Verify repeated failed logins cause lockout
Verify that exceeding the failed login threshold by repeatedly trying to login
with an invalid password causes the user account to be locked.
Change-Id: I1e8f5990a3cd215004494f04b9cf4819607c7922
Signed-off-by: Sandhya Somashekar <sansomas@in.ibm.com>
diff --git a/data/variables.py b/data/variables.py
index cf541bf..eff1b19 100755
--- a/data/variables.py
+++ b/data/variables.py
@@ -147,6 +147,8 @@
REDFISH_NW_ETH0_URI = REDFISH_BASE_URI + REDFISH_NW_ETH0
REDFISH_NW_PROTOCOL = 'Managers/bmc/NetworkProtocol'
REDFISH_NW_PROTOCOL_URI = REDFISH_BASE_URI + REDFISH_NW_PROTOCOL
+REDFISH_ACCOUNTS_SERVICE = 'AccountService/'
+REDFISH_ACCOUNTS_SERVICE_URI = REDFISH_BASE_URI + REDFISH_ACCOUNTS_SERVICE
REDFISH_ACCOUNTS = 'AccountService/Accounts/'
REDFISH_ACCOUNTS_URI = REDFISH_BASE_URI + REDFISH_ACCOUNTS
REDFISH_HTTPS_CERTIFICATE = 'Managers/bmc/NetworkProtocol/HTTPS/Certificates'
diff --git a/lib/bmc_redfish_utils.py b/lib/bmc_redfish_utils.py
index 9df9cdf..064b967 100644
--- a/lib/bmc_redfish_utils.py
+++ b/lib/bmc_redfish_utils.py
@@ -33,7 +33,7 @@
}
return session_dict
- def get_attribute(self, resource_path, attribute):
+ def get_attribute(self, resource_path, attribute, verify=None):
r"""
Get resource attribute.
@@ -44,7 +44,13 @@
"""
resp = self._redfish_.get(resource_path)
- if attribute in resp.dict:
+
+ if verify:
+ if resp.dict[attribute] == verify:
+ return resp.dict[attribute]
+ else:
+ raise ValueError("Attribute value is not equal")
+ elif attribute in resp.dict:
return resp.dict[attribute]
return None
@@ -55,7 +61,7 @@
Description of argument(s):
resource_path URI resource absolute path (e.g.
- "/redfish/v1/Systems/1").
+ /redfish/v1/Systems/1").
"""
resp = self._redfish_.get(resource_path)
@@ -94,7 +100,6 @@
# Recursively search the "target" key in the nested dictionary.
# Populate the target_list of target entries.
self.get_key_value_nested_dict(resp_dict, "target")
-
# Return the matching target URL entry.
for target in target_list:
# target "/redfish/v1/Systems/system/Actions/ComputerSystem.Reset"
diff --git a/redfish/account_service/test_user_account.robot b/redfish/account_service/test_user_account.robot
index 8d31376..47dd610 100644
--- a/redfish/account_service/test_user_account.robot
+++ b/redfish/account_service/test_user_account.robot
@@ -8,6 +8,11 @@
Test Setup Test Setup Execution
Test Teardown Test Teardown Execution
+*** Variables ***
+
+${account_lockout_duration} ${30}
+${account_lockout_threshold} ${3}
+
** Test Cases **
@@ -158,6 +163,28 @@
Redfish.Delete ${REDFISH_ACCOUNTS_URI}user_user
Redfish.Delete ${REDFISH_ACCOUNTS_URI}callback_user
+Verify User Account Locked
+ [Documentation] Verify user account locked upon trying with invalid password.
+ [Tags] Verify_User_Account_Locked
+
+ Redfish Create User admin_user TestPwd123 Administrator ${True}
+
+ Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI}
+ ... body={'AccountLockoutThreshold': ${account_lockout_threshold}, 'AccountLockoutDuration': ${account_lockout_duration}}
+
+ # Make ${account_lockout_threshold} failed login attempts.
+ Repeat Keyword ${account_lockout_threshold} times
+ ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123
+
+ # Verify that legitimate login fails due to lockout.
+ Run Keyword And Expect Error InvalidCredentialsError*
+ ... Redfish.Login admin_user TestPwd123
+
+ # Wait for lockout duration to expire and then verify that login works.
+ Sleep ${account_lockout_duration}s
+ Redfish.Login admin_user TestPwd123
+
+ Redfish.Logout
*** Keywords ***
@@ -171,7 +198,7 @@
Test Teardown Execution
[Documentation] Do the post test teardown.
- #FFDC On Test Case Fail
+ FFDC On Test Case Fail
Redfish.Logout
Redfish Create User