| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.directory.server.operations.extended; |
| |
| |
| import static org.apache.directory.server.core.integ.IntegrationUtils.getAdminNetworkConnection; |
| import static org.apache.directory.server.core.integ.IntegrationUtils.getAnonymousNetworkConnection; |
| import static org.apache.directory.server.core.integ.IntegrationUtils.getNetworkConnectionAs; |
| import static org.junit.Assert.assertEquals; |
| import static org.junit.Assert.assertNotNull; |
| import static org.junit.Assert.assertNull; |
| import static org.junit.Assert.assertFalse; |
| import static org.junit.Assert.assertTrue; |
| import static org.junit.Assert.fail; |
| |
| import org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyRequest; |
| import org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyRequestImpl; |
| import org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyResponse; |
| import org.apache.directory.api.ldap.model.constants.SchemaConstants; |
| import org.apache.directory.api.ldap.model.entry.Attribute; |
| import org.apache.directory.api.ldap.model.entry.DefaultEntry; |
| import org.apache.directory.api.ldap.model.entry.Entry; |
| import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException; |
| import org.apache.directory.api.ldap.model.exception.LdapException; |
| import org.apache.directory.api.ldap.model.message.AddRequest; |
| import org.apache.directory.api.ldap.model.message.AddRequestImpl; |
| import org.apache.directory.api.ldap.model.message.AddResponse; |
| import org.apache.directory.api.ldap.model.message.ResultCodeEnum; |
| import org.apache.directory.api.ldap.model.password.PasswordUtil; |
| import org.apache.directory.api.util.Strings; |
| import org.apache.directory.ldap.client.api.LdapConnection; |
| import org.apache.directory.server.annotations.CreateLdapServer; |
| import org.apache.directory.server.annotations.CreateTransport; |
| import org.apache.directory.server.core.annotations.CreateDS; |
| import org.apache.directory.server.core.api.InterceptorEnum; |
| import org.apache.directory.server.core.authn.AuthenticationInterceptor; |
| import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer; |
| import org.apache.directory.server.core.integ.AbstractLdapTestUnit; |
| import org.apache.directory.server.core.integ.FrameworkRunner; |
| import org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler; |
| import org.junit.Test; |
| import org.junit.runner.RunWith; |
| |
| |
| /** |
| * Test the PwdModify extended operation |
| * |
| * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> |
| */ |
| @RunWith(FrameworkRunner.class) |
| @CreateLdapServer( |
| transports = |
| { @CreateTransport(protocol = "LDAP") }, |
| extendedOpHandlers = |
| { PwdModifyHandler.class }, |
| allowAnonymousAccess = true) |
| @CreateDS(name = "PasswordPolicyTest") |
| public class PwdModifyNoPPNoPasswordHashingIT extends AbstractLdapTestUnit |
| { |
| /** |
| * Add a user with a password |
| */ |
| private void addUser( LdapConnection adminConnection, String user, Object password ) throws Exception |
| { |
| Entry userEntry = new DefaultEntry( |
| "cn=" + user + ",ou=system", |
| "ObjectClass: top", |
| "ObjectClass: person", |
| "cn", user, |
| "sn", user + "_sn", |
| "userPassword", password ); |
| |
| AddRequest addRequest = new AddRequestImpl(); |
| addRequest.setEntry( userEntry ); |
| |
| AddResponse addResp = adminConnection.add( addRequest ); |
| assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() ); |
| } |
| |
| |
| /** |
| * Add a user with no password |
| */ |
| private void addUserNoPassword( LdapConnection adminConnection, String user ) throws Exception |
| { |
| Entry userEntry = new DefaultEntry( |
| "cn=" + user + ",ou=system", |
| "ObjectClass: top", |
| "ObjectClass: person", |
| "cn", user, |
| "sn", user + "_sn" ); |
| |
| AddRequest addRequest = new AddRequestImpl(); |
| addRequest.setEntry( userEntry ); |
| |
| AddResponse addResp = adminConnection.add( addRequest ); |
| assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() ); |
| } |
| |
| |
| /** |
| * Add a user with 2 passwords |
| */ |
| private void addUser2Passwords( LdapConnection adminConnection, String user, Object password1, Object password2 ) throws Exception |
| { |
| Entry userEntry = new DefaultEntry( |
| "cn=" + user + ",ou=system", |
| "ObjectClass: top", |
| "ObjectClass: person", |
| "cn", user, |
| "sn", user + "_sn", |
| "userPassword", password1, |
| "userPassword", password2 ); |
| |
| AddRequest addRequest = new AddRequestImpl(); |
| addRequest.setEntry( userEntry ); |
| |
| AddResponse addResp = adminConnection.add( addRequest ); |
| assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() ); |
| } |
| |
| |
| //----------------------------------------------------------------------------------- |
| // Self password modification with one password |
| //----------------------------------------------------------------------------------- |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is not provided |
| * o the new password is new |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordNoOldNew() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ) ) |
| { |
| Entry user = userConnection.lookup( "cn=user1,ou=system", "modifyTimestamp" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| try ( LdapConnection newUserConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1Bis" ) ) |
| { |
| Entry entry = newUserConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1Bis", userPassword.getString() ); |
