def test_login_server_error(self, logging_mock, connection_mock, connection_enter):
"""Test login when a server creation error occurs."""
connection_mock.return_value = None
self.assertEqual(dict(ok=False, email=''), auth.login(self.database))
connection_mock.assert_not_called()
connection_enter.assert_not_called()
self.assert_log(logging_mock, exceptions.LDAPServerPoolError, USERNAME)
def test_login_wrong_password(self, logging_mock, connection_mock, connection_enter):
"""Test login when search error of the login user occurs."""
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b'{SSHA}W841/abcdefghijklmnopqrstuvwxyz0'
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email=self.user_email), auth.login(self.database))
self.assert_ldap_connection_search_called()
self.assert_log(logging_mock, exceptions.LDAPInvalidCredentialsResult, self.user_dn, self.user_email)
def test_successful_login(self, connection_mock, connection_enter):
"""Test successful login."""
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b'{SSHA}W841/YybjO4TmqcNTqnBxFKd3SJggaPr'
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database))
self.assert_cookie_has_session_id()
self.assert_ldap_lookup_connection_created(connection_mock)
self.assert_ldap_connection_search_called()
def test_login_password_hash_error(self, logging_mock, connection_mock, connection_enter):
"""Test login fails when LDAP password hash is not salted SHA1."""
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b'{XSHA}whatever-here'
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email=self.user_email), auth.login(self.database))
self.assert_ldap_connection_search_called()
self.assertEqual('Only SSHA LDAP password digest supported!', logging_mock.call_args_list[0][0][0])
self.assert_log(logging_mock, exceptions.LDAPInvalidAttributeSyntaxResult, self.user_dn, self.user_email)
def test_login_search_error(self, logging_mock, connection_mock, connection_enter):
"""Test login when search error of the login user occurs."""
connection_mock.return_value = None
self.ldap_connection.search.side_effect = exceptions.LDAPResponseTimeoutError
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email=''), auth.login(self.database))
connection_mock.assert_called_once()
self.ldap_connection.bind.assert_called_once()
self.assert_log(logging_mock, exceptions.LDAPResponseTimeoutError, USERNAME)
def test_login_bind_error(self, logging_mock, connection_mock, connection_enter):
"""Test login when an error of binding dn reader occurs."""
connection_mock.return_value = None
self.ldap_connection.bind.return_value = False
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email=''), auth.login(self.database))
connection_mock.assert_called_once()
self.ldap_connection.bind.assert_called_once()
self.assert_log(logging_mock, exceptions.LDAPBindError, self.lookup_user_dn)
def test_successful_bind_login(self, connection_mock, connection_enter):
"""Test successful login if ldap server does not reveal password digest."""
connection_mock.return_value = None
self.ldap_entry.userPassword.value = None
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database))
self.assert_cookie_has_session_id()
self.assert_ldap_lookup_connection_created(connection_mock)
self.assert_ldap_bind_connection_created(connection_mock)
self.assert_ldap_connection_search_called()
def test_forwardauth_login_no_header(self, connection_mock,
connection_enter):
"""Test failed login if forwarded authentication is enabled but no header is present."""
connection_mock.return_value = None
with patch.dict(
"os.environ", {
"FORWARD_AUTH_ENABLED": "True",
"FORWARD_AUTH_HEADER": "X-Forwarded-User"
}):
with patch("bottle.request.get_header", Mock(return_value=None)):
self.assertEqual(self.login_nok, auth.login(self.database))
connection_mock.assert_not_called()
connection_enter.assert_not_called()
def test_successful_forwardauth_login(self, connection_mock,
connection_enter):
"""Test successful login from forwarded authentication header."""
connection_mock.return_value = None
with patch.dict(
"os.environ", {
"FORWARD_AUTH_ENABLED": "True",
"FORWARD_AUTH_HEADER": "X-Forwarded-User"
}):
with patch("bottle.request.get_header",
Mock(return_value=self.USER_EMAIL)):
self.assertEqual(self.login_ok, auth.login(self.database))
self.assert_cookie_has_session_id()
connection_mock.assert_not_called()
connection_enter.assert_not_called()
