0001-ppolicy-clean-computing-accountLocked-error-message.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
216 | 216 |
error = ppolicy.PasswordPolicyError.namedValues[ctrl.error] |
217 | 217 |
error2message = { |
218 | 218 |
'passwordExpired': _('The password expired.'), |
219 |
'accountLocked': _('The account is locked{since} after {failures_count}.').format( |
|
220 |
since=(_(" since %s") % attributes['pwdaccountlockedtime'][0]) |
|
221 |
if attributes['pwdaccountlockedtime'] |
|
222 |
else "", |
|
223 |
failures_count=(_("%s failures") % attributes['pwdmaxfailure'][0]) |
|
224 |
if attributes['pwdmaxfailure'] |
|
225 |
else _("multiple failures"), |
|
219 |
'accountLocked': '{locked}{failure}'.format( |
|
220 |
locked=( |
|
221 |
_("Account is locked since {since}.").format(since=attributes['pwdaccountlockedtime'][0]) |
|
222 |
if attributes['pwdaccountlockedtime'] |
|
223 |
else _("Account is locked.") |
|
224 |
), |
|
225 |
failure=( |
|
226 |
_(" It's been locked after {count} failed login attempts.").format( |
|
227 |
count=attributes['pwdmaxfailure'][0] |
|
228 |
) |
|
229 |
if attributes['pwdmaxfailure'] |
|
230 |
else "" |
|
231 |
), |
|
226 | 232 |
), |
227 | 233 |
'changeAfterReset': _('The password was reset and must be changed.'), |
228 | 234 |
'passwordModNotAllowed': _('It is not possible to modify the password.'), |
tests/test_ldap.py | ||
---|---|---|
1625 | 1625 |
response.form.set('password', 'invalid') |
1626 | 1626 |
response = response.form.submit(name='login-password-submit') |
1627 | 1627 | |
1628 |
assert 'account is locked since ' in str(response.pyquery('.messages'))
|
|
1629 |
assert f'after {pwdMaxFailure} failures' in str(response.pyquery('.messages'))
|
|
1628 |
assert 'Account is locked since ' in str(response.pyquery('.messages'))
|
|
1629 |
assert f'after {pwdMaxFailure} failed login attempts' in str(response.pyquery('.messages'))
|
|
1630 | 1630 | |
1631 | 1631 |
# Unlock account and force passwor reset |
1632 | 1632 |
conn = slapd_ppolicy.get_connection_admin() |
... | ... | |
1960 | 1960 |
response.form.set('username', USERNAME) |
1961 | 1961 |
response.form.set('password', 'invalid') |
1962 | 1962 |
response = response.form.submit(name='login-password-submit') |
1963 |
assert 'account is locked since ' in str(response.pyquery('.messages'))
|
|
1964 |
assert f'after {pwdMaxFailure} failures' in str(response.pyquery('.messages'))
|
|
1963 |
assert 'Account is locked since ' in str(response.pyquery('.messages'))
|
|
1964 |
assert f'after {pwdMaxFailure} failed login attempts' in str(response.pyquery('.messages'))
|
|
1965 | 1965 | |
1966 | 1966 | |
1967 | 1967 |
def ppolicy_authenticate_exactly_pwdMaxFailure(slapd_ppolicy, caplog): |
... | ... | |
2011 | 2011 |
] |
2012 | 2012 | |
2013 | 2013 |
ppolicy_authenticate_exactly_pwdMaxFailure(slapd_ppolicy, caplog) |
2014 |
assert 'account is locked' not in caplog.text
|
|
2014 |
assert 'Account is locked' not in caplog.text
|
|
2015 | 2015 |
assert authenticate(username=USERNAME, password='incorrect') is None |
2016 |
assert 'account is locked since 20' in caplog.text
|
|
2016 |
assert 'Account is locked since 20' in caplog.text
|
|
2017 | 2017 | |
2018 | 2018 | |
2019 | 2019 |
def test_do_not_use_controls(slapd_ppolicy, settings, db, caplog): |
2020 |
- |