graphdb-workbench-tests 3.1.0-WBM-8 → 3.1.0-plugins1

package/e2e-legacy/ttyg/ttyg-permission.spec.js

@@ -1,9 +1,12 @@
 import {RepositoriesStubs} from "../../stubs/repositories/repositories-stubs";
 import {RepositoriesStub} from "../../stubs/repositories-stub";
-import {UserAndAccessSteps} from "../../steps/setup/user-and-access-steps";
 import {TTYGStubs} from "../../stubs/ttyg/ttyg-stubs";
 import {TTYGViewSteps} from "../../steps/ttyg/ttyg-view-steps";
+import {LoginSteps} from "../../steps/login-steps";
+import {SecurityStubs} from "../../stubs/security-stubs";
+import {RepositorySelectorSteps} from "../../steps/repository-selector-steps";
 
+const REPOSITORY_ID = 'starwars';
 const USER_WITH_ROLE_USER = 'ttyg_user';
 const USER_WITH_ROLE_REPO_MANAGER = 'ttyg_repo_manager';
 const USER_ADMINISTRATOR = 'admin';
@@ -11,42 +14,43 @@ const PASSWORD = 'root';
 const ENABLED = true;
 const DISABLED = false;
 
-/**
- * TODO: Fix me. Broken due to migration (The issue GDB-11317 not implemented)
- */
-describe.skip('TTYG permissions', () => {
-
+describe('TTYG permissions', () => {
 
     before(() => {
-        RepositoriesStubs.stubRepositories(0, '/repositories/get-ttyg-repositories.json');
-        RepositoriesStub.stubBaseEndpoints('starwars');
-        cy.presetRepository('starwars');
+        cy.loginAsAdmin();
         cy.createUser({username: USER_WITH_ROLE_USER, password: PASSWORD});
         cy.createUser({
             username: USER_WITH_ROLE_REPO_MANAGER,
             password: PASSWORD,
             grantedAuthorities: ["ROLE_REPO_MANAGER", "WRITE_REPO_*", "READ_REPO_*"]
         });
-        UserAndAccessSteps.visit();
-        UserAndAccessSteps.toggleSecurity();
+        cy.switchOnSecurity();
     });
 
+    beforeEach(() => {
+        SecurityStubs.spyOnAuthenticatedUser();
+        RepositoriesStubs.stubRepositories(0, '/repositories/get-ttyg-repositories.json');
+        RepositoriesStub.stubBaseEndpoints(REPOSITORY_ID);
+    })
+
     after(() => {
-        UserAndAccessSteps.visit();
-        UserAndAccessSteps.loginWithUser(USER_ADMINISTRATOR, PASSWORD);
-        UserAndAccessSteps.toggleSecurity();
-        cy.deleteUser(USER_WITH_ROLE_USER);
-        cy.deleteUser(USER_WITH_ROLE_REPO_MANAGER);
+        cy.loginAsAdmin();
+        cy.deleteUser(USER_WITH_ROLE_USER, true);
+        cy.deleteUser(USER_WITH_ROLE_REPO_MANAGER, true);
+        cy.switchOffSecurity(true);
     });
 
-    it('should disable all buttons that can modify the agent', () => {
-
+    it('should disable all buttons that can modify the agent when user is with ROLE_USER', () => {
         // When I log in with a user who has the ROLE_USER role, I expect all buttons modifying the agent to be disabled.
         verifyCanCreateAgentForFirstTime(USER_WITH_ROLE_USER, PASSWORD, DISABLED);
+    });
 
+    it('should enable all buttons that can modify the agent when user is with role ROLE_REPO_MANAGER', () => {
         // When I log in with a user who has the ROLE_REPO_MANAGER role, I expect all buttons modifying the agent to be enabled.
         verifyCanCreateAgentForFirstTime(USER_WITH_ROLE_REPO_MANAGER, PASSWORD, ENABLED);
+    });
 
