From 1add9925254d1f5d3aeef33caf339909b026cafb Mon Sep 17 00:00:00 2001
From: Sam Chow <schow@redhat.com>
Date: Thu, 12 Jul 2018 16:53:27 -0400
Subject: [PATCH] Add ldap tests for verifying a user exists

---
 test/test_ldap.py | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/test/test_ldap.py b/test/test_ldap.py
index 2b71b58ce..9c7232fef 100644
--- a/test/test_ldap.py
+++ b/test/test_ldap.py
@@ -126,6 +126,14 @@ def mock_ldap(requires_email=True):
     obj.search_s.seed('ou=otheremployees,dc=quay,dc=io', 2,
                       '(|(uid=unknown*)(mail=unknown*))')([])
 
+    no_users_found_exception = Exception()
+    no_users_found_exception.message = { 'matched': 'dc=quay,dc=io', 'desc': 'No such object' }
+
+    obj.search_s.seed('ou=nonexistent,dc=quay,dc=io', 2)(no_users_found_exception)
+    obj.search_s.seed('ou=employees,dc=quay,dc=io', 2)([
+        ('uid=cool.user,ou=employees,dc=quay,dc=io', cool_block)
+    ])
+
     obj._results = {}
 
     def result3(messageid):
@@ -161,8 +169,12 @@ def mock_ldap(requires_email=True):
       obj._results['messageid'] = (None, results, None, [page_control])
       return msgid
 
+    def search_ext_s(user_search_dn, scope):
+        return (obj.search_s(user_search_dn, scope), None)
+
     obj.search_ext = search_ext
     obj.result3 = result3
+    obj.search_ext_s = search_ext_s
 
     return obj
 
@@ -456,6 +468,49 @@ class TestLDAP(unittest.TestCase):
     with mock_ldap() as ldap:
       assert 'base_dn' in ldap.service_metadata()
 
+
+  def test_at_least_one_user_exists_invalid_creds(self):
+      base_dn = ['dc=quay', 'dc=io']
+      admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
+      admin_passwd = 'INVALIDPASSWORD'
+      user_rdn = ['ou=employees']
+      uid_attr = 'uid'
+      email_attr = 'mail'
+
+      with mock_ldap():
+          ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn,
+                           uid_attr, email_attr)
+
+          # Try to query with invalid credentials.
+          (response, err_msg) = ldap.at_least_one_user_exists()
+          self.assertFalse(response)
+          self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
+
+  def test_at_least_one_user_exists_no_users(self):
+      base_dn = ['dc=quay', 'dc=io']
+      admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
+      admin_passwd = 'password'
+      user_rdn = ['ou=nonexistent']
+      uid_attr = 'uid'
+      email_attr = 'mail'
+
+      with mock_ldap():
+          ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn,
+                           uid_attr, email_attr)
+
+          # Try to find users in a nonexistent group.
+          (response, err_msg) = ldap.at_least_one_user_exists()
+          self.assertFalse(response)
+          self.assertDictEqual({'matched': 'dc=quay,dc=io', 'desc': 'No such object'}, err_msg)
+
+  def test_at_least_one_user_exists_true(self):
+      with mock_ldap() as ldap:
+          # Ensure we have at least a single user in the valid group
+          (response, err_msg) = ldap.at_least_one_user_exists()
+          self.assertIsNone(err_msg)
+          self.assertTrue(response)
+
+
 if __name__ == '__main__':
   unittest.main()