Skip to content

Commit

Permalink
add rdn test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@cognifloyd
cognifloyd committed Oct 22, 2024
1 parent 4ccad4f commit edb6a79
Showing 1 changed file with 59 additions and 36 deletions.
95 changes: 59 additions & 36 deletions tests/unit/test_backend.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import mock
import unittest

import pytest

from st2auth_ldap import ldap_backend


Expand All @@ -30,6 +32,10 @@
LDAP_BIND_DN = 'cn=Administrator,cn=users,dc=stackstorm,dc=net'
LDAP_BIND_PASSWORD = uuid.uuid4().hex
LDAP_GROUP_DNS = ['cn=testers,dc=stackstorm,dc=net']
LDAP_GROUP_DNS_CASES = (
pytest.param(LDAP_GROUP_DNS, id="group_fqdn"),
pytest.param(['cn=testers'], id="group_rdn"),
)
LDAP_CACERT = '../fixtures/certs/cacert.pem'
LDAP_CACERT_REAL_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), LDAP_CACERT)
LDAP_BASE_OU = 'dc=stackstorm,dc=net'
Expand Down Expand Up @@ -102,12 +108,13 @@ def test_instantaite_no_group_dns_provided(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_authenticate(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticate(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -121,12 +128,13 @@ def test_authenticate(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_authenticate_with_multiple_ldap_hosts(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticate_with_multiple_ldap_hosts(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_MULTIPLE_HOSTS,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -140,12 +148,13 @@ def test_authenticate_with_multiple_ldap_hosts(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_authenticate_without_password(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticate_without_password(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -156,12 +165,13 @@ def test_authenticate_without_password(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s',
mock.MagicMock(side_effect=Exception()))
def test_authenticate_failure_bad_bind_cred(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticate_failure_bad_bind_cred(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -175,12 +185,13 @@ def test_authenticate_failure_bad_bind_cred(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_authenticate_failure_bad_user_password(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticate_failure_bad_user_password(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -194,13 +205,14 @@ def test_authenticate_failure_bad_user_password(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, []]))
def test_authenticate_failure_non_group_member_no_groups(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticate_failure_non_group_member_no_groups(self, required_group_dns):
# User is not member of any of the required group
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR,
group_dns_check='and'
Expand All @@ -213,7 +225,7 @@ def test_authenticate_failure_non_group_member_no_groups(self):
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR,
group_dns_check='or'
Expand All @@ -229,13 +241,14 @@ def test_authenticate_failure_non_group_member_no_groups(self):
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT,
[('cn=group1,dc=stackstorm,dc=net', ())]]))
def test_authenticatefailure_non_group_member_non_required_group(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_authenticatefailure_non_group_member_non_required_group(self, required_group_dns):
# User is member of a group which is not required
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR,
group_dns_check='and'
Expand All @@ -248,7 +261,7 @@ def test_authenticatefailure_non_group_member_non_required_group(self):
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR,
group_dns_check='or'
Expand Down Expand Up @@ -576,12 +589,13 @@ def test_authenticate_or_behavior_success_member_of_multiple_groups_3b(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_ssl_authenticate(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_ssl_authenticate(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
port=LDAPS_PORT,
use_ssl=True,
Expand All @@ -597,12 +611,13 @@ def test_ssl_authenticate(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_ssl_authenticate_failure(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_ssl_authenticate_failure(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
port=LDAPS_PORT,
use_ssl=True,
Expand All @@ -618,12 +633,13 @@ def test_ssl_authenticate_failure(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_ssl_authenticate_validate_cert(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_ssl_authenticate_validate_cert(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
port=LDAPS_PORT,
use_ssl=True,
Expand All @@ -643,12 +659,13 @@ def test_ssl_authenticate_validate_cert(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_tls_authenticate(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_tls_authenticate(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
use_tls=True,
id_attr=LDAP_ID_ATTR
Expand All @@ -666,12 +683,13 @@ def test_tls_authenticate(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_tls_authenticate_failure(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_tls_authenticate_failure(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
use_tls=True,
id_attr=LDAP_ID_ATTR
Expand All @@ -689,12 +707,13 @@ def test_tls_authenticate_failure(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_tls_authenticate_validate_cert(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_tls_authenticate_validate_cert(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
use_tls=True,
cacert=LDAP_CACERT_REAL_PATH,
Expand All @@ -710,13 +729,14 @@ def test_tls_authenticate_validate_cert(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, []]))
def test_special_characters_in_username_are_escaped(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_special_characters_in_username_are_escaped(self, required_group_dns):
# User is not member of any of the required group
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand Down Expand Up @@ -753,12 +773,13 @@ def test_special_characters_in_username_are_escaped(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_get_user(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_get_user(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -775,12 +796,13 @@ def test_get_user(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[2 * LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_get_user_multiple_results(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_get_user_multiple_results(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand All @@ -794,12 +816,13 @@ def test_get_user_multiple_results(self):
@mock.patch.object(
ldap.ldapobject.SimpleLDAPObject, 'search_s',
mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
def test_get_user_groups(self):
@pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
def test_get_user_groups(self, required_group_dns):
backend = ldap_backend.LDAPAuthenticationBackend(
LDAP_BIND_DN,
LDAP_BIND_PASSWORD,
LDAP_BASE_OU,
LDAP_GROUP_DNS,
required_group_dns,
LDAP_HOST,
id_attr=LDAP_ID_ATTR
)
Expand Down

0 comments on commit edb6a79

Please sign in to comment.