class UserManagerLdapNoPasswordChangeTest(unittest.TestCase):
basedn = ('dc=nodomain', {
'dc': ['nodomain'],
'o': ['nodomain']})
people = ('ou=People,dc=nodomain', {
'ou': ['People'],
'objectClass': ['organizationalUnit']})
# This is the content of our mock LDAP directory. It takes the form
# {dn: {attr: [value, ...], ...}, ...}.
directory = dict([
basedn,
people,
_ldap_user('annik'),
_ldap_user('bob'),
_ldap_user('john'),
])
@classmethod
def setUpClass(cls):
# We only need to create the MockLdap instance once. The content we
# pass in will be used for all LDAP connections.
cls.mockldap = MockLdap(cls.directory)
@classmethod
def tearDownClass(cls):
del cls.mockldap
def setUp(self):
# Mock LDAP
self.mockldap.start()
self.ldapobj = self.mockldap['ldap://localhost/']
# Mock Application
self.app = MockRdiffwebApp(enabled_plugins=['Ldap'], default_config={'LdapAllowPasswordChange': 'false'})
self.app.reset()
# Get reference to LdapStore
self.ldapstore = self.app.userdb._password_stores[0]
def tearDown(self):
# Stop patching ldap.initialize and reset state.
self.mockldap.stop()
del self.ldapobj
def test_set_password_update(self):
with self.assertRaises(RdiffError):
self.ldapstore.set_password('annik', 'new_password')
def test_set_password_with_old_password(self):
with self.assertRaises(RdiffError):
self.ldapstore.set_password('john', 'new_password', old_password='******')
def test_set_password_with_invalid_old_password(self):
with self.assertRaises(RdiffError):
self.ldapstore.set_password('foo', 'new_password', old_password='******')
def test_set_password_update_not_exists(self):
"""Expect error when trying to update password of invalid user."""
with self.assertRaises(RdiffError):
self.assertFalse(self.ldapstore.set_password('bar', 'new_password'))
def setUp(self):
# Mock LDAP
self.mockldap.start()
self.ldapobj = self.mockldap['ldap://localhost/']
# Mock Application
self.app = MockRdiffwebApp(enabled_plugins=['Ldap'], default_config={'LdapAllowPasswordChange': 'true'})
self.app.reset()
# Get reference to LdapStore
self.ldapstore = self.app.userdb._password_stores[0]
def setUp(self):
# Mock LDAP
self.mockldap.start()
self.ldapobj = self.mockldap["ldap://localhost/"]
# Mock Application
self.app = MockRdiffwebApp(
enabled_plugins=["Ldap", "SQLite"], default_config={"LdapAllowPasswordChange": "true"}
)
self.app.reset()
# Get reference to LdapStore
self.ldapstore = self.app.userdb._password_stores[0]
def setUp(self):
# Mock Application
self.app = MockRdiffwebApp(enabled_plugins=['SQLite'])
self.app.reset()
# Get reference to SQLite database
self.db = self.app.userdb._databases[0]
class SQLiteUserDBTest(unittest.TestCase):
"""Unit tests for the sqliteUserDBTeste class"""
def setUp(self):
# Mock Application
self.app = MockRdiffwebApp(enabled_plugins=['SQLite'])
self.app.reset()
# Get reference to SQLite database
self.db = self.app.userdb._databases[0]
def test_add_user(self):
"""Add user to database."""
