey add somekey < "$DATADIR/$"
# Remove a user from the server. This is a two-step process.
diff --git a/ b/
index c39a0b7..a469e6d 100644
--- a/
+++ b/
@@ -24,9 +24,9 @@ Gitano instance using their normal ssh key. In other words,
See the `check` script for details on how to invoke yarn for this test
-The test suite will create a user called `tstusr`, and remove it
-after the test suite. The user may get created and removed multiple
-times. If the user existed beforehand, it will be removed.
+The test suite will create a user called `tstusr` and `tstusr2`, and
+remove them after the test suite. The users may get created and
+removed multiple times.
User creation
@@ -38,10 +38,23 @@ The admin must be able to create and remove a user.
GIVEN an ssh key for tstusr
WHEN admin creates user tstusr
THEN user tstusr exists
+ AND user tstusr can access gitano
WHEN admin removes user tstusr
THEN user tstusr doesn't exist
FINALLY remove user tstusr on server
+A non-admin mustn't be able to create or remove users.
+ SCENARIO non-admin attempts to create or remove users
+ ASSUMING no tstusr user exists on server
+ AND no tstusr2 user exists on server
+ GIVEN an ssh key for tstusr
+ AND an ssh key for tstusr2
+ WHEN admin creates user tstusr
+ AND tstusr attempts to create user tstusr2
+ THEN gitano failed with error matching "You may not perform site administration"
+ FINALLY remove user tstusr on server
@@ -70,13 +83,18 @@ this, but anyone can try. Note that since we only care about
usernames, we invent the real name and e-mail address.
IMPLEMENTS WHEN (\S+) creates user (\S+)
- run_gitano_as "$MATCH_1" user add "$MATCH_2" name
+ user_add "$MATCH_1" "$MATCH_2"
Verify a user exists on the server.
IMPLEMENTS THEN user (\S+) exists
user_exists "$MATCH_1"
+Verify a user can access gitano (by invoking whoami).
+ IMPLEMENTS THEN user (\S+) can access gitano
+ run_gitano_as "$MATCH_1" whoami | grep "User name: $MATCH_1\$"
Remove a user.
IMPLEMENTS WHEN (\S+) removes user (\S+)
@@ -94,3 +112,16 @@ Clean up user.
IMPLEMENTS FINALLY remove user (\S+) on server
user_del admin "$MATCH_1"
+Attempt to create a user; check later if it worked.
+ IMPLEMENTS WHEN (\S+) attempts to create user (\S+)
+ attempt user_add "$MATCH_1" "$MATCH_2"
+Check error message from latest gitano run that we assumed would fail.
+ IMPLEMENTS THEN gitano failed with error matching "(.*)"
+ echo ==========================
+ cat "$DATADIR/attempt.stderr"
+ echo ==========================
+ grep "$MATCH_1" "$DATADIR/attempt.stderr"