PR#246: Add a fingerprint login test (GNOME only) (#223) - fedora-qa/os-autoinst-distri-fedora

fedora-qa / os-autoinst-distri-fedora

#246 Add a fingerprint login test (GNOME only) (#223)

Merged 2 years ago by adamwill. Opened 2 years ago by adamwill.

fprint-auth into master

Add a fingerprint login test (GNOME only) (#223)

Adam Williamson • 2 years ago

05c7931

lib/utils.pm

file modified

+47 -35

		`@@ -62,41 +62,6 @@`
		`return $version`
		`}`

		`- # Figure out what tty the desktop is on, switch to it. Assumes we're`
		`- # at a root console`
		`- sub desktop_vt {`
		`- # use loginctl or ps to find the tty of test's session (loginctl)`
		`- # or gnome-session, Xwayland or Xorg (ps); as of 2019-09 we often`
		`- # get tty? for Xwayland and Xorg processes, so using loginctl can`
		`- # help`
		`- my $xout;`
		`- # don't fail test if we don't find any process, just guess tty1.`
		`- # os-autoinst calls the script with 'bash -e' which causes it to`
		`- # stop as soon as any command fails, so we use \|\|: to make the`
		`- # first grep return 0 even if it matches nothing`
		`- eval { $xout = script_output ' loginctl \| grep test \|\|:; ps -e \| egrep "(gnome-session\|Xwayland\|Xorg)" \| grep -o tty[0-9]' };`
		`- my $tty = 1; # default`
		`- while ($xout =~ /tty(\d)/g) {`
		`- $tty = $1; # most recent match is probably best`
		`- }`
		`- send_key "ctrl-alt-f${tty}";`
		`- # work around https://gitlab.gnome.org/GNOME/gnome-software/issues/582`
		`- # if it happens. As of 2019-05, seeing something similar on KDE too`
		`- my $desktop = get_var('DESKTOP');`
		`- if (check_screen "auth_required", 10) {`
		`- record_soft_failure "spurious 'auth required' - https://gitlab.gnome.org/GNOME/gnome-software/issues/582";`
		`- assert_and_click "auth_required" if ($desktop eq 'kde');`
		`- # bit sloppy but correct for both...`
		`- type_very_safely "weakpassword\n";`
		`- # as of 2019-04 when we hit this bug it seems to ask for`
		`- # auth twice, so handle that`
		`- sleep 3;`
		`- if (check_screen "auth_required", 1) {`
		`- type_very_safely "weakpassword\n";`
		`- }`
		`- }`
		`- }`
		`-`
		`# Wait for login screen to appear. Handle the annoying GPU buffer`
		`# problem where we see a stale copy of the login screen from the`
		`# previous boot. Will suffer a ~30 second delay if there's a chance`
		`@@ -290,6 +255,53 @@`
		`_console_login_finish();`
		`}`

		`+ # Figure out what tty the desktop is on, switch to it. Assumes we're`
		`+ # at a root console`
		`+ sub desktop_vt {`
		`+ # use loginctl or ps to find the tty of test's session (loginctl)`
		`+ # or gnome-session, Xwayland or Xorg (ps); as of 2019-09 we often`
		`+ # get tty? for Xwayland and Xorg processes, so using loginctl can`
		`+ # help`
		`+ my $xout;`
		`+ # don't fail test if we don't find any process, just guess tty1.`
		`+ # os-autoinst calls the script with 'bash -e' which causes it to`
		`+ # stop as soon as any command fails, so we use \|\|: to make the`
		`+ # first grep return 0 even if it matches nothing`
		`+ eval { $xout = script_output ' loginctl \| grep test \|\|:; ps -e \| egrep "(gnome-session\|Xwayland\|Xorg)" \| grep -o tty[0-9]' };`
		`+ my $tty = 1; # default`
		`+ while ($xout =~ /tty(\d)/g) {`
		`+ $tty = $1; # most recent match is probably best`
		`+ }`
		`+ send_key "ctrl-alt-f${tty}";`
		`+ # work around https://gitlab.gnome.org/GNOME/gnome-software/issues/582`
		`+ # if it happens. As of 2019-05, seeing something similar on KDE too`
		`+ my $desktop = get_var('DESKTOP');`
		`+ my $sfr = 0;`
		`+ my $timeout = 10;`
		`+ my $count = 6;`
		`+ while (check_screen("auth_required", $timeout) && $count > 0) {`
		`+ $count -= 1;`
		`+ unless ($sfr) {`
		`+ record_soft_failure "spurious 'auth required' - https://gitlab.gnome.org/GNOME/gnome-software/issues/582";`
		`+ $sfr = 1;`
		`+ $timeout = 3;`
		`+ }`
		`+ click_lastmatch if ($desktop eq 'kde');`
		`+ if (match_has_tag "auth_required_fprint") {`
		`+ my $user = get_var("USER_LOGIN", "test");`
		`+ send_key "ctrl-alt-f6";`
		`+ console_login;`
		`+ assert_script_run "echo SCAN ${user}-finger-1 \| socat STDIN UNIX-CONNECT:/run/fprintd-virt";`
lruzicka commented 2 years ago Out of curiosity, what does the `socat` part of the command do?
		`+ send_key "ctrl-alt-f${tty}";`
		`+ }`
		`+ else {`
		`+ # bit sloppy but in all cases where this is used, this is the`
		`+ # correct password`
		`+ type_very_safely "weakpassword\n";`
		`+ }`
		`+ }`
		`+ }`
		`+`
		`# load US layout (from a root console)`
		`sub console_loadkeys_us {`
		`if (get_var('LANGUAGE') eq 'french') {`

