1# --
2# Copyright (C) 2001-2020 OTRS AG, https://otrs.com/
3# --
4# This software comes with ABSOLUTELY NO WARRANTY. For details, see
5# the enclosed file COPYING for license information (GPL). If you
6# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
7# --
8
9use strict;
10use warnings;
11use utf8;
12
13use vars (qw($Self));
14
15# get helper object
16$Kernel::OM->ObjectParamAdd(
17    'Kernel::System::UnitTest::Helper' => {
18        RestoreDatabase => 1,
19    },
20);
21my $Helper = $Kernel::OM->Get('Kernel::System::UnitTest::Helper');
22
23# get config object
24my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
25
26# configure auth backend to db
27$ConfigObject->Set(
28    Key   => 'AuthBackend',
29    Value => 'DB',
30);
31
32# no additional auth backends
33for my $Count ( 1 .. 10 ) {
34
35    $ConfigObject->Set(
36        Key   => "AuthBackend$Count",
37        Value => '',
38    );
39}
40
41# disable email checks to create new user
42$ConfigObject->Set(
43    Key   => 'CheckEmailAddresses',
44    Value => 0,
45);
46
47my $TestUserID;
48my $UserRand = 'example-user' . $Helper->GetRandomID();
49
50# get user object
51my $UserObject = $Kernel::OM->Get('Kernel::System::User');
52
53# add test user
54$TestUserID = $UserObject->UserAdd(
55    UserFirstname => 'Firstname Test1',
56    UserLastname  => 'Lastname Test1',
57    UserLogin     => $UserRand,
58    UserEmail     => $UserRand . '@example.com',
59    ValidID       => 1,
60    ChangeUserID  => 1,
61) || die "Could not create test user";
62
63# make sure that the customer user objects gets recreated for each loop.
64$Kernel::OM->ObjectsDiscard(
65    Objects => [
66        'Kernel::System::User',
67        'Kernel::System::Auth',
68    ],
69);
70
71my $AuthObject = $Kernel::OM->Get('Kernel::System::Auth');
72
73my $PasswordSet = $UserObject->SetPassword(
74    UserLogin => $UserRand,
75    PW        => '123',
76);
77
78$Self->True(
79    $PasswordSet,
80    "Password set"
81);
82
83my $AuthResult = $AuthObject->Auth(
84    User => $UserRand,
85    Pw   => '123',
86);
87
88$Self->Is(
89    $AuthResult,
90    $UserRand,
91    "First authentication ok",
92);
93
94$ConfigObject->Get('PreferencesGroups')->{Password}->{PasswordMaxLoginFailed} = 2;
95
96for ( 1 .. 2 ) {
97    $AuthResult = $AuthObject->Auth(
98        User => $UserRand,
99        Pw   => 'wrong',
100    );
101
102    $Self->Is(
103        $AuthResult,
104        undef,
105        "Wrong authentication",
106    );
107}
108
109$AuthResult = $AuthObject->Auth(
110    User => $UserRand,
111    Pw   => '123',
112);
113
114$Self->Is(
115    $AuthResult,
116    undef,
117    "Authentication not possible any more after too many failures",
118);
119
120my %User = $UserObject->GetUserData(
121    UserID => $TestUserID,
122);
123delete $User{UserPw};    # Don't update/break password.
124
125my $Update = $UserObject->UserUpdate(
126    %User,
127    ValidID      => 1,
128    ChangeUserID => 1,
129);
130
131$Self->True(
132    $Update,
133    "User revalidated"
134);
135
136$AuthResult = $AuthObject->Auth(
137    User => $UserRand,
138    Pw   => '123',
139);
140
141$Self->Is(
142    $AuthResult,
143    $UserRand,
144    "Authentication possible again after revalidation",
145);
146
147# cleanup is done by RestoreDatabase
148
1491;
150