mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7814 Commits
17 Branches
Tree: v1.12.1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'v1.12.1'
${ noResults }
gitea/cmd/admin_auth_ldap_test.go

admin_auth_ldap_test.go 34KB
Raw Permalink Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package cmd

  6. 

  7. import (

  8. 	"testing"

  9. 

  10. 	"code.gitea.io/gitea/models"

  11. 	"code.gitea.io/gitea/modules/auth/ldap"

  12. 

  13. 	"github.com/stretchr/testify/assert"

  14. 	"github.com/urfave/cli"

  15. )

  16. 

  17. func TestAddLdapBindDn(t *testing.T) {

  18. 	// Mock cli functions to do not exit on error

  19. 	var osExiter = cli.OsExiter

  20. 	defer func() { cli.OsExiter = osExiter }()

  21. 	cli.OsExiter = func(code int) {}

  22. 

  23. 	// Test cases

  24. 	var cases = []struct {

  25. 		args        []string

  26. 		loginSource *models.LoginSource

  27. 		errMsg      string

  28. 	}{

  29. 		// case 0

  30. 		{

  31. 			args: []string{

  32. 				"ldap-test",

  33. 				"--name", "ldap (via Bind DN) source full",

  34. 				"--not-active",

  35. 				"--security-protocol", "ldaps",

  36. 				"--skip-tls-verify",

  37. 				"--host", "ldap-bind-server full",

  38. 				"--port", "9876",

  39. 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",

  40. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  41. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  42. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  43. 				"--username-attribute", "uid-bind full",

  44. 				"--firstname-attribute", "givenName-bind full",

  45. 				"--surname-attribute", "sn-bind full",

  46. 				"--email-attribute", "mail-bind full",

  47. 				"--public-ssh-key-attribute", "publickey-bind full",

  48. 				"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org",

  49. 				"--bind-password", "secret-bind-full",

  50. 				"--attributes-in-bind",

  51. 				"--synchronize-users",

  52. 				"--page-size", "99",

  53. 			},

  54. 			loginSource: &models.LoginSource{

  55. 				Type:          models.LoginLDAP,

  56. 				Name:          "ldap (via Bind DN) source full",

  57. 				IsActived:     false,

  58. 				IsSyncEnabled: true,

  59. 				Cfg: &models.LDAPConfig{

  60. 					Source: &ldap.Source{

  61. 						Name:                  "ldap (via Bind DN) source full",

  62. 						Host:                  "ldap-bind-server full",

  63. 						Port:                  9876,

  64. 						SecurityProtocol:      ldap.SecurityProtocol(1),

  65. 						SkipVerify:            true,

  66. 						BindDN:                "cn=readonly,dc=full-domain-bind,dc=org",

  67. 						BindPassword:          "secret-bind-full",

  68. 						UserBase:              "ou=Users,dc=full-domain-bind,dc=org",

  69. 						AttributeUsername:     "uid-bind full",

  70. 						AttributeName:         "givenName-bind full",

  71. 						AttributeSurname:      "sn-bind full",

  72. 						AttributeMail:         "mail-bind full",

  73. 						AttributesInBind:      true,

  74. 						AttributeSSHPublicKey: "publickey-bind full",

  75. 						SearchPageSize:        99,

  76. 						Filter:                "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  77. 						AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  78. 						RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  79. 						Enabled:               true,

  80. 					},

  81. 				},

  82. 			},

  83. 		},

  84. 		// case 1

  85. 		{

  86. 			args: []string{

  87. 				"ldap-test",

  88. 				"--name", "ldap (via Bind DN) source min",

  89. 				"--security-protocol", "unencrypted",

  90. 				"--host", "ldap-bind-server min",

  91. 				"--port", "1234",

  92. 				"--user-search-base", "ou=Users,dc=min-domain-bind,dc=org",

  93. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",

  94. 				"--email-attribute", "mail-bind min",

  95. 			},

  96. 			loginSource: &models.LoginSource{

  97. 				Type:      models.LoginLDAP,

  98. 				Name:      "ldap (via Bind DN) source min",

  99. 				IsActived: true,

  100. 				Cfg: &models.LDAPConfig{

  101. 					Source: &ldap.Source{

  102. 						Name:             "ldap (via Bind DN) source min",

  103. 						Host:             "ldap-bind-server min",

  104. 						Port:             1234,

  105. 						SecurityProtocol: ldap.SecurityProtocol(0),

  106. 						UserBase:         "ou=Users,dc=min-domain-bind,dc=org",

  107. 						AttributeMail:    "mail-bind min",

  108. 						Filter:           "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",

  109. 						Enabled:          true,

  110. 					},

  111. 				},

  112. 			},

  113. 		},

  114. 		// case 2

  115. 		{

  116. 			args: []string{

  117. 				"ldap-test",

  118. 				"--name", "ldap (via Bind DN) source",

  119. 				"--security-protocol", "zzzzz",

  120. 				"--host", "ldap-server",

  121. 				"--port", "1234",

  122. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  123. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  124. 				"--email-attribute", "mail",

  125. 			},

  126. 			errMsg: "Unknown security protocol name: zzzzz",

  127. 		},

  128. 		// case 3

  129. 		{

  130. 			args: []string{

  131. 				"ldap-test",

  132. 				"--security-protocol", "unencrypted",

  133. 				"--host", "ldap-server",

  134. 				"--port", "1234",

  135. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  136. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  137. 				"--email-attribute", "mail",

  138. 			},

  139. 			errMsg: "name is not set",

  140. 		},

  141. 		// case 4

  142. 		{

  143. 			args: []string{

  144. 				"ldap-test",

  145. 				"--name", "ldap (via Bind DN) source",

  146. 				"--host", "ldap-server",

  147. 				"--port", "1234",

  148. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  149. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  150. 				"--email-attribute", "mail",

  151. 			},

  152. 			errMsg: "security-protocol is not set",

  153. 		},

  154. 		// case 5

  155. 		{

  156. 			args: []string{

  157. 				"ldap-test",

  158. 				"--name", "ldap (via Bind DN) source",

  159. 				"--security-protocol", "unencrypted",

  160. 				"--port", "1234",

  161. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  162. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  163. 				"--email-attribute", "mail",