self.db.add_user('joe')
self.assertTrue(self.db.exists('joe'))
def test_are_valid_credentials(self):
self.db.add_user('mike')
self.db.set_password('mike', 'password')
self.assertEquals('mike', self.db.are_valid_credentials('mike', 'password'))
def test_are_valid_credentials_with_invalid_password(self):
self.db.add_user('jeff')
self.assertFalse(self.db.are_valid_credentials('jeff', 'invalid'))
# password is case sensitive
self.assertFalse(self.db.are_valid_credentials('jeff', 'Password'))
# Match entire password
self.assertFalse(self.db.are_valid_credentials('jeff', 'pass'))
self.assertFalse(self.db.are_valid_credentials('jeff', ''))
def test_are_valid_credentials_with_invalid_user(self):
self.assertIsNone(self.db.are_valid_credentials('josh', 'password'))
def test_delete_user(self):
# Create user
self.db.add_user('vicky')
self.assertTrue(self.db.exists('vicky'))
# Delete user
self.assertTrue(self.db.delete_user('vicky'))
self.assertFalse(self.db.exists('vicky'))
def test_delete_user_with_invalid_user(self):
self.assertFalse(self.db.delete_user('eve'))
def test_exists(self):
self.db.add_user('bob')
self.assertTrue(self.db.exists('bob'))
def test_exists_with_invalid_user(self):
self.assertFalse(self.db.exists('invalid'))
def test_get_set(self):
user = '******'
self.db.add_user(user)
email = self.db.get_email(user)
repos = self.db.get_repos(user)
user_root = self.db.get_user_root(user)
is_admin = self.db.is_admin(user)
self.assertEqual('', email)
self.assertEqual([], repos)
self.assertEqual('', user_root)
self.assertEqual(False, is_admin)
self.db.set_user_root(user, '/backups/')
self.db.set_is_admin(user, True)
self.db.set_email(user, '*****@*****.**')
self.db.set_repos(user, ['/backups/computer/', '/backups/laptop/'])
email = self.db.get_email(user)
repos = self.db.get_repos(user)
user_root = self.db.get_user_root(user)
self.assertEqual('*****@*****.**', email)
self.assertEqual(['/backups/computer/', '/backups/laptop/'], repos)
self.assertEqual('/backups/', user_root)
def test_get_invalid_user(self):
with self.assertRaises(InvalidUserError):
self.db.get_email('invalid')
with self.assertRaises(InvalidUserError):
self.db.get_repos('invalid')
with self.assertRaises(InvalidUserError):
self.db.get_user_root('invalid')
def test_has_password(self):
self.db.add_user('carol')
self.assertFalse(self.db.has_password('carol'))
self.db.set_password('carol', 'password')
self.assertTrue(self.db.has_password('carol'))
def test_list(self):
self.assertEqual(['admin'], self.app.userdb.list())
self.app.userdb.add_user('annik')
self.assertEqual(['admin', 'annik'], self.app.userdb.list())
def test_set_invalid_user(self):
with self.assertRaises(InvalidUserError):
self.db.set_user_root('invalid', '/backups/')
with self.assertRaises(InvalidUserError):
self.db.set_is_admin('invalid', True)
with self.assertRaises(InvalidUserError):
self.db.set_email('invalid', '*****@*****.**')
with self.assertRaises(InvalidUserError):
self.db.set_repos('invalid', ['/backups/computer/', '/backups/laptop/'])
def test_set_password_update(self):
self.db.add_user('annik')
self.assertFalse(self.db.set_password('annik', 'new_password'))
# Check new credentials
self.assertEqual('annik', self.db.are_valid_credentials('annik', 'new_password'))
def test_set_password_with_old_password(self):
self.db.add_user('john')
self.db.set_password('john', 'password')
self.db.set_password('john', 'new_password', old_password='******')
# Check new credentials
self.assertEqual('john', self.db.are_valid_credentials('john', 'new_password'))
def test_set_password_with_invalid_old_password(self):
self.db.add_user('foo')
with self.assertRaises(ValueError):
self.db.set_password('foo', 'new_password', old_password='******')
def test_set_password_update_not_exists(self):
"""Expect error when trying to update password of invalid user."""
