Merge pull request #55 from ambitus/feature/password_expiration_option

Add optional Expired/Noexpired
ambitus · Jan 18, 2024 · 439b0c5 · 439b0c5
2 parents fd9d7aa + 3e9d23b
commit 439b0c5
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 13 deletions.
diff --git a/pyracf/data_set/data_set_admin.py b/pyracf/data_set/data_set_admin.py
@@ -142,8 +142,8 @@ def alter(
             profile = self.extract(
                 data_set, volume=volume, generic=generic, profile_only=True
             )
-        except SecurityRequestError:
-            raise AlterOperationError(data_set, self._profile_type)
+        except SecurityRequestError as exception:
+            raise AlterOperationError(data_set, self._profile_type) from exception
         if not self._get_field(profile, "base", "name") == data_set.lower():
             raise AlterOperationError(data_set, self._profile_type)
         self._build_segment_trait_dictionary(traits)

diff --git a/pyracf/group/group_admin.py b/pyracf/group/group_admin.py
@@ -149,8 +149,8 @@ def alter(self, group: str, traits: dict) -> Union[dict, bytes]:
             return self._make_request(group_request, irrsmo00_precheck=True)
         try:
             self.extract(group)
-        except SecurityRequestError:
-            raise AlterOperationError(group, self._profile_type)
+        except SecurityRequestError as exception:
+            raise AlterOperationError(group, self._profile_type) from exception
         self._build_segment_trait_dictionary(traits)
         group_request = GroupRequest(group, "set")
         self._build_xml_segments(group_request, alter=True)

diff --git a/pyracf/resource/resource_admin.py b/pyracf/resource/resource_admin.py
@@ -527,8 +527,8 @@ def alter(self, resource: str, class_name: str, traits: dict) -> Union[dict, byt
             return self._make_request(profile_request, irrsmo00_precheck=True)
         try:
             profile = self.extract(resource, class_name, profile_only=True)
-        except SecurityRequestError:
-            raise AlterOperationError(resource, class_name)
+        except SecurityRequestError as exception:
+            raise AlterOperationError(resource, class_name) from exception
         if not self._get_field(profile, "base", "name") == resource.lower():
             raise AlterOperationError(resource, class_name)
         self._build_segment_trait_dictionary(traits)

diff --git a/pyracf/user/user_admin.py b/pyracf/user/user_admin.py
@@ -277,12 +277,13 @@ def take_away_auditor_authority(self, userid: str) -> Union[dict, bytes]:
     # Password
     # ============================================================================
     def set_password(
-        self,
-        userid: str,
-        password: Union[str, bool],
+        self, userid: str, password: Union[str, bool], expired: Union[bool, None] = None
     ) -> Union[dict, bytes]:
         """Set a user's password."""
-        result = self.alter(userid, traits={"base:password": password})
+        traits = {"base:password": password}
+        if expired is not None:
+            traits["base:password_expired"] = expired
+        result = self.alter(userid, traits=traits)
         return self._to_steps(result)
 
     # ============================================================================
@@ -292,9 +293,13 @@ def set_passphrase(
         self,
         userid: str,
         passphrase: Union[str, bool],
+        expired: Union[bool, None] = None,
     ) -> Union[dict, bytes]:
         """Set a user's passphrase."""
-        result = self.alter(userid, traits={"base:passphrase": passphrase})
+        traits = {"base:passphrase": passphrase}
+        if expired is not None:
+            traits["base:password_expired"] = expired
+        result = self.alter(userid, traits=traits)
         return self._to_steps(result)
 
     # ============================================================================
@@ -795,8 +800,8 @@ def alter(self, userid: str, traits: dict) -> Union[dict, bytes]:
             return self._make_request(user_request, irrsmo00_precheck=True)
         try:
             self.extract(userid)
-        except SecurityRequestError:
-            raise AlterOperationError(userid, self._profile_type)
+        except SecurityRequestError as exception:
+            raise AlterOperationError(userid, self._profile_type) from exception
         self._build_segment_trait_dictionary(traits)
         user_request = UserRequest(userid, "set")
         self._build_xml_segments(user_request, alter=True)

diff --git a/tests/user/test_user_constants.py b/tests/user/test_user_constants.py
@@ -251,8 +251,18 @@ def get_sample(sample_file: str) -> Union[str, bytes]:
     "user_remove_operations_authority_request.xml"
 )
 TEST_USER_SET_PASSWORD_XML = get_sample("user_set_password_request.xml")
+TEST_USER_SET_PASSWORD_NOEXPIRED_XML = get_sample(
+    "user_set_password_noexpired_request.xml"
+)
+TEST_USER_SET_PASSWORD_EXPIRED_XML = get_sample("user_set_password_expired_request.xml")
 TEST_USER_SET_PASSWORD_DELETE_XML = get_sample("user_set_password_delete_request.xml")
 TEST_USER_SET_PASSPHRASE_XML = get_sample("user_set_passphrase_request.xml")
+TEST_USER_SET_PASSPHRASE_NOEXPIRED_XML = get_sample(
+    "user_set_passphrase_noexpired_request.xml"
+)
+TEST_USER_SET_PASSPHRASE_EXPIRED_XML = get_sample(
+    "user_set_passphrase_expired_request.xml"
+)
 TEST_USER_SET_PASSPHRASE_DELETE_XML = get_sample(
     "user_set_passphrase_delete_request.xml"
 )

