From 2d398ab84959d4683315a2c51a54d9faf6bf49a9 Mon Sep 17 00:00:00 2001 From: denisonbarbosa Date: Wed, 6 May 2026 08:19:13 -0400 Subject: [PATCH 1/5] Move su tests to login.robot Since those tests are quite simple, we can add them to another test and avoid having to go through the demanding device authentication process. --- e2e-tests/resources/broker.resource | 3 ++- e2e-tests/resources/utils.resource | 5 ++++ e2e-tests/tests/login.robot | 7 +++++ e2e-tests/tests/su_login.robot | 40 ----------------------------- 4 files changed, 14 insertions(+), 41 deletions(-) delete mode 100644 e2e-tests/tests/su_login.robot diff --git a/e2e-tests/resources/broker.resource b/e2e-tests/resources/broker.resource index 9d98d5402a..6a2a0b4124 100644 --- a/e2e-tests/resources/broker.resource +++ b/e2e-tests/resources/broker.resource @@ -115,13 +115,14 @@ Try Changing Username In sudo su Log In Cancel Operation -Try Changing Username In su Log In +Check That Username Cannot Be Changed When Using su [Arguments] ${username} Hid.Type String su ${username} Hid.Keys Combo Return Try Navigating Back to User Selection Cancel Operation + Try Navigating Back to User Selection # First screen is the autoselected local password mode Match Text Enter your local password: 120 diff --git a/e2e-tests/resources/utils.resource b/e2e-tests/resources/utils.resource index 79823dd778..3ffd827232 100644 --- a/e2e-tests/resources/utils.resource +++ b/e2e-tests/resources/utils.resource @@ -118,6 +118,11 @@ Close Terminal In Sudo Mode Close Focused Window +Clear Terminal + Hid.Type String clear + Hid.Keys Combo Return + + Log Out From Terminal Session Match Text @ubuntu 120 # We are in a machinectl session, so we need to ^] thrice to exit properly diff --git a/e2e-tests/tests/login.robot b/e2e-tests/tests/login.robot index 3d9c491021..77c4247418 100644 --- a/e2e-tests/tests/login.robot +++ b/e2e-tests/tests/login.robot @@ -33,3 +33,10 @@ Test login with CLI # Log in with remote user with local password Open Terminal In Sudo Mode Log In With Remote User Through CLI: Local Password ${username} ${local_password} + + # Try to change username during su login, it should not be possible + Check That Username Cannot Be Changed When Using su ${username} + Clear Terminal + + # Try to change username during su login with sudo, it should not be possible + Try Changing Username In sudo su Log In diff --git a/e2e-tests/tests/su_login.robot b/e2e-tests/tests/su_login.robot deleted file mode 100644 index ca38e53697..0000000000 --- a/e2e-tests/tests/su_login.robot +++ /dev/null @@ -1,40 +0,0 @@ -*** Settings *** -Resource resources/utils.resource -Resource resources/authd.resource -Resource resources/broker.resource - -# Test Tags robot:exit-on-failure - -Test Setup utils.Test Setup snapshot=%{BROKER}-installed -Test Teardown utils.Test Teardown - - -*** Variables *** -${username} %{E2E_USER} -${local_password} qwer1234 - - -*** Test Cases *** -Test su login - [Documentation] Test login functionality with su command for remote users. - - # Log in with local user - Log In - - # Log in with remote user with device authentication - Open Terminal - Log In With Remote User Through CLI: QR Code ${username} ${local_password} - # Check remote user is properly added to the system - Check If User Was Added Properly ${username} - Log Out From Terminal Session - Close Focused Window - - # Log in with remote user with local password - Open Terminal In Sudo Mode - Log In With Remote User Through CLI: Local Password ${username} ${local_password} - - # Try to change username during su login, it should not be possible - Try Changing Username In su Log In ${username} - - # Try to change username during su login with sudo, it should not be possible - Try Changing Username In sudo su Log In From 688c3d7117816df09799e2633e3867a311287dc0 Mon Sep 17 00:00:00 2001 From: denisonbarbosa Date: Wed, 6 May 2026 08:21:53 -0400 Subject: [PATCH 2/5] Update "su without argument" check The previous "sudo su" was covering a different flow. The