2015-05-12 01:23:18 +00:00
|
|
|
import unittest
|
|
|
|
|
|
|
|
from app import app
|
|
|
|
from initdb import setup_database_for_testing, finished_database_for_testing
|
|
|
|
from data.users import LDAPUsers
|
|
|
|
from mockldap import MockLdap
|
|
|
|
|
|
|
|
class TestLDAP(unittest.TestCase):
|
|
|
|
def setUp(self):
|
|
|
|
setup_database_for_testing(self)
|
|
|
|
self.app = app.test_client()
|
|
|
|
self.ctx = app.test_request_context()
|
|
|
|
self.ctx.__enter__()
|
|
|
|
|
|
|
|
self.mockldap = MockLdap({
|
|
|
|
'dc=quay,dc=io': {'dc': ['quay', 'io']},
|
|
|
|
'ou=employees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'employees'
|
|
|
|
},
|
2016-07-07 18:26:14 +00:00
|
|
|
'ou=otheremployees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'otheremployees'
|
|
|
|
},
|
2015-05-12 01:23:18 +00:00
|
|
|
'uid=testy,ou=employees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'employees',
|
|
|
|
'uid': 'testy',
|
|
|
|
'userPassword': ['password']
|
|
|
|
},
|
|
|
|
'uid=someuser,ou=employees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'employees',
|
|
|
|
'uid': ['someuser'],
|
|
|
|
'userPassword': ['somepass'],
|
|
|
|
'mail': ['foo@bar.com']
|
|
|
|
},
|
|
|
|
'uid=nomail,ou=employees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'employees',
|
|
|
|
'uid': ['nomail'],
|
|
|
|
'userPassword': ['somepass']
|
2015-05-20 20:37:09 +00:00
|
|
|
},
|
|
|
|
'uid=cool.user,ou=employees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'employees',
|
2015-05-26 19:46:35 +00:00
|
|
|
'uid': ['cool.user', 'referred'],
|
2015-05-20 20:37:09 +00:00
|
|
|
'userPassword': ['somepass'],
|
|
|
|
'mail': ['foo@bar.com']
|
2015-05-26 19:46:35 +00:00
|
|
|
},
|
|
|
|
'uid=referred,ou=employees,dc=quay,dc=io': {
|
|
|
|
'uid': ['referred'],
|
|
|
|
'_referral': 'ldap:///uid=cool.user,ou=employees,dc=quay,dc=io'
|
|
|
|
},
|
|
|
|
'uid=invalidreferred,ou=employees,dc=quay,dc=io': {
|
|
|
|
'uid': ['invalidreferred'],
|
|
|
|
'_referral': 'ldap:///uid=someinvaliduser,ou=employees,dc=quay,dc=io'
|
|
|
|
},
|
|
|
|
'uid=multientry,ou=subgroup1,ou=employees,dc=quay,dc=io': {
|
|
|
|
'uid': ['multientry'],
|
|
|
|
'mail': ['foo@bar.com'],
|
|
|
|
'userPassword': ['somepass'],
|
|
|
|
},
|
|
|
|
'uid=multientry,ou=subgroup2,ou=employees,dc=quay,dc=io': {
|
|
|
|
'uid': ['multientry'],
|
|
|
|
'another': ['key']
|
|
|
|
},
|
2016-07-07 18:26:14 +00:00
|
|
|
'uid=secondaryuser,ou=otheremployees,dc=quay,dc=io': {
|
|
|
|
'dc': ['quay', 'io'],
|
|
|
|
'ou': 'otheremployees',
|
|
|
|
'uid': ['secondaryuser'],
|
|
|
|
'userPassword': ['somepass'],
|
|
|
|
'mail': ['foosecondary@bar.com']
|
|
|
|
},
|
2015-05-12 01:23:18 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
self.mockldap.start()
|
|
|
|
|
|
|
|
base_dn = ['dc=quay', 'dc=io']
|
|
|
|
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
|
|
|
|
admin_passwd = 'password'
|
|
|
|
user_rdn = ['ou=employees']
|
|
|
|
uid_attr = 'uid'
|
|
|
|
email_attr = 'mail'
|
2016-07-07 18:26:14 +00:00
|
|
|
secondary_user_rdns = ['ou=otheremployees']
|
2015-05-12 01:23:18 +00:00
|
|
|
|
|
|
|
ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn,
|
2016-07-07 18:26:14 +00:00
|
|
|
uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns)
|
2015-05-12 01:23:18 +00:00
|
|
|
|
2015-05-26 19:46:35 +00:00
|
|
|
self.ldap = ldap
|
|
|
|
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
self.mockldap.stop()
|
|
|
|
finished_database_for_testing(self)
|
|
|
|
self.ctx.__exit__(True, None, None)
|
|
|
|
|
2015-06-12 19:39:55 +00:00
|
|
|
def test_invalid_admin_password(self):
|
|
|
|
base_dn = ['dc=quay', 'dc=io']
|
|
|
|
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
|
|
|
|
admin_passwd = 'INVALIDPASSWORD'
|
|
|
|
user_rdn = ['ou=employees']
|
|
|
|
uid_attr = 'uid'
|
|
|
|
email_attr = 'mail'
|
|
|
|
|
|
|
|
ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn,
|
|
|
|
uid_attr, email_attr)
