|
|
|
@ -7,7 +7,7 @@ package cmd
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"code.gitea.io/gitea/models"
|
|
|
|
|
"code.gitea.io/gitea/models/login"
|
|
|
|
|
"code.gitea.io/gitea/services/auth/source/ldap"
|
|
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
@ -23,7 +23,7 @@ func TestAddLdapBindDn(t *testing.T) {
|
|
|
|
|
// Test cases
|
|
|
|
|
var cases = []struct {
|
|
|
|
|
args []string
|
|
|
|
|
loginSource *models.LoginSource
|
|
|
|
|
loginSource *login.Source
|
|
|
|
|
errMsg string
|
|
|
|
|
}{
|
|
|
|
|
// case 0
|
|
|
|
@ -51,8 +51,8 @@ func TestAddLdapBindDn(t *testing.T) {
|
|
|
|
|
"--synchronize-users",
|
|
|
|
|
"--page-size", "99",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Name: "ldap (via Bind DN) source full",
|
|
|
|
|
IsActive: false,
|
|
|
|
|
IsSyncEnabled: true,
|
|
|
|
@ -91,8 +91,8 @@ func TestAddLdapBindDn(t *testing.T) {
|
|
|
|
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",
|
|
|
|
|
"--email-attribute", "mail-bind min",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Name: "ldap (via Bind DN) source min",
|
|
|
|
|
IsActive: true,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
@ -203,20 +203,20 @@ func TestAddLdapBindDn(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
for n, c := range cases {
|
|
|
|
|
// Mock functions.
|
|
|
|
|
var createdLoginSource *models.LoginSource
|
|
|
|
|
var createdLoginSource *login.Source
|
|
|
|
|
service := &authService{
|
|
|
|
|
initDB: func() error {
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
createLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
createLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
createdLoginSource = loginSource
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
updateLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
updateLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
assert.FailNow(t, "case %d: should not call updateLoginSource", n)
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) {
|
|
|
|
|
getLoginSourceByID: func(id int64) (*login.Source, error) {
|
|
|
|
|
assert.FailNow(t, "case %d: should not call getLoginSourceByID", n)
|
|
|
|
|
return nil, nil
|
|
|
|
|
},
|
|
|
|
@ -247,7 +247,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
// Test cases
|
|
|
|
|
var cases = []struct {
|
|
|
|
|
args []string
|
|
|
|
|
loginSource *models.LoginSource
|
|
|
|
|
loginSource *login.Source
|
|
|
|
|
errMsg string
|
|
|
|
|
}{
|
|
|
|
|
// case 0
|
|
|
|
@ -271,8 +271,8 @@ func TestAddLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--public-ssh-key-attribute", "publickey-simple full",
|
|
|
|
|
"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Name: "ldap (simple auth) source full",
|
|
|
|
|
IsActive: false,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
@ -307,8 +307,8 @@ func TestAddLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--email-attribute", "mail-simple min",
|
|
|
|
|
"--user-dn", "cn=%s,ou=Users,dc=min-domain-simple,dc=org",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Name: "ldap (simple auth) source min",
|
|
|
|
|
IsActive: true,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
@ -432,20 +432,20 @@ func TestAddLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
for n, c := range cases {
|
|
|
|
|
// Mock functions.
|
|
|
|
|
var createdLoginSource *models.LoginSource
|
|
|
|
|
var createdLoginSource *login.Source
|
|
|
|
|
service := &authService{
|
|
|
|
|
initDB: func() error {
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
createLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
createLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
createdLoginSource = loginSource
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
updateLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
updateLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
assert.FailNow(t, "case %d: should not call updateLoginSource", n)
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) {
|
|
|
|
|
getLoginSourceByID: func(id int64) (*login.Source, error) {
|
|
|
|
|
assert.FailNow(t, "case %d: should not call getLoginSourceByID", n)
|
|
|
|
|
return nil, nil
|
|
|
|
|
},
|
|
|
|
@ -477,8 +477,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
var cases = []struct {
|
|
|
|
|
args []string
|
|
|
|
|
id int64
|
|
|
|
|
existingLoginSource *models.LoginSource
|
|
|
|
|
loginSource *models.LoginSource
|
|
|
|
|
existingLoginSource *login.Source
|
|
|
|
|
loginSource *login.Source
|
|
|
|
|
errMsg string
|
|
|
|
|
}{
|
|
|
|
|
// case 0
|
|
|
|
@ -507,15 +507,15 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--page-size", "99",
|
|
|
|
|
},
|
|
|
|
|
id: 23,
|
|
|
|
|
existingLoginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
existingLoginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
IsActive: true,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Enabled: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Name: "ldap (via Bind DN) source full",
|
|
|
|
|
IsActive: false,
|
|
|
|
|
IsSyncEnabled: true,
|
|
|
|
@ -548,8 +548,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"ldap-test",
|
|
|
|
|
"--id", "1",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -560,8 +560,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--name", "ldap (via Bind DN) source",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Name: "ldap (via Bind DN) source",
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Name: "ldap (via Bind DN) source",
|
|
|
|
@ -575,13 +575,13 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--not-active",
