From efe0ad448f1b58e14199e9a8da82a924acf3ddda Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 1 Feb 2022 16:02:20 +0100 Subject: [PATCH 01/10] Combination: accept "stop()" from authentication backends (#2660) --- .../Lemonldap/NG/Portal/Auth/Combination.pm | 48 +++++++++++++++---- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 2c2117e8f3..933b4f83fe 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -3,12 +3,17 @@ package Lemonldap::NG::Portal::Auth::Combination; use strict; use Mouse; use Lemonldap::NG::Common::Combination::Parser; -use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FIRSTACCESS); +use Lemonldap::NG::Portal::Main::Constants qw( + PE_CONFIRM + PE_ERROR + PE_FIRSTACCESS + PE_FORMEMPTY + PE_OK +); use Scalar::Util 'weaken'; our $VERSION = '2.0.12'; -# TODO: See Lib::Wrapper extends 'Lemonldap::NG::Portal::Main::Auth'; with 'Lemonldap::NG::Portal::Lib::OverConf'; @@ -231,13 +236,14 @@ sub try { return PE_ERROR; } + my $stop = 0; if ( $nb < @$stack - 1 ) { # TODO: change logLevel for userLog() ( $res, $name ) = $stack->[$nb]->[$type]->( $subname, $req, @args ); # On error, restart authentication with next scheme - if ( $res > PE_OK ) { + unless ( $stop = $self->stop( $stack->[$nb]->[$type], $res ) ) { $self->logger->info(qq'Scheme "$name" returned $res, trying next'); $req->data->{dataKeep}->{combinationTry}++; $req->steps( [ @{ $req->data->{combinationSteps} } ] ); @@ -251,11 +257,17 @@ sub try { $req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name; $req->sessionInfo->{_combinationTry} = $req->data->{dataKeep}->{combinationTry}; - if ( $res > 0 and $res != PE_FIRSTACCESS ) { - $self->userLogger->warn( 'All schemes failed' - . ( $req->user ? ' for user ' . $req->user : '' ) . ' (' - . $req->address - . ')' ); + if ( $res > 0 ) { + if ($stop) { + $self->userLogger->info( + "Combination stopped by plugin $name (code $res)"); + } + elsif ( $res != PE_FIRSTACCESS ) { + $self->userLogger->warn( 'All schemes failed' + . ( $req->user ? ' for user ' . $req->user : '' ) . ' (' + . $req->address + . ')' ); + } } return $res; } @@ -269,6 +281,26 @@ sub name { || 'Combination'; } +sub stop { + my ( $self, $mod, $res ) = @_; + return 1 + if ( + $res <= 0 # PE_OK + or $res == PE_CONFIRM + + # TODO: adding this may generate behavior change + #or $res == PE_FIRSTACCESS + #or $res == PE_FORMEMPTY + ); + my $ret; + eval { $ret = $mod->( 'stop', $res ) }; + if ($@) { + $self->logger->debug( 'Trying to call optional stop: ' . $@ ); + return 0; + } + return $ret; +} + package Lemonldap::NG::Portal::Lib::Combination::UserLogger; # This logger rewrite "warn" to "notice" -- GitLab From de79fc49b08551a1b2c986cc6208a46d56091cf7 Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 1 Feb 2022 16:11:16 +0100 Subject: [PATCH 02/10] Reintroduce stop() method in LDAP/AD backends (#2660) --- .../lib/Lemonldap/NG/Portal/Auth/AD.pm | 20 +++++++++++++++++-- .../lib/Lemonldap/NG/Portal/Auth/LDAP.pm | 14 +++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm index 7a85339630..200e244072 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm @@ -5,8 +5,12 @@ package Lemonldap::NG::Portal::Auth::AD; use strict; use Mouse; -use Lemonldap::NG::Portal::Main::Constants - qw(PE_OK PE_PP_PASSWORD_EXPIRED PE_PP_CHANGE_AFTER_RESET PE_BADCREDENTIALS); +use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_PP_PASSWORD_EXPIRED + PE_PP_CHANGE_AFTER_RESET + PE_BADCREDENTIALS +); our $VERSION = '2.0.6'; @@ -158,4 +162,16 @@ sub authenticate { return $res; } +# Define which error codes will stop Combination process +# @param res error code +# @return result 1 if stop is needed +sub stop { + my ( $self, $res ) = @_; + + return 1 + if ( $res == PE_PP_PASSWORD_EXPIRED + or $res == PE_PP_CHANGE_AFTER_RESET ); + return 0; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm index 