diff --git a/tests/user/test_user_setters.py b/tests/user/test_user_setters.py
@@ -68,6 +68,14 @@ def test_user_admin_build_set_password_request(self):
         result = self.user_admin.set_password("squidwrd", "GIyTTqdF")
         self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSWORD_XML)
 
+    def test_user_admin_build_set_password_noexpired_request(self):
+        result = self.user_admin.set_password("squidwrd", "GIyTTqdF", expired=False)
+        self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSWORD_NOEXPIRED_XML)
+
+    def test_user_admin_build_set_password_expired_request(self):
+        result = self.user_admin.set_password("squidwrd", "GIyTTqdF", expired=True)
+        self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSWORD_EXPIRED_XML)
+
     def test_user_admin_build_set_password_delete_request(self):
         result = self.user_admin.set_password("squidwrd", False)
         self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSWORD_DELETE_XML)
@@ -79,6 +87,20 @@ def test_user_admin_build_set_passphrase_request(self):
         result = self.user_admin.set_passphrase("squidwrd", "PassPhrasesAreCool!")
         self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSPHRASE_XML)
 
+    def test_user_admin_build_set_passphrase_noexpired_request(self):
+        result = self.user_admin.set_passphrase(
+            "squidwrd", "PassPhrasesAreCool!", expired=False
+        )
+        self.assertEqual(
+            result, TestUserConstants.TEST_USER_SET_PASSPHRASE_NOEXPIRED_XML
+        )
+
+    def test_user_admin_build_set_passphrase_expired_request(self):
+        result = self.user_admin.set_passphrase(
+            "squidwrd", "PassPhrasesAreCool!", expired=True
+        )
+        self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSPHRASE_EXPIRED_XML)
+
     def test_user_admin_build_set_passphrase_delete_request(self):
         result = self.user_admin.set_passphrase("squidwrd", False)
         self.assertEqual(result, TestUserConstants.TEST_USER_SET_PASSPHRASE_DELETE_XML)

diff --git a/tests/user/user_request_samples/user_set_passphrase_expired_request.xml b/tests/user/user_request_samples/user_set_passphrase_expired_request.xml
@@ -0,0 +1,8 @@
+<securityrequest xmlns="http://www.ibm.com/systems/zos/saf" xmlns:racf="http://www.ibm.com/systems/zos/racf">
+  <user name="squidwrd" operation="set" requestid="UserRequest">
+    <base>
+      <racf:phrase operation="set">********</racf:phrase>
+      <racf:expired operation="set" />
+    </base>
+  </user>
+</securityrequest>
diff --git a/tests/user/user_request_samples/user_set_passphrase_noexpired_request.xml b/tests/user/user_request_samples/user_set_passphrase_noexpired_request.xml
@@ -0,0 +1,8 @@
+<securityrequest xmlns="http://www.ibm.com/systems/zos/saf" xmlns:racf="http://www.ibm.com/systems/zos/racf">
+  <user name="squidwrd" operation="set" requestid="UserRequest">
+    <base>
+      <racf:phrase operation="set">********</racf:phrase>
+      <racf:expired operation="del" />
+    </base>
+  </user>
+</securityrequest>
diff --git a/tests/user/user_request_samples/user_set_password_expired_request.xml b/tests/user/user_request_samples/user_set_password_expired_request.xml
@@ -0,0 +1,8 @@
+<securityrequest xmlns="http://www.ibm.com/systems/zos/saf" xmlns:racf="http://www.ibm.com/systems/zos/racf">
+  <user name="squidwrd" operation="set" requestid="UserRequest">
+    <base>
+      <racf:password operation="set">********</racf:password>
+      <racf:expired operation="set" />
+    </base>
+  </user>
+</securityrequest>
diff --git a/tests/user/user_request_samples/user_set_password_noexpired_request.xml b/tests/user/user_request_samples/user_set_password_noexpired_request.xml
@@ -0,0 +1,8 @@
+<securityrequest xmlns="http://www.ibm.com/systems/zos/saf" xmlns:racf="http://www.ibm.com/systems/zos/racf">
+  <user name="squidwrd" operation="set" requestid="UserRequest">
+    <base>
+      <racf:password operation="set">********</racf:password>
+      <racf:expired operation="del" />
+    </base>
+  </user>
+</securityrequest>