1*** Settings ***
2Documentation     Test root user expire password.
3
4Resource          ../lib/resource.robot
5Resource          ../gui/lib/gui_resource.robot
6Resource          ../lib/ipmi_client.robot
7Resource          ../lib/bmc_redfish_utils.robot
8Library           ../lib/bmc_ssh_utils.py
9Library           SSHLibrary
10
11Test Setup       Set Account Lockout Threshold
12
13Force Tags       BMC_Expire_Password
14
15
16*** Variables ***
17
18# If user re-tries more than 5 time incorrectly, the user gets locked for 5 minutes.
19${default_lockout_duration}   ${300}
20${admin_user}                 admin_user
21${default_adminuser_passwd}   AdminUser1
22${admin_password}             AdminUser2
23
24
25*** Test Cases ***
26
27Expire Root Password And Check IPMI Access Fails
28    [Documentation]   Expire root user password and expect an error while access via IPMI.
29    [Tags]  Expire_Root_Password_And_Check_IPMI_Access_Fails
30    [Teardown]  Test Teardown Execution
31
32    Expire Password  ${OPENBMC_USERNAME}
33
34    ${status}=  Run Keyword And Return Status   Run External IPMI Standard Command  lan print -v
35    Should Be Equal  ${status}  ${False}
36
37
38Expire Root Password And Check SSH Access Fails
39    [Documentation]   Expire root user password and expect an error while access via SSH.
40    [Tags]  Expire_Root_Password_And_Check_SSH_Access_Fails
41    [Teardown]  Test Teardown Execution
42
43    Expire Password  ${OPENBMC_USERNAME}
44
45    ${status}=  Run Keyword And Return Status
46    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
47    Should Be Equal  ${status}  ${False}
48
49
50Expire And Change Root User Password And Access Via SSH
51    [Documentation]   Expire and change root user password and access via SSH.
52    [Tags]  Expire_And_Change_Root_User_Password_And_Access_Via_SSH
53    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
54    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
55
56    Expire Password  ${OPENBMC_USERNAME}
57
58    Redfish.Login
59    # Change to a valid password.
60    ${resp}=  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
61    ...  body={'Password': '0penBmc123'}  valid_status_codes=[${HTTP_OK}]
62
63    # Verify login with the new password through SSH.
64    Open Connection And Log In  ${OPENBMC_USERNAME}  0penBmc123
65
66
67Expire Root Password And Update Bad Password Length Via Redfish
68   [Documentation]  Expire root password and update bad password via Redfish and expect an error.
69   [Tags]  Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish
70   [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
71   ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
72
73   Expire Password  ${OPENBMC_USERNAME}
74
75   Redfish.Login
76   ${status}=  Run Keyword And Return Status
77   ...  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
78   ...  body={'Password': '0penBmc0penBmc0penBmc'}
79   Should Be Equal  ${status}  ${False}
80
81
82Expire And Change Root User Password Via Redfish And Verify
83   [Documentation]   Expire and change root user password via Redfish and verify.
84   [Tags]  Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify
85   [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
86   ...  Wait Until Keyword Succeeds  1 min  10 sec
87   ...  Restore Default Password For Root User
88
89   Expire Password  ${OPENBMC_USERNAME}
90
91   Verify User Password Expired Using Redfish  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
92   # Change to a valid password.
93   Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
94   ...  body={'Password': '0penBmc123'}
95   Redfish.Logout
96
97   # Verify login with the new password.
98   Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
99
100
101Verify Error While Creating User With Expired Password
102    [Documentation]  Expire root password and expect an error while creating new user.
103    [Tags]  Verify_Error_While_Creating_User_With_Expired_Password
104    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
105    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
106
107    Expire Password  ${OPENBMC_USERNAME}
108
109    Verify User Password Expired Using Redfish  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
110    Redfish.Login
111    ${payload}=  Create Dictionary
112    ...  UserName=admin_user  Password=TestPwd123  RoleId=Administrator  Enabled=${True}
113    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
114    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
115
116
117Expire And Change Root Password Via GUI
118    [Documentation]  Expire and change root password via GUI.
119    [Tags]  Expire_And_Change_Root_Password_Via_GUI
120    [Setup]  Launch Browser And Login GUI
121    [Teardown]  Run Keywords  Logout GUI  AND  Close Browser
122    ...  AND  Restore Default Password For Root User  AND  FFDC On Test Case Fail
123
124    Expire Password  ${OPENBMC_USERNAME}
125
126    Wait Until Page Contains Element  ${xpath_root_button_menu}
127    Click Element  ${xpath_root_button_menu}
128    Click Element  ${xpath_profile_settings}
129    Wait Until Page Contains  Change password
130
131    # Change valid password.
132    Input Text  ${xpath_input_password}  0penBmc123
133    Input Text  ${xpath_input_confirm_password}  0penBmc123
134    Click Button  ${xpath_profile_save_button}
135    Wait Until Page Contains  Successfully saved account settings.
136    Wait Until Page Does Not Contain  Successfully saved account settings.  timeout=20
137    Logout GUI
138
139    # Verify valid password.
