mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 212 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13856 Commits
17 Branches
Tree: 321964155a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '321964155a'
${ noResults }
gitea/cmd/admin_auth_ldap_test.go

admin_auth_ldap_test.go 33KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package cmd

  6. 

  7. import (

  8. 	"context"

  9. 	"testing"

  10. 

  11. 	"code.gitea.io/gitea/models/auth"

  12. 	"code.gitea.io/gitea/services/auth/source/ldap"

  13. 

  14. 	"github.com/stretchr/testify/assert"

  15. 	"github.com/urfave/cli"

  16. )

  17. 

  18. func TestAddLdapBindDn(t *testing.T) {

  19. 	// Mock cli functions to do not exit on error

  20. 	osExiter := cli.OsExiter

  21. 	defer func() { cli.OsExiter = osExiter }()

  22. 	cli.OsExiter = func(code int) {}

  23. 

  24. 	// Test cases

  25. 	cases := []struct {

  26. 		args   []string

  27. 		source *auth.Source

  28. 		errMsg string

  29. 	}{

  30. 		// case 0

  31. 		{

  32. 			args: []string{

  33. 				"ldap-test",

  34. 				"--name", "ldap (via Bind DN) source full",

  35. 				"--not-active",

  36. 				"--security-protocol", "ldaps",

  37. 				"--skip-tls-verify",

  38. 				"--host", "ldap-bind-server full",

  39. 				"--port", "9876",

  40. 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",

  41. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  42. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  43. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  44. 				"--username-attribute", "uid-bind full",

  45. 				"--firstname-attribute", "givenName-bind full",

  46. 				"--surname-attribute", "sn-bind full",

  47. 				"--email-attribute", "mail-bind full",

  48. 				"--public-ssh-key-attribute", "publickey-bind full",

  49. 				"--avatar-attribute", "avatar-bind full",

  50. 				"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org",

  51. 				"--bind-password", "secret-bind-full",

  52. 				"--attributes-in-bind",

  53. 				"--synchronize-users",

  54. 				"--page-size", "99",

  55. 			},

  56. 			source: &auth.Source{

  57. 				Type:          auth.LDAP,

  58. 				Name:          "ldap (via Bind DN) source full",

  59. 				IsActive:      false,

  60. 				IsSyncEnabled: true,

  61. 				Cfg: &ldap.Source{

  62. 					Name:                  "ldap (via Bind DN) source full",

  63. 					Host:                  "ldap-bind-server full",

  64. 					Port:                  9876,

  65. 					SecurityProtocol:      ldap.SecurityProtocol(1),

  66. 					SkipVerify:            true,

  67. 					BindDN:                "cn=readonly,dc=full-domain-bind,dc=org",

  68. 					BindPassword:          "secret-bind-full",

  69. 					UserBase:              "ou=Users,dc=full-domain-bind,dc=org",

  70. 					AttributeUsername:     "uid-bind full",

  71. 					AttributeName:         "givenName-bind full",

  72. 					AttributeSurname:      "sn-bind full",

  73. 					AttributeMail:         "mail-bind full",

  74. 					AttributesInBind:      true,

  75. 					AttributeSSHPublicKey: "publickey-bind full",

  76. 					AttributeAvatar:       "avatar-bind full",

  77. 					SearchPageSize:        99,

  78. 					Filter:                "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  79. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  80. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  81. 					Enabled:               true,

  82. 				},

  83. 			},

  84. 		},

  85. 		// case 1

  86. 		{

  87. 			args: []string{

  88. 				"ldap-test",

  89. 				"--name", "ldap (via Bind DN) source min",

  90. 				"--security-protocol", "unencrypted",

  91. 				"--host", "ldap-bind-server min",

  92. 				"--port", "1234",

  93. 				"--user-search-base", "ou=Users,dc=min-domain-bind,dc=org",

  94. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",

  95. 				"--email-attribute", "mail-bind min",

  96. 			},

  97. 			source: &auth.Source{

  98. 				Type:     auth.LDAP,

  99. 				Name:     "ldap (via Bind DN) source min",

  100. 				IsActive: true,

  101. 				Cfg: &ldap.Source{

  102. 					Name:             "ldap (via Bind DN) source min",

  103. 					Host:             "ldap-bind-server min",

  104. 					Port:             1234,

  105. 					SecurityProtocol: ldap.SecurityProtocol(0),

  106. 					UserBase:         "ou=Users,dc=min-domain-bind,dc=org",

  107. 					AttributeMail:    "mail-bind min",

  108. 					Filter:           "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",

  109. 					Enabled:          true,

  110. 				},

  111. 			},

  112. 		},

  113. 		// case 2

  114. 		{

  115. 			args: []string{

  116. 				"ldap-test",

  117. 				"--name", "ldap (via Bind DN) source",

  118. 				"--security-protocol", "zzzzz",

  119. 				"--host", "ldap-server",

  120. 				"--port", "1234",

  121. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  122. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  123. 				"--email-attribute", "mail",

  124. 			},

  125. 			errMsg: "Unknown security protocol name: zzzzz",

  126. 		},

  127. 		// case 3

  128. 		{

  129. 			args: []string{

  130. 				"ldap-test",

  131. 				"--security-protocol", "unencrypted",

  132. 				"--host", "ldap-server",

  133. 				"--port", "1234",

  134. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  135. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  136. 				"--email-attribute", "mail",

  137. 			},

  138. 			errMsg: "name is not set",

  139. 		},

  140. 		// case 4

  141. 		{

  142. 			args: []string{

  143. 				"ldap-test",

  144. 				"--name", "ldap (via Bind DN) source",

  145. 				"--host", "ldap-server",

  146. 				"--port", "1234",

  147. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  148. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  149. 				"--email-attribute", "mail",

