Add support for invalidating users JWTs

SatelliteQE · Jan 30, 2025 · a386f15 · a386f15
1 parent 463bf6d
commit a386f15
Showing 1 changed file with 83 additions and 0 deletions.
diff --git a/tests/foreman/ui/test_user.py b/tests/foreman/ui/test_user.py
@@ -17,6 +17,7 @@
 from fauxfactory import gen_email, gen_string
 import pytest
 
+from robottelo.config import user_nailgun_config
 from robottelo.constants import DEFAULT_ORG, PERMISSIONS, ROLES
 
 
@@ -307,6 +308,88 @@ def test_positive_create_product_with_limited_user_permission(
         assert newsession.product.search(product_name)[0]['Name'] == product_name
 
 
+@pytest.mark.rhel_ver_match('8')
+def test_positive_invalidate_jwt(
+    session, module_target_sat, module_org, module_location, rhel_contenthost
+):
+    """Perform end to end testing for user component
+
+    :id: be328fd7-b640-4080-9373-25f96ba2aef6
+
+    :steps:
+            1. Create an admin user and an non-admin user with "edit_users" and "view_users" permissions.
+            2. Generate a token for the user to register the host.
+            3. Login to UI with admin user and navigate to Administer -> Users and invalidate the token for the non-admin user from the dropdown.
+            4. Try to use the previously generated token to register the host and verify that the token is invalid for registration.
+            5. Repeat the steps 2,3,and 4 with non_admin user and verify the same as in Step 4.
+
+
+    :expectedresults: Tokens which are invalidated cannot be used for registration.
+
+    :Verifies: 	SAT-27537, SAT-27538, SAT-27539
+
+    :CaseImportance: High
+    """
+
+    org = module_org
+    ak = module_target_sat.api.ActivationKey(name=gen_string('alpha')).create()
+    admin_username = gen_string('alpha')
+    non_admin_username = gen_string('alpha')
+    password = gen_string('alpha')
+    roles = [module_target_sat.api.Role().create()]
+    user_permissions = {
+        'User': ['view_users', 'edit_users'],
+    }
+    module_target_sat.api_factory.create_role_permissions(roles[0], user_permissions)
+    # Create an admin user and invalidate self and others token using that user
+    admin_user = module_target_sat.api.User(
+        location=[module_location],
+        organization=[org],
+        password=password,
+        login=admin_username,
+        admin=True,
+    ).create()
+    non_admin_user = module_target_sat.api.User(
+        role=roles,
+        location=[module_location],
+        organization=[org],
+        password=password,
+        login=non_admin_username,
+    ).create()
+    login_details = {
+        'username': non_admin_user.login,
+        'password': password,
+    }
+    role = module_target_sat.cli.Role.info({'name': 'Register hosts'})
+    module_target_sat.cli.User.add_role({'id': non_admin_user.id, 'role-id': role['id']})
+    with module_target_sat.ui_session(user=admin_username, password=password) as session:
+        session.organization.select(org.name)
+        session.location.select(module_location.name)
+        user_cfg = user_nailgun_config(non_admin_user, password)
+        result = rhel_contenthost.api_register(
+            module_target_sat,
+            server_config=user_cfg,
+            organization=org,
+            location=module_location,
+            activation_keys=[ak.name],
+        )
+        assert result.status == 0, f'Failed to register host: {result.stderr}'
+        session.user.invalidate_jwt(non_admin_user.login)
+        result = rhel_contenthost.api_register(
+            module_target_sat,
+            server_config=user_cfg,
+            organization=org,
+            location=module_location,
+            activation_keys=[ak.name],
+            force=True,
+        )
+        assert result.status == 1, f'Failed to register host: {result.stderr}'
+        result = session.login.logout()
+
+        session.login.login(login_details)
+        session.user.invalidate_jwt(admin_user.login)
+
+
 @pytest.mark.tier2
 @pytest.mark.stubbed
 def test_personal_access_token_admin():