Merge pull request #85 from ltb-project/84-islocked-function-does-not-verify-if-lockout-duration-is-not-set

Manage empty lockoutDate in isLocked function

Author: coudot

src/Ltb/Directory/OpenLDAP.php

@@ -35,6 +35,10 @@ public function isLocked($entry, $pwdPolicyConfiguration) : bool {
 
         $unlockDate = $this->getUnlockDate($entry, $pwdPolicyConfiguration);
 
+        if (!$unlockDate) {
+            return true;
+        }
+
         if ( $unlockDate and time() <= $unlockDate->getTimestamp() ) {
             return true;
         }

tests/Ltb/DirectoryTest.php

@@ -58,6 +58,32 @@ public function test_openldap_islocked_no_more_locked(): void
         $this->assertFalse($isLocked, "Account should no more be locked");
     }
 
+    public function test_openldap_islocked_lockout_duration_zero(): void
+    {
+        $entry = [
+                    'pwdaccountlockedtime' => [
+                        'count' => 1,
+                        0 => (new DateTime)->modify("-10 days")->format("Ymdhis\Z")
+                    ]
+                 ];
+
+        $isLocked = (new Ltb\Directory\OpenLDAP)->isLocked($entry, array('lockout_duration' => 0));
+        $this->assertTrue($isLocked, "Account should be locked");
+    }
+
+    public function test_openldap_islocked_no_lockout_duration(): void
+    {
+        $entry = [
+                    'pwdaccountlockedtime' => [
+                        'count' => 1,
+                        0 => (new DateTime)->modify("-10 days")->format("Ymdhis\Z")
+                    ]
+                 ];
+
+        $isLocked = (new Ltb\Directory\OpenLDAP)->isLocked($entry, array('lockout_duration' => null));
+        $this->assertTrue($isLocked, "Account should be locked");
+    }
+
     public function test_openldap_getlockdate_empty(): void
     {
         $entry = [