summaryrefslogtreecommitdiffstats
path: root/src/test/java
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/java')
-rw-r--r--src/test/java/com/gitblit/tests/LdapConnectionTest.java248
1 files changed, 248 insertions, 0 deletions
diff --git a/src/test/java/com/gitblit/tests/LdapConnectionTest.java b/src/test/java/com/gitblit/tests/LdapConnectionTest.java
new file mode 100644
index 00000000..f8d2fed0
--- /dev/null
+++ b/src/test/java/com/gitblit/tests/LdapConnectionTest.java
@@ -0,0 +1,248 @@
+package com.gitblit.tests;
+
+import static org.junit.Assume.assumeTrue;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import com.gitblit.Keys;
+import com.gitblit.ldap.LdapConnection;
+import com.unboundid.ldap.sdk.BindResult;
+import com.unboundid.ldap.sdk.LDAPException;
+import com.unboundid.ldap.sdk.ResultCode;
+import com.unboundid.ldap.sdk.SearchRequest;
+import com.unboundid.ldap.sdk.SearchResult;
+import com.unboundid.ldap.sdk.SearchResultEntry;
+import com.unboundid.ldap.sdk.SearchScope;
+
+/*
+ * Test for the LdapConnection
+ *
+ * @author Florian Zschocke
+ *
+ */
+@RunWith(Parameterized.class)
+public class LdapConnectionTest extends LdapBasedUnitTest {
+
+ @Test
+ public void testEscapeLDAPFilterString() {
+ // This test is independent from authentication mode, so run only once.
+ assumeTrue(authMode == AuthMode.ANONYMOUS);
+
+ // From: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java
+ assertEquals("No special characters to escape", "Hi This is a test #çà", LdapConnection.escapeLDAPSearchFilter("Hi This is a test #çà"));
+ assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # ç à ô", LdapConnection.escapeLDAPSearchFilter("Hi (This) = is * a \\ test # ç à ô"));
+
+ assertEquals("Injection", "\\2a\\29\\28userPassword=secret", LdapConnection.escapeLDAPSearchFilter("*)(userPassword=secret"));
+ }
+
+
+ @Test
+ public void testConnect() {
+ // This test is independent from authentication mode, so run only once.
+ assumeTrue(authMode == AuthMode.ANONYMOUS);
+
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+ } finally {
+ conn.close();
+ }
+ }
+
+
+ @Test
+ public void testBindAnonymous() {
+ // This test tests for anonymous bind, so run only in authentication mode ANONYMOUS.
+ assumeTrue(authMode == AuthMode.ANONYMOUS);
+
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+
+ BindResult br = conn.bind();
+ assertNotNull(br);
+ assertEquals(ResultCode.SUCCESS, br.getResultCode());
+ assertEquals("", authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
+
+ } finally {
+ conn.close();
+ }
+ }
+
+
+ @Test
+ public void testBindAsAdmin() {
+ // This test tests for anonymous bind, so run only in authentication mode DS_MANAGER.