with self.assertRaises(InvalidUserError):
self.assertFalse(self.db.set_password('bar', 'new_password'))
def test_set_repos_empty(self):
self.db.add_user('kim')
self.db.set_repos("kim", [])
self.assertEquals([], self.db.get_repos('kim'))
class UserManagerLdapTest(unittest.TestCase):
basedn = (b'dc=nodomain', {
b'dc': [b'nodomain'],
b'o': [b'nodomain']})
people = (b'ou=People,dc=nodomain', {
b'ou': [b'People'],
b'objectClass': [b'organizationalUnit']})
# This is the content of our mock LDAP directory. It takes the form
# {dn: {attr: [value, ...], ...}, ...}.
directory = dict([
basedn,
people,
_ldap_user('admin'),
_ldap_user('annik'),
_ldap_user('bob'),
_ldap_user('foo'),
_ldap_user('jeff'),
_ldap_user('john'),
_ldap_user('larry'),
_ldap_user('mike'),
_ldap_user('vicky'),
])
@classmethod
def setUpClass(cls):
# We only need to create the MockLdap instance once. The content we
# pass in will be used for all LDAP connections.
cls.mockldap = MockLdap(cls.directory)
@classmethod
def tearDownClass(cls):
del cls.mockldap
def setUp(self):
# Mock LDAP
self.mockldap.start()
self.ldapobj = self.mockldap['ldap://localhost/']
# Mock Application
self.app = MockRdiffwebApp(enabled_plugins=['Ldap'], default_config={'LdapAllowPasswordChange': 'true'})
self.app.reset()
# Get reference to LdapStore
self.ldapstore = self.app.userdb._password_stores[0]
def tearDown(self):
# Stop patching ldap.initialize and reset state.
self.mockldap.stop()
del self.ldapobj
def test_are_valid_credentials(self):
self.assertEquals('mike', self.ldapstore.are_valid_credentials('mike', 'password'))
def test_are_valid_credentials_with_invalid_password(self):
self.assertFalse(self.ldapstore.are_valid_credentials('jeff', 'invalid'))
# password is case sensitive
self.assertFalse(self.ldapstore.are_valid_credentials('jeff', 'Password'))
# Match entire password
self.assertFalse(self.ldapstore.are_valid_credentials('jeff', 'pass'))
self.assertFalse(self.ldapstore.are_valid_credentials('jeff', ''))
def test_are_valid_credentials_with_invalid_user(self):
self.assertIsNone(self.ldapstore.are_valid_credentials('josh', 'password'))
def test_delete_user(self):
# Delete_user is not supported by LdapPlugin.
self.assertFalse(self.ldapstore.delete_user('vicky'))
def test_delete_user_with_invalid_user(self):
self.assertFalse(self.ldapstore.delete_user('eve'))
def test_get_user_attr(self):
self.assertEquals(['bob'], self.ldapstore.get_user_attr('bob', 'uid'))
self.assertEquals(['bob'], self.ldapstore.get_user_attr('bob', 'cn'))
self.assertEquals(['person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount'],
self.ldapstore.get_user_attr('bob', 'objectClass'))
self.assertEquals({u'uid': ['bob'], u'cn': ['bob']},
self.ldapstore.get_user_attr('bob', ['uid', 'cn']))
def test_has_password(self):
self.assertTrue(self.ldapstore.has_password('bob'))
def test_has_password_with_invalid_user(self):
self.assertFalse(self.ldapstore.has_password('invalid'))
def test_set_password_not_found(self):
with self.assertRaises(ValueError):
self.assertTrue(self.ldapstore.set_password('joe', 'password'))
def test_set_password_update(self):
self.assertFalse(self.ldapstore.set_password('annik', 'new_password'))
def test_set_password_with_old_password(self):
self.assertFalse(self.ldapstore.set_password('john', 'new_password', old_password='******'))
def test_set_password_with_invalid_old_password(self):
with self.assertRaises(ValueError):
self.ldapstore.set_password('foo', 'new_password', old_password='******')
def test_set_password_update_not_exists(self):
"""Expect error when trying to update password of invalid user."""
