package com.gitblit.tests; import static org.junit.Assume.assumeTrue; import java.util.ArrayList; import java.util.Arrays; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import com.gitblit.Keys; import com.gitblit.ldap.LdapConnection; import com.unboundid.ldap.sdk.BindResult; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; /* * Test for the LdapConnection * * @author Florian Zschocke * */ @RunWith(Parameterized.class) public class LdapConnectionTest extends LdapBasedUnitTest { @Test public void testEscapeLDAPFilterString() { // This test is independent from authentication mode, so run only once. assumeTrue(authMode == AuthMode.ANONYMOUS); // From: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java assertEquals("No special characters to escape", "Hi This is a test #çà", LdapConnection.escapeLDAPSearchFilter("Hi This is a test #çà")); assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # ç à ô", LdapConnection.escapeLDAPSearchFilter("Hi (This) = is * a \\ test # ç à ô")); assertEquals("Injection", "\\2a\\29\\28userPassword=secret", LdapConnection.escapeLDAPSearchFilter("*)(userPassword=secret")); } @Test public void testConnect() { // This test is independent from authentication mode, so run only once. assumeTrue(authMode == AuthMode.ANONYMOUS); LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); } finally { conn.close(); } } @Test public void testBindAnonymous() { // This test tests for anonymous bind, so run only in authentication mode ANONYMOUS. assumeTrue(authMode == AuthMode.ANONYMOUS); LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); BindResult br = conn.bind(); assertNotNull(br); assertEquals(ResultCode.SUCCESS, br.getResultCode()); assertEquals("", authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID())); } finally { conn.close(); } } @Test public void testBindAsAdmin() { // This test tests for anonymous bind, so run only in authentication mode DS_MANAGER. assumeTrue(authMode == AuthMode.DS_MANAGER); LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); BindResult br = conn.bind(); assertNotNull(br); assertEquals(ResultCode.SUCCESS, br.getResultCode()); assertEquals(settings.getString(Keys.realm.ldap.username, "UNSET"), authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID())); } finally { conn.close(); } } @Test public void testBindToBindpattern() { LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE; BindResult br = conn.bind(bindPattern, "UserThree", "userThreePassword"); assertNotNull(br); assertEquals(ResultCode.SUCCESS, br.getResultCode()); assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID())); br = conn.bind(bindPattern, "UserFour", "userThreePassword"); assertNull(br); br = conn.bind(bindPattern, "UserTwo", "userTwoPassword"); assertNull(br); } finally { conn.close(); } } @Test public void testRebindAsUser() { LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); assertFalse(conn.rebindAsUser()); BindResult br = conn.bind(); assertNotNull(br); assertFalse(conn.rebindAsUser()); String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE; br = conn.bind(bindPattern, "UserThree", "userThreePassword"); assertNotNull(br); assertFalse(conn.rebindAsUser()); br = conn.bind(); assertNotNull(br); assertTrue(conn.rebindAsUser()); assertEquals(ResultCode.SUCCESS, br.getResultCode()); assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN()); } finally { conn.close(); } } @Test public void testSearchRequest() throws LDAPException { LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); BindResult br = conn.bind(); assertNotNull(br); SearchRequest req; SearchResult result; SearchResultEntry entry; req = new SearchRequest(ACCOUNT_BASE, SearchScope.BASE, "(CN=UserOne)"); result = conn.search(req); assertNotNull(result); assertEquals(0, result.getEntryCount()); req = new SearchRequest(ACCOUNT_BASE, SearchScope.ONE, "(CN=UserTwo)"); result = conn.search(req); assertNotNull(result); assertEquals(0, result.getEntryCount()); req = new SearchRequest(ACCOUNT_BASE, SearchScope.SUB, "(CN=UserThree)"); result = conn.search(req); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, entry.getDN()); req = new SearchRequest(ACCOUNT_BASE, SearchScope.SUBORDINATE_SUBTREE, "(CN=UserFour)"); result = conn.search(req); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserFour,OU=Canada," + ACCOUNT_BASE, entry.getDN()); } finally { conn.close(); } } @Test public void testSearch() throws LDAPException { LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); BindResult br = conn.bind(); assertNotNull(br); SearchResult result; SearchResultEntry entry; result = conn.search(ACCOUNT_BASE, false, "(CN=UserOne)", null); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN()); result = conn.search(ACCOUNT_BASE, true, "(&(CN=UserOne)(surname=One))", null); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN()); result = conn.search(ACCOUNT_BASE, true, "(&(CN=UserOne)(surname=Two))", null); assertNotNull(result); assertEquals(0, result.getEntryCount()); result = conn.search(ACCOUNT_BASE, true, "(surname=Two)", Arrays.asList("givenName", "surname")); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserTwo,OU=US," + ACCOUNT_BASE, entry.getDN()); assertEquals(2, entry.getAttributes().size()); assertEquals("User", entry.getAttributeValue("givenName")); assertEquals("Two", entry.getAttributeValue("surname")); result = conn.search(ACCOUNT_BASE, true, "(personalTitle=Mr*)", null); assertNotNull(result); assertEquals(3, result.getEntryCount()); ArrayList names = new ArrayList<>(3); names.add(result.getSearchEntries().get(0).getAttributeValue("surname")); names.add(result.getSearchEntries().get(1).getAttributeValue("surname")); names.add(result.getSearchEntries().get(2).getAttributeValue("surname")); assertTrue(names.contains("One")); assertTrue(names.contains("Two")); assertTrue(names.contains("Three")); } finally { conn.close(); } } @Test public void testSearchUser() throws LDAPException { LdapConnection conn = new LdapConnection(settings); try { assertTrue(conn.connect()); BindResult br = conn.bind(); assertNotNull(br); SearchResult result; SearchResultEntry entry; result = conn.searchUser("UserOne"); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN()); result = conn.searchUser("UserFour", Arrays.asList("givenName", "surname")); assertNotNull(result); assertEquals(1, result.getEntryCount()); entry = result.getSearchEntries().get(0); assertEquals("CN=UserFour,OU=Canada," + ACCOUNT_BASE, entry.getDN()); assertEquals(2, entry.getAttributes().size()); assertEquals("User", entry.getAttributeValue("givenName")); assertEquals("Four", entry.getAttributeValue("surname")); } finally { conn.close(); } } }