import unittest from app import app from initdb import setup_database_for_testing, finished_database_for_testing from data import model from data.users import LDAPUsers from mockldap import MockLdap class TestLDAP(unittest.TestCase): def setUp(self): setup_database_for_testing(self) self.app = app.test_client() self.ctx = app.test_request_context() self.ctx.__enter__() self.mockldap = MockLdap({ 'dc=quay,dc=io': {'dc': ['quay', 'io']}, 'ou=employees,dc=quay,dc=io': { 'dc': ['quay', 'io'], 'ou': 'employees' }, 'uid=testy,ou=employees,dc=quay,dc=io': { 'dc': ['quay', 'io'], 'ou': 'employees', 'uid': 'testy', 'userPassword': ['password'] }, 'uid=someuser,ou=employees,dc=quay,dc=io': { 'dc': ['quay', 'io'], 'ou': 'employees', 'uid': ['someuser'], 'userPassword': ['somepass'], 'mail': ['foo@bar.com'] }, 'uid=nomail,ou=employees,dc=quay,dc=io': { 'dc': ['quay', 'io'], 'ou': 'employees', 'uid': ['nomail'], 'userPassword': ['somepass'] }, 'uid=cool.user,ou=employees,dc=quay,dc=io': { 'dc': ['quay', 'io'], 'ou': 'employees', 'uid': ['cool.user'], 'userPassword': ['somepass'], 'mail': ['foo@bar.com'] } }) self.mockldap.start() def tearDown(self): self.mockldap.stop() finished_database_for_testing(self) self.ctx.__exit__(True, None, None) def test_login(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Verify we can login. (response, _) = ldap.verify_user('someuser', 'somepass') self.assertEquals(response.username, 'someuser') # Verify we can confirm the user. (response, _) = ldap.confirm_existing_user('someuser', 'somepass') self.assertEquals(response.username, 'someuser') def test_missing_mail(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) (response, err_msg) = ldap.verify_user('nomail', 'somepass') self.assertIsNone(response) self.assertEquals('Missing mail field "mail" in user record', err_msg) def test_confirm_different_username(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Verify that the user is logged in and their username was adjusted. (response, _) = ldap.verify_user('cool.user', 'somepass') self.assertEquals(response.username, 'cool_user') # Verify we can confirm the user's quay username. (response, _) = ldap.confirm_existing_user('cool_user', 'somepass') self.assertEquals(response.username, 'cool_user') # Verify that we *cannot* confirm the LDAP username. (response, _) = ldap.confirm_existing_user('cool.user', 'somepass') self.assertIsNone(response) if __name__ == '__main__': unittest.main()