needles/gnome/auth_required-20190212.json

file removed

-16

		`@@ -1,16 +0,0 @@`
		`- {`
		`- "area": [`
		`- {`
		`- "ypos": 251,`
		`- "type": "match",`
		`- "width": 46,`
		`- "xpos": 299,`
		`- "height": 32`
		`- }`
		`- ],`
		`- "properties": [],`
		`- "tags": [`
		`- "DESKTOP-gnome",`
		`- "auth_required"`
		`- ]`
		`- }`

needles/gnome/auth_required-20190212.png

file removed

needles/gnome/auth_required-20190625.png

file removed

needles/gnome/auth_required-20200219.json

file modified

+24 -16

		`@@ -1,16 +1,24 @@`
		`- {`
		`- "area": [`
		`- {`
		`- "xpos": 372,`
		`- "ypos": 232,`
		`- "type": "match",`
		`- "height": 22,`
		`- "width": 171`
		`- }`
		`- ],`
		`- "properties": [],`
		`- "tags": [`
		`- "DESKTOP-gnome",`
		`- "auth_required"`
		`- ]`
		`- }`
		`\ No newline at end of file`
		`+ {`
		`+ "area": [`
		`+ {`
		`+ "height": 22,`
		`+ "type": "match",`
		`+ "width": 171,`
		`+ "xpos": 372,`
		`+ "ypos": 232`
		`+ },`
		`+ {`
		`+ "height": 20,`
		`+ "type": "match",`
		`+ "width": 60,`
		`+ "xpos": 375,`
		`+ "ypos": 450`
		`+ }`
		`+ ],`
		`+ "properties": [],`
		`+ "tags": [`
		`+ "DESKTOP-gnome",`
		`+ "auth_required",`
		`+ "auth_required_password"`
		`+ ]`
		`+ }`

needles/gnome/auth_required_fprint-20210727.json ~~needles/kde/auth_required-kde-20190530.json~~

file renamed

+11 -10

		`@@ -1,23 +1,24 @@`
		`{`
		`"area": [`
		`{`
		`- "xpos": 257,`
		`- "ypos": 211,`
		`- "width": 64,`
		`- "height": 55,`
		`+ "xpos": 598,`
		`+ "ypos": 469,`
		`+ "width": 66,`
		`+ "height": 11,`
		`"type": "match"`
		`},`
		`{`
		`- "xpos": 397,`
		`- "ypos": 382,`
		`- "width": 35,`
		`- "height": 20,`
		`+ "xpos": 373,`
		`+ "ypos": 236,`
		`+ "width": 170,`
		`+ "height": 24,`
		`"type": "match"`
		`}`
		`],`
		`"properties": [],`
		`"tags": [`
		`- "DESKTOP-kde",`
		`+ "DESKTOP-gnome",`
		`+ "auth_required_fprint",`
		`"auth_required"`
		`]`
		`- }`
		`\ No newline at end of file`
		`+ }`

