Ejemplo n.º 1
0
    def test_ldap_search(self):
        """
        Verify ldap search only allows if a user is in an expected group.
        """
        # Check sunny day searches
        with app.app_context():
            with mock.patch.dict(
                    'sys.modules', {'ldap': mock.MagicMock(ldap)}):
                mldap = sys.modules['ldap']
                conn = mock.MagicMock('conn')
                conn.search_s = mock.MagicMock(
                    return_value=[[
                        'cn=someldapgroup,dc=example,dc=com',
                        {'cn': ['someldapgroup']},
                    ]]
                )
                conn.simple_bind_s = mock.MagicMock('simple_bind_s')
                mldap.initialize.return_value = conn

                r = callables.ldap_search(
                    'username', {'group': 'group1'})
                print r
                assert r[0]
                assert callables.ldap_search(
                    'username', {'group': 'notallowed'})[0] is False

        # Check on error conditions
        # If SERVER_DOWN, LDAPError or ImportError is raised the user should
        # not be able to authorize
        with app.app_context():
            with mock.patch.dict(
                    'sys.modules', {'ldap': mock.MagicMock(ldap)}):
                mldap = sys.modules['ldap']
                for ex in (ImportError, mldap.SERVER_DOWN, mldap.LDAPError):
                    mldap.initialize.side_effect = ex

                    assert callables.ldap_search(
                        'username', {'group': 'group1'})[0] is False
                    assert callables.ldap_search(
                        'username', {'group': 'notallowed'})[0] is False
Ejemplo n.º 2
0
    def test_ldap_search_for_unconfigured_group_fails(self):
        """
        Verify that if the ldap group is not configured access is not granted
        """
        with app.app_context():
            with mock.patch.dict(
                    'sys.modules', {'ldap': mock.MagicMock(ldap)}):
                mldap = sys.modules['ldap']
                conn = mock.MagicMock('conn')
                conn.search_s = mock.MagicMock(
                    return_value=[(
                        'cn=thisdoesnotexist,dc=example,dc=com',
                        {'cn': 'thisdoesnotexist'},
                    )]
                )
                conn.simple_bind_s = mock.MagicMock('simple_bind_s')
                mldap.initialize.return_value = conn

                assert callables.ldap_search(
                    'username', {'group': 'group1'})[0] is False
                assert callables.ldap_search(
                    'username', {'group': 'notallowed'})[0] is False
Ejemplo n.º 3
0
    def test_ldap_search_with_wildcard_access(self):
        """
        Verify user has access to all groups if they have * listed.
        """
        # Check sunny day searches
        with app.app_context():
            with mock.patch.dict(
                    'sys.modules', {'ldap': mock.MagicMock(ldap)}):
                mldap = sys.modules['ldap']
                conn = mock.MagicMock('conn')
                conn.search_s = mock.MagicMock(
                    return_value=[(
                        'cn=superadmins,dc=example,dc=com',
                        {'cn': 'superadmins'},
                    )]
                )
                conn.simple_bind_s = mock.MagicMock('simple_bind_s')
                mldap.initialize.return_value = conn

                assert callables.ldap_search(
                    'username', {'group': 'group1'})
                assert callables.ldap_search(
                    'username', {'group': 'howaboutthis'})