vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2590 from coreos-inc/anon-ldap-test

Browse source 
Make sure we don't allow anonymous binding in LDAP auth
This commit is contained in:
josephschorr 2017-04-28 18:27:23 -04:00 committed by GitHub
commit 8552f7f6e6
1 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
test/test_ldap.py
View file

@ -211,6 +211,31 @@ class TestLDAP(unittest.TestCase):
(response, _) = ldap.confirm_existing_user('someuser', 'somepass') (response, _) = ldap.confirm_existing_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser') self.assertEquals(response.username, 'someuser')
def test_login_empty_password(self):
with mock_ldap() as ldap:
# Verify we cannot login.
(response, err_msg) = ldap.verify_and_link_user('someuser', '')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Anonymous binding not allowed')
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user('someuser', '')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid user')
def test_login_whitespace_password(self):
with mock_ldap() as ldap:
# Verify we cannot login.
(response, err_msg) = ldap.verify_and_link_user('someuser', ' ')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid password')
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user('someuser', ' ')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid user')
def test_login_secondary(self): def test_login_secondary(self):
with mock_ldap() as ldap: with mock_ldap() as ldap:
# Verify we can login. # Verify we can login.