  164. 			},

  165. 			errMsg: "host is not set",

  166. 		},

  167. 		// case 6

  168. 		{

  169. 			args: []string{

  170. 				"ldap-test",

  171. 				"--name", "ldap (via Bind DN) source",

  172. 				"--security-protocol", "unencrypted",

  173. 				"--host", "ldap-server",

  174. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  175. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  176. 				"--email-attribute", "mail",

  177. 			},

  178. 			errMsg: "port is not set",

  179. 		},

  180. 		// case 7

  181. 		{

  182. 			args: []string{

  183. 				"ldap-test",

  184. 				"--name", "ldap (via Bind DN) source",

  185. 				"--security-protocol", "unencrypted",

  186. 				"--host", "ldap-server",

  187. 				"--port", "1234",

  188. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  189. 				"--email-attribute", "mail",

  190. 			},

  191. 			errMsg: "user-filter is not set",

  192. 		},

  193. 		// case 8

  194. 		{

  195. 			args: []string{

  196. 				"ldap-test",

  197. 				"--name", "ldap (via Bind DN) source",

  198. 				"--security-protocol", "unencrypted",

  199. 				"--host", "ldap-server",

  200. 				"--port", "1234",

  201. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  202. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  203. 			},

  204. 			errMsg: "email-attribute is not set",

  205. 		},

  206. 	}

  207. 

  208. 	for n, c := range cases {

  209. 		// Mock functions.

  210. 		var createdLoginSource *models.LoginSource

  211. 		service := &authService{

  212. 			initDB: func() error {

  213. 				return nil

  214. 			},

  215. 			createLoginSource: func(loginSource *models.LoginSource) error {

  216. 				createdLoginSource = loginSource

  217. 				return nil

  218. 			},

  219. 			updateLoginSource: func(loginSource *models.LoginSource) error {

  220. 				assert.FailNow(t, "case %d: should not call updateLoginSource", n)

  221. 				return nil

  222. 			},

  223. 			getLoginSourceByID: func(id int64) (*models.LoginSource, error) {

  224. 				assert.FailNow(t, "case %d: should not call getLoginSourceByID", n)

  225. 				return nil, nil

  226. 			},

  227. 		}

  228. 

  229. 		// Create a copy of command to test

  230. 		app := cli.NewApp()

  231. 		app.Flags = cmdAuthAddLdapBindDn.Flags

  232. 		app.Action = service.addLdapBindDn

  233. 

  234. 		// Run it

  235. 		err := app.Run(c.args)

  236. 		if c.errMsg != "" {

  237. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  238. 		} else {

  239. 			assert.NoError(t, err, "case %d: should have no errors", n)

  240. 			assert.Equal(t, c.loginSource, createdLoginSource, "case %d: wrong loginSource", n)

  241. 		}

  242. 	}

  243. }

  244. 

  245. func TestAddLdapSimpleAuth(t *testing.T) {

  246. 	// Mock cli functions to do not exit on error

  247. 	var osExiter = cli.OsExiter

  248. 	defer func() { cli.OsExiter = osExiter }()

  249. 	cli.OsExiter = func(code int) {}

  250. 

  251. 	// Test cases

  252. 	var cases = []struct {

  253. 		args        []string

  254. 		loginSource *models.LoginSource

  255. 		errMsg      string

  256. 	}{

  257. 		// case 0

  258. 		{

  259. 			args: []string{

  260. 				"ldap-test",

  261. 				"--name", "ldap (simple auth) source full",

  262. 				"--not-active",

  263. 				"--security-protocol", "starttls",

  264. 				"--skip-tls-verify",

  265. 				"--host", "ldap-simple-server full",

  266. 				"--port", "987",

  267. 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",

  268. 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  269. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  270. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  271. 				"--username-attribute", "uid-simple full",

  272. 				"--firstname-attribute", "givenName-simple full",

  273. 				"--surname-attribute", "sn-simple full",

  274. 				"--email-attribute", "mail-simple full",

  275. 				"--public-ssh-key-attribute", "publickey-simple full",

  276. 				"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  277. 			},

  278. 			loginSource: &models.LoginSource{

  279. 				Type:      models.LoginDLDAP,

  280. 				Name:      "ldap (simple auth) source full",

  281. 				IsActived: false,

  282. 				Cfg: &models.LDAPConfig{

  283. 					Source: &ldap.Source{

  284. 						Name:                  "ldap (simple auth) source full",

  285. 						Host:                  "ldap-simple-server full",

  286. 						Port:                  987,

  287. 						SecurityProtocol:      ldap.SecurityProtocol(2),

  288. 						SkipVerify:            true,

  289. 						UserDN:                "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  290. 						UserBase:              "ou=Users,dc=full-domain-simple,dc=org",

  291. 						AttributeUsername:     "uid-simple full",

  292. 						AttributeName:         "givenName-simple full",

  293. 						AttributeSurname:      "sn-simple full",

  294. 						AttributeMail:         "mail-simple full",

  295. 						AttributeSSHPublicKey: "publickey-simple full",

  296. 						Filter:                "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  297. 						AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  298. 						RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  299. 						Enabled:               true,

