def init_fakeldap( directory: Optional[Dict[str, Dict[str, List[str]]]] = None) -> None: # We only use this in development. Importing mock inside # this function is an import time optimization, which # avoids the expensive import of the mock module (slow # because its dependency pbr uses pkgresources, which is # really slow to import.) import mock from fakeldap import MockLDAP # Silent `django_auth_ldap` logger in dev mode to avoid # spammy user not found log messages. ldap_auth_logger = logging.getLogger('django_auth_ldap') ldap_auth_logger.setLevel(logging.CRITICAL) fakeldap_logger = logging.getLogger('fakeldap') fakeldap_logger.setLevel(logging.CRITICAL) ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize') mock_initialize = ldap_patcher.start() mock_ldap = MockLDAP() mock_initialize.return_value = mock_ldap mock_ldap.directory = directory or generate_dev_ldap_dir( settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS)
def test_search_s_onelevel(self): directory = { "ou=users,dc=30loops,dc=net": { "ou": "users" }, "cn=admin,ou=users,dc=30loops,dc=net": { "userPassword": "******" }, "cn=john,ou=users,dc=30loops,dc=net": { "userPassword": "******", "mail": "*****@*****.**" }, "cn=jack,ou=users,dc=30loops,dc=net": { # test [value, ] format here "userPassword": [ "ldaptest", ], "mail": [ "*****@*****.**", ] }, "cn=john2,ou=users,dc=30loops,dc=net": { "userPassword": "******", "mail": "*****@*****.**" # same mail as john } } self.mock_ldap = MockLDAP(directory) result = self.mock_ldap.search_s("dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") # The search is one-level, so the above should return no results: self.assertEqual(result, []) result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") self.assertEqual(result, [('cn=jack,ou=users,dc=30loops,dc=net', { 'userPassword': ['ldaptest'], 'mail': ['*****@*****.**'] })]) result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") self.assertEqual(len(result), 2) self.assertIn(('cn=john,ou=users,dc=30loops,dc=net', { 'userPassword': '******', 'mail': '*****@*****.**' }), result) self.assertIn(('cn=john2,ou=users,dc=30loops,dc=net', { 'userPassword': '******', 'mail': '*****@*****.**' }), result) result = self.mock_ldap.search_s("dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") self.assertEqual(result, [])
class TestLdapOperations(unittest.TestCase): def setUp(self): self.mock_ldap = MockLDAP(directory) def tearDown(self): self.mock_ldap.reset() def test_simple_bind_s_operation(self): """Try to bind a user.""" # Make a valid bind eq_((97, []), self.mock_ldap.simple_bind_s("cn=admin,dc=30loops,dc=net", "ldaptest")) # Supply the wrong password assert_raises(ldap.INVALID_CREDENTIALS, self.mock_ldap.simple_bind_s, who="cn=admin,dc=30loops,dc=net", cred="wrong") def test_add_s_operation(self): """Test the addition of records to the mock ldap object.""" record = [ ('uid', 'crito'), ('userPassword', 'secret'), ] eq_((105, [], 1, []), self.mock_ldap.add_s("uid=crito,ou=people,dc=30loops,dc=net", record)) directory = { "cn=admin,dc=30loops,dc=net": { "userPassword": "******" }, "uid=crito,ou=people,dc=30loops,dc=net": { "uid": "crito", "userPassword": "******" } } eq_(directory, self.mock_ldap.directory) record = [ ('uid', 'bas'), ('userPassword', 'secret'), ] eq_((105, [], 2, []), self.mock_ldap.add_s("uid=bas,ou=people,dc=30loops,dc=net", record))
def init_default_ldap_database(self) -> None: """ Takes care of the mock_ldap setup, loads a directory from zerver/tests/fixtures/ldap/directory.json with various entries to be used by tests. If a test wants to specify its own directory, it can just replace self.mock_ldap.directory with its own content, but in most cases it should be enough to use change_user_attr to make simple modifications to the pre-loaded directory. If new user entries are needed to test for some additional unusual scenario, it's most likely best to add that to directory.json. """ directory = ujson.loads(self.fixture_data("directory.json", type="ldap")) for