with self.assertRaises(ValueError):
self.assertFalse(self.ldapstore.set_password('bar', 'new_password'))
def setUp(self):
self.app = MockRdiffwebApp(enabled_plugins=["SQLite"])
self.app.reset()
class UserManagerSQLiteTest(unittest.TestCase):
def setUp(self):
self.app = MockRdiffwebApp(enabled_plugins=["SQLite"])
self.app.reset()
def test_add_user(self):
"""Add user to database."""
self.app.userdb.add_user("joe")
self.assertTrue(self.app.userdb.exists("joe"))
def test_add_user_with_duplicate(self):
"""Add user to database."""
self.app.userdb.add_user("denise")
with self.assertRaises(ValueError):
self.app.userdb.add_user("denise")
def test_add_user_with_password(self):
"""Add user to database with password."""
self.app.userdb.add_user("jo", "password")
self.assertTrue(self.app.userdb.exists("jo"))
self.assertTrue(self.app.userdb.login("jo", "password"))
def test_delete_user(self):
# Create user
self.app.userdb.add_user("vicky", "password")
self.assertTrue(self.app.userdb.exists("vicky"))
# Delete user
self.assertTrue(self.app.userdb.delete_user("vicky"))
self.assertFalse(self.app.userdb.exists("vicky"))
def test_delete_user_with_invalid_user(self):
self.assertFalse(self.app.userdb.delete_user("eve"))
def test_exists(self):
self.app.userdb.add_user("bob", "password")
self.assertTrue(self.app.userdb.exists("bob"))
def test_exists_with_invalid_user(self):
self.assertFalse(self.app.userdb.exists("invalid"))
def test_get_set(self):
user = "******"
self.app.userdb.add_user(user, "password")
email = self.app.userdb.get_email(user)
repos = self.app.userdb.get_repos(user)
user_root = self.app.userdb.get_user_root(user)
is_admin = self.app.userdb.is_admin(user)
self.assertEqual("", email)
self.assertEqual([], repos)
self.assertEqual("", user_root)
self.assertEqual(False, is_admin)
self.app.userdb.set_user_root(user, "/backups/")
self.app.userdb.set_is_admin(user, True)
self.app.userdb.set_email(user, "*****@*****.**")
self.app.userdb.set_repos(user, ["/backups/computer/", "/backups/laptop/"])
email = self.app.userdb.get_email(user)
repos = self.app.userdb.get_repos(user)
user_root = self.app.userdb.get_user_root(user)
is_admin = self.app.userdb.is_admin(user)
self.assertEqual("*****@*****.**", email)
self.assertEqual(["/backups/computer/", "/backups/laptop/"], repos)
self.assertEqual("/backups/", user_root)
self.assertEqual(True, is_admin)
def test_get_invalid_user(self):
with self.assertRaises(InvalidUserError):
self.app.userdb.get_email("invalid")
with self.assertRaises(InvalidUserError):
self.app.userdb.get_repos("invalid")
with self.assertRaises(InvalidUserError):
self.app.userdb.get_user_root("invalid")
with self.assertRaises(InvalidUserError):
self.app.userdb.is_admin("invalid")
def test_list(self):
self.assertEqual(["admin"], self.app.userdb.list())
self.app.userdb.add_user("annik")
self.assertEqual(["admin", "annik"], self.app.userdb.list())
def test_login(self):
"""Check if login work"""
self.app.userdb.add_user("tom", "password")
self.assertEqual("tom", self.app.userdb.login("tom", "password"))
self.assertFalse(self.app.userdb.login("tom", "invalid"))
def login_with_invalid_password(self):
self.app.userdb.add_user("jeff", "password")
self.assertFalse(self.app.userdb.login("jeff", "invalid"))
# password is case sensitive
self.assertFalse(self.app.userdb.login("jeff", "Password"))
# Match entire password
self.assertFalse(self.app.userdb.login("jeff", "pass"))
self.assertFalse(self.app.userdb.login("jeff", ""))
def test_login_with_invalid_user(self):
"""Check if login work"""
self.assertIsNone(self.app.userdb.login("josh", "password"))
def test_set_password_update(self):
self.app.userdb.add_user("annik", "password")
self.assertFalse(self.app.userdb.set_password("annik", "new_password"))
# Check new credentials
self.assertEqual("annik", self.app.userdb.login("annik", "new_password"))
def test_set_password_with_old_password(self):
self.app.userdb.add_user("john", "password")
self.app.userdb.set_password("john", "new_password", old_password="******")
# Check new credentials
self.assertEqual("john", self.app.userdb.login("john", "new_password"))
def test_set_password_with_invalid_old_password(self):
self.app.userdb.add_user("foo", "password")
with self.assertRaises(ValueError):
self.app.userdb.set_password("foo", "new_password", old_password="******")
def test_set_password_update_not_exists(self):
"""Expect error when trying to update password of invalid user."""
