2016-02-01 01:55:59 +01:00
|
|
|
"""
|
|
|
|
This module provides tests for :py:mod:`ldaptasks.tasks`.
|
|
|
|
|
|
|
|
"""
|
2020-03-02 15:40:08 +01:00
|
|
|
import volatildap
|
2016-02-01 01:55:59 +01:00
|
|
|
from django.conf import settings
|
|
|
|
from django.test import TestCase
|
|
|
|
from celery.exceptions import Reject
|
|
|
|
|
2016-02-02 00:15:57 +01:00
|
|
|
from ldapentities.models import LdapUser
|
2020-03-02 15:40:08 +01:00
|
|
|
from gvaldap.ldaptasks.tasks import (
|
2016-02-02 00:15:57 +01:00
|
|
|
add_ldap_user_to_group,
|
|
|
|
create_ldap_group,
|
|
|
|
create_ldap_user,
|
2016-02-02 19:31:37 +01:00
|
|
|
delete_ldap_group,
|
|
|
|
delete_ldap_group_if_empty,
|
|
|
|
delete_ldap_user,
|
2016-02-07 22:41:36 +01:00
|
|
|
delete_ldap_user_chained,
|
2016-02-02 00:15:57 +01:00
|
|
|
remove_ldap_user_from_group,
|
|
|
|
set_ldap_user_password,
|
|
|
|
)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
|
|
|
|
class LdapTaskTestCase(TestCase):
|
2020-03-02 15:40:08 +01:00
|
|
|
databases = ["default", "ldap"]
|
|
|
|
|
2016-02-01 01:55:59 +01:00
|
|
|
directory = {
|
|
|
|
settings.DATABASES['ldap']['USER']: {
|
2020-03-02 15:40:08 +01:00
|
|
|
'objectClass': ['person'],
|
|
|
|
'userPassword': [settings.DATABASES['ldap']['PASSWORD']],
|
|
|
|
'sn': 'Admin',
|
2016-02-01 01:55:59 +01:00
|
|
|
},
|
|
|
|
settings.GROUP_BASE_DN: {
|
|
|
|
'objectClass': ['top', 'organizationalUnit'],
|
|
|
|
'ou': ['groups']
|
|
|
|
},
|
|
|
|
settings.USER_BASE_DN: {
|
|
|
|
'objectClass': ['top', 'organizationalUnit'],
|
|
|
|
'ou': ['users']
|
|
|
|
},
|
|
|
|
'cn=existing,' + settings.GROUP_BASE_DN: {
|
|
|
|
'objectClass': ['posixGroup'],
|
|
|
|
'gidNumber': ['4711'],
|
|
|
|
'cn': ['existing'],
|
|
|
|
'description': ['existing test group'],
|
|
|
|
'memberUid': ['existing'],
|
|
|
|
},
|
|
|
|
'uid=existing,' + settings.USER_BASE_DN: {
|
|
|
|
'objectClass': ['account', 'posixAccount'],
|
|
|
|
'uidNumber': ['815'],
|
|
|
|
'gidNumber': ['4711'],
|
|
|
|
'gecos': ['existing test user'],
|
|
|
|
'homeDirectory': ['/home/existing'],
|
|
|
|
'loginShell': ['/bin/bash'],
|
|
|
|
'uid': ['existing'],
|
|
|
|
'userPassword': ['secret'],
|
|
|
|
'cn': ['existing']
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def setUpClass(cls):
|
2020-03-02 15:40:08 +01:00
|
|
|
super(LdapTaskTestCase, cls).setUpClass()
|
|
|
|
cls.ldap_server = volatildap.LdapServer(
|
|
|
|
initial_data=cls.directory,
|
|
|
|
schemas=['core.schema', 'cosine.schema', 'inetorgperson.schema',
|
|
|
|
'nis.schema'],
|
|
|
|
)
|
|
|
|
settings.DATABASES['ldap']['USER'] = cls.ldap_server.rootdn
|
|
|
|
settings.DATABASES['ldap']['PASSWORD'] = cls.ldap_server.rootpw
|
|
|
|
settings.DATABASES['ldap']['NAME'] = cls.ldap_server.uri
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def tearDownClass(cls):
|
2020-03-02 15:40:08 +01:00
|
|
|
cls.ldap_server.stop()
|
|
|
|
super(LdapTaskTestCase, cls).tearDownClass()
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def setUp(self):
|
2020-03-02 15:40:08 +01:00
|
|
|
self.ldap_server.start()
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_group(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = create_ldap_group('test', 5000, 'test group')
|
|
|
|
self.assertEqual({
|
|
|
|
'groupname': 'test', 'gid': 5000, 'description': 'test group',
|
|
|
|
'group_dn': 'cn=test,%s' % settings.GROUP_BASE_DN
|
|
|
|
}, result)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_group_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = create_ldap_group('existing', 4711, 'existing test group')
|
|
|
|
self.assertEqual({
|
|
|
|
'groupname': 'existing', 'gid': 4711,
|
|
|
|
'description': 'existing test group',
|
|
|
|
'group_dn': 'cn=existing,%s' % settings.GROUP_BASE_DN
|
|
|
|
}, result)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_group_existing_modify(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = create_ldap_group(
|
|
|
|
'existing', 4711, 'change existing test group')
|
|
|
|
self.assertEqual({
|
|
|
|
'groupname': 'existing', 'gid': 4711,