140    Login GUI  ${OPENBMC_USERNAME}  0penBmc123
141    Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
142
143
144Verify Maximum Failed Attempts And Check Root User Account Locked
145    [Documentation]  Verify maximum failed attempts and locks out root user account.
146    [Tags]  Verify_Maximum_Failed_Attempts_And_Check_Root_User_Account_Locked
147    [Setup]   Set Account Lockout Threshold  account_lockout_threshold=${5}
148
149    # Make maximum failed login attempts.
150    Repeat Keyword  ${5} times
151    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  root  0penBmc123
152
153    # Verify that legitimate login fails due to lockout.
154    Run Keyword And Expect Error  InvalidCredentialsError*
155    ...  Redfish.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
156
157    # Wait for lockout duration to expire and then verify that login works.
158    Sleep  ${default_lockout_duration}s
159    Redfish.Login
160    Redfish.Logout
161
162Verify New Password Persistency After BMC Reboot
163    [Documentation]  Verify new password persistency after BMC reboot.
164    [Tags]  Verify_New_Password_Persistency_After_BMC_Reboot
165    [Teardown]  Test Teardown Execution
166
167    Redfish.Login
168
169    # Make sure the user account in question does not already exist.
170    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
171    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
172
173    # Create specified user.
174    ${payload}=  Create Dictionary
175    ...  UserName=admin_user  Password=TestPwd123  RoleId=Administrator  Enabled=${True}
176    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
177    ...  valid_status_codes=[${HTTP_CREATED}]
178    Redfish.Logout
179
180    Redfish.Login  admin_user  TestPwd123
181
182    # Change to a valid password.
183    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user
184    ...  body={'Password': '0penBmc123'}
185
186    # Reboot BMC and verify persistency.
187    Redfish OBMC Reboot (off)
188
189    # verify new password
190    Redfish.Login  admin_user  0penBmc123
191
192
193Verify Expire And Change Admin User Password Via GUI
194    [Documentation]  Force expire admin password and update admin password via GUI.
195    [Tags]  Verify_Expire_And_Change_Admin_User_Password_Via_GUI
196    [Setup]  Run Keywords  Launch Browser And Login GUI  AND
197    ...  Redfish Create User  ${admin_user}  ${default_adminuser_passwd}  Administrator  ${True}
198    [Teardown]  Run Keywords  Logout GUI  AND  Close Browser
199
200    Expire Password  ${admin_user}
201
202    Logout GUI
203
204    # Verify that admin user should not be able to login with expired password.
205    Login GUI  ${admin_user}  ${default_adminuser_passwd}
206
207    # Verify error message to update the password.
208    Wait Until Page Contains  The password is expired and must be changed.  timeout=10
209
210    # Update a valid acceptable password.
211    Input Text  ${xpath_input_password}  ${admin_password}
212    Input Text  ${xpath_input_confirm_password}  ${admin_password}
213    Click Button  ${xpath_confirm_password_button}
214    Wait Until Page Contains  Overview  timeout=20
215
216    # Verify valid password.
217    Redfish.Login  ${admin_user}  ${admin_password}
218
219
220*** Keywords ***
221
222Set Account Lockout Threshold
223   [Documentation]  Set user account lockout threshold.
224   [Arguments]  ${account_lockout_threshold}=${0}  ${account_lockout_duration}=${50}
225
226   # Description of argument(s):
227   # account_lockout_threshold    Set lockout threshold value.
228   # account_lockout_duration     Set lockout duration value.
229
230   Redfish.login
231   ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
232   ...  AccountLockoutDuration=${account_lockout_duration}
233   Redfish.Patch  /redfish/v1/AccountService/  body=&{payload}
234   gen_robot_valid.Valid Length  OPENBMC_PASSWORD  min_length=8
235   Redfish.Logout
236
237Restore Default Password For Root User
238    [Documentation]  Restore default password for root user (i.e. 0penBmc).
239
240    # Set default password for root user.
241    Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
242    ...   body={'Password': '${OPENBMC_PASSWORD}'}  valid_status_codes=[${HTTP_OK}]
243    # Verify that root user is able to run Redfish command using default password.
244    Redfish.Logout
245
246
247Test Teardown Execution
248    [Documentation]  Do test teardown task.
249
250    Redfish.Login
251    Wait Until Keyword Succeeds  1 min  10 sec  Restore Default Password For Root User
252    Redfish.Logout
253    Set Account Lockout Threshold  account_lockout_threshold=${5}
254    FFDC On Test Case Fail
255
256
257Expire Password
258    [Documentation]  Force expire password.
259    [Arguments]  ${username}
260
261    # Description of argument(s):
262    # username                       User to be created and expire.
263
264    # Expire the password.
265    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
266
267    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${username}
268    Should Contain Any  ${output}  password expiry information changed  password changed
269
270    # Example output:
271    # passwd --expire admin
272    # passwd: password changed.
273
274    Close All Connections
275