def init_fakeldap(
directory: Optional[Dict[str, Dict[str, List[str]]]] = None) -> None:
# We only use this in development. Importing mock inside
# this function is an import time optimization, which
# avoids the expensive import of the mock module (slow
# because its dependency pbr uses pkgresources, which is
# really slow to import.)
import mock
from fakeldap import MockLDAP
# Silent `django_auth_ldap` logger in dev mode to avoid
# spammy user not found log messages.
ldap_auth_logger = logging.getLogger('django_auth_ldap')
ldap_auth_logger.setLevel(logging.CRITICAL)
fakeldap_logger = logging.getLogger('fakeldap')
fakeldap_logger.setLevel(logging.CRITICAL)
ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize')
mock_initialize = ldap_patcher.start()
mock_ldap = MockLDAP()
mock_initialize.return_value = mock_ldap
mock_ldap.directory = directory or generate_dev_ldap_dir(
settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS)
def test_search_s_onelevel(self):
directory = {
"ou=users,dc=30loops,dc=net": {
"ou": "users"
},
"cn=admin,ou=users,dc=30loops,dc=net": {
"userPassword": "******"
},
"cn=john,ou=users,dc=30loops,dc=net": {
"userPassword": "******",
"mail": "*****@*****.**"
},
"cn=jack,ou=users,dc=30loops,dc=net": {
# test [value, ] format here
"userPassword": [
"ldaptest",
],
"mail": [
"*****@*****.**",
]
},
"cn=john2,ou=users,dc=30loops,dc=net": {
"userPassword": "******",
"mail": "*****@*****.**" # same mail as john
}
}
self.mock_ldap = MockLDAP(directory)
result = self.mock_ldap.search_s("dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
# The search is one-level, so the above should return no results:
self.assertEqual(result, [])
result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
self.assertEqual(result, [('cn=jack,ou=users,dc=30loops,dc=net', {
'userPassword': ['ldaptest'],
'mail': ['*****@*****.**']
})])
result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
self.assertEqual(len(result), 2)
self.assertIn(('cn=john,ou=users,dc=30loops,dc=net', {
'userPassword': '******',
'mail': '*****@*****.**'
}), result)
self.assertIn(('cn=john2,ou=users,dc=30loops,dc=net', {
'userPassword': '******',
'mail': '*****@*****.**'
}), result)
result = self.mock_ldap.search_s("dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
self.assertEqual(result, [])
class TestLdapOperations(unittest.TestCase):
def setUp(self):
self.mock_ldap = MockLDAP(directory)
def tearDown(self):
self.mock_ldap.reset()
def test_simple_bind_s_operation(self):
"""Try to bind a user."""
# Make a valid bind
eq_((97, []),
self.mock_ldap.simple_bind_s("cn=admin,dc=30loops,dc=net",
"ldaptest"))
# Supply the wrong password
assert_raises(ldap.INVALID_CREDENTIALS,
self.mock_ldap.simple_bind_s,
who="cn=admin,dc=30loops,dc=net",
cred="wrong")
def test_add_s_operation(self):
"""Test the addition of records to the mock ldap object."""
record = [
('uid', 'crito'),
('userPassword', 'secret'),
]
eq_((105, [], 1, []),
self.mock_ldap.add_s("uid=crito,ou=people,dc=30loops,dc=net",
record))
directory = {
"cn=admin,dc=30loops,dc=net": {
"userPassword": "******"
},
"uid=crito,ou=people,dc=30loops,dc=net": {
"uid": "crito",
"userPassword": "******"
}
}
eq_(directory, self.mock_ldap.directory)
record = [
('uid', 'bas'),
('userPassword', 'secret'),
]
eq_((105, [], 2, []),
self.mock_ldap.add_s("uid=bas,ou=people,dc=30loops,dc=net",
record))
def init_default_ldap_database(self) -> None:
"""
Takes care of the mock_ldap setup, loads
a directory from zerver/tests/fixtures/ldap/directory.json with various entries
to be used by tests.
If a test wants to specify its own directory, it can just replace
self.mock_ldap.directory with its own content, but in most cases it should be
enough to use change_user_attr to make simple modifications to the pre-loaded
directory. If new user entries are needed to test for some additional unusual
scenario, it's most likely best to add that to directory.json.
