mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 201 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13897 Commits
33 Branches
Tree: daa7d2ba18
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'daa7d2ba18'
${ noResults }
redmine/test/unit/auth_source_ldap_test.rb

auth_source_ldap_test.rb 8.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272 
  1. # Redmine - project management software

  2. # Copyright (C) 2006-2017  Jean-Philippe Lang

  3. #

  4. # This program is free software; you can redistribute it and/or

  5. # modify it under the terms of the GNU General Public License

  6. # as published by the Free Software Foundation; either version 2

  7. # of the License, or (at your option) any later version.

  8. #

  9. # This program is distributed in the hope that it will be useful,

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. # GNU General Public License for more details.

  13. #

  14. # You should have received a copy of the GNU General Public License

  15. # along with this program; if not, write to the Free Software

  16. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  17. 

  18. require File.expand_path('../../test_helper', __FILE__)

  19. 

  20. class AuthSourceLdapTest < ActiveSupport::TestCase

  21.   include Redmine::I18n

  22.   fixtures :auth_sources

  23. 

  24.   def setup

  25.   end

  26. 

  27.   def test_initialize

  28.     auth_source = AuthSourceLdap.new

  29.     assert_nil auth_source.id

  30.     assert_equal "AuthSourceLdap", auth_source.type

  31.     assert_equal "", auth_source.name

  32.     assert_nil auth_source.host

  33.     assert_nil auth_source.port

  34.     assert_nil auth_source.account

  35.     assert_equal "", auth_source.account_password

  36.     assert_nil auth_source.base_dn

  37.     assert_nil auth_source.attr_login

  38.     assert_nil auth_source.attr_firstname

  39.     assert_nil auth_source.attr_lastname

  40.     assert_nil auth_source.attr_mail

  41.     assert_equal false, auth_source.onthefly_register

  42.     assert_equal false, auth_source.tls

  43.     assert_equal true, auth_source.verify_peer

  44.     assert_equal :ldap, auth_source.ldap_mode

  45.     assert_nil auth_source.filter

  46.     assert_nil auth_source.timeout

  47.   end

  48. 

  49.   def test_create

  50.     a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :base_dn => 'dc=example,dc=net', :attr_login => 'sAMAccountName')

  51.     assert a.save

  52.   end

  53. 

  54.   def test_should_strip_ldap_attributes

  55.     a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :base_dn => 'dc=example,dc=net', :attr_login => 'sAMAccountName',

  56.                            :attr_firstname => 'givenName ')

  57.     assert a.save

  58.     assert_equal 'givenName', a.reload.attr_firstname

  59.   end

  60. 

  61.   def test_replace_port_zero_to_389

  62.     a = AuthSourceLdap.new(

  63.            :name => 'My LDAP', :host => 'ldap.example.net', :port => 0,

  64.            :base_dn => 'dc=example,dc=net', :attr_login => 'sAMAccountName',

  65.            :attr_firstname => 'givenName ')

  66.     assert a.save

  67.     assert_equal 389, a.port

  68.   end

  69. 

  70.   def test_filter_should_be_validated

  71.     set_language_if_valid 'en'

  72. 

  73.     a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :attr_login => 'sn')

  74.     a.filter = "(mail=*@redmine.org"

  75.     assert !a.valid?

  76.     assert_include "LDAP filter is invalid", a.errors.full_messages

  77. 

  78.     a.filter = "(mail=*@redmine.org)"

  79.     assert a.valid?

  80.   end

  81. 

  82.   test 'ldap_mode setter sets tls and verify_peer' do

  83.     a = AuthSourceLdap.new

  84. 

  85.     a.ldap_mode = 'ldaps_verify_peer'

  86.     assert a.tls

  87.     assert a.verify_peer

  88. 

  89.     a.ldap_mode = 'ldaps_verify_none'

  90.     assert a.tls

  91.     assert !a.verify_peer

  92. 

  93.     a.ldap_mode = 'ldap'

  94.     assert !a.tls

  95.     assert !a.verify_peer

  96.   end

  97. 

  98.   test 'ldap_mode getter reads from tls and verify_peer' do

  99.     a = AuthSourceLdap.new

  100. 

  101.     a.tls = true

  102.     a.verify_peer = true

  103.     assert_equal :ldaps_verify_peer, a.ldap_mode

  104. 

  105.     a.tls = true

  106.     a.verify_peer = false

  107.     assert_equal :ldaps_verify_none, a.ldap_mode

  108. 

  109.     a.tls = false

  110.     a.verify_peer = false

  111.     assert_equal :ldap, a.ldap_mode

  112. 

  113.     a.tls = false

  114.     a.verify_peer = true

  115.     assert_equal :ldap, a.ldap_mode

  116.   end

  117. 

  118.   if ldap_configured?

  119.     test '#authenticate with a valid LDAP user should return the user attributes' do

  120.       auth = AuthSourceLdap.find(1)

  121.       auth.update_attribute :onthefly_register, true

  122. 

  123.       attributes =  auth.authenticate('example1','123456')

  124.       assert attributes.is_a?(Hash), "An hash was not returned"

  125.       assert_equal 'Example', attributes[:firstname]

  126.       assert_equal 'One', attributes[:lastname]

  127.       assert_equal 'example1@redmine.org', attributes[:mail]

  128.       assert_equal auth.id, attributes[:auth_source_id]

  129.       attributes.keys.each do |attribute|

  130.         assert User.new.respond_to?("#{attribute}="), "Unexpected :#{attribute} attribute returned"

  131.       end

  132.     end

  133. 

