Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b5e4fca0b9
Branches Tags
389-ds-base
/
src
/
lib389
/
lib389
/
tests
/
idm
/
account_test.py

account_test.py 2.1 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. # --- BEGIN COPYRIGHT BLOCK ---
    2. 

  2. # Copyright (C) 2017 Red Hat, Inc.
    3. 

  3. # Copyright (C) 2019 William Brown <[email protected]>
    4. 

  4. # All rights reserved.
    5. 

  5. #
    6. 

  6. # License: GPL (version 3 or any later version).
    7. 

  7. # See LICENSE for details.
    8. 

  8. # --- END COPYRIGHT BLOCK ---
    9. 

  9. #
    10. 

  10. 

  11. 

  12. import os
    13. 

  13. import pytest
    14. 

  14. import ldap
    15. 

  15. 

  16. from lib389.idm.user import UserAccounts, nsUserAccounts
    17. 

  17. from lib389.topologies import topology_st as topology
    18. 

  18. from lib389._constants import DEFAULT_SUFFIX
    19. 

  19. 

  20. def test_account_locking(topology):
    21. 

  21.     """
    22. 

  22.     Ensure that user and group management works as expected.
    23. 

  23.     """
    24. 

  24.     users = UserAccounts(topology.standalone, DEFAULT_SUFFIX)
    25. 

  25. 

  26.     user_properties = {
    27. 

  27.         'uid': 'testuser',
    28. 

  28.         'cn' : 'testuser',
    29. 

  29.         'sn' : 'user',
    30. 

  30.         'uidNumber' : '1000',
    31. 

  31.         'gidNumber' : '2000',
    32. 

  32.         'homeDirectory' : '/home/testuser',
    33. 

  33.         'userPassword' : 'password'
    34. 

  34.     }
    35. 

  35.     testuser = users.create(properties=user_properties)
    36. 

  36. 

  37.     assert(testuser.is_locked() is False)
    38. 

  38.     testuser.lock()
    39. 

  39.     assert(testuser.is_locked() is True)
    40. 

  40. 

  41.     # Check a bind fails
    42. 

  42.     with pytest.raises(ldap.UNWILLING_TO_PERFORM):
    43. 

  43.         conn = testuser.bind('password')
    44. 

  44.         conn.unbind_s()
    45. 

  45. 

  46.     testuser.unlock()
    47. 

  47.     assert(testuser.is_locked() is False)
    48. 

  48. 

  49.     # Check the bind works.
    50. 

  50.     conn = testuser.bind('password')
    51. 

  51.     conn.unbind_s()
    52. 

  52. 

  53. def test_account_reset_pw(topology):
    54. 

  54.     users = nsUserAccounts(topology.standalone, DEFAULT_SUFFIX)
    55. 

  55.     testuser = users.create_test_user(uid=1001)
    56. 

  56. 

  57.     # Make sure they are unlocked.
    58. 

  58.     testuser.unlock()
    59. 

  59. 

  60.     testuser.reset_password("test_password")
    61. 

  61. 

  62.     # Assert we can bind as the new PW
    63. 

  63.     c = testuser.bind('test_password')
    64. 

  64.     c.unbind_s()
    65. 

  65. 

  66. 

  67. def test_account_change_pw(topology):
    68. 

  68.     # This test requires a secure connection
    69. 

  69.     topology.standalone.enable_tls()
    70. 

  70. 

  71.     users = nsUserAccounts(topology.standalone, DEFAULT_SUFFIX)
    72. 

  72.     testuser = users.create_test_user(uid=1002)
    73. 

  73. 

  74.     # Make sure they are unlocked.
    75. 

  75.     testuser.unlock()
    76. 

  76. 

  77.     testuser.reset_password('password')
    78. 

  78.     testuser.change_password('password', "test_password")
    79. 

  79. 

  80.     # Assert we can bind as the new PW
    81. 

  81.     c = testuser.bind('test_password')
    82. 

  82.     c.unbind_s()
    83.