def test_that_verify_password_calls_with_missing_bind_password_try_bind(
self, wazo_ldap):
self.ldap_service.get.return_value.update(
{'bind_dn': 'uid=foo,dc=example,dc=com'})
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.perform_bind.return_value = True
wazo_ldap.perform_search.return_value = self.search_obj_result
self.list_users.return_value = [{'uuid': 'alice-uuid'}]
args = {'tenant_id': 'test'}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(True))
assert_that(
args,
equal_to({
'tenant_id': 'test',
'pbx_user_uuid': 'alice-uuid',
'user_email': '*****@*****.**',
'real_login': '******',
}),
)
wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn,
'bar')
def test_that_verify_password_calls_with_bind_dn(self, find_by, xivo_ldap):
extended_config = {
'confd': {},
'confd_db_uri': 'postgresql:///',
'ldap': {
'bind_dn': 'uid=foo,dc=example,dc=com',
'bind_password': '******'
},
}
extended_config['ldap'].update(self.config['ldap'])
backend = LDAPUser()
backend.load({'config': extended_config})
xivo_ldap = xivo_ldap.return_value
xivo_ldap.perform_bind.return_value = True
xivo_ldap.perform_search.return_value = self.search_obj_result
find_by.return_value.uuid = 'alice-uuid'
args = {}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(True))
assert_that(args, equal_to({'pbx_user_uuid': 'alice-uuid'}))
expected_call = [
call('uid=foo,dc=example,dc=com', 'S3cr$t'),
call(self.expected_user_dn, 'bar'),
]
xivo_ldap.perform_bind.assert_has_calls(expected_call)
class TestGetMetadata(BaseTestCase):
def setUp(self):
super().setUp()
self.args = {
'pbx_user_uuid': 'alice-uuid',
'user_email': '*****@*****.**'
}
self.backend = LDAPUser()
self.backend.load(
{
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
}, )
def test_that_get_metadata_calls_the_dao(self):
expected_result = has_entries(
auth_id='alice-uuid',
pbx_user_uuid='alice-uuid',
)
result = self.backend.get_metadata('alice', self.args)
assert_that(result, expected_result)
def test_that_get_metadata_raises_if_no_user(self):
self.assertRaises(Exception, self.backend.get_metadata, 'alice', None)
class TestGetACLS(BaseTestCase):
def setUp(self):
super().setUp()
self.args = {
'pbx_user_uuid': 'alice-uuid',
'user_email': '*****@*****.**',
'acl': ['acl0'],
}
self.backend = LDAPUser()
self.backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
def test_get_acl(self):
result = self.backend.get_acl('alice', self.args)
assert_that(result, has_items('acl1', 'acl2'))
def test_get_acl_when_acls_in_backend(self):
self.args['acl'] = ['acl0']
result = self.backend.get_acl('alice', self.args)
assert_that(result, has_items('acl0', 'acl1', 'acl2'))
def test_that_verify_password_return_false_when_serverdown(self, find_by, xivo_ldap):
backend = LDAPUser()
backend.load({'config': self.config})
xivo_ldap.side_effect = ldap.SERVER_DOWN
args = {}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
def test_that_verify_password_calls_return_false_when_no_user_bind(self, find_by, xivo_ldap):
backend = LDAPUser()
backend.load({'config': self.config})
xivo_ldap = xivo_ldap.return_value
xivo_ldap.perform_bind.return_value = False
args = {}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
xivo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
def test_that_verify_password_calls_return_False_when_no_email_associated(self, find_by, xivo_ldap):
backend = LDAPUser()
backend.load({'config': self.config})
xivo_ldap = xivo_ldap.return_value
xivo_ldap.perform_bind.return_value = True
xivo_ldap.perform_search.return_value = self.search_obj_result
find_by.return_value.uuid = None
args = {}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
assert_that(args, equal_to({}))
def setUp(self):
config = {
'confd': {},
'confd_db_uri': 'postgresql:///',
'ldap': {
'uri': 'ldap://host:389',
'user_base_dn': 'dc=example,dc=com',
'user_login_attribute': 'uid'
}
}
self.args = {'xivo_user_uuid': 'alice-uuid'}
self.backend = LDAPUser()
self.backend.load({'config': config})
def test_that_verify_password_escape_dn_chars(self, find_by, xivo_ldap):
backend = LDAPUser()
backend.load({'config': self.config})
xivo_ldap = xivo_ldap.return_value
xivo_ldap.perform_bind.return_value = True
xivo_ldap.perform_search.return_value = ('uid=fo\+o,dc=example,dc=com', Mock())
find_by.return_value.uuid = 'alice-uuid'
args = {}
result = backend.verify_password('fo+o', 'bar', args)
assert_that(result, equal_to(True))
xivo_ldap.perform_bind.assert_called_once_with('uid=fo\+o,dc=example,dc=com', 'bar')
def test_that_verify_password_calls_perform_bind(self, find_by, xivo_ldap):
backend = LDAPUser()
backend.load({'config': self.config})
xivo_ldap = xivo_ldap.return_value
xivo_ldap.perform_bind.return_value = True
xivo_ldap.perform_search.return_value = self.search_obj_result
find_by.return_value.uuid = 'alice-uuid'
args = {}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(True))
xivo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
def test_that_verify_password_return_false_when_ldaperror(self, wazo_ldap):
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.connect.side_effect = ldap.LDAPError
args = {'tenant_id': 'test'}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
def setUp(self):
