def test_that_verify_password_calls_with_bind_dn(self, find_by, xivo_ldap): extended_config = { 'confd': {}, 'confd_db_uri': 'postgresql:///', 'ldap': { 'bind_dn': 'uid=foo,dc=example,dc=com', 'bind_password': '******' }, } extended_config['ldap'].update(self.config['ldap']) backend = LDAPUser() backend.load({'config': extended_config}) xivo_ldap = xivo_ldap.return_value xivo_ldap.perform_bind.return_value = True xivo_ldap.perform_search.return_value = self.search_obj_result find_by.return_value.uuid = 'alice-uuid' args = {} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(True)) assert_that(args, equal_to({'pbx_user_uuid': 'alice-uuid'})) expected_call = [ call('uid=foo,dc=example,dc=com', 'S3cr$t'), call(self.expected_user_dn, 'bar'), ] xivo_ldap.perform_bind.assert_has_calls(expected_call)
def test_that_verify_password_calls_with_missing_bind_password_try_bind( self, wazo_ldap): self.ldap_service.get.return_value.update( {'bind_dn': 'uid=foo,dc=example,dc=com'}) backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.perform_bind.return_value = True wazo_ldap.perform_search.return_value = self.search_obj_result self.list_users.return_value = [{'uuid': 'alice-uuid'}] args = {'tenant_id': 'test'} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(True)) assert_that( args, equal_to({ 'tenant_id': 'test', 'pbx_user_uuid': 'alice-uuid', 'user_email': '*****@*****.**', 'real_login': '******', }), ) wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
class TestGetACLS(BaseTestCase): def setUp(self): super().setUp() self.args = { 'pbx_user_uuid': 'alice-uuid', 'user_email': '*****@*****.**', 'acl': ['acl0'], } self.backend = LDAPUser() self.backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) def test_get_acl(self): result = self.backend.get_acl('alice', self.args) assert_that(result, has_items('acl1', 'acl2')) def test_get_acl_when_acls_in_backend(self): self.args['acl'] = ['acl0'] result = self.backend.get_acl('alice', self.args) assert_that(result, has_items('acl0', 'acl1', 'acl2'))
class TestGetMetadata(BaseTestCase): def setUp(self): super().setUp() self.args = { 'pbx_user_uuid': 'alice-uuid', 'user_email': '*****@*****.**' } self.backend = LDAPUser() self.backend.load( { 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }, ) def test_that_get_metadata_calls_the_dao(self): expected_result = has_entries( auth_id='alice-uuid', pbx_user_uuid='alice-uuid', ) result = self.backend.get_metadata('alice', self.args) assert_that(result, expected_result) def test_that_get_metadata_raises_if_no_user(self): self.assertRaises(Exception, self.backend.get_metadata, 'alice', None)
def test_that_verify_password_return_false_when_serverdown(self, find_by, xivo_ldap): backend = LDAPUser() backend.load({'config': self.config}) xivo_ldap.side_effect = ldap.SERVER_DOWN args = {} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False))
def test_that_verify_password_calls_return_false_when_no_user_bind(self, find_by, xivo_ldap): backend = LDAPUser() backend.load({'config': self.config}) xivo_ldap = xivo_ldap.return_value xivo_ldap.perform_bind.return_value = False args = {} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False)) xivo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
def test_that_verify_password_calls_return_False_when_no_email_associated(self, find_by, xivo_ldap): backend = LDAPUser() backend.load({'config': self.config}) xivo_ldap = xivo_ldap.return_value xivo_ldap.perform_bind.return_value = True xivo_ldap.perform_search.return_value = self.search_obj_result find_by.return_value.uuid = None args = {} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False)) assert_that(args, equal_to({}))
def test_that_verify_password_calls_perform_bind(self, find_by, xivo_ldap): backend = LDAPUser() backend.load({'config': self.config}) xivo_ldap = xivo_ldap.return_value xivo_ldap.perform_bind.return_value = True xivo_ldap.perform_search.return_value = self.search_obj_result find_by.return_value.uuid = 'alice-uuid' args = {} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(True)) xivo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
def test_that_verify_password_escape_dn_chars(self, find_by, xivo_ldap): backend = LDAPUser() backend.load({'config': self.config}) xivo_ldap = xivo_ldap.return_value xivo_ldap.perform_bind.return_value = True xivo_ldap.perform_search.return_value = ('uid=fo\+o,dc=example,dc=com', Mock()) find_by.return_value.uuid = 'alice-uuid' args = {} result = backend.verify_password('fo+o', 'bar', args) assert_that(result, equal_to(True)) xivo_ldap.perform_bind.assert_called_once_with('uid=fo\+o,dc=example,dc=com', 'bar')
def test_that_verify_password_return_false_when_ldaperror(self, wazo_ldap): backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.connect.side_effect = ldap.LDAPError args = {'tenant_id': 'test'} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False))