  150. 			},

  151. 			errMsg: "security-protocol is not set",

  152. 		},

  153. 		// case 5

  154. 		{

  155. 			args: []string{

  156. 				"ldap-test",

  157. 				"--name", "ldap (via Bind DN) source",

  158. 				"--security-protocol", "unencrypted",

  159. 				"--port", "1234",

  160. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  161. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  162. 				"--email-attribute", "mail",

  163. 			},

  164. 			errMsg: "host is not set",

  165. 		},

  166. 		// case 6

  167. 		{

  168. 			args: []string{

  169. 				"ldap-test",

  170. 				"--name", "ldap (via Bind DN) source",

  171. 				"--security-protocol", "unencrypted",

  172. 				"--host", "ldap-server",

  173. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  174. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  175. 				"--email-attribute", "mail",

  176. 			},

  177. 			errMsg: "port is not set",

  178. 		},

  179. 		// case 7

  180. 		{

  181. 			args: []string{

  182. 				"ldap-test",

  183. 				"--name", "ldap (via Bind DN) source",

  184. 				"--security-protocol", "unencrypted",

  185. 				"--host", "ldap-server",

  186. 				"--port", "1234",

  187. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  188. 				"--email-attribute", "mail",

  189. 			},

  190. 			errMsg: "user-filter is not set",

  191. 		},

  192. 		// case 8

  193. 		{

  194. 			args: []string{

  195. 				"ldap-test",

  196. 				"--name", "ldap (via Bind DN) source",

  197. 				"--security-protocol", "unencrypted",

  198. 				"--host", "ldap-server",

  199. 				"--port", "1234",

  200. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  201. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  202. 			},

  203. 			errMsg: "email-attribute is not set",

  204. 		},

  205. 	}

  206. 

  207. 	for n, c := range cases {

  208. 		// Mock functions.

  209. 		var createdAuthSource *auth.Source

  210. 		service := &authService{

  211. 			initDB: func(context.Context) error {

  212. 				return nil

  213. 			},

  214. 			createAuthSource: func(authSource *auth.Source) error {

  215. 				createdAuthSource = authSource

  216. 				return nil

  217. 			},

  218. 			updateAuthSource: func(authSource *auth.Source) error {

  219. 				assert.FailNow(t, "case %d: should not call updateAuthSource", n)

  220. 				return nil

  221. 			},

  222. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  223. 				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)

  224. 				return nil, nil

  225. 			},

  226. 		}

  227. 

  228. 		// Create a copy of command to test

  229. 		app := cli.NewApp()

  230. 		app.Flags = cmdAuthAddLdapBindDn.Flags

  231. 		app.Action = service.addLdapBindDn

  232. 

  233. 		// Run it

  234. 		err := app.Run(c.args)

  235. 		if c.errMsg != "" {

  236. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  237. 		} else {

  238. 			assert.NoError(t, err, "case %d: should have no errors", n)

  239. 			assert.Equal(t, c.source, createdAuthSource, "case %d: wrong authSource", n)

  240. 		}

  241. 	}

  242. }

  243. 

  244. func TestAddLdapSimpleAuth(t *testing.T) {

  245. 	// Mock cli functions to do not exit on error

  246. 	osExiter := cli.OsExiter

  247. 	defer func() { cli.OsExiter = osExiter }()

  248. 	cli.OsExiter = func(code int) {}

  249. 

  250. 	// Test cases

  251. 	cases := []struct {

  252. 		args       []string

  253. 		authSource *auth.Source

  254. 		errMsg     string

  255. 	}{

  256. 		// case 0

  257. 		{

  258. 			args: []string{

  259. 				"ldap-test",

  260. 				"--name", "ldap (simple auth) source full",

  261. 				"--not-active",

  262. 				"--security-protocol", "starttls",

  263. 				"--skip-tls-verify",

  264. 				"--host", "ldap-simple-server full",

  265. 				"--port", "987",

  266. 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",

  267. 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  268. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  269. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  270. 				"--username-attribute", "uid-simple full",

  271. 				"--firstname-attribute", "givenName-simple full",

  272. 				"--surname-attribute", "sn-simple full",

  273. 				"--email-attribute", "mail-simple full",

  274. 				"--public-ssh-key-attribute", "publickey-simple full",

  275. 				"--avatar-attribute", "avatar-simple full",

  276. 				"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  277. 			},

  278. 			authSource: &auth.Source{

  279. 				Type:     auth.DLDAP,

  280. 				Name:     "ldap (simple auth) source full",

  281. 				IsActive: false,

  282. 				Cfg: &ldap.Source{

  283. 					Name:                  "ldap (simple auth) source full",

  284. 					Host:                  "ldap-simple-server full",

  285. 					Port:                  987,

  286. 					SecurityProtocol:      ldap.SecurityProtocol(2),

  287. 					SkipVerify:            true,

  288. 					UserDN:                "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  289. 					UserBase:              "ou=Users,dc=full-domain-simple,dc=org",

  290. 					AttributeUsername:     "uid-simple full",

  291. 					AttributeName:         "givenName-simple full",

  292. 					AttributeSurname:      "sn-simple full",

  293. 					AttributeMail:         "mail-simple full",

  294. 					AttributeSSHPublicKey: "publickey-simple full",

  295. 					AttributeAvatar:       "avatar-simple full",

  296. 					Filter:                "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  297. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  298. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  299. 					Enabled:               true,

