From f801191460bf7736bed389985ada1421529811df Mon Sep 17 00:00:00 2001
From: Noor Eldeen Mansour <nooreldeen.mansour@canonical.com>
Date: Thu, 16 Apr 2026 15:14:07 +0200
Subject: [PATCH 1/5] e2e-tests: Add test for owner login with
 `allowed_users=OWNER`

Test that a user set as broker owner can log in successfully when
`allowed_users` is configured to `OWNER `and the configuration remains
unchanged after login
---
 ...in_as_owner_with_allowed_users_owner.robot | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 e2e-tests/tests/login_as_owner_with_allowed_users_owner.robot

diff --git a/e2e-tests/tests/login_as_owner_with_allowed_users_owner.robot b/e2e-tests/tests/login_as_owner_with_allowed_users_owner.robot
new file mode 100644
index 0000000000..d8b2fb643a
--- /dev/null
+++ b/e2e-tests/tests/login_as_owner_with_allowed_users_owner.robot
@@ -0,0 +1,36 @@
+*** Settings ***
+Resource        resources/utils.resource
+Resource        resources/authd.resource
+
+Resource        resources/broker.resource
+
+# Test Tags       robot:exit-on-failure
+
+Test Setup    utils.Test Setup    snapshot=%{BROKER}-installed
+Test Teardown   utils.Test Teardown
+
+
+*** Variables ***
+${username}    %{E2E_USER}
+${local_password}    qwer1234
+
+
+*** Test Cases ***
+Test that owner can log in with allowed_users set to OWNER
+    [Documentation]    This test verifies that when allowed_users is set to OWNER and the owner is set to the test user, the user can log in successfully and the broker configuration remains unchanged.
+
+    Log In
+
+    # Set allowed_users to OWNER and owner to the test user
+    Change allowed_users In Broker Configuration    OWNER
+    Change Broker Configuration    owner    ${username}
+
+    # Log in with remote user with device authentication
+    Open Terminal
+    Log In With Remote User Through CLI: QR Code    ${username}    ${local_password}
+    Log Out From Terminal Session
+    Close Focused Window
+
+    # Verify that the broker configuration was not changed
+    Open Terminal In Sudo Mode
+    Check Configuration Value    owner    owner = ${username}

From 43b849228e60883b9f49bd35859b476b5a339142 Mon Sep 17 00:00:00 2001
From: Noor Eldeen Mansour <nooreldeen.mansour@canonical.com>
Date: Thu, 16 Apr 2026 15:14:07 +0200
Subject: [PATCH 2/5] e2e-tests: Add test for denied login with empty `owner`

Test that login fails with permission denied when `allowed_users` is set
to `OWNER` but `owner` is explicitly set to an empty value, since no user
can match an empty owner.
---
 ...enied_with_allowed_users_owner_empty.robot | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 e2e-tests/tests/login_denied_with_allowed_users_owner_empty.robot

diff --git a/e2e-tests/tests/login_denied_with_allowed_users_owner_empty.robot b/e2e-tests/tests/login_denied_with_allowed_users_owner_empty.robot
new file mode 100644
index 0000000000..9ee8f4b6ec
--- /dev/null
+++ b/e2e-tests/tests/login_denied_with_allowed_users_owner_empty.robot
@@ -0,0 +1,32 @@
+*** Settings ***
+Resource        resources/utils.resource
+Resource        resources/authd.resource
+
+Resource        resources/broker.resource
+
+# Test Tags       robot:exit-on-failure
+
+Test Setup    utils.Test Setup    snapshot=%{BROKER}-installed
+Test Teardown   utils.Test Teardown
+
+
+*** Variables ***
+${username}    %{E2E_USER}
+
+
+*** Test Cases ***
+Test that login fails with allowed_users set to OWNER and empty owner
+    [Documentation]    This test verifies that when allowed_users is set to OWNER and owner is explicitly set to an empty value, login fails with permission denied because no user can match an empty owner.
+
+    Log In
+
+    # Set allowed_users to OWNER and owner to empty value
+    Change allowed_users In Broker Configuration    OWNER
+    Change Broker Configuration    owner    ${EMPTY}
+
+    # Attempt to log in with remote user
+    Open Terminal
+    Start Log In With Remote User Through CLI: QR Code    ${username}
+    Select Provider
+    Continue Log In With Remote User: Authenticate In External Browser
+    Check That Remote User Is Not Allowed To Log In

From 563cf33cc2887a247e4a57ba75e992488f89b8b4 Mon Sep 17 00:00:00 2001
From: Noor Eldeen Mansour <nooreldeen.mansour@canonical.com>
Date: Mon, 20 Apr 2026 15:37:13 +0200
Subject: [PATCH 3/5] e2e-tests: Add test for login with `allowed_users=ALL`

