From 6372ab37fdc3df001e350b727ad4a040a63adbbf Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Tue, 10 Jul 2018 10:18:47 +0545 Subject: [PATCH] Do not allow passwords to be expired for non-local users --- lib/Command/ExpirePassword.php | 11 +++++++-- tests/Command/ExpirePasswordTest.php | 36 ++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/lib/Command/ExpirePassword.php b/lib/Command/ExpirePassword.php index cb600c38..d1ddac39 100644 --- a/lib/Command/ExpirePassword.php +++ b/lib/Command/ExpirePassword.php @@ -78,8 +78,10 @@ protected function configure() { protected function execute(InputInterface $input, OutputInterface $output) { $uid = $input->getArgument('uid'); - $exists = $this->userManager->userExists($uid); - if($exists === false) { + /** @var $user \OCP\IUser */ + $user = $this->userManager->get($uid); + + if ($user === null) { $output->writeln("Unknown user: $uid"); /** * return EX_NOUSER from /usr/include/sysexits.h @@ -88,6 +90,11 @@ protected function execute(InputInterface $input, OutputInterface $output) { return 67; } + if (!$user->canChangePassword()) { + $output->writeln("The user's backend doesn't support password changes. The password cannot be expired for user: $uid"); + return 1; + } + $date = new \DateTime($input->getArgument('expiredate')); $date->setTimezone(new \DateTimeZone('UTC')); $value = $date->format('Y-m-d\TH:i:s\Z'); // ISO8601 with Zulu = UTC diff --git a/tests/Command/ExpirePasswordTest.php b/tests/Command/ExpirePasswordTest.php index 67da95aa..d6539fc0 100644 --- a/tests/Command/ExpirePasswordTest.php +++ b/tests/Command/ExpirePasswordTest.php @@ -24,6 +24,7 @@ use OCA\PasswordPolicy\Command\ExpirePassword; use OCP\IConfig; +use OCP\IUser; use OCP\IUserManager; use Symfony\Component\Console\Tester\CommandTester; use Test\TestCase; @@ -52,9 +53,9 @@ public function setUp() { public function testExpirePasswordUserNotExisting() { $this->userManager ->expects(self::once()) - ->method('userExists') + ->method('get') ->with('not-existing-uid') - ->willReturn(false); + ->willReturn(null); $this->commandTester->execute([ 'uid' => 'not-existing-uid', @@ -65,11 +66,17 @@ public function testExpirePasswordUserNotExisting() { } public function testExpirePassword() { + $user = $this->createMock(IUser::class); + $user + ->expects($this->once()) + ->method('canChangePassword') + ->willReturn(true); + $this->userManager ->expects($this->once()) - ->method('userExists') + ->method('get') ->with('existing-uid') - ->willReturn(true); + ->willReturn($user); $this->config ->expects($this->once()) ->method('setUserValue') @@ -88,4 +95,25 @@ public function testExpirePassword() { self::assertContains('The password for existing-uid is set to expire on 2018-06-28 10:13:00 UTC.', $output); } + public function testCannotExpirePassword() { + $user = $this->createMock(IUser::class); + $user + ->expects($this->once()) + ->method('canChangePassword') + ->willReturn(false); + + $this->userManager + ->expects($this->once()) + ->method('get') + ->with('existing-uid') + ->willReturn($user); + + $this->commandTester->execute([ + 'uid' => 'existing-uid', + 'expiredate' => '2018-06-28 10:13 UTC' + ]); + $output = $this->commandTester->getDisplay(); + self::assertContains("The user's backend doesn't support password changes. The password cannot be expired for user: existing-uid", $output); + } + }