1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2016 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
import logging
import pytest
from lib389.tasks import *
from lib389.topologies import topology_st
from lib389._constants import PASSWORD, DEFAULT_SUFFIX
from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES
pytestmark = pytest.mark.tier1
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
@pytest.mark.bz918684
@pytest.mark.ds394
def test_password_delete_specific_password(topology_st):
"""Delete a specific userPassword, and make sure
it is actually deleted from the entry
:id: 800f432a-52ab-4661-ac66-a2bdd9b984d6
:setup: Standalone instance
:steps:
1. Add a user with userPassword attribute in cleartext
2. Delete the added value of userPassword attribute
3. Check if the userPassword attribute is deleted
4. Delete the user
:expectedresults:
1. The user with userPassword in cleartext should be added successfully
2. Operation should be successful
3. UserPassword should be deleted
4. The user should be successfully deleted
"""
log.info('Running test_password_delete_specific_password...')
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
user = users.create(properties=TEST_USER_PROPERTIES)
#
# Add a test user with a password
#
user.set('userpassword', PASSWORD)
#
# Delete the exact password
#
user.remove('userpassword', PASSWORD)
#
# Check the password is actually deleted
#
assert not user.present('userPassword')
log.info('test_password_delete_specific_password: PASSED')
def test_password_modify_non_utf8(topology_st):
"""Attempt a modify of the userPassword attribute with
an invalid non utf8 value
:id: a31af9d5-d665-42b9-8d6e-fea3d0837d36
:setup: Standalone instance
:steps:
1. Add a user if it doesnt exist and set its password
2. Verify password with a bind
3. Modify userPassword attr with invalid value
4. Attempt a bind with invalid password value
5. Verify original password with a bind
:expectedresults:
1. The user with userPassword should be added successfully
2. Operation should be successful
3. Server returns ldap.UNWILLING_TO_PERFORM
4. Server returns ldap.INVALID_CREDENTIALS
5. Operation should be successful
"""
log.info('Running test_password_modify_non_utf8...')
# Create user and set password
standalone = topology_st.standalone
users = UserAccounts(standalone, DEFAULT_SUFFIX)
if not users.exists(TEST_USER_PROPERTIES['uid'][0]):
user = users.create(properties=TEST_USER_PROPERTIES)
else:
user = users.get(TEST_USER_PROPERTIES['uid'][0])
user.set('userpassword', PASSWORD)
# Verify password
try:
user.bind(PASSWORD)
except ldap.LDAPError as e:
log.fatal('Failed to bind as {}, error: '.format(user.dn) + e.args[0]['desc'])
assert False
# Modify userPassword with an invalid value
password = b'tes\x82t-password' # A non UTF-8 encoded password
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
user.replace('userpassword', password)
# Verify a bind fails with invalid pasword
with pytest.raises(ldap.INVALID_CREDENTIALS):
user.bind(password)
# Verify we can still bind with original password
try:
user.bind(PASSWORD)
except ldap.LDAPError as e:
log.fatal('Failed to bind as {}, error: '.format(user.dn) + e.args[0]['desc'])
assert False
log.info('test_password_modify_non_utf8: PASSED')
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s %s" % CURRENT_FILE)
|
