mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12567 Commits
17 Branches
Tree: de8e3948a5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'de8e3948a5'
${ noResults }
gitea/cmd/admin_auth_ldap_test.go

admin_auth_ldap_test.go 32KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package cmd

  6. 

  7. import (

  8. 	"context"

  9. 	"testing"

  10. 

  11. 	"code.gitea.io/gitea/models/auth"

  12. 	"code.gitea.io/gitea/services/auth/source/ldap"

  13. 

  14. 	"github.com/stretchr/testify/assert"

  15. 	"github.com/urfave/cli"

  16. )

  17. 

  18. func TestAddLdapBindDn(t *testing.T) {

  19. 	// Mock cli functions to do not exit on error

  20. 	var osExiter = cli.OsExiter

  21. 	defer func() { cli.OsExiter = osExiter }()

  22. 	cli.OsExiter = func(code int) {}

  23. 

  24. 	// Test cases

  25. 	var cases = []struct {

  26. 		args   []string

  27. 		source *auth.Source

  28. 		errMsg string

  29. 	}{

  30. 		// case 0

  31. 		{

  32. 			args: []string{

  33. 				"ldap-test",

  34. 				"--name", "ldap (via Bind DN) source full",

  35. 				"--not-active",

  36. 				"--security-protocol", "ldaps",

  37. 				"--skip-tls-verify",

  38. 				"--host", "ldap-bind-server full",

  39. 				"--port", "9876",

  40. 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",

  41. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  42. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  43. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  44. 				"--username-attribute", "uid-bind full",

  45. 				"--firstname-attribute", "givenName-bind full",

  46. 				"--surname-attribute", "sn-bind full",

  47. 				"--email-attribute", "mail-bind full",

  48. 				"--public-ssh-key-attribute", "publickey-bind full",

  49. 				"--avatar-attribute", "avatar-bind full",

  50. 				"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org",

  51. 				"--bind-password", "secret-bind-full",

  52. 				"--attributes-in-bind",

  53. 				"--synchronize-users",

  54. 				"--page-size", "99",

  55. 			},

  56. 			source: &auth.Source{

  57. 				Type:          auth.LDAP,

  58. 				Name:          "ldap (via Bind DN) source full",

  59. 				IsActive:      false,

  60. 				IsSyncEnabled: true,

  61. 				Cfg: &ldap.Source{

  62. 					Name:                  "ldap (via Bind DN) source full",

  63. 					Host:                  "ldap-bind-server full",

  64. 					Port:                  9876,

  65. 					SecurityProtocol:      ldap.SecurityProtocol(1),

  66. 					SkipVerify:            true,

  67. 					BindDN:                "cn=readonly,dc=full-domain-bind,dc=org",

  68. 					BindPassword:          "secret-bind-full",

  69. 					UserBase:              "ou=Users,dc=full-domain-bind,dc=org",

  70. 					AttributeUsername:     "uid-bind full",

  71. 					AttributeName:         "givenName-bind full",

  72. 					AttributeSurname:      "sn-bind full",

  73. 					AttributeMail:         "mail-bind full",

  74. 					AttributesInBind:      true,

  75. 					AttributeSSHPublicKey: "publickey-bind full",

  76. 					AttributeAvatar:       "avatar-bind full",

  77. 					SearchPageSize:        99,

  78. 					Filter:                "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  79. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  80. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  81. 					Enabled:               true,

  82. 				},

  83. 			},

  84. 		},

  85. 		// case 1

  86. 		{

  87. 			args: []string{

  88. 				"ldap-test",

  89. 				"--name", "ldap (via Bind DN) source min",

  90. 				"--security-protocol", "unencrypted",

  91. 				"--host", "ldap-bind-server min",

  92. 				"--port", "1234",

  93. 				"--user-search-base", "ou=Users,dc=min-domain-bind,dc=org",

  94. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",

  95. 				"--email-attribute", "mail-bind min",

  96. 			},

  97. 			source: &auth.Source{

  98. 				Type:     auth.LDAP,

  99. 				Name:     "ldap (via Bind DN) source min",

  100. 				IsActive: true,

  101. 				Cfg: &ldap.Source{

  102. 					Name:             "ldap (via Bind DN) source min",

  103. 					Host:             "ldap-bind-server min",

  104. 					Port:             1234,

  105. 					SecurityProtocol: ldap.SecurityProtocol(0),

  106. 					UserBase:         "ou=Users,dc=min-domain-bind,dc=org",

  107. 					AttributeMail:    "mail-bind min",

  108. 					Filter:           "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",

  109. 					Enabled:          true,

  110. 				},

  111. 			},

  112. 		},

  113. 		// case 2

  114. 		{

  115. 			args: []string{

  116. 				"ldap-test",

  117. 				"--name", "ldap (via Bind DN) source",

  118. 				"--security-protocol", "zzzzz",

  119. 				"--host", "ldap-server",

  120. 				"--port", "1234",

  121. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  122. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  123. 				"--email-attribute", "mail",

  124. 			},

  125. 			errMsg: "Unknown security protocol name: zzzzz",

  126. 		},

  127. 		// case 3

  128. 		{

  129. 			args: []string{

  130. 				"ldap-test",

  131. 				"--security-protocol", "unencrypted",

  132. 				"--host", "ldap-server",

  133. 				"--port", "1234",

  134. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  135. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  136. 				"--email-attribute", "mail",

