1*** Settings ***
2Documentation     Test root user expire password.
3
4Resource          ../lib/resource.robot
5Resource          ../gui/lib/resource.robot
6Resource          ../lib/ipmi_client.robot
7Library           ../lib/bmc_ssh_utils.py
8Library           SSHLibrary
9
10*** Variables ***
11
12# If user re-tries more than 5 time incorrectly, the user gets locked for 5 minutes.
13${default_lockout_duration}   ${300}
14
15
16*** Test Cases ***
17
18Expire Root Password And Check IPMI Access Fails
19    [Documentation]   Expire root user password and expect an error while access via IPMI.
20    [Tags]  Expire_Root_Password_And_Check_IPMI_Access_Fails
21    [Teardown]  Test Teardown Execution
22
23    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
24
25    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
26    Should Contain  ${output}  password expiry information changed
27
28    ${status}=  Run Keyword And Return Status   Run External IPMI Standard Command  lan print -v
29    Should Be Equal  ${status}  ${False}
30
31
32Expire Root Password And Check SSH Access Fails
33    [Documentation]   Expire root user password and expect an error while access via SSH.
34    [Tags]  Expire_Root_Password_And_Check_SSH_Access_Fails
35    [Teardown]  Test Teardown Execution
36
37    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
38    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
39    Should Contain  ${output}  password expiry information changed
40
41    ${status}=  Run Keyword And Return Status
42    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
43    Should Be Equal  ${status}  ${False}
44
45
46Expire And Change Root User Password And Access Via SSH
47    [Documentation]   Expire and change root user password and access via SSH.
48    [Tags]  Expire_Root_User_Password_And_Access_Via_SSH
49    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
50    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
51
52    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
53
54    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
55    Should Contain  ${output}  password expiry information changed
56
57    Redfish.Login
58    # Change to a valid password.
59    ${resp}=  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
60    ...  body={'Password': '0penBmc123'}  valid_status_codes=[${HTTP_OK}]
61
62    # Verify login with the new password through SSH.
63    Open Connection And Log In  ${OPENBMC_USERNAME}  0penBmc123
64
65
66Expire Root Password And Update Bad Password Length Via Redfish
67   [Documentation]  Expire root password and update bad password via Redfish and expect an error.
68   [Tags]  Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish
69   [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
70   ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
71
72   Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
73   ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
74   Should Contain  ${output}  password expiry information changed
75
76   Redfish.Login
77   ${status}=  Run Keyword And Return Status
78   ...  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
79   ...  body={'Password': '0penBmc0penBmc0penBmc'}
80   Should Be Equal  ${status}  ${False}
81
82
83Expire And Change Root User Password Via Redfish And Verify
84   [Documentation]   Expire and change root user password via Redfish and verify.
85   [Tags]  Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify
86   [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
87   ...  Wait Until Keyword Succeeds  1 min  10 sec
88   ...  Restore Default Password For Root User
89
90   Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
91
92   ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
93   Should Contain  ${output}  password expiry information changed
94
95   Redfish.Login
96   Verify Root Password Expired
97   # Change to a valid password.
98   Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
99   ...  body={'Password': '0penBmc123'}
100   Redfish.Logout
101
102   # Verify login with the new password.
103   Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
104
105
106Verify Error While Creating User With Expired Password
107    [Documentation]  Expire root password and expect an error while creating new user.
108    [Tags]  Verify_Error_While_Creating_User_With_Expired_Password
109    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
110    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
111
112    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
113    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
114    Should Contain  ${output}  password expiry information changed
115
116    Verify Root Password Expired
117    Redfish.Login
118    ${payload}=  Create Dictionary
119    ...  UserName=admin_user  Password=TestPwd123  RoleId=Administrator  Enabled=${True}
120    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
121    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
122
123
124Expire And Change Root Password Via GUI
125    [Documentation]  Expire and change root password via GUI.
126    [Tags]  Expire_And_Change_Root_Password_Via_GUI
127    [Setup]  Run Keywords  Launch Browser And Login OpenBMC GUI
128    [Teardown]  Run Keywords  Logout And Close Browser
129    ...  AND  Restore Default Password For Root User  AND  FFDC On Test Case Fail
130
131    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
132    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
133    Should Contain  ${output}  password expiry information changed
134
135    Click Button  ${xpath_button_user_action}
136    Click Element  ${xpath_button_profile_settings}
137    Page Should Contain  Change password
138    Sleep  2s
139    # Change valid password.
140    Input Text  ${xpath_input_password}  0penBmc123
141    Input Text  ${xpath_input_confirm_password}  0penBmc123
142    Click Button  ${xpath_submit_button}
143
144    # Verify valid password.
145    Open Browser With URL  ${obmc_gui_url}
146    Login OpenBMC GUI  ${OPENBMC_USERNAME}  0penBmc123
147    Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
148
149
150Verify Maximum Failed Attempts And Check Root User Account Locked
151    [Documentation]  Verify maximum failed attempts and locks out root user account.
152    [Tags]  Verify_Maximum_Failed_Attempts_And_Check_Root_User_Account_Locked
153
154    # Make maximum failed login attempts.
155    Repeat Keyword  ${5} times
156    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  root  0penBmc123
157
158    # Verify that legitimate login fails due to lockout.
159    Run Keyword And Expect Error  InvalidCredentialsError*
160    ...  Redfish.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
161
162    # Wait for lockout duration to expire and then verify that login works.
163    Sleep  ${default_lockout_duration}s
164    Redfish.Login
165    Redfish.Logout
166
167
168*** Keywords ***
169
170Test Setup Execution
171   [Documentation]  Suite setup  execution.
172
173   Redfish.login
174   Redfish.Patch  /redfish/v1/AccountService/  body={"AccountLockoutThreshold": 0}
175   Valid Length  OPENBMC_PASSWORD  min_length=8
176   Redfish.Logout
177
178Restore Default Password For Root User
179    [Documentation]  Restore default password for root user (i.e. 0penBmc).
180
181    # Set default password for root user.
182    Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
183    ...   body={'Password': '${OPENBMC_PASSWORD}'}  valid_status_codes=[${HTTP_OK}]
184    # Verify that root user is able to run Redfish command using default password.
185    Redfish.Logout
186
187
188Test Teardown Execution
189    [Documentation]  Do test teardown task.
190
191    Redfish.Login
192    Wait Until Keyword Succeeds  1 min  10 sec  Restore Default Password For Root User
193    Redfish.Patch  /redfish/v1/AccountService/  body={"AccountLockoutThreshold": 5}
194    Redfish.Logout
195    FFDC On Test Case Fail
196
197
198Verify Root Password Expired
199    [Documentation]  Checking whether root password expired or not.
200
201    Create Session  openbmc  ${AUTH_URI}
202    ${headers}=  Create Dictionary  Content-Type=application/json
203    @{credentials}=  Create List  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
204    ${data}=  Create Dictionary  data=@{credentials}
205    ${resp}=  Post Request  openbmc  /login  data=${data}  headers=${headers}
206    ${json}=  To JSON  ${resp.content}
207    Should Contain  ${json["extendedMessage"]}  POST the new password
208