Imported Upstream version 4.3.1

2021-08-10 02:37:58 +02:00
parent a791de49a2
commit 2f177da8f2
2056 changed files with 421730 additions and 1668138 deletions
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -21,11 +21,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 """
-Test the `ipaserver/plugins/user.py` module.
+Test the `ipalib/plugins/user.py` module.
 """

 import pytest
-import base64
 import datetime
 import ldap
 import re
@@ -34,11 +33,10 @@ from ipalib import api, errors
 from ipatests.test_xmlrpc import objectclasses
 from ipatests.util import (
    assert_deepequal, assert_equal, assert_not_equal, raises)
-from ipatests.test_xmlrpc.xmlrpc_test import (
+from xmlrpc_test import (
    XMLRPC_test, fuzzy_digits, fuzzy_uuid, fuzzy_password,
-    Fuzzy, fuzzy_dergeneralizedtime, add_sid, add_oc, raises_exact)
+    fuzzy_string, fuzzy_dergeneralizedtime, add_sid, add_oc, raises_exact)
 from ipapython.dn import DN
-from ipapython.ipaldap import ldap_initialize

 from ipatests.test_xmlrpc.tracker.base import Tracker
 from ipatests.test_xmlrpc.tracker.group_plugin import GroupTracker
@@ -57,7 +55,7 @@ sshpubkey = (u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6X'
             'cSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM01'
             '9Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF'
             '0L public key test')
-sshpubkeyfp = (u'SHA256:cStA9o5TRSARbeketEOooMUMSWRSsArIAXloBZ4vNsE '
+sshpubkeyfp = (u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B '
               'public key test (ssh-rsa)')

 validlanguages = {
@@ -77,14 +75,7 @@ invalid_expiration_string = "2020-12-07 19:54:13"
 expired_expiration_string = "1991-12-07T19:54:13Z"

 # Date in ISO format (2013-12-10T12:00:00)
-isodate_re = re.compile(r'^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$')
-
-
-@pytest.fixture(scope='class')
-def user_min(request):
-    """ User tracker fixture for testing user with uid no specified """
-    tracker = UserTracker(givenname=u'Testmin', sn=u'Usermin')
-    return tracker.make_fixture(request)
+isodate_re = re.compile('^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$')


@pytest.fixture(scope='class')
@@ -139,19 +130,6 @@ def user_npg2(request, group):
    return tracker.make_fixture(request)


-@pytest.fixture(scope='class')
-def user_radius(request):
-    """ User tracker fixture for testing users with radius user name """
-    tracker = UserTracker(name=u'radiususer', givenname=u'radiususer',
-                          sn=u'radiususer1',
-                          ipatokenradiususername=u'radiususer')
-    tracker.track_create()
-    tracker.attrs.update(
-        objectclass=objectclasses.user + [u'ipatokenradiusproxyuser']
-    )
-    return tracker.make_fixture(request)
-
-
@pytest.fixture(scope='class')
 def group(request):
    tracker = GroupTracker(name=u'group1')
@@ -199,7 +177,6 @@ class TestNonexistentUser(XMLRPC_test):
 class TestUser(XMLRPC_test):
    def test_retrieve(self, user):
        """ Create user and try to retrieve it """
-        user.ensure_exists()
        user.retrieve()

    def test_delete(self, user):
@@ -234,42 +211,11 @@ class TestUser(XMLRPC_test):
        user.check_update(result)
        user.delete()