with self.assertRaises(InvalidUserError):
self.assertFalse(self.app.userdb.set_password("bar", "new_password"))
class UserManagerSQLiteLdapTest(unittest.TestCase):
basedn = ("dc=nodomain", {"dc": ["nodomain"], "o": ["nodomain"]})
people = ("ou=People,dc=nodomain", {"ou": ["People"], "objectClass": ["organizationalUnit"]})
# This is the content of our mock LDAP directory. It takes the form
# {dn: {attr: [value, ...], ...}, ...}.
directory = dict(
[
basedn,
people,
_ldap_user("annik"),
_ldap_user("bob"),
_ldap_user("foo"),
_ldap_user("jeff"),
_ldap_user("john"),
_ldap_user("karl"),
_ldap_user("kim"),
_ldap_user("larry"),
_ldap_user("mike"),
_ldap_user("tony"),
_ldap_user("vicky"),
]
)
@classmethod
def setUpClass(cls):
# We only need to create the MockLdap instance once. The content we
# pass in will be used for all LDAP connections.
cls.mockldap = MockLdap(cls.directory)
@classmethod
def tearDownClass(cls):
del cls.mockldap
def setUp(self):
# Mock LDAP
self.mockldap.start()
self.ldapobj = self.mockldap["ldap://localhost/"]
# Mock Application
self.app = MockRdiffwebApp(
enabled_plugins=["Ldap", "SQLite"], default_config={"LdapAllowPasswordChange": "true"}
)
self.app.reset()
# Get reference to LdapStore
self.ldapstore = self.app.userdb._password_stores[0]
def tearDown(self):
# Stop patching ldap.initialize and reset state.
self.mockldap.stop()
del self.ldapobj
def test_add_user_to_sqlite(self):
"""Add user to local database."""
self.app.userdb.add_user("joe", "password")
self.assertEqual("joe", self.app.userdb.login("joe", "password"))
def test_add_user_to_ldap(self):
"""Add user to LDAP."""
self.app.userdb.add_user("karl", "password")
self.assertEqual("karl", self.app.userdb.login("karl", "password"))
def test_delete_user(self):
"""Create then delete a user."""
# Create user
self.app.userdb.add_user("vicky")
self.assertTrue(self.app.userdb.exists("vicky"))
self.assertEquals("vicky", self.app.userdb.login("vicky", "password"))
# Delete user.
self.assertTrue(self.app.userdb.delete_user("vicky"))
self.assertFalse(self.app.userdb.exists("vicky"))
def test_delete_user_with_invalid_user(self):
self.assertFalse(self.app.userdb.delete_user("eve"))
def test_exists(self):
"""Check if user doesn't exists when only in LDAP."""
