Skip to content

Commit

Permalink
allow negative values for notification period
Browse files Browse the repository at this point in the history
  • Loading branch information
gruberroland committed Oct 14, 2023
1 parent 7ff5000 commit 44e6bfb
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 5 deletions.
7 changes: 5 additions & 2 deletions lam/docs/manual-sources/chapter-configuration.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1377,7 +1377,9 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';

<para>LAM calculates the expiration date based on the last password
change and the assigned password policy (or the default policy)
using attributes pwdMaxAge and pwdExpireWarning.</para>
using attributes pwdMaxAge and pwdExpireWarning. Negative values are
possible to send mails when LDAP's warning time already
started.</para>

<para>Examples:</para>

Expand Down Expand Up @@ -1584,7 +1586,8 @@ mysql&gt; GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';

<para>LAM calculates the expiration date based on the last password
change, the password warning time (attribute "shadowWarning") and
the specified notification period.</para>
the specified notification period. Negative values are possible to
send mails when Shadow's warning time already started.</para>

<para>Examples:</para>

Expand Down
3 changes: 3 additions & 0 deletions lam/lib/account.inc
Original file line number Diff line number Diff line change
Expand Up @@ -640,6 +640,9 @@ function get_preg($argument, $regexp) {
case "digit": // Normal number
$pregexpr = '/^[[:digit:]]*$/';
break;
case "digitWithNegativeValues": // Normal number incl. negative values
$pregexpr = '/^[-]?[[:digit:]]*$/';
break;
case "float": // float value
$pregexpr = '/^[[:digit:]]+(\\.[[:digit:]]+)?$/';
break;
Expand Down
8 changes: 8 additions & 0 deletions lam/tests/lib/modules/PPolicyUserPasswordNotifyJobTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,14 @@ public function testGetWarningTimeInSeconds() {
$this->assertEquals((7*3600*24 + 10000), $seconds);


$confDays = -7;
$policy = array('pwdmaxage' => 365 * 3600 * 24, 'pwdexpirewarning' => 10000);

$seconds = $this->job->getWarningTimeInSeconds($confDays, $policy);

$this->assertEquals((-7*3600*24 + 10000), $seconds);


$confDays = 0;
$policy = array('pwdmaxage' => 365 * 3600 * 24, 'pwdexpirewarning' => 10000);

Expand Down
86 changes: 83 additions & 3 deletions lam/tests/lib/modules/ShadowAccountTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -223,12 +223,12 @@ public function testAlreadyWarned() {

public function testWarning() {
$now = new DateTime('now', getTimeZone());
$lastChangeNow = floor($now->format('U')/3600/24);
$lastChange = floor($now->format('U')/3600/24) - 370;
$this->job->method('getDBLastPwdChangeTime')->willReturn('1');
$this->job->method('findUsers')->willReturn(array(array(
'dn' => 'cn=some,dc=dn',
'shadowmax' => array('10'),
'shadowlastchange' => array($lastChangeNow)
'shadowmax' => array('365'),
'shadowlastchange' => array($lastChange)
)));

$this->job->expects($this->once())->method('getDBLastPwdChangeTime');
Expand All @@ -240,6 +240,86 @@ public function testWarning() {
$this->assertFalse($this->resultLog->hasError());
}

public function testWarningReachedWithShadowWarning() {
$now = new DateTime('now', getTimeZone());
$lastChange = floor($now->format('U')/3600/24) - 370;
$this->job->method('getDBLastPwdChangeTime')->willReturn('1');
$this->job->method('findUsers')->willReturn(array(array(
'dn' => 'cn=some,dc=dn',
'shadowmax' => array('365'),
'shadowwarning' => '10',
'shadowlastchange' => array($lastChange)
)));

$this->job->expects($this->once())->method('getDBLastPwdChangeTime');
$this->job->expects($this->once())->method('setDBLastPwdChangeTime');
$this->job->expects($this->once())->method('sendMail');

$pdo = array();
$this->job->execute(ShadowAccountPasswordNotifyJobTest::JOB_ID, $this->options, $pdo, false, $this->resultLog);
$this->assertFalse($this->resultLog->hasError());
}

public function testWarningNotReachedWithShadowWarning() {
$now = new DateTime('now', getTimeZone());
$lastChange = floor($now->format('U')/3600/24) - 380;
$this->job->method('getDBLastPwdChangeTime')->willReturn('1');
$this->job->method('findUsers')->willReturn(array(array(
'dn' => 'cn=some,dc=dn',
'shadowmax' => array('365'),
'shadowwarning' => '10',
'shadowlastchange' => array($lastChange)
)));

$this->job->expects($this->never())->method('setDBLastPwdChangeTime');
$this->job->expects($this->never())->method('sendMail');

$pdo = array();
$this->job->execute(ShadowAccountPasswordNotifyJobTest::JOB_ID, $this->options, $pdo, false, $this->resultLog);
$this->assertFalse($this->resultLog->hasError());
}

public function testWarningReachedWithNegativeShadowWarning() {
$now = new DateTime('now', getTimeZone());
$lastChange = floor($now->format('U')/3600/24) - 373;
$this->job->method('getDBLastPwdChangeTime')->willReturn('1');
$this->job->method('findUsers')->willReturn(array(array(
'dn' => 'cn=some,dc=dn',
'shadowmax' => array('365'),
'shadowwarning' => '20',
'shadowlastchange' => array($lastChange)
)));

$this->job->expects($this->once())->method('getDBLastPwdChangeTime');
$this->job->expects($this->once())->method('setDBLastPwdChangeTime');
$this->job->expects($this->once())->method('sendMail');

$pdo = array();
$this->options['test_mailNotificationPeriod' . ShadowAccountPasswordNotifyJobTest::JOB_ID][0] = '-10';
$this->job->execute(ShadowAccountPasswordNotifyJobTest::JOB_ID, $this->options, $pdo, false, $this->resultLog);
$this->assertFalse($this->resultLog->hasError());
}

public function testWarningNotReachedWithNegativeShadowWarning() {
$now = new DateTime('now', getTimeZone());
$lastChange = floor($now->format('U')/3600/24) - 377;
$this->job->method('getDBLastPwdChangeTime')->willReturn('1');
$this->job->method('findUsers')->willReturn(array(array(
'dn' => 'cn=some,dc=dn',
'shadowmax' => array('365'),
'shadowwarning' => '20',
'shadowlastchange' => array($lastChange)
)));

$this->job->expects($this->never())->method('setDBLastPwdChangeTime');
$this->job->expects($this->never())->method('sendMail');

$pdo = array();
$this->options['test_mailNotificationPeriod' . ShadowAccountPasswordNotifyJobTest::JOB_ID][0] = '-10';
$this->job->execute(ShadowAccountPasswordNotifyJobTest::JOB_ID, $this->options, $pdo, false, $this->resultLog);
$this->assertFalse($this->resultLog->hasError());
}

public function testWarningDryRun() {
$now = new DateTime('now', getTimeZone());
$lastChangeNow = floor($now->format('U')/3600/24);
Expand Down

0 comments on commit 44e6bfb

Please sign in to comment.