  137. 			},

  138. 			errMsg: "name is not set",

  139. 		},

  140. 		// case 4

  141. 		{

  142. 			args: []string{

  143. 				"ldap-test",

  144. 				"--name", "ldap (via Bind DN) source",

  145. 				"--host", "ldap-server",

  146. 				"--port", "1234",

  147. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  148. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  149. 				"--email-attribute", "mail",

  150. 			},

  151. 			errMsg: "security-protocol is not set",

  152. 		},

  153. 		// case 5

  154. 		{

  155. 			args: []string{

  156. 				"ldap-test",

  157. 				"--name", "ldap (via Bind DN) source",

  158. 				"--security-protocol", "unencrypted",

  159. 				"--port", "1234",

  160. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  161. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  162. 				"--email-attribute", "mail",

  163. 			},

  164. 			errMsg: "host is not set",

  165. 		},

  166. 		// case 6

  167. 		{

  168. 			args: []string{

  169. 				"ldap-test",

  170. 				"--name", "ldap (via Bind DN) source",

  171. 				"--security-protocol", "unencrypted",

  172. 				"--host", "ldap-server",

  173. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  174. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  175. 				"--email-attribute", "mail",

  176. 			},

  177. 			errMsg: "port is not set",

  178. 		},

  179. 		// case 7

  180. 		{

  181. 			args: []string{

  182. 				"ldap-test",

  183. 				"--name", "ldap (via Bind DN) source",

  184. 				"--security-protocol", "unencrypted",

  185. 				"--host", "ldap-server",

  186. 				"--port", "1234",

  187. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  188. 				"--email-attribute", "mail",

  189. 			},

  190. 			errMsg: "user-filter is not set",

  191. 		},

  192. 		// case 8

  193. 		{

  194. 			args: []string{

  195. 				"ldap-test",

  196. 				"--name", "ldap (via Bind DN) source",

  197. 				"--security-protocol", "unencrypted",

  198. 				"--host", "ldap-server",

  199. 				"--port", "1234",

  200. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  201. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  202. 			},

  203. 			errMsg: "email-attribute is not set",

  204. 		},

  205. 	}

  206. 

  207. 	for n, c := range cases {

  208. 		// Mock functions.

  209. 		var createdAuthSource *auth.Source

  210. 		service := &authService{

  211. 			initDB: func(context.Context) error {

  212. 				return nil

  213. 			},

  214. 			createAuthSource: func(authSource *auth.Source) error {

  215. 				createdAuthSource = authSource

  216. 				return nil

  217. 			},

  218. 			updateAuthSource: func(authSource *auth.Source) error {

  219. 				assert.FailNow(t, "case %d: should not call updateAuthSource", n)

  220. 				return nil

  221. 			},

  222. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  223. 				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)

  224. 				return nil, nil

  225. 			},

  226. 		}

  227. 

  228. 		// Create a copy of command to test

  229. 		app := cli.NewApp()

  230. 		app.Flags = cmdAuthAddLdapBindDn.Flags

  231. 		app.Action = service.addLdapBindDn

  232. 

  233. 		// Run it

  234. 		err := app.Run(c.args)

  235. 		if c.errMsg != "" {

  236. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  237. 		} else {

  238. 			assert.NoError(t, err, "case %d: should have no errors", n)

  239. 			assert.Equal(t, c.source, createdAuthSource, "case %d: wrong authSource", n)

  240. 		}

  241. 	}

  242. }

  243. 

  244. func TestAddLdapSimpleAuth(t *testing.T) {

  245. 	// Mock cli functions to do not exit on error

  246. 	var osExiter = cli.OsExiter

  247. 	defer func() { cli.OsExiter = osExiter }()

  248. 	cli.OsExiter = func(code int) {}

  249. 

  250. 	// Test cases

  251. 	var cases = []struct {

  252. 		args       []string

  253. 		authSource *auth.Source

  254. 		errMsg     string

  255. 	}{

  256. 		// case 0

  257. 		{

  258. 			args: []string{

  259. 				"ldap-test",

  260. 				"--name", "ldap (simple auth) source full",

  261. 				"--not-active",

  262. 				"--security-protocol", "starttls",

  263. 				"--skip-tls-verify",

  264. 				"--host", "ldap-simple-server full",

  265. 				"--port", "987",

  266. 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",

  267. 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  268. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  269. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  270. 				"--username-attribute", "uid-simple full",

  271. 				"--firstname-attribute", "givenName-simple full",

  272. 				"--surname-attribute", "sn-simple full",

  273. 				"--email-attribute", "mail-simple full",

  274. 				"--public-ssh-key-attribute", "publickey-simple full",

  275. 				"--avatar-attribute", "avatar-simple full",

  276. 				"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  277. 			},

  278. 			authSource: &auth.Source{

  279. 				Type:     auth.DLDAP,

  280. 				Name:     "ldap (simple auth) source full",

  281. 				IsActive: false,

  282. 				Cfg: &ldap.Source{

  283. 					Name:                  "ldap (simple auth) source full",

  284. 					Host:                  "ldap-simple-server full",

  285. 					Port:                  987,

  286. 					SecurityProtocol:      ldap.SecurityProtocol(2),

  287. 					SkipVerify:            true,

  288. 					UserDN:                "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  289. 					UserBase:              "ou=Users,dc=full-domain-simple,dc=org",

  290. 					AttributeUsername:     "uid-simple full",

  291. 					AttributeName:         "givenName-simple full",

  292. 					AttributeSurname:      "sn-simple full",

  293. 					AttributeMail:         "mail-simple full",

  294. 					AttributeSSHPublicKey: "publickey-simple full",

  295. 					AttributeAvatar:       "avatar-simple full",

  296. 					Filter:                "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  297. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  298. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  299. 					Enabled:               true,

