Платформа ЦРНП "Мирокод" для разработки проектов
https://git.mirocod.ru
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1350 lines
34 KiB
1350 lines
34 KiB
// Copyright 2019 The Gitea Authors. All rights reserved. |
|
// Use of this source code is governed by a MIT-style |
|
// license that can be found in the LICENSE file. |
|
|
|
package cmd |
|
|
|
import ( |
|
"testing" |
|
|
|
"code.gitea.io/gitea/models" |
|
"code.gitea.io/gitea/modules/auth/ldap" |
|
|
|
"github.com/stretchr/testify/assert" |
|
"github.com/urfave/cli" |
|
) |
|
|
|
func TestAddLdapBindDn(t *testing.T) { |
|
// Mock cli functions to do not exit on error |
|
var osExiter = cli.OsExiter |
|
defer func() { cli.OsExiter = osExiter }() |
|
cli.OsExiter = func(code int) {} |
|
|
|
// Test cases |
|
var cases = []struct { |
|
args []string |
|
loginSource *models.LoginSource |
|
errMsg string |
|
}{ |
|
// case 0 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source full", |
|
"--not-active", |
|
"--security-protocol", "ldaps", |
|
"--skip-tls-verify", |
|
"--host", "ldap-bind-server full", |
|
"--port", "9876", |
|
"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", |
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", |
|
"--username-attribute", "uid-bind full", |
|
"--firstname-attribute", "givenName-bind full", |
|
"--surname-attribute", "sn-bind full", |
|
"--email-attribute", "mail-bind full", |
|
"--public-ssh-key-attribute", "publickey-bind full", |
|
"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org", |
|
"--bind-password", "secret-bind-full", |
|
"--attributes-in-bind", |
|
"--synchronize-users", |
|
"--page-size", "99", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Name: "ldap (via Bind DN) source full", |
|
IsActived: false, |
|
IsSyncEnabled: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (via Bind DN) source full", |
|
Host: "ldap-bind-server full", |
|
Port: 9876, |
|
SecurityProtocol: ldap.SecurityProtocol(1), |
|
SkipVerify: true, |
|
BindDN: "cn=readonly,dc=full-domain-bind,dc=org", |
|
BindPassword: "secret-bind-full", |
|
UserBase: "ou=Users,dc=full-domain-bind,dc=org", |
|
AttributeUsername: "uid-bind full", |
|
AttributeName: "givenName-bind full", |
|
AttributeSurname: "sn-bind full", |
|
AttributeMail: "mail-bind full", |
|
AttributesInBind: true, |
|
AttributeSSHPublicKey: "publickey-bind full", |
|
SearchPageSize: 99, |
|
Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", |
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", |
|
Enabled: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 1 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source min", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-bind-server min", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=min-domain-bind,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)", |
|
"--email-attribute", "mail-bind min", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Name: "ldap (via Bind DN) source min", |
|
IsActived: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (via Bind DN) source min", |
|
Host: "ldap-bind-server min", |
|
Port: 1234, |
|
SecurityProtocol: ldap.SecurityProtocol(0), |
|
UserBase: "ou=Users,dc=min-domain-bind,dc=org", |
|
AttributeMail: "mail-bind min", |
|
Filter: "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)", |
|
Enabled: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 2 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source", |
|
"--security-protocol", "zzzzz", |
|
"--host", "ldap-server", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "Unknown security protocol name: zzzzz", |
|
}, |
|
// case 3 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "name is not set", |
|
}, |
|
// case 4 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source", |
|
"--host", "ldap-server", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "security-protocol is not set", |
|
}, |
|
// case 5 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source", |
|
"--security-protocol", "unencrypted", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "host is not set", |
|
}, |
|
// case 6 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "port is not set", |
|
}, |
|
// case 7 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "user-filter is not set", |
|
}, |
|
// case 8 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (via Bind DN) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "1234", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
errMsg: "email-attribute is not set", |
|
}, |
|
} |
|
|
|
for n, c := range cases { |
|
// Mock functions. |
|
var createdLoginSource *models.LoginSource |
|
service := &authService{ |
|
initDB: func() error { |
|
return nil |
|
}, |
|
createLoginSource: func(loginSource *models.LoginSource) error { |
|
createdLoginSource = loginSource |
|
return nil |
|
}, |
|
updateLoginSource: func(loginSource *models.LoginSource) error { |
|
assert.FailNow(t, "case %d: should not call updateLoginSource", n) |
|
return nil |
|
}, |
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) { |
|
assert.FailNow(t, "case %d: should not call getLoginSourceByID", n) |
|
return nil, nil |
|
}, |
|
} |
|
|
|
// Create a copy of command to test |
|
app := cli.NewApp() |
|
app.Flags = cmdAuthAddLdapBindDn.Flags |
