From 4c090263866713c7c719cb732adc50ed21020cea Mon Sep 17 00:00:00 2001
From: Hanne Moa <hanne.moa@sikt.no>
Date: Tue, 14 Nov 2023 11:02:36 +0100
Subject: [PATCH] increase test coverage, not done

---
 tests/unittests/web/auth/ldap_test.py | 52 +++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/tests/unittests/web/auth/ldap_test.py b/tests/unittests/web/auth/ldap_test.py
index df3b690305..2d6f14d240 100644
--- a/tests/unittests/web/auth/ldap_test.py
+++ b/tests/unittests/web/auth/ldap_test.py
@@ -1,4 +1,4 @@
-from mock import Mock, patch
+from mock import Mock, MagicMock, patch
 
 import pytest
 
@@ -7,7 +7,18 @@
 from nav.web.auth import ldap
 
 
-LDAP_ACCOUNT = auth.Account(login='knight', ext_sync='ldap', password='shrubbery')
+LOCKED_ACCOUNT = auth.Account(
+    login='galahad',
+    ext_sync='ldap',
+    password='shrubbery',
+    locked=True,
+)
+ACTIVE_ACCOUNT = auth.Account(
+    login='arthur',
+    ext_sync='ldap',
+    password='shrubbery',
+    locked=False,
+)
 
 
 class LdapTestConfig(NAVConfigParser):
@@ -215,6 +226,43 @@ def test_no_admin_entitlement_option_should_make_no_admin_decision(user_zaphod):
     assert u.is_admin() is None
 
 
+class TestLdapAuthenticate:
+    @patch("nav.web.auth.ldap.available", new=False)
+    def test_if_ldap_not_available_return_None(self, *_):
+        result = ldap.authenticate('foo', 'bar')
+        assert result is None
+
+    @patch("nav.web.auth.ldap.available", new=True)
+    @patch("nav.web.auth.ldap.get_ldap_user", return_value=False)
+    @patch(
+        "nav.web.auth.Account.objects.get", new=MagicMock(return_value=LOCKED_ACCOUNT)
+    )
+    def test_locked_accounts_return_None(self, *_):
+        result = ldap.authenticate('foo', 'bar')
+        assert result is None
+
+    @patch("nav.web.auth.ldap.available", new=True)
+    @patch("nav.web.auth.ldap.get_ldap_user", return_value=False)
+    @patch(
+        "nav.web.auth.Account.objects.get", new=MagicMock(return_value=ACTIVE_ACCOUNT)
+    )
+    @patch("nav.web.auth.Account.check_password", return_value=False)
+    def test_active_accounts_with_wrong_password_return_None(self, *_):
+        result = ldap.authenticate('foo', 'ni!')
+        assert result is None
+
+    @patch("nav.web.auth.ldap.available", new=True)
+    @patch("nav.web.auth.ldap.get_ldap_user", return_value=False)
+    @patch(
+        "nav.web.auth.Account.objects.get", new=MagicMock(return_value=ACTIVE_ACCOUNT)
+    )
+    @patch("nav.web.auth.Account.check_password", return_value=True)
+    @patch("nav.web.auth.ldap.update_ldap_user", return_value=ACTIVE_ACCOUNT)
+    def test_active_accounts_with_correct_password_return_account(self, *_):
+        result = ldap.authenticate('foo', 'ni!')
+        assert result == ACTIVE_ACCOUNT
+
+
 #
 # Pytest fixtures
 #