changes in this commit make sure we cover the cases where an empty "su" actually goes through the PAM stack, since it tries to authenticate the root user. --- e2e-tests/resources/broker.resource | 10 ++++++---- e2e-tests/tests/login.robot | 4 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/e2e-tests/resources/broker.resource b/e2e-tests/resources/broker.resource index 6a2a0b4124..1cf11b2039 100644 --- a/e2e-tests/resources/broker.resource +++ b/e2e-tests/resources/broker.resource @@ -108,11 +108,13 @@ Log In With Remote User Through CLI: Local Password Match Text ${username}@ubuntu:~$ 120 -Try Changing Username In sudo su Log In - Hid.Type String sudo su +Check That su To Local User Goes To Local Broker + Hid.Type String su ubuntu Hid.Keys Combo Return - Try Navigating Back to User Selection - Cancel Operation + Match Text Password: 120 + Hid.Type String ubuntu # The password for the local user is the same as the username in our test setup + Hid.Keys Combo Return + Match Text ubuntu@ubuntu:~$ 120 Check That Username Cannot Be Changed When Using su diff --git a/e2e-tests/tests/login.robot b/e2e-tests/tests/login.robot index 77c4247418..7a1804dca3 100644 --- a/e2e-tests/tests/login.robot +++ b/e2e-tests/tests/login.robot @@ -38,5 +38,5 @@ Test login with CLI Check That Username Cannot Be Changed When Using su ${username} Clear Terminal - # Try to change username during su login with sudo, it should not be possible - Try Changing Username In sudo su Log In + # Check that `su` to a local user goes to the local broker, not authd. + Check That su To Local User Goes To Local Broker From 2598100f5092a71d94cf19d9fc33ee1072a08889 Mon Sep 17 00:00:00 2001 From: denisonbarbosa Date: Fri, 8 May 2026 06:30:13 -0400 Subject: [PATCH 3/5] Add more checks to ensure su call was canceled --- e2e-tests/resources/broker.resource | 1 + 1 file changed, 1 insertion(+) diff --git a/e2e-tests/resources/broker.resource b/e2e-tests/resources/broker.resource index 1cf11b2039..ceedefb59f 100644 --- a/e2e-tests/resources/broker.resource +++ b/e2e-tests/resources/broker.resource @@ -123,6 +123,7 @@ Check That Username Cannot Be Changed When Using su Hid.Keys Combo Return Try Navigating Back to User Selection Cancel Operation + Match Text su: Critical error - immediate abort 120 Try Navigating Back to User Selection From 739a3cb91d64eea59b14d1703e83025e73e73ba3 Mon Sep 17 00:00:00 2001 From: denisonbarbosa Date: Fri, 8 May 2026 08:00:46 -0400 Subject: [PATCH 4/5] Start su checks in a new terminal By looking at the test logs, it seems like machinectl on Noble doesn't capture keyboard signals properly, so let's use a different approach instead. --- e2e-tests/tests/login.robot | 3 +++ 1 file changed, 3 insertions(+) diff --git a/e2e-tests/tests/login.robot b/e2e-tests/tests/login.robot index 7a1804dca3..25352bcc8f 100644 --- a/e2e-tests/tests/login.robot +++ b/e2e-tests/tests/login.robot @@ -33,8 +33,11 @@ Test login with CLI # Log in with remote user with local password Open Terminal In Sudo Mode Log In With Remote User Through CLI: Local Password ${username} ${local_password} + Log Out From Terminal Session + Close Terminal In Sudo Mode # Try to change username during su login, it should not be possible + Open Terminal Check That Username Cannot Be Changed When Using su ${username} Clear Terminal From c1c04dafbfc2344c2e8a84749d83d7e61260ade8 Mon Sep 17 00:00:00 2001 From: denisonbarbosa Date: Sat, 9 May 2026 09:37:30 -0400 Subject: [PATCH 5/5] Fix capitalization on Cancel Operation The command was using Control_L C rather than Control_L c and that was confusing the keyboard input. --- e2e-tests/resources/utils.resource | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e-tests/resources/utils.resource b/e2e-tests/resources/utils.resource index 3ffd827232..bfea9941f6 100644 --- a/e2e-tests/resources/utils.resource +++ b/e2e-tests/resources/utils.resource @@ -181,7 +181,7 @@ Launch App Cancel Operation - Hid.Keys Combo Control_L C + Hid.Keys Combo Control_L c Match Text @ubuntu 15