  300. 				},

  301. 			},

  302. 		},

  303. 		// case 1

  304. 		{

  305. 			args: []string{

  306. 				"ldap-test",

  307. 				"--name", "ldap (simple auth) source min",

  308. 				"--security-protocol", "unencrypted",

  309. 				"--host", "ldap-simple-server min",

  310. 				"--port", "123",

  311. 				"--user-filter", "(&(objectClass=posixAccount)(min-simple-cn=%s))",

  312. 				"--email-attribute", "mail-simple min",

  313. 				"--user-dn", "cn=%s,ou=Users,dc=min-domain-simple,dc=org",

  314. 			},

  315. 			authSource: &auth.Source{

  316. 				Type:     auth.DLDAP,

  317. 				Name:     "ldap (simple auth) source min",

  318. 				IsActive: true,

  319. 				Cfg: &ldap.Source{

  320. 					Name:             "ldap (simple auth) source min",

  321. 					Host:             "ldap-simple-server min",

  322. 					Port:             123,

  323. 					SecurityProtocol: ldap.SecurityProtocol(0),

  324. 					UserDN:           "cn=%s,ou=Users,dc=min-domain-simple,dc=org",

  325. 					AttributeMail:    "mail-simple min",

  326. 					Filter:           "(&(objectClass=posixAccount)(min-simple-cn=%s))",

  327. 					Enabled:          true,

  328. 				},

  329. 			},

  330. 		},

  331. 		// case 2

  332. 		{

  333. 			args: []string{

  334. 				"ldap-test",

  335. 				"--name", "ldap (simple auth) source",

  336. 				"--security-protocol", "zzzzz",

  337. 				"--host", "ldap-server",

  338. 				"--port", "123",

  339. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  340. 				"--email-attribute", "mail",

  341. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  342. 			},

  343. 			errMsg: "Unknown security protocol name: zzzzz",

  344. 		},

  345. 		// case 3

  346. 		{

  347. 			args: []string{

  348. 				"ldap-test",

  349. 				"--security-protocol", "unencrypted",

  350. 				"--host", "ldap-server",

  351. 				"--port", "123",

  352. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  353. 				"--email-attribute", "mail",

  354. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  355. 			},

  356. 			errMsg: "name is not set",

  357. 		},

  358. 		// case 4

  359. 		{

  360. 			args: []string{

  361. 				"ldap-test",

  362. 				"--name", "ldap (simple auth) source",

  363. 				"--host", "ldap-server",

  364. 				"--port", "123",

  365. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  366. 				"--email-attribute", "mail",

  367. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  368. 			},

  369. 			errMsg: "security-protocol is not set",

  370. 		},

  371. 		// case 5

  372. 		{

  373. 			args: []string{

  374. 				"ldap-test",

  375. 				"--name", "ldap (simple auth) source",

  376. 				"--security-protocol", "unencrypted",

  377. 				"--port", "123",

  378. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  379. 				"--email-attribute", "mail",

  380. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  381. 			},

  382. 			errMsg: "host is not set",

  383. 		},

  384. 		// case 6

  385. 		{

  386. 			args: []string{

  387. 				"ldap-test",

  388. 				"--name", "ldap (simple auth) source",

  389. 				"--security-protocol", "unencrypted",

  390. 				"--host", "ldap-server",

  391. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  392. 				"--email-attribute", "mail",

  393. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  394. 			},

  395. 			errMsg: "port is not set",

  396. 		},

  397. 		// case 7

  398. 		{

  399. 			args: []string{

  400. 				"ldap-test",

  401. 				"--name", "ldap (simple auth) source",

  402. 				"--security-protocol", "unencrypted",

  403. 				"--host", "ldap-server",

  404. 				"--port", "123",

  405. 				"--email-attribute", "mail",

  406. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  407. 			},

  408. 			errMsg: "user-filter is not set",

  409. 		},

  410. 		// case 8

  411. 		{

  412. 			args: []string{

  413. 				"ldap-test",

  414. 				"--name", "ldap (simple auth) source",

  415. 				"--security-protocol", "unencrypted",

  416. 				"--host", "ldap-server",

  417. 				"--port", "123",

  418. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  419. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  420. 			},

  421. 			errMsg: "email-attribute is not set",

  422. 		},

  423. 		// case 9

  424. 		{

  425. 			args: []string{

  426. 				"ldap-test",

  427. 				"--name", "ldap (simple auth) source",

  428. 				"--security-protocol", "unencrypted",

  429. 				"--host", "ldap-server",

  430. 				"--port", "123",

  431. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  432. 				"--email-attribute", "mail",

  433. 			},

  434. 			errMsg: "user-dn is not set",

  435. 		},

  436. 	}

  437. 

  438. 	for n, c := range cases {

  439. 		// Mock functions.

  440. 		var createdAuthSource *auth.Source

  441. 		service := &authService{

  442. 			initDB: func(context.Context) error {

  443. 				return nil

  444. 			},

  445. 			createAuthSource: func(authSource *auth.Source) error {

  446. 				createdAuthSource = authSource

  447. 				return nil

  448. 			},

  449. 			updateAuthSource: func(authSource *auth.Source) error {

  450. 				assert.FailNow(t, "case %d: should not call updateAuthSource", n)

  451. 				return nil

  452. 			},

  453. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  454. 				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)

  455. 				return nil, nil

  456. 			},

  457. 		}

  458. 

