[BUGFIX] Fix crash when no emails or groups are retrieved from LDAP. (#651)

* [BUGFIX] Fix crash when no emails or groups are retrieved from LDAP. If group or email attribute configured by user in configuration is not found in user object the list of attributes in LDAP search result is empty. This change introduces a check before accessing the first element of the list which previously led to out of bound access. Fixes #647. * [MISC] Change log level of LDAP connection creation to trace.
author: Clément Michaud <clement.michaud34@gmail.com> 2020-02-27 23:21:07 +0100
committer: GitHub <noreply@github.com> 2020-02-27 23:21:07 +0100
commit: 82d8e1d57a6517d0b8a73c56c7085b46ebc80a5e (patch)
tree: e7a2d9a6cb96e8f2de1c4785a5af385e56aff844 /internal/authentication/ldap_user_provider_test.go
parent: efb567f3d5f6a4616567af781e23212a3af174cb (diff)
1 files changed, 108 insertions, 0 deletions
diff --git a/internal/authentication/ldap_user_provider_test.go b/internal/authentication/ldap_user_provider_test.go
index fc77b7131..cabc60d6d 100644
--- a/internal/authentication/ldap_user_provider_test.go
+++ b/internal/authentication/ldap_user_provider_test.go
@@ -134,3 +134,111 @@ func TestShouldEscapeUserInput(t *testing.T) {
 
 	ldapClient.getUserAttribute(mockConn, "john=abc", "dn")
 }
+
+func createSearchResultWithAttributes(attributes ...*ldap.EntryAttribute) *ldap.SearchResult {
+	return &ldap.SearchResult{
+		Entries: []*ldap.Entry{
+			&ldap.Entry{Attributes: attributes},
+		},
+	}
+}
+
+func createSearchResultWithAttributeValues(values ...string) *ldap.SearchResult {
+	return createSearchResultWithAttributes(&ldap.EntryAttribute{
+		Values: values,
+	})
+}
+
+func TestShouldNotCrashWhenGroupsAreNotRetrievedFromLDAP(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	mockFactory := NewMockLDAPConnectionFactory(ctrl)
+	mockConn := NewMockLDAPConnection(ctrl)
+
+	ldapClient := NewLDAPUserProviderWithFactory(schema.LDAPAuthenticationBackendConfiguration{
+		URL:               "ldap://127.0.0.1:389",
+		User:              "cn=admin,dc=example,dc=com",
+		Password:          "password",
+		UsersFilter:       "uid={0}",
+		AdditionalUsersDN: "ou=users",
+		BaseDN:            "dc=example,dc=com",
+	}, mockFactory)
+
+	mockFactory.EXPECT().
+		Dial(gomock.Eq("tcp"), gomock.Eq("127.0.0.1:389")).
+		Return(mockConn, nil).Times(2)
+
+	mockConn.EXPECT().
+		Bind(gomock.Eq("cn=admin,dc=example,dc=com"), gomock.Eq("password")).
+		Return(nil).
+		Times(2)
+
+	mockConn.EXPECT().
+		Close().Times(2)
+
+	searchGroups := mockConn.EXPECT().
+		Search(gomock.Any()).
+		Return(createSearchResultWithAttributes(), nil)
+	searchUserDN := mockConn.EXPECT().
+		Search(gomock.Any()).
+		Return(createSearchResultWithAttributeValues("uid=john,dc=example,dc=com"), nil)
+	searchEmails := mockConn.EXPECT().
+		Search(gomock.Any()).
+		Return(createSearchResultWithAttributeValues("test@example.com"), nil)
+
+	gomock.InOrder(searchGroups, searchUserDN, searchEmails)
+
+	details, err := ldapClient.GetDetails("john")
+	require.NoError(t, err)
+
+	assert.ElementsMatch(t, details.Groups, []string{})
+	assert.ElementsMatch(t, details.Emails, []string{"test@example.com"})
+}
+
+func TestShouldNotCrashWhenEmailsAreNotRetrievedFromLDAP(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	mockFactory := NewMockLDAPConnectionFactory(ctrl)
+	mockConn := NewMockLDAPConnection(ctrl)
+
+	ldapClient := NewLDAPUserProviderWithFactory(schema.LDAPAuthenticationBackendConfiguration{
+		URL:               "ldap://127.0.0.1:389",
+		User:              "cn=admin,dc=example,dc=com",
+		Password:          "password",
+		UsersFilter:       "uid={0}",
+		AdditionalUsersDN: "ou=users",
+		BaseDN:            "dc=example,dc=com",
+	}, mockFactory)
+
+	mockFactory.EXPECT().
+		Dial(gomock.Eq("tcp"), gomock.Eq("127.0.0.1:389")).
+		Return(mockConn, nil).Times(2)
+
+	mockConn.EXPECT().
+		Bind(gomock.Eq("cn=admin,dc=example,dc=com"), gomock.Eq("password")).
+		Return(nil).
+		Times(2)
+
+	mockConn.EXPECT().
+		Close().Times(2)
+
+	searchGroups := mockConn.EXPECT().
+		Search(gomock.Any()).
+		Return(createSearchResultWithAttributeValues("group1", "group2"), nil)
+	searchUserDN := mockConn.EXPECT().
+		Search(gomock.Any()).
+		Return(createSearchResultWithAttributeValues("uid=john,dc=example,dc=com"), nil)
+	searchEmails := mockConn.EXPECT().
+		Search(gomock.Any()).
+		Return(createSearchResultWithAttributes(), nil)
+
+	gomock.InOrder(searchGroups, searchUserDN, searchEmails)
+
+	details, err := ldapClient.GetDetails("john")
+	require.NoError(t, err)
+
+	assert.ElementsMatch(t, details.Groups, []string{"group1", "group2"})
+	assert.ElementsMatch(t, details.Emails, []string{})
+}
author	Clément Michaud <clement.michaud34@gmail.com>	2020-02-27 23:21:07 +0100
committer	GitHub <noreply@github.com>	2020-02-27 23:21:07 +0100
commit	82d8e1d57a6517d0b8a73c56c7085b46ebc80a5e (patch)
tree	e7a2d9a6cb96e8f2de1c4785a5af385e56aff844 /internal/authentication/ldap_user_provider_test.go
parent	efb567f3d5f6a4616567af781e23212a3af174cb (diff)