  300. 				},

  301. 			},

  302. 		},

  303. 		// case 1

  304. 		{

  305. 			args: []string{

  306. 				"ldap-test",

  307. 				"--name", "ldap (simple auth) source min",

  308. 				"--security-protocol", "unencrypted",

  309. 				"--host", "ldap-simple-server min",

  310. 				"--port", "123",

  311. 				"--user-filter", "(&(objectClass=posixAccount)(min-simple-cn=%s))",

  312. 				"--email-attribute", "mail-simple min",

  313. 				"--user-dn", "cn=%s,ou=Users,dc=min-domain-simple,dc=org",

  314. 			},

  315. 			authSource: &auth.Source{

  316. 				Type:     auth.DLDAP,

  317. 				Name:     "ldap (simple auth) source min",

  318. 				IsActive: true,

  319. 				Cfg: &ldap.Source{

  320. 					Name:             "ldap (simple auth) source min",

  321. 					Host:             "ldap-simple-server min",

  322. 					Port:             123,

  323. 					SecurityProtocol: ldap.SecurityProtocol(0),

  324. 					UserDN:           "cn=%s,ou=Users,dc=min-domain-simple,dc=org",

  325. 					AttributeMail:    "mail-simple min",

  326. 					Filter:           "(&(objectClass=posixAccount)(min-simple-cn=%s))",

  327. 					Enabled:          true,

  328. 				},

  329. 			},

  330. 		},

  331. 		// case 2

  332. 		{

  333. 			args: []string{

  334. 				"ldap-test",

  335. 				"--name", "ldap (simple auth) source",

  336. 				"--security-protocol", "zzzzz",

  337. 				"--host", "ldap-server",

  338. 				"--port", "123",

  339. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  340. 				"--email-attribute", "mail",

  341. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  342. 			},

  343. 			errMsg: "Unknown security protocol name: zzzzz",

  344. 		},

  345. 		// case 3

  346. 		{

  347. 			args: []string{

  348. 				"ldap-test",

  349. 				"--security-protocol", "unencrypted",

  350. 				"--host", "ldap-server",

  351. 				"--port", "123",

  352. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  353. 				"--email-attribute", "mail",

  354. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  355. 			},

  356. 			errMsg: "name is not set",

  357. 		},

  358. 		// case 4

  359. 		{

  360. 			args: []string{

  361. 				"ldap-test",

  362. 				"--name", "ldap (simple auth) source",

  363. 				"--host", "ldap-server",

  364. 				"--port", "123",

  365. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  366. 				"--email-attribute", "mail",

  367. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  368. 			},

  369. 			errMsg: "security-protocol is not set",

  370. 		},

  371. 		// case 5

  372. 		{

  373. 			args: []string{

  374. 				"ldap-test",

  375. 				"--name", "ldap (simple auth) source",

  376. 				"--security-protocol", "unencrypted",

  377. 				"--port", "123",

  378. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  379. 				"--email-attribute", "mail",

  380. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  381. 			},

  382. 			errMsg: "host is not set",

  383. 		},

  384. 		// case 6

  385. 		{

  386. 			args: []string{

  387. 				"ldap-test",

  388. 				"--name", "ldap (simple auth) source",

  389. 				"--security-protocol", "unencrypted",

  390. 				"--host", "ldap-server",

  391. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  392. 				"--email-attribute", "mail",

  393. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  394. 			},

  395. 			errMsg: "port is not set",

  396. 		},

  397. 		// case 7

  398. 		{

  399. 			args: []string{

  400. 				"ldap-test",

  401. 				"--name", "ldap (simple auth) source",

  402. 				"--security-protocol", "unencrypted",

  403. 				"--host", "ldap-server",

  404. 				"--port", "123",

  405. 				"--email-attribute", "mail",

  406. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  407. 			},

  408. 			errMsg: "user-filter is not set",

  409. 		},

  410. 		// case 8

  411. 		{

  412. 			args: []string{

  413. 				"ldap-test",

  414. 				"--name", "ldap (simple auth) source",

  415. 				"--security-protocol", "unencrypted",

  416. 				"--host", "ldap-server",

  417. 				"--port", "123",

  418. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  419. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  420. 			},

  421. 			errMsg: "email-attribute is not set",

  422. 		},

  423. 		// case 9

  424. 		{

  425. 			args: []string{

  426. 				"ldap-test",

  427. 				"--name", "ldap (simple auth) source",

  428. 				"--security-protocol", "unencrypted",

  429. 				"--host", "ldap-server",

  430. 				"--port", "123",

  431. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  432. 				"--email-attribute", "mail",

  433. 			},

  434. 			errMsg: "user-dn is not set",

  435. 		},

  436. 	}

  437. 

  438. 	for n, c := range cases {

  439. 		// Mock functions.

  440. 		var createdAuthSource *auth.Source

  441. 		service := &authService{

  442. 			initDB: func(context.Context) error {

  443. 				return nil

  444. 			},

  445. 			createAuthSource: func(authSource *auth.Source) error {

  446. 				createdAuthSource = authSource

  447. 				return nil

  448. 			},

  449. 			updateAuthSource: func(authSource *auth.Source) error {

  450. 				assert.FailNow(t, "case %d: should not call updateAuthSource", n)

  451. 				return nil

  452. 			},

  453. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  454. 				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)

  455. 				return nil, nil

  456. 			},

  457. 		}

  458. 

  459. 		// Create a copy of command to test

  460. 		app := cli.NewApp()

  461. 		app.Flags = cmdAuthAddLdapSimpleAuth.Flags

  462. 		app.Action = service.addLdapSimpleAuth

  463. 

  464. 		// Run it

  465. 		err := app.Run(c.args)

  466. 		if c.errMsg != "" {

  467. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  468. 		} else {

  469. 			assert.NoError(t, err, "case %d: should have no errors", n)

  470. 			assert.Equal(t, c.authSource, createdAuthSource, "case %d: wrong authSource", n)

  471. 		}

  472. 	}

  473. }

  474. 

  475. func TestUpdateLdapBindDn(t *testing.T) {

  476. 	// Mock cli functions to do not exit on error

  477. 	osExiter := cli.OsExiter

  478. 	defer func() { cli.OsExiter = osExiter }()

  479. 	cli.OsExiter = func(code int) {}

  480. 

