first commit
This commit is contained in:
root
227
modules/ldap_authentication/tests/test_module.py
Normal file
227
modules/ldap_authentication/tests/test_module.py
Normal file
@@ -0,0 +1,227 @@
|
||||
# This file is part of Tryton. The COPYRIGHT file at the top level of
|
||||
# this repository contains the full copyright notices and license terms.
|
||||
|
||||
import sys
|
||||
import unittest
|
||||
from unittest.mock import ANY, MagicMock, Mock, patch
|
||||
|
||||
import ldap3
|
||||
|
||||
import trytond.config as config
|
||||
from trytond.modules.ldap_authentication.res import ldap_server, parse_ldap_url
|
||||
from trytond.pool import Pool
|
||||
from trytond.tests.test_tryton import ModuleTestCase, with_transaction
|
||||
|
||||
section = 'ldap_authentication'
|
||||
|
||||
|
||||
class LDAPAuthenticationTestCase(ModuleTestCase):
|
||||
'Test LDAPAuthentication module'
|
||||
module = 'ldap_authentication'
|
||||
|
||||
def setUp(self):
|
||||
super().setUp()
|
||||
methods = config.get('session', 'authentications', default='')
|
||||
config.set('session', 'authentications', 'ldap')
|
||||
self.addCleanup(config.set, 'session', 'authentications', methods)
|
||||
config.add_section(section)
|
||||
self.addCleanup(config.remove_section, section)
|
||||
|
||||
def _get_login(
|
||||
self, uri='ldap://localhost/dc=tryton,dc=org', start_tls=False):
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
config.set(section, 'uri', uri)
|
||||
|
||||
@patch.object(ldap3, 'Connection')
|
||||
@patch.object(User, 'ldap_search_user')
|
||||
def get_login(login, password, find, ldap_search_user, Connection):
|
||||
con = Connection.return_value = MagicMock()
|
||||
con.__enter__.return_value = con
|
||||
con.bind.return_value = bool(find)
|
||||
if find:
|
||||
ldap_search_user.return_value = [('dn', {'uid': [find]})]
|
||||
else:
|
||||
ldap_search_user.return_value = None
|
||||
user_id = User.get_login(login, {
|
||||
'password': password,
|
||||
})
|
||||
if find:
|
||||
Connection.assert_called_with(
|
||||
ANY, ANY, password, auto_bind=ldap3.AUTO_BIND_NONE)
|
||||
if start_tls:
|
||||
con.start_tls.assert_called()
|
||||
else:
|
||||
con.start_tls.assert_not_called()
|
||||
con.bind.assert_called()
|
||||
return user_id
|
||||
return get_login
|
||||
|
||||
@with_transaction()
|
||||
def test_user_get_login_existing_user(self):
|
||||
"Test User.get_login with existing user"
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
user, = User.search([('login', '=', 'admin')])
|
||||
|
||||
get_login = self._get_login()
|
||||
|
||||
self.assertEqual(get_login('admin', 'admin', 'admin'), user.id)
|
||||
self.assertEqual(get_login('AdMiN', 'admin', 'admin'), user.id)
|
||||
|
||||
@with_transaction()
|
||||
def test_user_get_login_unknown_user(self):
|
||||
"test User.get_login with unknown user"
|
||||
get_login = self._get_login()
|
||||
|
||||
self.assertFalse(get_login('foo', 'bar', None))
|
||||
self.assertFalse(get_login('foo', 'bar', 'foo'))
|
||||
|
||||
@with_transaction()
|
||||
def test_user_get_login_create_user(self):
|
||||
"Test User.get_login with user to create"
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
config.set(section, 'create_user', 'True')
|
||||
get_login = self._get_login()
|
||||
|
||||
user_id = get_login('foo', 'bar', 'foo')
|
||||
foo, = User.search([('login', '=', 'foo')])
|
||||
|
||||
self.assertEqual(user_id, foo.id)
|
||||
self.assertEqual(foo.name, 'foo')
|
||||
|
||||
@with_transaction()
|
||||
def test_user_get_login_create_user_case(self):
|
||||
"Test User.get_login with user to create with different case"
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
config.set(section, 'create_user', 'True')
|
||||
get_login = self._get_login()
|
||||
|
||||
user_id = get_login('BaR', 'foo', 'bar')
|
||||
bar, = User.search([('login', '=', 'bar')])
|
||||
|
||||
self.assertEqual(user_id, bar.id)
|
||||
self.assertEqual(bar.name, 'bar')
|
||||
|
||||
@with_transaction()
|
||||
def test_user_get_login_with_tls(self):
|
||||
"Test User.get_login with TLS"