| assertNull( user.get( "modifyTimestamp" ) ); |
| assertNotNull( entry.get( "modifyTimestamp" ).getString() ); |
| } |
| } |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is not provided |
| * o the new password exists |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordNoOldNewExists() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| Entry user = userConnection.lookup( "cn=user1,ou=system", "modifyTimestamp" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertNull( user.get( "modifyTimestamp" ) ); |
| assertNull( entry.get( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided |
| * o the new password is new |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordOldNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1Bis" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1Bis", userPassword.getString() ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided, but it's the wrong one |
| * o the new password is new |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordInvalidOldNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret2" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password. Should fail |
| try |
| { |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1Bis" ); |
| fail(); |
| } |
| catch ( LdapAuthenticationException lae ) |
| { |
| // We are fine |
| } |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| |
| // The entry should not have been modified |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided |
| * o the new password is not provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordOldNoNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided |
| * o the new password is already existing |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordOldNewExists() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is not provided |
| * o the new password is not provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwnPasswordNoOldNoNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| //----------------------------------------------------------------------------------- |
| // Self password modification with two passwords |
| //----------------------------------------------------------------------------------- |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is not provided |
| * o the new password is not provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PasswordsNoOldNoNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 2, userPassword.size() ); |
| assertTrue( userPassword.contains( "secret1", "other" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is not provided |
| * o the new password is new |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the end, we will have only one password remaining |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PassworsdNoOldNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| Entry user = userConnection.lookup( "cn=user1,ou=system", "modifyTimestamp" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1Bis" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1Bis", userPassword.getString() ); |
| assertNull( user.get( "modifyTimestamp" ) ); |
| assertNotNull( entry.get( "modifyTimestamp" ).getString() ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is not provided |
| * o the new password exists |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PasswordsNoOldNewExists() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| Entry user = userConnection.lookup( "cn=user1,ou=system", "modifyTimestamp" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 2, userPassword.size() ); |
| assertTrue( userPassword.contains( "secret1", "other" ) ); |
| assertNull( user.get( "modifyTimestamp" ) ); |
| assertNull( entry.get( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided |
| * o the new password is new |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PasswordsOldNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1Bis" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1Bis", userPassword.getString() ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided, but it's the wrong one |
| * o the new password is new |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PasswordsInvalidOldNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret2" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password. Should fail |
| try |
| { |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1Bis" ); |
| fail(); |
| } |
| catch ( LdapAuthenticationException lae ) |
| { |
| // We are fine |
| } |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 2, userPassword.size() ); |
| assertTrue( userPassword.contains( "secret1", "other" ) ); |
| |
| // The entry should not have been modified |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided |
| * o the new password is not provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PasswordsOldNoNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 2, userPassword.size() ); |
| assertTrue( userPassword.contains( "secret1", "other" ) ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password while the user is connected: |
| * o the userIdentity is not provided |
| * o the old password is provided |
| * o the new password is already existing |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains two values |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testModifyOwn2PasswordsOldNewExists() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User1", "secret1", "other" ); |
| |
| // Bind as the user |
| LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), "cn=user1,ou=system", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Rebind with the original password |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User1,ou=system", "secret1" ); |
| |
| Entry entry = userConnection.lookup( "cn=User1,ou=system" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 2, userPassword.size() ); |
| assertTrue( userPassword.contains( "secret1", "other" ) ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| //----------------------------------------------------------------------------------- |
| // Non connected user |
| //----------------------------------------------------------------------------------- |
| /** |
| * Modify an existing user password while the user is not connected |
| */ |
| @Test |
| public void testModifyUserPasswordAnonymous() throws Exception |
| { |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User2", "secret2" ); |
| |
| LdapConnection userConnection = getNetworkConnectionAs( ldapServer, "cn=User2,ou=system", "secret2" ); |
| |
| Entry entry = userConnection.lookup( "cn=User2,ou=system" ); |
| |
| assertNotNull( entry ); |
| |
| userConnection.close(); |
| |
| // Anonymous Bind |
| LdapConnection anonymousConnection = getAnonymousNetworkConnection( getLdapServer() ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User2,ou=system" ) ); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret2" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret2Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) anonymousConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Check that we can now bind using the new credentials |
| userConnection = getNetworkConnectionAs( ldapServer, "cn=User2,ou=system", "secret2Bis" ); |
| |
| entry = userConnection.lookup( "cn=User2,ou=system" ); |
| |
| assertNotNull( entry ); |
| |
| userConnection.close(); |
| anonymousConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Test that the server refuse to generate a password |
| */ |
| @Test |
| public void testOwnGenPassword() throws Exception |
| { |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User6", "secret6" ); |
| |
| // Modify the user with the user account |
| LdapConnection userConnection = getNetworkConnectionAs( ldapServer, "cn=User6,ou=system", "secret6" ); |
| |
| // Now request a new password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User6,ou=system" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) userConnection.extended( pwdModifyRequest ); |
| |
| // We should not be allowed to do that, as the operation is not yet implemented |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| } |
| |
| |
| //----------------------------------------------------------------------------------- |
| // With admin |
| //----------------------------------------------------------------------------------- |
| /** |
| * Modify an existing user password with an admin account |
| */ |
| @Test |
| public void testAdminModifyPassword() throws Exception |
| { |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUserNoPassword( adminConnection, "User4" ); |
| |
| // Modify the user with the admin account |
| Entry entry = adminConnection.lookup( "cn=User4,ou=system" ); |
| |
| assertNotNull( entry ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User4,ou=system" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret4" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| try( LdapConnection userConnection = getNetworkConnectionAs( ldapServer, "cn=User4,ou=system", "secret4" )) |
| { |
| fail(); |
| } |
| catch ( LdapException le ) |
| { |
| // expected |
| } |
| |
| entry = adminConnection.lookup( "cn=User4,ou=system", SchemaConstants.ALL_ATTRIBUTES_ARRAY ); |
| |
| assertNotNull( entry ); |
| assertFalse( entry.containsAttribute( "userPassword" ) ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is not provided |
| * o the new password is not provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testAdminModifyPasswordNoOldNoNew() throws Exception |
| { |
| // Create a user |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| Entry entry = adminConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is not provided |
| * o the new password is provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testAdminModifyPasswordNoOldNew() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1Bis" ) ) |
| { |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1Bis", userPassword.getString() ); |
| assertTrue( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user with no password with admin |
| * o the userIdentity is provided |
| * o the old password is not provided |
| * o the new password is provided |
| * o the entry does not have a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testAdminAddPasswordNoOldNew() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUserNoPassword( adminConnection, "User1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1" ) ) |
| { |
| fail(); |
| } |
| catch ( LdapException le ) |
| { |
| // expected |
| } |
| |
| Entry entry = adminConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertFalse( entry.containsAttribute( "userPassword" ) ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is provided but is invalid |
| * o the new password is provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testAdminModifyPasswordInvalidOldNew() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret2" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret2" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| Entry entry = adminConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is not provided |