  481. 	// Test cases

  482. 	cases := []struct {

  483. 		args               []string

  484. 		id                 int64

  485. 		existingAuthSource *auth.Source

  486. 		authSource         *auth.Source

  487. 		errMsg             string

  488. 	}{

  489. 		// case 0

  490. 		{

  491. 			args: []string{

  492. 				"ldap-test",

  493. 				"--id", "23",

  494. 				"--name", "ldap (via Bind DN) source full",

  495. 				"--not-active",

  496. 				"--security-protocol", "LDAPS",

  497. 				"--skip-tls-verify",

  498. 				"--host", "ldap-bind-server full",

  499. 				"--port", "9876",

  500. 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",

  501. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  502. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  503. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  504. 				"--username-attribute", "uid-bind full",

  505. 				"--firstname-attribute", "givenName-bind full",

  506. 				"--surname-attribute", "sn-bind full",

  507. 				"--email-attribute", "mail-bind full",

  508. 				"--public-ssh-key-attribute", "publickey-bind full",

  509. 				"--avatar-attribute", "avatar-bind full",

  510. 				"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org",

  511. 				"--bind-password", "secret-bind-full",

  512. 				"--synchronize-users",

  513. 				"--page-size", "99",

  514. 			},

  515. 			id: 23,

  516. 			existingAuthSource: &auth.Source{

  517. 				Type:     auth.LDAP,

  518. 				IsActive: true,

  519. 				Cfg: &ldap.Source{

  520. 					Enabled: true,

  521. 				},

  522. 			},

  523. 			authSource: &auth.Source{

  524. 				Type:          auth.LDAP,

  525. 				Name:          "ldap (via Bind DN) source full",

  526. 				IsActive:      false,

  527. 				IsSyncEnabled: true,

  528. 				Cfg: &ldap.Source{

  529. 					Name:                  "ldap (via Bind DN) source full",

  530. 					Host:                  "ldap-bind-server full",

  531. 					Port:                  9876,

  532. 					SecurityProtocol:      ldap.SecurityProtocol(1),

  533. 					SkipVerify:            true,

  534. 					BindDN:                "cn=readonly,dc=full-domain-bind,dc=org",

  535. 					BindPassword:          "secret-bind-full",

  536. 					UserBase:              "ou=Users,dc=full-domain-bind,dc=org",

  537. 					AttributeUsername:     "uid-bind full",

  538. 					AttributeName:         "givenName-bind full",

  539. 					AttributeSurname:      "sn-bind full",

  540. 					AttributeMail:         "mail-bind full",

  541. 					AttributesInBind:      false,

  542. 					AttributeSSHPublicKey: "publickey-bind full",

  543. 					AttributeAvatar:       "avatar-bind full",

  544. 					SearchPageSize:        99,

  545. 					Filter:                "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  546. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  547. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  548. 					Enabled:               true,