|
app.Action = service.addLdapBindDn |
|
|
|
// Run it |
|
err := app.Run(c.args) |
|
if c.errMsg != "" { |
|
assert.EqualError(t, err, c.errMsg, "case %d: error should match", n) |
|
} else { |
|
assert.NoError(t, err, "case %d: should have no errors", n) |
|
assert.Equal(t, c.loginSource, createdLoginSource, "case %d: wrong loginSource", n) |
|
} |
|
} |
|
} |
|
|
|
func TestAddLdapSimpleAuth(t *testing.T) { |
|
// Mock cli functions to do not exit on error |
|
var osExiter = cli.OsExiter |
|
defer func() { cli.OsExiter = osExiter }() |
|
cli.OsExiter = func(code int) {} |
|
|
|
// Test cases |
|
var cases = []struct { |
|
args []string |
|
loginSource *models.LoginSource |
|
errMsg string |
|
}{ |
|
// case 0 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source full", |
|
"--not-active", |
|
"--security-protocol", "starttls", |
|
"--skip-tls-verify", |
|
"--host", "ldap-simple-server full", |
|
"--port", "987", |
|
"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org", |
|
"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))", |
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", |
|
"--username-attribute", "uid-simple full", |
|
"--firstname-attribute", "givenName-simple full", |
|
"--surname-attribute", "sn-simple full", |
|
"--email-attribute", "mail-simple full", |
|
"--public-ssh-key-attribute", "publickey-simple full", |
|
"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Name: "ldap (simple auth) source full", |
|
IsActived: false, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (simple auth) source full", |
|
Host: "ldap-simple-server full", |
|
Port: 987, |
|
SecurityProtocol: ldap.SecurityProtocol(2), |
|
SkipVerify: true, |
|
UserDN: "cn=%s,ou=Users,dc=full-domain-simple,dc=org", |
|
UserBase: "ou=Users,dc=full-domain-simple,dc=org", |
|
AttributeUsername: "uid-simple full", |
|
AttributeName: "givenName-simple full", |
|
AttributeSurname: "sn-simple full", |
|
AttributeMail: "mail-simple full", |
|
AttributeSSHPublicKey: "publickey-simple full", |
|
Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", |
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", |
|
Enabled: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 1 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source min", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-simple-server min", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(min-simple-cn=%s))", |
|
"--email-attribute", "mail-simple min", |
|
"--user-dn", "cn=%s,ou=Users,dc=min-domain-simple,dc=org", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Name: "ldap (simple auth) source min", |
|
IsActived: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (simple auth) source min", |
|
Host: "ldap-simple-server min", |
|
Port: 123, |
|
SecurityProtocol: ldap.SecurityProtocol(0), |
|
UserDN: "cn=%s,ou=Users,dc=min-domain-simple,dc=org", |
|
AttributeMail: "mail-simple min", |
|
Filter: "(&(objectClass=posixAccount)(min-simple-cn=%s))", |
|
Enabled: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 2 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--security-protocol", "zzzzz", |
|
"--host", "ldap-server", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--email-attribute", "mail", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "Unknown security protocol name: zzzzz", |
|
}, |
|
// case 3 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--email-attribute", "mail", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "name is not set", |
|
}, |
|
// case 4 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--host", "ldap-server", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--email-attribute", "mail", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "security-protocol is not set", |
|
}, |
|
// case 5 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--security-protocol", "unencrypted", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--email-attribute", "mail", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "host is not set", |
|
}, |
|
// case 6 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--email-attribute", "mail", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "port is not set", |
|
}, |
|
// case 7 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "123", |
|
"--email-attribute", "mail", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "user-filter is not set", |
|
}, |
|
// case 8 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
errMsg: "email-attribute is not set", |
|
}, |
|
// case 9 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--name", "ldap (simple auth) source", |
|
"--security-protocol", "unencrypted", |
|
"--host", "ldap-server", |
|
"--port", "123", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
"--email-attribute", "mail", |
|
}, |
|
errMsg: "user-dn is not set", |
|
}, |
|
} |
|
|
|
for n, c := range cases { |
|
// Mock functions. |
|
var createdLoginSource *models.LoginSource |
|
service := &authService{ |
|
initDB: func() error { |
|
return nil |
|
}, |
|
createLoginSource: func(loginSource *models.LoginSource) error { |
|
createdLoginSource = loginSource |
|
return nil |
|
}, |
|
updateLoginSource: func(loginSource *models.LoginSource) error { |
|
