#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: Test userPassword with K5KEY in combination with userexpiry
## tags:
##  - basic
## roles:
##  - domaincontroller_master
## packages:
##  - slapd
## exposure: dangerous

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137
# shellcheck source=../../lib/maildomain.sh
. "$TESTLIBPATH/maildomain.sh" || exit 137
# shellcheck source=../../lib/undo.sh
. "$TESTLIBPATH/undo.sh" || exit 137

RETVAL=100

# create domain part in configured mail domains list
create_mail_domain "$domainname" && undo delete_mail_domain "$domainname"

USERNAME=$(user_randomname)
user_create "$USERNAME" &&
	undo user_remove "$USERNAME" ||
	fail_fast 1 "Failed to create user $USERNAME"

wait_for_replication_and_postrun

USER_DN="uid=$USERNAME,cn=users,$ldap_base"

ldapmodify -x -D "$tests_domainadmin_account" -y "$tests_domainadmin_pwdfile" <<-%EOF
dn: $USER_DN
changetype: modify
replace: userPassword
userPassword: {K5KEY}
%EOF

wait_for_replication_and_postrun

ldapsearch -x -D "$USER_DN" -w univention -s base dn || fail_test 1 'Test with K5KEY failed'
ldapsearch -x -D "$USER_DN" -w "$(user_randomname)" -s base dn && fail_test 1 "Search with random password succeeded"

udm users/user modify --dn "$USER_DN" --set userexpiry="$(date -d '1 day ago' +%Y-%m-%d)"
wait_for_replication
ldapsearch -x -D "$USER_DN" -w univention -s base dn && fail_test 1 'User expiry was set to yesteday but the search succeeded'

udm users/user modify --dn "$USER_DN" --set userexpiry="$(date -d '1 day tomorrow' +%Y-%m-%d)"
wait_for_replication
ldapsearch -x -D "$USER_DN" -w univention -s base dn || fail_test 1 'User expiry was set to tomorrow but the search failed'

exit "$RETVAL"
