Add unit test and fix code for ppolicy grace (#1691)
This commit is contained in:
parent
01ab88ba57
commit
502a32e257
|
@ -207,9 +207,7 @@ sub userBind {
|
||||||
|
|
||||||
# Get expiration warning and graces
|
# Get expiration warning and graces
|
||||||
if ( $resp->grace_authentications_remaining ) {
|
if ( $resp->grace_authentications_remaining ) {
|
||||||
|
$req->info(
|
||||||
# TODO
|
|
||||||
$self->info(
|
|
||||||
$self->{portal}->loadTemplate(
|
$self->{portal}->loadTemplate(
|
||||||
'ldapPpGrace',
|
'ldapPpGrace',
|
||||||
params => {
|
params => {
|
||||||
|
|
|
@ -7,7 +7,7 @@ require 't/test-lib.pm';
|
||||||
use lib 't/lib';
|
use lib 't/lib';
|
||||||
|
|
||||||
my $res;
|
my $res;
|
||||||
my $maintests = 22;
|
my $maintests = 24;
|
||||||
|
|
||||||
SKIP: {
|
SKIP: {
|
||||||
skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} );
|
skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} );
|
||||||
|
@ -33,7 +33,7 @@ SKIP: {
|
||||||
);
|
);
|
||||||
use Lemonldap::NG::Portal::Main::Constants 'PE_PP_CHANGE_AFTER_RESET',
|
use Lemonldap::NG::Portal::Main::Constants 'PE_PP_CHANGE_AFTER_RESET',
|
||||||
'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
|
'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
|
||||||
'PE_PP_PASSWORD_TOO_SHORT';
|
'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE';
|
||||||
|
|
||||||
# 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
|
# 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
|
||||||
# ------------------------------------------------------------
|
# ------------------------------------------------------------
|
||||||
|
@ -46,7 +46,7 @@ SKIP: {
|
||||||
my $code = $tpl->[1];
|
my $code = $tpl->[1];
|
||||||
my $postString = "user=$user&password=$user";
|
my $postString = "user=$user&password=$user";
|
||||||
|
|
||||||
# Try yo authenticate
|
# Try to authenticate
|
||||||
# -------------------
|
# -------------------
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_post(
|
$res = $client->_post(
|
||||||
|
@ -91,13 +91,32 @@ SKIP: {
|
||||||
expectCookie($res) or print STDERR Dumper($res);
|
expectCookie($res) or print STDERR Dumper($res);
|
||||||
}
|
}
|
||||||
|
|
||||||
# 2 - TEST PE_PP_ACCOUNT_LOCKED
|
# 2 - TEST PE_PP_GRACE
|
||||||
|
# -------------------------
|
||||||
|
my $user = 'grace';
|
||||||
|
my $code = "ppGrace";
|
||||||
|
my $postString = "user=$user&password=$user";
|
||||||
|
|
||||||
|
# Try to authenticate
|
||||||
|
# -------------------
|
||||||
|
ok(
|
||||||
|
$res = $client->_post(
|
||||||
|
'/', IO::String->new($postString),
|
||||||
|
length => length($postString),
|
||||||
|
accept => 'text/html',
|
||||||
|
),
|
||||||
|
'Auth query'
|
||||||
|
);
|
||||||
|
my $match = 'trmsg="' . $code . '"';
|
||||||
|
ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' );
|
||||||
|
|
||||||
|
# 3 - TEST PE_PP_ACCOUNT_LOCKED
|
||||||
# -------------------------
|
# -------------------------
|
||||||
my $user = 'lock';
|
my $user = 'lock';
|
||||||
my $code = PE_PP_ACCOUNT_LOCKED;
|
my $code = PE_PP_ACCOUNT_LOCKED;
|
||||||
my $postString = "user=$user&password=$user";
|
my $postString = "user=$user&password=$user";
|
||||||
|
|
||||||
# Try yo authenticate
|
# Try to authenticate
|
||||||
# -------------------
|
# -------------------
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_post(
|
$res = $client->_post(
|
||||||
|
@ -124,13 +143,13 @@ SKIP: {
|
||||||
$match = 'trmsg="' . PE_PASSWORD_OK . '"';
|
$match = 'trmsg="' . PE_PASSWORD_OK . '"';
|
||||||
ok( $res->[2]->[0] !~ /$match/s, 'Password is not changed' );
|
ok( $res->[2]->[0] !~ /$match/s, 'Password is not changed' );
|
||||||
|
|
||||||
# 3 - TEST PE_PP_PASSWORD_TOO_SHORT
|
# 4 - TEST PE_PP_PASSWORD_TOO_SHORT
|
||||||
# ---------------------------------
|
# ---------------------------------
|
||||||
$user = 'short';
|
$user = 'short';
|
||||||
$code = PE_PP_PASSWORD_TOO_SHORT;
|
$code = PE_PP_PASSWORD_TOO_SHORT;
|
||||||
$postString = "user=$user&password=passwordnottooshort";
|
$postString = "user=$user&password=passwordnottooshort";
|
||||||
|
|
||||||
# Try yo authenticate
|
# Try to authenticate
|
||||||
# -------------------
|
# -------------------
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_post(
|
$res = $client->_post(
|
||||||
|
|
|
@ -86,6 +86,16 @@ mail: short@badwolf.org
|
||||||
userPassword: passwordnottooshort
|
userPassword: passwordnottooshort
|
||||||
pwdPolicySubentry: cn=passwordshort,ou=ppolicies,dc=example,dc=com
|
pwdPolicySubentry: cn=passwordshort,ou=ppolicies,dc=example,dc=com
|
||||||
|
|
||||||
|
dn: uid=grace,ou=users,dc=example,dc=com
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
uid: grace
|
||||||
|
cn: grace
|
||||||
|
sn: grace
|
||||||
|
mail: grace@badwolf.org
|
||||||
|
userPassword: grace
|
||||||
|
pwdPolicySubentry: cn=passwordgrace,ou=ppolicies,dc=example,dc=com
|
||||||
|
pwdChangedTime: 20190101000000Z
|
||||||
|
|
||||||
dn: ou=ppolicies,dc=example,dc=com
|
dn: ou=ppolicies,dc=example,dc=com
|
||||||
objectClass: top
|
objectClass: top
|
||||||
objectClass: organizationalUnit
|
objectClass: organizationalUnit
|
||||||
|
@ -128,3 +138,13 @@ pwdAllowUserChange: TRUE
|
||||||
pwdCheckQuality: 2
|
pwdCheckQuality: 2
|
||||||
pwdMinLength: 6
|
pwdMinLength: 6
|
||||||
|
|
||||||
|
dn: cn=passwordgrace,ou=ppolicies,dc=example,dc=com
|
||||||
|
objectClass: device
|
||||||
|
objectClass: pwdPolicy
|
||||||
|
cn: passwordgrace
|
||||||
|
pwdAttribute: userPassword
|
||||||
|
pwdAllowUserChange: TRUE
|
||||||
|
pwdCheckQuality: 0
|
||||||
|
pwdMaxAge: 5
|
||||||
|
pwdGraceAuthnLimit: 2
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user