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
user, = User.search([('login', '=', 'admin')])
|
||||
|
||||
get_login = self._get_login(
|
||||
'ldap+tls://localhost/dc=tryton,dc=org', start_tls=True)
|
||||
|
||||
self.assertEqual(get_login('admin', 'admin', 'admin'), user.id)
|
||||
|
||||
@with_transaction()
|
||||
def test_user_get_login_with_ssl(self):
|
||||
"Test User.get_login with SSL"
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
user, = User.search([('login', '=', 'admin')])
|
||||
|
||||
get_login = self._get_login('ldaps://localhost/dc=tryton,dc=org')
|
||||
|
||||
self.assertEqual(get_login('admin', 'admin', 'admin'), user.id)
|
||||
|
||||
def test_parse_ldap_url(self):
|
||||
'Test parse_ldap_url'
|
||||
self.assertEqual(
|
||||
parse_ldap_url('ldap:///o=University%20of%20Michigan,c=US')[1],
|
||||
'o=University of Michigan,c=US')
|
||||
self.assertEqual(
|
||||
parse_ldap_url(
|
||||
'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US'
|
||||
)[1],
|
||||
'o=University of Michigan,c=US')
|
||||
self.assertEqual(
|
||||
parse_ldap_url(
|
||||
'ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,'
|
||||
'c=US?postalAddress')[2],
|
||||
'postalAddress')
|
||||
self.assertEqual(
|
||||
parse_ldap_url(
|
||||
'ldap://host.com:6666/o=University%20of%20Michigan,'
|
||||
'c=US??sub?(cn=Babs%20Jensen)')[3:5],
|
||||
('sub', '(cn=Babs Jensen)'))
|
||||
self.assertEqual(
|
||||
parse_ldap_url(
|
||||
'ldap:///??sub??bindname=cn=Manager%2co=Foo')[5],
|
||||
{'bindname': ['cn=Manager,o=Foo']})
|
||||
self.assertEqual(
|
||||
parse_ldap_url(
|
||||
'ldap:///??sub??!bindname=cn=Manager%2co=Foo')[5],
|
||||
{'!bindname': ['cn=Manager,o=Foo']})
|
||||
|
||||
@unittest.skipIf(
|
||||
sys.version_info < (3, 8), "call_args does not have args nor kwargs")
|
||||
def test_ldap_server(self):
|
||||
"Test ldap_server"
|
||||
for uri, (host, tls) in [
|
||||
('ldap://localhost/dc=tryton,dc=org',
|
||||
('ldap://localhost:389', None)),
|
||||
('ldaps://localhost/dc=tryton,dc=org',
|
||||
('ldaps://localhost:636', True)),
|
||||
('ldap+tls://localhost/dc=tryton,dc=org',
|
||||
('ldap://localhost:389', True)),
|
||||
]:
|
||||
config.set(section, 'uri', uri)
|
||||
|
||||
with patch('ldap3.Server') as Server:
|
||||
ldap_server()
|
||||
|
||||
self.assertEqual(Server.call_args.args, (host,))
|
||||
if tls:
|
||||
self.assertTrue(Server.call_args.kwargs.get('tls'))
|
||||
else:
|
||||
self.assertFalse(Server.call_args.kwargs.get('tls'))
|
||||
|
||||
def _ldap_search_user(
|
||||
self, uri='ldap://localhost/dc=tryton,dc=org',
|
||||
auto_bind=ldap3.AUTO_BIND_DEFAULT):
|
||||
pool = Pool()
|
||||
User = pool.get('res.user')
|
||||
config.set(section, 'uri', uri)
|
||||
|
||||
@patch.object(ldap3, 'Connection')
|
||||
def ldap_search_user(login, attrs, Connection):
|
||||
con = Connection.return_value = MagicMock()
|
||||
con.__enter__.return_value = con
|
||||
con.entries = [Mock()]
|
||||
server = ldap_server()
|
||||
User.ldap_search_user(login, server, attrs=attrs)
|
||||
Connection.assert_called_with(
|
||||
ANY, ANY, ANY, auto_bind=auto_bind)
|
||||
con.search.assert_called()
|
||||
return ldap_search_user
|
||||
|
||||
@with_transaction()
|
||||
def test_ldap_search_user(self):
|
||||
"Test User.ldap_search_user"
|
||||
ldap_search_user = self._ldap_search_user()
|
||||
|
||||
ldap_search_user('admin', None)
|
||||
|
||||
@with_transaction()
|
||||
def test_ldap_search_user_with_tls(self):
|
||||
"Test User.ldap_search_user with TSL"
|
||||
ldap_search_user = self._ldap_search_user(
|
||||
'ldap+tls://localhost/dc=tryton,dc=org',
|
||||
ldap3.AUTO_BIND_TLS_BEFORE_BIND)
|
||||
|
||||
ldap_search_user('admin', None)
|
||||
|
||||
@with_transaction()
|
||||
def test_ldap_search_user_with_ssl(self):
|
||||
"Test User.ldap_search_user with SSL"
|
||||
ldap_search_user = self._ldap_search_user(
|
||||
'ldaps://localhost/dc=tryton,dc=org')
|
||||
|
||||
ldap_search_user('admin', None)
|
||||
|
||||
|
||||
del ModuleTestCase
|
||||
Reference in New Issue
Block a user