gvaldap/gvaldap/ldaptasks/tests/test_tasks.py

"""
This module provides tests for :py:mod:`ldaptasks.tasks`.

"""
from __future__ import absolute_import

from django.conf import settings
from django.test import TestCase
from celery.exceptions import Reject

from mockldap import MockLdap

from ldapentities.models import LdapUser
from ldaptasks.tasks import (
    add_ldap_user_to_group,
    create_ldap_group,
    create_ldap_user,
    remove_ldap_user_from_group,
    set_ldap_user_password,
)


class LdapTaskTestCase(TestCase):
    directory = {
        settings.DATABASES['ldap']['USER']: {
            'userPassword': [settings.DATABASES['ldap']['PASSWORD']]
        },
        settings.GROUP_BASE_DN: {
            'objectClass': ['top', 'organizationalUnit'],
            'ou': ['groups']
        },
        settings.USER_BASE_DN: {
            'objectClass': ['top', 'organizationalUnit'],
            'ou': ['users']
        },
        'cn=existing,' + settings.GROUP_BASE_DN: {
            'objectClass': ['posixGroup'],
            'gidNumber': ['4711'],
            'cn': ['existing'],
            'description': ['existing test group'],
            'memberUid': ['existing'],
        },
        'uid=existing,' + settings.USER_BASE_DN: {
            'objectClass': ['account', 'posixAccount'],
            'uidNumber': ['815'],
            'gidNumber': ['4711'],
            'gecos': ['existing test user'],
            'homeDirectory': ['/home/existing'],
            'loginShell': ['/bin/bash'],
            'uid': ['existing'],
            'userPassword': ['secret'],
            'cn': ['existing']
        }
    }

    @classmethod
    def setUpClass(cls):
        cls.mockldap = MockLdap(cls.directory)

    @classmethod
    def tearDownClass(cls):
        del cls.mockldap

    def setUp(self):
        self.mockldap.start()
        self.ldapobj = self.mockldap[settings.DATABASES['ldap']['NAME']]

    def tearDown(self):
        self.mockldap.stop()
        del self.ldapobj

    def test_create_ldap_group(self):
        dn = create_ldap_group('test', 5000, 'test group')
        self.assertEqual('cn=test,%s' % settings.GROUP_BASE_DN, dn)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'add_s'
        ])

    def test_create_ldap_group_existing(self):
        dn = create_ldap_group('existing', 4711, 'existing test group')
        self.assertEqual('cn=existing,%s' % settings.GROUP_BASE_DN, dn)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'search_s'
        ])

    def test_create_ldap_group_existing_modify(self):
        dn = create_ldap_group('existing', 4711, 'change existing test group')
        self.assertEqual('cn=existing,%s' % settings.GROUP_BASE_DN, dn)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s',
            'search_s', 'search_s', 'modify_s'
        ])

    def test_create_ldap_user(self):
        dn = create_ldap_user(
            'test', 5000, 4711, 'Test User', '/home/test', '/bin/bash',
            'secret')
        self.assertEqual('uid=test,%s' % settings.USER_BASE_DN, dn)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'add_s', 'search_s', 'search_s', 'modify_s'
        ])

    def test_create_ldap_user_invalid_group(self):
        with self.assertRaises(Reject):
            create_ldap_user(
                'test', 5000, 5000, 'Test User', '/home/test', '/bin/bash',
                'secret')
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s'
        ])

    def test_create_ldap_user_no_password(self):
        dn = create_ldap_user(
            'test', 5000, 4711, 'Test User', '/home/test', '/bin/bash',
            None)
        self.assertEqual('uid=test,%s' % settings.USER_BASE_DN, dn)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'add_s', 'search_s', 'search_s', 'modify_s'
        ])

    def test_create_ldap_user_existing(self):
        dn = create_ldap_user(
            'existing', 815, 4711, 'existing test user', '/home/existing',
            '/bin/bash', 'secret'
        )
        self.assertEqual('uid=existing,%s' % settings.USER_BASE_DN, dn)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'search_s', 'search_s', 'search_s', 'modify_s'
        ])

    def test_set_ldap_user_password_existing(self):
        res = set_ldap_user_password('existing', 'newpassword')
        self.assertTrue(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'search_s', 'modify_s'
        ])

    def test_set_ldap_user_password_missing(self):
        res = set_ldap_user_password('missing', 'newpassword')
        self.assertFalse(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s'
        ])

    def test_add_ldap_user_to_group_existing(self):
        res = add_ldap_user_to_group('existing', 'existing')
        self.assertTrue(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'search_s'
        ])

    def test_add_ldap_user_to_group_new_user(self):
        create_ldap_group('test', 5000, 'test group')
        res = add_ldap_user_to_group('existing', 'test')
        self.assertTrue(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'add_s', 'search_s',
            'search_s', 'search_s', 'search_s', 'search_s', 'search_s',
            'modify_s'
        ])

    def test_add_ldap_user_to_group_no_group(self):
        res = add_ldap_user_to_group('existing', 'test')
        self.assertFalse(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s'
        ])

    def test_add_ldap_user_to_group_no_user(self):
        with self.assertRaises(LdapUser.DoesNotExist):
            add_ldap_user_to_group('test', 'existing')
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s'
        ])

    def test_remove_ldap_user_from_group_existing(self):
        res = remove_ldap_user_from_group('existing', 'existing')
        self.assertTrue(res)
        self.assertNotIn('memberUid', self.ldapobj.directory[
            'cn=existing,' + settings.GROUP_BASE_DN])
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s',
            'search_s', 'search_s', 'search_s', 'modify_s'
        ])

    def test_remove_ldap_user_from_group_not_in_group(self):
        create_ldap_group('test', 5000, 'test group')
        res = remove_ldap_user_from_group('existing', 'test')
        self.assertFalse(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'add_s', 'search_s',
            'search_s', 'search_s', 'search_s'
        ])

    def test_remove_ldap_user_from_group_no_group(self):
        res = remove_ldap_user_from_group('existing', 'test')
        self.assertFalse(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s'
        ])

    def test_remove_ldap_user_from_group_no_user(self):
        res = remove_ldap_user_from_group('test', 'existing')
        self.assertFalse(res)
        self.assertEqual(self.ldapobj.methods_called(), [
            'initialize', 'simple_bind_s', 'search_s', 'search_s', 'search_s'
        ])