needles/gnome/auth_required_fprint-20210727.png

file added

empty or binary file added

needles/gnome/login_gdm_fprint-20210727.json ~~needles/gnome/auth_required-20190625.json~~

file renamed

+5 -5

		`@@ -1,16 +1,16 @@`
		`{`
		`"area": [`
		`{`
		`- "xpos": 299,`
		`- "height": 32,`
		`- "ypos": 259,`
		`- "width": 46,`
		`+ "xpos": 475,`
		`+ "ypos": 497,`
		`+ "width": 38,`
		`+ "height": 15,`
		`"type": "match"`
		`}`
		`],`
		`"properties": [],`
		`"tags": [`
		`"DESKTOP-gnome",`
		`- "auth_required"`
		`+ "graphical_login_fprint"`
		`]`
		`}`
		`\ No newline at end of file`

needles/gnome/login_gdm_fprint-20210727.png

file added

empty or binary file added

needles/kde/apps/auth_required.json

file modified

+3 -2

		`@@ -1,7 +1,8 @@`
		`{`
		`"properties": [],`
		`"tags": [`
		`- "auth_required"`
		`+ "auth_required",`
		`+ "auth_required_password"`
		`],`
		`"area": [`
		`{`
		`@@ -12,4 +13,4 @@`
		`"type": "match"`
		`}`
		`]`
		`- }`
		`\ No newline at end of file`
		`+ }`

needles/kde/apps/auth_required_language.json

file modified

+1 -1

		`@@ -12,4 +12,4 @@`
		`"type": "match"`
		`}`
		`]`
		`- }`
		`\ No newline at end of file`
		`+ }`

needles/kde/auth_required-kde-20190530.png

file removed

templates.fif.json

file modified

+12

		`@@ -882,6 +882,18 @@`
		`"START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%"`
		`}`
		`},`
		`+ "desktop_fprint": {`
		`+ "profiles": {`
		`+ "fedora-Workstation-live-iso-x86_64-*-64bit": 50,`
		`+ "fedora-Workstation-live-iso-ppc64le-*-ppc64le": 50`
		`+ },`
		`+ "settings": {`
		`+ "BOOTFROM": "c",`
		`+ "HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",`
		`+ "POSTINSTALL": "desktop_fprint",`
		`+ "START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%"`
		`+ }`
		`+ },`
		`"desktop_browser": {`
		`"profiles": {`
		`"fedora-KDE-live-iso-x86_64-*-64bit": 22,`