dn, attrs in directory.items(): if 'uid' in attrs: # Generate a password for the ldap account: attrs['userPassword'] = [self.ldap_password(attrs['uid'][0]), ] # Load binary attributes. If in "directory", an attribute as its value # has a string starting with "file:", the rest of the string is assumed # to be a path to the file from which binary data should be loaded, # as the actual value of the attribute in ldap. for attr, value in attrs.items(): if isinstance(value, str) and value.startswith("file:"): with open(value[5:], 'rb') as f: attrs[attr] = [f.read(), ] ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize') self.mock_initialize = ldap_patcher.start() self.mock_ldap = MockLDAP(directory) self.mock_initialize.return_value = self.mock_ldap
def init_fakeldap() -> None: # nocoverage # We only use this in development. Importing mock inside # this function is an import time optimization, which # avoids the expensive import of the mock module (slow # because its dependency pbr uses pkgresources, which is # really slow to import.) import mock from fakeldap import MockLDAP ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize') mock_initialize = ldap_patcher.start() mock_ldap = MockLDAP() mock_initialize.return_value = mock_ldap mock_ldap.directory = generate_dev_ldap_dir(settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS)
def test_ldap_auth(self, ldap_obj): User = self.get_model_class('django.contrib.auth.models.User') User.objects.create(username='******') # Test on fakeldap admin = "*****@*****.**" admin_password = "******" LDAP_obj = MockLDAP({ admin: {"userPassword": [admin_password], 'cn': [admin]}, 'test': {"userPassword": [admin_password]} }) data = dict(username=admin, password=admin_password) client = Client() ldap_obj.return_value = LDAP_obj self._get_test_ldap(client, data) data['username'] = '******' with override_settings(LDAP_DOMAIN='test.lan'): self._get_test_ldap(client, data) with override_settings(LDAP_DOMAIN='TEST'): self._get_test_ldap(client, data) # Unittest ldap_obj.reset_mock() admin_dict = { "objectCategory": ['top', 'user'], "userPassword": [admin_password], 'cn': [admin] } tree = { admin: admin_dict, "dc=test,dc=lan": { 'cn=admin,dc=test,dc=lan': admin_dict, 'cn=test,dc=test,dc=lan': {"objectCategory": ['person', 'user']}, } } LDAP_obj = MockLDAP(tree) ldap_obj.return_value = LDAP_obj ldap_backend = LDAP('ldap://10.10.10.22', admin, domain='test.lan') self.assertFalse(ldap_backend.isAuth()) with self.assertRaises(LDAP.NotAuth): ldap_backend.group_list() ldap_backend.auth(admin, admin_password) self.assertTrue(ldap_backend.isAuth()) self.assertEqual( json.loads(ldap_backend.group_list())["dc=test,dc=lan"], tree["dc=test,dc=lan"] )
class TestLdapOperations(unittest.TestCase): def setUp(self): self.mock_ldap = MockLDAP(directory) def tearDown(self): self.mock_ldap.reset() def test_simple_bind_s_operation(self): """Try to bind a user.""" # Make a valid bind eq_( (97,[]), self.mock_ldap.simple_bind_s("cn=admin,dc=30loops,dc=net", "ldaptest") ) # Supply the wrong password assert_raises( ldap.INVALID_CREDENTIALS, self.mock_ldap.simple_bind_s, who="cn=admin,dc=30loops,dc=net", cred="wrong" ) def test_add_s_operation(self): """Test the addition of records to the mock ldap object.""" record = [ ('uid', 'crito'), ('userPassword', 'secret'), ] eq_((105,[],1,[]), self.mock_ldap.add_s( "uid=crito,ou=people,dc=30loops,dc=net", record )) directory = { "cn=admin,dc=30loops,dc=net": {"userPassword": "******"}, "uid=crito,ou=people,dc=30loops,dc=net": { "uid": "crito", "userPassword": "******"} } eq_(directory, self.mock_ldap.directory) record = [ ('uid', 'bas'), ('userPassword', 'secret'), ] eq_((105,[],2,[]), self.mock_ldap.add_s( "uid=bas,ou=people,dc=30loops,dc=net", record ))