|
|
|
|
'description': 'change existing test group',
|
|
|
|
'group_dn': 'cn=existing,%s' % settings.GROUP_BASE_DN
|
|
|
|
}, result)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = create_ldap_user(
|
2016-02-01 01:55:59 +01:00
|
|
|
'test', 5000, 4711, 'Test User', '/home/test', '/bin/bash',
|
|
|
|
'secret')
|
2016-02-07 22:41:36 +01:00
|
|
|
self.assertEqual({
|
|
|
|
'username': 'test', 'uid': 5000, 'gid': 4711, 'gecos': 'Test User',
|
|
|
|
'homedir': '/home/test', 'shell': '/bin/bash',
|
|
|
|
'user_dn': 'uid=test,%s' % settings.USER_BASE_DN
|
|
|
|
}, result)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user_invalid_group(self):
|
|
|
|
with self.assertRaises(Reject):
|
|
|
|
create_ldap_user(
|
|
|
|
'test', 5000, 5000, 'Test User', '/home/test', '/bin/bash',
|
|
|
|
'secret')
|
|
|
|
|
|
|
|
def test_create_ldap_user_no_password(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = create_ldap_user(
|
2016-02-01 01:55:59 +01:00
|
|
|
'test', 5000, 4711, 'Test User', '/home/test', '/bin/bash',
|
|
|
|
None)
|
2016-02-07 22:41:36 +01:00
|
|
|
self.assertEqual({
|
|
|
|
'username': 'test', 'uid': 5000, 'gid': 4711, 'gecos': 'Test User',
|
|
|
|
'homedir': '/home/test', 'shell': '/bin/bash',
|
|
|
|
'user_dn': 'uid=test,%s' % settings.USER_BASE_DN
|
|
|
|
}, result)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = create_ldap_user(
|
2016-02-01 01:55:59 +01:00
|
|
|
'existing', 815, 4711, 'existing test user', '/home/existing',
|
|
|
|
'/bin/bash', 'secret'
|
|
|
|
)
|
2016-02-07 22:41:36 +01:00
|
|
|
self.assertEqual({
|
2020-03-02 15:40:08 +01:00
|
|
|
'username': 'existing', 'uid': 815, 'gid': 4711,
|
2016-02-07 22:41:36 +01:00
|
|
|
'gecos': 'existing test user', 'homedir': '/home/existing',
|
|
|
|
'shell': '/bin/bash',
|
|
|
|
'user_dn': u'uid=existing,%s' % settings.USER_BASE_DN
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_set_ldap_user_password_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = set_ldap_user_password('existing', 'newpassword')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'password_set': True
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_set_ldap_user_password_missing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = set_ldap_user_password('missing', 'newpassword')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'missing', 'password_set': False
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = add_ldap_user_to_group('existing', 'existing')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'groupname': 'existing', 'added': True
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_new_user(self):
|
|
|
|
create_ldap_group('test', 5000, 'test group')
|
2016-02-07 22:41:36 +01:00
|
|
|
result = add_ldap_user_to_group('existing', 'test')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'groupname': 'test', 'added': True
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_no_group(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = add_ldap_user_to_group('existing', 'test')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'groupname': 'test', 'added': False
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_no_user(self):
|
|
|
|
with self.assertRaises(LdapUser.DoesNotExist):
|
|
|
|
add_ldap_user_to_group('test', 'existing')
|
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = remove_ldap_user_from_group('existing', 'existing')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'groupname': 'existing', 'removed': True
|
|
|
|
}, result)
|
2020-03-02 15:40:08 +01:00
|
|
|
self.assertNotIn('memberUid', self.ldap_server.get(
|
|
|
|
'cn=existing,' + settings.GROUP_BASE_DN))
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_not_in_group(self):
|
|
|
|
create_ldap_group('test', 5000, 'test group')
|
2016-02-07 22:41:36 +01:00
|
|
|
result = remove_ldap_user_from_group('existing', 'test')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'groupname': 'test', 'removed': False