  300. 					},

  301. 				},

  302. 			},

  303. 		},

  304. 		// case 1

  305. 		{

  306. 			args: []string{

  307. 				"ldap-test",

  308. 				"--name", "ldap (simple auth) source min",

  309. 				"--security-protocol", "unencrypted",

  310. 				"--host", "ldap-simple-server min",

  311. 				"--port", "123",

  312. 				"--user-filter", "(&(objectClass=posixAccount)(min-simple-cn=%s))",

  313. 				"--email-attribute", "mail-simple min",

  314. 				"--user-dn", "cn=%s,ou=Users,dc=min-domain-simple,dc=org",

  315. 			},

  316. 			loginSource: &models.LoginSource{

  317. 				Type:      models.LoginDLDAP,

  318. 				Name:      "ldap (simple auth) source min",

  319. 				IsActived: true,

  320. 				Cfg: &models.LDAPConfig{

  321. 					Source: &ldap.Source{

  322. 						Name:             "ldap (simple auth) source min",

  323. 						Host:             "ldap-simple-server min",

  324. 						Port:             123,

  325. 						SecurityProtocol: ldap.SecurityProtocol(0),

  326. 						UserDN:           "cn=%s,ou=Users,dc=min-domain-simple,dc=org",

  327. 						AttributeMail:    "mail-simple min",

  328. 						Filter:           "(&(objectClass=posixAccount)(min-simple-cn=%s))",

  329. 						Enabled:          true,

  330. 					},

  331. 				},

  332. 			},

  333. 		},

  334. 		// case 2

  335. 		{

  336. 			args: []string{

  337. 				"ldap-test",

  338. 				"--name", "ldap (simple auth) source",

  339. 				"--security-protocol", "zzzzz",

  340. 				"--host", "ldap-server",

  341. 				"--port", "123",

  342. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  343. 				"--email-attribute", "mail",

  344. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  345. 			},

  346. 			errMsg: "Unknown security protocol name: zzzzz",

  347. 		},

  348. 		// case 3

  349. 		{

  350. 			args: []string{

  351. 				"ldap-test",

  352. 				"--security-protocol", "unencrypted",

  353. 				"--host", "ldap-server",

  354. 				"--port", "123",

  355. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  356. 				"--email-attribute", "mail",

  357. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  358. 			},

  359. 			errMsg: "name is not set",

  360. 		},

  361. 		// case 4

  362. 		{

  363. 			args: []string{

  364. 				"ldap-test",

  365. 				"--name", "ldap (simple auth) source",

  366. 				"--host", "ldap-server",

  367. 				"--port", "123",

  368. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  369. 				"--email-attribute", "mail",

  370. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  371. 			},

  372. 			errMsg: "security-protocol is not set",

  373. 		},

  374. 		// case 5

  375. 		{

  376. 			args: []string{

  377. 				"ldap-test",

  378. 				"--name", "ldap (simple auth) source",

  379. 				"--security-protocol", "unencrypted",

  380. 				"--port", "123",

  381. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  382. 				"--email-attribute", "mail",

  383. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  384. 			},

  385. 			errMsg: "host is not set",

  386. 		},

  387. 		// case 6

  388. 		{

  389. 			args: []string{

  390. 				"ldap-test",

  391. 				"--name", "ldap (simple auth) source",

  392. 				"--security-protocol", "unencrypted",

  393. 				"--host", "ldap-server",

  394. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  395. 				"--email-attribute", "mail",

  396. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  397. 			},

  398. 			errMsg: "port is not set",

  399. 		},

  400. 		// case 7

  401. 		{

  402. 			args: []string{

  403. 				"ldap-test",

  404. 				"--name", "ldap (simple auth) source",

  405. 				"--security-protocol", "unencrypted",

  406. 				"--host", "ldap-server",

  407. 				"--port", "123",

  408. 				"--email-attribute", "mail",

  409. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  410. 			},

  411. 			errMsg: "user-filter is not set",

  412. 		},

  413. 		// case 8

  414. 		{

  415. 			args: []string{

  416. 				"ldap-test",

  417. 				"--name", "ldap (simple auth) source",

  418. 				"--security-protocol", "unencrypted",

  419. 				"--host", "ldap-server",

  420. 				"--port", "123",

  421. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  422. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  423. 			},

  424. 			errMsg: "email-attribute is not set",

  425. 		},

  426. 		// case 9

  427. 		{

  428. 			args: []string{

  429. 				"ldap-test",

  430. 				"--name", "ldap (simple auth) source",

  431. 				"--security-protocol", "unencrypted",

  432. 				"--host", "ldap-server",

  433. 				"--port", "123",

  434. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  435. 				"--email-attribute", "mail",

  436. 			},

  437. 			errMsg: "user-dn is not set",

  438. 		},

  439. 	}

  440. 

  441. 	for n, c := range cases {

  442. 		// Mock functions.

  443. 		var createdLoginSource *models.LoginSource

  444. 		service := &authService{

  445. 			initDB: func() error {

  446. 				return nil

  447. 			},

  448. 			createLoginSource: func(loginSource *models.LoginSource) error {

  449. 				createdLoginSource = loginSource

  450. 				return nil

  451. 			},

  452. 			updateLoginSource: func(loginSource *models.LoginSource) error {

  453. 				assert.FailNow(t, "case %d: should not call updateLoginSource", n)

  454. 				return nil

  455. 			},

  456. 			getLoginSourceByID: func(id int64) (*models.LoginSource, error) {

  457. 				assert.FailNow(t, "case %d: should not call getLoginSourceByID", n)

  458. 				return nil, nil

  459. 			},

  460. 		}

  461. 

  462. 		// Create a copy of command to test

  463. 		app := cli.NewApp()

  464. 		app.Flags = cmdAuthAddLdapSimpleAuth.Flags

  465. 		app.Action = service.addLdapSimpleAuth

  466. 

  467. 		// Run it

  468. 		err := app.Run(c.args)

  469. 		if c.errMsg != "" {

  470. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  471. 		} else {

  472. 			assert.NoError(t, err, "case %d: should have no errors", n)

  473. 			assert.Equal(t, c.loginSource, createdLoginSource, "case %d: wrong loginSource", n)

  474. 		}

  475. 	}

  476. }

  477. 

  478. func TestUpdateLdapBindDn(t *testing.T) {

  479. 	// Mock cli functions to do not exit on error

  480. 	var osExiter = cli.OsExiter

  481. 	defer func() { cli.OsExiter = osExiter }()

  482. 	cli.OsExiter = func(code int) {}

  483. 

