diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm index 6a0637ab0..a60673339 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm @@ -207,9 +207,7 @@ sub userBind { # Get expiration warning and graces if ( $resp->grace_authentications_remaining ) { - - # TODO - $self->info( + $req->info( $self->{portal}->loadTemplate( 'ldapPpGrace', params => { diff --git a/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t b/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t index 259f6af9b..94e900f14 100644 --- a/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t +++ b/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t @@ -7,7 +7,7 @@ require 't/test-lib.pm'; use lib 't/lib'; my $res; -my $maintests = 22; +my $maintests = 24; SKIP: { skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} ); @@ -33,7 +33,7 @@ SKIP: { ); use Lemonldap::NG::Portal::Main::Constants 'PE_PP_CHANGE_AFTER_RESET', 'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED', - 'PE_PP_PASSWORD_TOO_SHORT'; + 'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE'; # 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED # ------------------------------------------------------------ @@ -46,7 +46,7 @@ SKIP: { my $code = $tpl->[1]; my $postString = "user=$user&password=$user"; - # Try yo authenticate + # Try to authenticate # ------------------- ok( $res = $client->_post( @@ -91,13 +91,32 @@ SKIP: { expectCookie($res) or print STDERR Dumper($res); } - # 2 - TEST PE_PP_ACCOUNT_LOCKED + # 2 - TEST PE_PP_GRACE + # ------------------------- + my $user = 'grace'; + my $code = "ppGrace"; + my $postString = "user=$user&password=$user"; + + # Try to authenticate + # ------------------- + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + accept => 'text/html', + ), + 'Auth query' + ); + my $match = 'trmsg="' . $code . '"'; + ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' ); + + # 3 - TEST PE_PP_ACCOUNT_LOCKED # ------------------------- my $user = 'lock'; my $code = PE_PP_ACCOUNT_LOCKED; my $postString = "user=$user&password=$user"; - # Try yo authenticate + # Try to authenticate # ------------------- ok( $res = $client->_post( @@ -124,13 +143,13 @@ SKIP: { $match = 'trmsg="' . PE_PASSWORD_OK . '"'; ok( $res->[2]->[0] !~ /$match/s, 'Password is not changed' ); - # 3 - TEST PE_PP_PASSWORD_TOO_SHORT + # 4 - TEST PE_PP_PASSWORD_TOO_SHORT # --------------------------------- $user = 'short'; $code = PE_PP_PASSWORD_TOO_SHORT; $postString = "user=$user&password=passwordnottooshort"; - # Try yo authenticate + # Try to authenticate # ------------------- ok( $res = $client->_post( diff --git a/lemonldap-ng-portal/t/testslapd/users.ldif b/lemonldap-ng-portal/t/testslapd/users.ldif index 2cdaf4a03..d5544fff8 100644 --- a/lemonldap-ng-portal/t/testslapd/users.ldif +++ b/lemonldap-ng-portal/t/testslapd/users.ldif @@ -86,6 +86,16 @@ mail: short@badwolf.org userPassword: passwordnottooshort pwdPolicySubentry: cn=passwordshort,ou=ppolicies,dc=example,dc=com +dn: uid=grace,ou=users,dc=example,dc=com +objectClass: inetOrgPerson +uid: grace +cn: grace +sn: grace +mail: grace@badwolf.org +userPassword: grace +pwdPolicySubentry: cn=passwordgrace,ou=ppolicies,dc=example,dc=com +pwdChangedTime: 20190101000000Z + dn: ou=ppolicies,dc=example,dc=com objectClass: top objectClass: organizationalUnit @@ -128,3 +138,13 @@ pwdAllowUserChange: TRUE pwdCheckQuality: 2 pwdMinLength: 6 +dn: cn=passwordgrace,ou=ppolicies,dc=example,dc=com +objectClass: device +objectClass: pwdPolicy +cn: passwordgrace +pwdAttribute: userPassword +pwdAllowUserChange: TRUE +pwdCheckQuality: 0 +pwdMaxAge: 5 +pwdGraceAuthnLimit: 2 +