Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

maint(pam/integration-tests): Add native QRCode tests and ensure they run as different users #401

Merged
merged 2 commits into from
Jun 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions pam/integration-tests/cli_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,16 @@ func TestCLIAuthenticate(t *testing.T) {
currentUserNotRoot bool
termEnv string
sessionEnv string
pamUser string
}{
"Authenticate user successfully": {tape: "simple_auth"},
"Authenticate user successfully with preset user": {tape: "simple_auth_with_preset_user"},
"Authenticate user with mfa": {tape: "mfa_auth"},
"Authenticate user with form mode with button": {tape: "form_with_button"},
"Authenticate user with qr code": {tape: "qr_code"},
"Authenticate user with qr code in a TTY": {tape: "qr_code", termEnv: "linux"},
"Authenticate user with qr code in a TTY session": {tape: "qr_code", termEnv: "xterm-256color", sessionEnv: "tty"},
"Authenticate user with qr code in screen": {tape: "qr_code", termEnv: "screen"},
"Authenticate user with qr code": {tape: "qr_code", pamUser: "user-integration-qr-code"},
"Authenticate user with qr code in a TTY": {tape: "qr_code", pamUser: "user-integration-qr-code-tty", termEnv: "linux"},
"Authenticate user with qr code in a TTY session": {tape: "qr_code", pamUser: "user-integration-qr-code-tty-session", termEnv: "xterm-256color", sessionEnv: "tty"},
"Authenticate user with qr code in screen": {tape: "qr_code", pamUser: "user-integration-qr-code-screen", termEnv: "screen"},
"Authenticate user and reset password while enforcing policy": {tape: "mandatory_password_reset"},
"Authenticate user and offer password reset": {tape: "optional_password_reset_skip"},
"Authenticate user switching auth mode": {tape: "switch_auth_mode"},
Expand Down Expand Up @@ -94,6 +95,9 @@ func TestCLIAuthenticate(t *testing.T) {
fmt.Sprintf("%s=%s", socketPathEnv, socketPath),
fmt.Sprintf("AUTHD_PAM_CLI_LOG_DIR=%s", filepath.Dir(cliLog)),
fmt.Sprintf("AUTHD_PAM_CLI_TEST_NAME=%s", t.Name()))
if tc.pamUser != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_USER=%s", tc.pamUser))
}
if tc.termEnv != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_TERM=%s", tc.termEnv))
}
Expand Down
17 changes: 16 additions & 1 deletion pam/integration-tests/native_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,18 @@ func TestNativeAuthenticate(t *testing.T) {
tape string

currentUserNotRoot bool
termEnv string
sessionEnv string
pamUser string
}{
"Authenticate user successfully": {tape: "simple_auth"},
"Authenticate user successfully with preset user": {tape: "simple_auth_with_preset_user"},
"Authenticate user with mfa": {tape: "mfa_auth"},
"Authenticate user with form mode with button": {tape: "form_with_button"},
"Authenticate user with qr code": {tape: "qr_code"},
"Authenticate user with qr code": {tape: "qr_code", pamUser: "user-integration-qr-code"},
"Authenticate user with qr code in a TTY": {tape: "qr_code", pamUser: "user-integration-qr-code-tty", termEnv: "linux"},
"Authenticate user with qr code in a TTY session": {tape: "qr_code", pamUser: "user-integration-qr-code-tty-session", termEnv: "xterm-256color", sessionEnv: "tty"},
"Authenticate user with qr code in screen": {tape: "qr_code", pamUser: "user-integration-qr-code-screen", termEnv: "screen"},
"Authenticate user and reset password while enforcing policy": {tape: "mandatory_password_reset"},
"Authenticate user and offer password reset": {tape: "optional_password_reset_skip"},
"Authenticate user and accept password reset": {tape: "optional_password_reset_accept"},
Expand Down Expand Up @@ -93,6 +99,15 @@ func TestNativeAuthenticate(t *testing.T) {
fmt.Sprintf("AUTHD_PAM_CLI_TEST_NAME=%s", t.Name()),
"AUTHD_PAM_CLI_SUPPORTS_CONVERSATION=1",
)
if tc.pamUser != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_USER=%s", tc.pamUser))
}
if tc.termEnv != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_TERM=%s", tc.termEnv))
}
if tc.sessionEnv != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_SESSION_TYPE=%s", tc.sessionEnv))
}
cmd.Dir = outDir

out, err := cmd.CombinedOutput()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,83 +1,3 @@
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user name




































────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user-integration-qr-code




































────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Select your provider

Expand Down
Original file line number Diff line number Diff line change
@@ -1,83 +1,3 @@
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user name




































────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user-integration-qr-code




































────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Select your provider

Expand Down Expand Up @@ -162,7 +82,7 @@ Gimme your password
Select your authentication method

> 1. Password authentication
2. Send URL to [email protected]
2. Send URL to user-integration-qr-code-tty@gmail.com
3. Use your fido device foo
4. Use your phone +33…
5. Use your phone +1…
Expand Down
Original file line number Diff line number Diff line change
@@ -1,83 +1,3 @@
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user name




































────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user-integration-qr-code




































────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Select your provider

Expand Down Expand Up @@ -162,7 +82,7 @@ Gimme your password
Select your authentication method

> 1. Password authentication
2. Send URL to [email protected]
2. Send URL to user-integration-qr-code-tty-session@gmail.com
3. Use your fido device foo
4. Use your phone +33…
5. Use your phone +1…
Expand Down
Loading
Loading