  484. 	// Test cases

  485. 	var cases = []struct {

  486. 		args                []string

  487. 		id                  int64

  488. 		existingLoginSource *models.LoginSource

  489. 		loginSource         *models.LoginSource

  490. 		errMsg              string

  491. 	}{

  492. 		// case 0

  493. 		{

  494. 			args: []string{

  495. 				"ldap-test",

  496. 				"--id", "23",

  497. 				"--name", "ldap (via Bind DN) source full",

  498. 				"--not-active",

  499. 				"--security-protocol", "LDAPS",

  500. 				"--skip-tls-verify",

  501. 				"--host", "ldap-bind-server full",

  502. 				"--port", "9876",

  503. 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",

  504. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  505. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  506. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  507. 				"--username-attribute", "uid-bind full",

  508. 				"--firstname-attribute", "givenName-bind full",

  509. 				"--surname-attribute", "sn-bind full",

  510. 				"--email-attribute", "mail-bind full",

  511. 				"--public-ssh-key-attribute", "publickey-bind full",

  512. 				"--bind-dn", "cn=readonly,dc=full-domain-bind,dc=org",

  513. 				"--bind-password", "secret-bind-full",

  514. 				"--synchronize-users",

  515. 				"--page-size", "99",

  516. 			},

  517. 			id: 23,

  518. 			existingLoginSource: &models.LoginSource{

  519. 				Type:      models.LoginLDAP,

  520. 				IsActived: true,

  521. 				Cfg: &models.LDAPConfig{

  522. 					Source: &ldap.Source{

  523. 						Enabled: true,

  524. 					},

  525. 				},

  526. 			},

  527. 			loginSource: &models.LoginSource{

  528. 				Type:          models.LoginLDAP,

  529. 				Name:          "ldap (via Bind DN) source full",

  530. 				IsActived:     false,

  531. 				IsSyncEnabled: true,

  532. 				Cfg: &models.LDAPConfig{

  533. 					Source: &ldap.Source{

  534. 						Name:                  "ldap (via Bind DN) source full",

  535. 						Host:                  "ldap-bind-server full",

  536. 						Port:                  9876,

  537. 						SecurityProtocol:      ldap.SecurityProtocol(1),

  538. 						SkipVerify:            true,

  539. 						BindDN:                "cn=readonly,dc=full-domain-bind,dc=org",

  540. 						BindPassword:          "secret-bind-full",

  541. 						UserBase:              "ou=Users,dc=full-domain-bind,dc=org",

  542. 						AttributeUsername:     "uid-bind full",

  543. 						AttributeName:         "givenName-bind full",

  544. 						AttributeSurname:      "sn-bind full",

  545. 						AttributeMail:         "mail-bind full",

  546. 						AttributesInBind:      false,

  547. 						AttributeSSHPublicKey: "publickey-bind full",

  548. 						SearchPageSize:        99,

  549. 						Filter:                "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",

  550. 						AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",

  551. 						RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",

  552. 						Enabled:               true,

  553. 					},

  554. 				},

  555. 			},

  556. 		},

  557. 		// case 1

  558. 		{

  559. 			args: []string{

  560. 				"ldap-test",

  561. 				"--id", "1",

  562. 			},

  563. 			loginSource: &models.LoginSource{

  564. 				Type: models.LoginLDAP,

  565. 				Cfg: &models.LDAPConfig{

  566. 					Source: &ldap.Source{},

  567. 				},

  568. 			},

  569. 		},

  570. 		// case 2

  571. 		{

  572. 			args: []string{

  573. 				"ldap-test",

  574. 				"--id", "1",

  575. 				"--name", "ldap (via Bind DN) source",

  576. 			},

  577. 			loginSource: &models.LoginSource{

  578. 				Type: models.LoginLDAP,

  579. 				Name: "ldap (via Bind DN) source",

  580. 				Cfg: &models.LDAPConfig{

  581. 					Source: &ldap.Source{

  582. 						Name: "ldap (via Bind DN) source",

  583. 					},

  584. 				},

  585. 			},

  586. 		},

  587. 		// case 3

  588. 		{

  589. 			args: []string{

  590. 				"ldap-test",

  591. 				"--id", "1",

  592. 				"--not-active",

  593. 			},

  594. 			existingLoginSource: &models.LoginSource{

  595. 				Type:      models.LoginLDAP,

  596. 				IsActived: true,

  597. 				Cfg: &models.LDAPConfig{

  598. 					Source: &ldap.Source{},

  599. 				},

  600. 			},

  601. 			loginSource: &models.LoginSource{

  602. 				Type:      models.LoginLDAP,

  603. 				IsActived: false,

  604. 				Cfg: &models.LDAPConfig{

  605. 					Source: &ldap.Source{},

  606. 				},

  607. 			},

  608. 		},

  609. 		// case 4

  610. 		{

  611. 			args: []string{

  612. 				"ldap-test",

  613. 				"--id", "1",

  614. 				"--security-protocol", "LDAPS",

  615. 			},

  616. 			loginSource: &models.LoginSource{

  617. 				Type: models.LoginLDAP,

  618. 				Cfg: &models.LDAPConfig{

  619. 					Source: &ldap.Source{

  620. 						SecurityProtocol: ldap.SecurityProtocol(1),

  621. 					},

  622. 				},

  623. 			},

  624. 		},

  625. 		// case 5

  626. 		{

  627. 			args: []string{

  628. 				"ldap-test",

  629. 				"--id", "1",

  630. 				"--skip-tls-verify",

  631. 			},

