mirror of
https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git
synced 2024-11-28 16:43:09 +00:00
Add a fingerprint login test (GNOME only) (#223)
This adds a test for fingerprint-based login, as requested by @benzea in #223. We use the fprintd dummy device to let us simulate scanning a fingerprint, and check various scenarios recommended by @benzea. Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
parent
2980f2f0ae
commit
05c793179a
82
lib/utils.pm
82
lib/utils.pm
@ -62,41 +62,6 @@ sub get_release_number {
|
||||
return $version
|
||||
}
|
||||
|
||||
# Figure out what tty the desktop is on, switch to it. Assumes we're
|
||||
# at a root console
|
||||
sub desktop_vt {
|
||||
# use loginctl or ps to find the tty of test's session (loginctl)
|
||||
# or gnome-session, Xwayland or Xorg (ps); as of 2019-09 we often
|
||||
# get tty? for Xwayland and Xorg processes, so using loginctl can
|
||||
# help
|
||||
my $xout;
|
||||
# don't fail test if we don't find any process, just guess tty1.
|
||||
# os-autoinst calls the script with 'bash -e' which causes it to
|
||||
# stop as soon as any command fails, so we use ||: to make the
|
||||
# first grep return 0 even if it matches nothing
|
||||
eval { $xout = script_output ' loginctl | grep test ||:; ps -e | egrep "(gnome-session|Xwayland|Xorg)" | grep -o tty[0-9]' };
|
||||
my $tty = 1; # default
|
||||
while ($xout =~ /tty(\d)/g) {
|
||||
$tty = $1; # most recent match is probably best
|
||||
}
|
||||
send_key "ctrl-alt-f${tty}";
|
||||
# work around https://gitlab.gnome.org/GNOME/gnome-software/issues/582
|
||||
# if it happens. As of 2019-05, seeing something similar on KDE too
|
||||
my $desktop = get_var('DESKTOP');
|
||||
if (check_screen "auth_required", 10) {
|
||||
record_soft_failure "spurious 'auth required' - https://gitlab.gnome.org/GNOME/gnome-software/issues/582";
|
||||
assert_and_click "auth_required" if ($desktop eq 'kde');
|
||||
# bit sloppy but correct for both...
|
||||
type_very_safely "weakpassword\n";
|
||||
# as of 2019-04 when we hit this bug it seems to ask for
|
||||
# auth *twice*, so handle that
|
||||
sleep 3;
|
||||
if (check_screen "auth_required", 1) {
|
||||
type_very_safely "weakpassword\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Wait for login screen to appear. Handle the annoying GPU buffer
|
||||
# problem where we see a stale copy of the login screen from the
|
||||
# previous boot. Will suffer a ~30 second delay if there's a chance
|
||||
@ -290,6 +255,53 @@ sub console_login {
|
||||
_console_login_finish();
|
||||
}
|
||||
|
||||
# Figure out what tty the desktop is on, switch to it. Assumes we're
|
||||
# at a root console
|
||||
sub desktop_vt {
|
||||
# use loginctl or ps to find the tty of test's session (loginctl)
|
||||
# or gnome-session, Xwayland or Xorg (ps); as of 2019-09 we often
|
||||
# get tty? for Xwayland and Xorg processes, so using loginctl can
|
||||
# help
|
||||
my $xout;
|
||||
# don't fail test if we don't find any process, just guess tty1.
|
||||
# os-autoinst calls the script with 'bash -e' which causes it to
|
||||
# stop as soon as any command fails, so we use ||: to make the
|
||||
# first grep return 0 even if it matches nothing
|
||||
eval { $xout = script_output ' loginctl | grep test ||:; ps -e | egrep "(gnome-session|Xwayland|Xorg)" | grep -o tty[0-9]' };
|
||||
my $tty = 1; # default
|
||||
while ($xout =~ /tty(\d)/g) {
|
||||
$tty = $1; # most recent match is probably best
|
||||
}
|
||||
send_key "ctrl-alt-f${tty}";
|
||||
# work around https://gitlab.gnome.org/GNOME/gnome-software/issues/582
|
||||
# if it happens. As of 2019-05, seeing something similar on KDE too
|
||||
my $desktop = get_var('DESKTOP');
|
||||
my $sfr = 0;
|
||||
my $timeout = 10;
|
||||
my $count = 6;
|
||||
while (check_screen("auth_required", $timeout) && $count > 0) {
|
||||
$count -= 1;
|
||||
unless ($sfr) {
|
||||
record_soft_failure "spurious 'auth required' - https://gitlab.gnome.org/GNOME/gnome-software/issues/582";
|
||||
$sfr = 1;
|
||||
$timeout = 3;
|
||||
}
|
||||
click_lastmatch if ($desktop eq 'kde');
|
||||
if (match_has_tag "auth_required_fprint") {