+    it('should enable all buttons that can modify the agent when user is admin', () => {
         // When I log in with a user who is administrator, I expect all buttons modifying the agent to be enabled.
         verifyCanCreateAgentForFirstTime(USER_ADMINISTRATOR, PASSWORD, ENABLED);
     });
@@ -55,7 +59,12 @@ describe.skip('TTYG permissions', () => {
         const shouldBe = enable ? 'be.enabled' : 'be.disabled';
         TTYGStubs.stubAgentListGet('/ttyg/agent/get-agent-list-0.json');
         TTYGViewSteps.visit();
-        UserAndAccessSteps.loginWithUser(user, password);
+        cy.url().should('include', '/login');
+        cy.wait('@get-authenticated-user');
+        cy.wait('@get-authenticated-user');
+        cy.wait('@get-authenticated-user');
+        LoginSteps.loginWithUser(user, password);
+        RepositorySelectorSteps.selectRepository(REPOSITORY_ID);
         TTYGViewSteps.getCreateFirstAgentButton().should(shouldBe);
         TTYGStubs.stubChatsListGet();
         TTYGStubs.stubAgentListGet();
@@ -64,6 +73,5 @@ describe.skip('TTYG permissions', () => {
         TTYGViewSteps.getCreateAgentButton().should(shouldBe);
         TTYGViewSteps.getEditCurrentAgentButton().should(shouldBe);
         TTYGViewSteps.getToggleAgentsSidebarButton().should(shouldBe);
-        UserAndAccessSteps.logout();
     }
 });

package/e2e-legacy/ttyg/ttyg-view.spec.js

@@ -5,7 +5,7 @@ import {ApplicationSteps} from "../../steps/application-steps";
 import {RepositoriesStub} from "../../stubs/repositories-stub";
 
 // TODO: Fix me. Broken due to migration (Error: unknown)
-describe.skip('TTYG view', () => {
+describe('TTYG view', () => {
 
     const repositoryId = 'starwars';
 

package/e2e-security/setup/home/cookie-policy.spec.js

@@ -0,0 +1,64 @@
+import {UserAndAccessSteps} from "../../../steps/setup/user-and-access-steps";
+import {LicenseStubs} from "../../../stubs/license-stubs";
+import {LoginSteps} from "../../../steps/login-steps";
+import {ModalDialogSteps} from "../../../steps/modal-dialog-steps";
+import HomeSteps from "../../../steps/home-steps";
+
+Cypress.env('set_default_user_data', false);
+
+describe('Cookie policy', () => {
+
+    let repository;
+
+    beforeEach(() => {
+        cy.loginAsAdmin().then(() => {
+            cy.switchOffFreeAccess(true);
+            cy.switchOffSecurity(true);
+        });
+        cy.setDefaultUserData(false);
+        LicenseStubs.stubFreeLicense();
+        repository = 'cypress-test-cookie-policy-security-' + Date.now();
+        cy.createRepository({id: repository});
+    });
+
+    afterEach(() => {
+        cy.deleteRepository(repository, true);
+        cy.loginAsAdmin().then(() => {
+            cy.switchOffFreeAccess(true);
+            cy.switchOffSecurity(true);
+            cy.setDefaultUserData();
+        });
+    });
+
+    it('should show the consent popup if free access is on and the user is on the login page', () => {
+        // Given: Security is enabled and free access is on
+        UserAndAccessSteps.visitInProdMode();
+        UserAndAccessSteps.toggleSecurity();
+        LoginSteps.loginWithUser('admin', 'root');
+        // And: Free access is enabled
+        UserAndAccessSteps.getFreeAccessSwitchInput().should('not.be.checked');
+        UserAndAccessSteps.toggleFreeAccess();
+        UserAndAccessSteps.clickFreeWriteAccessRepo(repository);
+        ModalDialogSteps.clickOKButton();
+
+        // When: The user visits the login page
+        LoginSteps.visitInProdMode();
+        // Then: The cookie policy popup should be shown
+        HomeSteps.getCookieConsentPopup().should('exist').and('be.visible');
+    });
+
+    it('should not show the consent popup if free access is off and the user is on the login page', () => {
+        // Given: Security is enabled and free access is off
+        UserAndAccessSteps.visitInProdMode();
+        UserAndAccessSteps.toggleSecurity();
+        LoginSteps.loginWithUser('admin', 'root');
+        UserAndAccessSteps.getFreeAccessSwitchInput().should('not.be.checked');
+
+        // When: The user logs out and visits the login page
+        LoginSteps.logout();
+        // Then: The cookie policy popup should not be shown
+        HomeSteps.getCookieConsentPopup().should('not.exist');
+        LoginSteps.visitInProdMode();
+        HomeSteps.getCookieConsentPopup().should('not.exist');
+    });
+});