|
|
|
|
|
},
|
|
|
|
|
existingLoginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
existingLoginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
IsActive: true,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
IsActive: false,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
@ -593,8 +593,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--security-protocol", "LDAPS",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
SecurityProtocol: ldap.SecurityProtocol(1),
|
|
|
|
|
},
|
|
|
|
@ -607,8 +607,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--skip-tls-verify",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
SkipVerify: true,
|
|
|
|
|
},
|
|
|
|
@ -621,8 +621,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--host", "ldap-server",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Host: "ldap-server",
|
|
|
|
|
},
|
|
|
|
@ -635,8 +635,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--port", "389",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Port: 389,
|
|
|
|
|
},
|
|
|
|
@ -649,8 +649,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--user-search-base", "ou=Users,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
UserBase: "ou=Users,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
@ -663,8 +663,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Filter: "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
|
|
|
|
|
},
|
|
|
|
@ -677,8 +677,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",
|
|
|
|
|
},
|
|
|
|
@ -691,8 +691,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--username-attribute", "uid",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeUsername: "uid",
|
|
|
|
|
},
|
|
|
|
@ -705,8 +705,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--firstname-attribute", "givenName",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeName: "givenName",
|
|
|
|
|
},
|
|
|
|
@ -719,8 +719,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--surname-attribute", "sn",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeSurname: "sn",
|
|
|
|
|
},
|
|
|
|
@ -733,8 +733,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--email-attribute", "mail",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeMail: "mail",
|
|
|
|
|
},
|
|
|
|
@ -747,8 +747,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--attributes-in-bind",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributesInBind: true,
|
|
|
|
|
},
|
|
|
|
@ -761,8 +761,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--public-ssh-key-attribute", "publickey",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeSSHPublicKey: "publickey",
|
|
|
|
|
},
|
|
|
|
@ -775,8 +775,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--bind-dn", "cn=readonly,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
BindDN: "cn=readonly,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
@ -789,8 +789,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--bind-password", "secret",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
BindPassword: "secret",
|
|
|
|
|
},
|
|
|
|
@ -803,8 +803,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--synchronize-users",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
IsSyncEnabled: true,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
@ -816,8 +816,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--page-size", "12",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
SearchPageSize: 12,
|
|
|
|
|
},
|
|
|
|
@ -845,8 +845,8 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
"ldap-test",
|
|
|
|
|
"--id", "1",
|
|
|
|
|
},
|
|
|
|
|
existingLoginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginOAuth2,
|
|
|
|
|
existingLoginSource: &login.Source{
|
|
|
|
|
Type: login.OAuth2,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
|
errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
|
|
|
|
@ -855,28 +855,28 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
for n, c := range cases {
|
|
|
|
|
// Mock functions.
|
|
|
|
|
var updatedLoginSource *models.LoginSource
|
|
|
|
|
var updatedLoginSource *login.Source
|
|
|
|
|
service := &authService{
|
|
|
|
|
initDB: func() error {
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
createLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
createLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
assert.FailNow(t, "case %d: should not call createLoginSource", n)
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
updateLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
updateLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
updatedLoginSource = loginSource
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) {
|
|
|
|
|
getLoginSourceByID: func(id int64) (*login.Source, error) {
|
|
|
|
|
if c.id != 0 {
|
|
|
|
|
assert.Equal(t, c.id, id, "case %d: wrong id", n)
|
|
|
|
|
}
|
|
|
|
|
if c.existingLoginSource != nil {
|
|
|
|
|
return c.existingLoginSource, nil
|
|
|
|
|
}
|
|
|
|
|
return &models.LoginSource{
|
|
|
|
|
Type: models.LoginLDAP,
|
|
|
|
|
return &login.Source{
|
|
|
|
|
Type: login.LDAP,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
}, nil
|
|
|
|
|
},
|
|
|
|
@ -908,8 +908,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
var cases = []struct {
|
|
|
|
|
args []string
|
|
|
|
|
id int64
|
|
|
|
|
existingLoginSource *models.LoginSource
|
|
|
|
|
loginSource *models.LoginSource
|
|
|
|
|
existingLoginSource *login.Source
|
|
|
|
|
loginSource *login.Source
|
|
|
|
|
errMsg string
|
|
|
|
|
}{
|
|
|
|
|
// case 0
|
|
|
|
