def test_confirm_different_username(self):
with mock_ldap() as ldap:
# Verify that the user is logged in and their username was adjusted.
(response, _) = ldap.verify_and_link_user("cool.user", "somepass")
self.assertEquals(response.username, "cool_user")
# Verify we can confirm the user's quay username.
(response, _) = ldap.confirm_existing_user("cool_user", "somepass")
self.assertEquals(response.username, "cool_user")
# Verify that we *cannot* confirm the LDAP username.
(response, _) = ldap.confirm_existing_user("cool.user", "somepass")
self.assertIsNone(response)
def test_login_empty_userdn(self):
with mock_ldap():
base_dn = ["ou=employees", "dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = []
uid_attr = "uid"
email_attr = "mail"
secondary_user_rdns = ["ou=otheremployees"]
ldap = LDAPUsers(
"ldap://localhost",
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
)
# Verify we can login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
def test_login_empty_userdn(self):
with mock_ldap():
base_dn = ['ou=employees', 'dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'password'
user_rdn = []
uid_attr = 'uid'
email_attr = 'mail'
secondary_user_rdns = ['ou=otheremployees']
ldap = LDAPUsers('ldap://localhost',
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns)
# Verify we can login.
(response, _) = ldap.verify_and_link_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser')
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser')
def test_referral(self):
with mock_ldap() as ldap:
(response, _) = ldap.verify_and_link_user("referred", "somepass")
self.assertEquals(response.username, "cool_user")
# Verify we can confirm the user's quay username.
(response, _) = ldap.confirm_existing_user("cool_user", "somepass")
self.assertEquals(response.username, "cool_user")
def test_login_secondary(self):
with mock_ldap() as ldap:
# Verify we can login.
(response, _) = ldap.verify_and_link_user("secondaryuser", "somepass")
self.assertEquals(response.username, "secondaryuser")
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("secondaryuser", "somepass")
self.assertEquals(response.username, "secondaryuser")
def test_login(self):
with mock_ldap() as ldap:
# Verify we can login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
self.assertTrue(model.user.has_user_prompt(response, "confirm_username"))
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
def test_invalid_password(self):
with mock_ldap() as ldap:
# Verify we cannot login with an invalid password.
(response, err_msg) = ldap.verify_and_link_user("someuser", "invalidpass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid password")
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user("someuser", "invalidpass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid user")
def test_invalid_wildcard(self):
with mock_ldap() as ldap:
# Verify we cannot login with a wildcard.
(response, err_msg) = ldap.verify_and_link_user("some*", "somepass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Username not found")
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user("some*", "somepass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid user")
def test_login_empty_password(self):
with mock_ldap() as ldap:
# Verify we cannot login.
(response, err_msg) = ldap.verify_and_link_user("someuser", "")
self.assertIsNone(response)
self.assertEquals(err_msg, "Anonymous binding not allowed")
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user("someuser", "")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid user")
def test_login_whitespace_password(self):
with mock_ldap() as ldap:
# Verify we cannot login.
(response, err_msg) = ldap.verify_and_link_user('someuser', ' ')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid password')
# Verify we cannot confirm the user.
(response,
err_msg) = ldap.confirm_existing_user('someuser', ' ')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid user')
def test_link_user(self):
with mock_ldap() as ldap:
# Link someuser.
user, error_message = ldap.link_user("someuser")
self.assertIsNone(error_message)
self.assertIsNotNone(user)
self.assertEquals("someuser", user.username)
# Link again. Should return the same user record.
user_again, _ = ldap.link_user("someuser")
self.assertEquals(user_again.id, user.id)
# Confirm someuser.
result, _ = ldap.confirm_existing_user("someuser", "somepass")
self.assertIsNotNone(result)
self.assertEquals("someuser", result.username)
self.assertTrue(model.user.has_user_prompt(user, "confirm_username"))