  549. 				},

  550. 			},

  551. 		},

  552. 		// case 1

  553. 		{

  554. 			args: []string{

  555. 				"ldap-test",

  556. 				"--id", "1",

  557. 			},

  558. 			authSource: &auth.Source{

  559. 				Type: auth.LDAP,

  560. 				Cfg:  &ldap.Source{},

  561. 			},

  562. 		},

  563. 		// case 2

  564. 		{

  565. 			args: []string{

  566. 				"ldap-test",

  567. 				"--id", "1",

  568. 				"--name", "ldap (via Bind DN) source",

  569. 			},

  570. 			authSource: &auth.Source{

  571. 				Type: auth.LDAP,

  572. 				Name: "ldap (via Bind DN) source",

  573. 				Cfg: &ldap.Source{

  574. 					Name: "ldap (via Bind DN) source",

  575. 				},

  576. 			},

  577. 		},

  578. 		// case 3

  579. 		{

  580. 			args: []string{

  581. 				"ldap-test",

  582. 				"--id", "1",

  583. 				"--not-active",

  584. 			},

  585. 			existingAuthSource: &auth.Source{

  586. 				Type:     auth.LDAP,

  587. 				IsActive: true,

  588. 				Cfg:      &ldap.Source{},

  589. 			},

  590. 			authSource: &auth.Source{

  591. 				Type:     auth.LDAP,

  592. 				IsActive: false,

  593. 				Cfg:      &ldap.Source{},

  594. 			},

  595. 		},

  596. 		// case 4

  597. 		{

  598. 			args: []string{

  599. 				"ldap-test",

  600. 				"--id", "1",

  601. 				"--security-protocol", "LDAPS",

  602. 			},

  603. 			authSource: &auth.Source{

  604. 				Type: auth.LDAP,

  605. 				Cfg: &ldap.Source{

  606. 					SecurityProtocol: ldap.SecurityProtocol(1),

  607. 				},

  608. 			},

  609. 		},

  610. 		// case 5

  611. 		{

  612. 			args: []string{

  613. 				"ldap-test",

  614. 				"--id", "1",

  615. 				"--skip-tls-verify",

  616. 			},

  617. 			authSource: &auth.Source{

  618. 				Type: auth.LDAP,

  619. 				Cfg: &ldap.Source{

  620. 					SkipVerify: true,

  621. 				},

  622. 			},

  623. 		},

  624. 		// case 6

  625. 		{

  626. 			args: []string{

  627. 				"ldap-test",

  628. 				"--id", "1",

  629. 				"--host", "ldap-server",

  630. 			},

  631. 			authSource: &auth.Source{

  632. 				Type: auth.LDAP,

  633. 				Cfg: &ldap.Source{

  634. 					Host: "ldap-server",

  635. 				},

  636. 			},

  637. 		},

  638. 		// case 7

  639. 		{

  640. 			args: []string{

  641. 				"ldap-test",

  642. 				"--id", "1",

  643. 				"--port", "389",

  644. 			},

  645. 			authSource: &auth.Source{

  646. 				Type: auth.LDAP,

  647. 				Cfg: &ldap.Source{

  648. 					Port: 389,

  649. 				},

  650. 			},

  651. 		},

  652. 		// case 8

  653. 		{

  654. 			args: []string{

  655. 				"ldap-test",

  656. 				"--id", "1",

  657. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  658. 			},

  659. 			authSource: &auth.Source{

  660. 				Type: auth.LDAP,

  661. 				Cfg: &ldap.Source{

  662. 					UserBase: "ou=Users,dc=domain,dc=org",

  663. 				},

  664. 			},

  665. 		},

  666. 		// case 9

  667. 		{

  668. 			args: []string{

  669. 				"ldap-test",

  670. 				"--id", "1",

  671. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  672. 			},

  673. 			authSource: &auth.Source{

  674. 				Type: auth.LDAP,

  675. 				Cfg: &ldap.Source{

  676. 					Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  677. 				},

  678. 			},

  679. 		},

  680. 		// case 10

  681. 		{

  682. 			args: []string{

  683. 				"ldap-test",

  684. 				"--id", "1",

  685. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  686. 			},

  687. 			authSource: &auth.Source{

  688. 				Type: auth.LDAP,

  689. 				Cfg: &ldap.Source{

  690. 					AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  691. 				},

  692. 			},

  693. 		},

  694. 		// case 11

  695. 		{

  696. 			args: []string{

  697. 				"ldap-test",

  698. 				"--id", "1",

  699. 				"--username-attribute", "uid",

  700. 			},

  701. 			authSource: &auth.Source{

  702. 				Type: auth.LDAP,

  703. 				Cfg: &ldap.Source{

  704. 					AttributeUsername: "uid",

  705. 				},

  706. 			},

  707. 		},

  708. 		// case 12

  709. 		{

  710. 			args: []string{

  711. 				"ldap-test",

  712. 				"--id", "1",

  713. 				"--firstname-attribute", "givenName",

  714. 			},

  715. 			authSource: &auth.Source{

  716. 				Type: auth.LDAP,

  717. 				Cfg: &ldap.Source{

  718. 					AttributeName: "givenName",

  719. 				},

  720. 			},

  721. 		},

  722. 		// case 13

  723. 		{

  724. 			args: []string{

  725. 				"ldap-test",

  726. 				"--id", "1",

  727. 				"--surname-attribute", "sn",

  728. 			},

  729. 			authSource: &auth.Source{

  730. 				Type: auth.LDAP,

  731. 				Cfg: &ldap.Source{

  732. 					AttributeSurname: "sn",

  733. 				},

  734. 			},

  735. 		},

  736. 		// case 14

  737. 		{

  738. 			args: []string{

  739. 				"ldap-test",

  740. 				"--id", "1",

  741. 				"--email-attribute", "mail",

  742. 			},

  743. 			authSource: &auth.Source{

  744. 				Type: auth.LDAP,

  745. 				Cfg: &ldap.Source{

  746. 					AttributeMail: "mail",

  747. 				},

  748. 			},

  749. 		},

  750. 		// case 15

  751. 		{

  752. 			args: []string{

  753. 				"ldap-test",

  754. 				"--id", "1",

  755. 				"--attributes-in-bind",

  756. 			},

  757. 			authSource: &auth.Source{

  758. 				Type: auth.LDAP,

  759. 				Cfg: &ldap.Source{

  760. 					AttributesInBind: true,

  761. 				},

  762. 			},

  763. 		},

  764. 		// case 16

  765. 		{

  766. 			args: []string{

  767. 				"ldap-test",

  768. 				"--id", "1",

  769. 				"--public-ssh-key-attribute", "publickey",

  770. 			},

  771. 			authSource: &auth.Source{

  772. 				Type: auth.LDAP,

  773. 				Cfg: &ldap.Source{

  774. 					AttributeSSHPublicKey: "publickey",

  775. 				},

  776. 			},

  777. 		},

  778. 		// case 17

  779. 		{

  780. 			args: []string{

  781. 				"ldap-test",

  782. 				"--id", "1",

  783. 				"--bind-dn", "cn=readonly,dc=domain,dc=org",

  784. 			},

  785. 			authSource: &auth.Source{

  786. 				Type: auth.LDAP,

  787. 				Cfg: &ldap.Source{

  788. 					BindDN: "cn=readonly,dc=domain,dc=org",

  789. 				},

  790. 			},

  791. 		},

  792. 		// case 18

  793. 		{

  794. 			args: []string{

  795. 				"ldap-test",

  796. 				"--id", "1",

  797. 				"--bind-password", "secret",

