#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: Re-set pwdChangeNextLogin=1 during udm cli password change
## roles:
##  - domaincontroller_master
## bugs: [46067]
## tags: [SKIP,skip_admember]
## packages:
##  - univention-directory-manager-tools
## exposure: safe

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137
# shellcheck source=../../lib/udm.sh
. "$TESTLIBPATH/udm.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137
# shellcheck source=../../lib/undo.sh
. "$TESTLIBPATH/undo.sh" || exit 137

## INITIAL_PASSWORD is chosen by user_create:
INITIAL_PASSWORD=univention
PASSWORD=Univention.1

RETVAL=100

test_username=$(user_randomname)
user_create "$test_username" --set pwdChangeNextLogin=1 &&
	undo user_remove "$test_username" ||
	fail_fast 140 "cannot create user $test_username"

test_userdn=$(user_dn "$test_username")

wait_for_replication_and_postrun

echo "### Test: Check pwdChangeNextLogin initially is 1 as explicitly requested during user creation"
output=$(udm users/user list --filter uid="$test_username" | sed -n 's/  pwdChangeNextLogin: //p')
if [ "1" != "$output" ]; then
	fail_test 110 "Unexpected pwdChangeNextLogin after create: $output"
fi


echo "### Change password and re-set pwdChangeNextLogin=1 simultaneously"
udm_modify "users/user" "" "" "" "$test_username" --set password="$PASSWORD" --set pwdChangeNextLogin=1

wait_for_replication_and_postrun

echo "### Test: Check pwdChangeNextLogin is still 1 as explicitly requested by the admin"
output=$(udm users/user list --filter uid="$test_username" | sed -n 's/  pwdChangeNextLogin: //p')
if [ "1" != "$output" ]; then
	fail_test 110 "Unexpected pwdChangeNextLogin after password change: $output"
fi


exit "$RETVAL"