|
|
|
|
|
|
|
|
self.ldap = ldap
|
|
|
|
|
|
|
|
# Try to login.
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, err_msg) = self.ldap.verify_and_link_user('someuser', 'somepass')
|
2015-06-12 19:39:55 +00:00
|
|
|
self.assertIsNone(response)
|
|
|
|
self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
|
|
|
|
|
2015-05-26 19:46:35 +00:00
|
|
|
def test_login(self):
|
2015-05-20 20:37:09 +00:00
|
|
|
# Verify we can login.
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, _) = self.ldap.verify_and_link_user('someuser', 'somepass')
|
2015-05-12 01:23:18 +00:00
|
|
|
self.assertEquals(response.username, 'someuser')
|
|
|
|
|
2015-05-20 20:37:09 +00:00
|
|
|
# Verify we can confirm the user.
|
2015-05-26 19:46:35 +00:00
|
|
|
(response, _) = self.ldap.confirm_existing_user('someuser', 'somepass')
|
2015-05-20 20:37:09 +00:00
|
|
|
self.assertEquals(response.username, 'someuser')
|
|
|
|
|
2016-07-07 18:26:14 +00:00
|
|
|
def test_login_secondary(self):
|
|
|
|
# Verify we can login.
|
|
|
|
(response, _) = self.ldap.verify_and_link_user('secondaryuser', 'somepass')
|
|
|
|
self.assertEquals(response.username, 'secondaryuser')
|
|
|
|
|
|
|
|
# Verify we can confirm the user.
|
|
|
|
(response, _) = self.ldap.confirm_existing_user('secondaryuser', 'somepass')
|
|
|
|
self.assertEquals(response.username, 'secondaryuser')
|
|
|
|
|
2015-08-18 16:15:40 +00:00
|
|
|
def test_invalid_password(self):
|
|
|
|
# Verify we cannot login with an invalid password.
|
|
|
|
(response, err_msg) = self.ldap.verify_and_link_user('someuser', 'invalidpass')
|
|
|
|
self.assertIsNone(response)
|
|
|
|
self.assertEquals(err_msg, 'Invalid password')
|
|
|
|
|
|
|
|
# Verify we cannot confirm the user.
|
|
|
|
(response, err_msg) = self.ldap.confirm_existing_user('someuser', 'invalidpass')
|
|
|
|
self.assertIsNone(response)
|
|
|
|
self.assertEquals(err_msg, 'Invalid user')
|
|
|
|
|
2015-05-12 01:23:18 +00:00
|
|
|
def test_missing_mail(self):
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, err_msg) = self.ldap.verify_and_link_user('nomail', 'somepass')
|
2015-05-12 01:23:18 +00:00
|
|
|
self.assertIsNone(response)
|
|
|
|
self.assertEquals('Missing mail field "mail" in user record', err_msg)
|
|
|
|
|
2015-05-20 20:37:09 +00:00
|
|
|
def test_confirm_different_username(self):
|
|
|
|
# Verify that the user is logged in and their username was adjusted.
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, _) = self.ldap.verify_and_link_user('cool.user', 'somepass')
|
2015-05-20 20:37:09 +00:00
|
|
|
self.assertEquals(response.username, 'cool_user')
|
|
|
|
|
|
|
|
# Verify we can confirm the user's quay username.
|
2015-05-26 19:46:35 +00:00
|
|
|
(response, _) = self.ldap.confirm_existing_user('cool_user', 'somepass')
|
2015-05-20 20:37:09 +00:00
|
|
|
self.assertEquals(response.username, 'cool_user')
|
|
|
|
|
|
|
|
# Verify that we *cannot* confirm the LDAP username.
|
2015-05-26 19:46:35 +00:00
|
|
|
(response, _) = self.ldap.confirm_existing_user('cool.user', 'somepass')
|
|
|
|
self.assertIsNone(response)
|
|
|
|
|
|
|
|
def test_referral(self):
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, _) = self.ldap.verify_and_link_user('referred', 'somepass')
|
2015-05-26 19:46:35 +00:00
|
|
|
self.assertEquals(response.username, 'cool_user')
|
|
|
|
|
|
|
|
# Verify we can confirm the user's quay username.
|
|
|
|
(response, _) = self.ldap.confirm_existing_user('cool_user', 'somepass')
|
|
|
|
self.assertEquals(response.username, 'cool_user')
|
|
|
|
|
|
|
|
def test_invalid_referral(self):
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, _) = self.ldap.verify_and_link_user('invalidreferred', 'somepass')
|
2015-05-20 20:37:09 +00:00
|
|
|
self.assertIsNone(response)
|
|
|
|
|
2015-05-26 19:46:35 +00:00
|
|
|
def test_multientry(self):
|
2015-07-20 15:39:59 +00:00
|
|
|
(response, _) = self.ldap.verify_and_link_user('multientry', 'somepass')
|
2015-05-26 19:46:35 +00:00
|
|
|
self.assertEquals(response.username, 'multientry')
|
2015-05-12 01:23:18 +00:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
unittest.main()
|
|
|
|
|