def smime_user(request): username = u'alice' api.Command.user_add(uid=username, givenname=u'Alice', sn=u'SMIME', userpassword=SMIME_USER_INIT_PW) unlock_principal_password(username, SMIME_USER_INIT_PW, SMIME_USER_PW) def fin(): api.Command.user_del(username) request.addfinalizer(fin) return username
def test_delete(self, globalCfg, userCfg, allowDelLast, user): """ Test the deletion of the last otp token The user auth type can be defined at a global level, or per-user if the override is not disabled. Depending on the resulting setting, the deletion of last token is allowed or forbidden. """ # Save current global config result = api.Command.config_show() current_globalCfg = result.get('ipauserauthtype', None) try: # Set the global config for the test api.Command.config_mod(ipauserauthtype=globalCfg) except errors.EmptyModlist: pass try: user.ensure_exists() api.Command.user_mod(user.name, userpassword=user_password) unlock_principal_password(user.name, user_password, user_password) # Set the user config for the test api.Command.user_mod(user.name, ipauserauthtype=userCfg) # Connect as user, create and delete the token with change_principal(user.name, user_password): api.Command.otptoken_add(u'lastotp', description=u'last otp', ipatokenowner=user.name) if allowDelLast: # We are expecting the del command to succeed api.Command.otptoken_del(u'lastotp') else: # We are expecting the del command to fail with pytest.raises(errors.DatabaseError): api.Command.otptoken_del(u'lastotp') finally: # Make sure the token is removed try: api.Command.otptoken_del(u'lastotp',) except errors.NotFound: pass # Restore the previous ipauserauthtype try: api.Command.config_mod(ipauserauthtype=current_globalCfg) except errors.EmptyModlist: pass
def test_authenticate_with_user_alias(self, krbalias_user): krbalias_user.ensure_exists() alias = u"{name}-alias".format(name=krbalias_user.name) krbalias_user.add_principal(alias) oldpw, newpw = u"Secret1234", u"Secret123" pwdmod = krbalias_user.make_update_command({'userpassword': oldpw}) pwdmod() unlock_principal_password(krbalias_user.name, oldpw, newpw) with change_principal(alias, newpw, canonicalize=True): api.Command.ping()
def test_whoami_users(self, krb_user): """ Testing whoami as user """ krb_user.ensure_exists() pwdmod = krb_user.make_update_command({'userpassword': self.oldpw}) pwdmod() unlock_principal_password(krb_user.name, self.oldpw, self.newpw) with change_principal(krb_user.name, self.newpw): result = api.Command.whoami() expected = {u'object': u'user', u'command': u'user_show/1', u'arguments': (krb_user.name,)} assert_deepequal(expected, result)
def test_whoami_users(self, krb_user): """ Testing whoami as user """ krb_user.ensure_exists() pwdmod = krb_user.make_update_command({'userpassword': self.oldpw}) pwdmod() unlock_principal_password(krb_user.name, self.oldpw, self.newpw) with change_principal(krb_user.name, self.newpw): result = api.Command.whoami() expected = { u'object': u'user', u'command': u'user_show/1', u'arguments': (krb_user.name, ) } assert_deepequal(expected, result)
def certmap_user_permissions(request, bindtype_permission): tmp_password = u'Initial123' priv_name = u'test_certmap_privilege' role_name = u'test_certmap_role' api.Command.user_add(CERTMAP_USER, givenname=u'Certmap', sn=u'User', userpassword=tmp_password) unlock_principal_password(CERTMAP_USER, tmp_password, CERTMAP_PASSWD) api.Command.privilege_add(priv_name) for perm_name in request.param: # add to privilege for user api.Command.privilege_add_permission(priv_name, permission=perm_name) api.Command.role_add(role_name) api.Command.role_add_privilege(role_name, privilege=priv_name) api.Command.role_add_member(role_name, user=CERTMAP_USER) def finalize(): try: api.Command.user_del(CERTMAP_USER) except Exception: pass try: api.Command.role_del(role_name) except Exception: pass try: api.Command.privilege_del(priv_name) except Exception: pass request.addfinalizer(finalize) return request.param