Make sure we don't allow anonymous binding in LDAP auth
We already prevented it, but let's make sure we never allow it by adding some tests
This commit is contained in:
Joseph Schorr
parent
f1d6a7284d
commit
de6352ef73
1 changed files with 25 additions and 0 deletions
|
|
@ -211,6 +211,31 @@ class TestLDAP(unittest.TestCase):
|
|||
(response, _) = ldap.confirm_existing_user('someuser', 'somepass')
|
||||
self.assertEquals(response.username, 'someuser')
|
||||
|
||||
def test_login_empty_password(self):
|
||||
with mock_ldap() as ldap:
|
||||
# Verify we cannot login.
|
||||
(response, err_msg) = ldap.verify_and_link_user('someuser', '')
|
||||
self.assertIsNone(response)
|
||||
self.assertEquals(err_msg, 'Anonymous binding not allowed')
|
||||
|
||||
# Verify we cannot confirm the user.
|
||||
(response, err_msg) = ldap.confirm_existing_user('someuser', '')
|
||||
self.assertIsNone(response)
|
||||
self.assertEquals(err_msg, 'Invalid user')
|
||||
|
||||
def test_login_whitespace_password(self):
|
||||
with mock_ldap() as ldap:
|
||||
# Verify we cannot login.
|
||||
(response, err_msg) = ldap.verify_and_link_user('someuser', ' ')
|
||||
self.assertIsNone(response)
|
||||
self.assertEquals(err_msg, 'Invalid password')
|
||||
|
||||
# Verify we cannot confirm the user.
|
||||
(response, err_msg) = ldap.confirm_existing_user('someuser', ' ')
|
||||
self.assertIsNone(response)
|
||||
self.assertEquals(err_msg, 'Invalid user')
|
||||
|
||||
|
||||
def test_login_secondary(self):
|
||||
with mock_ldap() as ldap:
|
||||
# Verify we can login.
|
||||
|
|
|
|||
Reference in a new issue