package/e2e-security/setup/users-and-access/create-user-permissions.spec.js

@@ -0,0 +1,184 @@
+import { MainMenuSteps } from "../../../steps/main-menu-steps";
+import {UserAndAccessSteps} from "../../../steps/setup/user-and-access-steps";
+import { LoginSteps } from "../../../steps/login-steps";
+import {ToasterSteps} from "../../../steps/toaster-steps";
+import {YasqeSteps} from "../../../steps/yasgui/yasqe-steps";
+import {YasrSteps} from "../../../steps/yasgui/yasr-steps";
+
+describe('User Management – Creation, Validation, Permissions & Deletion', () => {
+    let repositoryId;
+    const testPassword = 'P@ssw0rd123!';
+    const testUsername = `testuser-${Date.now()}`;
+
+    beforeEach(() => {
+        // Create and initialize a fresh repository for isolation
+        repositoryId = `repo-${Date.now()}`;
+        cy.createRepository({ id: repositoryId });
+        cy.presetRepository(repositoryId);
+        cy.initializeRepository(repositoryId);
+
+        // Navigate to Users & Access
+        UserAndAccessSteps.visit();
+    });
+
+    afterEach(() => {
+        // Clean up repository
+        cy.deleteRepository(repositoryId);
+    });
+
+    describe('Create a new user – validation', () => {
+        beforeEach(() => {
+            UserAndAccessSteps.clickCreateNewUserButton();
+        });
+
+        it('should show error when username is empty', () => {
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+            UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+            UserAndAccessSteps.confirmUserCreate();
+            UserAndAccessSteps.getUserFieldError('username').should('be.visible').and('contain.text', 'Enter username!');
+        });
+
+        it('should show error when passwords are empty', () => {
+            UserAndAccessSteps.typeUsername(testUsername);
+            UserAndAccessSteps.confirmUserCreate();
+            UserAndAccessSteps.getUserFieldError('password').should('be.visible').and('contain.text', 'Enter password!');
+            UserAndAccessSteps.getUserFieldError('confirmPassword').should('be.visible').and('contain.text', 'Confirm password!');
+        });
+
+        it('should show error when passwords do not match', () => {
+            UserAndAccessSteps.typeUsername(testUsername);
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField('Different123!');
+            UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+            UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+            UserAndAccessSteps.confirmUserCreate();
+            UserAndAccessSteps.getUserFieldError('confirmPassword').should('be.visible').and('contain.text', 'Confirm password!');
+        });
+
+        it('should show error when username duplicates existing one', () => {
+            UserAndAccessSteps.typeUsername('user');
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+            UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+            UserAndAccessSteps.confirmUserCreate();
+
+            cy.url().should('include', '/users');
+            UserAndAccessSteps.clickCreateNewUserButton();
+            UserAndAccessSteps.typeUsername('user');
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+            UserAndAccessSteps.confirmUserCreate();
+
+            ToasterSteps.verifyError('An account with the given username already exists.');
+            cy.deleteUser('user');
+        });
+
+        it('should show error when no repository read access is given', () => {
+            UserAndAccessSteps.typeUsername(testUsername);
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.confirmUserCreate();
+            UserAndAccessSteps.getRepositoryRightsError().should('be.visible').and('contain.text', 'Users should have rights to at least one repository!');
+        });
+
+        it('should show error when custom role is too short', () => {
