adding check for reserved password keys

ldapcherry/attributes.py

@@ -39,7 +39,15 @@ class Attributes:
             self._mandatory_check(attrid)
             attr = self.attributes[attrid]
             if not attr['type'] in types:
-                raise WrongAttributeType(attr['type'], attrid, attributes_file)
+                raise WrongAttributeType(
+                    attr['type'],
+                    attrid,
+                    attributes_file
+                    )
+            if attr['type'] == 'password':
+                if attrid + '1' in self.attributes or \
+                        attrid + '2' in self.attributes:
+                    raise PasswordAttributesCollision(attrid)
             if 'self' in attr and attr['self']:
                 self.self_attributes[attrid] = attr
             if 'key' in attr and attr['key']:

ldapcherry/exceptions.py

@@ -149,3 +149,12 @@ class WrongAttributeType(Exception):
             " in section '%(section)s'" \
             " inside file '%(ymlfile)s'" % \
             {'key': key, 'section': section, 'ymlfile': ymlfile}
+
+
+class PasswordAttributesCollision(Exception):
+    def __init__(self, key):
+        self.key = key
+        self.log = \
+            "key '" + key + "' type is password," \
+            " keys '" + key + "1' and '" + key + "2'"\
+            " are reserved and cannot be used"

tests/cfg/attribute_pwderror.yml

@@ -0,0 +1,32 @@
+uid:
+    description: "UID of the user"
+    display_name: "UID"
+    search_displayed: True
+    key: True
+    type: string
+    weight: 50
+    autofill: 
+        function: uid
+        args:
+            - $first-name
+            - $last-name
+    backends:
+        ldap: uid
+        ad: UID
+password1:
+    description: "Home user path"
+    display_name: "Home"
+    weight: 90
+    type: string
+    backends:
+        ldap: home
+        ad: Home
+password:
+    description: "Password of the user"
+    display_name: "Password"
+    weight: 31
+    self: True
+    type: password
+    backends:
+        ldap: userPassword
+        ad: userPassword

tests/test_Attributes.py

@@ -8,7 +8,7 @@ import pytest
 import sys
 from sets import Set
 from ldapcherry.attributes import Attributes
-from ldapcherry.exceptions import MissingAttributesFile, MissingKey, WrongAttributeType, WrongBackend
+from ldapcherry.exceptions import *
 from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError
 
 class TestError(object):
@@ -81,6 +81,14 @@ class TestError(object):
         else:
             raise AssertionError("expected an exception")
 
+    def testDuplicatePassword(self):
+        try:
+            inv = Attributes('./tests/cfg/attribute_pwderror.yml')
+        except PasswordAttributesCollision:
+            return
+        else:
+            raise AssertionError("expected an exception")
+
 #    def testGetDisplayName(self):
 #        inv = Attributes('./tests/cfg/attributes.yml')
 #        res = inv.get_display_name('users')