1*** Settings ***
2Documentation     Test root user expire password.
3
4Resource          ../lib/resource.robot
5Resource          ../gui/lib/resource.robot
6Resource          ../lib/ipmi_client.robot
7Library           ../lib/bmc_ssh_utils.py
8Library           SSHLibrary
9
10Test Setup       Set Accont Lockout Threshold
11
12*** Variables ***
13
14# If user re-tries more than 5 time incorrectly, the user gets locked for 5 minutes.
15${default_lockout_duration}   ${300}
16
17
18*** Test Cases ***
19
20Expire Root Password And Check IPMI Access Fails
21    [Documentation]   Expire root user password and expect an error while access via IPMI.
22    [Tags]  Expire_Root_Password_And_Check_IPMI_Access_Fails
23    [Teardown]  Test Teardown Execution
24
25    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
26
27    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
28    Should Contain  ${output}  password expiry information changed
29
30    ${status}=  Run Keyword And Return Status   Run External IPMI Standard Command  lan print -v
31    Should Be Equal  ${status}  ${False}
32
33
34Expire Root Password And Check SSH Access Fails
35    [Documentation]   Expire root user password and expect an error while access via SSH.
36    [Tags]  Expire_Root_Password_And_Check_SSH_Access_Fails
37    [Teardown]  Test Teardown Execution
38
39    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
40    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
41    Should Contain  ${output}  password expiry information changed
42
43    ${status}=  Run Keyword And Return Status
44    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
45    Should Be Equal  ${status}  ${False}
46
47
48Expire And Change Root User Password And Access Via SSH
49    [Documentation]   Expire and change root user password and access via SSH.
50    [Tags]  Expire_Root_User_Password_And_Access_Via_SSH
51    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
52    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
53
54    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
55
56    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
57    Should Contain  ${output}  password expiry information changed
58
59    Redfish.Login
60    # Change to a valid password.
61    ${resp}=  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
62    ...  body={'Password': '0penBmc123'}  valid_status_codes=[${HTTP_OK}]
63
64    # Verify login with the new password through SSH.
65    Open Connection And Log In  ${OPENBMC_USERNAME}  0penBmc123
66
67
68Expire Root Password And Update Bad Password Length Via Redfish
69   [Documentation]  Expire root password and update bad password via Redfish and expect an error.
70   [Tags]  Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish
71   [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
72   ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
73
74   Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
75   ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
76   Should Contain  ${output}  password expiry information changed
77
78   Redfish.Login
79   ${status}=  Run Keyword And Return Status
80   ...  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
81   ...  body={'Password': '0penBmc0penBmc0penBmc'}
82   Should Be Equal  ${status}  ${False}
83
84
85Expire And Change Root User Password Via Redfish And Verify
86   [Documentation]   Expire and change root user password via Redfish and verify.
87   [Tags]  Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify
88   [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
89   ...  Wait Until Keyword Succeeds  1 min  10 sec
90   ...  Restore Default Password For Root User
91
92   Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
93
94   ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
95   Should Contain  ${output}  password expiry information changed
96
97   Redfish.Login
98   Verify Root Password Expired
99   # Change to a valid password.
100   Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
101   ...  body={'Password': '0penBmc123'}
102   Redfish.Logout
103
104   # Verify login with the new password.
105   Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
106
107
108Verify Error While Creating User With Expired Password
109    [Documentation]  Expire root password and expect an error while creating new user.
110    [Tags]  Verify_Error_While_Creating_User_With_Expired_Password
111    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
112    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
113
114    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
115    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
116    Should Contain  ${output}  password expiry information changed
117
118    Verify Root Password Expired
119    Redfish.Login
120    ${payload}=  Create Dictionary
121    ...  UserName=admin_user  Password=TestPwd123  RoleId=Administrator  Enabled=${True}
122    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
123    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
124
125
126Expire And Change Root Password Via GUI
127    [Documentation]  Expire and change root password via GUI.
128    [Tags]  Expire_And_Change_Root_Password_Via_GUI
129    [Setup]  Run Keywords  Launch Browser And Login OpenBMC GUI
130    [Teardown]  Run Keywords  Logout And Close Browser
131    ...  AND  Restore Default Password For Root User  AND  FFDC On Test Case Fail
132
133    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
134    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
135    Should Contain  ${output}  password expiry information changed
136
137    Click Button  ${xpath_button_user_action}
138    Click Element  ${xpath_button_profile_settings}
139    Page Should Contain  Change password
140    Sleep  2s
141    # Change valid password.
