You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/06/20 17:52:26 UTC

[09/15] git commit: [#7432] ticket:598 Password expiration for LDAP provider

[#7432] ticket:598 Password expiration for LDAP provider


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/90035805
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/90035805
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/90035805

Branch: refs/heads/master
Commit: 9003580505d40bb68274149b0b6222029373fe32
Parents: 5488d3a
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu Jun 5 09:21:28 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Jun 20 15:45:57 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py                     |  5 ++++
 .../tests/unit/test_ldap_auth_provider.py       | 30 ++++++++++++++++++++
 2 files changed, 35 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/90035805/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index b6b9986..344dc6b 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -469,6 +469,8 @@ class LdapAuthenticationProvider(AuthenticationProvider):
             con.modify_s(
                 dn, [(ldap.MOD_REPLACE, 'userPassword', new_password)])
             con.unbind_s()
+            user.last_password_updated = datetime.utcnow()
+            session(user).flush(user)
         except ldap.INVALID_CREDENTIALS:
             raise exc.HTTPUnauthorized()
 
@@ -522,6 +524,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
     def disable_user(self, user):
         return LocalAuthenticationProvider(None).disable_user(user)
 
+    def get_last_password_updated(self, user):
+        return LocalAuthenticationProvider(None).get_last_password_updated(user)
+
 
 class ProjectRegistrationProvider(object):
     '''

http://git-wip-us.apache.org/repos/asf/allura/blob/90035805/Allura/allura/tests/unit/test_ldap_auth_provider.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/unit/test_ldap_auth_provider.py b/Allura/allura/tests/unit/test_ldap_auth_provider.py
index e780f59..cc37b53 100644
--- a/Allura/allura/tests/unit/test_ldap_auth_provider.py
+++ b/Allura/allura/tests/unit/test_ldap_auth_provider.py
@@ -17,6 +17,9 @@
 #       specific language governing permissions and limitations
 #       under the License.
 
+import calendar
+from datetime import datetime, timedelta
+from bson import ObjectId
 from mock import patch, Mock
 from nose.tools import assert_equal, assert_not_equal, assert_true
 from webob import Request
@@ -46,6 +49,7 @@ class TestLdapAuthenticationProvider(object):
     @patch('allura.lib.plugin.ldap')
     def test_set_password(self, ldap):
         user = Mock(username='test-user')
+        user.__ming__ = Mock()
         self.provider._encode_password = Mock(return_value='new-pass-hash')
         ldap.dn.escape_dn_chars = lambda x: x
 
@@ -100,3 +104,29 @@ class TestLdapAuthenticationProvider(object):
             'admin-password')
         connection.add_s.assert_called_once_with(dn, modlist.addModlist.return_value)
         connection.unbind_s.assert_called_once()
+
+    @patch('allura.lib.plugin.ldap')
+    def test_set_password_sets_last_updated(self, ldap):
+        user = Mock()
+        user.__ming__ = Mock()
+        user.last_password_updated = None
+        now1 = datetime.utcnow()
+        self.provider.set_password(user, None, 'new')
+        now2 = datetime.utcnow()
+        assert_true(user.last_password_updated > now1)
+        assert_true(user.last_password_updated < now2)
+
+    def test_get_last_password_updated_not_set(self):
+        user = Mock()
+        user._id = ObjectId()
+        user.last_password_updated = None
+        upd = self.provider.get_last_password_updated(user)
+        gen_time = datetime.utcfromtimestamp(
+            calendar.timegm(user._id.generation_time.utctimetuple()))
+        assert_equal(upd, gen_time)
+
+    def test_get_last_password_updated(self):
+        user = Mock()
+        user.last_password_updated = datetime(2014, 06, 04, 13, 13, 13)
+        upd = self.provider.get_last_password_updated(user)
+        assert_equal(upd, user.last_password_updated)