summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2013-10-06 10:51:04 +0100
committerLars Wirzenius <liw@liw.fi>2013-10-06 10:51:04 +0100
commit9f820e9c5c4ba5ce4be60d818205890a509f1529 (patch)
treea79cb829b9071f2d5d19208bdf0bfb44814d7823
parent611ca829bf707d80723764633aa497c6aa360483 (diff)
downloadliw-gitano-acl-test-suite-9f820e9c5c4ba5ce4be60d818205890a509f1529.tar.gz
Test that non-admin can't create users
-rw-r--r--git.liw.fi.sh25
-rw-r--r--git.liw.fi.yarn39
2 files changed, 59 insertions, 5 deletions
diff --git a/git.liw.fi.sh b/git.liw.fi.sh
index b064ad5..8e3ecd0 100644
--- a/git.liw.fi.sh
+++ b/git.liw.fi.sh
@@ -10,6 +10,20 @@ die()
}
+# Attempt to run something, which may fail. Store the stdout,
+# stderr, and exit code in $DATADIR.
+
+attempt()
+{
+ if "$@" > "$DATADIR/attempt.stdout" 2> "$DATADIR/attempt.stderr"
+ then
+ echo 0 > "$DATADIR/attempt.exit"
+ else
+ echo $? > "$DATADIR/attempt.exit"
+ fi
+}
+
+
# Run gitano on the server using a desired ssh key. The key is
# either the admin key (i.e., they key of whoever invoked the
# test suite), or a test key we've created in $DATADIR.
@@ -23,7 +37,7 @@ run_gitano_as()
ssh "$GITANO@$GITHOST" "$@"
else
SSH_AUTH_SOCK= ssh -F "ssh.conf" -i "$DATADIR/$keyname.key" \
- "$GITANO@GITHOST" "$@"
+ "$GITANO@$GITHOST" "$@"
fi
}
@@ -36,6 +50,15 @@ user_exists()
}
+# Create a user, including setting their ssh key.
+
+user_add()
+{
+ run_gitano_as "$1" user add "$2" name foo@example.com
+ run_gitano_as "$1" as "$2" sshkey add somekey < "$DATADIR/$2.key.pub"
+}
+
+
# Remove a user from the server. This is a two-step process.
user_del()
diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn
index c39a0b7..a469e6d 100644
--- a/git.liw.fi.yarn
+++ b/git.liw.fi.yarn
@@ -24,9 +24,9 @@ Gitano instance using their normal ssh key. In other words,
See the `check` script for details on how to invoke yarn for this test
suite.
-The test suite will create a user called `tstusr`, and remove it
-after the test suite. The user may get created and removed multiple
-times. If the user existed beforehand, it will be removed.
+The test suite will create a user called `tstusr` and `tstusr2`, and
+remove them after the test suite. The users may get created and
+removed multiple times.
User creation
-------------
@@ -38,10 +38,23 @@ The admin must be able to create and remove a user.
GIVEN an ssh key for tstusr
WHEN admin creates user tstusr
THEN user tstusr exists
+ AND user tstusr can access gitano
WHEN admin removes user tstusr
THEN user tstusr doesn't exist
FINALLY remove user tstusr on server
+A non-admin mustn't be able to create or remove users.
+
+ SCENARIO non-admin attempts to create or remove users
+ ASSUMING no tstusr user exists on server
+ AND no tstusr2 user exists on server
+ GIVEN an ssh key for tstusr
+ AND an ssh key for tstusr2
+ WHEN admin creates user tstusr
+ AND tstusr attempts to create user tstusr2
+ THEN gitano failed with error matching "You may not perform site administration"
+ FINALLY remove user tstusr on server
+
Implementations
---------------
@@ -70,13 +83,18 @@ this, but anyone can try. Note that since we only care about
usernames, we invent the real name and e-mail address.
IMPLEMENTS WHEN (\S+) creates user (\S+)
- run_gitano_as "$MATCH_1" user add "$MATCH_2" name foo@example.com
+ user_add "$MATCH_1" "$MATCH_2"
Verify a user exists on the server.
IMPLEMENTS THEN user (\S+) exists
user_exists "$MATCH_1"
+Verify a user can access gitano (by invoking whoami).
+
+ IMPLEMENTS THEN user (\S+) can access gitano
+ run_gitano_as "$MATCH_1" whoami | grep "User name: $MATCH_1\$"
+
Remove a user.
IMPLEMENTS WHEN (\S+) removes user (\S+)
@@ -94,3 +112,16 @@ Clean up user.
IMPLEMENTS FINALLY remove user (\S+) on server
user_del admin "$MATCH_1"
+
+Attempt to create a user; check later if it worked.
+
+ IMPLEMENTS WHEN (\S+) attempts to create user (\S+)
+ attempt user_add "$MATCH_1" "$MATCH_2"
+
+Check error message from latest gitano run that we assumed would fail.
+
+ IMPLEMENTS THEN gitano failed with error matching "(.*)"
+ echo ==========================
+ cat "$DATADIR/attempt.stderr"
+ echo ==========================
+ grep "$MATCH_1" "$DATADIR/attempt.stderr"