예제 #1
0
    def test_that_verify_password_calls_with_bind_dn(self, find_by, xivo_ldap):
        extended_config = {
            'confd': {},
            'confd_db_uri': 'postgresql:///',
            'ldap': {
                'bind_dn': 'uid=foo,dc=example,dc=com',
                'bind_password': '******'
            },
        }
        extended_config['ldap'].update(self.config['ldap'])
        backend = LDAPUser()
        backend.load({'config': extended_config})
        xivo_ldap = xivo_ldap.return_value
        xivo_ldap.perform_bind.return_value = True
        xivo_ldap.perform_search.return_value = self.search_obj_result
        find_by.return_value.uuid = 'alice-uuid'
        args = {}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(True))
        assert_that(args, equal_to({'pbx_user_uuid': 'alice-uuid'}))
        expected_call = [
            call('uid=foo,dc=example,dc=com', 'S3cr$t'),
            call(self.expected_user_dn, 'bar'),
        ]
        xivo_ldap.perform_bind.assert_has_calls(expected_call)
예제 #2
0
    def test_that_verify_password_calls_with_missing_bind_password_try_bind(
            self, wazo_ldap):
        self.ldap_service.get.return_value.update(
            {'bind_dn': 'uid=foo,dc=example,dc=com'})
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })
        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.perform_bind.return_value = True
        wazo_ldap.perform_search.return_value = self.search_obj_result
        self.list_users.return_value = [{'uuid': 'alice-uuid'}]
        args = {'tenant_id': 'test'}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(True))
        assert_that(
            args,
            equal_to({
                'tenant_id': 'test',
                'pbx_user_uuid': 'alice-uuid',
                'user_email': '*****@*****.**',
                'real_login': '******',
            }),
        )
        wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn,
                                                       'bar')
예제 #3
0
class TestGetACLS(BaseTestCase):
    def setUp(self):
        super().setUp()
        self.args = {
            'pbx_user_uuid': 'alice-uuid',
            'user_email': '*****@*****.**',
            'acl': ['acl0'],
        }
        self.backend = LDAPUser()
        self.backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })

    def test_get_acl(self):
        result = self.backend.get_acl('alice', self.args)
        assert_that(result, has_items('acl1', 'acl2'))

    def test_get_acl_when_acls_in_backend(self):
        self.args['acl'] = ['acl0']
        result = self.backend.get_acl('alice', self.args)
        assert_that(result, has_items('acl0', 'acl1', 'acl2'))
예제 #4
0
class TestGetMetadata(BaseTestCase):
    def setUp(self):
        super().setUp()
        self.args = {
            'pbx_user_uuid': 'alice-uuid',
            'user_email': '*****@*****.**'
        }
        self.backend = LDAPUser()
        self.backend.load(
            {
                'user_service': self.user_service,
                'group_service': self.group_service,
                'ldap_service': self.ldap_service,
                'tenant_service': self.tenant_service,
                'purposes': self.purposes,
            }, )

    def test_that_get_metadata_calls_the_dao(self):
        expected_result = has_entries(
            auth_id='alice-uuid',
            pbx_user_uuid='alice-uuid',
        )
        result = self.backend.get_metadata('alice', self.args)
        assert_that(result, expected_result)

    def test_that_get_metadata_raises_if_no_user(self):
        self.assertRaises(Exception, self.backend.get_metadata, 'alice', None)
예제 #5
0
    def test_that_verify_password_return_false_when_serverdown(self, find_by, xivo_ldap):
        backend = LDAPUser()
        backend.load({'config': self.config})
        xivo_ldap.side_effect = ldap.SERVER_DOWN
        args = {}

        result = backend.verify_password('foo', 'bar', args)
        assert_that(result, equal_to(False))
예제 #6
0
    def test_that_verify_password_calls_return_false_when_no_user_bind(self, find_by, xivo_ldap):
        backend = LDAPUser()
        backend.load({'config': self.config})
        xivo_ldap = xivo_ldap.return_value
        xivo_ldap.perform_bind.return_value = False
        args = {}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(False))
        xivo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
예제 #7
0
    def test_that_verify_password_calls_return_False_when_no_email_associated(self, find_by, xivo_ldap):
        backend = LDAPUser()
        backend.load({'config': self.config})
        xivo_ldap = xivo_ldap.return_value
        xivo_ldap.perform_bind.return_value = True
        xivo_ldap.perform_search.return_value = self.search_obj_result
        find_by.return_value.uuid = None
        args = {}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(False))
        assert_that(args, equal_to({}))
예제 #8
0
    def test_that_verify_password_calls_perform_bind(self, find_by, xivo_ldap):
        backend = LDAPUser()
        backend.load({'config': self.config})

        xivo_ldap = xivo_ldap.return_value
        xivo_ldap.perform_bind.return_value = True
        xivo_ldap.perform_search.return_value = self.search_obj_result
        find_by.return_value.uuid = 'alice-uuid'
        args = {}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(True))
        xivo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn, 'bar')
예제 #9
0
    def test_that_verify_password_escape_dn_chars(self, find_by, xivo_ldap):
        backend = LDAPUser()
        backend.load({'config': self.config})

        xivo_ldap = xivo_ldap.return_value
        xivo_ldap.perform_bind.return_value = True
        xivo_ldap.perform_search.return_value = ('uid=fo\+o,dc=example,dc=com', Mock())
        find_by.return_value.uuid = 'alice-uuid'
        args = {}

        result = backend.verify_password('fo+o', 'bar', args)

        assert_that(result, equal_to(True))
        xivo_ldap.perform_bind.assert_called_once_with('uid=fo\+o,dc=example,dc=com', 'bar')
예제 #10
0
    def test_that_verify_password_return_false_when_ldaperror(self, wazo_ldap):
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })
        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.connect.side_effect = ldap.LDAPError
        args = {'tenant_id': 'test'}

