diff --git a/tests/mdm/test_setup_dep_enrollment.py b/tests/mdm/test_setup_dep_enrollment.py index 648940dc0e..76015c56b4 100644 --- a/tests/mdm/test_setup_dep_enrollment.py +++ b/tests/mdm/test_setup_dep_enrollment.py @@ -112,12 +112,35 @@ def test_create_dep_enrollment_macos_admin_info_incomplete(self): "de-virtual_server": dep_virtual_server.pk, "de-admin_full_name": "yolo", "de-admin_short_name": "fomo", + "de-await_device_configured": "on", "es-meta_business_unit": self.mbu.pk}, follow=True) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, "mdm/depenrollment_form.html") self.assertFormError(response.context["dep_enrollment_form"], None, "Admin information incomplete") + def test_create_dep_enrollment_macos_admin_info_await_device_configured_error(self): + self._login("mdm.add_depenrollment", "mdm.view_depenrollment") + name = get_random_string(64) + push_certificate = force_push_certificate() + scep_config = force_scep_config() + dep_virtual_server = force_dep_virtual_server() + response = self.client.post(reverse("mdm:create_dep_enrollment"), + {"de-name": name, + "de-scep_config": scep_config.pk, + "de-push_certificate": push_certificate.pk, + "de-virtual_server": dep_virtual_server.pk, + "de-admin_full_name": "yolo", + "de-admin_short_name": "fomo", + "de-admin_password": "1234", + "es-meta_business_unit": self.mbu.pk}, + follow=True) + self.assertEqual(response.status_code, 200) + self.assertTemplateUsed(response, "mdm/depenrollment_form.html") + self.assertFormError(response.context["dep_enrollment_form"], + "await_device_configured", + "Required for the admin account setup") + @patch("zentral.contrib.mdm.dep.DEPClient.from_dep_virtual_server") def test_create_dep_enrollment_post(self, from_dep_virtual_server): profile_uuid = uuid.uuid4() @@ -143,6 +166,7 @@ def test_create_dep_enrollment_post(self, from_dep_virtual_server): "de-ios_min_version": "12.3.1", "de-admin_full_name": "yolo", "de-admin_short_name": "fomo", + "de-await_device_configured": "on", "de-admin_password": "1234", "de-Accessibility": "on", "es-meta_business_unit": self.mbu.pk}, @@ -314,6 +338,7 @@ def test_update_dep_enrollment_post(self, from_dep_virtual_server): "de-admin_full_name": "Yolo", "de-admin_short_name": "Fomo", "de-admin_password": "123456", + "de-await_device_configured": "on", "es-meta_business_unit": self.mbu.pk}, follow=True) self.assertEqual(response.status_code, 200) @@ -399,6 +424,7 @@ def test_update_dep_enrollment_post_update_admin_keep_pwd(self, from_dep_virtual "de-is_mdm_removable": "on", "de-admin_full_name": "yolo2", "de-admin_short_name": "fomo2", + "de-await_device_configured": "on", "es-meta_business_unit": self.mbu.pk}, follow=True) self.assertEqual(response.status_code, 200) @@ -434,6 +460,7 @@ def test_update_dep_enrollment_post_update_admin_update_pwd(self, from_dep_virtu "de-admin_full_name": "yolo2", "de-admin_short_name": "fomo2", "de-admin_password": "654321", + "de-await_device_configured": "on", "es-meta_business_unit": self.mbu.pk}, follow=True) self.assertEqual(response.status_code, 200) diff --git a/zentral/contrib/mdm/forms.py b/zentral/contrib/mdm/forms.py index 33394aba3f..f44e962cb3 100644 --- a/zentral/contrib/mdm/forms.py +++ b/zentral/contrib/mdm/forms.py @@ -365,6 +365,9 @@ def admin_info_incomplete(self): for i in ("admin_full_name", "admin_short_name", "admin_password_hash") ) if attr]) in (1, 2) + def has_admin_info(self): + return self.cleaned_data.get("admin_full_name") and not self.admin_info_incomplete() + def update_password(self): return not self.admin_info_incomplete() @@ -379,6 +382,8 @@ def clean(self): skip_setup_items.append(key) if self.admin_info_incomplete(): raise forms.ValidationError("Admin information incomplete") + if self.has_admin_info() and not self.cleaned_data.get("await_device_configured"): + self.add_error("await_device_configured", "Required for the admin account setup") self.cleaned_data['skip_setup_items'] = skip_setup_items def save(self, *args, **kwargs):