+            UserAndAccessSteps.typeUsername(testUsername);
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.addTextToCustomRoleField('a');
+            UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+            UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+            UserAndAccessSteps.getCustomRoleFieldError().should('be.visible').and('contain.text', 'Must be at least 2 symbols long');
+        });
+    });
+
+    describe('Create a new user – read/write access', () => {
+        const rwUsername = `rwuser-${Date.now()}`;
+
+        afterEach(() =>{
+            cy.loginAsAdmin();
+            cy.switchOffSecurity(true);
+            cy.deleteUser(rwUsername);
+        })
+
+        it('should create, login, and verify permissions', () => {
+            UserAndAccessSteps.clickCreateNewUserButton();
+            UserAndAccessSteps.typeUsername(rwUsername);
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+            UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+            UserAndAccessSteps.getWriteAccessForRepo(repositoryId).should('be.checked');
+            UserAndAccessSteps.confirmUserCreate();
+            UserAndAccessSteps.toggleSecurity();
+
+            LoginSteps.loginWithUser(rwUsername, testPassword);
+            // RepositorySteps.selectRepoFromDropdown(repositoryId);
+            MainMenuSteps.clickOnSparqlMenu();
+
+            YasqeSteps.clearEditor();
+            const prefix = 'PREFIX ex: <http://example.org/>\n';
+            const query = 'INSERT DATA {\n' +
+                'ex:greeting ex:text "Hello, world!" .\n' +
+                '}';
+            cy.pasteIntoCodeMirror('.CodeMirror', prefix + query);
+            YasqeSteps.executeQueryWithoutWaiteResult();
+            // Verify read access
+            YasrSteps.getResponseInfo()
+                .should('not.have.class', 'hidden')
+                .should('not.have.class', 'empty')
+                .should('be.visible')
+                .should('contain.text', 'Added 1 statements.');
+
+            LoginSteps.logout();
+        });
+    });
+
+    describe('Create a new user – read only access', () => {
+        const roUsername = `rouser-${Date.now()}`;
+
+        afterEach(() =>{
+            cy.loginAsAdmin();
+            cy.switchOffSecurity(true);
+            cy.deleteUser(roUsername);
+        })
+
+        it('should create, login, and verify read-only', () => {
+            UserAndAccessSteps.clickCreateNewUserButton();
+            UserAndAccessSteps.typeUsername(roUsername);
+            UserAndAccessSteps.typePassword(testPassword);
+            UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+            UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+            UserAndAccessSteps.getReadAccessForRepo(repositoryId).should('be.checked');
+            UserAndAccessSteps.getWriteAccessForRepo(repositoryId).should('not.be.checked');
+            UserAndAccessSteps.confirmUserCreate();
+            UserAndAccessSteps.toggleSecurity();
+
+            LoginSteps.loginWithUser(roUsername, testPassword);
+            MainMenuSteps.clickOnSparqlMenu();
+
+            YasqeSteps.clearEditor();
+            const prefix = 'PREFIX ex: <http://example.org/>\n';
+            const query = 'INSERT DATA {\n' +
+                'ex:greeting ex:text "Hello, world!" .\n' +
+                '}';
+            cy.pasteIntoCodeMirror('.CodeMirror', prefix + query);
+            // Verify no write access
+            YasqeSteps.executeErrorQuery();
+
+            YasqeSteps.clearEditor();
+            const readQuery = 'select * where {\n' +
+                '?s ?p ?o .\n' +
+                '} limit 100';
+            cy.pasteIntoCodeMirror('.CodeMirror', readQuery);
+            // Verify read accessorQuery();
+            YasqeSteps.executeQuery();
+
+            LoginSteps.logout();
+        });
+    });
+});

