From 19c2da439eb54783ce50696596c0b708dde68557 Mon Sep 17 00:00:00 2001
From: Denis Leemann <denis.leemann@camptocamp.com>
Date: Thu, 4 Jan 2024 10:18:40 +0100
Subject: [PATCH] [IMP][15.0]auth_saml: add tests

---
 auth_saml/tests/test_pysaml.py | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/auth_saml/tests/test_pysaml.py b/auth_saml/tests/test_pysaml.py
index c05235b747..7549e2546f 100644
--- a/auth_saml/tests/test_pysaml.py
+++ b/auth_saml/tests/test_pysaml.py
@@ -198,7 +198,7 @@ def test_login_with_saml(self):
         # User should now be able to log in with the token
         self.authenticate(user="test@example.com", password=token)
 
-    def test_disallow_user_password_when_changing_setting(self):
+    def test_disallow_user_password_when_changing_ir_config_parameter(self):
         """Test that disabling users from having both a password and SAML ids remove
         users password."""
         # change the option
@@ -336,3 +336,26 @@ def test_redirect_after_login(self):
             self.base_url()
             + "/web#action=37&model=ir.module.module&view_type=kanban&menu_id=5",
         )
+
+    def test_disallow_user_password_when_changing_settings(self):
+        """Test that disabling the setting will remove passwords from related users"""
+        # We activate the settings to allow password login
+        self.env["res.config.settings"].create(
+            {
+                "allow_saml_uid_and_internal_password": True,
+            }
+        ).execute()
+
+        # Test the user can login with the password
+        self.authenticate(user="user@example.com", password="NesTNSte9340D720te>/-A")
+
+        self.env["res.config.settings"].create(
+            {
+                "allow_saml_uid_and_internal_password": False,
+            }
+        ).execute()
+
+        with self.assertRaises(AccessDenied):
+            self.authenticate(
+                user="user@example.com", password="NesTNSte9340D720te>/-A"
+            )