diff options
Diffstat (limited to 'internal/authentication/ldap_user_provider_test.go')
| -rw-r--r-- | internal/authentication/ldap_user_provider_test.go | 60 |
1 files changed, 36 insertions, 24 deletions
diff --git a/internal/authentication/ldap_user_provider_test.go b/internal/authentication/ldap_user_provider_test.go index 9415bb72c..93d2829d0 100644 --- a/internal/authentication/ldap_user_provider_test.go +++ b/internal/authentication/ldap_user_provider_test.go @@ -174,7 +174,7 @@ func TestShouldCheckLDAPServerExtensions(t *testing.T) { UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", Password: "password", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -230,7 +230,7 @@ func TestShouldNotEnablePasswdModifyExtension(t *testing.T) { UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", Password: "password", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -286,7 +286,7 @@ func TestShouldReturnCheckServerConnectError(t *testing.T) { UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", Password: "password", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -318,7 +318,7 @@ func TestShouldReturnCheckServerSearchError(t *testing.T) { UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", Password: "password", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -379,7 +379,7 @@ func TestShouldEscapeUserInput(t *testing.T) { UsersFilter: "(|({username_attribute}={input})({mail_attribute}={input}))", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", Password: "password", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -414,11 +414,13 @@ func TestShouldCombineUsernameFilterAndUsersFilter(t *testing.T) { AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", }, nil, mockFactory) + assert.True(t, ldapClient.usersFilterReplacementInput) + mockConn.EXPECT(). Search(NewSearchRequestMatcher("(&(uid=john)(&(objectCategory=person)(objectClass=user)))")). Return(&ldap.SearchResult{}, nil) @@ -456,7 +458,7 @@ func TestShouldNotCrashWhenGroupsAreNotRetrievedFromLDAP(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -486,7 +488,7 @@ func TestShouldNotCrashWhenGroupsAreNotRetrievedFromLDAP(t *testing.T) { DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -587,7 +589,7 @@ func TestShouldReturnUsernameFromLDAP(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -617,7 +619,7 @@ func TestShouldReturnUsernameFromLDAP(t *testing.T) { DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -658,7 +660,7 @@ func TestShouldUpdateUserPasswordPasswdModifyExtension(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -716,7 +718,7 @@ func TestShouldUpdateUserPasswordPasswdModifyExtension(t *testing.T) { DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -822,7 +824,7 @@ func TestShouldUpdateUserPasswordActiveDirectory(t *testing.T) { DN: "cn=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -968,7 +970,7 @@ func TestShouldCheckValidUserPassword(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -991,7 +993,7 @@ func TestShouldCheckValidUserPassword(t *testing.T) { DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -1035,7 +1037,7 @@ func TestShouldCheckInvalidUserPassword(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -1058,7 +1060,7 @@ func TestShouldCheckInvalidUserPassword(t *testing.T) { DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -1102,7 +1104,7 @@ func TestShouldCallStartTLSWhenEnabled(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -1136,7 +1138,7 @@ func TestShouldCallStartTLSWhenEnabled(t *testing.T) { DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -1176,7 +1178,7 @@ func TestShouldParseDynamicConfiguration(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input})({display_name_attribute}={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))", GroupsFilter: "(&(|(member={dn})(member={input})(member={username}))(objectClass=group))", AdditionalUsersDN: "ou=users", @@ -1187,7 +1189,13 @@ func TestShouldParseDynamicConfiguration(t *testing.T) { nil, mockFactory) - assert.Equal(t, "(&(|(uid={input})(mail={input})(displayname={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))", ldapClient.configuration.UsersFilter) + assert.True(t, ldapClient.groupsFilterReplacementInput) + assert.True(t, ldapClient.groupsFilterReplacementUsername) + assert.True(t, ldapClient.groupsFilterReplacementDN) + + assert.True(t, ldapClient.usersFilterReplacementInput) + + assert.Equal(t, "(&(|(uid={input})(mail={input})(displayName={input}))(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!pwdLastSet=0))", ldapClient.configuration.UsersFilter) assert.Equal(t, "(&(|(member={dn})(member={input})(member={username}))(objectClass=group))", ldapClient.configuration.GroupsFilter) assert.Equal(t, "ou=users,dc=example,dc=com", ldapClient.usersBaseDN) assert.Equal(t, "ou=groups,dc=example,dc=com", ldapClient.groupsBaseDN) @@ -1207,7 +1215,7 @@ func TestShouldCallStartTLSWithInsecureSkipVerifyWhenSkipVerifyTrue(t *testing.T Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", @@ -1219,6 +1227,10 @@ func TestShouldCallStartTLSWithInsecureSkipVerifyWhenSkipVerifyTrue(t *testing.T nil, mockFactory) + assert.False(t, ldapClient.groupsFilterReplacementInput) + assert.False(t, ldapClient.groupsFilterReplacementUsername) + assert.False(t, ldapClient.groupsFilterReplacementDN) + dialURL := mockFactory.EXPECT(). DialURL(gomock.Eq("ldap://127.0.0.1:389"), gomock.Any()). Return(mockConn, nil) @@ -1244,7 +1256,7 @@ func TestShouldCallStartTLSWithInsecureSkipVerifyWhenSkipVerifyTrue(t *testing.T DN: "uid=test,dc=example,dc=com", Attributes: []*ldap.EntryAttribute{ { - Name: "displayname", + Name: "displayName", Values: []string{"John Doe"}, }, { @@ -1285,7 +1297,7 @@ func TestShouldReturnLDAPSAlreadySecuredWhenStartTLSAttempted(t *testing.T) { Password: "password", UsernameAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "displayname", + DisplayNameAttribute: "displayName", UsersFilter: "uid={input}", AdditionalUsersDN: "ou=users", BaseDN: "dc=example,dc=com", |