assert.FailNow(t, "case %d: should not call updateLoginSource", n) |
|
return nil |
|
}, |
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) { |
|
assert.FailNow(t, "case %d: should not call getLoginSourceByID", n) |
|
return nil, nil |
|
}, |
|
} |
|
|
|
// Create a copy of command to test |
|
app := cli.NewApp() |
|
app.Flags = cmdAuthAddLdapSimpleAuth.Flags |
|
app.Action = service.addLdapSimpleAuth |
|
|
|
// Run it |
|
err := app.Run(c.args) |
|
if c.errMsg != "" { |
|
assert.EqualError(t, err, c.errMsg, "case %d: error should match", n) |
|
} else { |
|
assert.NoError(t, err, "case %d: should have no errors", n) |
|
assert.Equal(t, c.loginSource, createdLoginSource, "case %d: wrong loginSource", n) |
|
} |
|
} |
|
} |
|
|
|
func TestUpdateLdapBindDn(t *testing.T) { |
|
// Mock cli functions to do not exit on error |
|
var osExiter = cli.OsExiter |
|
defer func() { cli.OsExiter = osExiter }() |
|
cli.OsExiter = func(code int) {} |
|
|
|
// Test cases |
|
var cases = []struct { |
|
args []string |
|
id int64 |
|
existingLoginSource *models.LoginSource |
|
loginSource *models.LoginSource |
|
errMsg string |
|
}{ |
|
// case 0 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "23", |
|
"--name", "ldap (via Bind DN) source full", |
|
"--not-active", |
|
"--security-protocol", "LDAPS", |
|
"--skip-tls-verify", |
|
"--host", "ldap-bind-server full", |
|
"--port", "9876", |
|
"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", |
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", |
|
"--username-attribute", "uid-bind full", |
|
"--firstname-attribute", "givenName-bind full", |
|
"--surname-attribute", "sn-bind full", |
|
"--email-attribute", "mail-bind full", |
|
"--public-ssh-key-attribute", "publickey-bind full", |
|
"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org", |
|
"--bind-password", "secret-bind-full", |
|
"--synchronize-users", |
|
"--page-size", "99", |
|
}, |
|
id: 23, |
|
existingLoginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
IsActived: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Enabled: true, |
|
}, |
|
}, |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Name: "ldap (via Bind DN) source full", |
|
IsActived: false, |
|
IsSyncEnabled: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (via Bind DN) source full", |
|
Host: "ldap-bind-server full", |
|
Port: 9876, |
|
SecurityProtocol: ldap.SecurityProtocol(1), |
|
SkipVerify: true, |
|
BindDN: "cn=readonly,dc=full-domain-bind,dc=org", |
|
BindPassword: "secret-bind-full", |
|
UserBase: "ou=Users,dc=full-domain-bind,dc=org", |
|
AttributeUsername: "uid-bind full", |
|
AttributeName: "givenName-bind full", |
|
AttributeSurname: "sn-bind full", |
|
AttributeMail: "mail-bind full", |
|
AttributesInBind: false, |
|
AttributeSSHPublicKey: "publickey-bind full", |
|
SearchPageSize: 99, |
|
Filter: "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)", |
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", |
|
Enabled: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 1 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
}, |
|
// case 2 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--name", "ldap (via Bind DN) source", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Name: "ldap (via Bind DN) source", |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (via Bind DN) source", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 3 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--not-active", |
|
}, |
|
existingLoginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
IsActived: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
IsActived: false, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
}, |
|
// case 4 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--security-protocol", "LDAPS", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
SecurityProtocol: ldap.SecurityProtocol(1), |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 5 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--skip-tls-verify", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
SkipVerify: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 6 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--host", "ldap-server", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Host: "ldap-server", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 7 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--port", "389", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Port: 389, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 8 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
