summaryrefslogtreecommitdiffstats
path: root/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
diff options
context:
space:
mode:
authorJames Moger <james.moger@gitblit.com>2013-11-24 23:18:50 -0500
committerJames Moger <james.moger@gitblit.com>2013-11-29 11:05:51 -0500
commit04a98505a4ab8f48aee22800fcac193d9367d0ae (patch)
treeeb05bc77eeafda1c5b7af9d7b5b27012065f7a98 /src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
parentf8f6aa4d07cdfaaf23e24bf9eaf0a5fb9b437dda (diff)
downloadgitblit-04a98505a4ab8f48aee22800fcac193d9367d0ae.tar.gz
gitblit-04a98505a4ab8f48aee22800fcac193d9367d0ae.zip
Refactor user services and separate authentication (issue-281)
Change-Id: I336e005e02623fc5e11a4f8b4408bea5465a43fd
Diffstat (limited to 'src/test/java/com/gitblit/tests/LdapAuthenticationTest.java')
-rw-r--r--src/test/java/com/gitblit/tests/LdapAuthenticationTest.java165
1 files changed, 165 insertions, 0 deletions
diff --git a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
new file mode 100644
index 00000000..3cd2dc72
--- /dev/null
+++ b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2012 John Crygier
+ * Copyright 2012 gitblit.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit.tests;
+
+import java.io.FileInputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.gitblit.IStoredSettings;
+import com.gitblit.auth.LdapAuthProvider;
+import com.gitblit.manager.RuntimeManager;
+import com.gitblit.manager.UserManager;
+import com.gitblit.models.UserModel;
+import com.gitblit.tests.mock.MemorySettings;
+import com.unboundid.ldap.listener.InMemoryDirectoryServer;
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
+import com.unboundid.ldap.listener.InMemoryListenerConfig;
+import com.unboundid.ldif.LDIFReader;
+
+/**
+ * An Integration test for LDAP that tests going against an in-memory UnboundID
+ * LDAP server.
+ *
+ * @author jcrygier
+ *
+ */
+public class LdapAuthenticationTest extends GitblitUnitTest {
+
+ private static final String RESOURCE_DIR = "src/test/resources/ldap/";
+
+ private LdapAuthProvider ldap;
+
+ static int ldapPort = 1389;
+
+ @BeforeClass
+ public static void createInMemoryLdapServer() throws Exception {
+ InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=MyDomain");
+ config.addAdditionalBindCredentials("cn=Directory Manager", "password");
+ config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", ldapPort));
+ config.setSchema(null);
+
+ InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
+ ds.importFromLDIF(true, new LDIFReader(new FileInputStream(RESOURCE_DIR + "sampledata.ldif")));
+ ds.startListening();
+ }
+
+ @Before
+ public void newLdapAuthentication() {
+ ldap = newLdapAuthentication(getSettings());
+ }
+
+ public LdapAuthProvider newLdapAuthentication(IStoredSettings settings) {
+ RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start();
+ UserManager users = new UserManager(runtime).start();
+ LdapAuthProvider ldap = new LdapAuthProvider();
+ ldap.setup(runtime, users);
+ return ldap;
+ }
+
+ private MemorySettings getSettings() {
+ Map<String, Object> backingMap = new HashMap<String, Object>();
+ backingMap.put("realm.userService", RESOURCE_DIR + "users.conf");
+ backingMap.put("realm.ldap.server", "ldap://localhost:" + ldapPort);
+ backingMap.put("realm.ldap.domain", "");
+ backingMap.put("realm.ldap.username", "cn=Directory Manager");
+ backingMap.put("realm.ldap.password", "password");
+ backingMap.put("realm.ldap.backingUserService", "users.conf");
+ backingMap.put("realm.ldap.maintainTeams", "true");
+ backingMap.put("realm.ldap.accountBase", "OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
+ backingMap.put("realm.ldap.accountPattern", "(&(objectClass=person)(sAMAccountName=${username}))");
+ backingMap.put("realm.ldap.groupBase", "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain");
+ backingMap.put("realm.ldap.groupPattern", "(&(objectClass=group)(member=${dn}))");
+ backingMap.put("realm.ldap.admins", "UserThree @Git_Admins \"@Git Admins\"");
+ backingMap.put("realm.ldap.displayName", "displayName");
+ backingMap.put("realm.ldap.email", "email");
+
+ MemorySettings ms = new MemorySettings(backingMap);
+ return ms;
+ }
+
+ @Test
+ public void testAuthenticate() {
+ UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
+ assertNotNull(userOneModel);
+ assertNotNull(userOneModel.getTeam("git_admins"));
+ assertNotNull(userOneModel.getTeam("git_users"));
+ assertTrue(userOneModel.canAdmin);
+
+ UserModel userOneModelFailedAuth = ldap.authenticate("UserOne", "userTwoPassword".toCharArray());
+ assertNull(userOneModelFailedAuth);
+
+ UserModel userTwoModel = ldap.authenticate("UserTwo", "userTwoPassword".toCharArray());
+ assertNotNull(userTwoModel);
+ assertNotNull(userTwoModel.getTeam("git_users"));
+ assertNull(userTwoModel.getTeam("git_admins"));
+ assertNotNull(userTwoModel.getTeam("git admins"));
+ assertTrue(userTwoModel.canAdmin);
+
+ UserModel userThreeModel = ldap.authenticate("UserThree", "userThreePassword".toCharArray());
+ assertNotNull(userThreeModel);
+ assertNotNull(userThreeModel.getTeam("git_users"));
+ assertNull(userThreeModel.getTeam("git_admins"));
+ assertTrue(userThreeModel.canAdmin);
+ }
+
+ @Test
+ public void testDisplayName() {
+ UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
+ assertNotNull(userOneModel);
+ assertEquals("User One", userOneModel.displayName);
+
+ // Test more complicated scenarios - concat
+ MemorySettings ms = getSettings();
+ ms.put("realm.ldap.displayName", "${personalTitle}. ${givenName} ${surname}");
+ ldap = newLdapAuthentication(ms);
+
+ userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
+ assertNotNull(userOneModel);
+ assertEquals("Mr. User One", userOneModel.displayName);
+ }
+
+ @Test
+ public void testEmail() {
+ UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
+ assertNotNull(userOneModel);
+ assertEquals("userone@gitblit.com", userOneModel.emailAddress);
+
+ // Test more complicated scenarios - concat
+ MemorySettings ms = getSettings();
+ ms.put("realm.ldap.email", "${givenName}.${surname}@gitblit.com");
+ ldap = newLdapAuthentication(ms);
+
+ userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
+ assertNotNull(userOneModel);
+ assertEquals("User.One@gitblit.com", userOneModel.emailAddress);
+ }
+
+ @Test
+ public void testLdapInjection() {
+ // Inject so "(&(objectClass=person)(sAMAccountName=${username}))" becomes "(&(objectClass=person)(sAMAccountName=*)(userPassword=userOnePassword))"
+ // Thus searching by password
+
+ UserModel userOneModel = ldap.authenticate("*)(userPassword=userOnePassword", "userOnePassword".toCharArray());
+ assertNull(userOneModel);
+ }
+
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-06 22:54:30 +0000