package/e2e-security/setup/users-and-access/graphql-user.spec.js

@@ -0,0 +1,123 @@
+import {UserAndAccessSteps} from "../../../steps/setup/user-and-access-steps";
+import {LoginSteps} from "../../../steps/login-steps";
+import {GraphqlPlaygroundSteps} from "../../../steps/graphql/graphql-playground-steps";
+import {RepositorySteps} from "../../../steps/repository-steps";
+
+describe('GraphQL-only User – Playground Access & Mutation Restriction', () => {
+    let repositoryId;
+    const gqlUsername = `gqluser-${Date.now()}`;
+    const testPassword = 'P@ssw0rd123!';
+    const readQuery = `
+                query StarshipById {
+                  starship(ID: "https://swapi.co/resource/starship/9") {
+                    name
+                  }
+                }
+            `;
+    const mutation = `
+    mutation CreateHuman {
+      create_Human(
+        objects: [
+          {
+            id: "file:/test/onto/vocabulary/Human1",
+            rdfs_label: "New human with specific iri id"
+          }
+        ]
+      ) {
+        human { id }
+        affected_objects { ids }
+      }
+    }
+  `;
+
+    beforeEach(() => {
+        repositoryId = `repo-${Date.now()}`;
+        cy.createRepository({ id: repositoryId });
+        cy.presetRepository(repositoryId);
+        cy.importServerFile(repositoryId, 'swapi-dataset.ttl');
+        cy.uploadGraphqlSchema(repositoryId, 'graphql/soml/swapi-schema.yaml', 'swapi');
+    });
+
+    afterEach(() => {
+        cy.loginAsAdmin();
+        cy.switchOffSecurity(true);
+        cy.deleteUser(gqlUsername);
+        cy.deleteRepository(repositoryId);
+    });
+
+    it('should see only the assigned repo, block SPARQL, allow GraphQL read and forbid writes, and hide create-repo everywhere', () => {
+        UserAndAccessSteps.visit();
+        UserAndAccessSteps.clickCreateNewUserButton();
+        UserAndAccessSteps.typeUsername(gqlUsername);
+        UserAndAccessSteps.typePassword(testPassword);
+        UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+        UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+        UserAndAccessSteps.clickGraphqlAccessRepo(repositoryId);
+        UserAndAccessSteps.confirmUserCreate();
+
+        UserAndAccessSteps.toggleSecurity();
+
+        // Log in as GraphQL-only user
+        LoginSteps.loginWithUser(gqlUsername, testPassword);
+        RepositorySteps.selectRepoFromDropdown(repositoryId);
+        // Verify only the assigned repository appears in endpoints
+        GraphqlPlaygroundSteps.visit();
+        GraphqlPlaygroundSteps.getView().should('be.visible');
+        GraphqlPlaygroundSteps.getQueryEditor().should('be.visible');
+        GraphqlPlaygroundSteps.getSelectedEndpoint().should('have.text', 'swapi');
+        // And I can execute a query on the countries endpoint
+        GraphqlPlaygroundSteps.setInEditor(readQuery);
+        // And I execute the query
+        GraphqlPlaygroundSteps.executeQuery();
+        // Then I get expected result
+        GraphqlPlaygroundSteps.getResponse().should('contain', '"name": "Death Star"');
+
+        // Execute the create_Human mutation → expect errors
+        GraphqlPlaygroundSteps.setInEditor(mutation);
+        GraphqlPlaygroundSteps.executeQuery();
+        GraphqlPlaygroundSteps.getResponse().should('contain.text', 'errors');
+        LoginSteps.logout();
+    });
+
+    it('should allow GraphQL mutation and hide SPARQL/Import/Create-repo menus', () => {
+        UserAndAccessSteps.visit();
+        UserAndAccessSteps.clickCreateNewUserButton();
+        UserAndAccessSteps.typeUsername(gqlUsername);
+        UserAndAccessSteps.typePassword(testPassword);
+        UserAndAccessSteps.typeConfirmPasswordField(testPassword);
+        UserAndAccessSteps.clickReadAccessRepo(repositoryId);
+        UserAndAccessSteps.clickWriteAccessRepo(repositoryId);
+        UserAndAccessSteps.clickGraphqlAccessRepo(repositoryId);
+        UserAndAccessSteps.confirmUserCreate();
+
+        UserAndAccessSteps.toggleSecurity();
+
+        // Log in as the new user
+        LoginSteps.loginWithUser(gqlUsername, testPassword);
+
+        // Select the repo in the navbar
+        RepositorySteps.selectRepoFromDropdown(repositoryId);
+
+        // Visit GraphQL Playground
+        GraphqlPlaygroundSteps.visit();
+        GraphqlPlaygroundSteps.getView().should('be.visible');
+        GraphqlPlaygroundSteps.getQueryEditor().should('be.visible');
+        GraphqlPlaygroundSteps.getSelectedEndpoint().should('have.text', 'swapi');
+
+        // Execute a read query to verify read access
+        GraphqlPlaygroundSteps.setInEditor(readQuery);
+        GraphqlPlaygroundSteps.executeQuery();
+        GraphqlPlaygroundSteps.getResponse()
+            .should('contain.text', '"name": "Death Star"');
+
+        // Execute the mutation and expect success
+        GraphqlPlaygroundSteps.setInEditor(mutation);
+        GraphqlPlaygroundSteps.executeQuery();
+        GraphqlPlaygroundSteps.getResponse()
+            .should('contain.text', 'data')
+            .and('contain.text', 'create_Human')
+            .and('contain.text', 'affected_objects');
+
+        LoginSteps.logout();
+    });
+});