UserBase: "ou=Users,dc=domain,dc=org", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 9 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 10 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 11 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--username-attribute", "uid", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeUsername: "uid", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 12 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--firstname-attribute", "givenName", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeName: "givenName", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 13 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--surname-attribute", "sn", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeSurname: "sn", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 14 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--email-attribute", "mail", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeMail: "mail", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 15 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--attributes-in-bind", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributesInBind: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 16 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--public-ssh-key-attribute", "publickey", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeSSHPublicKey: "publickey", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 17 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--bind-dn", "cn=readonly,dc=domain,dc=org", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
BindDN: "cn=readonly,dc=domain,dc=org", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 18 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--bind-password", "secret", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
BindPassword: "secret", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 19 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--synchronize-users", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
IsSyncEnabled: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
}, |
|
// case 20 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--page-size", "12", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
SearchPageSize: 12, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 21 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--security-protocol", "xxxxx", |
|
}, |
|
errMsg: "Unknown security protocol name: xxxxx", |
|
}, |
|
// case 22 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
}, |
|
errMsg: "id is not set", |
|
}, |
|
// case 23 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
}, |
|
existingLoginSource: &models.LoginSource{ |
|
Type: models.LoginOAuth2, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2", |
|
}, |
|
} |
|
|
|
for n, c := range cases { |
|
// Mock functions. |
|
var updatedLoginSource *models.LoginSource |
|
service := &authService{ |
|
initDB: func() error { |
|
return nil |
|
}, |
|
createLoginSource: func(loginSource *models.LoginSource) error { |
|
assert.FailNow(t, "case %d: should not call createLoginSource", n) |
|
return nil |
|
}, |
|
updateLoginSource: func(loginSource *models.LoginSource) error { |
|
updatedLoginSource = loginSource |
|
return nil |
|
}, |
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) { |
|
if c.id != 0 { |
|
assert.Equal(t, c.id, id, "case %d: wrong id", n) |
|
} |
|
if c.existingLoginSource != nil { |
|
return c.existingLoginSource, nil |
|
} |
|
return &models.LoginSource{ |
|
Type: models.LoginLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, nil |
|
}, |
|
} |
|
|
|
// Create a copy of command to test |
|
app := cli.NewApp() |
|
app.Flags = cmdAuthUpdateLdapBindDn.Flags |
|
app.Action = service.updateLdapBindDn |
|
|
|
// Run it |
|
err := app.Run(c.args) |
|
if c.errMsg != "" { |
|
assert.EqualError(t, err, c.errMsg, "case %d: error should match", n) |
|
} else { |
|
assert.NoError(t, err, "case %d: should have no errors", n) |
|
assert.Equal(t, c.loginSource, updatedLoginSource, "case %d: wrong loginSource", n) |
|
} |
|
} |
|
} |
|
|
|
func TestUpdateLdapSimpleAuth(t *testing.T) { |
|
// Mock cli functions to do not exit on error |
|
var osExiter = cli.OsExiter |
|
defer func() { cli.OsExiter = osExiter }() |
|
cli.OsExiter = func(code int) {} |
|
|
|
// Test cases |
|
var cases = []struct { |
|
args []string |
|
id int64 |
|
existingLoginSource *models.LoginSource |
|
loginSource *models.LoginSource |
|
errMsg string |
|
}{ |
|
// case 0 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "7", |
|
"--name", "ldap (simple auth) source full", |
|
"--not-active", |
|
"--security-protocol", "starttls", |
|
"--skip-tls-verify", |
|
"--host", "ldap-simple-server full", |
|
"--port", "987", |
|
"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org", |
|
"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))", |
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", |
|
"--username-attribute", "uid-simple full", |
|
"--firstname-attribute", "givenName-simple full", |
|
"--surname-attribute", "sn-simple full", |
|
"--email-attribute", "mail-simple full", |
|
"--public-ssh-key-attribute", "publickey-simple full", |
|
"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org", |
|
}, |
|
id: 7, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Name: "ldap (simple auth) source full", |
|
IsActived: false, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (simple auth) source full", |
|
Host: "ldap-simple-server full", |
|
Port: 987, |
|
SecurityProtocol: ldap.SecurityProtocol(2), |
|
SkipVerify: true, |
|
UserDN: "cn=%s,ou=Users,dc=full-domain-simple,dc=org", |
|
UserBase: "ou=Users,dc=full-domain-simple,dc=org", |
|
AttributeUsername: "uid-simple full", |
|
AttributeName: "givenName-simple full", |
|
AttributeSurname: "sn-simple full", |
|
AttributeMail: "mail-simple full", |
|
AttributeSSHPublicKey: "publickey-simple full", |
|
