Bug 34281 - Test password reset for students/teachers
Test password reset for students/teachers
Status: VERIFIED FIXED
Product: UCS@school
Classification: Unclassified
Component: ucs-test
UCS@school 3.2 R2
Other Linux
: P5 normal (vote)
: ---
Assigned To: Ammar Najjar
Sönke Schwardt-Krummrich
:
Depends on:
Blocks: 35448
  Show dependency treegraph
 
Reported: 2014-03-07 10:02 CET by Sönke Schwardt-Krummrich
Modified: 2014-07-23 12:02 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2014-03-07 10:02:49 CET
A ucs-test script should check the UCS@school password reset module for students and teachers:
- create random OU and some test users
- connect via python UMCConnection() class to UMC and send UMCP command for 
  resetting the password of a previously created user.
- check if the checkbox "user has to change password on next login" is 
  evaluated/handled correctly
- check if a login with the new password is possible (e.g. login to UMC or via 
  SSH or smbclient or ...)
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2014-03-14 08:28:59 CET
Basic recipe and background information for this test:

The UMC module for password reset is located within the source package ucs-school-umc-users.
Have a look in ucs-school-umc-users/umc/*.xml for the correct UMCP command name for resetting user passwords.
There is also mentioned the name of the python function which is implemented in ucs-school-umc-users/umc/python/*/*.py.
There you can grab all possible arguments for this function.

The test shall use the class UCSTestSchool of the python module univention.testing.ucsschool for creating OUs and users.
For this test, at least two student users and two teacher users are required. The following chart shows all possible user combinations. Only one of them is allowed. It should be also tested if the not allowed combinations do fail as indentended.

          \    Userrole to be resetted
UMCP User  \   student2       teacher2
------------+--------------------------
 student1   |   FAIL           FAIL
 teacher1   |   SUCCESS        FAIL

Testing if the password reset was successful should be done in two steps:
- check the return code of the UMCP command
- check login via UMCConnection (e.g. UMCConnection.login(DN_student2, password))

The whole test case should be done twice:
a) with "change password on next login == False"
b) with "change password on next login == True"

In case of b) the LDAP attribute "shadowMax" should be set to "1" and the attribute "sambaPwdLastSet" should be set to "0".
In case of a) "shadowMax" is unset and "sambaPwdLastSet" contains a numerical value larger than 1.
Comment 2 Ammar Najjar univentionstaff 2014-04-14 09:57:41 CEST
desc: ucs-school-reset-password-check                                        
roles: [domaincontroller_master]                                                
packages: - ucs-school-umc-users  

This test check the following:

1. create two teachers and two students in a new OU.
2. test if teacher is unable to reset teacher password (chgPwdNextLogin=True)
3. test if student is unable to reset teacher password (chgPwdNextLogin=True)
4. test if student is unable to reset student password (chgPwdNextLogin=True)
5. test if teacher is unable to reset teacher password (chgPwdNextLogin=False)
6. test if student is unable to reset teacher password (chgPwdNextLogin=False)
7. test if student is unable to reset student password (chgPwdNextLogin=False)
8. test if teacher is able to reset student password (chgPwdNextLogin=True)
9. test if teacher is able to reset student password (chgPwdNextLogin=False)
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2014-04-14 21:55:57 CEST
BUG: Please set "exposure" in the ucs-test header to "careful".

OK: implementation
OK: testrun

Changelog for UCS@school 3.2R2 has been made.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2014-04-15 08:17:58 CEST
(In reply to Sönke Schwardt-Krummrich from comment #3)
> BUG: Please set "exposure" in the ucs-test header to "careful".

I just reread the ucs-test definitions: please set "exposure" to "dangerous".
(http://wiki.univention.de/index.php?title=Ucs-test)
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2014-06-18 10:42:51 CEST
Added "domaincontroller_slave" to roles in ucs-test header.
Successfully tested on master and slave.
→ VERIFIED