def test_login_server_error(self, logging_mock, connection_mock, connection_enter): """Test login when a server creation error occurs.""" connection_mock.return_value = None self.assertEqual(dict(ok=False, email=''), auth.login(self.database)) connection_mock.assert_not_called() connection_enter.assert_not_called() self.assert_log(logging_mock, exceptions.LDAPServerPoolError, USERNAME)
def test_login_wrong_password(self, logging_mock, connection_mock, connection_enter): """Test login when search error of the login user occurs.""" connection_mock.return_value = None self.ldap_entry.userPassword.value = b'{SSHA}W841/abcdefghijklmnopqrstuvwxyz0' connection_enter.return_value = self.ldap_connection self.assertEqual(dict(ok=False, email=self.user_email), auth.login(self.database)) self.assert_ldap_connection_search_called() self.assert_log(logging_mock, exceptions.LDAPInvalidCredentialsResult, self.user_dn, self.user_email)
def test_successful_login(self, connection_mock, connection_enter): """Test successful login.""" connection_mock.return_value = None self.ldap_entry.userPassword.value = b'{SSHA}W841/YybjO4TmqcNTqnBxFKd3SJggaPr' connection_enter.return_value = self.ldap_connection self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database)) self.assert_cookie_has_session_id() self.assert_ldap_lookup_connection_created(connection_mock) self.assert_ldap_connection_search_called()
def test_login_password_hash_error(self, logging_mock, connection_mock, connection_enter): """Test login fails when LDAP password hash is not salted SHA1.""" connection_mock.return_value = None self.ldap_entry.userPassword.value = b'{XSHA}whatever-here' connection_enter.return_value = self.ldap_connection self.assertEqual(dict(ok=False, email=self.user_email), auth.login(self.database)) self.assert_ldap_connection_search_called() self.assertEqual('Only SSHA LDAP password digest supported!', logging_mock.call_args_list[0][0][0]) self.assert_log(logging_mock, exceptions.LDAPInvalidAttributeSyntaxResult, self.user_dn, self.user_email)
def test_login_search_error(self, logging_mock, connection_mock, connection_enter): """Test login when search error of the login user occurs.""" connection_mock.return_value = None self.ldap_connection.search.side_effect = exceptions.LDAPResponseTimeoutError connection_enter.return_value = self.ldap_connection self.assertEqual(dict(ok=False, email=''), auth.login(self.database)) connection_mock.assert_called_once() self.ldap_connection.bind.assert_called_once() self.assert_log(logging_mock, exceptions.LDAPResponseTimeoutError, USERNAME)
def test_login_bind_error(self, logging_mock, connection_mock, connection_enter): """Test login when an error of binding dn reader occurs.""" connection_mock.return_value = None self.ldap_connection.bind.return_value = False connection_enter.return_value = self.ldap_connection self.assertEqual(dict(ok=False, email=''), auth.login(self.database)) connection_mock.assert_called_once() self.ldap_connection.bind.assert_called_once() self.assert_log(logging_mock, exceptions.LDAPBindError, self.lookup_user_dn)
def test_successful_bind_login(self, connection_mock, connection_enter): """Test successful login if ldap server does not reveal password digest.""" connection_mock.return_value = None self.ldap_entry.userPassword.value = None connection_enter.return_value = self.ldap_connection self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database)) self.assert_cookie_has_session_id() self.assert_ldap_lookup_connection_created(connection_mock) self.assert_ldap_bind_connection_created(connection_mock) self.assert_ldap_connection_search_called()
def test_forwardauth_login_no_header(self, connection_mock, connection_enter): """Test failed login if forwarded authentication is enabled but no header is present.""" connection_mock.return_value = None with patch.dict( "os.environ", { "FORWARD_AUTH_ENABLED": "True", "FORWARD_AUTH_HEADER": "X-Forwarded-User" }): with patch("bottle.request.get_header", Mock(return_value=None)): self.assertEqual(self.login_nok, auth.login(self.database)) connection_mock.assert_not_called() connection_enter.assert_not_called()
def test_successful_forwardauth_login(self, connection_mock, connection_enter): """Test successful login from forwarded authentication header.""" connection_mock.return_value = None with patch.dict( "os.environ", { "FORWARD_AUTH_ENABLED": "True", "FORWARD_AUTH_HEADER": "X-Forwarded-User" }): with patch("bottle.request.get_header", Mock(return_value=self.USER_EMAIL)): self.assertEqual(self.login_ok, auth.login(self.database)) self.assert_cookie_has_session_id() connection_mock.assert_not_called() connection_enter.assert_not_called()