From 11064322dbb2739afee00e51df9f3537d8ea9035 Mon Sep 17 00:00:00 2001
From: kakwa <carpentier.pf@gmail.com>
Date: Mon, 13 Jul 2015 09:10:36 +0200
Subject: [PATCH] adding check for reserved password keys

---
 ldapcherry/attributes.py         | 10 +++++++++-
 ldapcherry/exceptions.py         |  9 +++++++++
 tests/cfg/attribute_pwderror.yml | 32 ++++++++++++++++++++++++++++++++
 tests/test_Attributes.py         | 10 +++++++++-
 4 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 tests/cfg/attribute_pwderror.yml

diff --git a/ldapcherry/attributes.py b/ldapcherry/attributes.py
index deba124..1bf6602 100644
--- a/ldapcherry/attributes.py
+++ b/ldapcherry/attributes.py
@@ -39,7 +39,15 @@ class Attributes:
             self._mandatory_check(attrid)
             attr = self.attributes[attrid]
             if not attr['type'] in types:
-                raise WrongAttributeType(attr['type'], attrid, attributes_file)
+                raise WrongAttributeType(
+                    attr['type'],
+                    attrid,
+                    attributes_file
+                    )
+            if attr['type'] == 'password':
+                if attrid + '1' in self.attributes or \
+                        attrid + '2' in self.attributes:
+                    raise PasswordAttributesCollision(attrid)
             if 'self' in attr and attr['self']:
                 self.self_attributes[attrid] = attr
             if 'key' in attr and attr['key']:
diff --git a/ldapcherry/exceptions.py b/ldapcherry/exceptions.py
index 80d29d4..3372b07 100644
--- a/ldapcherry/exceptions.py
+++ b/ldapcherry/exceptions.py
@@ -149,3 +149,12 @@ class WrongAttributeType(Exception):
             " in section '%(section)s'" \
             " inside file '%(ymlfile)s'" % \
             {'key': key, 'section': section, 'ymlfile': ymlfile}
+
+
+class PasswordAttributesCollision(Exception):
+    def __init__(self, key):
+        self.key = key
+        self.log = \
+            "key '" + key + "' type is password," \
+            " keys '" + key + "1' and '" + key + "2'"\
+            " are reserved and cannot be used"
diff --git a/tests/cfg/attribute_pwderror.yml b/tests/cfg/attribute_pwderror.yml
new file mode 100644
index 0000000..a67d273
--- /dev/null
+++ b/tests/cfg/attribute_pwderror.yml
@@ -0,0 +1,32 @@
+uid:
+    description: "UID of the user"
+    display_name: "UID"
+    search_displayed: True
+    key: True
+    type: string
+    weight: 50
+    autofill: 
+        function: uid
+        args:
+            - $first-name
+            - $last-name
+    backends:
+        ldap: uid
+        ad: UID
+password1:
+    description: "Home user path"
+    display_name: "Home"
+    weight: 90
+    type: string
+    backends:
+        ldap: home
+        ad: Home
+password:
+    description: "Password of the user"
+    display_name: "Password"
+    weight: 31
+    self: True
+    type: password
+    backends:
+        ldap: userPassword
+        ad: userPassword
diff --git a/tests/test_Attributes.py b/tests/test_Attributes.py
index 4ce888d..073cded 100644
--- a/tests/test_Attributes.py
+++ b/tests/test_Attributes.py
@@ -8,7 +8,7 @@ import pytest
 import sys
 from sets import Set
 from ldapcherry.attributes import Attributes
-from ldapcherry.exceptions import MissingAttributesFile, MissingKey, WrongAttributeType, WrongBackend
+from ldapcherry.exceptions import *
 from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError
 
 class TestError(object):
@@ -81,6 +81,14 @@ class TestError(object):
         else:
             raise AssertionError("expected an exception")
 
+    def testDuplicatePassword(self):
+        try:
+            inv = Attributes('./tests/cfg/attribute_pwderror.yml')
+        except PasswordAttributesCollision:
+            return
+        else:
+            raise AssertionError("expected an exception")
+
 #    def testGetDisplayName(self):
 #        inv = Attributes('./tests/cfg/attributes.yml')
 #        res = inv.get_display_name('users')