  459. 		// Create a copy of command to test

  460. 		app := cli.NewApp()

  461. 		app.Flags = cmdAuthAddLdapSimpleAuth.Flags

  462. 		app.Action = service.addLdapSimpleAuth

  463. 

  464. 		// Run it

  465. 		err := app.Run(c.args)

  466. 		if c.errMsg != "" {

  467. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  468. 		} else {

  469. 			assert.NoError(t, err, "case %d: should have no errors", n)

  470. 			assert.Equal(t, c.authSource, createdAuthSource, "case %d: wrong authSource", n)

  471. 		}

  472. 	}

  473. }

  474. 

  475. func TestUpdateLdapBindDn(t *testing.T) {

  476. 	// Mock cli functions to do not exit on error

  477. 	var osExiter = cli.OsExiter

  478. 	defer func() { cli.OsExiter = osExiter }()

  479. 	cli.OsExiter = func(code int) {}

  480. 

  481. 	// Test cases

  482. 	var cases = []struct {

  483. 		args               []string

  484. 		id                 int64

  485. 		existingAuthSource *auth.Source

  486. 		authSource         *auth.Source

  487. 		errMsg             string

  488. 	}{

  489. 		// case 0

  490. 		{

  491. 			args: []string{

  492. 				"ldap-test",

  493. 				"--id", "23",

  494. 				"--name", "ldap (via Bind DN) source full",

  495. 				"--not-active",

  496. 				"--security-protocol", "LDAPS",

  497. 				"--skip-tls-verify",

  498. 				"--host", "ldap-bind-server full",

  499. 				"--port", "9876",

  500. 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",

  501. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  502. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  503. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  504. 				"--username-attribute", "uid-bind full",

  505. 				"--firstname-attribute", "givenName-bind full",

  506. 				"--surname-attribute", "sn-bind full",

  507. 				"--email-attribute", "mail-bind full",

  508. 				"--public-ssh-key-attribute", "publickey-bind full",

  509. 				"--avatar-attribute", "avatar-bind full",

  510. 				"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org",

  511. 				"--bind-password", "secret-bind-full",

  512. 				"--synchronize-users",

  513. 				"--page-size", "99",

  514. 			},

  515. 			id: 23,

  516. 			existingAuthSource: &auth.Source{

  517. 				Type:     auth.LDAP,

  518. 				IsActive: true,

  519. 				Cfg: &ldap.Source{

  520. 					Enabled: true,

  521. 				},

  522. 			},

  523. 			authSource: &auth.Source{

  524. 				Type:          auth.LDAP,

  525. 				Name:          "ldap (via Bind DN) source full",

  526. 				IsActive:      false,

  527. 				IsSyncEnabled: true,

  528. 				Cfg: &ldap.Source{

  529. 					Name:                  "ldap (via Bind DN) source full",

  530. 					Host:                  "ldap-bind-server full",

  531. 					Port:                  9876,

  532. 					SecurityProtocol:      ldap.SecurityProtocol(1),

  533. 					SkipVerify:            true,

  534. 					BindDN:                "cn=readonly,dc=full-domain-bind,dc=org",

  535. 					BindPassword:          "secret-bind-full",

  536. 					UserBase:              "ou=Users,dc=full-domain-bind,dc=org",

  537. 					AttributeUsername:     "uid-bind full",

  538. 					AttributeName:         "givenName-bind full",

  539. 					AttributeSurname:      "sn-bind full",

  540. 					AttributeMail:         "mail-bind full",

  541. 					AttributesInBind:      false,

  542. 					AttributeSSHPublicKey: "publickey-bind full",

  543. 					AttributeAvatar:       "avatar-bind full",

  544. 					SearchPageSize:        99,

  545. 					Filter:                "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  546. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  547. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  548. 					Enabled:               true,

