def test_login_empty_userdn(self): with mock_ldap(): base_dn = ['ou=employees', 'dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = [] uid_attr = 'uid' email_attr = 'mail' secondary_user_rdns = ['ou=otheremployees'] ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns) # Verify we can login. (response, _) = ldap.verify_and_link_user('someuser', 'somepass') self.assertEquals(response.username, 'someuser') # Verify we can confirm the user. (response, _) = ldap.confirm_existing_user('someuser', 'somepass') self.assertEquals(response.username, 'someuser')
def test_login_empty_userdn(self): with mock_ldap(): base_dn = ["ou=employees", "dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "password" user_rdn = [] uid_attr = "uid" email_attr = "mail" secondary_user_rdns = ["ou=otheremployees"] ldap = LDAPUsers( "ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns, ) # Verify we can login. (response, _) = ldap.verify_and_link_user("someuser", "somepass") self.assertEquals(response.username, "someuser") # Verify we can confirm the user. (response, _) = ldap.confirm_existing_user("someuser", "somepass") self.assertEquals(response.username, "someuser")
def test_at_least_one_user_exists_no_users(self): base_dn = ["dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "password" user_rdn = ["ou=nonexistent"] uid_attr = "uid" email_attr = "mail" with mock_ldap(): ldap = LDAPUsers("ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Try to find users in a nonexistent group. (response, err_msg) = ldap.at_least_one_user_exists() self.assertFalse(response) assert err_msg is not None
def test_at_least_one_user_exists_invalid_creds(self): base_dn = ["dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "INVALIDPASSWORD" user_rdn = ["ou=employees"] uid_attr = "uid" email_attr = "mail" with mock_ldap(): ldap = LDAPUsers("ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Try to query with invalid credentials. (response, err_msg) = ldap.at_least_one_user_exists() self.assertFalse(response) self.assertEqual("LDAP Admin dn or password is invalid", err_msg)
def test_at_least_one_user_exists_no_users(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = ['ou=nonexistent'] uid_attr = 'uid' email_attr = 'mail' with mock_ldap(): ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Try to find users in a nonexistent group. (response, err_msg) = ldap.at_least_one_user_exists() self.assertFalse(response) assert err_msg is not None
def test_at_least_one_user_exists_invalid_creds(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'INVALIDPASSWORD' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' with mock_ldap(): ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Try to query with invalid credentials. (response, err_msg) = ldap.at_least_one_user_exists() self.assertFalse(response) self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
def test_invalid_admin_password(self): base_dn = ["dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "INVALIDPASSWORD" user_rdn = ["ou=employees"] uid_attr = "uid" email_attr = "mail" with mock_ldap(): ldap = LDAPUsers( "ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr ) # Try to login. (response, err_msg) = ldap.verify_and_link_user("someuser", "somepass") self.assertIsNone(response) self.assertEquals("LDAP Admin dn or password is invalid", err_msg)
def test_invalid_admin_password(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'INVALIDPASSWORD' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' with mock_ldap(): ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr) # Try to login. (response, err_msg) = ldap.verify_and_link_user('someuser', 'somepass') self.assertIsNone(response) self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
def _create_ldap(requires_email=True): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' secondary_user_rdns = ['ou=otheremployees'] ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns, requires_email=requires_email) return ldap
def _create_ldap(requires_email=True): base_dn = ["dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "password" user_rdn = ["ou=employees"] uid_attr = "uid" email_attr = "mail" secondary_user_rdns = ["ou=otheremployees"] ldap = LDAPUsers( "ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns, requires_email=requires_email, ) return ldap
def test_timeout(self): base_dn = ['dc=quay', 'dc=io'] admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io' admin_passwd = 'password' user_rdn = ['ou=employees'] uid_attr = 'uid' email_attr = 'mail' secondary_user_rdns = ['ou=otheremployees'] with self.assertRaisesRegexp(Exception, "Can't contact LDAP server"): ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns, requires_email=False, timeout=5) ldap.query_users('cool')
def test_at_least_one_user_exists_filtered_away(self): base_dn = ["dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "password" user_rdn = ["ou=employees"] uid_attr = "uid" email_attr = "mail" secondary_user_rdns = ["ou=otheremployees"] with mock_ldap(): ldap = LDAPUsers( "ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, ldap_user_filter="(filterField=someothervalue)", ) (response, err_msg) = ldap.at_least_one_user_exists() self.assertIsNone(err_msg) self.assertFalse(response)
def test_timeout(self): base_dn = ["dc=quay", "dc=io"] admin_dn = "uid=testy,ou=employees,dc=quay,dc=io" admin_passwd = "password" user_rdn = ["ou=employees"] uid_attr = "uid" email_attr = "mail" secondary_user_rdns = ["ou=otheremployees"] with self.assertRaisesRegexp(Exception, "Can't contact LDAP server"): ldap = LDAPUsers( "ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns, requires_email=False, timeout=5, ) ldap.query_users("cool")