2016-02-01 01:55:59 +01:00
|
|
|
"""
|
|
|
|
This module provides tests for :py:mod:`ldaptasks.tasks`.
|
|
|
|
|
|
|
|
"""
|
|
|
|
from __future__ import absolute_import
|
|
|
|
|
|
|
|
from django.conf import settings
|
|
|
|
from django.test import TestCase
|
|
|
|
from celery.exceptions import Reject
|
|
|
|
|
|
|
|
from mockldap import MockLdap
|
|
|
|
|
2016-02-02 00:15:57 +01:00
|
|
|
from ldapentities.models import LdapUser
|
|
|
|
from ldaptasks.tasks import (
|
|
|
|
add_ldap_user_to_group,
|
|
|
|
create_ldap_group,
|
|
|
|
create_ldap_user,
|
|
|
|
remove_ldap_user_from_group,
|
|
|
|
set_ldap_user_password,
|
|
|
|
)
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
|
|
|
|
class LdapTaskTestCase(TestCase):
|
|
|
|
directory = {
|
|
|
|
settings.DATABASES['ldap']['USER']: {
|
|
|
|
'userPassword': [settings.DATABASES['ldap']['PASSWORD']]
|
|
|
|
},
|
|
|
|
settings.GROUP_BASE_DN: {
|
|
|
|
'objectClass': ['top', 'organizationalUnit'],
|
|
|
|
'ou': ['groups']
|
|
|
|
},
|
|
|
|
settings.USER_BASE_DN: {
|
|
|
|
'objectClass': ['top', 'organizationalUnit'],
|
|
|
|
'ou': ['users']
|
|
|
|
},
|
|
|
|
'cn=existing,' + settings.GROUP_BASE_DN: {
|
|
|
|
'objectClass': ['posixGroup'],
|
|
|
|
'gidNumber': ['4711'],
|
|
|
|
'cn': ['existing'],
|
|
|
|
'description': ['existing test group'],
|
|
|
|
'memberUid': ['existing'],
|
|
|
|
},
|
|
|
|
'uid=existing,' + settings.USER_BASE_DN: {
|
|
|
|
'objectClass': ['account', 'posixAccount'],
|
|
|
|
'uidNumber': ['815'],
|
|
|
|
'gidNumber': ['4711'],
|
|
|
|
'gecos': ['existing test user'],
|
|
|
|
'homeDirectory': ['/home/existing'],
|
|
|
|
'loginShell': ['/bin/bash'],
|
|
|
|
'uid': ['existing'],
|
|
|
|
'userPassword': ['secret'],
|
|
|
|
'cn': ['existing']
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def setUpClass(cls):
|
|
|
|
cls.mockldap = MockLdap(cls.directory)
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def tearDownClass(cls):
|
|
|
|
del cls.mockldap
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.mockldap.start()
|
|
|
|
self.ldapobj = self.mockldap[settings.DATABASES['ldap']['NAME']]
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
self.mockldap.stop()
|
|
|
|
del self.ldapobj
|
|
|
|
|
|
|
|
def test_create_ldap_group(self):
|
|
|
|
dn = create_ldap_group('test', 5000, 'test group')
|
|
|
|
self.assertEqual('cn=test,%s' % settings.GROUP_BASE_DN, dn)
|
2016-02-02 00:15:57 +01:00
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'add_s'
|
|
|
|
])
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_group_existing(self):
|
|
|
|
dn = create_ldap_group('existing', 4711, 'existing test group')
|
|
|
|
self.assertEqual('cn=existing,%s' % settings.GROUP_BASE_DN, dn)
|
2016-02-02 00:15:57 +01:00
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'search_s'
|
|
|
|
])
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_group_existing_modify(self):
|
|
|
|
dn = create_ldap_group('existing', 4711, 'change existing test group')
|
|
|
|
self.assertEqual('cn=existing,%s' % settings.GROUP_BASE_DN, dn)
|
2016-02-02 00:15:57 +01:00
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s',
|
|
|
|
'search_s', 'search_s', 'modify_s'
|
|
|
|
])
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user(self):
|
|
|
|
dn = create_ldap_user(
|
|
|
|
'test', 5000, 4711, 'Test User', '/home/test', '/bin/bash',
|
|
|
|
'secret')
|
|
|
|
self.assertEqual('uid=test,%s' % settings.USER_BASE_DN, dn)
|
2016-02-02 00:15:57 +01:00
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'add_s', 'search_s', 'search_s', 'modify_s'
|
|
|
|
])
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user_invalid_group(self):
|
|
|
|
with self.assertRaises(Reject):