  549. 				},

  550. 			},

  551. 		},

  552. 		// case 1

  553. 		{

  554. 			args: []string{

  555. 				"ldap-test",

  556. 				"--id", "1",

  557. 			},

  558. 			authSource: &auth.Source{

  559. 				Type: auth.LDAP,

  560. 				Cfg:  &ldap.Source{},

  561. 			},

  562. 		},

  563. 		// case 2

  564. 		{

  565. 			args: []string{

  566. 				"ldap-test",

  567. 				"--id", "1",

  568. 				"--name", "ldap (via Bind DN) source",

  569. 			},

  570. 			authSource: &auth.Source{

  571. 				Type: auth.LDAP,

  572. 				Name: "ldap (via Bind DN) source",

  573. 				Cfg: &ldap.Source{

  574. 					Name: "ldap (via Bind DN) source",

  575. 				},

  576. 			},

  577. 		},

  578. 		// case 3

  579. 		{

  580. 			args: []string{

  581. 				"ldap-test",

  582. 				"--id", "1",

  583. 				"--not-active",

  584. 			},

  585. 			existingAuthSource: &auth.Source{

  586. 				Type:     auth.LDAP,

  587. 				IsActive: true,

  588. 				Cfg:      &ldap.Source{},

  589. 			},

  590. 			authSource: &auth.Source{

  591. 				Type:     auth.LDAP,

  592. 				IsActive: false,

  593. 				Cfg:      &ldap.Source{},

  594. 			},

  595. 		},

  596. 		// case 4

  597. 		{

  598. 			args: []string{

  599. 				"ldap-test",

  600. 				"--id", "1",

  601. 				"--security-protocol", "LDAPS",

  602. 			},

  603. 			authSource: &auth.Source{

  604. 				Type: auth.LDAP,

  605. 				Cfg: &ldap.Source{

  606. 					SecurityProtocol: ldap.SecurityProtocol(1),

  607. 				},

  608. 			},

  609. 		},

  610. 		// case 5

  611. 		{

  612. 			args: []string{

  613. 				"ldap-test",

  614. 				"--id", "1",

  615. 				"--skip-tls-verify",

  616. 			},

  617. 			authSource: &auth.Source{

  618. 				Type: auth.LDAP,

  619. 				Cfg: &ldap.Source{

  620. 					SkipVerify: true,

  621. 				},

  622. 			},

  623. 		},

  624. 		// case 6

  625. 		{

  626. 			args: []string{

  627. 				"ldap-test",

  628. 				"--id", "1",

  629. 				"--host", "ldap-server",

  630. 			},

  631. 			authSource: &auth.Source{

  632. 				Type: auth.LDAP,

  633. 				Cfg: &ldap.Source{

  634. 					Host: "ldap-server",

  635. 				},

  636. 			},

  637. 		},

  638. 		// case 7

  639. 		{

  640. 			args: []string{

  641. 				"ldap-test",

  642. 				"--id", "1",

  643. 				"--port", "389",

  644. 			},

  645. 			authSource: &auth.Source{

  646. 				Type: auth.LDAP,

  647. 				Cfg: &ldap.Source{

  648. 					Port: 389,

  649. 				},

  650. 			},

  651. 		},

  652. 		// case 8

  653. 		{

  654. 			args: []string{

  655. 				"ldap-test",

  656. 				"--id", "1",

  657. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  658. 			},

  659. 			authSource: &auth.Source{

  660. 				Type: auth.LDAP,

  661. 				Cfg: &ldap.Source{

  662. 					UserBase: "ou=Users,dc=domain,dc=org",

  663. 				},

  664. 			},

  665. 		},

  666. 		// case 9

  667. 		{

  668. 			args: []string{

  669. 				"ldap-test",

  670. 				"--id", "1",

  671. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  672. 			},

  673. 			authSource: &auth.Source{

  674. 				Type: auth.LDAP,

  675. 				Cfg: &ldap.Source{

  676. 					Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  677. 				},

  678. 			},

  679. 		},

  680. 		// case 10

  681. 		{

  682. 			args: []string{

  683. 				"ldap-test",

  684. 				"--id", "1",

  685. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  686. 			},

  687. 			authSource: &auth.Source{

  688. 				Type: auth.LDAP,

  689. 				Cfg: &ldap.Source{

  690. 					AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  691. 				},

  692. 			},

  693. 		},

  694. 		// case 11

  695. 		{

  696. 			args: []string{

  697. 				"ldap-test",

  698. 				"--id", "1",

  699. 				"--username-attribute", "uid",

  700. 			},

  701. 			authSource: &auth.Source{

  702. 				Type: auth.LDAP,

  703. 				Cfg: &ldap.Source{

  704. 					AttributeUsername: "uid",

  705. 				},

  706. 			},

  707. 		},

  708. 		// case 12

  709. 		{

  710. 			args: []string{

  711. 				"ldap-test",

  712. 				"--id", "1",

  713. 				"--firstname-attribute", "givenName",

  714. 			},

  715. 			authSource: &auth.Source{

  716. 				Type: auth.LDAP,

  717. 				Cfg: &ldap.Source{

  718. 					AttributeName: "givenName",

  719. 				},

  720. 			},

  721. 		},

  722. 		// case 13

  723. 		{

  724. 			args: []string{

  725. 				"ldap-test",

  726. 				"--id", "1",

  727. 				"--surname-attribute", "sn",

  728. 			},

  729. 			authSource: &auth.Source{

  730. 				Type: auth.LDAP,

  731. 				Cfg: &ldap.Source{

  732. 					AttributeSurname: "sn",

  733. 				},

  734. 			},

  735. 		},

  736. 		// case 14

  737. 		{

  738. 			args: []string{

  739. 				"ldap-test",

  740. 				"--id", "1",

  741. 				"--email-attribute", "mail",

  742. 			},

  743. 			authSource: &auth.Source{

  744. 				Type: auth.LDAP,

  745. 				Cfg: &ldap.Source{

  746. 					AttributeMail: "mail",

  747. 				},

  748. 			},

  749. 		},

  750. 		// case 15

  751. 		{

  752. 			args: []string{

  753. 				"ldap-test",

  754. 				"--id", "1",

  755. 				"--attributes-in-bind",

  756. 			},

  757. 			authSource: &auth.Source{

  758. 				Type: auth.LDAP,

  759. 				Cfg: &ldap.Source{

  760. 					AttributesInBind: true,

  761. 				},

  762. 			},

  763. 		},

  764. 		// case 16

  765. 		{

  766. 			args: []string{

  767. 				"ldap-test",

  768. 				"--id", "1",

  769. 				"--public-ssh-key-attribute", "publickey",

  770. 			},

  771. 			authSource: &auth.Source{

  772. 				Type: auth.LDAP,

  773. 				Cfg: &ldap.Source{

  774. 					AttributeSSHPublicKey: "publickey",

  775. 				},

  776. 			},

  777. 		},

  778. 		// case 17

