adding check for reserved password keys

2024-11-22 09:24:21 +01:00 · 2015-07-13 09:10:36 +02:00 · 2015-07-13 09:10:36 +02:00 · 11064322db
commit 11064322db
parent 054d361fe9
4 changed files with 59 additions and 2 deletions
--- a/ldapcherry/attributes.py
+++ b/ldapcherry/attributes.py
@ -39,7 +39,15 @@ class Attributes:
            self._mandatory_check(attrid)
            attr = self.attributes[attrid]
            if not attr['type'] in types:
-                raise WrongAttributeType(attr['type'], attrid, attributes_file)
+                raise WrongAttributeType(
+                    attr['type'],
+                    attrid,
+                    attributes_file
+                    )
+            if attr['type'] == 'password':
+                if attrid + '1' in self.attributes or \
+                        attrid + '2' in self.attributes:
+                    raise PasswordAttributesCollision(attrid)
            if 'self' in attr and attr['self']:
                self.self_attributes[attrid] = attr
            if 'key' in attr and attr['key']:
--- a/ldapcherry/exceptions.py
+++ b/ldapcherry/exceptions.py
@ -149,3 +149,12 @@ class WrongAttributeType(Exception):
            " in section '%(section)s'" \
            " inside file '%(ymlfile)s'" % \
            {'key': key, 'section': section, 'ymlfile': ymlfile}
+
+
+class PasswordAttributesCollision(Exception):
+    def __init__(self, key):
+        self.key = key
+        self.log = \
+            "key '" + key + "' type is password," \
+            " keys '" + key + "1' and '" + key + "2'"\
+            " are reserved and cannot be used"
--- a/tests/cfg/attribute_pwderror.yml
+++ b/tests/cfg/attribute_pwderror.yml
@ -0,0 +1,32 @@
+uid:
+    description: "UID of the user"
+    display_name: "UID"
+    search_displayed: True
+    key: True
+    type: string
+    weight: 50
+    autofill: 
+        function: uid
+        args:
+            - $first-name
+            - $last-name
+    backends:
+        ldap: uid
+        ad: UID
+password1:
+    description: "Home user path"
+    display_name: "Home"
+    weight: 90
+    type: string
+    backends:
+        ldap: home
+        ad: Home
+password:
+    description: "Password of the user"
+    display_name: "Password"
+    weight: 31
+    self: True
+    type: password
+    backends:
+        ldap: userPassword
+        ad: userPassword
--- a/tests/test_Attributes.py
+++ b/tests/test_Attributes.py
@ -8,7 +8,7 @@ import pytest
 import sys
 from sets import Set
 from ldapcherry.attributes import Attributes
-from ldapcherry.exceptions import MissingAttributesFile, MissingKey, WrongAttributeType, WrongBackend
+from ldapcherry.exceptions import *
 from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError

 class TestError(object):
@ -81,6 +81,14 @@ class TestError(object):
        else:
            raise AssertionError("expected an exception")

+    def testDuplicatePassword(self):
+        try:
+            inv = Attributes('./tests/cfg/attribute_pwderror.yml')
+        except PasswordAttributesCollision:
+            return
+        else:
+            raise AssertionError("expected an exception")
+
 #    def testGetDisplayName(self):
 #        inv = Attributes('./tests/cfg/attributes.yml')
 #        res = inv.get_display_name('users')