"""
directory = ujson.loads(self.fixture_data("directory.json", type="ldap"))
for dn, attrs in directory.items():
if 'uid' in attrs:
# Generate a password for the ldap account:
attrs['userPassword'] = [self.ldap_password(attrs['uid'][0]), ]
# Load binary attributes. If in "directory", an attribute as its value
# has a string starting with "file:", the rest of the string is assumed
# to be a path to the file from which binary data should be loaded,
# as the actual value of the attribute in ldap.
for attr, value in attrs.items():
if isinstance(value, str) and value.startswith("file:"):
with open(value[5:], 'rb') as f:
attrs[attr] = [f.read(), ]
ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize')
self.mock_initialize = ldap_patcher.start()
self.mock_ldap = MockLDAP(directory)
self.mock_initialize.return_value = self.mock_ldap
def init_fakeldap() -> None: # nocoverage
# We only use this in development. Importing mock inside
# this function is an import time optimization, which
# avoids the expensive import of the mock module (slow
# because its dependency pbr uses pkgresources, which is
# really slow to import.)
import mock
from fakeldap import MockLDAP
ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize')
mock_initialize = ldap_patcher.start()
mock_ldap = MockLDAP()
mock_initialize.return_value = mock_ldap
mock_ldap.directory = generate_dev_ldap_dir(settings.FAKE_LDAP_MODE,
settings.FAKE_LDAP_NUM_USERS)
def test_ldap_auth(self, ldap_obj):
User = self.get_model_class('django.contrib.auth.models.User')
User.objects.create(username='******')
# Test on fakeldap
admin = "*****@*****.**"
admin_password = "******"
LDAP_obj = MockLDAP({
admin: {"userPassword": [admin_password], 'cn': [admin]},
'test': {"userPassword": [admin_password]}
})
data = dict(username=admin, password=admin_password)
client = Client()
ldap_obj.return_value = LDAP_obj
self._get_test_ldap(client, data)
data['username'] = '******'
with override_settings(LDAP_DOMAIN='test.lan'):
self._get_test_ldap(client, data)
with override_settings(LDAP_DOMAIN='TEST'):
self._get_test_ldap(client, data)
# Unittest
ldap_obj.reset_mock()
admin_dict = {
"objectCategory": ['top', 'user'],
"userPassword": [admin_password],
'cn': [admin]
}
tree = {
admin: admin_dict,
"dc=test,dc=lan": {
'cn=admin,dc=test,dc=lan': admin_dict,
'cn=test,dc=test,dc=lan': {"objectCategory": ['person', 'user']},
}
}
LDAP_obj = MockLDAP(tree)
ldap_obj.return_value = LDAP_obj
ldap_backend = LDAP('ldap://10.10.10.22', admin, domain='test.lan')
self.assertFalse(ldap_backend.isAuth())
with self.assertRaises(LDAP.NotAuth):
ldap_backend.group_list()
ldap_backend.auth(admin, admin_password)
self.assertTrue(ldap_backend.isAuth())
self.assertEqual(
json.loads(ldap_backend.group_list())["dc=test,dc=lan"],
tree["dc=test,dc=lan"]
)
class TestLdapOperations(unittest.TestCase):
def setUp(self):
self.mock_ldap = MockLDAP(directory)
def tearDown(self):
self.mock_ldap.reset()
def test_simple_bind_s_operation(self):
"""Try to bind a user."""
# Make a valid bind
eq_(
(97,[]),
self.mock_ldap.simple_bind_s("cn=admin,dc=30loops,dc=net", "ldaptest")
)
# Supply the wrong password
assert_raises(
ldap.INVALID_CREDENTIALS,
self.mock_ldap.simple_bind_s,
who="cn=admin,dc=30loops,dc=net", cred="wrong"
)
def test_add_s_operation(self):
"""Test the addition of records to the mock ldap object."""
record = [
('uid', 'crito'),
('userPassword', 'secret'),
]
eq_((105,[],1,[]), self.mock_ldap.add_s(
"uid=crito,ou=people,dc=30loops,dc=net", record
))
directory = {
"cn=admin,dc=30loops,dc=net": {"userPassword": "******"},
"uid=crito,ou=people,dc=30loops,dc=net": {
"uid": "crito", "userPassword": "******"}
}
eq_(directory, self.mock_ldap.directory)
record = [
('uid', 'bas'),
('userPassword', 'secret'),
]
eq_((105,[],2,[]), self.mock_ldap.add_s(
"uid=bas,ou=people,dc=30loops,dc=net", record
))
def __init__(self) -> None:
if settings.DEVELOPMENT and settings.FAKE_LDAP_MODE: # nocoverage # We only use this in development
from fakeldap import MockLDAP
ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize')
self.mock_initialize = ldap_patcher.start()
self.mock_ldap = MockLDAP()
self.mock_initialize.return_value = self.mock_ldap
self.mock_ldap.directory = generate_dev_ldap_dir(settings.FAKE_LDAP_MODE,
settings.FAKE_LDAP_NUM_USERS)
def init_fakeldap(directory: Optional[Dict[str, Dict[str, List[str]]]]=None) -> None:
