blob: 4640ecf7b3d3caf3afc795d986227908777c9ad9 [file] [log] [blame]
*** Settings ***
Documentation Test Redfish service root login security.
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
Test Teardown FFDC On Test Case Fail
Test Setup Printn
*** Variables ***
${LOGIN_SESSION_COUNT} ${50}
&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload
... X-Frame-Options=DENY
... Pragma=no-cache
... Cache-Control=no-Store,no-Cache
... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; plugin-types 'none'; base-uri 'none'
... X-XSS-Protection=1; mode=block
... X-Content-Type-Options=nosniff
*** Test Cases ***
Redfish Login With Invalid Credentials
[Documentation] Login to BMC web using invalid credential.
[Tags] Redfish_Login_With_Invalid_Credentials
[Template] Login And Verify Redfish Response
# Expect status Username Password
InvalidCredentialsError* ${OPENBMC_USERNAME} deadpassword
InvalidCredentialsError* groot ${OPENBMC_PASSWORD}
InvalidCredentialsError* ${EMPTY} ${OPENBMC_PASSWORD}
InvalidCredentialsError* ${OPENBMC_USERNAME} ${EMPTY}
InvalidCredentialsError* ${EMPTY} ${EMPTY}
Redfish Login Using Unsecured HTTP
[Documentation] Login to BMC web through http unsecured.
[Tags] Redfish_Login_Using_Unsecured_HTTP
Create Session openbmc http://${OPENBMC_HOST}
${data}= Create Dictionary
... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
${headers}= Create Dictionary Content-Type=application/json
Run Keyword And Expect Error *Connection refused*
... Post Request openbmc /redfish/v1/SessionService/Sessions
... data=${data} headers=${headers}
Redfish Login Using HTTPS Wrong Port 80 Protocol
[Documentation] Login to BMC web through wrong protocol port 80.
[Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
Create Session openbmc https://${OPENBMC_HOST}:80
${data}= Create Dictionary
... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
${headers}= Create Dictionary Content-Type=application/json
Run Keyword And Expect Error *Connection refused*
... Post Request openbmc /redfish/v1/SessionService/Sessions
... data=${data} headers=${headers}
Create Multiple Login Sessions And Verify
[Documentation] Create 50 login instances and verify.
[Tags] Create_Multiple_Login_Sessions_And_Verify
[Teardown] Run Keyword And Ignore Error Multiple Session Cleanup
Redfish.Login
# Example:
# {
# 'key': 'L0XEsZAXpNdF147jJaOD',
# 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
# }
${saved_session_info}= Get Redfish Session Info
# Sessions book keeping for cleanup once done.
${session_list}= Create List
Set Test Variable ${session_list}
Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session
# Update the redfish session object with the first login key and location
# and verify if it is still working.
Redfish.Set Session Key ${saved_session_info["key"]}
Redfish.Set Session Location ${saved_session_info["location"]}
Redfish.Get ${saved_session_info["location"]}
Attempt Login With Expired Session
[Documentation] Authenticate to redfish, then log out and attempt to
... use the session.
[Tags] Attempt_Login_With_Expired_Session
Redfish.Login
${saved_session_info}= Get Redfish Session Info
Redfish.Logout
# Attempt login with expired session.
# By default 60 minutes of inactivity closes the session.
Redfish.Set Session Key ${saved_session_info["key"]}
Redfish.Set Session Location ${saved_session_info["location"]}
Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}]
Login And Verify HTTP Response Header
[Documentation] Login and verify redfish HTTP response header.
[Tags] Login_And_Verify_HTTP_Response_Header
# Example of HTTP redfish response header.
# Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
# X-Frame-Options: DENY
# Pragma: no-cache
# Cache-Control: no-Store,no-Cache
# Content-Security-Policy: default-src 'self'; img-src 'self' data:
# X-XSS-Protection: 1; mode=block
# X-Content-Type-Options: nosniff
Rprint Vars header_requirements fmt=1
Redfish.Login
${resp}= Redfish.Get /redfish/v1/SessionService/Sessions
# The getheaders() method returns the headers as a list of tuples:
# headers:
# [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload
# [X-Frame-Options]: DENY
# [Pragma]: no-cache
# [Cache-Control]: no-Store,no-Cache
# [Content-Security-Policy]: default-src 'self'; img-src 'self' data:
# [X-XSS-Protection]: 1; mode=block
# [X-Content-Type-Options]: nosniff
# [X-UA-Compatible]: IE=11
# [Content-Type]: application/json
# [Server]: iBMC
# [Date]: Tue, 16 Apr 2019 17:49:46 GMT
# [Content-Length]: 2177
${headers}= Key Value List To Dict ${resp.getheaders()}
Rprint Vars headers fmt=1
Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements}
*** Keywords ***
Login And Verify Redfish Response
[Documentation] Login and verify redfish response.
[Arguments] ${expected_response} ${username} ${password}
# Description of arguments:
# expected_response Expected REST status.
# username The username to be used to connect to the server.
# password The password to be used to connect to the server.
# The redfish object may preserve a valid username or password from the
# last failed login attempt. If we then try to login with a null username
# or password value, the redfish object may prefer the preserved value.
# Since we're testing bad path, we wish to avoid this scenario so we will
# clear these values.
Redfish.Set Username ${EMPTY}
Redfish.Set Password ${EMPTY}
Run Keyword And Expect Error ${expected_response}
... Redfish.Login ${username} ${password}
Create New Login Session
[Documentation] Multiple login session keys.
Redfish.Login
${session_info}= Get Redfish Session Info
# Append the session location to the list.
# ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
# '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
Append To List ${session_list} ${session_info["location"]}
Multiple Session Cleanup
[Documentation] Do the teardown for multiple sessions.
FFDC On Test Case Fail
FOR ${item} IN @{session_list}
Redfish.Delete ${item}
END