self.assertFalse(self.app.userdb.exists("bob"))
def test_exists_with_invalid_user(self):
self.assertFalse(self.app.userdb.exists("invalid"))
def test_get_set(self):
user = "******"
self.app.userdb.add_user(user, "password")
email = self.app.userdb.get_email(user)
repos = self.app.userdb.get_repos(user)
user_root = self.app.userdb.get_user_root(user)
is_admin = self.app.userdb.is_admin(user)
self.assertEqual("", email)
self.assertEqual([], repos)
self.assertEqual("", user_root)
self.assertEqual(False, is_admin)
self.app.userdb.set_user_root(user, "/backups/")
self.app.userdb.set_is_admin(user, True)
self.app.userdb.set_email(user, "*****@*****.**")
self.app.userdb.set_repos(user, ["/backups/computer/", "/backups/laptop/"])
email = self.app.userdb.get_email(user)
repos = self.app.userdb.get_repos(user)
user_root = self.app.userdb.get_user_root(user)
self.assertEqual("*****@*****.**", email)
self.assertEqual(["/backups/computer/", "/backups/laptop/"], repos)
self.assertEqual("/backups/", user_root)
def test_list(self):
self.assertEqual(["admin"], self.app.userdb.list())
self.app.userdb.add_user("annik")
self.assertEqual(["admin", "annik"], self.app.userdb.list())
def test_login(self):
"""Check if login work"""
self.app.userdb.add_user("tom", "password")
self.assertEqual("tom", self.app.userdb.login("tom", "password"))
self.assertFalse(self.app.userdb.login("tom", "invalid"))
def test_login_with_invalid_password(self):
self.app.userdb.add_user("jeff", "password")
self.assertFalse(self.app.userdb.login("jeff", "invalid"))
# password is case sensitive
self.assertFalse(self.app.userdb.login("jeff", "Password"))
# Match entire password
self.assertFalse(self.app.userdb.login("jeff", "pass"))
self.assertFalse(self.app.userdb.login("jeff", ""))
def test_login_with_invalid_user(self):
"""Check if login work"""
self.assertIsNone(self.app.userdb.login("josh", "password"))
def test_login_with_invalid_user_in_ldap(self):
"""Check if login work"""
self.assertIsNone(self.app.userdb.login("kim", "password"))
def test_login_with_create_user(self):
"""Check if login create the user in database if user exists in LDAP"""
self.assertFalse(self.app.userdb.exists("tony"))
self.app.cfg.set_config("AddMissingUser", "true")
try:
self.app.userdb.login("tony", "password")
self.assertTrue(self.app.userdb.exists("tony"))
self.assertFalse(self.app.userdb.is_admin("tony"))
finally:
self.app.cfg.set_config("AddMissingUser", "false")
def test_set_invalid_user(self):
with self.assertRaises(InvalidUserError):
self.app.userdb.set_user_root("invalid", "/backups/")
with self.assertRaises(InvalidUserError):
self.app.userdb.set_is_admin("invalid", True)
with self.assertRaises(InvalidUserError):
self.app.userdb.set_email("invalid", "*****@*****.**")
with self.assertRaises(InvalidUserError):
self.app.userdb.set_repos("invalid", ["/backups/computer/", "/backups/laptop/"])
def test_set_password_update(self):
self.app.userdb.add_user("annik")
self.assertFalse(self.app.userdb.set_password("annik", "new_password"))
# Check new credentials
self.assertEqual("annik", self.app.userdb.login("annik", "new_password"))
def test_set_password_with_old_password(self):
self.app.userdb.add_user("john")
self.app.userdb.set_password("john", "new_password", old_password="******")
# Check new credentials
self.assertEqual("john", self.app.userdb.login("john", "new_password"))
def test_set_password_with_invalid_old_password(self):
self.app.userdb.add_user("foo")
with self.assertRaises(ValueError):
self.app.userdb.set_password("foo", "new_password", old_password="******")
def test_set_password_update_not_exists(self):
"""Expect error when trying to update password of invalid user."""
with self.assertRaises(InvalidUserError):
self.assertFalse(self.app.userdb.set_password("bar", "new_password"))
def test_supports(self):
"""Check basic supports"""
self.assertTrue(self.app.userdb.supports("set_password"))
self.assertTrue(self.app.userdb.supports("set_email"))
self.assertTrue(self.app.userdb.supports("set_password", "annik"))
self.assertFalse(self.app.userdb.supports("set_email", "annik"))