Filter: "(&(objectClass=posixAccount)(full-simple-cn=%s))", |
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 1 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
}, |
|
// case 2 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--name", "ldap (simple auth) source", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Name: "ldap (simple auth) source", |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Name: "ldap (simple auth) source", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 3 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--not-active", |
|
}, |
|
existingLoginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
IsActived: true, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
IsActived: false, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
}, |
|
// case 4 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--security-protocol", "starttls", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
SecurityProtocol: ldap.SecurityProtocol(2), |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 5 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--skip-tls-verify", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
SkipVerify: true, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 6 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--host", "ldap-server", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Host: "ldap-server", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 7 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--port", "987", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Port: 987, |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 8 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--user-search-base", "ou=Users,dc=domain,dc=org", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
UserBase: "ou=Users,dc=domain,dc=org", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 9 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
Filter: "(&(objectClass=posixAccount)(cn=%s))", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 10 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 11 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--username-attribute", "uid", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeUsername: "uid", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 12 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--firstname-attribute", "givenName", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeName: "givenName", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 13 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--surname-attribute", "sn", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeSurname: "sn", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 14 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--email-attribute", "mail", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeMail: "mail", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 15 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--public-ssh-key-attribute", "publickey", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
AttributeSSHPublicKey: "publickey", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 16 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
loginSource: &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{ |
|
UserDN: "cn=%s,ou=Users,dc=domain,dc=org", |
|
}, |
|
}, |
|
}, |
|
}, |
|
// case 17 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
"--security-protocol", "xxxxx", |
|
}, |
|
errMsg: "Unknown security protocol name: xxxxx", |
|
}, |
|
// case 18 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
}, |
|
errMsg: "id is not set", |
|
}, |
|
// case 19 |
|
{ |
|
args: []string{ |
|
"ldap-test", |
|
"--id", "1", |
|
}, |
|
existingLoginSource: &models.LoginSource{ |
|
Type: models.LoginPAM, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, |
|
errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM", |
|
}, |
|
} |
|
|
|
for n, c := range cases { |
|
// Mock functions. |
|
var updatedLoginSource *models.LoginSource |
|
service := &authService{ |
|
initDB: func() error { |
|
return nil |
|
}, |
|
createLoginSource: func(loginSource *models.LoginSource) error { |
|
assert.FailNow(t, "case %d: should not call createLoginSource", n) |
|
return nil |
|
}, |
|
updateLoginSource: func(loginSource *models.LoginSource) error { |
|
updatedLoginSource = loginSource |
|
return nil |
|
}, |
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) { |
|
if c.id != 0 { |
|
assert.Equal(t, c.id, id, "case %d: wrong id", n) |
|
} |
|
if c.existingLoginSource != nil { |
|
return c.existingLoginSource, nil |
|
} |
|
return &models.LoginSource{ |
|
Type: models.LoginDLDAP, |
|
Cfg: &models.LDAPConfig{ |
|
Source: &ldap.Source{}, |
|
}, |
|
}, nil |
|
}, |
|
} |
|
|
|
// Create a copy of command to test |
|
app := cli.NewApp() |
|
app.Flags = cmdAuthUpdateLdapSimpleAuth.Flags |
|
app.Action = service.updateLdapSimpleAuth |
|
|
|
// Run it |
|
err := app.Run(c.args) |
|
if c.errMsg != "" { |
|
assert.EqualError(t, err, c.errMsg, "case %d: error should match", n) |
|
} else { |
|
assert.NoError(t, err, "case %d: should have no errors", n) |
|
assert.Equal(t, c.loginSource, updatedLoginSource, "case %d: wrong loginSource", n) |
|
} |
|
} |
|
}
|
|
|