  798. 			},

  799. 			authSource: &auth.Source{

  800. 				Type: auth.LDAP,

  801. 				Cfg: &ldap.Source{

  802. 					BindPassword: "secret",

  803. 				},

  804. 			},

  805. 		},

  806. 		// case 19

  807. 		{

  808. 			args: []string{

  809. 				"ldap-test",

  810. 				"--id", "1",

  811. 				"--synchronize-users",

  812. 			},

  813. 			authSource: &auth.Source{

  814. 				Type:          auth.LDAP,

  815. 				IsSyncEnabled: true,

  816. 				Cfg:           &ldap.Source{},

  817. 			},

  818. 		},

  819. 		// case 20

  820. 		{

  821. 			args: []string{

  822. 				"ldap-test",

  823. 				"--id", "1",

  824. 				"--page-size", "12",

  825. 			},

  826. 			authSource: &auth.Source{

  827. 				Type: auth.LDAP,

  828. 				Cfg: &ldap.Source{

  829. 					SearchPageSize: 12,

  830. 				},

  831. 			},

  832. 		},

  833. 		// case 21

  834. 		{

  835. 			args: []string{

  836. 				"ldap-test",

  837. 				"--id", "1",

  838. 				"--security-protocol", "xxxxx",

  839. 			},

  840. 			errMsg: "Unknown security protocol name: xxxxx",

  841. 		},

  842. 		// case 22

  843. 		{

  844. 			args: []string{

  845. 				"ldap-test",

  846. 			},

  847. 			errMsg: "id is not set",

  848. 		},

  849. 		// case 23

  850. 		{

  851. 			args: []string{

  852. 				"ldap-test",

  853. 				"--id", "1",

  854. 			},

  855. 			existingAuthSource: &auth.Source{

  856. 				Type: auth.OAuth2,

  857. 				Cfg:  &ldap.Source{},

  858. 			},

  859. 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",

  860. 		},

  861. 		// case 24

  862. 		{

  863. 			args: []string{

  864. 				"ldap-test",

  865. 				"--id", "24",

  866. 				"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes",

  867. 				"--active",

  868. 				"--disable-synchronize-users",

  869. 			},

  870. 			id: 24,

  871. 			existingAuthSource: &auth.Source{

  872. 				Type:          auth.LDAP,

  873. 				IsActive:      false,

  874. 				IsSyncEnabled: true,

  875. 				Cfg: &ldap.Source{

  876. 					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",

  877. 					Enabled: true,

  878. 				},

  879. 			},

  880. 			authSource: &auth.Source{

  881. 				Type:          auth.LDAP,

  882. 				Name:          "ldap (via Bind DN) flip 'active' and 'user sync' attributes",

  883. 				IsActive:      true,

  884. 				IsSyncEnabled: false,

  885. 				Cfg: &ldap.Source{

  886. 					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",

  887. 					Enabled: true,

  888. 				},

  889. 			},

  890. 		},

  891. 	}

  892. 

  893. 	for n, c := range cases {

  894. 		// Mock functions.

  895. 		var updatedAuthSource *auth.Source

  896. 		service := &authService{

  897. 			initDB: func(context.Context) error {

  898. 				return nil

  899. 			},

  900. 			createAuthSource: func(authSource *auth.Source) error {

  901. 				assert.FailNow(t, "case %d: should not call createAuthSource", n)

  902. 				return nil

  903. 			},

  904. 			updateAuthSource: func(authSource *auth.Source) error {

  905. 				updatedAuthSource = authSource

  906. 				return nil

  907. 			},

  908. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  909. 				if c.id != 0 {

  910. 					assert.Equal(t, c.id, id, "case %d: wrong id", n)

  911. 				}

  912. 				if c.existingAuthSource != nil {

  913. 					return c.existingAuthSource, nil

  914. 				}

  915. 				return &auth.Source{

  916. 					Type: auth.LDAP,

  917. 					Cfg:  &ldap.Source{},

  918. 				}, nil

  919. 			},

  920. 		}

  921. 

  922. 		// Create a copy of command to test

  923. 		app := cli.NewApp()

  924. 		app.Flags = cmdAuthUpdateLdapBindDn.Flags

  925. 		app.Action = service.updateLdapBindDn

  926. 

  927. 		// Run it

  928. 		err := app.Run(c.args)

  929. 		if c.errMsg != "" {

  930. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  931. 		} else {

  932. 			assert.NoError(t, err, "case %d: should have no errors", n)

  933. 			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)

  934. 		}

  935. 	}

  936. }

  937. 

  938. func TestUpdateLdapSimpleAuth(t *testing.T) {

  939. 	// Mock cli functions to do not exit on error

  940. 	osExiter := cli.OsExiter

  941. 	defer func() { cli.OsExiter = osExiter }()

  942. 	cli.OsExiter = func(code int) {}

  943. 

  944. 	// Test cases

  945. 	cases := []struct {

  946. 		args               []string

  947. 		id                 int64

  948. 		existingAuthSource *auth.Source

  949. 		authSource         *auth.Source

  950. 		errMsg             string

  951. 	}{

  952. 		// case 0

  953. 		{

  954. 			args: []string{

  955. 				"ldap-test",

  956. 				"--id", "7",

  957. 				"--name", "ldap (simple auth) source full",

  958. 				"--not-active",

  959. 				"--security-protocol", "starttls",

  960. 				"--skip-tls-verify",

  961. 				"--host", "ldap-simple-server full",

  962. 				"--port", "987",

  963. 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",

  964. 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  965. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  966. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  967. 				"--username-attribute", "uid-simple full",

  968. 				"--firstname-attribute", "givenName-simple full",

  969. 				"--surname-attribute", "sn-simple full",

  970. 				"--email-attribute", "mail-simple full",

  971. 				"--public-ssh-key-attribute", "publickey-simple full",

  972. 				"--avatar-attribute", "avatar-simple full",

  973. 				"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  974. 			},

  975. 			id: 7,

  976. 			authSource: &auth.Source{

  977. 				Type:     auth.DLDAP,

  978. 				Name:     "ldap (simple auth) source full",

  979. 				IsActive: false,

  980. 				Cfg: &ldap.Source{

  981. 					Name:                  "ldap (simple auth) source full",

  982. 					Host:                  "ldap-simple-server full",

  983. 					Port:                  987,

  984. 					SecurityProtocol:      ldap.SecurityProtocol(2),

  985. 					SkipVerify:            true,

  986. 					UserDN:                "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  987. 					UserBase:              "ou=Users,dc=full-domain-simple,dc=org",