package/e2e-security/setup/users-and-access/repo-admin-role.spec.js

@@ -0,0 +1,69 @@
+import {UserAndAccessSteps} from "../../../steps/setup/user-and-access-steps";
+import {LoginSteps} from "../../../steps/login-steps";
+import {YasqeSteps} from "../../../steps/yasgui/yasqe-steps";
+import {YasrSteps} from "../../../steps/yasgui/yasr-steps";
+import {MainMenuSteps} from "../../../steps/main-menu-steps";
+import HomeSteps from "../../../steps/home-steps";
+import {ActiveRepositoryWidgetSteps} from "../../../steps/widgets/active-repository-widget-steps";
+
+describe('Repository Admin – Permissions and Access Control', () => {
+    const repoAdminUsername = `repoadmin-${Date.now()}`;
+    const password = 'Admin123!';
+    let repositoryId;
+
+    beforeEach(() => {
+        repositoryId = `repo-${Date.now()}`;
+        cy.createRepository({ id: repositoryId });
+        cy.presetRepository(repositoryId);
+        cy.initializeRepository(repositoryId);
+
+        UserAndAccessSteps.visit();
+        UserAndAccessSteps.clickCreateNewUserButton();
+        UserAndAccessSteps.typeUsername(repoAdminUsername);
+        UserAndAccessSteps.typePassword(password);
+        UserAndAccessSteps.typeConfirmPasswordField(password);
+        UserAndAccessSteps.selectRoleRadioButton('#roleRepoAdmin');
+
+        UserAndAccessSteps.getReadAccessForRepo('*').should('be.checked').and('be.disabled');
+        UserAndAccessSteps.getWriteAccessForRepo('*').should('be.checked').and('be.disabled');
+
+        UserAndAccessSteps.confirmUserCreate();
+        UserAndAccessSteps.toggleSecurity();
+    });
+
+    afterEach(() => {
+        cy.loginAsAdmin();
+        cy.switchOffSecurity(true);
+        cy.deleteUser(repoAdminUsername);
+        cy.deleteRepository(repositoryId);
+    });
+
+    it('Repository admin has correct access and restrictions', () => {
+        LoginSteps.loginWithUser(repoAdminUsername, password);
+
+        // SPARQL – read access
+        MainMenuSteps.clickOnSparqlMenu();
+
+        YasqeSteps.getEditor().should('be.visible');
+        YasqeSteps.executeQuery();
+
+        // SPARQL – write access
+        YasqeSteps.clearEditor();
+        const prefix = 'PREFIX ex: <http://example.org/>\n';
+        const query = 'INSERT DATA {\n' +
+            'ex:greeting ex:text "Hello, world!" .\n' +
+            '}';
+        cy.pasteIntoCodeMirror('.CodeMirror', prefix + query);
+        YasqeSteps.executeQueryWithoutWaiteResult();
+        // Verify read access
+        YasrSteps.getResponseInfo()
+            .should('not.have.class', 'hidden')
+            .should('not.have.class', 'empty')
+            .should('be.visible')
+            .should('contain.text', 'Added 1 statements.');
+
+        // Create repo button on homepage should be visible
+        HomeSteps.visit();
+        ActiveRepositoryWidgetSteps.getImportLink().scrollIntoView().should('be.visible').and('not.be.disabled');
+    });
+});

package/e2e-security/setup/users-and-access/turn-on-security-and-password-change.spec.js

