diff options
| author |   Theo Chatzimichos <tampakrap@gentoo.org> | 2013-08-17 13:59:57 +0200 |
|---|---|---|
| committer | Theo Chatzimichos <tampakrap@gentoo.org> | 2013-08-17 13:59:57 +0200 |
| commit | f5bca785b626acd2cfd72925a89f9ec7e973a09b (patch) | |
| tree | b04bba02df332c543486cb2cfcd52fbfa88a337e /okupy/tests | |
| parent | Handle unknown hashes in secondary-pass code gracefully. (diff) | |
| download | identity.gentoo.org-f5bca785b626acd2cfd72925a89f9ec7e973a09b.tar.gz identity.gentoo.org-f5bca785b626acd2cfd72925a89f9ec7e973a09b.tar.bz2 identity.gentoo.org-f5bca785b626acd2cfd72925a89f9ec7e973a09b.zip | |
Add tests for not removing unknown hashes in secondary password
Diffstat (limited to 'okupy/tests')
| -rw-r--r-- | okupy/tests/unit/secondary_password.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/okupy/tests/unit/secondary_password.py b/okupy/tests/unit/secondary_password.py index bc3faca..4f9e4c6 100644 --- a/okupy/tests/unit/secondary_password.py +++ b/okupy/tests/unit/secondary_password.py @@ -59,6 +59,17 @@ class SecondaryPassword(TestCase): set_secondary_password(request, 'ldaptest') self.assertTrue(ldap_md5_crypt.verify('ldaptest',get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'][0])) + def test_dont_remove_unknown_hashes_while_cleaning_leftovers(self): + leftover = ldap_md5_crypt.encrypt('leftover_password') + self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(leftover) + leftover2 = 'plain_leftover2' + self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(leftover2) + self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)]) + alice = User.objects.create(username='alice', password='ldaptest') + request = set_request(uri='/', user=alice) + set_secondary_password(request, 'ldaptest') + self.assertIn(leftover2, get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword']) + def test_session_and_ldap_secondary_passwords_match(self): self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice')]) alice = User.objects.create(username='alice', password='ldaptest') @@ -87,3 +98,16 @@ class SecondaryPassword(TestCase): request.session['secondary_password'] = cipher.encrypt(secondary_password) remove_secondary_password(request) self.assertTrue(ldap_md5_crypt.verify('ldaptest',get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'][0])) + + def test_dont_remove_unknown_hashes_while_removing_secondary_password(self): + secondary_password = Random.get_random_bytes(48) + secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(secondary_password)) + self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(secondary_password_crypt) + unknown_hash = 'unknown_hash' + self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(unknown_hash) + self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)]) + alice = User.objects.create(username='alice', password='ldaptest') + request = set_request(uri='/', user=alice) + request.session['secondary_password'] = cipher.encrypt(secondary_password) + remove_secondary_password(request) + self.assertIn(unknown_hash, get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword']) |