def test_sync_users_ad(self):
"""Test user sync"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")))
self.source.save()
connection = PropertyMock(
return_value=mock_ad_connection(LDAP_PASSWORD))
# Create the user beforehand so we can set attributes and check they aren't removed
user = User.objects.create(
username="******",
attributes={
"ldap_uniq":
("S-117-6648368-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-"
"0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-"
"0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-"
"0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0"),
"foo":
"bar",
},
)
with patch("authentik.sources.ldap.models.LDAPSource.connection",
connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
user = User.objects.filter(username="******").first()
self.assertEqual(user.attributes["foo"], "bar")
self.assertFalse(user.is_active)
self.assertFalse(User.objects.filter(username="******").exists())
def test_auth_synced_user_ad(self):
"""Test Cached auth"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default Active Directory Mapping")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
user = User.objects.get(username="******")
auth_user_by_bind = Mock(return_value=user)
with patch(
"authentik.sources.ldap.auth.LDAPBackend.auth_user_by_bind",
auth_user_by_bind,
):
backend = LDAPBackend()
self.assertEqual(
backend.authenticate(None, username="******", password=LDAP_PASSWORD),
user,
)
def test_sync_error(self):
"""Test user sync"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")))
mapping = LDAPPropertyMapping.objects.create(
name="name",
object_field="name",
expression="q",
)
self.source.property_mappings.set([mapping])
self.source.save()
connection = PropertyMock(
return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection",
connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
self.assertFalse(User.objects.filter(username="******").exists())
self.assertFalse(User.objects.filter(username="******").exists())
events = Event.objects.filter(
action=EventAction.CONFIGURATION_ERROR,
context__message=
"Failed to evaluate property-mapping: name 'q' is not defined",
)
self.assertTrue(events.exists())
def test_tasks_ad(self):
"""Test Scheduled tasks"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")))
self.source.save()
connection = PropertyMock(
return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection",
connection):
ldap_sync_all.delay().get()
def test_sync_users_ad(self):
"""Test user sync"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
self.assertTrue(User.objects.filter(username="******").exists())
self.assertFalse(User.objects.filter(username="******").exists())
def test_sync_groups_ad(self):
"""Test group sync"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")))
self.source.property_mappings_group.set(
LDAPPropertyMapping.objects.filter(
managed="goauthentik.io/sources/ldap/default-name"))
connection = PropertyMock(
return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection",
connection):
self.source.save()
group_sync = GroupLDAPSynchronizer(self.source)
group_sync.sync()
membership_sync = MembershipLDAPSynchronizer(self.source)
membership_sync.sync()
group = Group.objects.filter(name="test-group")
self.assertTrue(group.exists())
"""LDAP Source tests"""
from unittest.mock import PropertyMock, patch
from django.test import TestCase
from authentik.core.models import User
from authentik.providers.oauth2.generators import generate_client_secret
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
from authentik.sources.ldap.password import LDAPPasswordChanger
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
LDAP_PASSWORD = generate_client_secret()
LDAP_CONNECTION_PATCH = PropertyMock(
return_value=mock_ad_connection(LDAP_PASSWORD))
class LDAPPasswordTests(TestCase):
"""LDAP Password tests"""
def setUp(self):
self.source = LDAPSource.objects.create(
name="ldap",
slug="ldap",
base_dn="dc=goauthentik,dc=io",
additional_user_dn="ou=users",
additional_group_dn="ou=groups",
)
self.source.property_mappings.set(LDAPPropertyMapping.objects.all())
self.source.save()
@patch("authentik.sources.ldap.models.LDAPSource.connection",
LDAP_CONNECTION_PATCH)