Add tests to check that username can't be changed during su

denisonbarbosa · denisonbarbosa · commit 573350ca3598 · 2026-04-28T07:05:19.000-04:00
Users authenticating with su (both to another user and to root)
shouldn't be able to change the username already selected in the
command.
diff --git a/e2e-tests/resources/broker.resource b/e2e-tests/resources/broker.resource
@@ -106,6 +106,39 @@ Log In With Remote User Through CLI: Local Password
     Match Text    ${username}@ubuntu:~$    120
 
 
+Try Changing Username In sudo su Log In
+    Hid.Type String    sudo su
+    Hid.Keys Combo    Return
+    Try Navigating Back to User Selection
+    Cancel Operation
+
+
+Try Changing Username In su Log In
+    [Arguments]    ${username}
+    Hid.Type String    su ${username}
+    Hid.Keys Combo    Return
+    Try Navigating Back to User Selection
+    Cancel Operation
+
+Try Navigating Back to User Selection
+    # First screen is the autoselected local password mode
+    Match Text    Enter your local password:    120
+    Hid.Keys Combo    Escape
+
+    # The previous screen should be the authentication mode selection
+    Match Text    Select your authentication method    120
+    Hid.Keys Combo    Escape
+
+    # The previous screen should be the broker selection
+    Match Text    Select your provider    120
+    Hid.Keys Combo    Escape
+
+    # The previous screen is the username prompt, but it shouldn't be possible to get there
+    Match Text    Select your provider    120
+    Hid.Keys Combo    Escape
+    Match Text    Select your provider    120
+
+
 # Uses sed to change the broker configuration.
 # It should match both commented and uncommented lines.
 # The full command looks like:
diff --git a/e2e-tests/tests/su_login.robot b/e2e-tests/tests/su_login.robot
@@ -0,0 +1,40 @@
+*** Settings ***
+Resource        resources/utils.resource
+Resource        resources/authd.resource
+Resource        resources/broker.resource
+
+# Test Tags       robot:exit-on-failure
+
+Test Setup    utils.Test Setup    snapshot=%{BROKER}-installed
+Test Teardown   utils.Test Teardown
+
+
+*** Variables ***
+${username}    %{E2E_USER}
+${local_password}    qwer1234
+
+
+*** Test Cases ***
+Test su login
+    [Documentation]    Test login functionality with su command for remote users.
+
+    # Log in with local user
+    Log In
+
+    # Log in with remote user with device authentication
+    Open Terminal
+    Log In With Remote User Through CLI: QR Code    ${username}    ${local_password}
+    # Check remote user is properly added to the system
+    Check If User Was Added Properly    ${username}
+    Log Out From Terminal Session
+    Close Focused Window
+
+    # Log in with remote user with local password
+    Open Terminal In Sudo Mode
+    Log In With Remote User Through CLI: Local Password    ${username}    ${local_password}
+
+    # Try to change username during su login, it should not be possible
+    Try Changing Username In su Log In    ${username}
+
+    # Try to change username during su login with sudo, it should not be possible
+    Try Changing Username In sudo su Log In
