Commit 59a20ea0 authored by ale's avatar ale

Set AppSpecificPasswords on the user object (LDAP)

Add a test to verify at least the create/retrieve workflow.
parent 3df2db90
Pipeline #2994 passed with stages
in 5 minutes and 1 second
......@@ -127,14 +127,15 @@ func newUser(entry *ldap.Entry) (*as.RawUser, error) {
uidNumber, _ := strconv.Atoi(entry.GetAttributeValue(uidNumberLDAPAttr)) // nolint
user := &as.RawUser{
User: as.User{
Name: entry.GetAttributeValue("uid"),
Lang: entry.GetAttributeValue(preferredLanguageLDAPAttr),
UID: uidNumber,
Status: entry.GetAttributeValue("status"),
Shard: entry.GetAttributeValue("host"),
Name: entry.GetAttributeValue("uid"),
Lang: entry.GetAttributeValue(preferredLanguageLDAPAttr),
UID: uidNumber,
Status: entry.GetAttributeValue("status"),
Shard: entry.GetAttributeValue("host"),
LastPasswordChangeStamp: decodeShadowTimestamp(entry.GetAttributeValue(passwordLastChangeLDAPAttr)),
AccountRecoveryHint: entry.GetAttributeValue(recoveryHintLDAPAttr),
U2FRegistrations: decodeU2FRegistrations(entry.GetAttributeValues(u2fRegistrationsLDAPAttr)),
AppSpecificPasswords: getASPInfo(decodeAppSpecificPasswords(entry.GetAttributeValues(aspLDAPAttr))),
HasOTP: entry.GetAttributeValue(totpSecretLDAPAttr) != "",
},
// Remove the legacy LDAP {crypt} prefix on old passwords.
......@@ -254,7 +255,6 @@ func (tx *backendTX) GetUser(ctx context.Context, username string) (*as.RawUser,
}
}
user.AppSpecificPasswords = getASPInfo(decodeAppSpecificPasswords(entry.GetAttributeValues(aspLDAPAttr)))
user.Keys = decodeUserEncryptionKeys(
entry.GetAttributeValues(storagePrivateKeyLDAPAttr))
user.HasEncryptionKeys = (entry.GetAttributeValue(storagePublicKeyLDAPAttr) != "")
......
......@@ -200,3 +200,44 @@ func runAccountRecoveryTest(t *testing.T, username string, enableCache bool) *as
return checkUserInvariants(t, be, username, newPw)
}
func TestIntegration_AppSpecificPassword(t *testing.T) {
stop, _, c := startService(t)
defer stop()
username := "tre@investici.org"
var resp as.CreateApplicationSpecificPasswordResponse
err := c.request("/api/user/create_app_specific_password", &as.CreateApplicationSpecificPasswordRequest{
PrivilegedRequestBase: as.PrivilegedRequestBase{
UserRequestBase: as.UserRequestBase{
RequestBase: as.RequestBase{
SSO: c.ssoTicket(username),
},
Username: username,
},
CurPassword: "password",
},
Service: "service",
Notes: "notes",
}, &resp)
if err != nil {
t.Fatalf("CreateApplicationSpecificPassword failed: %v", err)
}
var user as.User
err = c.request("/api/user/get", &as.GetUserRequest{
UserRequestBase: as.UserRequestBase{
RequestBase: as.RequestBase{
SSO: c.ssoTicket(testAdminUser, testAdminGroup),
},
Username: username,
},
}, &user)
if err != nil {
t.Fatalf("GetUser error: %v", err)
}
if len(user.AppSpecificPasswords) == 0 {
t.Errorf("no ASPs were retrieved: %+v", user)
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment