Skip to content

Tests: Usermod rename user, change password, lock password #1622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aborah-sudo wants to merge 4 commits into
base: master
Choose a base branch
from
+102 −0
Open

Tests: Usermod rename user, change password, lock password #1622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d65da4e
Tests: Add passlib to requirements.txt for proper crypt hash generation
aborah-sudo May 4, 2026
06718ff
Tests: Rename user who is member of a group
aborah-sudo May 8, 2026
44a1908
Tests: Change user password
aborah-sudo May 8, 2026
ed06979
Tests: Unlock user password
aborah-sudo May 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions tests/system/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
flaky
jc
passlib
pytest
git+https://github.com/next-actions/pytest-mh@1.0.21
git+https://github.com/next-actions/pytest-ticket
101 changes: 101 additions & 0 deletions tests/system/tests/test_usermod.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from __future__ import annotations

import pytest
from passlib.hash import sha512_crypt
from pytest_mh.conn import ProcessError

from framework.roles.shadow import Shadow
Expand Down Expand Up @@ -171,3 +172,103 @@ def test_usermod__set_expire_date_with_empty_date(shadow: Shadow, expiration_dat
assert result is not None, "User should be found"
assert result.name == "tuser1", "Incorrect username"
assert result.expiration_date is None, "Expiration date should be empty"


@pytest.mark.topology(KnownTopology.Shadow)
def test_usermod__rename_user_in_group(shadow: Shadow):
"""
:title: Rename user who is member of a group
:setup:
1. Create group
2. Create user with additional group membership
3. Rename user
:steps:
1. Check passwd entry
2. Check group entry for user's primary group
3. Check group entry for secondary group membership
:expectedresults:
1. Passwd entry for renamed user exists
2. User's primary group still exists with old name
3. User is member of group with new name
:customerscenario: False
"""
shadow.groupadd("tgroup")
shadow.useradd("-G tgroup tuser1")
shadow.usermod("-l tuser2 tuser1")

passwd_entry = shadow.tools.getent.passwd("tuser2")
assert passwd_entry is not None, "User should be found"
assert passwd_entry.name == "tuser2", "Incorrect username"

group_entry = shadow.tools.getent.group("tuser1")
assert group_entry is not None, "Primary group should still exist"
assert group_entry.name == "tuser1", "Primary group should keep old name"

tgroup_group = shadow.tools.getent.group("tgroup")
assert tgroup_group is not None, "tgroup group should exist"
assert "tuser2" in tgroup_group.members, "User should be in tgroup group with new name"


@pytest.mark.topology(KnownTopology.Shadow)
def test_usermod__change_password(shadow: Shadow):
"""
:title: Change user password
:setup:
1. Create user
2. Change password using usermod -p
:steps:
1. Check shadow entry has new password
:expectedresults:
1. Password is updated in shadow file
:customerscenario: False
"""
shadow.useradd("tuser1")

password = "Secret123"
password_hash = sha512_crypt.hash(password)
shadow.usermod(f"-p '{password_hash}' tuser1")

shadow_entry = shadow.tools.getent.shadow("tuser1")
assert shadow_entry is not None, "User should be found"
assert shadow_entry.password is not None, "Password should not be None"
assert shadow_entry.password.startswith("$6$"), "Password should be SHA-512 crypt hash"


@pytest.mark.topology(KnownTopology.Shadow)
def test_usermod__unlock_password(shadow: Shadow):
"""
:title: Unlock user password
:setup:
1. Create user
2. Set password
:steps:
1. Lock password with usermod -L
2. Check shadow entry has locked password
3. Unlock password with usermod -U
4. Check shadow entry has unlocked password
:expectedresults:
1. Password is locked
2. Password has ! prefix when locked
3. Password is unlocked
4. Password no longer has ! prefix
:customerscenario: False
"""
shadow.useradd("tuser1")

password = "Secret123"
password_hash = sha512_crypt.hash(password)

shadow.usermod(f"-p '{password_hash}' tuser1")
shadow.usermod("-L tuser1")

shadow_entry = shadow.tools.getent.shadow("tuser1")
assert shadow_entry is not None, "User should be found"
assert shadow_entry.password is not None, "Password should not be None"
assert shadow_entry.password.startswith("!"), "Password should be locked with ! prefix"
assert shadow_entry.password == f"!{password_hash}", "Password should have ! prefix when locked"

shadow.usermod("-U tuser1")

shadow_entry = shadow.tools.getent.shadow("tuser1")
assert shadow_entry is not None, "User should be found"
assert shadow_entry.password == password_hash, "Password should be unlocked"
Loading