tests/desktop_fprint.pm

file added

+83

		`@@ -0,0 +1,83 @@`
		`+ use base "installedtest";`
		`+ use strict;`
		`+ use testapi;`
		`+ use utils;`
		`+`
		`+ sub run {`
		`+ # at this point we have already reached @benzea's step 1:`
		`+ # "Login without a (fingerprint) reader"`
		`+ my $self = shift;`
		`+ my $user = get_var("USER_LOGIN", "test");`
		`+ $self->root_console(tty=>6);`
		`+ script_run 'dnf -y install socat', 180;`
		`+ assert_script_run 'mkdir -p /etc/systemd/system/fprintd.service.d';`
		`+ # configure fprintd dummy reader, see`
		`+ # https://pagure.io/fedora-qa/os-autoinst-distri-fedora/issue/223#comment-732426`
		`+ assert_script_run 'printf \'[Service]\nEnvironment=G_MESSAGES_DEBUG=all\nEnvironment=FP_VIRTUAL_DEVICE=%%t/fprintd-virt\nReadWritePaths=%%t\nDeviceAllow=\' > /etc/systemd/system/fprintd.service.d/dummy.conf';`
		`+ # dummy reader needs SELinux permissive`
		`+ assert_script_run 'printf "SELINUX=permissive\nSELINUXTYPE=targeted" > /etc/selinux/config';`
		`+ # now we reboot and go onto step 2:`
		`+ # "Login with a reader, but no enrolled prints"`
		`+ type_string "reboot\n";`
		`+ assert_screen "graphical_login", 180;`
		`+ mouse_hide;`
		`+ send_key_until_needlematch("graphical_login_input", "ret", 3, 5);`
		`+ type_very_safely "weakpassword";`
		`+ send_key "ret";`
		`+ check_desktop(timeout=>60);`
		`+ wait_still_screen 10;`
		`+ $self->root_console(tty=>5);`
		`+ # now we enroll a fingerprint, we run the enrol process on tty5...`
		`+ type_string "fprintd-enroll $user\n";`
		`+ sleep 2;`
		`+ $self->root_console(tty=>6);`
		`+ # ...and do the scans (we need exactly 5) on tty4.`
		`+ for my $n (1..5) {`
		`+ assert_script_run "echo SCAN $user-finger-1 \| socat STDIN UNIX-CONNECT:/run/fprintd-virt";`
		`+ }`
		`+ # now we will reboot and do step 3:`
		`+ # "Login using fingerprint"`
		`+ type_string "reboot\n";`
		`+ assert_screen "graphical_login", 180;`
		`+ $self->root_console(tty=>6);`
		`+ # the GDM tty needs to be active when the scan happens, so we will`
		`+ # schedule the scan to happen in 20 seconds then go deal with gdm`
		`+ type_string "sleep 20; echo SCAN $user-finger-1 \| socat STDIN UNIX-CONNECT:/run/fprintd-virt\n";`
		`+ send_key "ctrl-alt-f1";`
		`+ mouse_hide;`
		`+ send_key_until_needlematch("graphical_login_input", "ret", 3, 5);`
		`+ # now we check that we see the "or scan fingerprint" message, then`
		`+ # just wait for the scan to happen and login to succeed`
		`+ assert_screen "graphical_login_fprint";`
		`+ check_desktop(timeout=>60);`
		`+ $self->root_console(tty=>6);`
		`+ # now we will reboot again and do step 4:`
		`+ # "Password login after failed fingerprint login"`
		`+ type_string "reboot\n";`
		`+ assert_screen "graphical_login", 180;`
		`+ $self->root_console(tty=>6);`
		`+ # we're doing the same as before, but scanning the 'wrong thing'`
		`+ # (note finger-2 not finger-1)`
		`+ type_string "sleep 20; echo SCAN $user-finger-2 \| socat STDIN UNIX-CONNECT:/run/fprintd-virt\n";`
		`+ send_key "ctrl-alt-f1";`
		`+ mouse_hide;`
		`+ send_key_until_needlematch("graphical_login_input", "ret", 3, 5);`
		`+ assert_screen "graphical_login_fprint";`
		`+ # unfortunately we cannot assert the 'scan failed' message as it`
		`+ # does not appear for long enough, so we just have to sleep`
		`+ # another 20 seconds to be sure the scan has happened...`
		`+ sleep 20;`
		`+ # ...and check we're still at the login prompt, then type password`
		`+ assert_screen "graphical_login_input";`
		`+ type_very_safely "weakpassword";`
		`+ send_key "ret";`
		`+ check_desktop(timeout=>60);`
		`+ }`
		`+`
		`+ sub test_flags {`
		`+ return { fatal => 1 };`
		`+ }`
		`+`
		`+ 1;`
		`+`
		`+ # vim: set sw=4 et:`

adamwill commented 2 years ago

This adds a test for fingerprint-based login, as requested by
@benzea in #223. We use the fprintd dummy device to let us
simulate scanning a fingerprint, and check various scenarios
recommended by @benzea.

Signed-off-by: Adam Williamson awilliam@redhat.com

zuul commented 2 years ago

Build succeeded.

os-autoinst-tox : SUCCESS in 4m 38s
os-autoinst-perl : SUCCESS in 6m 09s

lruzicka commented on line 83 of lib/utils.pm 2 years ago

Out of curiosity, what does the socat part of the command do?

benzea commented 2 years ago

The communication with the virtual device happens through a unix socket. socat is just used in order to connect to it and send the message.

adamwill commented 2 years ago

btw, to explain that whole loop in desktop_vt - we already have the known case where we get prompted for password twice when coming back from a console to handle. We might get prompted for fingerprint twice too, I think. I think in one or two test runs I saw some combination of fingerprint and password prompts. Since that whole part of desktop_vt is a workaround of a bug (these prompts shouldn't happen at all) I don't want to be too prescriptive about what we 'expect' to be prompted for, so I figured I'd just make it capable (hopefully) of handling anything - up to 6 prompts for either fingerprint or password.

Edited 2 years ago by adamwill

rebased onto 6eb45c561551c6103bac4a7ea0ab255815360d42

2 years ago

zuul commented 2 years ago

Build succeeded.