|
||||
my $user = get_var("USER_LOGIN", "test");
|
||||
send_key "ctrl-alt-f6";
|
||||
console_login;
|
||||
assert_script_run "echo SCAN ${user}-finger-1 | socat STDIN UNIX-CONNECT:/run/fprintd-virt";
|
||||
send_key "ctrl-alt-f${tty}";
|
||||
}
|
||||
else {
|
||||
# bit sloppy but in all cases where this is used, this is the
|
||||
# correct password
|
||||
type_very_safely "weakpassword\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# load US layout (from a root console)
|
||||
sub console_loadkeys_us {
|
||||
if (get_var('LANGUAGE') eq 'french') {
|
||||
|
@ -1,16 +0,0 @@
|
||||
{
|
||||
"area": [
|
||||
{
|
||||
"ypos": 251,
|
||||
"type": "match",
|
||||
"width": 46,
|
||||
"xpos": 299,
|
||||
"height": 32
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-gnome",
|
||||
"auth_required"
|
||||
]
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 282 KiB |
@ -1,16 +0,0 @@
|
||||
{
|
||||
"area": [
|
||||
{
|
||||
"xpos": 299,
|
||||
"height": 32,
|
||||
"ypos": 259,
|
||||
"width": 46,
|
||||
"type": "match"
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-gnome",
|
||||
"auth_required"
|
||||
]
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 164 KiB |
@ -1,16 +1,24 @@
|
||||
{
|
||||
"area": [
|
||||
{
|
||||
"xpos": 372,
|
||||
"ypos": 232,
|
||||
"type": "match",
|
||||
"height": 22,
|
||||
"width": 171
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-gnome",
|
||||
"auth_required"
|
||||
]
|
||||
"area": [
|
||||
{
|
||||
"height": 22,
|
||||
"type": "match",
|
||||
"width": 171,
|
||||
"xpos": 372,
|
||||
"ypos": 232
|
||||
},
|
||||
{
|
||||
"height": 20,
|
||||
"type": "match",
|
||||
"width": 60,
|
||||
"xpos": 375,
|
||||
"ypos": 450
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-gnome",
|
||||
"auth_required",
|
||||
"auth_required_password"
|
||||
]
|
||||
}
|
24
needles/gnome/auth_required_fprint-20210727.json
Normal file
24
needles/gnome/auth_required_fprint-20210727.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"area": [
|
||||
{
|
||||
"xpos": 598,
|
||||
"ypos": 469,
|
||||
"width": 66,
|
||||
"height": 11,
|
||||
"type": "match"
|
||||
},
|
||||
{
|
||||
"xpos": 373,
|
||||
"ypos": 236,
|
||||
"width": 170,
|
||||
"height": 24,
|
||||
"type": "match"
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-gnome",
|
||||
"auth_required_fprint",
|
||||
"auth_required"
|
||||
]
|
||||
}
|
BIN
needles/gnome/auth_required_fprint-20210727.png
Normal file
BIN
needles/gnome/auth_required_fprint-20210727.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 429 KiB |
16
needles/gnome/login_gdm_fprint-20210727.json
Normal file
16
needles/gnome/login_gdm_fprint-20210727.json
Normal file
@ -0,0 +1,16 @@
|
||||
{
|
||||
"area": [
|
||||
{
|
||||
"xpos": 475,
|
||||
"ypos": 497,
|
||||
"width": 38,
|
||||
"height": 15,
|
||||
"type": "match"
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-gnome",
|
||||
"graphical_login_fprint"
|
||||
]
|
||||
}
|
BIN
needles/gnome/login_gdm_fprint-20210727.png
Normal file
BIN
needles/gnome/login_gdm_fprint-20210727.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 19 KiB |
@ -1,7 +1,8 @@
|
||||
{
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"auth_required"
|
||||
"auth_required",
|
||||
"auth_required_password"
|
||||
],
|
||||
"area": [
|
||||
{
|
||||
|
@ -1,23 +0,0 @@
|
||||
{
|
||||
"area": [
|
||||
{
|
||||
"xpos": 257,
|
||||
"ypos": 211,
|
||||
"width": 64,
|
||||
"height": 55,
|
||||
"type": "match"
|
||||
},
|
||||
{
|
||||
"xpos": 397,
|
||||
"ypos": 382,
|
||||
"width": 35,
|
||||
"height": 20,
|
||||
"type": "match"
|
||||
}
|
||||
],
|
||||
"properties": [],
|
||||
"tags": [
|
||||
"DESKTOP-kde",
|
||||
"auth_required"
|
||||
]
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 567 KiB |
@ -882,6 +882,18 @@
|
||||
"START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%"
|
||||
}
|
||||
},
|
||||
"desktop_fprint": {
|
||||
"profiles": {
|
||||
"fedora-Workstation-live-iso-x86_64-*-64bit": 50,
|
||||
"fedora-Workstation-live-iso-ppc64le-*-ppc64le": 50
|
||||
},
|
||||
"settings": {
|
||||
"BOOTFROM": "c",
|
||||
"HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",
