def test_too_big_password(topo, _fix_password):
"""Test for long long password
:id: 299a3fb4-5a20-11ea-bba8-8c16451d917b
:setup: Standalone
:steps:
1. Setting policy to keep password histories
2. Changing number of password in history to 3
3. Modify password from dby3rs1 to dby3rs2
4. Checking that the passwordhistory attribute has been added
5. Add a password test for long long password
6. Changing number of password in history to 6 and passwordhistory off
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
"""
config = Config(topo.standalone)
# Setting policy to keep password histories
config.replace_many(('passwordchecksyntax', 'off'),
('passwordhistory', 'on'))
assert config.get_attr_val_utf8('passwordinhistory') == '6'
# Changing number of password in history to 3
config.replace('passwordinhistory', '3')
# Modify password from dby3rs1 to dby3rs2
_change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1', 'dbyers2')
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers2', 'dbyers1')
# Checking that the passwordhistory attribute has been added
assert UserAccount(
topo.standalone,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}').get_attr_val_utf8(
'passwordhistory')
# Add a password test for long long password
long_pass = 50 * '0123456789' + 'LENGTH=510'
_change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers2', long_pass)
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
long_pass, long_pass)
_change_password_with_root(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1')
# Changing number of password in history to 6 and passwordhistory off
config.replace_many(('passwordhistory', 'off'), ('passwordinhistory', '6'))
def test_pwminage(topo, _fix_password):
"""Test pwminage
:id: 2df7bf32-5a20-11ea-ad23-8c16451d917b
:setup: Standalone
:steps:
1. Get pwminage; should be 0 currently
2. Sets policy to pwminage 3
3. Change current password
4. Try to change password again
5. Try now after 3 secs is up, should work.
:expected results:
1. Success
2. Success
3. Success
4. Fail
5. Success
"""
config = Config(topo.standalone)
# Get pwminage; should be 0 currently
assert config.get_attr_val_utf8('passwordminage') == '0'
# Sets policy to pwminage 3
config.replace('passwordminage', '3')
# Change current password
_change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1', 'dbyers2')
# Try to change password again
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers2', 'dbyers1')
for _ in range(3):
time.sleep(1)
# Try now after 3 secs is up, should work.
_change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers2', 'dbyers1')
config.replace('passwordminage', '0')
def test_invalid_credentials(topo, _fix_password):
"""Test bind again with valid password: We should be locked
:id: 3233ca78-5a20-11ea-8d35-8c16451d917b
:setup: Standalone
:steps:
1. Search if passwordlockout is off
2. Turns on passwordlockout
3. sets lockout duration to 3 seconds
4. Changing pw failure count reset duration to 3 sec and passwordminlength to 10
5. Try to bind with invalid credentials
6. Change password to password lockout forever
7. Try to bind with invalid credentials
8. Now bind again with valid password: We should be locked
9. Delete dby3rs before exiting
10. Reset server
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Fail
6. Success
7. Success
8. Success
9. Success
10. Success
"""
config = Config(topo.standalone)
# Search if passwordlockout is off
assert config.get_attr_val_utf8('passwordlockout') == 'off'
# Turns on passwordlockout
# sets lockout duration to 3 seconds
# Changing pw failure count reset duration to 3 sec and passwordminlength to 10
config.replace_many(
('passwordlockout', 'on'), ('passwordlockoutduration', '3'),
('passwordresetfailurecount', '3'), ('passwordminlength', '10'))
# Try to bind with invalid credentials
for _ in range(3):
with pytest.raises(ldap.INVALID_CREDENTIALS):
_change_password_with_own(
topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}', 'Invalid',
'dbyers1')
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'Invalid', 'dbyers1')
for _ in range(3):
time.sleep(1)
_change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1', 'dbyers1')
# Change password to password lockout forever
config.replace('passwordunlock', 'off')
# Try to bind with invalid credentials
for _ in range(3):
with pytest.raises(ldap.INVALID_CREDENTIALS):
_change_password_with_own(
topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}', 'Invalid',
'dbyers1')
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'Invalid', 'dbyers1')
for _ in range(3):
time.sleep(1)
# Now bind again with valid password: We should be locked
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo,
f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1', 'dbyers1')
# Delete dby3rs before exiting
_change_password_with_root(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1')
time.sleep(1)
_change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
'dbyers1', 'dbyers1')
# Reset server
config.replace_many(
('passwordinhistory', '6'), ('passwordlockout', 'off'),
('passwordlockoutduration', '3600'), ('passwordminlength', '6'),
('passwordresetfailurecount', '600'), ('passwordunlock', 'on'))