-    def test_find_cert(self, user):
-        """ Add a usercertificate and perform a user-find --certificate """
-        user_cert = (
-            u"MIICszCCAZugAwIBAgICM24wDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEChML\r\n"
-            "RVhBTVBMRS5PUkcxCzAJBgNVBAMTAkNBMB4XDTE3MDExOTEwMjUyOVoXDTE3M\r\n"
-            "DQxOTEwMjUyOVowFjEUMBIGA1UEAxMLc3RhZ2V1c2VyLTEwggEiMA0GCSqGSI\r\n"
-            "b3DQEBAQUAA4IBDwAwggEKAoIBAQCq03FRQQBvq4HwYMKP8USLZuOkKzuIs2V\r\n"
-            "Pt8k/+nO1dADrzMogKDiUDjCwYoG2UM/sj6P+PJUUCNDLh5eRRI+aR5VE5y2a\r\n"
-            "K95iCsj1ByDWrugAUXgr8GUUr+UbaGc0XxHCMnQBkYhzbXY3u91KYRRh5l3lx\r\n"
-            "RSICcVeJFJ/tiMS14Vsor1DWykHGz1wm0Zjwg1XDV3oea+uwrSz5Pa6RNPlgC\r\n"
-            "+GGW6B7+8qC2XdSSEwvY7y1SAGgqyOxN/FLwvqqMDNU0uX7fww587uZ57IfYz\r\n"
-            "b8Xn5DAprRFNk40FDc46rMlkPBT+Tij1I0jedD8h2e6WEa7JRU6SGToYDbRm4\r\n"
-            "RL9xAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHqm1jXzYer9oSjYs9qh1jWpM\r\n"
-            "vTcN+0/z1uuX++Wezh3lG7IzYtypbZNxlXDECyrkUh+9oxzMJqdlZ562ko2br\r\n"
-            "uK6X5csbbM9uVsUva8NCsPPfZXDhrYaMKFvQGFY4pO3uhFGhccob037VN5Ifm\r\n"
-            "aKGM8aJ40cw2PQh38QPDdemizyVCThQ9Pcr+WgWKiG+t2Gd9NldJRLEhky0bW\r\n"
-            "2fc4zWZVbGq5nFXy1k+d/bgkHbVzf255eFZOKKy0NgZwig+uSlhVWPJjS4Z1w\r\n"
-            "LbpBKxTZp/xD0yEARs0u1ZcCELO/BkgQM50EDKmahIM4mdCs/7j1B/DdWs2i3\r\n"
-            "5lnbjxYYiUiyA=")
-        user.ensure_exists()
-        user.update(dict(usercertificate=user_cert),
-                    expected_updates=dict(
-                        usercertificate=[base64.b64decode(user_cert)])
-                    )
-        command = user.make_find_command(uid=user.name,
-                                         usercertificate=user_cert)
-        res = command()['result']
-        assert len(res) == 1
-        user.delete()
-

@pytest.mark.tier1
 class TestFind(XMLRPC_test):
    def test_find(self, user):
        """ Basic check of user-find """
-        user.ensure_exists()
        user.find()

    def test_find_with_all(self, user):
@@ -285,44 +231,6 @@ class TestFind(XMLRPC_test):
        result = command()
        user.check_find(result, pkey_only=True)

-    def test_find_enabled_user(self, user):
-        """Test user-find --disabled=False with enabled user"""
-        user.ensure_exists()
-        command = user.make_find_command(
-            uid=user.uid, pkey_only=True, nsaccountlock=False)
-        result = command()
-        user.check_find(result, pkey_only=True)
-
-    def test_negative_find_enabled_user(self, user):
-        """Test user-find --disabled=True with enabled user, shouldn't
-        return any result"""
-        user.ensure_exists()
-        command = user.make_find_command(
-            uid=user.uid, pkey_only=True, nsaccountlock=True)
-        result = command()
-        user.check_find_nomatch(result)
-
-    def test_find_disabled_user(self, user):
-        """Test user-find --disabled=True with disabled user"""
-        user.ensure_exists()
-        user.disable()
-        command = user.make_find_command(
-            uid=user.uid, pkey_only=True, nsaccountlock=True)
-        result = command()
-        user.check_find(result, pkey_only=True)
-        user.enable()
-
-    def test_negative_find_disabled_user(self, user):
-        """Test user-find --disabled=False with disabled user, shouldn't
-        return any results"""
-        user.ensure_exists()
-        user.disable()
-        command = user.make_find_command(
-            uid=user.uid, pkey_only=True, nsaccountlock=False)
-        result = command()
-        user.check_find_nomatch(result)
-        user.enable()
-

@pytest.mark.tier1
 class TestActive(XMLRPC_test):
@@ -408,10 +316,24 @@ class TestUpdate(XMLRPC_test):
        renameduser.ensure_missing()
        olduid = user.uid

-        user.update(updates=dict(rename=renameduser.uid))
+        # using user.update(dict(uid=value)) results in
+        # OverlapError: overlapping arguments and options: ['uid']
+        user.attrs.update(uid=[renameduser.uid])
+        command = user.make_update_command(
+            updates=dict(setattr=(u'uid=%s' % renameduser.uid))
+        )
+        result = command()
+        user.check_update(result)
+        user.uid = renameduser.uid

        # rename the test user back so it gets properly deleted
-        user.update(updates=dict(rename=olduid))
+        user.attrs.update(uid=[olduid])
+        command = user.make_update_command(
+            updates=dict(setattr=(u'uid=%s' % olduid))
+        )
+        result = command()
+        user.check_update(result)
+        user.uid = olduid

    def test_rename_to_the_same_value(self, user):
        """ Try to rename user to the same value """
@@ -492,24 +414,9 @@ class TestUpdate(XMLRPC_test):
                error=u'may only include letters, numbers, _, -, . and $')):
            command()

-    def test_add_radius_username(self, user):
-        """ Test for ticket 7569: Try to add --radius-username """
-        user.ensure_exists()
-        command = user.make_update_command(
-            updates=dict(ipatokenradiususername=u'radiususer')
-        )
-        command()
-        user.delete()
-