# We only use this in development. Importing mock inside
# this function is an import time optimization, which
# avoids the expensive import of the mock module (slow
# because its dependency pbr uses pkgresources, which is
# really slow to import.)
import mock
from fakeldap import MockLDAP
# Silent `django_auth_ldap` logger in dev mode to avoid
# spammy user not found log messages.
ldap_auth_logger = logging.getLogger('django_auth_ldap')
ldap_auth_logger.setLevel(logging.CRITICAL)
fakeldap_logger = logging.getLogger('fakeldap')
fakeldap_logger.setLevel(logging.CRITICAL)
ldap_patcher = mock.patch('django_auth_ldap.config.ldap.initialize')
mock_initialize = ldap_patcher.start()
mock_ldap = MockLDAP()
mock_initialize.return_value = mock_ldap
mock_ldap.directory = directory or generate_dev_ldap_dir(settings.FAKE_LDAP_MODE,
settings.FAKE_LDAP_NUM_USERS)
def setUp(self):
self.mock_ldap = MockLDAP(directory)
class TestLdapOperations(unittest.TestCase):
def setUp(self):
self.mock_ldap = MockLDAP(directory)
def tearDown(self):
self.mock_ldap.reset()
def test_simple_bind_s_operation(self):
"""Try to bind a user."""
# Make a valid bind
eq_((97, []),
self.mock_ldap.simple_bind_s("cn=admin,dc=30loops,dc=net",
"ldaptest"))
# Supply the wrong password
assert_raises(ldap.INVALID_CREDENTIALS,
self.mock_ldap.simple_bind_s,
who="cn=admin,dc=30loops,dc=net",
cred="wrong")
def test_add_s_operation(self):
"""Test the addition of records to the mock ldap object."""
record = [
('uid', 'crito'),
('userPassword', 'secret'),
]
eq_((105, [], 1, []),
self.mock_ldap.add_s("uid=crito,ou=people,dc=30loops,dc=net",
record))
directory = {
"cn=admin,dc=30loops,dc=net": {
"userPassword": "******"
},
"uid=crito,ou=people,dc=30loops,dc=net": {
"uid": "crito",
"userPassword": "******"
}
}
eq_(directory, self.mock_ldap.directory)
record = [
('uid', 'bas'),
('userPassword', 'secret'),
]
eq_((105, [], 2, []),
self.mock_ldap.add_s("uid=bas,ou=people,dc=30loops,dc=net",
record))
def test_search_s_base(self):
result = self.mock_ldap.search_s("cn=admin,dc=30loops,dc=net",
ldap.SCOPE_BASE)
self.assertEqual(result, [('cn=admin,dc=30loops,dc=net', {
'userPassword': '******'
})])
def test_search_s_onelevel(self):
directory = {
"ou=users,dc=30loops,dc=net": {
"ou": "users"
},
"cn=admin,ou=users,dc=30loops,dc=net": {
"userPassword": "******"
},
"cn=john,ou=users,dc=30loops,dc=net": {
"userPassword": "******",
"mail": "*****@*****.**"
},
"cn=jack,ou=users,dc=30loops,dc=net": {
# test [value, ] format here
"userPassword": [
"ldaptest",
],
"mail": [
"*****@*****.**",
]
},
"cn=john2,ou=users,dc=30loops,dc=net": {
"userPassword": "******",
"mail": "*****@*****.**" # same mail as john
}
}
self.mock_ldap = MockLDAP(directory)
result = self.mock_ldap.search_s("dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
# The search is one-level, so the above should return no results:
self.assertEqual(result, [])
result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
self.assertEqual(result, [('cn=jack,ou=users,dc=30loops,dc=net', {
'userPassword': ['ldaptest'],
'mail': ['*****@*****.**']
})])
result = self.mock_ldap.search_s("ou=users,dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
self.assertEqual(len(result), 2)
self.assertIn(('cn=john,ou=users,dc=30loops,dc=net', {
'userPassword': '******',
'mail': '*****@*****.**'
}), result)
self.assertIn(('cn=john2,ou=users,dc=30loops,dc=net', {
'userPassword': '******',
'mail': '*****@*****.**'
}), result)
result = self.mock_ldap.search_s("dc=30loops,dc=net",
ldap.SCOPE_ONELEVEL,
"([email protected])")
self.assertEqual(result, [])
def setUp(self):
self.mock_ldap = MockLDAP(directory)
def setUp(self):
""" Create a mock ldap object backed by a given dict"""
self.mock_ldap = MockLDAP(directory=directory)