9255730c1c..25f22dfd47 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm @@ -7,6 +7,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_DONE PE_ERROR PE_LDAPCONNECTFAILED + PE_PP_ACCOUNT_LOCKED PE_PP_PASSWORD_EXPIRED PE_PP_CHANGE_AFTER_RESET ); @@ -99,4 +100,17 @@ sub authLogout { return PE_OK; } +# Define which error codes will stop Combination process +# @param res error code +# @return result 1 if stop is needed +sub stop { + my ( $self, $res ) = @_; + + return 1 + if ( $res == PE_PP_PASSWORD_EXPIRED + or $res == PE_PP_ACCOUNT_LOCKED + or $res == PE_PP_CHANGE_AFTER_RESET ); + return 0; +} + 1; -- GitLab From 50f25a9116b66b86fcac26d3e2a8b68f68473090 Mon Sep 17 00:00:00 2001 From: Yadd Date: Wed, 2 Feb 2022 11:08:02 +0100 Subject: [PATCH 03/10] Fix stop() debug (#2660) --- .../lib/Lemonldap/NG/Portal/Auth/Combination.pm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 933b4f83fe..6fc1f27ec3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -293,10 +293,12 @@ sub stop { #or $res == PE_FORMEMPTY ); my $ret; - eval { $ret = $mod->( 'stop', $res ) }; - if ($@) { - $self->logger->debug( 'Trying to call optional stop: ' . $@ ); - return 0; + if ( $mod->( 'can', 'stop' ) ) { + eval { $ret = $mod->( 'stop', $res ) }; + if ($@) { + $self->logger->error( 'Optional stop() method failed: ' . $@ ); + return 0; + } } return $ret; } -- GitLab From 0df2d6dd30a3a6f9e612733010f11ff0ba42373d Mon Sep 17 00:00:00 2001 From: Yadd Date: Wed, 2 Feb 2022 11:32:56 +0100 Subject: [PATCH 04/10] No more display stop() errors --- .../lib/Lemonldap/NG/Portal/Auth/Combination.pm | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 6fc1f27ec3..f66f600108 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -293,12 +293,11 @@ sub stop { #or $res == PE_FORMEMPTY ); my $ret; - if ( $mod->( 'can', 'stop' ) ) { - eval { $ret = $mod->( 'stop', $res ) }; - if ($@) { - $self->logger->error( 'Optional stop() method failed: ' . $@ ); - return 0; - } + eval { $ret = $mod->( 'stop', $res ) }; + if ($@) { + + #$self->logger->error( 'Optional stop() method failed: ' . $@ ); + return 0; } return $ret; } -- GitLab From 00bf4a0d1a65552cbb2fb99ded95002fedec4eac Mon Sep 17 00:00:00 2001 From: Yadd Date: Wed, 2 Feb 2022 11:38:01 +0100 Subject: [PATCH 05/10] Add default stop() method for all Auth modules --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Auth.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Auth.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Auth.pm index 6088175cc6..5b270d9280 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Auth.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Auth.pm @@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Main::Auth; use strict; use Mouse; -our $VERSION = '2.0.0'; +our $VERSION = '2.0.14'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -11,4 +11,6 @@ extends 'Lemonldap::NG::Portal::Main::Plugin'; has authnLevel => ( is => 'rw' ); +sub stop {0} + 1; -- GitLab From 27df15774d1bf18b1d199ed91b95346694bab2b4 Mon Sep 17 00:00:00 2001 From: Yadd Date: Wed, 2 Feb 2022 12:21:09 +0100 Subject: [PATCH 06/10] Fix stop() call (#2660) --- .../lib/Lemonldap/NG/Portal/Auth/Combination.pm | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index f66f600108..d3c41406a8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -292,12 +292,16 @@ sub stop { #or $res == PE_FIRSTACCESS #or $res == PE_FORMEMPTY ); - my $ret; - eval { $ret = $mod->( 'stop', $res ) }; - if ($@) { - - #$self->logger->error( 'Optional stop() method failed: ' . $@ ); - return 0; + my ( $ret, $name ); + ( $ret, $name ) = $mod->( 'can', 'stop' ); + if ($ret) { + eval { ( $ret, $name ) = $mod->( 'stop', $res ) }; + if ($@) { + + $self->logger->error( + "Optional ${name}::stop() method failed: " . $@ ); + return 0; + } } return $ret; } -- GitLab From bf463b82afcbea1b0501e1b1038587f3c938d8b8 