Skip to content

Commit

Permalink
Collect auth.ldap tests in the same file
Browse files Browse the repository at this point in the history
  • Loading branch information
hmpf committed Mar 1, 2024
1 parent 24c517f commit 34e15ee
Show file tree
Hide file tree
Showing 4 changed files with 248 additions and 244 deletions.
173 changes: 0 additions & 173 deletions tests/unittests/general/webfront_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@
from mock import patch, MagicMock, Mock
from django.test import RequestFactory

import pytest

import nav.web.auth.ldap
from nav.web import auth
from nav.web.auth import remote_user
from nav.web.auth.utils import ACCOUNT_ID_VAR
Expand Down Expand Up @@ -168,173 +165,3 @@ def test_remote_user_set(self, fake_session):
assert (
request.session.get(ACCOUNT_ID_VAR, None) == REMOTE_USER_ACCOUNT.id
)


class TestLdapUser(object):
@patch.dict(
"nav.web.auth.ldap._config._sections",
{
'ldap': {
'__name__': 'ldap',
'basedn': 'empty',
'manager': 'empty',
'manager_password': 'empty',
'uid_attr': 'sAMAccountName',
'encoding': 'utf-8',
},
},
)
def test_search_result_with_referrals_should_be_considered_empty(self):
"""LP#1207737"""
conn = Mock(
**{
'search_s.return_value': [
(None, "restaurant"),
(None, "at the end of the universe"),
]
}
)
u = nav.web.auth.ldap.LDAPUser("zaphod", conn)
with pytest.raises(nav.web.auth.ldap.UserNotFound):
u.search_dn()

@patch.dict(
"nav.web.auth.ldap._config._sections",
{
'ldap': {
'__name__': 'ldap',
'basedn': 'empty',
'lookupmethod': 'direct',
'uid_attr': 'uid',
'encoding': 'utf-8',
'suffix': '',
}
},
)
def test_non_ascii_password_should_work(self):
"""LP#1213818"""
conn = Mock(
**{
'simple_bind_s.side_effect': lambda x, y: (
str(x),
str(y),
),
}
)
u = nav.web.auth.ldap.LDAPUser(u"zaphod", conn)
u.bind(u"æøå")

@patch.dict(
"nav.web.auth.ldap._config._sections",
{
'ldap': {
'__name__': 'ldap',
'basedn': 'cn=users,dc=example,dc=org',
'lookupmethod': 'direct',
'uid_attr': 'uid',
'encoding': 'utf-8',
'group_search': '(member=%%s)',
},
},
)
def test_is_group_member_for_non_ascii_user_should_not_raise(self):
"""LP#1301794"""

def fake_search(base, scope, filtr):
str(base)
str(filtr)
return []

conn = Mock(
**{
'search_s.side_effect': fake_search,
}
)
u = nav.web.auth.ldap.LDAPUser(u"Ægir", conn)
u.is_group_member('cn=noc-operators,cn=groups,dc=example,dc=com')


@patch.dict(
"nav.web.auth.ldap._config._sections",
{
'ldap': {
'__name__': 'ldap',
'basedn': 'cn=users,dc=example,dc=org',
'lookupmethod': 'direct',
'uid_attr': 'uid',
'encoding': 'utf-8',
'require_entitlement': 'president',
'admin_entitlement': 'boss',
'entitlement_attribute': 'eduPersonEntitlement',
},
},
)
class TestLdapEntitlements(object):
def test_required_entitlement_should_be_verified(self, user_zaphod):
u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod)
assert u.has_entitlement('president')

def test_missing_entitlement_should_not_be_verified(self, user_marvin):
u = nav.web.auth.ldap.LDAPUser("marvin", user_marvin)
assert not u.has_entitlement('president')

def test_admin_entitlement_should_be_verified(self, user_zaphod):
u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod)
assert u.is_admin()

def test_missing_admin_entitlement_should_be_verified(self, user_marvin):
u = nav.web.auth.ldap.LDAPUser("marvin", user_marvin)
assert not u.is_admin()


@patch.dict(
"nav.web.auth.ldap._config._sections",
{
'ldap': {
'__name__': 'ldap',
'basedn': 'cn=users,dc=example,dc=org',
'lookupmethod': 'direct',
'uid_attr': 'uid',
'encoding': 'utf-8',
'require_entitlement': 'president',
'admin_entitlement': '',
'entitlement_attribute': 'eduPersonEntitlement',
},
},
)
def test_no_admin_entitlement_option_should_make_no_admin_decision(user_zaphod):
u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod)
assert u.is_admin() is None


#
# Pytest fixtures
#


@pytest.fixture
def user_zaphod():
return Mock(
**{
'search_s.return_value': [
(
u'uid=zaphod,cn=users,dc=example,dc=org',
{u'eduPersonEntitlement': [b'president', b'boss']},
)
]
}
)


@pytest.fixture
def user_marvin():
return Mock(
**{
'search_s.return_value': [
(
u'uid=marvin,cn=users,dc=example,dc=org',
{u'eduPersonEntitlement': [b'paranoid']},
)
]
}
)
Empty file.
Loading

0 comments on commit 34e15ee

Please sign in to comment.