|
|
|
|
create_ldap_user(
|
|
|
|
'test', 5000, 5000, 'Test User', '/home/test', '/bin/bash',
|
|
|
|
'secret')
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
2016-02-02 00:15:57 +01:00
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s'
|
|
|
|
])
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user_no_password(self):
|
|
|
|
dn = create_ldap_user(
|
|
|
|
'test', 5000, 4711, 'Test User', '/home/test', '/bin/bash',
|
|
|
|
None)
|
|
|
|
self.assertEqual('uid=test,%s' % settings.USER_BASE_DN, dn)
|
2016-02-02 00:15:57 +01:00
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'add_s', 'search_s', 'search_s', 'modify_s'
|
|
|
|
])
|
2016-02-01 01:55:59 +01:00
|
|
|
|
|
|
|
def test_create_ldap_user_existing(self):
|
|
|
|
dn = create_ldap_user(
|
|
|
|
'existing', 815, 4711, 'existing test user', '/home/existing',
|
|
|
|
'/bin/bash', 'secret'
|
|
|
|
)
|
|
|
|
self.assertEqual('uid=existing,%s' % settings.USER_BASE_DN, dn)
|
2016-02-02 00:15:57 +01:00
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'search_s', 'search_s', 'search_s', 'modify_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_set_ldap_user_password_existing(self):
|
|
|
|
res = set_ldap_user_password('existing', 'newpassword')
|
|
|
|
self.assertTrue(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'search_s', 'modify_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_set_ldap_user_password_missing(self):
|
|
|
|
res = set_ldap_user_password('missing', 'newpassword')
|
|
|
|
self.assertFalse(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_existing(self):
|
|
|
|
res = add_ldap_user_to_group('existing', 'existing')
|
|
|
|
self.assertTrue(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'search_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_new_user(self):
|
|
|
|
create_ldap_group('test', 5000, 'test group')
|
|
|
|
res = add_ldap_user_to_group('existing', 'test')
|
|
|
|
self.assertTrue(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'add_s', 'search_s',
|
|
|
|
'search_s', 'search_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'modify_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_no_group(self):
|
|
|
|
res = add_ldap_user_to_group('existing', 'test')
|
|
|
|
self.assertFalse(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_add_ldap_user_to_group_no_user(self):
|
|
|
|
with self.assertRaises(LdapUser.DoesNotExist):
|
|
|
|
add_ldap_user_to_group('test', 'existing')
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_existing(self):
|
|
|
|
res = remove_ldap_user_from_group('existing', 'existing')
|
|
|
|
self.assertTrue(res)
|
|
|
|
self.assertNotIn('memberUid', self.ldapobj.directory[
|
|
|
|
'cn=existing,' + settings.GROUP_BASE_DN])
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
|
|
|
|
'search_s', 'search_s', 'search_s', 'modify_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_not_in_group(self):
|
|
|
|
create_ldap_group('test', 5000, 'test group')
|
|
|
|
res = remove_ldap_user_from_group('existing', 'test')
|
|
|
|
self.assertFalse(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'add_s', 'search_s',
|
|
|
|
'search_s', 'search_s', 'search_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_no_group(self):
|
|
|
|
res = remove_ldap_user_from_group('existing', 'test')
|
|
|
|
self.assertFalse(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s'
|
|
|
|
])
|
|
|
|
|
|
|
|
def test_remove_ldap_user_from_group_no_user(self):
|
|
|
|
res = remove_ldap_user_from_group('test', 'existing')
|
|
|
|
self.assertFalse(res)
|
|
|
|
self.assertEqual(self.ldapobj.methods_called(), [
|
|
|
|
'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s'
|
|
|
|
])
|