Mon Sep 17 00:00:00 2001 From: Yadd Date: Wed, 2 Feb 2022 18:38:07 +0100 Subject: [PATCH 07/10] Combination: clarify result values (#2660) --- .../lib/Lemonldap/NG/Common/Combination/Parser.pm | 15 ++++++++++----- .../lib/Lemonldap/NG/Portal/Auth/Combination.pm | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm index fd3501db38..362c6abc4c 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm @@ -92,10 +92,12 @@ sub parseAnd { $str{$r}++; } else { - return ( $r, $name ) unless ( $r == PE_OK ); + return ( wantarray ? ( $r, $name ) : $r ) + unless ( $r == PE_OK ); } } - return ( ( %str ? join( ',', keys %str ) : PE_OK ), $expr ); + my $res = %str ? join( ',', keys %str ) : PE_OK; + return wantarray ? ( $res, $expr ) : $res; }; } return \@res; @@ -135,7 +137,8 @@ sub parseMod { my ($m) = @mods; return sub { my $sub = shift; - return ( $m->$sub(@_), $expr ); + my $res = $m->$sub(@_); + return wantarray ? ( $res, $expr ) : $res; }; } return sub { @@ -149,10 +152,12 @@ sub parseMod { $str{$res}++; } else { - return ( $res, $list[$i] ) unless ( $res == PE_OK ); + return ( wantarray ? ( $res, $list[$i] ) : $res ) + unless ( $res == PE_OK ); } } - return ( ( %str ? join( ',', keys %str ) : PE_OK ), $expr ); + my $res = %str ? join( ',', keys %str ) : PE_OK; + return wantarray ? ( $res, $expr ) : $res; }; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index d3c41406a8..980c195637 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -131,7 +131,7 @@ sub getDisplayType { $req->data->{dataKeep}->{combinationTry}, $req->data->{combinationStack} ); - my ( $res, $name ) = $stack->[$nb]->[0]->( 'getDisplayType', @_ ); + my $res = $stack->[$nb]->[0]->( 'getDisplayType', @_ ); return $res; } @@ -293,7 +293,7 @@ sub stop { #or $res == PE_FORMEMPTY ); my ( $ret, $name ); - ( $ret, $name ) = $mod->( 'can', 'stop' ); + $ret = $mod->( 'can', 'stop' ); if ($ret) { eval { ( $ret, $name ) = $mod->( 'stop', $res ) }; if ($@) { -- GitLab From e883860891b0b781b15c2d9f3a79ba2a7e2c2003 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 2 Feb 2022 19:08:26 +0100 Subject: [PATCH 08/10] Add PE_PASSWORD_OK to stopping cases (#2660) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 980c195637..156fcbd818 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -8,6 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_ERROR PE_FIRSTACCESS PE_FORMEMPTY + PE_PASSWORD_OK PE_OK ); use Scalar::Util 'weaken'; @@ -287,6 +288,7 @@ sub stop { if ( $res <= 0 # PE_OK or $res == PE_CONFIRM + or $res == PE_PASSWORD_OK # TODO: adding this may generate behavior change #or $res == PE_FIRSTACCESS -- GitLab From 39570ee3658a8651bd3d82e4fa20cf1f989584b0 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 2 Feb 2022 19:08:47 +0100 Subject: [PATCH 09/10] Add unit test for #2660 --- .../t/21-Auth-LDAP-Policy-Combination.t | 264 ++++++++++++++++++ 1 file changed, 264 insertions(+) create mode 100644 lemonldap-ng-portal/t/21-Auth-LDAP-Policy-Combination.t diff --git a/lemonldap-ng-portal/t/21-Auth-LDAP-Policy-Combination.t b/lemonldap-ng-portal/t/21-Auth-LDAP-Policy-Combination.t new file mode 100644 index 0000000000..6ba029f8c1 --- /dev/null +++ b/lemonldap-ng-portal/t/21-Auth-LDAP-Policy-Combination.t @@ -0,0 +1,264 @@ +use Test::More; +use strict; +use IO::String; + +require 't/test-lib.pm'; + +use lib 't/lib'; + +my $res; +my $maintests = 42; + +SKIP: { + skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} ); + require 't/test-ldap.pm'; + + my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + useSafeJail => 1, + portal => 'http://auth.example.com/', + authentication => 'Combination', + userDB => 'Same', + passwordDB => 'LDAP', + combModules => { + 'LDAP' => { 'for' => 0, 'type' => 'LDAP' }, + 'Demo' => { 'for' => 0, 'type' => 'Demo' } + }, + combination => '[LDAP, LDAP] or [Demo, Demo]', + portalRequireOldPassword => 1, + ldapServer => 'ldap://127.0.0.1:19389/', + ldapBase => 'ou=users,dc=example,dc=com', + managerDn => 'cn=lemonldapng,ou=dsa,dc=example,dc=com', + managerPassword => 'lemonldapng', + ldapAllowResetExpiredPassword => 1, + ldapPpolicyControl => 1, + passwordPolicyMinSize => 4, + passwordPolicyMinLower => 1, + passwordPolicyMinUpper => 1, + passwordPolicyMinDigit => 1, + passwordPolicyMinSpeChar => 1, + passwordPolicySpecialChar => '__ALL__', + portalDisplayPasswordPolicy => 1, + whatToTrace => 'uid', + macros => { + _whatToTrace => '' # Test 2377 + }, + } + } + ); + use Lemonldap::NG::Portal::Main::Constants qw( + PE_PASSWORD_OK + PE_PP_ACCOUNT_LOCKED + PE_PP_PASSWORD_EXPIRED + PE_PP_CHANGE_AFTER_RESET + PE_PP_PASSWORD_TOO_SHORT PE_PP_GRACE + ); + + my ( $user, $code, $postString, $match ); + + # 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED + # ------------------------------------------------------------ + foreach my $tpl ( + [ 'reset', PE_PP_CHANGE_AFTER_RESET ], + [ 'expire', PE_PP_PASSWORD_EXPIRED ] + ) + { + $user = $tpl->[0]; + $code = $tpl->[1]; + $postString = "user=$user&password=$user"; + + # Try to authenticate + # ------------------- + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + accept => 'text/html', + ), + 'Auth query' + ); + $match = 'trmsg="' . $code . '"'; + ok( $res->[2]->[0] =~ /$match/, "Code is $code" ); + + #open F, '>../e2e-tests/conf/portal/result.html' or die $!; + #print F $res->[2]->[0]; + #close F; + my ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'oldpassword', 'newpassword', + 'confirmpassword' ); + ok( + $res->[2]->[0] =~ + m%%, + ' Hidden user input found' + ) or print STDERR Dumper( $res->[2]->[0], 'Hidden user input' ); + ok( + $res->[2]->[0] =~ +m%[2]->[0], 'oldpassword input' ); + ok( + $res->[2]->[0] =~ +m%%, + ' staticUser found' + ) or print STDERR Dumper( $res->[2]->[0], 'staticUser' ); + ok( $res->[2]->[0] =~ m%%, + ' passwordPolicyMinSize' ) + or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSize' ); + ok( $res->[2]->[0] =~ m%%, + ' passwordPolicyMinLower' ) + or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinLower' ); + ok( $res->[2]->[0] =~ m%%, + ' passwordPolicyMinUpper' ) + or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinUpper' ); + ok( $res->[2]->[0] =~ m%%, + ' passwordPolicyMinDigit' ) + or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinDigit' ); + ok( $res->[2]->[0] =~ m%%, + ' passwordPolicyMinSpeChar' ) + or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSpeChar' ); + ok( $res->[2]->[0] !~ m%%, + ' passwordPolicySpecialChar' ) + or print STDERR Dumper( $res->[2]->[0], 'passwordPolicySpecialChar' ); + ok( $query =~ /user=$user/, "User is $user" ) + or explain( $query, "user=$user" ); + + #$query =~ s/(oldpassword)=/$1=$user/g; -> Now old password is defined #2377 + $query =~ s/((?:confirm|new)password)=/$1=Newp1@/g; + + ok( + $res = $client->_post( + '/', IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post new password' + ); + $match = 'trmsg="' . PE_PASSWORD_OK . '"'; + ok( $res->[2]->[0] =~ /$match/, 'Password is changed' ); + + $postString = "user=$user&password=Newp1@"; + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + ), + 'Auth query' + ); + expectCookie($res) or print STDERR Dumper($res); + } + + # 2 - TEST PE_PP_GRACE + # ------------------------- + $user = 'grace'; + $code = "ppGrace"; + $postString = "user=$user&password=$user"; + + # Try to authenticate + # ------------------- + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + accept => 'text/html', + ), + 'Auth query' + ); + $match = 'trspan="' . $code . '"'; + ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' ); + + # 3 - TEST PE_PP_ACCOUNT_LOCKED + # ------------------------- + $user = 'lock'; + $code = PE_PP_ACCOUNT_LOCKED; + $postString = "user=$user&password=$user"; + + # Try to authenticate + # ------------------- + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + accept => 'text/html', + ), + 'Auth query' + ); + $match = 'trmsg="' . $code . '"'; + ok( $res->[2]->[0] =~ /$match/, 'Account is locked' ); + + # Try to change anyway + my $query = + 'user=lock&oldpassword=lock&newpassword=newp&confirmpassword=newp'; + ok( + $res = $client->_post( + '/', IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post new password' + ); + $match = 'trmsg="' . PE_PASSWORD_OK . '"'; + ok( $res->[2]->[0] !