Fix password reading in AutoYaST

* Do not pretend to read the /etc/shadow line anymore. * Make a difference between nil and empty values.
yast · Jun 2, 2021 · c8685f8 · c8685f8
1 parent 6ec2d3f
commit c8685f8
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 25 deletions.
diff --git a/src/lib/y2users/autoinst/reader.rb b/src/lib/y2users/autoinst/reader.rb
@@ -79,37 +79,25 @@ def read_groups
         end
       end
 
-      # shadow attrs without password and username which is done manually
-      SORTED_SHADOW_ATTRS = [
-        # Looks like shadow last change is not part of User.Export TODO: verify
-        "last_change", "min", "max", "warn", "inact", "expire", "flag"
-      ].freeze
-
       # Creates a {Password} object based on the data structure of a user
       #
       # @param user [Hash] a user representation in the format used by Users.Export
-      # @return [Password]
+      # @return [Password,nil]
       def create_password(user)
-        parser = Parsers::Shadow.new
-        content = shadow_string(user)
+        return nil unless user.user_password
 
-        password = parser.parse(content).values.first
-        password.value = PasswordPlainValue.new(user.user_password) unless user.encrypted
-        password
-      end
+        create_meth = user.encrypted ? :create_encrypted : :create_plain
+        password = Password.send(create_meth, user.user_password)
+        password_settings = user.password_settings
+        return password unless password_settings
 
-      # Entry in /etc/shadow describing the password of the given user
-      #
-      # @param user [Hash] a user representation in the format used by UsersSimple
-      # @return [String]
-      def shadow_string(user)
-        other_attrs = if user.password_settings
-          SORTED_SHADOW_ATTRS.map { |a| user.password_settings.send(a) }
-        else
-          []
-        end
-
-        [user.username, user.user_password, *other_attrs].join(":")
+        password.aging = PasswordAging.new(password_settings.last_change)
+        password.minimum_age = password_settings.min
+        password.maximum_age = password_settings.max
+        password.warning_period = password_settings.warn
+        password.inactivity_period = password_settings.inact
+        password.account_expiration = AccountExpiration.new(password_settings.expire)
+        password
       end
     end
   end

diff --git a/test/lib/y2users/autoinst/reader_test.rb b/test/lib/y2users/autoinst/reader_test.rb
@@ -70,5 +70,40 @@
         expect(config.groups).to be_empty
       end
     end
+
+    context "when the password is not encrypted" do
+      let(:user_profile) do
+        { "username" => "root", "user_password" => "secret" }
+      end
+
+      let(:profile) do
+        { "users" => [user_profile] }
+      end
+
+      it "sets the passsword as unencrypted" do
+        config = subject.read
+
+        user = config.users.first
+        password = user.password
+        expect(password.value).to_not be_encrypted
+      end
+    end
+
+    context "when the password is not given" do
+      let(:user_profile) do
+        { "username" => "root" }
+      end
+
+      let(:profile) do
+        { "users" => [user_profile] }
+      end
+
+      it "sets a nil password" do
+        config = subject.read
+
+        user = config.users.first
+        expect(user.password).to be_nil
+      end
+    end
   end
 end