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_no_group(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = remove_ldap_user_from_group('existing', 'test')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'existing', 'groupname': 'test', 'removed': False
|
|
|
|
}, result)
|
2016-02-02 00:15:57 +01:00
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_no_user(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = remove_ldap_user_from_group('test', 'existing')
|
|
|
|
self.assertEqual({
|
|
|
|
'username': 'test', 'groupname': 'existing', 'removed': False
|
|
|
|
}, result)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_user_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_user('existing')
|
|
|
|
self.assertEqual({'username': 'existing', 'deleted': True}, result)
|
2020-03-02 15:40:08 +01:00
|
|
|
with self.assertRaises(KeyError):
|
|
|
|
self.ldap_server.get('uid=existing,' + settings.USER_BASE_DN)
|
|
|
|
self.assertNotIn('memberUid', self.ldap_server.get(
|
|
|
|
'cn=existing,' + settings.GROUP_BASE_DN))
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_user_missing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_user('missing')
|
|
|
|
self.assertEqual({'username': 'missing', 'deleted': False}, result)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_user_no_group(self):
|
2020-03-02 15:40:08 +01:00
|
|
|
self.ldap_server.get('uid=existing,' + settings.USER_BASE_DN)[
|
|
|
|
'gidNumber'] = '5000'
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_user('existing')
|
|
|
|
self.assertEqual({'username': 'existing', 'deleted': True}, result)
|
2020-03-02 15:40:08 +01:00
|
|
|
with self.assertRaises(KeyError):
|
|
|
|
self.ldap_server.get('uid=existing,' + settings.USER_BASE_DN)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
2016-02-07 22:41:36 +01:00
|
|
|
def test_delete_ldap_user_chained_exsting(self):
|
|
|
|
result = delete_ldap_user_chained({'username': 'existing'})
|
|
|
|
self.assertEqual({'username': 'existing', 'deleted': True}, result)
|
2020-03-02 15:40:08 +01:00
|
|
|
with self.assertRaises(KeyError):
|
|
|
|
self.ldap_server.get('uid=existing,' + settings.USER_BASE_DN)
|
|
|
|
group_object = self.ldap_server.get('cn=existing,' + settings.GROUP_BASE_DN)
|
|
|
|
self.assertNotIn('memberUid', group_object)
|
2016-02-07 22:41:36 +01:00
|
|
|
|
2016-02-02 19:31:37 +01:00
|
|
|
def test_delete_ldap_group_if_empty_nonempty(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_group_if_empty('existing')
|
|
|
|
self.assertEqual({'groupname': 'existing', 'deleted': False}, result)
|
2020-03-02 15:40:08 +01:00
|
|
|
ldap_object = self.ldap_server.get('cn=existing,' + settings.GROUP_BASE_DN)
|
|
|
|
self.assertIsNotNone(ldap_object)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_group_if_empty_missing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_group_if_empty('missing')
|
|
|
|
self.assertEqual({'groupname': 'missing', 'deleted': False}, result)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_group_if_empty_empty(self):
|
2020-03-02 15:40:08 +01:00
|
|
|
self.ldap_server.add({'cn=emptygroup,' + settings.GROUP_BASE_DN: {
|
|
|
|
'objectClass': ['posixGroup'],
|
|
|
|
'gidNumber': ['4712'],
|
|
|
|
'cn': ['existing'],
|
|
|
|
'description': ['existing test group'],
|
|
|
|
}})
|
|
|
|
result = delete_ldap_group_if_empty('emptygroup')
|
|
|
|
self.assertEqual({'groupname': 'emptygroup', 'deleted': True}, result)
|
|
|
|
with self.assertRaises(KeyError):
|
|
|
|
self.ldap_server.get('cn=emptygroup,' + settings.GROUP_BASE_DN)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_group_existing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_group('existing')
|
|
|
|
self.assertEqual({'groupname': 'existing', 'deleted': True}, result)
|
2020-03-02 15:40:08 +01:00
|
|
|
with self.assertRaises(KeyError):
|
|
|
|
self.ldap_server.get('cn=existing,' + settings.GROUP_BASE_DN)
|
2016-02-02 19:31:37 +01:00
|
|
|
|
|
|
|
def test_delete_ldap_group_missing(self):
|
2016-02-07 22:41:36 +01:00
|
|
|
result = delete_ldap_group('missing')
|
|
|
|
self.assertEqual({'groupname': 'missing', 'deleted': False}, result)
|