From 9f820e9c5c4ba5ce4be60d818205890a509f1529 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 6 Oct 2013 10:51:04 +0100 Subject: Test that non-admin can't create users --- git.liw.fi.yarn | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) (limited to 'git.liw.fi.yarn') diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn index c39a0b7..a469e6d 100644 --- a/git.liw.fi.yarn +++ b/git.liw.fi.yarn @@ -24,9 +24,9 @@ Gitano instance using their normal ssh key. In other words, See the `check` script for details on how to invoke yarn for this test suite. -The test suite will create a user called `tstusr`, and remove it -after the test suite. The user may get created and removed multiple -times. If the user existed beforehand, it will be removed. +The test suite will create a user called `tstusr` and `tstusr2`, and +remove them after the test suite. The users may get created and +removed multiple times. User creation ------------- @@ -38,10 +38,23 @@ The admin must be able to create and remove a user. GIVEN an ssh key for tstusr WHEN admin creates user tstusr THEN user tstusr exists + AND user tstusr can access gitano WHEN admin removes user tstusr THEN user tstusr doesn't exist FINALLY remove user tstusr on server +A non-admin mustn't be able to create or remove users. + + SCENARIO non-admin attempts to create or remove users + ASSUMING no tstusr user exists on server + AND no tstusr2 user exists on server + GIVEN an ssh key for tstusr + AND an ssh key for tstusr2 + WHEN admin creates user tstusr + AND tstusr attempts to create user tstusr2 + THEN gitano failed with error matching "You may not perform site administration" + FINALLY remove user tstusr on server + Implementations --------------- @@ -70,13 +83,18 @@ this, but anyone can try. Note that since we only care about usernames, we invent the real name and e-mail address. IMPLEMENTS WHEN (\S+) creates user (\S+) - run_gitano_as "$MATCH_1" user add "$MATCH_2" name foo@example.com + user_add "$MATCH_1" "$MATCH_2" Verify a user exists on the server. IMPLEMENTS THEN user (\S+) exists user_exists "$MATCH_1" +Verify a user can access gitano (by invoking whoami). + + IMPLEMENTS THEN user (\S+) can access gitano + run_gitano_as "$MATCH_1" whoami | grep "User name: $MATCH_1\$" + Remove a user. IMPLEMENTS WHEN (\S+) removes user (\S+) @@ -94,3 +112,16 @@ Clean up user. IMPLEMENTS FINALLY remove user (\S+) on server user_del admin "$MATCH_1" + +Attempt to create a user; check later if it worked. + + IMPLEMENTS WHEN (\S+) attempts to create user (\S+) + attempt user_add "$MATCH_1" "$MATCH_2" + +Check error message from latest gitano run that we assumed would fail. + + IMPLEMENTS THEN gitano failed with error matching "(.*)" + echo ========================== + cat "$DATADIR/attempt.stderr" + echo ========================== + grep "$MATCH_1" "$DATADIR/attempt.stderr" -- cgit v1.2.1