  779. 		{

  780. 			args: []string{

  781. 				"ldap-test",

  782. 				"--id", "1",

  783. 				"--bind-dn", "cn=readonly,dc=domain,dc=org",

  784. 			},

  785. 			authSource: &auth.Source{

  786. 				Type: auth.LDAP,

  787. 				Cfg: &ldap.Source{

  788. 					BindDN: "cn=readonly,dc=domain,dc=org",

  789. 				},

  790. 			},

  791. 		},

  792. 		// case 18

  793. 		{

  794. 			args: []string{

  795. 				"ldap-test",

  796. 				"--id", "1",

  797. 				"--bind-password", "secret",

  798. 			},

  799. 			authSource: &auth.Source{

  800. 				Type: auth.LDAP,

  801. 				Cfg: &ldap.Source{

  802. 					BindPassword: "secret",

  803. 				},

  804. 			},

  805. 		},

  806. 		// case 19

  807. 		{

  808. 			args: []string{

  809. 				"ldap-test",

  810. 				"--id", "1",

  811. 				"--synchronize-users",

  812. 			},

  813. 			authSource: &auth.Source{

  814. 				Type:          auth.LDAP,

  815. 				IsSyncEnabled: true,

  816. 				Cfg:           &ldap.Source{},

  817. 			},

  818. 		},

  819. 		// case 20

  820. 		{

  821. 			args: []string{

  822. 				"ldap-test",

  823. 				"--id", "1",

  824. 				"--page-size", "12",

  825. 			},

  826. 			authSource: &auth.Source{

  827. 				Type: auth.LDAP,

  828. 				Cfg: &ldap.Source{

  829. 					SearchPageSize: 12,

  830. 				},

  831. 			},

  832. 		},

  833. 		// case 21

  834. 		{

  835. 			args: []string{

  836. 				"ldap-test",

  837. 				"--id", "1",

  838. 				"--security-protocol", "xxxxx",

  839. 			},

  840. 			errMsg: "Unknown security protocol name: xxxxx",

  841. 		},

  842. 		// case 22

  843. 		{

  844. 			args: []string{

  845. 				"ldap-test",

  846. 			},

  847. 			errMsg: "id is not set",

  848. 		},

  849. 		// case 23

  850. 		{

  851. 			args: []string{

  852. 				"ldap-test",

  853. 				"--id", "1",

  854. 			},

  855. 			existingAuthSource: &auth.Source{

  856. 				Type: auth.OAuth2,

  857. 				Cfg:  &ldap.Source{},

  858. 			},

  859. 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",

  860. 		},

  861. 	}

  862. 

  863. 	for n, c := range cases {

  864. 		// Mock functions.

  865. 		var updatedAuthSource *auth.Source

  866. 		service := &authService{

  867. 			initDB: func(context.Context) error {

  868. 				return nil

  869. 			},

  870. 			createAuthSource: func(authSource *auth.Source) error {

  871. 				assert.FailNow(t, "case %d: should not call createAuthSource", n)

  872. 				return nil

  873. 			},

  874. 			updateAuthSource: func(authSource *auth.Source) error {

  875. 				updatedAuthSource = authSource

  876. 				return nil

  877. 			},

  878. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  879. 				if c.id != 0 {

  880. 					assert.Equal(t, c.id, id, "case %d: wrong id", n)

  881. 				}

  882. 				if c.existingAuthSource != nil {

  883. 					return c.existingAuthSource, nil

  884. 				}

  885. 				return &auth.Source{

  886. 					Type: auth.LDAP,

  887. 					Cfg:  &ldap.Source{},

  888. 				}, nil

  889. 			},

  890. 		}

  891. 

  892. 		// Create a copy of command to test

  893. 		app := cli.NewApp()

  894. 		app.Flags = cmdAuthUpdateLdapBindDn.Flags

  895. 		app.Action = service.updateLdapBindDn

  896. 

  897. 		// Run it

  898. 		err := app.Run(c.args)

  899. 		if c.errMsg != "" {

  900. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  901. 		} else {

  902. 			assert.NoError(t, err, "case %d: should have no errors", n)

  903. 			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)

  904. 		}

  905. 	}

  906. }

  907. 

  908. func TestUpdateLdapSimpleAuth(t *testing.T) {

  909. 	// Mock cli functions to do not exit on error

  910. 	var osExiter = cli.OsExiter

  911. 	defer func() { cli.OsExiter = osExiter }()

  912. 	cli.OsExiter = func(code int) {}

  913. 

  914. 	// Test cases

  915. 	var cases = []struct {

  916. 		args               []string

  917. 		id                 int64

  918. 		existingAuthSource *auth.Source

  919. 		authSource         *auth.Source

  920. 		errMsg             string

  921. 	}{

  922. 		// case 0

  923. 		{

  924. 			args: []string{

  925. 				"ldap-test",

  926. 				"--id", "7",

  927. 				"--name", "ldap (simple auth) source full",

  928. 				"--not-active",

  929. 				"--security-protocol", "starttls",

  930. 				"--skip-tls-verify",

  931. 				"--host", "ldap-simple-server full",

  932. 				"--port", "987",

  933. 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",

  934. 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  935. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  936. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  937. 				"--username-attribute", "uid-simple full",

  938. 				"--firstname-attribute", "givenName-simple full",

  939. 				"--surname-attribute", "sn-simple full",

  940. 				"--email-attribute", "mail-simple full",

  941. 				"--public-ssh-key-attribute", "publickey-simple full",

  942. 				"--avatar-attribute", "avatar-simple full",

  943. 				"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  944. 			},

  945. 			id: 7,

  946. 			authSource: &auth.Source{

  947. 				Type:     auth.DLDAP,

  948. 				Name:     "ldap (simple auth) source full",

  949. 				IsActive: false,

  950. 				Cfg: &ldap.Source{

  951. 					Name:                  "ldap (simple auth) source full",

  952. 					Host:                  "ldap-simple-server full",

  953. 					Port:                  987,

  954. 					SecurityProtocol:      ldap.SecurityProtocol(2),

  955. 					SkipVerify:            true,

  956. 					UserDN:                "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  957. 					UserBase:              "ou=Users,dc=full-domain-simple,dc=org",