  632. 			loginSource: &models.LoginSource{

  633. 				Type: models.LoginLDAP,

  634. 				Cfg: &models.LDAPConfig{

  635. 					Source: &ldap.Source{

  636. 						SkipVerify: true,

  637. 					},

  638. 				},

  639. 			},

  640. 		},

  641. 		// case 6

  642. 		{

  643. 			args: []string{

  644. 				"ldap-test",

  645. 				"--id", "1",

  646. 				"--host", "ldap-server",

  647. 			},

  648. 			loginSource: &models.LoginSource{

  649. 				Type: models.LoginLDAP,

  650. 				Cfg: &models.LDAPConfig{

  651. 					Source: &ldap.Source{

  652. 						Host: "ldap-server",

  653. 					},

  654. 				},

  655. 			},

  656. 		},

  657. 		// case 7

  658. 		{

  659. 			args: []string{

  660. 				"ldap-test",

  661. 				"--id", "1",

  662. 				"--port", "389",

  663. 			},

  664. 			loginSource: &models.LoginSource{

  665. 				Type: models.LoginLDAP,

  666. 				Cfg: &models.LDAPConfig{

  667. 					Source: &ldap.Source{

  668. 						Port: 389,

  669. 					},

  670. 				},

  671. 			},

  672. 		},

  673. 		// case 8

  674. 		{

  675. 			args: []string{

  676. 				"ldap-test",

  677. 				"--id", "1",

  678. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  679. 			},

  680. 			loginSource: &models.LoginSource{

  681. 				Type: models.LoginLDAP,

  682. 				Cfg: &models.LDAPConfig{

  683. 					Source: &ldap.Source{

  684. 						UserBase: "ou=Users,dc=domain,dc=org",

  685. 					},

  686. 				},

  687. 			},

  688. 		},

  689. 		// case 9

  690. 		{

  691. 			args: []string{

  692. 				"ldap-test",

  693. 				"--id", "1",

  694. 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  695. 			},

  696. 			loginSource: &models.LoginSource{

  697. 				Type: models.LoginLDAP,

  698. 				Cfg: &models.LDAPConfig{

  699. 					Source: &ldap.Source{

  700. 						Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",

  701. 					},

  702. 				},

  703. 			},

  704. 		},

  705. 		// case 10

  706. 		{

  707. 			args: []string{

  708. 				"ldap-test",

  709. 				"--id", "1",

  710. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  711. 			},

  712. 			loginSource: &models.LoginSource{

  713. 				Type: models.LoginLDAP,

  714. 				Cfg: &models.LDAPConfig{

  715. 					Source: &ldap.Source{

  716. 						AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  717. 					},

  718. 				},

  719. 			},

  720. 		},

  721. 		// case 11

  722. 		{

  723. 			args: []string{

  724. 				"ldap-test",

  725. 				"--id", "1",

  726. 				"--username-attribute", "uid",

  727. 			},

  728. 			loginSource: &models.LoginSource{

  729. 				Type: models.LoginLDAP,

  730. 				Cfg: &models.LDAPConfig{

  731. 					Source: &ldap.Source{

  732. 						AttributeUsername: "uid",

  733. 					},

  734. 				},

  735. 			},

  736. 		},

  737. 		// case 12

  738. 		{

  739. 			args: []string{

  740. 				"ldap-test",

  741. 				"--id", "1",

  742. 				"--firstname-attribute", "givenName",

  743. 			},

  744. 			loginSource: &models.LoginSource{

  745. 				Type: models.LoginLDAP,

  746. 				Cfg: &models.LDAPConfig{

  747. 					Source: &ldap.Source{

  748. 						AttributeName: "givenName",

  749. 					},

  750. 				},

  751. 			},

  752. 		},

  753. 		// case 13

  754. 		{

  755. 			args: []string{

  756. 				"ldap-test",

  757. 				"--id", "1",

  758. 				"--surname-attribute", "sn",

  759. 			},

  760. 			loginSource: &models.LoginSource{

  761. 				Type: models.LoginLDAP,

  762. 				Cfg: &models.LDAPConfig{

  763. 					Source: &ldap.Source{

  764. 						AttributeSurname: "sn",

  765. 					},

  766. 				},

  767. 			},

  768. 		},

  769. 		// case 14

  770. 		{

  771. 			args: []string{

  772. 				"ldap-test",

  773. 				"--id", "1",

  774. 				"--email-attribute", "mail",

  775. 			},

  776. 			loginSource: &models.LoginSource{

  777. 				Type: models.LoginLDAP,

  778. 				Cfg: &models.LDAPConfig{

  779. 					Source: &ldap.Source{

  780. 						AttributeMail: "mail",

  781. 					},

  782. 				},

  783. 			},

  784. 		},

  785. 		// case 15

  786. 		{

  787. 			args: []string{

  788. 				"ldap-test",

  789. 				"--id", "1",

  790. 				"--attributes-in-bind",

  791. 			},

  792. 			loginSource: &models.LoginSource{

  793. 				Type: models.LoginLDAP,

  794. 				Cfg: &models.LDAPConfig{

  795. 					Source: &ldap.Source{

  796. 						AttributesInBind: true,

  797. 					},

  798. 				},

  799. 			},

  800. 		},

  801. 		// case 16

  802. 		{

  803. 			args: []string{

  804. 				"ldap-test",

  805. 				"--id", "1",

  806. 				"--public-ssh-key-attribute", "publickey",

  807. 			},

  808. 			loginSource: &models.LoginSource{

  809. 				Type: models.LoginLDAP,

  810. 				Cfg: &models.LDAPConfig{

  811. 					Source: &ldap.Source{

  812. 						AttributeSSHPublicKey: "publickey",

  813. 					},

  814. 				},

  815. 			},

  816. 		},

  817. 		// case 17

  818. 		{

  819. 			args: []string{

  820. 				"ldap-test",

  821. 				"--id", "1",

  822. 				"--bind-dn", "cn=readonly,dc=domain,dc=org",

  823. 			},

