def test_set_groups(app, slapd_connection, user, foo_group, bar_group):
with app.app_context():
Group.ldap_object_attributes(conn=slapd_connection)
User.ldap_object_attributes(conn=slapd_connection)
user = User.get(dn=user.dn, conn=slapd_connection)
user.load_groups(conn=slapd_connection)
assert set(Group.available_groups(conn=slapd_connection)) == {
("foo", foo_group.dn),
("bar", bar_group.dn),
}
foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)}
assert user.dn in foo_dns
assert user.groups[0].dn == foo_group.dn
user.set_groups([foo_group, bar_group], conn=slapd_connection)
bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)}
assert user.dn in bar_dns
assert user.groups[1].dn == bar_group.dn
user.set_groups([foo_group], conn=slapd_connection)
foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)}
bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)}
assert user.dn in foo_dns
assert user.dn not in bar_dns
def bar_group(app, admin, slapd_connection):
Group.ldap_object_classes(slapd_connection)
g = Group(
objectClass=["groupOfNames"],
member=[admin.dn],
cn="bar",
)
g.save(slapd_connection)
with app.app_context():
admin.load_groups(conn=slapd_connection)
yield g
admin._groups = []
g.delete(conn=slapd_connection)
def foo_group(app, user, slapd_connection):
Group.ldap_object_classes(slapd_connection)
g = Group(
objectClass=["groupOfNames"],
member=[user.dn],
cn="foo",
)
g.save(slapd_connection)
with app.app_context():
user.load_groups(conn=slapd_connection)
yield g
user._groups = []
g.delete(conn=slapd_connection)
def test_moderator_can_create_edit_and_delete_group(testclient,
slapd_connection,
logged_moderator,
foo_group):
# The group does not exist
res = testclient.get("/groups", status=200)
with testclient.app.app_context():
assert Group.get("bar", conn=slapd_connection) is None
assert Group.get("foo", conn=slapd_connection) == foo_group
assert "bar" not in res.text
assert "foo" in res.text
# Fill the form for a new group
res = testclient.get("/groups/add", status=200)
res.form["name"] = "bar"
res.form["description"] = "yolo"
# Group has been created
res = res.form.submit(status=302).follow(status=200)
with testclient.app.app_context():
bar_group = Group.get("bar", conn=slapd_connection)
assert bar_group.name == "bar"
assert bar_group.description == ["yolo"]
assert [
member.dn
for member in bar_group.get_members(conn=slapd_connection)
] == [logged_moderator.dn
] # Group cannot be empty so creator is added in it
assert "bar" in res.text
# Group name can not be edited
res = testclient.get("/groups/bar", status=200)
res.form["name"] = "bar2"
res.form["description"] = ["yolo2"]
res = res.form.submit(name="action", value="edit", status=200)
with testclient.app.app_context():
bar_group = Group.get("bar", conn=slapd_connection)
assert bar_group.name == "bar"
assert bar_group.description == ["yolo2"]
assert Group.get("bar2", conn=slapd_connection) is None
members = bar_group.get_members(conn=slapd_connection)
for member in members:
assert member.name in res.text
# Group is deleted
res = res.form.submit(name="action", value="delete",
status=302).follow(status=200)
with testclient.app.app_context():
assert Group.get("bar", conn=slapd_connection) is None
assert "The group bar has been sucessfully deleted" in res.text
def test_equality(slapd_connection, foo_group, bar_group):
Group.ldap_object_attributes(conn=slapd_connection)
assert foo_group != bar_group
foo_group2 = Group.get(dn=foo_group.dn, conn=slapd_connection)
assert foo_group == foo_group2
def validate_configuration(config):
from canaille.models import User, Group
try:
conn = ldap.initialize(config["LDAP"]["URI"])
if config["LDAP"].get("TIMEOUT"):
conn.set_option(ldap.OPT_NETWORK_TIMEOUT,
config["LDAP"]["TIMEOUT"])
conn.simple_bind_s(config["LDAP"]["BIND_DN"],
config["LDAP"]["BIND_PW"])
except ldap.SERVER_DOWN as exc:
raise ConfigurationException(
f'Could not connect to the LDAP server \'{config["LDAP"]["URI"]}\''
) from exc
except ldap.INVALID_CREDENTIALS as exc:
raise ConfigurationException(
f'LDAP authentication failed with user \'{config["LDAP"]["BIND_DN"]}\''
) from exc
try:
User.ldap_object_classes(conn)
user = User(
objectClass=["inetOrgPerson"],
cn=f"canaille_{uuid.uuid4()}",
sn=f"canaille_{uuid.uuid4()}",
uid=f"canaille_{uuid.uuid4()}",
mail=f"canaille_{uuid.uuid4()}@mydomain.tld",
userPassword="******",
)
user.save(conn)
user.delete(conn)
except ldap.INSUFFICIENT_ACCESS as exc:
raise ConfigurationException(
f'LDAP user \'{config["LDAP"]["BIND_DN"]}\' cannot create '
f'users at \'{config["LDAP"]["USER_BASE"]}\'') from exc
try:
Group.ldap_object_classes(conn)
user = User(
objectClass=["inetOrgPerson"],
cn=f"canaille_{uuid.uuid4()}",
sn=f"canaille_{uuid.uuid4()}",
uid=f"canaille_{uuid.uuid4()}",
mail=f"canaille_{uuid.uuid4()}@mydomain.tld",
userPassword="******",
)
user.save(conn)
group = Group(
objectClass=["groupOfNames"],
cn=f"canaille_{uuid.uuid4()}",
member=[user.dn],
)
group.save(conn)
group.delete(conn)
except ldap.INSUFFICIENT_ACCESS as exc:
raise ConfigurationException(
f'LDAP user \'{config["LDAP"]["BIND_DN"]}\' cannot create '
f'groups at \'{config["LDAP"]["GROUP_BASE"]}\'') from exc
finally:
user.delete(conn)
conn.unbind_s()
def test_no_group(app, slapd_connection):
with app.app_context():
assert Group.available_groups(conn=slapd_connection) == []