def setUp(self):
super(TestLDAPAuthenticatorReturnLogin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(
self.connection,
base_dn,
returned_id='login',
)
class TestLDAPAuthenticatorPlugin(Base):
"""Tests for the L{LDAPAuthenticatorPlugin} IAuthenticator plugin"""
def setUp(self):
super(TestLDAPAuthenticatorPlugin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(self.connection, base_dn)
def test_implements(self):
verifyClass(IAuthenticator, LDAPAuthenticatorPlugin, tentative=True)
def test_authenticate_nologin(self):
result = self.plugin.authenticate(self.env, None)
self.assertEqual(result, None)
def test_authenticate_incomplete_credentials(self):
identity1 = {'login': fakeuser['uid']}
identity2 = {'password': fakeuser['password']}
result1 = self.plugin.authenticate(self.env, identity1)
result2 = self.plugin.authenticate(self.env, identity2)
self.assertEqual(result1, None)
self.assertEqual(result2, None)
def test_authenticate_noresults(self):
identity = {'login': '******',
'password': '******'}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparefail(self):
identity = {'login': fakeuser['uid'],
'password': '******'}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparesuccess(self):
identity = {'login': fakeuser['uid'],
'password': fakeuser['password']}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, fakeuser['dn'])
def test_custom_authenticator(self):
"""L{LDAPAuthenticatorPlugin._get_dn} should be overriden with no
problems"""
plugin = CustomLDAPAuthenticatorPlugin(self.connection, base_dn)
identity = {'login': fakeuser['uid'],
'password': fakeuser['password']}
result = plugin.authenticate(self.env, identity)
expected = 'uid=%s,%s' % (fakeuser['uid'], base_dn)
self.assertEqual(result, expected)
self.assertTrue(plugin.called)
class TestLDAPAuthenticatorPlugin(Base):
"""Tests for the L{LDAPAuthenticatorPlugin} IAuthenticator plugin"""
def setUp(self):
super(TestLDAPAuthenticatorPlugin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(self.connection, base_dn)
def test_implements(self):
verifyClass(IAuthenticator, LDAPAuthenticatorPlugin, tentative=True)
def test_authenticate_nologin(self):
result = self.plugin.authenticate(self.env, None)
self.assertEqual(result, None)
def test_authenticate_incomplete_credentials(self):
identity1 = {'login': fakeuser['uid']}
identity2 = {'password': fakeuser['password']}
result1 = self.plugin.authenticate(self.env, identity1)
result2 = self.plugin.authenticate(self.env, identity2)
self.assertEqual(result1, None)
self.assertEqual(result2, None)
def test_authenticate_noresults(self):
identity = {
'login': '******',
'password': '******'
}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparefail(self):
identity = {'login': fakeuser['uid'], 'password': '******'}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparesuccess(self):
identity = {'login': fakeuser['uid'], 'password': fakeuser['password']}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, fakeuser['dn'])
def test_custom_authenticator(self):
"""L{LDAPAuthenticatorPlugin._get_dn} should be overriden with no
problems"""
plugin = CustomLDAPAuthenticatorPlugin(self.connection, base_dn)
identity = {'login': fakeuser['uid'], 'password': fakeuser['password']}
result = plugin.authenticate(self.env, identity)
expected = 'uid=%s,%s' % (fakeuser['uid'], base_dn)
self.assertEqual(result, expected)
self.assertTrue(plugin.called)
def setUp(self):
super(TestLDAPAuthenticatorReturnLogin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(
self.connection,
base_dn,
returned_id='login',
)
class TestLDAPAuthenticatorReturnLogin(Base):
"""
Tests the L{LDAPAuthenticatorPlugin} IAuthenticator plugin returning
login.
"""
def setUp(self):
super(TestLDAPAuthenticatorReturnLogin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(
self.connection,
base_dn,
returned_id='login',
)
def test_authenticate_noresults(self):
identity = {'login': '******',
'password': '******'}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparefail(self):
identity = {'login': fakeuser['uid'],
'password': '******'}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparesuccess(self):
identity = {'login': fakeuser['uid'],
'password': fakeuser['password']}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, fakeuser['uid'])
def test_authenticate_dn_in_userdata(self):
identity = {'login': fakeuser['uid'],
'password': fakeuser['password']}
expected_dn = '<dn:%s>' % b64encode(fakeuser['dn'])
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(identity['userdata'], expected_dn)
class TestLDAPAuthenticatorReturnLogin(Base):
"""
Tests the L{LDAPAuthenticatorPlugin} IAuthenticator plugin returning
login.
"""
def setUp(self):
super(TestLDAPAuthenticatorReturnLogin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(
self.connection,
base_dn,
returned_id='login',
)
def test_authenticate_noresults(self):
identity = {
'login': '******',
'password': '******'
}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparefail(self):
identity = {'login': fakeuser['uid'], 'password': '******'}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, None)
def test_authenticate_comparesuccess(self):
identity = {'login': fakeuser['uid'], 'password': fakeuser['password']}
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(result, fakeuser['uid'])
def test_authenticate_dn_in_userdata(self):
identity = {'login': fakeuser['uid'], 'password': fakeuser['password']}
expected_dn = '<dn:%s>' % b64encode(fakeuser['dn'])
result = self.plugin.authenticate(self.env, identity)
self.assertEqual(identity['userdata'], expected_dn)
def make_ldap_auth_app(global_conf, **app_conf):
"""example authenticated app with ldap"""
assert 'auth.base_dn' in app_conf, "No base_dn specified"
assert 'auth.ldap_host' in app_conf, "No ldap_host specified"
app_conf['traclegos.auth'] = True
# make the app
app = make_app(global_conf, **app_conf)
# XXX bad touch
# this should really be passed to the make_app factory and used there
# but there's no current way of doing this intelligently
app.application.remote_user_name = ldap_remote_user
# get the ldap connection
conn = ldap.open(app_conf['auth.ldap_host'])
if app_conf.get('auth.use_tls', 'False').lower() == 'true':
conn.start_tls_s()
# wrap in repoze.who authentication middleware
ldap_auth = LDAPAuthenticatorPlugin(conn, app_conf['auth.base_dn'])
auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt')
form = RedirectingFormPlugin('/', '/login', '/logout', 'auth_tkt')
identifiers = [('form', form), ('auth_tkt', auth_tkt)]
authenticators = [('ldap_auth', ldap_auth)]
challengers = [('form', form)]
from repoze.who.classifiers import default_request_classifier
from repoze.who.classifiers import default_challenge_decider
log_stream = None
#import logging
#logger = logging.getLogger('something')
#logger.setLevel(logging.DEBUG)
return PluggableAuthenticationMiddleware(app,
identifiers,
authenticators,
challengers, [],
default_request_classifier,
default_challenge_decider,
log_stream=None,
log_level=logging.DEBUG)
def setUp(self):
super(TestLDAPAuthenticatorPlugin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(self.connection, base_dn)
def test_connection_is_url(self):
LDAPAuthenticatorPlugin('ldap://example.org', 'dc=example,dc=org')
def test_with_connection(self):
conn = fakeldap.FakeLDAPConnection()
LDAPAuthenticatorPlugin(conn, 'dc=example,dc=org')
def setUp(self):
super(TestLDAPAuthenticatorPluginStartTls, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(self.connection,
base_dn,
start_tls=True)
def setUp(self):
super(TestLDAPAuthenticatorPlugin, self).setUp()
# Loading the plugin:
self.plugin = LDAPAuthenticatorPlugin(self.connection, base_dn)
