def test_no_dn_format_set(self, mocked_ldap): del flask.current_app.config['KEGAUTH_LDAP_DN_FORMAT'] user = User.testing_create() authenticator = auth.LdapAuthenticator(app=flask.current_app) with pytest.raises(Exception) as e_info: authenticator.verify_password(user, None) assert 'KEGAUTH_LDAP_DN_FORMAT' in str(e_info.value)
def test_user_not_found(self, mocked_ldap): mocked_ldap.return_value.simple_bind_s.return_value = (ldap.RES_BIND, ) authenticator = auth.LdapAuthenticator(app=flask.current_app) success = authenticator.verify_user(login_id='nobodybythisnamehere', password='******') assert mocked_ldap.call_count assert success assert User.get_by(username='******')
def test_debug_override(self, mocked_ldap): flask.current_app.config['KEGAUTH_LDAP_TEST_MODE'] = True user = User.testing_create() authenticator = auth.LdapAuthenticator(app=flask.current_app) success = authenticator.verify_password(user, 'foo') assert not mocked_ldap.call_count assert success is True
def test_successful_authentication(self, mocked_ldap): mocked_ldap.return_value.simple_bind_s.return_value = (ldap.RES_BIND, ) user = User.testing_create() authenticator = auth.LdapAuthenticator(app=flask.current_app) success = authenticator.verify_password(user, 'foo') assert mocked_ldap.call_count assert success is True
def test_unsuccessful_authentication(self, mocked_ldap): mocked_ldap.return_value.simple_bind_s.side_effect = ldap.INVALID_CREDENTIALS() user = User.testing_create() authenticator = auth.LdapAuthenticator(app=flask.current_app) success = authenticator.verify_password(user, 'foo') assert mocked_ldap.call_count assert success is False
def test_invalid_dn_syntax(self, mocked_ldap): mocked_ldap.return_value.simple_bind_s.side_effect = ldap.INVALID_DN_SYNTAX() user = User.testing_create() authenticator = auth.LdapAuthenticator(app=flask.current_app) success = authenticator.verify_password(user, 'foo') assert mocked_ldap.call_count assert success is False
def test_successful_authentication_multiple_server_urls(self, mocked_ldap): flask.current_app.config['KEGAUTH_LDAP_SERVER_URL'] = [ 'abc123', 'def456', 'ghi789' ] mocked_ldap.return_value.simple_bind_s.side_effect = ((0, ), (0, ), ( ldap.RES_BIND, )) user = User.testing_create() authenticator = auth.LdapAuthenticator(app=flask.current_app) success = authenticator.verify_password(user, 'foo') assert mocked_ldap.call_args_list == [ mock.call('abc123'), mock.call('def456'), mock.call('ghi789'), ] assert success is True
def test_user_not_active(self, mocked_ldap): # internal flag should have no effect on LDAP auth mocked_ldap.return_value.simple_bind_s.return_value = (ldap.RES_BIND, ) user = User.testing_create(is_enabled=False) authenticator = auth.LdapAuthenticator(app=flask.current_app) assert authenticator.verify_user(login_id=user.email)