def test_login_empty_userdn(self):
with mock_ldap():
base_dn = ['ou=employees', 'dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'password'
user_rdn = []
uid_attr = 'uid'
email_attr = 'mail'
secondary_user_rdns = ['ou=otheremployees']
ldap = LDAPUsers('ldap://localhost',
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns)
# Verify we can login.
(response, _) = ldap.verify_and_link_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser')
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser')
def test_login_empty_userdn(self):
with mock_ldap():
base_dn = ["ou=employees", "dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = []
uid_attr = "uid"
email_attr = "mail"
secondary_user_rdns = ["ou=otheremployees"]
ldap = LDAPUsers(
"ldap://localhost",
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
)
# Verify we can login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
def test_at_least_one_user_exists_no_users(self):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = ["ou=nonexistent"]
uid_attr = "uid"
email_attr = "mail"
with mock_ldap():
ldap = LDAPUsers("ldap://localhost", base_dn, admin_dn,
admin_passwd, user_rdn, uid_attr, email_attr)
# Try to find users in a nonexistent group.
(response, err_msg) = ldap.at_least_one_user_exists()
self.assertFalse(response)
assert err_msg is not None
def test_at_least_one_user_exists_invalid_creds(self):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "INVALIDPASSWORD"
user_rdn = ["ou=employees"]
uid_attr = "uid"
email_attr = "mail"
with mock_ldap():
ldap = LDAPUsers("ldap://localhost", base_dn, admin_dn,
admin_passwd, user_rdn, uid_attr, email_attr)
# Try to query with invalid credentials.
(response, err_msg) = ldap.at_least_one_user_exists()
self.assertFalse(response)
self.assertEqual("LDAP Admin dn or password is invalid", err_msg)
def test_at_least_one_user_exists_no_users(self):
base_dn = ['dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'password'
user_rdn = ['ou=nonexistent']
uid_attr = 'uid'
email_attr = 'mail'
with mock_ldap():
ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
admin_passwd, user_rdn, uid_attr, email_attr)
# Try to find users in a nonexistent group.
(response, err_msg) = ldap.at_least_one_user_exists()
self.assertFalse(response)
assert err_msg is not None
def test_at_least_one_user_exists_invalid_creds(self):
base_dn = ['dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'INVALIDPASSWORD'
user_rdn = ['ou=employees']
uid_attr = 'uid'
email_attr = 'mail'
with mock_ldap():
ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
admin_passwd, user_rdn, uid_attr, email_attr)
# Try to query with invalid credentials.
(response, err_msg) = ldap.at_least_one_user_exists()
self.assertFalse(response)
self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
def test_invalid_admin_password(self):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "INVALIDPASSWORD"
user_rdn = ["ou=employees"]
uid_attr = "uid"
email_attr = "mail"
with mock_ldap():
ldap = LDAPUsers(
"ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr
)
# Try to login.
(response, err_msg) = ldap.verify_and_link_user("someuser", "somepass")
self.assertIsNone(response)
self.assertEquals("LDAP Admin dn or password is invalid", err_msg)
def test_invalid_admin_password(self):
base_dn = ['dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'INVALIDPASSWORD'
user_rdn = ['ou=employees']
uid_attr = 'uid'
email_attr = 'mail'
with mock_ldap():
ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
admin_passwd, user_rdn, uid_attr, email_attr)
# Try to login.
(response,
err_msg) = ldap.verify_and_link_user('someuser', 'somepass')
self.assertIsNone(response)
self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
def _create_ldap(requires_email=True):
base_dn = ['dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'password'
user_rdn = ['ou=employees']
uid_attr = 'uid'
email_attr = 'mail'
secondary_user_rdns = ['ou=otheremployees']
ldap = LDAPUsers('ldap://localhost',
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
requires_email=requires_email)
return ldap
def _create_ldap(requires_email=True):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = ["ou=employees"]
uid_attr = "uid"
email_attr = "mail"
secondary_user_rdns = ["ou=otheremployees"]
ldap = LDAPUsers(
"ldap://localhost",
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
requires_email=requires_email,
)
return ldap
def test_timeout(self):
base_dn = ['dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'password'
user_rdn = ['ou=employees']
uid_attr = 'uid'
email_attr = 'mail'
secondary_user_rdns = ['ou=otheremployees']
with self.assertRaisesRegexp(Exception, "Can't contact LDAP server"):
ldap = LDAPUsers('ldap://localhost',
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
requires_email=False,
timeout=5)
ldap.query_users('cool')
def test_at_least_one_user_exists_filtered_away(self):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = ["ou=employees"]
uid_attr = "uid"
email_attr = "mail"
secondary_user_rdns = ["ou=otheremployees"]
with mock_ldap():
ldap = LDAPUsers(
"ldap://localhost",
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
ldap_user_filter="(filterField=someothervalue)",
)
(response, err_msg) = ldap.at_least_one_user_exists()
self.assertIsNone(err_msg)
self.assertFalse(response)
def test_timeout(self):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = ["ou=employees"]
uid_attr = "uid"
email_attr = "mail"
secondary_user_rdns = ["ou=otheremployees"]
with self.assertRaisesRegexp(Exception, "Can't contact LDAP server"):
ldap = LDAPUsers(
"ldap://localhost",
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
requires_email=False,
timeout=5,
)
ldap.query_users("cool")