  958. 					AttributeUsername:     "uid-simple full",

  959. 					AttributeName:         "givenName-simple full",

  960. 					AttributeSurname:      "sn-simple full",

  961. 					AttributeMail:         "mail-simple full",

  962. 					AttributeSSHPublicKey: "publickey-simple full",

  963. 					AttributeAvatar:       "avatar-simple full",

  964. 					Filter:                "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  965. 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  966. 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  967. 				},

  968. 			},

  969. 		},

  970. 		// case 1

  971. 		{

  972. 			args: []string{

  973. 				"ldap-test",

  974. 				"--id", "1",

  975. 			},

  976. 			authSource: &auth.Source{

  977. 				Type: auth.DLDAP,

  978. 				Cfg:  &ldap.Source{},

  979. 			},

  980. 		},

  981. 		// case 2

  982. 		{

  983. 			args: []string{

  984. 				"ldap-test",

  985. 				"--id", "1",

  986. 				"--name", "ldap (simple auth) source",

  987. 			},

  988. 			authSource: &auth.Source{

  989. 				Type: auth.DLDAP,

  990. 				Name: "ldap (simple auth) source",

  991. 				Cfg: &ldap.Source{

  992. 					Name: "ldap (simple auth) source",

  993. 				},

  994. 			},

  995. 		},

  996. 		// case 3

  997. 		{

  998. 			args: []string{

  999. 				"ldap-test",

  1000. 				"--id", "1",

  1001. 				"--not-active",

  1002. 			},

  1003. 			existingAuthSource: &auth.Source{

  1004. 				Type:     auth.DLDAP,

  1005. 				IsActive: true,

  1006. 				Cfg:      &ldap.Source{},

  1007. 			},

  1008. 			authSource: &auth.Source{

  1009. 				Type:     auth.DLDAP,

  1010. 				IsActive: false,

  1011. 				Cfg:      &ldap.Source{},

  1012. 			},

  1013. 		},

  1014. 		// case 4

  1015. 		{

  1016. 			args: []string{

  1017. 				"ldap-test",

  1018. 				"--id", "1",

  1019. 				"--security-protocol", "starttls",

  1020. 			},

  1021. 			authSource: &auth.Source{

  1022. 				Type: auth.DLDAP,

  1023. 				Cfg: &ldap.Source{

  1024. 					SecurityProtocol: ldap.SecurityProtocol(2),

  1025. 				},

  1026. 			},

  1027. 		},

  1028. 		// case 5

  1029. 		{

  1030. 			args: []string{

  1031. 				"ldap-test",

  1032. 				"--id", "1",

  1033. 				"--skip-tls-verify",

  1034. 			},

  1035. 			authSource: &auth.Source{

  1036. 				Type: auth.DLDAP,

  1037. 				Cfg: &ldap.Source{

  1038. 					SkipVerify: true,

  1039. 				},

  1040. 			},

  1041. 		},

  1042. 		// case 6

  1043. 		{

  1044. 			args: []string{

  1045. 				"ldap-test",

  1046. 				"--id", "1",

  1047. 				"--host", "ldap-server",

  1048. 			},

  1049. 			authSource: &auth.Source{

  1050. 				Type: auth.DLDAP,

  1051. 				Cfg: &ldap.Source{

  1052. 					Host: "ldap-server",

  1053. 				},

  1054. 			},

  1055. 		},

  1056. 		// case 7

  1057. 		{

  1058. 			args: []string{

  1059. 				"ldap-test",

  1060. 				"--id", "1",

  1061. 				"--port", "987",

  1062. 			},

  1063. 			authSource: &auth.Source{

  1064. 				Type: auth.DLDAP,

  1065. 				Cfg: &ldap.Source{

  1066. 					Port: 987,

  1067. 				},

  1068. 			},

  1069. 		},

  1070. 		// case 8

  1071. 		{

  1072. 			args: []string{

  1073. 				"ldap-test",

  1074. 				"--id", "1",

  1075. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  1076. 			},

  1077. 			authSource: &auth.Source{

  1078. 				Type: auth.DLDAP,

  1079. 				Cfg: &ldap.Source{

  1080. 					UserBase: "ou=Users,dc=domain,dc=org",

  1081. 				},

  1082. 			},

  1083. 		},

  1084. 		// case 9

  1085. 		{

  1086. 			args: []string{

  1087. 				"ldap-test",

  1088. 				"--id", "1",

  1089. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  1090. 			},

  1091. 			authSource: &auth.Source{

  1092. 				Type: auth.DLDAP,

  1093. 				Cfg: &ldap.Source{

  1094. 					Filter: "(&(objectClass=posixAccount)(cn=%s))",

  1095. 				},

  1096. 			},

  1097. 		},

  1098. 		// case 10

  1099. 		{

  1100. 			args: []string{

  1101. 				"ldap-test",

  1102. 				"--id", "1",

  1103. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  1104. 			},

  1105. 			authSource: &auth.Source{

  1106. 				Type: auth.DLDAP,

  1107. 				Cfg: &ldap.Source{

  1108. 					AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  1109. 				},

  1110. 			},

  1111. 		},

  1112. 		// case 11

  1113. 		{

  1114. 			args: []string{

  1115. 				"ldap-test",

  1116. 				"--id", "1",

