def test_get_members(mocker, settings, group_dn, mock_data, expected):
mocker.patch('flask_multipass.providers.ldap.util.ReconnectLDAPObject')
mocker.patch(
'flask_multipass.providers.ldap.providers.build_group_search_filter',
side_effect=MagicMock(side_effect=mock_data['groups']))
mocker.patch(
'flask_multipass.providers.ldap.providers.build_user_search_filter',
side_effect=MagicMock(side_effect=mock_data['groups']))
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
idp._search_groups = MagicMock(
side_effect=lambda x: mock_data['subgroups'].get(x, []))
idp._search_users = MagicMock(
side_effect=lambda x: mock_data['users'].get(x, []))
group = LDAPGroup(idp, 'LDAP test group', group_dn)
with pytest.raises(StopIteration):
members = group.get_members()
while True:
member = next(members)
assert member.provider.name == idp.name
assert member.identifier == expected.pop(0)
def test_default_idp_settings(mocker, required_settings, expected_settings):
certifi = mocker.patch('flask_multipass.providers.ldap.providers.certifi')
certifi.where.return_value = '/default/ca-certs-file'
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp',
{'ldap': required_settings})
assert idp.ldap_settings == expected_settings
def test_has_member_bad_identifier(mocker, settings):
mocker.patch('flask_multipass.providers.ldap.util.ReconnectLDAPObject')
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
group = LDAPGroup(idp, 'LDAP test group', 'group_dn')
with pytest.raises(IdentityRetrievalFailed):
group.has_member(None)
def test_has_member_slapd(mocker, settings, group_dn, user_mock, expected):
mocker.patch('flask_multipass.providers.ldap.util.ReconnectLDAPObject')
mocker.patch('flask_multipass.providers.ldap.providers.get_user_by_id',
return_value=(user_mock['dn'], user_mock['data']))
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
group = LDAPGroup(idp, 'LDAP test group', group_dn)
assert group.has_member(user_mock['data']['uid'][0]) == expected
def test_get_members(mocker, settings, group_dn, mock_data, expected):
mocker.patch('flask_multipass.providers.ldap.util.ReconnectLDAPObject')
mocker.patch('flask_multipass.providers.ldap.providers.build_group_search_filter',
side_effect=MagicMock(side_effect=mock_data['groups']))
mocker.patch('flask_multipass.providers.ldap.providers.build_user_search_filter',
side_effect=MagicMock(side_effect=mock_data['groups']))
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
idp._search_groups = MagicMock(side_effect=lambda x: mock_data['subgroups'].get(x, []))
idp._search_users = MagicMock(side_effect=lambda x: mock_data['users'].get(x, []))
group = LDAPGroup(idp, 'LDAP test group', group_dn)
with pytest.raises(StopIteration):
members = group.get_members()
while True:
member = next(members)
assert member.provider.name == idp.name
assert member.identifier == expected.pop(0)
def test_has_member_unknown_user(mocker, settings):
mocker.patch('flask_multipass.providers.ldap.util.ReconnectLDAPObject')
mocker.patch('flask_multipass.providers.ldap.providers.get_user_by_id',
return_value=(None, {
'cn': ['Configuration']
}))
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
group = LDAPGroup(idp, 'LDAP test group', 'group_dn')
assert not group.has_member('unknown_user')
def test_iter_group(mocker, settings, group_dn, subgroups, expected):
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
group = LDAPGroup(idp, 'LDAP test group', group_dn)
visited_groups = []
iter_group = group._iter_group()
# should not throw StopIteration as the initial group dn must be returned first
current_dn = next(iter_group)
with pytest.raises(StopIteration):
while current_dn:
visited_groups.append(current_dn)
current_dn = iter_group.send(subgroups.get(current_dn, []))
assert len(visited_groups) == len(expected)
assert set(visited_groups) == expected
def test_has_member_ad(mocker, settings, group_mock, user_mock, expected):
def get_token_groups(user_dn):
if user_mock['dn'] != user_dn:
pytest.fail('expected {0}, got {1}'.format(user_mock['dn'],
user_dn))
return user_mock['token_groups']
mocker.patch('flask_multipass.providers.ldap.util.ReconnectLDAPObject')
mocker.patch('flask_multipass.providers.ldap.providers.get_user_by_id',
return_value=(user_mock['dn'], user_mock['data']))
mocker.patch('flask_multipass.providers.ldap.providers.get_group_by_id',
return_value=(group_mock['dn'], group_mock['data']))
mocker.patch(
'flask_multipass.providers.ldap.providers.get_token_groups_from_user_dn',
side_effect=get_token_groups)
app = Flask('test')
multipass = Multipass(app)
with app.app_context():
idp = LDAPIdentityProvider(multipass, 'LDAP test idp', settings)
group = LDAPGroup(idp, 'LDAP test group', group_mock['dn'])
assert group.has_member(user_mock['data']['uid'][0]) == expected