Test that a remote user can log in successfully when `allowed_users` is configured to `ALL` and the configuration remains unchanged after login.
---
 .../tests/login_with_allowed_users_all.robot  | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 e2e-tests/tests/login_with_allowed_users_all.robot

diff --git a/e2e-tests/tests/login_with_allowed_users_all.robot b/e2e-tests/tests/login_with_allowed_users_all.robot
new file mode 100644
index 0000000000..567f4be93d
--- /dev/null
+++ b/e2e-tests/tests/login_with_allowed_users_all.robot
@@ -0,0 +1,35 @@
+*** Settings ***
+Resource        resources/utils.resource
+Resource        resources/authd.resource
+
+Resource        resources/broker.resource
+
+# Test Tags       robot:exit-on-failure
+
+Test Setup    utils.Test Setup    snapshot=%{BROKER}-installed
+Test Teardown   utils.Test Teardown
+
+
+*** Variables ***
+${username}    %{E2E_USER}
+${local_password}    qwer1234
+
+
+*** Test Cases ***
+Test that any user can log in with allowed_users set to ALL
+    [Documentation]    This test verifies that when allowed_users is set to ALL, any user can log in successfully and the broker configuration remains unchanged.
+
+    Log In
+
+    # Set allowed_users to ALL to allow any user
+    Change allowed_users In Broker Configuration    ALL
+
+    # Log in with remote user with device authentication
+    Open Terminal
+    Log In With Remote User Through CLI: QR Code    ${username}    ${local_password}
+    Log Out From Terminal Session
+    Close Focused Window
+
+    # Verify that the broker configuration was not changed
+    Open Terminal In Sudo Mode
+    Check Configuration Value    allowed_users    allowed_users = ALL

From 3a964d1a87a0cfee66c965753872f7a6388e78d5 Mon Sep 17 00:00:00 2001
From: Noor Eldeen Mansour <nooreldeen.mansour@canonical.com>
Date: Mon, 20 Apr 2026 15:37:13 +0200
Subject: [PATCH 4/5] e2e-tests: Add test for login with matching
 `allowed_users`

Test that a remote user can log in successfully when `allowed_users` is configured to the user name used for login and the configuration remains unchanged after login.
---
 .../login_as_specific_allowed_user.robot      | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 e2e-tests/tests/login_as_specific_allowed_user.robot

diff --git a/e2e-tests/tests/login_as_specific_allowed_user.robot b/e2e-tests/tests/login_as_specific_allowed_user.robot
new file mode 100644
index 0000000000..25dbb10a0d
--- /dev/null
+++ b/e2e-tests/tests/login_as_specific_allowed_user.robot
@@ -0,0 +1,35 @@
+*** Settings ***
+Resource        resources/utils.resource
+Resource        resources/authd.resource
+
+Resource        resources/broker.resource
+
+# Test Tags       robot:exit-on-failure
+
+Test Setup    utils.Test Setup    snapshot=%{BROKER}-installed
+Test Teardown   utils.Test Teardown
+
+
+*** Variables ***
+${username}    %{E2E_USER}
+${local_password}    qwer1234
+
+
+*** Test Cases ***
+Test that user can log in with allowed_users set to their username
+    [Documentation]    This test verifies that when allowed_users is set to the test user's username, the user can log in successfully and the broker configuration remains unchanged.
+
+    Log In
+
+    # Set allowed_users to the test user's username
+    Change allowed_users In Broker Configuration    ${username}
+
+    # Log in with remote user with device authentication
+    Open Terminal
+    Log In With Remote User Through CLI: QR Code    ${username}    ${local_password}
+    Log Out From Terminal Session
+    Close Focused Window
+
+    # Verify that the broker configuration was not changed
+    Open Terminal In Sudo Mode
+    Check Configuration Value    allowed_users    allowed_users = ${username}

From 02dc55e4a207f402d20eb72e185c6bb3b7a0d53d Mon Sep 17 00:00:00 2001
From: Noor Eldeen Mansour <nooreldeen.mansour@canonical.com>
Date: Mon, 20 Apr 2026 15:37:13 +0200
Subject: [PATCH 5/5] e2e-tests: Add test for denied login with mismatched
 `allowed_users`

Test that login fails with permission denied when `allowed_users` is set to a different user than the one attempting to log in.
---
 .../login_denied_as_non_allowed_user.robot    | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 e2e-tests/tests/login_denied_as_non_allowed_user.robot

diff --git a/e2e-tests/tests/login_denied_as_non_allowed_user.robot b/e2e-tests/tests/login_denied_as_non_allowed_user.robot
new file mode 100644
index 0000000000..2f20e1b76f
--- /dev/null
+++ b/e2e-tests/tests/login_denied_as_non_allowed_user.robot
@@ -0,0 +1,31 @@
+*** Settings ***
+Resource        resources/utils.resource
+Resource        resources/authd.resource
+
+Resource        resources/broker.resource
+
+# Test Tags       robot:exit-on-failure
+
+Test Setup    utils.Test Setup    snapshot=%{BROKER}-installed
+Test Teardown   utils.Test Teardown
+
+
+*** Variables ***
+${username}    %{E2E_USER}
+
+
+*** Test Cases ***
+Test that login fails when user is not in allowed_users list
+    [Documentation]    This test verifies that when allowed_users is set to a different user, the test user cannot log in and receives a permission denied error.
+
+    Log In
+
+    # Set allowed_users to a different user that is not the test user
+    Change allowed_users In Broker Configuration    different-user
+
+    # Attempt to log in with remote user
+    Open Terminal
+    Start Log In With Remote User Through CLI: QR Code    ${username}
+    Select Provider
+    Continue Log In With Remote User: Authenticate In External Browser
+    Check That Remote User Is Not Allowed To Log In