  1117. 				"--username-attribute", "uid",

  1118. 			},

  1119. 			authSource: &auth.Source{

  1120. 				Type: auth.DLDAP,

  1121. 				Cfg: &ldap.Source{

  1122. 					AttributeUsername: "uid",

  1123. 				},

  1124. 			},

  1125. 		},

  1126. 		// case 12

  1127. 		{

  1128. 			args: []string{

  1129. 				"ldap-test",

  1130. 				"--id", "1",

  1131. 				"--firstname-attribute", "givenName",

  1132. 			},

  1133. 			authSource: &auth.Source{

  1134. 				Type: auth.DLDAP,

  1135. 				Cfg: &ldap.Source{

  1136. 					AttributeName: "givenName",

  1137. 				},

  1138. 			},

  1139. 		},

  1140. 		// case 13

  1141. 		{

  1142. 			args: []string{

  1143. 				"ldap-test",

  1144. 				"--id", "1",

  1145. 				"--surname-attribute", "sn",

  1146. 			},

  1147. 			authSource: &auth.Source{

  1148. 				Type: auth.DLDAP,

  1149. 				Cfg: &ldap.Source{

  1150. 					AttributeSurname: "sn",

  1151. 				},

  1152. 			},

  1153. 		},

  1154. 		// case 14

  1155. 		{

  1156. 			args: []string{

  1157. 				"ldap-test",

  1158. 				"--id", "1",

  1159. 				"--email-attribute", "mail",

  1160. 			},

  1161. 			authSource: &auth.Source{

  1162. 				Type: auth.DLDAP,

  1163. 				Cfg: &ldap.Source{

  1164. 

  1165. 					AttributeMail: "mail",

  1166. 				},

  1167. 			},

  1168. 		},

  1169. 		// case 15

  1170. 		{

  1171. 			args: []string{

  1172. 				"ldap-test",

  1173. 				"--id", "1",

  1174. 				"--public-ssh-key-attribute", "publickey",

  1175. 			},

  1176. 			authSource: &auth.Source{

  1177. 				Type: auth.DLDAP,

  1178. 				Cfg: &ldap.Source{

  1179. 					AttributeSSHPublicKey: "publickey",

  1180. 				},

  1181. 			},

  1182. 		},

  1183. 		// case 16

  1184. 		{

  1185. 			args: []string{

  1186. 				"ldap-test",

  1187. 				"--id", "1",

  1188. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  1189. 			},

  1190. 			authSource: &auth.Source{

  1191. 				Type: auth.DLDAP,

  1192. 				Cfg: &ldap.Source{

  1193. 					UserDN: "cn=%s,ou=Users,dc=domain,dc=org",

  1194. 				},

  1195. 			},

  1196. 		},

  1197. 		// case 17

  1198. 		{

  1199. 			args: []string{

  1200. 				"ldap-test",

  1201. 				"--id", "1",

  1202. 				"--security-protocol", "xxxxx",

  1203. 			},

  1204. 			errMsg: "Unknown security protocol name: xxxxx",

  1205. 		},

  1206. 		// case 18

  1207. 		{

  1208. 			args: []string{

  1209. 				"ldap-test",

  1210. 			},

  1211. 			errMsg: "id is not set",

  1212. 		},

  1213. 		// case 19

  1214. 		{

  1215. 			args: []string{

  1216. 				"ldap-test",

  1217. 				"--id", "1",

  1218. 			},

  1219. 			existingAuthSource: &auth.Source{

  1220. 				Type: auth.PAM,

  1221. 				Cfg:  &ldap.Source{},

  1222. 			},

  1223. 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",

  1224. 		},

  1225. 	}

  1226. 

  1227. 	for n, c := range cases {

  1228. 		// Mock functions.

  1229. 		var updatedAuthSource *auth.Source

  1230. 		service := &authService{

  1231. 			initDB: func(context.Context) error {

  1232. 				return nil

  1233. 			},

  1234. 			createAuthSource: func(authSource *auth.Source) error {

  1235. 				assert.FailNow(t, "case %d: should not call createAuthSource", n)

  1236. 				return nil

  1237. 			},

  1238. 			updateAuthSource: func(authSource *auth.Source) error {

  1239. 				updatedAuthSource = authSource

  1240. 				return nil

  1241. 			},

  1242. 			getAuthSourceByID: func(id int64) (*auth.Source, error) {

  1243. 				if c.id != 0 {

  1244. 					assert.Equal(t, c.id, id, "case %d: wrong id", n)

  1245. 				}

  1246. 				if c.existingAuthSource != nil {

  1247. 					return c.existingAuthSource, nil

  1248. 				}

  1249. 				return &auth.Source{

  1250. 					Type: auth.DLDAP,

  1251. 					Cfg:  &ldap.Source{},

  1252. 				}, nil

  1253. 			},

  1254. 		}

  1255. 

  1256. 		// Create a copy of command to test

  1257. 		app := cli.NewApp()

  1258. 		app.Flags = cmdAuthUpdateLdapSimpleAuth.Flags

  1259. 		app.Action = service.updateLdapSimpleAuth

  1260. 

  1261. 		// Run it

  1262. 		err := app.Run(c.args)

  1263. 		if c.errMsg != "" {

  1264. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  1265. 		} else {

  1266. 			assert.NoError(t, err, "case %d: should have no errors", n)

  1267. 			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)

  1268. 		}

  1269. 	}

  1270. }