def test_login_empty_userdn(self):
with mock_ldap():
base_dn = ['ou=employees', 'dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'password'
user_rdn = []
uid_attr = 'uid'
email_attr = 'mail'
secondary_user_rdns = ['ou=otheremployees']
ldap = LDAPUsers('ldap://localhost',
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns)
# Verify we can login.
(response, _) = ldap.verify_and_link_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser')
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user('someuser', 'somepass')
self.assertEquals(response.username, 'someuser')
def test_login_empty_userdn(self):
with mock_ldap():
base_dn = ["ou=employees", "dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "password"
user_rdn = []
uid_attr = "uid"
email_attr = "mail"
secondary_user_rdns = ["ou=otheremployees"]
ldap = LDAPUsers(
"ldap://localhost",
base_dn,
admin_dn,
admin_passwd,
user_rdn,
uid_attr,
email_attr,
secondary_user_rdns=secondary_user_rdns,
)
# Verify we can login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
def test_referral(self):
with mock_ldap() as ldap:
(response, _) = ldap.verify_and_link_user("referred", "somepass")
self.assertEquals(response.username, "cool_user")
# Verify we can confirm the user's quay username.
(response, _) = ldap.confirm_existing_user("cool_user", "somepass")
self.assertEquals(response.username, "cool_user")
def test_login_secondary(self):
with mock_ldap() as ldap:
# Verify we can login.
(response, _) = ldap.verify_and_link_user("secondaryuser", "somepass")
self.assertEquals(response.username, "secondaryuser")
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("secondaryuser", "somepass")
self.assertEquals(response.username, "secondaryuser")
def test_login(self):
with mock_ldap() as ldap:
# Verify we can login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
self.assertTrue(model.user.has_user_prompt(response, "confirm_username"))
# Verify we can confirm the user.
(response, _) = ldap.confirm_existing_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
def test_invalid_password(self):
with mock_ldap() as ldap:
# Verify we cannot login with an invalid password.
(response, err_msg) = ldap.verify_and_link_user("someuser", "invalidpass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid password")
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user("someuser", "invalidpass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid user")
def test_login_empty_password(self):
with mock_ldap() as ldap:
# Verify we cannot login.
(response, err_msg) = ldap.verify_and_link_user("someuser", "")
self.assertIsNone(response)
self.assertEquals(err_msg, "Anonymous binding not allowed")
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user("someuser", "")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid user")
def test_invalid_wildcard(self):
with mock_ldap() as ldap:
# Verify we cannot login with a wildcard.
(response, err_msg) = ldap.verify_and_link_user("some*", "somepass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Username not found")
# Verify we cannot confirm the user.
(response, err_msg) = ldap.confirm_existing_user("some*", "somepass")
self.assertIsNone(response)
self.assertEquals(err_msg, "Invalid user")
def test_login_whitespace_password(self):
with mock_ldap() as ldap:
# Verify we cannot login.
(response, err_msg) = ldap.verify_and_link_user('someuser', ' ')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid password')
# Verify we cannot confirm the user.
(response,
err_msg) = ldap.confirm_existing_user('someuser', ' ')
self.assertIsNone(response)
self.assertEquals(err_msg, 'Invalid user')
def test_confirm_different_username(self):
with mock_ldap() as ldap:
# Verify that the user is logged in and their username was adjusted.
(response, _) = ldap.verify_and_link_user("cool.user", "somepass")
self.assertEquals(response.username, "cool_user")
# Verify we can confirm the user's quay username.
(response, _) = ldap.confirm_existing_user("cool_user", "somepass")
self.assertEquals(response.username, "cool_user")
# Verify that we *cannot* confirm the LDAP username.
(response, _) = ldap.confirm_existing_user("cool.user", "somepass")
self.assertIsNone(response)
def test_ldap_user_filtering_valid_users(self):
valid_user_filter = "(filterField=somevalue)"
with mock_ldap(user_filter=valid_user_filter) as ldap:
# Verify we can login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
self.assertEquals(response.username, "someuser")
(it, err) = ldap.iterate_group_members(
{"group_dn": "cn=AwesomeFolk"}, disable_pagination=True
)
self.assertIsNone(err)
results = list(it)
self.assertEquals(2, len(results))
def test_ldap_user_filtering_no_users(self):
no_user_filter = "(filterField=anothervalue)"
with mock_ldap(user_filter=no_user_filter) as ldap:
# Verify we cannot login.
(response, _) = ldap.verify_and_link_user("someuser", "somepass")
assert response is None
(it, err) = ldap.iterate_group_members(
{"group_dn": "cn=AwesomeFolk"}, disable_pagination=True
)
self.assertIsNone(err)
results = list(it)
self.assertEquals(0, len(results))
def test_invalid_admin_password(self):
base_dn = ['dc=quay', 'dc=io']
admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
admin_passwd = 'INVALIDPASSWORD'
user_rdn = ['ou=employees']
uid_attr = 'uid'
email_attr = 'mail'
with mock_ldap():
ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
admin_passwd, user_rdn, uid_attr, email_attr)
# Try to login.
(response,
err_msg) = ldap.verify_and_link_user('someuser', 'somepass')
self.assertIsNone(response)
self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
def test_invalid_admin_password(self):
base_dn = ["dc=quay", "dc=io"]
admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
admin_passwd = "INVALIDPASSWORD"
user_rdn = ["ou=employees"]
uid_attr = "uid"
email_attr = "mail"
with mock_ldap():
ldap = LDAPUsers(
"ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr
)
# Try to login.
(response, err_msg) = ldap.verify_and_link_user("someuser", "somepass")
self.assertIsNone(response)
self.assertEquals("LDAP Admin dn or password is invalid", err_msg)
def test_multientry(self):
with mock_ldap() as ldap:
(response, _) = ldap.verify_and_link_user('multientry', 'somepass')
self.assertEquals(response.username, 'multientry')
def test_multientry(self):
with mock_ldap() as ldap:
(response, _) = ldap.verify_and_link_user("multientry", "somepass")
self.assertEquals(response.username, "multientry")
def test_invalid_referral(self):
with mock_ldap() as ldap:
(response, _) = ldap.verify_and_link_user("invalidreferred", "somepass")
self.assertIsNone(response)