~ /$match/s, 'Password is not changed' ); + + # 4 - TEST PE_PP_PASSWORD_TOO_SHORT + # --------------------------------- + $user = 'short'; + $code = PE_PP_PASSWORD_TOO_SHORT; + $postString = "user=$user&password=passwordnottooshort"; + + # Try to authenticate + # ------------------- + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + accept => 'text/html', + ), + 'Auth query' + ); + my $id = expectCookie($res); + $query = + 'oldpassword=passwordnottooshort&newpassword=Te1@&confirmpassword=Te1@'; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + cookie => "lemonldap=$id", + accept => 'text/html', + length => length($query), + ), + 'Change password' + ); + $match = 'trmsg="' . PE_PP_PASSWORD_TOO_SHORT . '"'; + ok( $res->[2]->[0] =~ /$match/s, 'Password is not changed' ); + + # Verify that password isn't changed + $client->logout($id); + ok( + $res = $client->_post( + '/', IO::String->new($postString), + length => length($postString), + accept => 'text/html', + ), + 'Auth query' + ); + $id = expectCookie($res); + $query = +'oldpassword=passwordnottooshort&newpassword=Testmore1@&confirmpassword=Testmore1@'; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + cookie => "lemonldap=$id", + accept => 'text/html', + length => length($query), + ), + 'Change password' + ); + $match = 'trmsg="' . PE_PASSWORD_OK . '"'; + ok( $res->[2]->[0] =~ /$match/s, 'Password is changed' ); +} +count($maintests); +clean_sessions(); +stopLdapServer() if $ENV{LLNGTESTLDAP}; +done_testing( count() ); -- GitLab From 42f3697a0655555ce38975db0ce13cdfd20fb2ca Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 3 Feb 2022 11:20:47 +0100 Subject: [PATCH 10/10] Fix versions --- .../lib/Lemonldap/NG/Common/Combination/Parser.pm | 2 +- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm | 2 +- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm | 2 +- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm index 362c6abc4c..58e49b253d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm @@ -5,7 +5,7 @@ use Mouse; use Safe; use constant PE_OK => 0; -our $VERSION = '2.0.6'; +our $VERSION = '2.0.14'; # Handle "if then else" (used during init) # return a sub that can be called with ($req) to get a [array] of combination diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm index 200e244072..daff4c99fd 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm @@ -12,7 +12,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_BADCREDENTIALS ); -our $VERSION = '2.0.6'; +our $VERSION = '2.0.14'; extends 'Lemonldap::NG::Portal::Auth::LDAP'; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 156fcbd818..a27c53685e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -13,7 +13,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( ); use Scalar::Util 'weaken'; -our $VERSION = '2.0.12'; +our $VERSION = '2.0.14'; extends 'Lemonldap::NG::Portal::Main::Auth'; with 'Lemonldap::NG::Portal::Lib::OverConf'; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm index 25f22dfd47..08af902e49 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm @@ -12,7 +12,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_PP_CHANGE_AFTER_RESET ); -our $VERSION = '2.0.10'; +our $VERSION = '2.0.14'; # Inheritance: UserDB::LDAP provides all needed ldap functions extends qw( -- GitLab