|
||||
"POSTINSTALL": "desktop_fprint",
|
||||
"START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%"
|
||||
}
|
||||
},
|
||||
"desktop_browser": {
|
||||
"profiles": {
|
||||
"fedora-KDE-live-iso-x86_64-*-64bit": 22,
|
||||
|
83
tests/desktop_fprint.pm
Normal file
83
tests/desktop_fprint.pm
Normal file
@ -0,0 +1,83 @@
|
||||
use base "installedtest";
|
||||
use strict;
|
||||
use testapi;
|
||||
use utils;
|
||||
|
||||
sub run {
|
||||
# at this point we have already reached @benzea's step 1:
|
||||
# "Login without a (fingerprint) reader"
|
||||
my $self = shift;
|
||||
my $user = get_var("USER_LOGIN", "test");
|
||||
$self->root_console(tty=>6);
|
||||
script_run 'dnf -y install socat', 180;
|
||||
assert_script_run 'mkdir -p /etc/systemd/system/fprintd.service.d';
|
||||
# configure fprintd dummy reader, see
|
||||
# https://pagure.io/fedora-qa/os-autoinst-distri-fedora/issue/223#comment-732426
|
||||
assert_script_run 'printf \'[Service]\nEnvironment=G_MESSAGES_DEBUG=all\nEnvironment=FP_VIRTUAL_DEVICE=%%t/fprintd-virt\nReadWritePaths=%%t\nDeviceAllow=\' > /etc/systemd/system/fprintd.service.d/dummy.conf';
|
||||
# dummy reader needs SELinux permissive
|
||||
assert_script_run 'printf "SELINUX=permissive\nSELINUXTYPE=targeted" > /etc/selinux/config';
|
||||
# now we reboot and go onto step 2:
|
||||
# "Login with a reader, but no enrolled prints"
|
||||
type_string "reboot\n";
|
||||
assert_screen "graphical_login", 180;
|
||||
mouse_hide;
|
||||
send_key_until_needlematch("graphical_login_input", "ret", 3, 5);
|
||||
type_very_safely "weakpassword";
|
||||
send_key "ret";
|
||||
check_desktop(timeout=>60);
|
||||
wait_still_screen 10;
|
||||
$self->root_console(tty=>5);
|
||||
# now we enroll a fingerprint, we run the enrol process on tty5...
|
||||
type_string "fprintd-enroll $user\n";
|
||||
sleep 2;
|
||||
$self->root_console(tty=>6);
|
||||
# ...and do the scans (we need exactly 5) on tty4.
|
||||
for my $n (1..5) {
|
||||
assert_script_run "echo SCAN $user-finger-1 | socat STDIN UNIX-CONNECT:/run/fprintd-virt";
|
||||
}
|
||||
# now we will reboot and do step 3:
|
||||
# "Login using fingerprint"
|
||||
type_string "reboot\n";
|
||||
assert_screen "graphical_login", 180;
|
||||
$self->root_console(tty=>6);
|
||||
# the GDM tty needs to be active when the scan happens, so we will
|
||||
# schedule the scan to happen in 20 seconds then go deal with gdm
|
||||
type_string "sleep 20; echo SCAN $user-finger-1 | socat STDIN UNIX-CONNECT:/run/fprintd-virt\n";
|
||||
send_key "ctrl-alt-f1";
|
||||
mouse_hide;
|
||||
send_key_until_needlematch("graphical_login_input", "ret", 3, 5);
|
||||
# now we check that we see the "or scan fingerprint" message, then
|
||||
# just wait for the scan to happen and login to succeed
|
||||
assert_screen "graphical_login_fprint";
|
||||
check_desktop(timeout=>60);
|
||||
$self->root_console(tty=>6);
|
||||
# now we will reboot again and do step 4:
|
||||
# "Password login after failed fingerprint login"
|
||||
type_string "reboot\n";
|
||||
assert_screen "graphical_login", 180;
|
||||
$self->root_console(tty=>6);
|
||||
# we're doing the same as before, but scanning the 'wrong thing'
|
||||
# (note finger-2 not finger-1)
|
||||
type_string "sleep 20; echo SCAN $user-finger-2 | socat STDIN UNIX-CONNECT:/run/fprintd-virt\n";
|
||||
send_key "ctrl-alt-f1";
|
||||
mouse_hide;
|
||||
send_key_until_needlematch("graphical_login_input", "ret", 3, 5);
|
||||
assert_screen "graphical_login_fprint";
|
||||
# unfortunately we cannot assert the 'scan failed' message as it
|
||||
# does not appear for long enough, so we just have to sleep
|
||||
# another 20 seconds to be sure the scan has happened...
|
||||
sleep 20;
|
||||
# ...and check we're still at the login prompt, then type password
|
||||
assert_screen "graphical_login_input";
|
||||
type_very_safely "weakpassword";
|
||||
send_key "ret";
|
||||
check_desktop(timeout=>60);
|
||||
}
|
||||
|
||||
sub test_flags {
|
||||
return { fatal => 1 };
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
# vim: set sw=4 et:
|
Loading…
Reference in New Issue
Block a user