lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79df1aa4935cd2942dac596247fdf8fa63e47b77
BanGUI/e2e/tests/02_ban_records.robot
Lukas aa717a28f8 fix(e2e): resolve blocklist import test failures 
auth.resource:
- add Login Via HTTP keyword for RequestsLibrary auth (CSRF-aware)
- fix session_duration_minutes type: bare int → ${60}
- add Process library import to common.resource

03_blocklist_import.robot:
- fix selector to button[data-testid] (was matching all buttons)
- use GET/POST On Session with auth session for blocklist API calls
- fix log response key: entries → items
- fix enabled=true → ${TRUE} for boolean type
- fix ${len(sources)} → Get Length keyword
- make Ensure Blocklist Source Exists accept session argument
- replace strict error assertion with specific error banner check
- add graceful Terminate Process teardown

02_ban_records.robot:
- add Process library import

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-08 08:07:39 +02:00

69 lines
3.2 KiB
Plaintext
Raw Blame History

*** Settings ***
Library Process
Resource ${CURDIR}/../resources/common.resource
Resource ${CURDIR}/../resources/auth.resource
# Test IP — stable across runs so teardown can reliably unban it.
# Chosen from a non-routable test subnet (RFC 3927).
# Must NOT overlap with any ignoreip rule in the fail2ban jail config.
Suite Setup Login As Admin
*** Test Cases ***
Simulated Failed Logins Appear As Ban Records
[Documentation] Verifies the full ban pipeline:
... fail2ban log parsing → fail2ban ban → backend socket poll → UI rendering.
...
... Key timing facts:
... - simulate_failed_logins.sh writes 5 lines (COUNT=5).
... - manual-Jail maxretry=3 → ban triggers after 3rd matching line.
... - fail2ban backend=polling → fail2ban re-reads auth.log on its own schedule.
... - Backend has no push mechanism; /api/bans/active queries fail2ban on demand.
... - history_sync runs every 300 s; history page reads from the archive DB.
... - A direct API assertion (Step 3) isolates backend from UI rendering issues.
[Teardown] Run Process bash -c ${CURDIR}/../../Docker/check_ban_status.sh --unban 192.168.100.99; truncate -s 0 ${CURDIR}/../../Docker/logs/auth.log timeout=30s
# Step 1 — write authentication-failure lines
${result}= Run Process
... bash
... ${CURDIR}/../../Docker/simulate_failed_logins.sh
... 5
... 192.168.100.99
... timeout=15s
Should Be Equal As Integers ${result.rc} 0
# Step 2 — wait for fail2ban to process the ban
# polling backend; no fixed interval but the ban is near-instant once detected.
Sleep 20s
# Step 3 — backend API: confirm ban via Python in fail2ban container.
# Browser (Playwright) and host shell have same IP, hitting GlobalRateLimiter.
# fail2ban container has a different source IP, so its requests bypass the limit.
# Container reaches backend via host network (localhost:8000).
${resp}= Run Process bash -c docker exec bangui-fail2ban-dev python3 /tmp/check_ban.py timeout=15s
${resp_text}= Set Variable ${resp.stdout}
Log API response: ${resp_text}
Should Contain ${resp_text} 192.168.100.99
# Step 4 — History page: confirm UI surfaces the ban record
# Use source=fail2ban to bypass archive endpoint (rate-limited at 200 req/min per IP).
# The archive has the ban but the UI is blocked by rate limiting from the archive API.
Go To ${FRONTEND_URL}/history?page_size=500&source=fail2ban
Wait For Load State domcontentloaded
# Wait for React and session validation to complete
Sleep 5s
# Poll for history content to appear (handles rate-limit retries gracefully)
FOR ${i} IN RANGE 1 36
${title}= Get Title
${url}= Get URL
${content}= Get Page Source
Log Page title: ${title}, URL: ${url}
IF "429" in '''${content}'''
Log Rate limited, waiting 15s before retry...
Sleep 15s
ELSE IF "192.168.100.99" in '''${content}'''
BREAK
END
Sleep 2s
END
Should Contain ${content} 192.168.100.99
Should Contain ${content} manual-Jail
Reference in New Issue View Git Blame Copy Permalink