+ assumeTrue(authMode == AuthMode.DS_MANAGER);
+
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+
+ BindResult br = conn.bind();
+ assertNotNull(br);
+ assertEquals(ResultCode.SUCCESS, br.getResultCode());
+ assertEquals(settings.getString(Keys.realm.ldap.username, "UNSET"), authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
+
+ } finally {
+ conn.close();
+ }
+ }
+
+
+ @Test
+ public void testBindToBindpattern() {
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+
+ String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE;
+
+ BindResult br = conn.bind(bindPattern, "UserThree", "userThreePassword");
+ assertNotNull(br);
+ assertEquals(ResultCode.SUCCESS, br.getResultCode());
+ assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
+
+ br = conn.bind(bindPattern, "UserFour", "userThreePassword");
+ assertNull(br);
+
+ br = conn.bind(bindPattern, "UserTwo", "userTwoPassword");
+ assertNull(br);
+
+ } finally {
+ conn.close();
+ }
+ }
+
+
+ @Test
+ public void testRebindAsUser() {
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+
+ assertFalse(conn.rebindAsUser());
+
+ BindResult br = conn.bind();
+ assertNotNull(br);
+ assertFalse(conn.rebindAsUser());
+
+
+ String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE;
+ br = conn.bind(bindPattern, "UserThree", "userThreePassword");
+ assertNotNull(br);
+ assertFalse(conn.rebindAsUser());
+
+ br = conn.bind();
+ assertNotNull(br);
+ assertTrue(conn.rebindAsUser());
+ assertEquals(ResultCode.SUCCESS, br.getResultCode());
+ assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN());
+
+ } finally {
+ conn.close();
+ }
+ }
+
+
+
+ @Test
+ public void testSearchRequest() throws LDAPException {
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+ BindResult br = conn.bind();
+ assertNotNull(br);
+
+ SearchRequest req;
+ SearchResult result;
+ SearchResultEntry entry;
+
+ req = new SearchRequest(ACCOUNT_BASE, SearchScope.BASE, "(CN=UserOne)");
+ result = conn.search(req);
+ assertNotNull(result);
+ assertEquals(0, result.getEntryCount());
+
+ req = new SearchRequest(ACCOUNT_BASE, SearchScope.ONE, "(CN=UserTwo)");
+ result = conn.search(req);
+ assertNotNull(result);
+ assertEquals(0, result.getEntryCount());
+
+ req = new SearchRequest(ACCOUNT_BASE, SearchScope.SUB, "(CN=UserThree)");
+ result = conn.search(req);
+ assertNotNull(result);
+ assertEquals(1, result.getEntryCount());
+ entry = result.getSearchEntries().get(0);
+ assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, entry.getDN());
+
+ req = new SearchRequest(ACCOUNT_BASE, SearchScope.SUBORDINATE_SUBTREE, "(CN=UserFour)");
+ result = conn.search(req);
+ assertNotNull(result);
+ assertEquals(1, result.getEntryCount());
+ entry = result.getSearchEntries().get(0);
+ assertEquals("CN=UserFour,OU=Canada," + ACCOUNT_BASE, entry.getDN());
+
+ } finally {
+ conn.close();
+ }
+ }
+
+
+ @Test
+ public void testSearch() throws LDAPException {
+ LdapConnection conn = new LdapConnection(settings);
+ try {
+ assertTrue(conn.connect());
+ BindResult br = conn.bind();
+ assertNotNull(br);
+
+ SearchResult result;
+ SearchResultEntry entry;
+
+ result = conn.search(ACCOUNT_BASE, false, "(CN=UserOne)", null);
+ assertNotNull(result);
+ assertEquals(1, result.getEntryCount());
+ entry = result.getSearchEntries().get(0);
+ assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN());
+
+ result = conn.search(ACCOUNT_BASE, true, "(&(CN=UserOne)(surname=One))", null);
+ assertNotNull(result);
+ assertEquals(1, result.getEntryCount());
+ entry = result.getSearchEntries().get(0);
+ assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN());
+
+ result = conn.search(ACCOUNT_BASE, true, "(&(CN=UserOne)(surname=Two))", null);
+ assertNotNull(result);
+ assertEquals(0, result.getEntryCount());
+
+ result = conn.search(ACCOUNT_BASE, true, "(surname=Two)", Arrays.asList("givenName", "surname"));
+ assertNotNull(result);
+ assertEquals(1, result.getEntryCount());
+ entry = result.getSearchEntries().get(0);
+ assertEquals("CN=UserTwo,OU=US," + ACCOUNT_BASE, entry.getDN());
+ assertEquals(2, entry.getAttributes().size());
+ assertEquals("User", entry.getAttributeValue("givenName"));
+ assertEquals("Two", entry.getAttributeValue("surname"));
+
+ result = conn.search(ACCOUNT_BASE, true, "(personalTitle=Mr*)", null);
+ assertNotNull(result);
+ assertEquals(3, result.getEntryCount());
+ ArrayList<String> names = new ArrayList<>(3);
+ names.add(result.getSearchEntries().get(0).getAttributeValue("surname"));
+ names.add(result.getSearchEntries().get(1).getAttributeValue("surname"));
+ names.add(result.getSearchEntries().get(2).getAttributeValue("surname"));
+ assertTrue(names.contains("One"));
+ assertTrue(names.contains("Two"));
+ assertTrue(names.contains("Three"));
+
+ } finally {
+ conn.close();
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 20:18:40 +0000