  824. 			loginSource: &models.LoginSource{

  825. 				Type: models.LoginLDAP,

  826. 				Cfg: &models.LDAPConfig{

  827. 					Source: &ldap.Source{

  828. 						BindDN: "cn=readonly,dc=domain,dc=org",

  829. 					},

  830. 				},

  831. 			},

  832. 		},

  833. 		// case 18

  834. 		{

  835. 			args: []string{

  836. 				"ldap-test",

  837. 				"--id", "1",

  838. 				"--bind-password", "secret",

  839. 			},

  840. 			loginSource: &models.LoginSource{

  841. 				Type: models.LoginLDAP,

  842. 				Cfg: &models.LDAPConfig{

  843. 					Source: &ldap.Source{

  844. 						BindPassword: "secret",

  845. 					},

  846. 				},

  847. 			},

  848. 		},

  849. 		// case 19

  850. 		{

  851. 			args: []string{

  852. 				"ldap-test",

  853. 				"--id", "1",

  854. 				"--synchronize-users",

  855. 			},

  856. 			loginSource: &models.LoginSource{

  857. 				Type:          models.LoginLDAP,

  858. 				IsSyncEnabled: true,

  859. 				Cfg: &models.LDAPConfig{

  860. 					Source: &ldap.Source{},

  861. 				},

  862. 			},

  863. 		},

  864. 		// case 20

  865. 		{

  866. 			args: []string{

  867. 				"ldap-test",

  868. 				"--id", "1",

  869. 				"--page-size", "12",

  870. 			},

  871. 			loginSource: &models.LoginSource{

  872. 				Type: models.LoginLDAP,

  873. 				Cfg: &models.LDAPConfig{

  874. 					Source: &ldap.Source{

  875. 						SearchPageSize: 12,

  876. 					},

  877. 				},

  878. 			},

  879. 		},

  880. 		// case 21

  881. 		{

  882. 			args: []string{

  883. 				"ldap-test",

  884. 				"--id", "1",

  885. 				"--security-protocol", "xxxxx",

  886. 			},

  887. 			errMsg: "Unknown security protocol name: xxxxx",

  888. 		},

  889. 		// case 22

  890. 		{

  891. 			args: []string{

  892. 				"ldap-test",

  893. 			},

  894. 			errMsg: "id is not set",

  895. 		},

  896. 		// case 23

  897. 		{

  898. 			args: []string{

  899. 				"ldap-test",

  900. 				"--id", "1",

  901. 			},

  902. 			existingLoginSource: &models.LoginSource{

  903. 				Type: models.LoginOAuth2,

  904. 				Cfg: &models.LDAPConfig{

  905. 					Source: &ldap.Source{},

  906. 				},

  907. 			},

  908. 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",

  909. 		},

  910. 	}

  911. 

  912. 	for n, c := range cases {

  913. 		// Mock functions.

  914. 		var updatedLoginSource *models.LoginSource

  915. 		service := &authService{

  916. 			initDB: func() error {

  917. 				return nil

  918. 			},

  919. 			createLoginSource: func(loginSource *models.LoginSource) error {

  920. 				assert.FailNow(t, "case %d: should not call createLoginSource", n)

  921. 				return nil

  922. 			},

  923. 			updateLoginSource: func(loginSource *models.LoginSource) error {

  924. 				updatedLoginSource = loginSource

  925. 				return nil

  926. 			},

  927. 			getLoginSourceByID: func(id int64) (*models.LoginSource, error) {

  928. 				if c.id != 0 {

  929. 					assert.Equal(t, c.id, id, "case %d: wrong id", n)

  930. 				}

  931. 				if c.existingLoginSource != nil {

  932. 					return c.existingLoginSource, nil

  933. 				}

  934. 				return &models.LoginSource{

  935. 					Type: models.LoginLDAP,

  936. 					Cfg: &models.LDAPConfig{

  937. 						Source: &ldap.Source{},

  938. 					},

  939. 				}, nil

  940. 			},

  941. 		}

  942. 

  943. 		// Create a copy of command to test

  944. 		app := cli.NewApp()

  945. 		app.Flags = cmdAuthUpdateLdapBindDn.Flags

  946. 		app.Action = service.updateLdapBindDn

  947. 

  948. 		// Run it

  949. 		err := app.Run(c.args)

  950. 		if c.errMsg != "" {

  951. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  952. 		} else {

  953. 			assert.NoError(t, err, "case %d: should have no errors", n)

  954. 			assert.Equal(t, c.loginSource, updatedLoginSource, "case %d: wrong loginSource", n)

  955. 		}

  956. 	}

  957. }

  958. 

  959. func TestUpdateLdapSimpleAuth(t *testing.T) {

  960. 	// Mock cli functions to do not exit on error

  961. 	var osExiter = cli.OsExiter

  962. 	defer func() { cli.OsExiter = osExiter }()

  963. 	cli.OsExiter = func(code int) {}

  964. 

  965. 	// Test cases

  966. 	var cases = []struct {

  967. 		args                []string

  968. 		id                  int64

  969. 		existingLoginSource *models.LoginSource

  970. 		loginSource         *models.LoginSource

  971. 		errMsg              string

  972. 	}{

  973. 		// case 0

  974. 		{

  975. 			args: []string{

  976. 				"ldap-test",

  977. 				"--id", "7",

  978. 				"--name", "ldap (simple auth) source full",

  979. 				"--not-active",

  980. 				"--security-protocol", "starttls",

  981. 				"--skip-tls-verify",

  982. 				"--host", "ldap-simple-server full",

  983. 				"--port", "987",

  984. 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",

  985. 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  986. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  987. 				"--restricted-filter", "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  988. 				"--username-attribute", "uid-simple full",

