Add unit test and fix code for ppolicy grace (#1691)

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm

@@ -207,9 +207,7 @@ sub userBind {
 
             # Get expiration warning and graces
             if ( $resp->grace_authentications_remaining ) {
-
-                # TODO
-                $self->info(
+                $req->info(
                     $self->{portal}->loadTemplate(
                         'ldapPpGrace',
                         params => {

lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t

@@ -7,7 +7,7 @@ require 't/test-lib.pm';
 use lib 't/lib';
 
 my $res;
-my $maintests = 22;
+my $maintests = 24;
 
 SKIP: {
     skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} );
@@ -33,7 +33,7 @@ SKIP: {
     );
     use Lemonldap::NG::Portal::Main::Constants 'PE_PP_CHANGE_AFTER_RESET',
       'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
-      'PE_PP_PASSWORD_TOO_SHORT';
+      'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE';
 
     # 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
     # ------------------------------------------------------------
@@ -46,7 +46,7 @@ SKIP: {
         my $code       = $tpl->[1];
         my $postString = "user=$user&password=$user";
 
-        # Try yo authenticate
+        # Try to authenticate
         # -------------------
         ok(
             $res = $client->_post(
@@ -91,13 +91,32 @@ SKIP: {
         expectCookie($res) or print STDERR Dumper($res);
     }
 
-    # 2 - TEST PE_PP_ACCOUNT_LOCKED
+    # 2 - TEST PE_PP_GRACE
+    # -------------------------
+    my $user       = 'grace';
+    my $code       = "ppGrace";
+    my $postString = "user=$user&password=$user";
+
+    # Try to authenticate
+    # -------------------
+    ok(
+        $res = $client->_post(
+            '/', IO::String->new($postString),
+            length => length($postString),
+            accept => 'text/html',
+        ),
+        'Auth query'
+    );
+    my $match = 'trmsg="' . $code . '"';
+    ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' );
+
+    # 3 - TEST PE_PP_ACCOUNT_LOCKED
     # -------------------------
     my $user       = 'lock';
     my $code       = PE_PP_ACCOUNT_LOCKED;
     my $postString = "user=$user&password=$user";
 
-    # Try yo authenticate
+    # Try to authenticate
     # -------------------
     ok(
         $res = $client->_post(
@@ -124,13 +143,13 @@ SKIP: {
     $match = 'trmsg="' . PE_PASSWORD_OK . '"';
     ok( $res->[2]->[0] !~ /$match/s, 'Password is not changed' );
 
-    # 3 - TEST PE_PP_PASSWORD_TOO_SHORT
+    # 4 - TEST PE_PP_PASSWORD_TOO_SHORT
     # ---------------------------------
     $user       = 'short';
     $code       = PE_PP_PASSWORD_TOO_SHORT;
     $postString = "user=$user&password=passwordnottooshort";
 
-    # Try yo authenticate
+    # Try to authenticate
     # -------------------
     ok(
         $res = $client->_post(

lemonldap-ng-portal/t/testslapd/users.ldif

@@ -86,6 +86,16 @@ mail: short@badwolf.org
 userPassword: passwordnottooshort
 pwdPolicySubentry: cn=passwordshort,ou=ppolicies,dc=example,dc=com
 
+dn: uid=grace,ou=users,dc=example,dc=com
+objectClass: inetOrgPerson
+uid: grace
+cn: grace
+sn: grace
+mail: grace@badwolf.org
+userPassword: grace
+pwdPolicySubentry: cn=passwordgrace,ou=ppolicies,dc=example,dc=com
+pwdChangedTime: 20190101000000Z
+
 dn: ou=ppolicies,dc=example,dc=com
 objectClass: top
 objectClass: organizationalUnit
@@ -128,3 +138,13 @@ pwdAllowUserChange: TRUE
 pwdCheckQuality: 2
 pwdMinLength: 6
 
+dn: cn=passwordgrace,ou=ppolicies,dc=example,dc=com
+objectClass: device
+objectClass: pwdPolicy
+cn: passwordgrace
+pwdAttribute: userPassword
+pwdAllowUserChange: TRUE
+pwdCheckQuality: 0
+pwdMaxAge: 5
+pwdGraceAuthnLimit: 2
+