test: Retry auth in checkClientCertAuthentication

Password authentication sometimes fails on the first try.
cockpit-project · Dec 11, 2023 · 6dab14a · 6dab14a
1 parent c6f5e84
commit 6dab14a
Showing 1 changed file with 18 additions and 8 deletions.
diff --git a/test/verify/check-system-realms b/test/verify/check-system-realms
@@ -395,13 +395,21 @@ class CommonTests:
         # certificates; it just rejects cert requests. For interactive tests, grab src/tls/ca/alice.p12 and import
         # it into the browser.
 
-        def do_test(authopts, expected, not_expected=None, session_leader=None):
+        def do_test(authopts, expected, not_expected=None, session_leader=None, retry=False):
             m.start_cockpit(tls=True)
-            output = m.execute(['curl', '-ksS', '-D-', *authopts, 'https://localhost:9090/cockpit/login'])
-            for s in expected:
-                self.assertIn(s, output)
-            for s in (not_expected or []):
-                self.assertNotIn(s, output)
+
+            def try_auth():
+                output = m.execute(['curl', '-ksS', '-D-', *authopts, 'https://localhost:9090/cockpit/login'])
+                for s in expected:
+                    self.assertIn(s, output)
+                for s in (not_expected or []):
+                    self.assertNotIn(s, output)
+                return True
+
+            if retry:
+                testlib.wait(try_auth, delay=5, tries=10)
+            else:
+                try_auth()
 
             # sessions/users often hang around in State=closing for a long time, ignore these
             if session_leader:
@@ -427,11 +435,13 @@ class CommonTests:
 
         # from sssd
         self.allow_journal_messages("alice is not allowed to run sudo on x0.  This incident will be reported.")
+        # occasional intermediate error during password auth
+        self.allow_journal_messages("cockpit-session: user account access failed: 4 alice: System error")
 
         # cert auth should not be enabled by default
         do_test(alice_cert_key, ["HTTP/1.1 401 Authentication required", '"authorize"'])
-        # password auth should work
-        do_test(alice_user_pass, ['HTTP/1.1 200 OK', '"csrf-token"'], session_leader='cockpit-session')
+        # password auth should work (but might need to be retried)
+        do_test(alice_user_pass, ['HTTP/1.1 200 OK', '"csrf-token"'], session_leader='cockpit-session', retry=True)
 
         # enable cert based auth
         m.write("/etc/cockpit/cockpit.conf", '[WebService]\nClientCertAuthentication = true\n', append=True)