def test_that_verify_password_calls_return_false_when_no_binding_with_anonymous(self, find_by, xivo_ldap): extended_config = { 'confd': {}, 'confd_db_uri': 'postgresql:///', 'ldap': { 'bind_anonymous': True } } extended_config['ldap'].update(self.config['ldap']) xivo_ldap = xivo_ldap.return_value backend = LDAPUser() backend.load({'config': extended_config}) xivo_ldap.perform_bind.return_value = False args = {} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False)) xivo_ldap.perform_bind.assert_called_once_with('', '')
def test_that_verify_password_calls_return_false_when_no_user_bind( self, wazo_ldap): backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.perform_bind.return_value = False args = {'tenant_id': 'test'} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False)) wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
class TestGetACLS(unittest.TestCase): def setUp(self): config = { 'confd': {}, 'confd_db_uri': 'postgresql:///', 'ldap': { 'uri': 'ldap://host:389', 'user_base_dn': 'dc=example,dc=com', 'user_login_attribute': 'uid', }, } self.args = {'pbx_user_uuid': 'alice-uuid'} self.backend = LDAPUser() self.backend.load({'config': config}) def test_get_acls(self, find_by): with patch.object(self.backend, 'render_acl') as render_acl: result = self.backend.get_acls('alice', self.args) assert_that(result, equal_to(render_acl.return_value))
def test_that_verify_password_works_using_domain_name(self, wazo_ldap): backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.perform_bind.return_value = True wazo_ldap.perform_search.return_value = self.search_obj_result self.list_users.return_value = [{'uuid': 'alice-uuid'}] args = {'domain_name': 'wazo.io'} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(True))
def test_that_verify_password_calls_return_False_when_no_email_associated( self, wazo_ldap): backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.perform_bind.return_value = True wazo_ldap.perform_search.return_value = self.search_obj_result self.list_users.return_value = [] args = {'tenant_id': 'test'} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(False)) assert_that(args, equal_to({'tenant_id': 'test'}))
def test_that_verify_password_calls_perform_bind(self, wazo_ldap): backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.perform_bind.return_value = True wazo_ldap.perform_search.return_value = self.search_obj_result self.list_users.return_value = [{'uuid': 'alice-uuid'}] args = {'tenant_id': 'test'} result = backend.verify_password('foo', 'bar', args) assert_that(result, equal_to(True)) wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
def test_that_verify_password_escape_filter_chars(self, find_by, xivo_ldap): extended_config = { 'confd_db_uri': 'postgresql:///', 'ldap': { 'bind_anonymous': True } } extended_config['ldap'].update(self.config['ldap']) backend = LDAPUser() backend.load({'config': self.config}) xivo_ldap = xivo_ldap.return_value xivo_ldap.perform_bind.return_value = True xivo_ldap.perform_search.return_value = ('uid=fo\+o,dc=example,dc=com', Mock()) find_by.return_value.uuid = 'alice-uuid' args = {} result = backend.verify_password('fo+o', 'bar', args) assert_that(result, equal_to(True)) xivo_ldap.perform_search.assert_called_once_with('uid=fo\+o,dc=example,dc=com', 0, attrlist=['mail'])
class TestGetMetadata(unittest.TestCase): def setUp(self): config = { 'confd': {}, 'confd_db_uri': 'postgresql:///', 'ldap': { 'uri': 'ldap://host:389', 'user_base_dn': 'dc=example,dc=com', 'user_login_attribute': 'uid', }, } self.args = {'xivo_user_uuid': 'alice-uuid'} self.backend = LDAPUser() self.backend.load({'config': config}) def test_that_get_metadata_calls_the_dao(self, find_by): expected_result = has_entries(auth_id='alice-uuid', xivo_user_uuid='alice-uuid') result = self.backend.get_metadata('alice', self.args) assert_that(result, expected_result) def test_that_get_metadata_raises_if_no_user(self, find_by): self.assertRaises(Exception, self.backend.get_metadata, 'alice', None)
def test_that_verify_password_escape_filter_chars(self, wazo_ldap): backend = LDAPUser() backend.load({ 'user_service': self.user_service, 'group_service': self.group_service, 'ldap_service': self.ldap_service, 'tenant_service': self.tenant_service, 'purposes': self.purposes, }) wazo_ldap = wazo_ldap.return_value wazo_ldap.perform_bind.return_value = True wazo_ldap.perform_search.return_value = ( 'uid=fo\\+o,dc=example,dc=com', Mock()) self.list_users.return_value = [{'uuid': 'alice-uuid'}] args = {'tenant_id': 'test'} result = backend.verify_password('fo+o', 'bar', args) assert_that(result, equal_to(True)) wazo_ldap.perform_search.assert_called_once_with( 'uid=fo\\+o,dc=example,dc=com', 0, attrlist=['mail'])