def __init__(self) -> None: if settings.DEVELOPMENT and settings.FAKE_LDAP_MODE: # nocoverage # We only use this in development from fakeldap import MockLDAP ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize') self.mock_initialize = ldap_patcher.start() self.mock_ldap = MockLDAP() self.mock_initialize.return_value = self.mock_ldap self.mock_ldap.directory = generate_dev_ldap_dir(settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS)
def init_fakeldap(directory: Optional[Dict[str, Dict[str, List[str]]]]=None) -> None: # We only use this in development. Importing mock inside # this function is an import time optimization, which # avoids the expensive import of the mock module (slow # because its dependency pbr uses pkgresources, which is # really slow to import.) import mock from fakeldap import MockLDAP # Silent `django_auth_ldap` logger in dev mode to avoid # spammy user not found log messages. ldap_auth_logger = logging.getLogger('django_auth_ldap') ldap_auth_logger.setLevel(logging.CRITICAL) fakeldap_logger = logging.getLogger('fakeldap') fakeldap_logger.setLevel(logging.CRITICAL) ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize') mock_initialize = ldap_patcher.start() mock_ldap = MockLDAP() mock_initialize.return_value = mock_ldap mock_ldap.directory = directory or generate_dev_ldap_dir(settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS)
def setUp(self): self.mock_ldap = MockLDAP(directory)
class TestLdapOperations(unittest.TestCase): def setUp(self): self.mock_ldap = MockLDAP(directory) def tearDown(self): self.mock_ldap.reset() def test_simple_bind_s_operation(self): """Try to bind a user.""" # Make a valid bind eq_((97, []), self.mock_ldap.simple_bind_s("cn=admin,dc=30loops,dc=net", "ldaptest")) # Supply the wrong password assert_raises(ldap.INVALID_CREDENTIALS, self.mock_ldap.simple_bind_s, who="cn=admin,dc=30loops,dc=net", cred="wrong") def test_add_s_operation(self): """Test the addition of records to the mock ldap object.""" record = [ ('uid', 'crito'), ('userPassword', 'secret'), ] eq_((105, [], 1, []), self.mock_ldap.add_s("uid=crito,ou=people,dc=30loops,dc=net", record)) directory = { "cn=admin,dc=30loops,dc=net": { "userPassword": "******" }, "uid=crito,ou=people,dc=30loops,dc=net": { "uid": "crito", "userPassword": "******" } } eq_(directory, self.mock_ldap.directory) record = [ ('uid', 'bas'), ('userPassword', 'secret'), ] eq_((105, [], 2, []), self.mock_ldap.add_s("uid=bas,ou=people,dc=30loops,dc=net", record)) def test_search_s_base(self): result = self.mock_ldap.search_s("cn=admin,dc=30loops,dc=net", ldap.SCOPE_BASE) self.assertEqual(result, [('cn=admin,dc=30loops,dc=net', { 'userPassword': '******' })]) def test_search_s_onelevel(self): directory = { "ou=users,dc=30loops,dc=net": { "ou": "users" }, "cn=admin,ou=users,dc=30loops,dc=net": { "userPassword": "******" }, "cn=john,ou=users,dc=30loops,dc=net": { "userPassword": "******", "mail": "*****@*****.**" }, "cn=jack,ou=users,dc=30loops,dc=net": { # test [value, ] format here "userPassword": [ "ldaptest", ], "mail": [ "*****@*****.**", ] }, "cn=john2,ou=users,dc=30loops,dc=net": { "userPassword": "******", "mail": "*****@*****.**" # same mail as john } } self.mock_ldap = MockLDAP(directory) result = self.mock_ldap.search_s("dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") # The search is one-level, so the above should return no results: self.assertEqual(result, []) result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") self.assertEqual(result, [('cn=jack,ou=users,dc=30loops,dc=net', { 'userPassword': ['ldaptest'], 'mail': ['*****@*****.**'] })]) result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") self.assertEqual(len(result), 2) self.assertIn(('cn=john,ou=users,dc=30loops,dc=net', { 'userPassword': '******', 'mail': '*****@*****.**' }), result) self.assertIn(('cn=john2,ou=users,dc=30loops,dc=net', { 'userPassword': '******', 'mail': '*****@*****.**' }), result) result = self.mock_ldap.search_s("dc=30loops,dc=net", ldap.SCOPE_ONELEVEL, "([email protected])") self.assertEqual(result, [])
def setUp(self): """ Create a mock ldap object backed by a given dict""" self.mock_ldap = MockLDAP(directory=directory)