@pytest.mark.tier1
 class TestCreate(XMLRPC_test):
-    def test_create_user_with_min_values(self, user_min):
-        """ Create user with uid not specified """
-        user_min.ensure_missing()
-        command = user_min.make_create_command()
-        command()
-
    def test_create_with_krb_ticket_policy(self):
        """ Try to create user with krbmaxticketlife set """
        testuser = UserTracker(
@@ -576,7 +483,7 @@ class TestCreate(XMLRPC_test):
        testuser.attrs.update(
            randompassword=fuzzy_password,
            has_keytab=True, has_password=True,
-            krbextradata=[Fuzzy(type=bytes)],
+            krbextradata=[fuzzy_string],
            krbpasswordexpiration=[fuzzy_dergeneralizedtime],
            krblastpwdchange=[fuzzy_dergeneralizedtime]
        )
@@ -697,32 +604,6 @@ class TestCreate(XMLRPC_test):
        with raises_exact(errors.ManagedGroupExistsError(group=group.cn)):
            command()

-    def test_create_with_username_starting_with_numeric(self):
-        """Successfully create a user with name starting with numeric chars"""
-        testuser = UserTracker(
-            name=u'1234user', givenname=u'First1234', sn=u'Surname1234',
-        )
-        testuser.create()
-        testuser.delete()
-
-    def test_create_with_numeric_only_username(self):
-        """Try to create a user with name only contains numeric chars"""
-        testuser = UserTracker(
-            name=u'1234', givenname=u'NumFirst1234', sn=u'NumSurname1234',
-        )
-        with raises_exact(errors.ValidationError(
-                name=u'login',
-                error=u'may only include letters, numbers, _, -, . and $',
-        )):
-            testuser.create()
-
-    def test_create_with_radius_username(self, user_radius):
-        """Test for issue 7569: try to create a user with --radius-username"""
-        command = user_radius.make_create_command()
-        result = command()
-        user_radius.check_create(result)
-        user_radius.delete()
-

@pytest.mark.tier1
 class TestUserWithGroup(XMLRPC_test):
@@ -759,13 +640,18 @@ class TestUserWithGroup(XMLRPC_test):
            if its manager is also renamed """
        renamed_name = u'renamed_npg2'
        old_name = user_npg2.uid
-
-        user_npg2.update(updates=dict(rename=renamed_name))
-
+        command = user_npg2.make_update_command(dict(rename=renamed_name))
+        result = command()
+        user_npg2.attrs.update(uid=[renamed_name])
+        user_npg2.check_update(result)
        user_npg.attrs.update(manager=[renamed_name])
        user_npg.retrieve(all=True)

-        user_npg2.update(updates=dict(rename=old_name))
+        command = user_npg2.make_command(
+            'user_mod', renamed_name, **dict(rename=old_name)
+        )
+        # we rename the user back otherwise the tracker is too confused
+        result = command()

    def test_check_if_manager_gets_removed(self, user_npg, user_npg2):
        """ Delete manager and check if it's gone from user's attributes """
@@ -805,7 +691,7 @@ class TestManagers(XMLRPC_test):
        """ Find user by his manager's UID """
        command = user.make_find_command(manager=user2.uid)
        result = command()
-        user.check_find(result)
+        user.check_find(result, expected_override=dict(manager=[user2.uid]))

    def test_delete_both_user_and_manager(self, user, user2):
        """ Delete both user and its manager at once """
@@ -920,9 +806,8 @@ class TestPrincipals(XMLRPC_test):
        )

        command = testuser.make_create_command()
-        with raises_exact(errors.ConversionError(
-                name='principal', error="Malformed principal: '{}'".format(
-                    testuser.kwargs['krbprincipalname']))):
+        with raises_exact(errors.MalformedUserPrincipal(
+                principal=u'tuser1@BAD@NOTFOUND.ORG')):
            command()

    def test_set_principal_expiration(self, user):
@@ -993,9 +878,8 @@ class TestDeniedBindWithExpiredPrincipal(XMLRPC_test):
    def setup_class(cls):
        super(TestDeniedBindWithExpiredPrincipal, cls).setup_class()

-        cls.connection = ldap_initialize(
-            'ldap://{host}'.format(host=api.env.host)
-        )
+        cls.connection = ldap.initialize('ldap://{host}'
+                                         .format(host=api.env.host))

    @classmethod
    def teardown_class(cls):
@@ -1070,8 +954,6 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[],
        uid=[uid],
        uidnumber=[fuzzy_digits],
        gidnumber=[fuzzy_digits],
-        krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
-        krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
        mail=[u'%s@%s' % (uid, api.env.domain)],
        has_keytab=False,
        has_password=False,
@@ -1094,7 +976,6 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[],
            mepmanagedentry=[get_group_dn(uid)],
            objectclass=add_oc(objectclasses.user, u'ipantuserattrs'),
            krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
-            krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)]
        )
    if operation in ('show', 'show-all', 'find', 'mod'):
        result.update(