  988. 					AttributeUsername:     "uid-simple full",

  989. 					AttributeName:         "givenName-simple full",

  990. 					AttributeSurname:      "sn-simple full",

  991. 					AttributeMail:         "mail-simple full",

  992. 					AttributeSSHPublicKey: "publickey-simple full",

  993. 					AttributeAvatar:       "avatar-simple full",

  994. 					Filter:                "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  995. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  996. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  997. 				},

  998. 			},

  999. 		},

  1000. 		// case 1

  1001. 		{

  1002. 			args: []string{

  1003. 				"ldap-test",

  1004. 				"--id", "1",

  1005. 			},

  1006. 			authSource: &auth.Source{

  1007. 				Type: auth.DLDAP,

  1008. 				Cfg:  &ldap.Source{},

  1009. 			},

  1010. 		},

  1011. 		// case 2

  1012. 		{

  1013. 			args: []string{

  1014. 				"ldap-test",

  1015. 				"--id", "1",

  1016. 				"--name", "ldap (simple auth) source",

  1017. 			},

  1018. 			authSource: &auth.Source{

  1019. 				Type: auth.DLDAP,

  1020. 				Name: "ldap (simple auth) source",

  1021. 				Cfg: &ldap.Source{

  1022. 					Name: "ldap (simple auth) source",

  1023. 				},

  1024. 			},

  1025. 		},

  1026. 		// case 3

  1027. 		{

  1028. 			args: []string{

  1029. 				"ldap-test",

  1030. 				"--id", "1",

  1031. 				"--not-active",

  1032. 			},

  1033. 			existingAuthSource: &auth.Source{

  1034. 				Type:     auth.DLDAP,

  1035. 				IsActive: true,

  1036. 				Cfg:      &ldap.Source{},

  1037. 			},

  1038. 			authSource: &auth.Source{

  1039. 				Type:     auth.DLDAP,

  1040. 				IsActive: false,

  1041. 				Cfg:      &ldap.Source{},

  1042. 			},

  1043. 		},

  1044. 		// case 4

  1045. 		{

  1046. 			args: []string{

  1047. 				"ldap-test",

  1048. 				"--id", "1",

  1049. 				"--security-protocol", "starttls",

  1050. 			},

  1051. 			authSource: &auth.Source{

  1052. 				Type: auth.DLDAP,

  1053. 				Cfg: &ldap.Source{

  1054. 					SecurityProtocol: ldap.SecurityProtocol(2),

  1055. 				},

  1056. 			},

  1057. 		},

  1058. 		// case 5

  1059. 		{

  1060. 			args: []string{

  1061. 				"ldap-test",

  1062. 				"--id", "1",

  1063. 				"--skip-tls-verify",

  1064. 			},

  1065. 			authSource: &auth.Source{

  1066. 				Type: auth.DLDAP,

  1067. 				Cfg: &ldap.Source{

  1068. 					SkipVerify: true,

  1069. 				},

  1070. 			},

  1071. 		},

  1072. 		// case 6

  1073. 		{

  1074. 			args: []string{

  1075. 				"ldap-test",

  1076. 				"--id", "1",

  1077. 				"--host", "ldap-server",

  1078. 			},

  1079. 			authSource: &auth.Source{

  1080. 				Type: auth.DLDAP,

  1081. 				Cfg: &ldap.Source{

  1082. 					Host: "ldap-server",

  1083. 				},

  1084. 			},

  1085. 		},

  1086. 		// case 7

  1087. 		{

  1088. 			args: []string{

  1089. 				"ldap-test",

  1090. 				"--id", "1",

  1091. 				"--port", "987",

  1092. 			},

  1093. 			authSource: &auth.Source{

  1094. 				Type: auth.DLDAP,

  1095. 				Cfg: &ldap.Source{

  1096. 					Port: 987,

  1097. 				},

  1098. 			},

  1099. 		},

  1100. 		// case 8

  1101. 		{

  1102. 			args: []string{

  1103. 				"ldap-test",

  1104. 				"--id", "1",

  1105. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  1106. 			},

  1107. 			authSource: &auth.Source{

  1108. 				Type: auth.DLDAP,

  1109. 				Cfg: &ldap.Source{

  1110. 					UserBase: "ou=Users,dc=domain,dc=org",

  1111. 				},

  1112. 			},

  1113. 		},

  1114. 		// case 9

  1115. 		{

  1116. 			args: []string{

  1117. 				"ldap-test",

  1118. 				"--id", "1",

  1119. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  1120. 			},

  1121. 			authSource: &auth.Source{

  1122. 				Type: auth.DLDAP,

  1123. 				Cfg: &ldap.Source{

  1124. 					Filter: "(&(objectClass=posixAccount)(cn=%s))",

  1125. 				},

  1126. 			},

  1127. 		},

  1128. 		// case 10

  1129. 		{

  1130. 			args: []string{

  1131. 				"ldap-test",

  1132. 				"--id", "1",

  1133. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  1134. 			},

  1135. 			authSource: &auth.Source{

  1136. 				Type: auth.DLDAP,

  1137. 				Cfg: &ldap.Source{

  1138. 					AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  1139. 				},

  1140. 			},

  1141. 		},

  1142. 		// case 11

  1143. 		{

  1144. 			args: []string{

  1145. 				"ldap-test",

  1146. 				"--id", "1",

  1147. 				"--username-attribute", "uid",

  1148. 			},

  1149. 			authSource: &auth.Source{

  1150. 				Type: auth.DLDAP,

  1151. 				Cfg: &ldap.Source{

  1152. 					AttributeUsername: "uid",

  1153. 				},

  1154. 			},

  1155. 		},

  1156. 		// case 12

  1157. 		{

  1158. 			args: []string{

  1159. 				"ldap-test",

  1160. 				"--id", "1",

  1161. 				"--firstname-attribute", "givenName",