  989. 				"--firstname-attribute", "givenName-simple full",

  990. 				"--surname-attribute", "sn-simple full",

  991. 				"--email-attribute", "mail-simple full",

  992. 				"--public-ssh-key-attribute", "publickey-simple full",

  993. 				"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  994. 			},

  995. 			id: 7,

  996. 			loginSource: &models.LoginSource{

  997. 				Type:      models.LoginDLDAP,

  998. 				Name:      "ldap (simple auth) source full",

  999. 				IsActived: false,

  1000. 				Cfg: &models.LDAPConfig{

  1001. 					Source: &ldap.Source{

  1002. 						Name:                  "ldap (simple auth) source full",

  1003. 						Host:                  "ldap-simple-server full",

  1004. 						Port:                  987,

  1005. 						SecurityProtocol:      ldap.SecurityProtocol(2),

  1006. 						SkipVerify:            true,

  1007. 						UserDN:                "cn=%s,ou=Users,dc=full-domain-simple,dc=org",

  1008. 						UserBase:              "ou=Users,dc=full-domain-simple,dc=org",

  1009. 						AttributeUsername:     "uid-simple full",

  1010. 						AttributeName:         "givenName-simple full",

  1011. 						AttributeSurname:      "sn-simple full",

  1012. 						AttributeMail:         "mail-simple full",

  1013. 						AttributeSSHPublicKey: "publickey-simple full",

  1014. 						Filter:                "(&(objectClass=posixAccount)(full-simple-cn=%s))",

  1015. 						AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-simple,dc=org)",

  1016. 						RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-simple,dc=org)",

  1017. 					},

  1018. 				},

  1019. 			},

  1020. 		},

  1021. 		// case 1

  1022. 		{

  1023. 			args: []string{

  1024. 				"ldap-test",

  1025. 				"--id", "1",

  1026. 			},

  1027. 			loginSource: &models.LoginSource{

  1028. 				Type: models.LoginDLDAP,

  1029. 				Cfg: &models.LDAPConfig{

  1030. 					Source: &ldap.Source{},

  1031. 				},

  1032. 			},

  1033. 		},

  1034. 		// case 2

  1035. 		{

  1036. 			args: []string{

  1037. 				"ldap-test",

  1038. 				"--id", "1",

  1039. 				"--name", "ldap (simple auth) source",

  1040. 			},

  1041. 			loginSource: &models.LoginSource{

  1042. 				Type: models.LoginDLDAP,

  1043. 				Name: "ldap (simple auth) source",

  1044. 				Cfg: &models.LDAPConfig{

  1045. 					Source: &ldap.Source{

  1046. 						Name: "ldap (simple auth) source",

  1047. 					},

  1048. 				},

  1049. 			},

  1050. 		},

  1051. 		// case 3

  1052. 		{

  1053. 			args: []string{

  1054. 				"ldap-test",

  1055. 				"--id", "1",

  1056. 				"--not-active",

  1057. 			},

  1058. 			existingLoginSource: &models.LoginSource{

  1059. 				Type:      models.LoginDLDAP,

  1060. 				IsActived: true,

  1061. 				Cfg: &models.LDAPConfig{

  1062. 					Source: &ldap.Source{},

  1063. 				},

  1064. 			},

  1065. 			loginSource: &models.LoginSource{

  1066. 				Type:      models.LoginDLDAP,

  1067. 				IsActived: false,

  1068. 				Cfg: &models.LDAPConfig{

  1069. 					Source: &ldap.Source{},

  1070. 				},

  1071. 			},

  1072. 		},

  1073. 		// case 4

  1074. 		{

  1075. 			args: []string{

  1076. 				"ldap-test",

  1077. 				"--id", "1",

  1078. 				"--security-protocol", "starttls",

  1079. 			},

  1080. 			loginSource: &models.LoginSource{

  1081. 				Type: models.LoginDLDAP,

  1082. 				Cfg: &models.LDAPConfig{

  1083. 					Source: &ldap.Source{

  1084. 						SecurityProtocol: ldap.SecurityProtocol(2),

  1085. 					},

  1086. 				},

  1087. 			},

  1088. 		},

  1089. 		// case 5

  1090. 		{

  1091. 			args: []string{

  1092. 				"ldap-test",

  1093. 				"--id", "1",

  1094. 				"--skip-tls-verify",

  1095. 			},

  1096. 			loginSource: &models.LoginSource{

  1097. 				Type: models.LoginDLDAP,

  1098. 				Cfg: &models.LDAPConfig{

  1099. 					Source: &ldap.Source{

  1100. 						SkipVerify: true,

  1101. 					},

  1102. 				},

  1103. 			},

  1104. 		},

  1105. 		// case 6

  1106. 		{

  1107. 			args: []string{

  1108. 				"ldap-test",

  1109. 				"--id", "1",

  1110. 				"--host", "ldap-server",

  1111. 			},

  1112. 			loginSource: &models.LoginSource{

  1113. 				Type: models.LoginDLDAP,

  1114. 				Cfg: &models.LDAPConfig{

  1115. 					Source: &ldap.Source{

  1116. 						Host: "ldap-server",

  1117. 					},

  1118. 				},

  1119. 			},

  1120. 		},

  1121. 		// case 7

  1122. 		{

  1123. 			args: []string{

  1124. 				"ldap-test",

  1125. 				"--id", "1",

  1126. 				"--port", "987",

  1127. 			},

  1128. 			loginSource: &models.LoginSource{

  1129. 				Type: models.LoginDLDAP,

  1130. 				Cfg: &models.LDAPConfig{

  1131. 					Source: &ldap.Source{

  1132. 						Port: 987,

  1133. 					},

  1134. 				},

  1135. 			},

  1136. 		},

  1137. 		// case 8

  1138. 		{

  1139. 			args: []string{

  1140. 				"ldap-test",

  1141. 				"--id", "1",

  1142. 				"--user-search-base", "ou=Users,dc=domain,dc=org",

  1143. 			},

  1144. 			loginSource: &models.LoginSource{

  1145. 				Type: models.LoginDLDAP,

  1146. 				Cfg: &models.LDAPConfig{

  1147. 					Source: &ldap.Source{

  1148. 						UserBase: "ou=Users,dc=domain,dc=org",

  1149. 					},

  1150. 				},

  1151. 			},

  1152. 		},

  1153. 		// case 9

  1154. 		{

  1155. 			args: []string{

  1156. 				"ldap-test",

  1157. 				"--id", "1",

  1158. 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",

  1159. 			},

  1160. 			loginSource: &models.LoginSource{

  1161. 				Type: models.LoginDLDAP,

  1162. 				Cfg: &models.LDAPConfig{

  1163. 					Source: &ldap.Source{

  1164. 						Filter: "(&(objectClass=posixAccount)(cn=%s))",

  1165. 					},