@ -935,8 +935,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--user-dn", "cn=%s,ou=Users,dc=full-domain-simple,dc=org",
|
|
|
|
|
},
|
|
|
|
|
id: 7,
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Name: "ldap (simple auth) source full",
|
|
|
|
|
IsActive: false,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
@ -964,8 +964,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"ldap-test",
|
|
|
|
|
"--id", "1",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -976,8 +976,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--name", "ldap (simple auth) source",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Name: "ldap (simple auth) source",
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Name: "ldap (simple auth) source",
|
|
|
|
@ -991,13 +991,13 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--not-active",
|
|
|
|
|
},
|
|
|
|
|
existingLoginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
existingLoginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
IsActive: true,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
IsActive: false,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
@ -1009,8 +1009,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--security-protocol", "starttls",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
SecurityProtocol: ldap.SecurityProtocol(2),
|
|
|
|
|
},
|
|
|
|
@ -1023,8 +1023,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--skip-tls-verify",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
SkipVerify: true,
|
|
|
|
|
},
|
|
|
|
@ -1037,8 +1037,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--host", "ldap-server",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Host: "ldap-server",
|
|
|
|
|
},
|
|
|
|
@ -1051,8 +1051,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--port", "987",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Port: 987,
|
|
|
|
|
},
|
|
|
|
@ -1065,8 +1065,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--user-search-base", "ou=Users,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
UserBase: "ou=Users,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
@ -1079,8 +1079,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
Filter: "(&(objectClass=posixAccount)(cn=%s))",
|
|
|
|
|
},
|
|
|
|
@ -1093,8 +1093,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--admin-filter", "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AdminFilter: "(memberOf=cn=admin-group,ou=example,dc=domain,dc=org)",
|
|
|
|
|
},
|
|
|
|
@ -1107,8 +1107,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--username-attribute", "uid",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeUsername: "uid",
|
|
|
|
|
},
|
|
|
|
@ -1121,8 +1121,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--firstname-attribute", "givenName",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeName: "givenName",
|
|
|
|
|
},
|
|
|
|
@ -1135,8 +1135,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--surname-attribute", "sn",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeSurname: "sn",
|
|
|
|
|
},
|
|
|
|
@ -1149,8 +1149,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--email-attribute", "mail",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
|
|
|
|
|
AttributeMail: "mail",
|
|
|
|
@ -1164,8 +1164,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--public-ssh-key-attribute", "publickey",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
AttributeSSHPublicKey: "publickey",
|
|
|
|
|
},
|
|
|
|
@ -1178,8 +1178,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"--id", "1",
|
|
|
|
|
"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
|
loginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
loginSource: &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{
|
|
|
|
|
UserDN: "cn=%s,ou=Users,dc=domain,dc=org",
|
|
|
|
|
},
|
|
|
|
@ -1207,8 +1207,8 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
"ldap-test",
|
|
|
|
|
"--id", "1",
|
|
|
|
|
},
|
|
|
|
|
existingLoginSource: &models.LoginSource{
|
|
|
|
|
Type: models.LoginPAM,
|
|
|
|
|
existingLoginSource: &login.Source{
|
|
|
|
|
Type: login.PAM,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
},
|
|
|
|
|
errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
|
|
|
|
@ -1217,28 +1217,28 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
for n, c := range cases {
|
|
|
|
|
// Mock functions.
|
|
|
|
|
var updatedLoginSource *models.LoginSource
|
|
|
|
|
var updatedLoginSource *login.Source
|
|
|
|
|
service := &authService{
|
|
|
|
|
initDB: func() error {
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
createLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
createLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
assert.FailNow(t, "case %d: should not call createLoginSource", n)
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
updateLoginSource: func(loginSource *models.LoginSource) error {
|
|
|
|
|
updateLoginSource: func(loginSource *login.Source) error {
|
|
|
|
|
updatedLoginSource = loginSource
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
getLoginSourceByID: func(id int64) (*models.LoginSource, error) {
|
|
|
|
|
getLoginSourceByID: func(id int64) (*login.Source, error) {
|
|
|
|
|
if c.id != 0 {
|
|
|
|
|
assert.Equal(t, c.id, id, "case %d: wrong id", n)
|
|
|
|
|
}
|
|
|
|
|
if c.existingLoginSource != nil {
|
|
|
|
|
return c.existingLoginSource, nil
|
|
|
|
|
}
|
|
|
|
|
return &models.LoginSource{
|
|
|
|
|
Type: models.LoginDLDAP,
|
|
|
|
|
return &login.Source{
|
|
|
|
|
Type: login.DLDAP,
|
|
|
|
|
Cfg: &ldap.Source{},
|
|
|
|
|
}, nil
|
|
|
|
|
},
|
|
|
|
|