  134.     test '#authenticate with an invalid LDAP user should return nil' do

  135.       auth = AuthSourceLdap.find(1)

  136.       assert_nil auth.authenticate('nouser','123456')

  137.     end

  138. 

  139.     test '#authenticate without a login should return nil' do

  140.       auth = AuthSourceLdap.find(1)

  141.       assert_nil auth.authenticate('','123456')

  142.     end

  143. 

  144.     test '#authenticate without a password should return nil' do

  145.       auth = AuthSourceLdap.find(1)

  146.       assert_nil auth.authenticate('edavis','')

  147.     end

  148. 

  149.     test '#authenticate without filter should return any user' do

  150.       auth = AuthSourceLdap.find(1)

  151.       assert auth.authenticate('example1','123456')

  152.       assert auth.authenticate('edavis', '123456')

  153.     end

  154. 

  155.     test '#authenticate with filter should return user who matches the filter only' do

  156.       auth = AuthSourceLdap.find(1)

  157.       auth.filter = "(mail=*@redmine.org)"

  158. 

  159.       assert auth.authenticate('example1','123456')

  160.       assert_nil auth.authenticate('edavis', '123456')

  161.     end

  162. 

  163.     def test_authenticate_should_timeout

  164.       auth_source = AuthSourceLdap.find(1)

  165.       auth_source.timeout = 1

  166.       def auth_source.initialize_ldap_con(*args); sleep(5); end

  167. 

  168.       assert_raise AuthSourceTimeoutException do

  169.         auth_source.authenticate 'example1', '123456'

  170.       end

  171.     end

  172. 

  173.     def test_search_should_return_matching_entries

  174.       results = AuthSource.search("exa")

  175.       assert_equal 1, results.size

  176.       result = results.first

  177.       assert_kind_of Hash, result

  178.       assert_equal "example1", result[:login]

  179.       assert_equal "Example", result[:firstname]

  180.       assert_equal "One", result[:lastname]

  181.       assert_equal "example1@redmine.org", result[:mail]

  182.       assert_equal 1, result[:auth_source_id]

  183.     end

  184. 

  185.     def test_search_with_no_match_should_return_an_empty_array

  186.       results = AuthSource.search("wro")

  187.       assert_equal [], results

  188.     end

  189. 

  190.     def test_search_with_exception_should_return_an_empty_array

  191.       Net::LDAP.stubs(:new).raises(Net::LDAP::Error, 'Cannot connect')

  192. 

  193.       results = AuthSource.search("exa")

  194.       assert_equal [], results

  195.     end

  196. 

  197.     def test_test_connection_with_correct_host_and_port

  198.       auth_source = AuthSourceLdap.find(1)

  199. 

  200.       assert_nothing_raised do

  201.         auth_source.test_connection

  202.       end

  203.     end

  204. 

  205.     def test_test_connection_with_incorrect_host

  206.       auth_source = AuthSourceLdap.find(1)

  207.       auth_source.host = "badhost"

  208.       auth_source.save!

  209. 

  210.       assert_raise AuthSourceException do

  211.         auth_source.test_connection

  212.       end

  213.     end

  214. 

  215.     def test_test_connection_with_incorrect_port

  216.       auth_source = AuthSourceLdap.find(1)

  217.       auth_source.port = 1234

  218.       auth_source.save!

  219. 

  220.       assert_raise AuthSourceException do

  221.         auth_source.test_connection

  222.       end

  223.     end

  224. 

  225.     def test_test_connection_bind_with_account_and_password

  226.       auth_source = AuthSourceLdap.find(1)

  227.       auth_source.account = "cn=admin,dc=redmine,dc=org"

  228.       auth_source.account_password = "secret"

  229.       auth_source.save!

  230. 

  231.       assert_equal "cn=admin,dc=redmine,dc=org", auth_source.account

  232.       assert_equal "secret", auth_source.account_password

  233.       assert_nil auth_source.test_connection

  234.     end

  235. 

  236.     def test_test_connection_bind_without_account_and_password

  237.       auth_source = AuthSourceLdap.find(1)

  238. 

  239.       assert_nil auth_source.account

  240.       assert_equal "", auth_source.account_password

  241.       assert_nil auth_source.test_connection

  242.     end

  243. 

  244.     def test_test_connection_bind_with_incorrect_account

  245.       auth_source = AuthSourceLdap.find(1)

  246.       auth_source.account = "cn=baduser,dc=redmine,dc=org"

  247.       auth_source.account_password = "secret"

  248.       auth_source.save!

  249. 

  250.       assert_equal "cn=baduser,dc=redmine,dc=org", auth_source.account

  251.       assert_equal "secret", auth_source.account_password

  252.       assert_raise AuthSourceException do

  253.         auth_source.test_connection

  254.       end

  255.     end

  256. 

  257.     def test_test_connection_bind_with_incorrect_password

  258.       auth_source = AuthSourceLdap.find(1)

  259.       auth_source.account = "cn=admin,dc=redmine,dc=org"

  260.       auth_source.account_password = "badpassword"

  261.       auth_source.save!

  262. 

  263.       assert_equal "cn=admin,dc=redmine,dc=org", auth_source.account

  264.       assert_equal "badpassword", auth_source.account_password

  265.       assert_raise AuthSourceException do

  266.         auth_source.test_connection

  267.       end

  268.     end

  269.   else

  270.     puts '(Test LDAP server not configured)'

  271.   end

  272. end