        result = backend.verify_password('foo', 'bar', args)
        assert_that(result, equal_to(False))
예제 #11
0
    def test_that_verify_password_calls_return_false_when_no_binding_with_anonymous(self, find_by, xivo_ldap):
        extended_config = {
            'confd': {},
            'confd_db_uri': 'postgresql:///',
            'ldap': {
                'bind_anonymous': True
            }
        }
        extended_config['ldap'].update(self.config['ldap'])
        xivo_ldap = xivo_ldap.return_value
        backend = LDAPUser()
        backend.load({'config': extended_config})
        xivo_ldap.perform_bind.return_value = False
        args = {}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(False))
        xivo_ldap.perform_bind.assert_called_once_with('', '')
예제 #12
0
    def test_that_verify_password_calls_return_false_when_no_user_bind(
            self, wazo_ldap):
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })
        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.perform_bind.return_value = False
        args = {'tenant_id': 'test'}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(False))
        wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn,
                                                       'bar')
예제 #13
0
class TestGetACLS(unittest.TestCase):
    def setUp(self):
        config = {
            'confd': {},
            'confd_db_uri': 'postgresql:///',
            'ldap': {
                'uri': 'ldap://host:389',
                'user_base_dn': 'dc=example,dc=com',
                'user_login_attribute': 'uid',
            },
        }
        self.args = {'pbx_user_uuid': 'alice-uuid'}
        self.backend = LDAPUser()
        self.backend.load({'config': config})

    def test_get_acls(self, find_by):
        with patch.object(self.backend, 'render_acl') as render_acl:
            result = self.backend.get_acls('alice', self.args)
            assert_that(result, equal_to(render_acl.return_value))
예제 #14
0
    def test_that_verify_password_works_using_domain_name(self, wazo_ldap):
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })

        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.perform_bind.return_value = True
        wazo_ldap.perform_search.return_value = self.search_obj_result
        self.list_users.return_value = [{'uuid': 'alice-uuid'}]
        args = {'domain_name': 'wazo.io'}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(True))
예제 #15
0
    def test_that_verify_password_calls_return_False_when_no_email_associated(
            self, wazo_ldap):
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })
        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.perform_bind.return_value = True
        wazo_ldap.perform_search.return_value = self.search_obj_result
        self.list_users.return_value = []
        args = {'tenant_id': 'test'}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(False))
        assert_that(args, equal_to({'tenant_id': 'test'}))
예제 #16
0
    def test_that_verify_password_calls_perform_bind(self, wazo_ldap):
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })

        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.perform_bind.return_value = True
        wazo_ldap.perform_search.return_value = self.search_obj_result
        self.list_users.return_value = [{'uuid': 'alice-uuid'}]
        args = {'tenant_id': 'test'}

        result = backend.verify_password('foo', 'bar', args)

        assert_that(result, equal_to(True))
        wazo_ldap.perform_bind.assert_called_once_with(self.expected_user_dn,
                                                       'bar')
예제 #17
0
    def test_that_verify_password_escape_filter_chars(self, find_by, xivo_ldap):
        extended_config = {
            'confd_db_uri': 'postgresql:///',
            'ldap': {
                'bind_anonymous': True
            }
        }
        extended_config['ldap'].update(self.config['ldap'])
        backend = LDAPUser()
        backend.load({'config': self.config})

        xivo_ldap = xivo_ldap.return_value
        xivo_ldap.perform_bind.return_value = True
        xivo_ldap.perform_search.return_value = ('uid=fo\+o,dc=example,dc=com', Mock())
        find_by.return_value.uuid = 'alice-uuid'
        args = {}

        result = backend.verify_password('fo+o', 'bar', args)

        assert_that(result, equal_to(True))
        xivo_ldap.perform_search.assert_called_once_with('uid=fo\+o,dc=example,dc=com', 0, attrlist=['mail'])
예제 #18
0
class TestGetMetadata(unittest.TestCase):
    def setUp(self):
        config = {
            'confd': {},
            'confd_db_uri': 'postgresql:///',
            'ldap': {
                'uri': 'ldap://host:389',
                'user_base_dn': 'dc=example,dc=com',
                'user_login_attribute': 'uid',
            },
        }
        self.args = {'xivo_user_uuid': 'alice-uuid'}
        self.backend = LDAPUser()
        self.backend.load({'config': config})

    def test_that_get_metadata_calls_the_dao(self, find_by):
        expected_result = has_entries(auth_id='alice-uuid', xivo_user_uuid='alice-uuid')
        result = self.backend.get_metadata('alice', self.args)
        assert_that(result, expected_result)

    def test_that_get_metadata_raises_if_no_user(self, find_by):
        self.assertRaises(Exception, self.backend.get_metadata, 'alice', None)
예제 #19
0
    def test_that_verify_password_escape_filter_chars(self, wazo_ldap):
        backend = LDAPUser()
        backend.load({
            'user_service': self.user_service,
            'group_service': self.group_service,
            'ldap_service': self.ldap_service,
            'tenant_service': self.tenant_service,
            'purposes': self.purposes,
        })

        wazo_ldap = wazo_ldap.return_value
        wazo_ldap.perform_bind.return_value = True
        wazo_ldap.perform_search.return_value = (
            'uid=fo\\+o,dc=example,dc=com', Mock())
        self.list_users.return_value = [{'uuid': 'alice-uuid'}]
        args = {'tenant_id': 'test'}

        result = backend.verify_password('fo+o', 'bar', args)

        assert_that(result, equal_to(True))
        wazo_ldap.perform_search.assert_called_once_with(
            'uid=fo\\+o,dc=example,dc=com', 0, attrlist=['mail'])