  1162. 			},

  1163. 			authSource: &auth.Source{

  1164. 				Type: auth.DLDAP,

  1165. 				Cfg: &ldap.Source{

  1166. 					AttributeName: "givenName",

  1167. 				},

  1168. 			},

  1169. 		},

  1170. 		// case 13

  1171. 		{

  1172. 			args: []string{

  1173. 				"ldap-test",

  1174. 				"--id", "1",

  1175. 				"--surname-attribute", "sn",

  1176. 			},

  1177. 			authSource: &auth.Source{

  1178. 				Type: auth.DLDAP,

  1179. 				Cfg: &ldap.Source{

  1180. 					AttributeSurname: "sn",

  1181. 				},

  1182. 			},

  1183. 		},

  1184. 		// case 14

  1185. 		{

  1186. 			args: []string{

  1187. 				"ldap-test",

  1188. 				"--id", "1",

  1189. 				"--email-attribute", "mail",

  1190. 			},

  1191. 			authSource: &auth.Source{

  1192. 				Type: auth.DLDAP,

  1193. 				Cfg: &ldap.Source{

  1194. 					AttributeMail: "mail",

  1195. 				},

  1196. 			},

  1197. 		},

  1198. 		// case 15

  1199. 		{

  1200. 			args: []string{

  1201. 				"ldap-test",

  1202. 				"--id", "1",

  1203. 				"--public-ssh-key-attribute", "publickey",

  1204. 			},

  1205. 			authSource: &auth.Source{

  1206. 				Type: auth.DLDAP,

  1207. 				Cfg: &ldap.Source{

  1208. 					AttributeSSHPublicKey: "publickey",

  1209. 				},

  1210. 			},

  1211. 		},

  1212. 		// case 16

  1213. 		{

  1214. 			args: []string{

  1215. 				"ldap-test",

  1216. 				"--id", "1",

  1217. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  1218. 			},

  1219. 			authSource: &auth.Source{

  1220. 				Type: auth.DLDAP,

  1221. 				Cfg: &ldap.Source{

  1222. 					UserDN: "cn=%s,ou=Users,dc=domain,dc=org",

  1223. 				},

  1224. 			},

  1225. 		},

  1226. 		// case 17

  1227. 		{

  1228. 			args: []string{

  1229. 				"ldap-test",

  1230. 				"--id", "1",

  1231. 				"--security-protocol", "xxxxx",

  1232. 			},

  1233. 			errMsg: "Unknown security protocol name: xxxxx",

  1234. 		},

  1235. 		// case 18

  1236. 		{

  1237. 			args: []string{

  1238. 				"ldap-test",

  1239. 			},

  1240. 			errMsg: "id is not set",

  1241. 		},

  1242. 		// case 19

  1243. 		{

  1244. 			args: []string{

  1245. 				"ldap-test",

  1246. 				"--id", "1",

  1247. 			},

  1248. 			existingAuthSource: &auth.Source{

  1249. 				Type: auth.PAM,

  1250. 				Cfg:  &ldap.Source{},

  1251. 			},

  1252. 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",

  1253. 		},

  1254. 		// case 20

  1255. 		{

  1256. 			args: []string{

  1257. 				"ldap-test",

  1258. 				"--id", "20",

  1259. 				"--name", "ldap (simple auth) flip 'active' attribute",

  1260. 				"--active",

  1261. 			},

  1262. 			id: 20,

  1263. 			existingAuthSource: &auth.Source{

  1264. 				Type:     auth.DLDAP,

  1265. 				IsActive: false,

  1266. 				Cfg: &ldap.Source{

  1267. 					Name:    "ldap (simple auth) flip 'active' attribute",

  1268. 					Enabled: true,

  1269. 				},

  1270. 			},

  1271. 			authSource: &auth.Source{

  1272. 				Type:     auth.DLDAP,

  1273. 				Name:     "ldap (simple auth) flip 'active' attribute",

  1274. 				IsActive: true,

  1275. 				Cfg: &ldap.Source{

  1276. 					Name:    "ldap (simple auth) flip 'active' attribute",

  1277. 					Enabled: true,

  1278. 				},

  1279. 			},

  1280. 		},

  1281. 	}

  1282. 

  1283. 	for n, c := range cases {

  1284. 		// Mock functions.

  1285. 		var updatedAuthSource *auth.Source

  1286. 		service := &authService{

  1287. 			initDB: func(context.Context) error {

  1288. 				return nil

  1289. 			},

  1290. 			createAuthSource: func(authSource *auth.Source) error {

  1291. 				assert.FailNow(t, "case %d: should not call createAuthSource", n)

  1292. 				return nil

  1293. 			},

  1294. 			updateAuthSource: func(authSource *auth.Source) error {

  1295. 				updatedAuthSource = authSource

  1296. 				return nil

  1297. 			},

  1298. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  1299. 				if c.id != 0 {

  1300. 					assert.Equal(t, c.id, id, "case %d: wrong id", n)

  1301. 				}

  1302. 				if c.existingAuthSource != nil {

  1303. 					return c.existingAuthSource, nil

  1304. 				}

  1305. 				return &auth.Source{

  1306. 					Type: auth.DLDAP,

  1307. 					Cfg:  &ldap.Source{},

  1308. 				}, nil

  1309. 			},

  1310. 		}

  1311. 

  1312. 		// Create a copy of command to test

  1313. 		app := cli.NewApp()

  1314. 		app.Flags = cmdAuthUpdateLdapSimpleAuth.Flags

  1315. 		app.Action = service.updateLdapSimpleAuth

  1316. 

  1317. 		// Run it

  1318. 		err := app.Run(c.args)

  1319. 		if c.errMsg != "" {

  1320. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  1321. 		} else {

  1322. 			assert.NoError(t, err, "case %d: should have no errors", n)

  1323. 			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)

  1324. 		}

  1325. 	}

  1326. }