@@ -0,0 +1,87 @@
+import {MainMenuSteps} from "../../../steps/main-menu-steps";
+import {UserAndAccessSteps} from "../../../steps/setup/user-and-access-steps";
+import {LoginSteps} from "../../../steps/login-steps";
+import {ToasterSteps} from "../../../steps/toaster-steps";
+
+describe('Turn on Security', () => {
+
+    beforeEach(() => {
+        cy.loginAsAdmin();
+        cy.switchOnSecurity();
+    });
+
+    afterEach(() =>{
+        cy.loginAsAdmin();
+        cy.switchOffSecurity(true);
+    })
+
+  it('should enable security and show login screen with only Help accessible', () => {
+    // Navigate to Users & Access
+    UserAndAccessSteps.visit();
+    // Verify we are redirected to login page
+    cy.url().should('include', '/login');
+    MainMenuSteps.getMenuHelp().should('not.exist');
+    MainMenuSteps.getMenuExplore().should('not.exist');
+    MainMenuSteps.getMenuMonitoring().should('not.exist');
+    MainMenuSteps.getMenuSetup().should('not.exist');
+  });
+
+  it('should reject wrong credentials and accept admin/root', () => {
+    // Attempt login with invalid credentials
+    LoginSteps.visitLoginPage();
+    LoginSteps.loginWithUser('wrongUser', 'wrongPass');
+    // Expect error message
+    ToasterSteps.verifyError('Wrong credentials');
+
+    // Login with correct admin credentials
+    LoginSteps.visitLoginPage();
+    LoginSteps.loginWithUser('admin', 'root');
+    cy.url().should('include', '/');
+  });
+
+  it('should change admin password and enforce new credentials', () => {
+    // Navigate to Users & Access after login
+    UserAndAccessSteps.visit();
+    // Verify we are redirected to login page
+    cy.url().should('include', '/login');
+    LoginSteps.loginWithUser('admin', 'root');
+
+    // Open edit page for admin user
+    UserAndAccessSteps.openEditUserPage('admin');
+
+    // Change password to a new value
+    let newPassword = 'MyNewP@ssw0rd!';
+    UserAndAccessSteps.typePassword(newPassword);
+    UserAndAccessSteps.typeConfirmPasswordField(newPassword);
+    UserAndAccessSteps.confirmUserEdit();
+
+    // Log out
+    LoginSteps.logout();
+    cy.url().should('include', '/login');
+
+    // Attempt login with old password
+    LoginSteps.loginWithUser('admin', 'root');
+    ToasterSteps.verifyError('Wrong credentials');
+
+    // Attempt login with new password
+    LoginSteps.visitLoginPage();
+    LoginSteps.loginWithUser('admin', newPassword);
+    UserAndAccessSteps.visit();
+    // Open edit page for admin user
+    UserAndAccessSteps.openEditUserPage('admin');
+    newPassword = 'root';
+    UserAndAccessSteps.typePassword(newPassword);
+    UserAndAccessSteps.typeConfirmPasswordField(newPassword);
+    UserAndAccessSteps.confirmUserEdit();
+  });
+
+  it('should show toaster when after logging out', () => {
+      UserAndAccessSteps.visit();
+      LoginSteps.loginWithUser('admin', 'root');
+      // Log out
+      LoginSteps.logout();
+      cy.url().should('include', '/login');
+      // Verify toaster message
+      ToasterSteps.verifySuccess('Signed out');
+  })
+});