super().setUp()
self.args = {
'pbx_user_uuid': 'alice-uuid',
'user_email': '*****@*****.**',
'acl': ['acl0'],
}
self.backend = LDAPUser()
self.backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
def test_that_verify_password_works_using_domain_name(self, wazo_ldap):
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.perform_bind.return_value = True
wazo_ldap.perform_search.return_value = self.search_obj_result
self.list_users.return_value = [{'uuid': 'alice-uuid'}]
args = {'domain_name': 'wazo.io'}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(True))
def test_that_verify_password_calls_return_false_when_no_user_bind(
self, wazo_ldap):
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.perform_bind.return_value = False
args = {'tenant_id': 'test'}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn,
'bar')
class TestGetACLS(unittest.TestCase):
def setUp(self):
config = {
'confd': {},
'confd_db_uri': 'postgresql:///',
'ldap': {
'uri': 'ldap://host:389',
'user_base_dn': 'dc=example,dc=com',
'user_login_attribute': 'uid',
},
}
self.args = {'pbx_user_uuid': 'alice-uuid'}
self.backend = LDAPUser()
self.backend.load({'config': config})
def test_get_acls(self, find_by):
with patch.object(self.backend, 'render_acl') as render_acl:
result = self.backend.get_acls('alice', self.args)
assert_that(result, equal_to(render_acl.return_value))
def test_that_verify_password_calls_return_false_when_no_binding_with_anonymous(self, find_by, xivo_ldap):
extended_config = {
'confd': {},
'confd_db_uri': 'postgresql:///',
'ldap': {
'bind_anonymous': True
}
}
extended_config['ldap'].update(self.config['ldap'])
xivo_ldap = xivo_ldap.return_value
backend = LDAPUser()
backend.load({'config': extended_config})
xivo_ldap.perform_bind.return_value = False
args = {}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
xivo_ldap.perform_bind.assert_called_once_with('', '')
def test_that_verify_password_calls_return_False_when_no_email_associated(
self, wazo_ldap):
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.perform_bind.return_value = True
wazo_ldap.perform_search.return_value = self.search_obj_result
self.list_users.return_value = []
args = {'tenant_id': 'test'}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(False))
assert_that(args, equal_to({'tenant_id': 'test'}))
def test_that_verify_password_calls_perform_bind(self, wazo_ldap):
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.perform_bind.return_value = True
wazo_ldap.perform_search.return_value = self.search_obj_result
self.list_users.return_value = [{'uuid': 'alice-uuid'}]
args = {'tenant_id': 'test'}
result = backend.verify_password('foo', 'bar', args)
assert_that(result, equal_to(True))
wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn,
'bar')
def test_that_verify_password_escape_filter_chars(self, find_by, xivo_ldap):
extended_config = {
'confd_db_uri': 'postgresql:///',
'ldap': {
'bind_anonymous': True
}
}
extended_config['ldap'].update(self.config['ldap'])
backend = LDAPUser()
backend.load({'config': self.config})
xivo_ldap = xivo_ldap.return_value
xivo_ldap.perform_bind.return_value = True
xivo_ldap.perform_search.return_value = ('uid=fo\+o,dc=example,dc=com', Mock())
find_by.return_value.uuid = 'alice-uuid'
args = {}
result = backend.verify_password('fo+o', 'bar', args)
assert_that(result, equal_to(True))
xivo_ldap.perform_search.assert_called_once_with('uid=fo\+o,dc=example,dc=com', 0, attrlist=['mail'])
class TestGetMetadata(unittest.TestCase):
def setUp(self):
config = {
'confd': {},
'confd_db_uri': 'postgresql:///',
'ldap': {
'uri': 'ldap://host:389',
'user_base_dn': 'dc=example,dc=com',
'user_login_attribute': 'uid',
},
}
self.args = {'xivo_user_uuid': 'alice-uuid'}
self.backend = LDAPUser()
self.backend.load({'config': config})
def test_that_get_metadata_calls_the_dao(self, find_by):
expected_result = has_entries(auth_id='alice-uuid', xivo_user_uuid='alice-uuid')
result = self.backend.get_metadata('alice', self.args)
assert_that(result, expected_result)
def test_that_get_metadata_raises_if_no_user(self, find_by):
self.assertRaises(Exception, self.backend.get_metadata, 'alice', None)
def test_that_verify_password_escape_filter_chars(self, wazo_ldap):
backend = LDAPUser()
backend.load({
'user_service': self.user_service,
'group_service': self.group_service,
'ldap_service': self.ldap_service,
'tenant_service': self.tenant_service,
'purposes': self.purposes,
})
wazo_ldap = wazo_ldap.return_value
wazo_ldap.perform_bind.return_value = True
wazo_ldap.perform_search.return_value = (
'uid=fo\\+o,dc=example,dc=com', Mock())
self.list_users.return_value = [{'uuid': 'alice-uuid'}]
args = {'tenant_id': 'test'}
result = backend.verify_password('fo+o', 'bar', args)
assert_that(result, equal_to(True))
wazo_ldap.perform_search.assert_called_once_with(
'uid=fo\\+o,dc=example,dc=com', 0, attrlist=['mail'])
def test_that_should_be_loaded_return_true(self):
config = {'ldap': {}}
result = LDAPUser.should_be_loaded(config)
assert_that(result, equal_to(False))
def test_that_should_be_loaded_return_false_when_no_config(self):
config = {}
result = LDAPUser.should_be_loaded(config)
assert_that(result, equal_to(False))