  1166. 				},

  1167. 			},

  1168. 		},

  1169. 		// case 10

  1170. 		{

  1171. 			args: []string{

  1172. 				"ldap-test",

  1173. 				"--id", "1",

  1174. 				"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  1175. 			},

  1176. 			loginSource: &models.LoginSource{

  1177. 				Type: models.LoginDLDAP,

  1178. 				Cfg: &models.LDAPConfig{

  1179. 					Source: &ldap.Source{

  1180. 						AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",

  1181. 					},

  1182. 				},

  1183. 			},

  1184. 		},

  1185. 		// case 11

  1186. 		{

  1187. 			args: []string{

  1188. 				"ldap-test",

  1189. 				"--id", "1",

  1190. 				"--username-attribute", "uid",

  1191. 			},

  1192. 			loginSource: &models.LoginSource{

  1193. 				Type: models.LoginDLDAP,

  1194. 				Cfg: &models.LDAPConfig{

  1195. 					Source: &ldap.Source{

  1196. 						AttributeUsername: "uid",

  1197. 					},

  1198. 				},

  1199. 			},

  1200. 		},

  1201. 		// case 12

  1202. 		{

  1203. 			args: []string{

  1204. 				"ldap-test",

  1205. 				"--id", "1",

  1206. 				"--firstname-attribute", "givenName",

  1207. 			},

  1208. 			loginSource: &models.LoginSource{

  1209. 				Type: models.LoginDLDAP,

  1210. 				Cfg: &models.LDAPConfig{

  1211. 					Source: &ldap.Source{

  1212. 						AttributeName: "givenName",

  1213. 					},

  1214. 				},

  1215. 			},

  1216. 		},

  1217. 		// case 13

  1218. 		{

  1219. 			args: []string{

  1220. 				"ldap-test",

  1221. 				"--id", "1",

  1222. 				"--surname-attribute", "sn",

  1223. 			},

  1224. 			loginSource: &models.LoginSource{

  1225. 				Type: models.LoginDLDAP,

  1226. 				Cfg: &models.LDAPConfig{

  1227. 					Source: &ldap.Source{

  1228. 						AttributeSurname: "sn",

  1229. 					},

  1230. 				},

  1231. 			},

  1232. 		},

  1233. 		// case 14

  1234. 		{

  1235. 			args: []string{

  1236. 				"ldap-test",

  1237. 				"--id", "1",

  1238. 				"--email-attribute", "mail",

  1239. 			},

  1240. 			loginSource: &models.LoginSource{

  1241. 				Type: models.LoginDLDAP,

  1242. 				Cfg: &models.LDAPConfig{

  1243. 					Source: &ldap.Source{

  1244. 						AttributeMail: "mail",

  1245. 					},

  1246. 				},

  1247. 			},

  1248. 		},

  1249. 		// case 15

  1250. 		{

  1251. 			args: []string{

  1252. 				"ldap-test",

  1253. 				"--id", "1",

  1254. 				"--public-ssh-key-attribute", "publickey",

  1255. 			},

  1256. 			loginSource: &models.LoginSource{

  1257. 				Type: models.LoginDLDAP,

  1258. 				Cfg: &models.LDAPConfig{

  1259. 					Source: &ldap.Source{

  1260. 						AttributeSSHPublicKey: "publickey",

  1261. 					},

  1262. 				},

  1263. 			},

  1264. 		},

  1265. 		// case 16

  1266. 		{

  1267. 			args: []string{

  1268. 				"ldap-test",

  1269. 				"--id", "1",

  1270. 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",

  1271. 			},

  1272. 			loginSource: &models.LoginSource{

  1273. 				Type: models.LoginDLDAP,

  1274. 				Cfg: &models.LDAPConfig{

  1275. 					Source: &ldap.Source{

  1276. 						UserDN: "cn=%s,ou=Users,dc=domain,dc=org",

  1277. 					},

  1278. 				},

  1279. 			},

  1280. 		},

  1281. 		// case 17

  1282. 		{

  1283. 			args: []string{

  1284. 				"ldap-test",

  1285. 				"--id", "1",

  1286. 				"--security-protocol", "xxxxx",

  1287. 			},

  1288. 			errMsg: "Unknown security protocol name: xxxxx",

  1289. 		},

  1290. 		// case 18

  1291. 		{

  1292. 			args: []string{

  1293. 				"ldap-test",

  1294. 			},

  1295. 			errMsg: "id is not set",

  1296. 		},

  1297. 		// case 19

  1298. 		{

  1299. 			args: []string{

  1300. 				"ldap-test",

  1301. 				"--id", "1",

  1302. 			},

  1303. 			existingLoginSource: &models.LoginSource{

  1304. 				Type: models.LoginPAM,

  1305. 				Cfg: &models.LDAPConfig{

  1306. 					Source: &ldap.Source{},

  1307. 				},

  1308. 			},

  1309. 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",

  1310. 		},

  1311. 	}

  1312. 

  1313. 	for n, c := range cases {

  1314. 		// Mock functions.

  1315. 		var updatedLoginSource *models.LoginSource

  1316. 		service := &authService{

  1317. 			initDB: func() error {

  1318. 				return nil

  1319. 			},

  1320. 			createLoginSource: func(loginSource *models.LoginSource) error {

  1321. 				assert.FailNow(t, "case %d: should not call createLoginSource", n)

  1322. 				return nil

  1323. 			},

  1324. 			updateLoginSource: func(loginSource *models.LoginSource) error {

  1325. 				updatedLoginSource = loginSource

  1326. 				return nil

  1327. 			},

  1328. 			getLoginSourceByID: func(id int64) (*models.LoginSource, error) {

  1329. 				if c.id != 0 {

  1330. 					assert.Equal(t, c.id, id, "case %d: wrong id", n)

  1331. 				}

  1332. 				if c.existingLoginSource != nil {

  1333. 					return c.existingLoginSource, nil

  1334. 				}

  1335. 				return &models.LoginSource{

  1336. 					Type: models.LoginDLDAP,

  1337. 					Cfg: &models.LDAPConfig{

  1338. 						Source: &ldap.Source{},

  1339. 					},

  1340. 				}, nil

  1341. 			},

  1342. 		}

  1343. 

  1344. 		// Create a copy of command to test

  1345. 		app := cli.NewApp()

  1346. 		app.Flags = cmdAuthUpdateLdapSimpleAuth.Flags

  1347. 		app.Action = service.updateLdapSimpleAuth

  1348. 

  1349. 		// Run it

  1350. 		err := app.Run(c.args)

  1351. 		if c.errMsg != "" {

  1352. 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)

  1353. 		} else {

  1354. 			assert.NoError(t, err, "case %d: should have no errors", n)

  1355. 			assert.Equal(t, c.loginSource, updatedLoginSource, "case %d: wrong loginSource", n)

  1356. 		}

  1357. 	}

  1358. }