From: aborah-sudo <aborah@redhat.com>
Date: Fri, 8 May 2026 08:31:53 +0000 (+0530)
Subject: Tests: Change user password
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2d2189e643fce2a28b48f48a329ea38f0d0dda6;p=thirdparty%2Fshadow.git

Tests: Change user password

This is the transformation to Python of the test located in
`tests/usertools/01/11_usermod_change_password.test`
which checks that `usermod` can change user password
---

diff --git a/tests/system/tests/test_usermod.py b/tests/system/tests/test_usermod.py
index e4f42d2a5..eda96cb07 100644
--- a/tests/system/tests/test_usermod.py
+++ b/tests/system/tests/test_usermod.py
@@ -5,6 +5,7 @@ Test usermod
 from __future__ import annotations
 
 import pytest
+from passlib.hash import sha512_crypt
 from pytest_mh.conn import ProcessError
 
 from framework.roles.shadow import Shadow
@@ -206,3 +207,29 @@ def test_usermod__rename_user_in_group(shadow: Shadow):
     tgroup_group = shadow.tools.getent.group("tgroup")
     assert tgroup_group is not None, "tgroup group should exist"
     assert "tuser2" in tgroup_group.members, "User should be in tgroup group with new name"
+
+
+@pytest.mark.topology(KnownTopology.Shadow)
+def test_usermod__change_password(shadow: Shadow):
+    """
+    :title: Change user password
+    :setup:
+        1. Create user
+        2. Change password using usermod -p
+    :steps:
+        1. Check shadow entry has new password
+    :expectedresults:
+        1. Password is updated in shadow file
+    :customerscenario: False
+    """
+    shadow.useradd("tuser1")
+
+    password = "Secret123"
+    password_hash = sha512_crypt.hash(password)
+    shadow.usermod(f"-p '{password_hash}' tuser1")
+
+    shadow_entry = shadow.tools.getent.shadow("tuser1")
+    assert shadow_entry is not None, "User should be found"
+    assert shadow_entry.password is not None, "Password should not be None"
+    assert shadow_entry.password.startswith("$6$"), "Password should be SHA-512 crypt hash"
+    assert shadow_entry.password == password_hash, "Password hash should match the generated hash"