| * o the new password is provided but already exist |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testAdminModifyPasswordNoOldNewExists() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1" ) ) |
| { |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is provided |
| * o the new password is provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disable |
| */ |
| @Test |
| public void testAdminModifyPasswordOldNew() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1Bis" ) ) |
| { |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", SchemaConstants.ALL_ATTRIBUTES_ARRAY ); |
| |
| System.out.println( entry ); |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1Bis", userPassword.getString() ); |
| assertTrue( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is provided |
| * o the new password is not provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disable |
| */ |
| @Test |
| public void testAdminModifyPasswordOldNoNew() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1" ) ) |
| { |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", SchemaConstants.ALL_ATTRIBUTES_ARRAY ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with admin |
| * o the userIdentity is provided |
| * o the old password is provided |
| * o the new password is provided |
| * o the entry has a userPassword attribute |
| * o the userPassword attribute contains only one value |
| * |
| * At the same time, PP and passwordHashing interceptor are disabled |
| */ |
| @Test |
| public void testAdminModifyPasswordOldNewExists() throws Exception |
| { |
| // Create a user |
| try ( LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ) ) |
| { |
| addUser( adminConnection, "User1", "secret1" ); |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User1,ou=system" ) ); |
| pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret1" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret1" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| try ( LdapConnection userConnection = getNetworkConnectionAs( getLdapServer(), |
| "cn=user1,ou=system", "secret1" ) ) |
| { |
| Entry entry = userConnection.lookup( "cn=User1,ou=system", "userPassword", "modifyTimestamp" ); |
| |
| assertNotNull( entry ); |
| assertTrue( entry.containsAttribute( "userPassword" ) ); |
| Attribute userPassword = entry.get( "userPassword" ); |
| |
| assertNull( PasswordUtil.findAlgorithm( userPassword.getBytes() ) ); |
| |
| assertEquals( 1, userPassword.size() ); |
| assertEquals( "secret1", userPassword.getString() ); |
| assertFalse( entry.containsAttribute( "modifyTimestamp" ) ); |
| } |
| } |
| } |
| |
| |
| /** |
| * Modify an existing user password with an admin account |
| */ |
| @Test |
| public void testAdminModifyMultiplePassword() throws Exception |
| { |
| AuthenticationInterceptor authenticationInterceptor = ( AuthenticationInterceptor ) getService() |
| .getInterceptor( InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName() ); |
| |
| PpolicyConfigContainer policyContainer = authenticationInterceptor.getPwdPolicyContainer(); |
| authenticationInterceptor.setPwdPolicies( null ); |
| |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser2Passwords( adminConnection, "User5", "secret51", "secret52" ); |
| |
| // Modify the user with the admin account |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User5,ou=system" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret5Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.SUCCESS, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| // Now try to bind with the new password |
| LdapConnection userConnection = getNetworkConnectionAs( ldapServer, "cn=User5,ou=system", "secret5Bis" ); |
| |
| Entry entry = userConnection.lookup( "cn=User5,ou=system" ); |
| |
| assertNotNull( entry ); |
| |
| userConnection.close(); |
| adminConnection.close(); |
| authenticationInterceptor.setPwdPolicies( policyContainer ); |
| } |
| |
| |
| /** |
| * Modify an existing user password with a bad account |
| */ |
| @Test |
| public void testAdminModifyPasswordBadUser() throws Exception |
| { |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User5", "secret5" ); |
| |
| // Modify the user with the admin account |
| |
| // Now change the password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=baduser,ou=system" ) ); |
| pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "secret5Bis" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| assertEquals( ResultCodeEnum.NO_SUCH_OBJECT, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| adminConnection.close(); |
| } |
| |
| |
| /** |
| * Test that the server refuse to generate a password |
| */ |
| @Test |
| public void testAdminGenPassword() throws Exception |
| { |
| LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() ); |
| |
| addUser( adminConnection, "User6", "secret6" ); |
| |
| // Modify the user with the admin account |
| |
| // Now request a new password |
| PasswordModifyRequest pwdModifyRequest = new PasswordModifyRequestImpl(); |
| pwdModifyRequest.setUserIdentity( Strings.getBytesUtf8( "cn=User6,ou=system" ) ); |
| |
| // Send the request |
| PasswordModifyResponse pwdModifyResponse = ( PasswordModifyResponse ) adminConnection.extended( pwdModifyRequest ); |
| |
| // We should not be allowed to do that, as the operation is not yet implemented |
| assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, pwdModifyResponse.getLdapResult().getResultCode() ); |
| |
| adminConnection.close(); |
| } |
| } |