Add support for invalidating users JWTs #17465
Conversation
shweta83
added
No-CherryPick
| :CaseImportance: High | ||
| """ | ||
|
|
||
| org = module_org |
There was a problem hiding this comment.
Why did you create a separate variable instead of directly using module_org.name?
| location=[module_location], | ||
| organization=[org], | ||
| password=password, | ||
| login=admin_username, |
There was a problem hiding this comment.
Instead of creating a new variable, you can add it gen_string('alpha') here directly. And later, you can invoke them using admin_user.login.
| location=[module_location], | ||
| organization=[org], | ||
| password=password, | ||
| login=non_admin_username, |
There was a problem hiding this comment.
same here gen_string('alpha')
| admin_username = gen_string('alpha') | ||
| non_admin_username = gen_string('alpha') | ||
| password = gen_string('alpha') | ||
| roles = [module_target_sat.api.Role().create()] |
There was a problem hiding this comment.
You can take it directly instead of using a list.
roles = module_target_sat.api.Role().create()
| @@ -307,6 +308,88 @@ def test_positive_create_product_with_limited_user_permission( | |||
| assert newsession.product.search(product_name)[0]['Name'] == product_name | |||
|
|
|||
|
|
|||
| @pytest.mark.rhel_ver_match('8') | |||
| :id: be328fd7-b640-4080-9373-25f96ba2aef6 | ||
|
|
||
| :steps: | ||
| 1. Create an admin user and an non-admin user with "edit_users" and "view_users" permissions. |
There was a problem hiding this comment.
Should there also be a test for a user without edit_users and view_users permissions invalidating their own JWT token?
| 'password': password, | ||
| } | ||
| role = module_target_sat.cli.Role.info({'name': 'Register hosts'}) | ||
| module_target_sat.cli.User.add_role({'id': non_admin_user.id, 'role-id': role['id']}) |
There was a problem hiding this comment.
Can you add the role while creating the user?
| result = session.login.logout() | ||
|
|
||
| session.login.login(login_details) | ||
| session.user.invalidate_jwt(admin_user.login) |
There was a problem hiding this comment.
You don't assert anything after invalidating admin's token.
| activation_keys=[ak.name], | ||
| force=True, | ||
| ) | ||
| assert result.status == 1, f'Failed to register host: {result.stderr}' |
There was a problem hiding this comment.
There is probably a wrong error message when this fails. Also, it may be worth it checking more than just status.
| session.organization.select(org.name) | ||
| session.location.select(module_location.name) | ||
| user_cfg = user_nailgun_config(non_admin_user, password) | ||
| result = rhel_contenthost.api_register( |
There was a problem hiding this comment.
I may be missing something here. Where do you generate the JWT? Does api_register do it? How come it doesn't do the same, i.e. generate a new JWT, when you use it the second time?
Problem Statement
Add support for Invalidate JWT feature : SAT-27385
Solution
Added support for it.
Related Issues
SatelliteQE/airgun#1721