142    Input Text  ${xpath_input_password}  0penBmc123
143    Input Text  ${xpath_input_confirm_password}  0penBmc123
144    Click Button  ${xpath_submit_button}
145
146    # Verify valid password.
147    Open Browser With URL  ${obmc_gui_url}
148    Login OpenBMC GUI  ${OPENBMC_USERNAME}  0penBmc123
149    Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
150
151
152Verify Maximum Failed Attempts And Check Root User Account Locked
153    [Documentation]  Verify maximum failed attempts and locks out root user account.
154    [Tags]  Verify_Maximum_Failed_Attempts_And_Check_Root_User_Account_Locked
155    [Setup]   Set Accont Lockout Threshold  account_lockout_threshold=${5}
156
157    # Make maximum failed login attempts.
158    Repeat Keyword  ${5} times
159    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  root  0penBmc123
160
161    # Verify that legitimate login fails due to lockout.
162    Run Keyword And Expect Error  InvalidCredentialsError*
163    ...  Redfish.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
164
165    # Wait for lockout duration to expire and then verify that login works.
166    Sleep  ${default_lockout_duration}s
167    Redfish.Login
168    Redfish.Logout
169
170Verify New Password Persistency After BMC Reboot
171    [Documentation]  Verify new password persistency after BMC reboot.
172    [Tags]  Verify_New_Password_Persistency_After_BMC_Reboot
173    [Teardown]  Test Teardown Execution
174
175    Redfish.Login
176
177    # Make sure the user account in question does not already exist.
178    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
179    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
180
181    # Create specified user.
182    ${payload}=  Create Dictionary
183    ...  UserName=admin_user  Password=TestPwd123  RoleId=Administrator  Enabled=${True}
184    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
185    ...  valid_status_codes=[${HTTP_CREATED}]
186    Redfish.Logout
187
188    Redfish.Login  admin_user  TestPwd123
189
190    # Change to a valid password.
191    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user
192    ...  body={'Password': '0penBmc123'}
193
194    # Reboot BMC and verify persistency.
195    Redfish OBMC Reboot (off)
196
197    # verify new password
198    Redfish.Login  admin_user  0penBmc123
199
200
201*** Keywords ***
202
203Set Accont Lockout Threshold
204   [Documentation]  Set user account lockout threshold.
205   [Arguments]  ${account_lockout_threshold}=${0}
206
207   # Description of argument(s):
208   # account_lockout_threshold    Set lockout threshold value.
209
210   Redfish.login
211   Redfish.Patch  /redfish/v1/AccountService/  body={"AccountLockoutThreshold":${account_lockout_threshold}}
212   gen_robot_valid.Valid Length  OPENBMC_PASSWORD  min_length=8
213   Redfish.Logout
214
215Restore Default Password For Root User
216    [Documentation]  Restore default password for root user (i.e. 0penBmc).
217
218    # Set default password for root user.
219    Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
220    ...   body={'Password': '${OPENBMC_PASSWORD}'}  valid_status_codes=[${HTTP_OK}]
221    # Verify that root user is able to run Redfish command using default password.
222    Redfish.Logout
223
224
225Test Teardown Execution
226    [Documentation]  Do test teardown task.
227
228    Redfish.Login
229    Wait Until Keyword Succeeds  1 min  10 sec  Restore Default Password For Root User
230    Redfish.Logout
231    Set Accont Lockout Threshold  account_lockout_threshold=${5}
232    FFDC On Test Case Fail
233
234
235Verify Root Password Expired
236    [Documentation]  Checking whether root password expired or not.
237
238    Create Session  openbmc  ${AUTH_URI}
239    ${headers}=  Create Dictionary  Content-Type=application/json
240    @{credentials}=  Create List  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
241    ${data}=  Create Dictionary  data=@{credentials}
242    ${resp}=  Post Request  openbmc  /login  data=${data}  headers=${headers}
243    ${json}=  To JSON  ${resp.content}
244    Should Contain  ${json["extendedMessage"]}  POST the new password
245
246