def smime_user(request):
username = u'alice'
api.Command.user_add(uid=username, givenname=u'Alice', sn=u'SMIME',
userpassword=SMIME_USER_INIT_PW)
unlock_principal_password(username, SMIME_USER_INIT_PW, SMIME_USER_PW)
def fin():
api.Command.user_del(username)
request.addfinalizer(fin)
return username
def test_delete(self, globalCfg, userCfg, allowDelLast, user):
"""
Test the deletion of the last otp token
The user auth type can be defined at a global level, or
per-user if the override is not disabled.
Depending on the resulting setting, the deletion of last token
is allowed or forbidden.
"""
# Save current global config
result = api.Command.config_show()
current_globalCfg = result.get('ipauserauthtype', None)
try:
# Set the global config for the test
api.Command.config_mod(ipauserauthtype=globalCfg)
except errors.EmptyModlist:
pass
try:
user.ensure_exists()
api.Command.user_mod(user.name, userpassword=user_password)
unlock_principal_password(user.name,
user_password, user_password)
# Set the user config for the test
api.Command.user_mod(user.name, ipauserauthtype=userCfg)
# Connect as user, create and delete the token
with change_principal(user.name, user_password):
api.Command.otptoken_add(u'lastotp', description=u'last otp',
ipatokenowner=user.name)
if allowDelLast:
# We are expecting the del command to succeed
api.Command.otptoken_del(u'lastotp')
else:
# We are expecting the del command to fail
with pytest.raises(errors.DatabaseError):
api.Command.otptoken_del(u'lastotp')
finally:
# Make sure the token is removed
try:
api.Command.otptoken_del(u'lastotp',)
except errors.NotFound:
pass
# Restore the previous ipauserauthtype
try:
api.Command.config_mod(ipauserauthtype=current_globalCfg)
except errors.EmptyModlist:
pass
def test_authenticate_with_user_alias(self, krbalias_user):
krbalias_user.ensure_exists()
alias = u"{name}-alias".format(name=krbalias_user.name)
krbalias_user.add_principal(alias)
oldpw, newpw = u"Secret1234", u"Secret123"
pwdmod = krbalias_user.make_update_command({'userpassword': oldpw})
pwdmod()
unlock_principal_password(krbalias_user.name, oldpw, newpw)
with change_principal(alias, newpw, canonicalize=True):
api.Command.ping()
def test_authenticate_with_user_alias(self, krbalias_user):
krbalias_user.ensure_exists()
alias = u"{name}-alias".format(name=krbalias_user.name)
krbalias_user.add_principal(alias)
oldpw, newpw = u"Secret1234", u"Secret123"
pwdmod = krbalias_user.make_update_command({'userpassword': oldpw})
pwdmod()
unlock_principal_password(krbalias_user.name, oldpw, newpw)
with change_principal(alias, newpw, canonicalize=True):
api.Command.ping()
def test_whoami_users(self, krb_user):
"""
Testing whoami as user
"""
krb_user.ensure_exists()
pwdmod = krb_user.make_update_command({'userpassword': self.oldpw})
pwdmod()
unlock_principal_password(krb_user.name, self.oldpw, self.newpw)
with change_principal(krb_user.name, self.newpw):
result = api.Command.whoami()
expected = {u'object': u'user',
u'command': u'user_show/1',
u'arguments': (krb_user.name,)}
assert_deepequal(expected, result)
def test_whoami_users(self, krb_user):
"""
Testing whoami as user
"""
krb_user.ensure_exists()
pwdmod = krb_user.make_update_command({'userpassword': self.oldpw})
pwdmod()
unlock_principal_password(krb_user.name, self.oldpw, self.newpw)
with change_principal(krb_user.name, self.newpw):
result = api.Command.whoami()
expected = {
u'object': u'user',
u'command': u'user_show/1',
u'arguments': (krb_user.name, )
}
assert_deepequal(expected, result)
def certmap_user_permissions(request, bindtype_permission):
tmp_password = u'Initial123'
priv_name = u'test_certmap_privilege'
role_name = u'test_certmap_role'
api.Command.user_add(CERTMAP_USER,
givenname=u'Certmap',
sn=u'User',
userpassword=tmp_password)
unlock_principal_password(CERTMAP_USER, tmp_password, CERTMAP_PASSWD)
api.Command.privilege_add(priv_name)
for perm_name in request.param:
# add to privilege for user
api.Command.privilege_add_permission(priv_name, permission=perm_name)
api.Command.role_add(role_name)
api.Command.role_add_privilege(role_name, privilege=priv_name)
api.Command.role_add_member(role_name, user=CERTMAP_USER)
def finalize():
try:
api.Command.user_del(CERTMAP_USER)
except Exception:
pass
try:
api.Command.role_del(role_name)
except Exception:
pass
try:
api.Command.privilege_del(priv_name)
except Exception:
pass
request.addfinalizer(finalize)
return request.param
def certmap_user_permissions(request, bindtype_permission):
tmp_password = u'Initial123'
priv_name = u'test_certmap_privilege'
role_name = u'test_certmap_role'
api.Command.user_add(CERTMAP_USER, givenname=u'Certmap', sn=u'User',
userpassword=tmp_password)
unlock_principal_password(CERTMAP_USER, tmp_password,
CERTMAP_PASSWD)
api.Command.privilege_add(priv_name)
for perm_name in request.param:
# add to privilege for user
api.Command.privilege_add_permission(priv_name, permission=perm_name)
api.Command.role_add(role_name)
api.Command.role_add_privilege(role_name, privilege=priv_name)
api.Command.role_add_member(role_name, user=CERTMAP_USER)
def finalize():
try:
api.Command.user_del(CERTMAP_USER)
except Exception:
pass
try:
api.Command.role_del(role_name)
except Exception:
pass
try:
api.Command.privilege_del(priv_name)
except Exception:
pass
request.addfinalizer(finalize)
return request.param
