Skip to content

Commit 6b50c67

Browse files
author
davidpil
committed
Add Password Hardening CLI test
1 parent 03b3a57 commit 6b50c67

3 files changed

Lines changed: 214 additions & 0 deletions

File tree

tests/passw_hardening_input/assert_show_output.py

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
"""
2+
Module holding the correct values for show CLI command outputs for the passw_hardening_test.py
3+
"""
4+
5+
show_passw_hardening_policies_default="""\
6+
STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS
7+
-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- ---------------
8+
disabled 180 15 10 8 true true true true true
9+
"""
10+
11+
show_passw_hardening_policies_classes_disabled="""\
12+
STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS
13+
-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- ---------------
14+
disabled 180 15 10 8 false false false false false
15+
"""
16+
17+
show_passw_hardening_policies_enabled="""\
18+
STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS
19+
------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- ---------------
20+
enabled 180 15 10 8 true true true true true
21+
"""
22+
23+
24+
show_passw_hardening_policies_expiration="""\
25+
STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS
26+
------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- ---------------
27+
enabled 100 15 10 8 true true true true true
28+
"""
29+
30+
show_passw_hardening_policies_history_cnt="""\
31+
STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS
32+
-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- ---------------
33+
disabled 180 15 40 8 true true true true true
34+
"""
35+
36+
show_passw_hardening_policies_len_min="""\
37+
STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS
38+
-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- ---------------
39+
disabled 180 15 10 30 true true true true true
40+
"""

tests/passw_hardening_input/default_config_db.json

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{
2+
"PASSW_HARDENING|POLICIES": {
3+
"state": "disabled",
4+
"expiration": "180",
5+
"expiration_warning": "15",
6+
"history_cnt": "10",
7+
"len_min": "8",
8+
"reject_user_passw_match": "true",
9+
"digits_class": "true",
10+
"lower_class": "true",
11+
"special_class": "true",
12+
"upper_class": "true"
13+
}
14+
}

tests/passw_hardening_test.py

Lines changed: 160 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,160 @@
1+
#!/usr/bin/env python
2+
3+
import os
4+
import logging
5+
import show.main as show
6+
import config.main as config
7+
8+
from .passw_hardening_input import assert_show_output
9+
from utilities_common.db import Db
10+
from click.testing import CliRunner
11+
from .mock_tables import dbconnector
12+
13+
logger = logging.getLogger(__name__)
14+
test_path = os.path.dirname(os.path.abspath(__file__))
15+
mock_db_path = os.path.join(test_path, "passw_hardening_input")
16+
17+
SUCCESS = 0
18+
ERROR = 1
19+
INVALID_VALUE = 'INVALID'
20+
EXP_GOOD_FLOW = 1
21+
EXP_BAD_FLOW = 0
22+
23+
class TestPasswHardening:
24+
@classmethod
25+
def setup_class(cls):
26+
logger.info("SETUP")
27+
os.environ['UTILITIES_UNIT_TESTING'] = "2"
28+
29+
30+
@classmethod
31+
def teardown_class(cls):
32+
logger.info("TEARDOWN")
33+
os.environ['UTILITIES_UNIT_TESTING'] = "0"
34+
os.environ["UTILITIES_UNIT_TESTING_TOPOLOGY"] = ""
35+
dbconnector.dedicated_dbs['CONFIG_DB'] = None
36+
37+
def verify_passw_policies_output(self, db, runner, output, expected=EXP_GOOD_FLOW):
38+
result = runner.invoke(show.cli.commands["passw-hardening"].commands["policies"], [], obj=db)
39+
logger.debug("\n" + result.output)
40+
logger.debug(result.exit_code)
41+
42+
if expected: # good flow expected (default)
43+
assert result.exit_code == SUCCESS
44+
assert result.output == output
45+
else: # bad flow expected
46+
assert result.exit_code == ERROR
47+
48+
def passw_hardening_set_policy(self, runner, db, attr, value, expected=EXP_GOOD_FLOW):
49+
result = runner.invoke(
50+
config.config.commands["passw-hardening"].commands["policies"].commands[attr],
51+
[value], obj=db
52+
)
53+
54+
if expected: # good flow expected (default)
55+
logger.debug("\n" + result.output)
56+
logger.debug(result.exit_code)
57+
assert result.exit_code == SUCCESS
58+
else: # bad flow expected
59+
assert result.exit_code == ERROR
60+
61+
62+
######### PASSW-HARDENING #########
63+
64+
def test_passw_hardening_default(self):
65+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
66+
db = Db()
67+
runner = CliRunner()
68+
69+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_default)
70+
71+
def test_passw_hardening_feature_enabled(self):
72+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
73+
db = Db()
74+
runner = CliRunner()
75+
76+
self.passw_hardening_set_policy(runner, db, "state", "enabled")
77+
78+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_enabled)
79+
80+
def test_passw_hardening_policies_classes_disabled(self):
81+
"""Disable passw hardening classes & reject user passw match policies"""
82+
83+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
84+
db = Db()
85+
runner = CliRunner()
86+
87+
passw_classes = { "reject-user-passw-match": "false",
88+
"digits-class": "false",
89+
"lower-class": "false",
90+
"special-class": "false",
91+
"upper-class": "false"
92+
}
93+
94+
for k, v in passw_classes.items():
95+
self.passw_hardening_set_policy(runner, db, k, v)
96+
97+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_classes_disabled)
98+
99+
def test_passw_hardening_policies_exp_time(self):
100+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
101+
db = Db()
102+
runner = CliRunner()
103+
104+
self.passw_hardening_set_policy(runner, db, "state", "enabled")
105+
self.passw_hardening_set_policy(runner, db, "expiration", "100")
106+
self.passw_hardening_set_policy(runner, db, "expiration-warning", "15")
107+
108+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_expiration)
109+
110+
def test_passw_hardening_policies_history(self):
111+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
112+
db = Db()
113+
runner = CliRunner()
114+
115+
self.passw_hardening_set_policy(runner, db, "history-cnt", "40")
116+
117+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_history_cnt)
118+
119+
def test_passw_hardening_policies_len_min(self):
120+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
121+
db = Db()
122+
runner = CliRunner()
123+
124+
self.passw_hardening_set_policy(runner, db, "len-min", "30")
125+
126+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_len_min)
127+
128+
def test_passw_hardening_policy_expiration_invalid(self):
129+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
130+
db = Db()
131+
runner = CliRunner()
132+
INVALID_EXP_TIME = "600"
133+
134+
self.passw_hardening_set_policy(runner, db, "expiration", INVALID_EXP_TIME, EXP_BAD_FLOW)
135+
136+
# expect default values, because invalid values should not succed to modify default configuration
137+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_default)
138+
139+
def test_passw_hardening_policy_len_min_invalid(self):
140+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
141+
db = Db()
142+
runner = CliRunner()
143+
INVALID_EXP_LEN = "500"
144+
145+
self.passw_hardening_set_policy(runner, db, "len-min", INVALID_EXP_LEN, EXP_BAD_FLOW)
146+
147+
# expect default values, because invalid values should not succed to modify default configuration
148+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_default)
149+
150+
def test_passw_hardening_policy_class_invalid(self):
151+
dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db')
152+
db = Db()
153+
runner = CliRunner()
154+
INVALID_VALUE = '?'
155+
156+
self.passw_hardening_set_policy(runner, db, "expiration", INVALID_VALUE, EXP_BAD_FLOW)
157+
158+
# expect default values, because invalid values should not succed to modify default configuration
159+
self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_default)
160+

0 commit comments

Comments
 (0)