Pull out ldap validation into validator class

2017-02-09 16:09:57 -08:00 · 2017-02-09 16:09:57 -08:00 · c55ddf7341
commit c55ddf7341
parent 2d64cf3000
3 changed files with 75 additions and 61 deletions
--- a/util/config/validators/test/test_validate_ldap.py
+++ b/util/config/validators/test/test_validate_ldap.py
@ -0,0 +1,64 @@
+import pytest
+
+from util.config.validators import ConfigValidationException
+from util.config.validators.validate_ldap import LDAPValidator
+from util.morecollections import AttrDict
+
+from test.test_ldap import mock_ldap
+
+
+@pytest.mark.parametrize('unvalidated_config', [
+  ({}),
+  ({'AUTHENTICATION_TYPE': 'Database'}),
+])
+def test_validate_noop(unvalidated_config):
+  LDAPValidator.validate(unvalidated_config, None, None)
+
+@pytest.mark.parametrize('unvalidated_config', [
+  ({'AUTHENTICATION_TYPE': 'LDAP'}),
+  ({'AUTHENTICATION_TYPE': 'LDAP', 'LDAP_ADMIN_DN': 'foo'}),
+])
+def test_invalid_config(unvalidated_config):
+  with pytest.raises(ConfigValidationException):
+    LDAPValidator.validate(unvalidated_config, None, None)
+
+
+@pytest.mark.parametrize('uri', [
+  'foo',
+  'http://foo',
+  'ldap:foo',
+])
+def test_invalid_uri(uri):
+  config = {}
+  config['AUTHENTICATION_TYPE'] = 'LDAP'
+  config['LDAP_BASE_DN'] = ['dc=quay', 'dc=io']
+  config['LDAP_ADMIN_DN'] = 'uid=testy,ou=employees,dc=quay,dc=io'
+  config['LDAP_ADMIN_PASSWD'] = 'password'
+  config['LDAP_USER_RDN'] = ['ou=employees']
+  config['LDAP_URI'] = uri
+
+  with pytest.raises(ConfigValidationException):
+    LDAPValidator.validate(config, None, None)
+
+
+@pytest.mark.parametrize('username, password, expected_exception', [
+  ('invaliduser', 'invalidpass', ConfigValidationException),
+  ('someuser', 'invalidpass', ConfigValidationException),
+  ('invaliduser', 'somepass', ConfigValidationException),
+  ('someuser', 'somepass', None),
+])
+def test_validated_ldap(username, password, expected_exception):
+  config = {}
+  config['AUTHENTICATION_TYPE'] = 'LDAP'
+  config['LDAP_BASE_DN'] = ['dc=quay', 'dc=io']
+  config['LDAP_ADMIN_DN'] = 'uid=testy,ou=employees,dc=quay,dc=io'
+  config['LDAP_ADMIN_PASSWD'] = 'password'
+  config['LDAP_USER_RDN'] = ['ou=employees']
+
+  if expected_exception is not None:
+    with pytest.raises(ConfigValidationException):
+      with mock_ldap():
+        LDAPValidator.validate(config, AttrDict(dict(username=username)), password)
+  else:
+    with mock_ldap():
+      LDAPValidator.validate(config, AttrDict(dict(username=username)), password)
--- a/util/config/validators/validate_ldap.py
+++ b/util/config/validators/validate_ldap.py
@ -1,5 +1,10 @@
-from app import app
-from util.config.validators import BaseValidator
+import ldap
+import subprocess
+
+from app import app, config_provider
+from data.users import LDAP_CERT_FILENAME
+from data.users.externalldap import LDAPConnection, LDAPUsers
+from util.config.validators import BaseValidator, ConfigValidationException

 class LDAPValidator(BaseValidator):
  name = "ldap"
@ -50,8 +55,8 @@ class LDAPValidator(BaseValidator):
    users = LDAPUsers(ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr,
                      allow_tls_fallback, requires_email=requires_email)

-    username = user_obj.username
-    (result, err_msg) = users.verify_credentials(username, password)
+    username = user.username
+    (result, err_msg) = users.verify_credentials(username, user_password)
    if not result:
      msg = ('Verification of superuser %s failed: %s. \n\nThe user either does not exist ' +
             'in the remote authentication system ' +