canaille-globuzma/tests/ldap/test_utils.py

import datetime

import ldap.dn
from canaille.ldap_backend.ldapobject import LDAPObject
from canaille.ldap_backend.ldapobject import python_attrs_to_ldap
from canaille.ldap_backend.utils import ldap_to_python
from canaille.ldap_backend.utils import python_to_ldap
from canaille.ldap_backend.utils import Syntax
from canaille.models import Group
from canaille.models import User


def test_object_creation(slapd_connection):
    User.initialize(slapd_connection)
    user = User(
        cn="Doe",  # leading space
        sn="Doe",
        uid="user",
        mail="john@doe.com",
    )
    assert not user.exists
    user.save()
    assert user.exists

    user = User.get(dn=user.dn)
    assert user.exists

    user.delete()


def test_repr(slapd_connection, foo_group, user):
    assert repr(foo_group) == "<Group cn=foo>"
    assert repr(user) == "<User cn=John (johnny) Doe>"


def test_equality(slapd_connection, foo_group, bar_group):
    Group.ldap_object_attributes()
    assert foo_group != bar_group
    foo_group2 = Group.get(dn=foo_group.dn)
    assert foo_group == foo_group2


def test_dn_when_leading_space_in_id_attribute(slapd_connection):
    User.initialize(slapd_connection)
    user = User(
        cn=" Doe",  # leading space
        sn="Doe",
        uid="user",
        mail="john@doe.com",
    )
    user.save()

    assert ldap.dn.is_dn(user.dn)
    assert ldap.dn.dn2str(ldap.dn.str2dn(user.dn)) == user.dn
    assert user.dn == "cn=Doe,ou=users,dc=mydomain,dc=tld"

    user.delete()


def test_dn_when_ldap_special_char_in_id_attribute(slapd_connection):
    User.initialize(slapd_connection)
    user = User(
        cn="#Doe",  # special char
        sn="Doe",
        uid="user",
        mail="john@doe.com",
    )
    user.save()

    assert ldap.dn.is_dn(user.dn)
    assert ldap.dn.dn2str(ldap.dn.str2dn(user.dn)) == user.dn
    assert user.dn == "cn=\\#Doe,ou=users,dc=mydomain,dc=tld"

    user.delete()


def test_filter(slapd_connection, foo_group, bar_group):
    assert Group.query(cn="foo") == [foo_group]
    assert Group.query(cn="bar") == [bar_group]

    assert Group.query(cn="foo") != 3

    assert Group.query(cn=["foo"]) == [foo_group]
    assert Group.query(cn=["bar"]) == [bar_group]

    assert set(Group.query(cn=["foo", "bar"])) == {foo_group, bar_group}


def test_fuzzy(slapd_connection, user, moderator, admin):
    assert set(User.query()) == {user, moderator, admin}
    assert set(User.fuzzy("Jack")) == {moderator}
    assert set(User.fuzzy("moderator")) == {moderator}
    assert set(User.fuzzy("oderat")) == {moderator}
    assert set(User.fuzzy("oDeRat")) == {moderator}
    assert set(User.fuzzy("ack")) == {moderator}


def test_ldap_to_python():
    assert (
        python_to_ldap(datetime.datetime.min, Syntax.GENERALIZED_TIME)
        == b"000001010000Z"
    )
    assert (
        python_to_ldap(datetime.datetime(2000, 1, 2, 3, 4, 5), Syntax.GENERALIZED_TIME)
        == b"20000102030405Z"
    )

    assert python_to_ldap(1337, Syntax.INTEGER) == b"1337"

    assert python_to_ldap(True, Syntax.BOOLEAN) == b"TRUE"
    assert python_to_ldap(False, Syntax.BOOLEAN) == b"FALSE"

    assert python_to_ldap("foobar", Syntax.DIRECTORY_STRING) == b"foobar"

    assert python_to_ldap(b"foobar", Syntax.JPEG) == b"foobar"


def test_python_to_ldap():
    assert ldap_to_python(
        b"20000102030405Z", Syntax.GENERALIZED_TIME
    ) == datetime.datetime(2000, 1, 2, 3, 4, 5)
    assert (
        ldap_to_python(b"000001010000Z", Syntax.GENERALIZED_TIME)
        == datetime.datetime.min
    )

    assert ldap_to_python(b"1337", Syntax.INTEGER) == 1337

    assert ldap_to_python(b"TRUE", Syntax.BOOLEAN) is True
    assert ldap_to_python(b"FALSE", Syntax.BOOLEAN) is False

    assert ldap_to_python(b"foobar", Syntax.DIRECTORY_STRING) == "foobar"

    assert ldap_to_python(b"foobar", Syntax.JPEG) == b"foobar"


def test_operational_attribute_conversion(slapd_connection):
    assert "oauthClientName" in LDAPObject.ldap_object_attributes(slapd_connection)
    assert "invalidAttribute" not in LDAPObject.ldap_object_attributes(slapd_connection)

    assert python_attrs_to_ldap(
        {
            "oauthClientName": ["foobar_name"],
            "invalidAttribute": ["foobar"],
        }
    ) == {
        "oauthClientName": [b"foobar_name"],
        "invalidAttribute": [b"foobar"],
    }


def test_guess_object_from_dn(slapd_connection, testclient, foo_group):
    foo_group.member = [foo_group]
    foo_group.save()
    g = LDAPObject.get(dn=foo_group.dn)
    assert isinstance(g, Group)
    assert g == foo_group
    assert g.cn == foo_group.cn

    ou = LDAPObject.get(dn=f"{Group.base},{Group.root_dn}")
    assert isinstance(g, LDAPObject)
unit tests: ldap utils 2022-12-14 23:03:01 +00:00			`import datetime`

fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00			`import ldap.dn`
Fixed LDAP operational attributes handling 2022-12-15 11:41:31 +00:00			`from canaille.ldap_backend.ldapobject import LDAPObject`
LDAPObject refactoring 2023-03-09 00:14:07 +00:00			`from canaille.ldap_backend.ldapobject import python_attrs_to_ldap`
unit tests: ldap utils 2022-12-14 23:03:01 +00:00			`from canaille.ldap_backend.utils import ldap_to_python`
			`from canaille.ldap_backend.utils import python_to_ldap`
			`from canaille.ldap_backend.utils import Syntax`
Issue 12 groups 2021-06-03 13:00:11 +00:00			`from canaille.models import Group`
fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00			`from canaille.models import User`
Issue 12 groups 2021-06-03 13:00:11 +00:00

Save one LDAP connection when calling save() 2023-03-09 12:00:17 +00:00			`def test_object_creation(slapd_connection):`
			`User.initialize(slapd_connection)`
			`user = User(`
			`cn="Doe", # leading space`
			`sn="Doe",`
			`uid="user",`
			`mail="john@doe.com",`
			`)`
			`assert not user.exists`
			`user.save()`
			`assert user.exists`

			`user = User.get(dn=user.dn)`
			`assert user.exists`

			`user.delete()`


unit tests: ldap objects repr 2022-12-14 20:06:59 +00:00			`def test_repr(slapd_connection, foo_group, user):`
Renamed LDAPObject.rdn in LDAPObject.rdn_attribute 2023-03-08 15:25:50 +00:00			`assert repr(foo_group) == "<Group cn=foo>"`
			`assert repr(user) == "<User cn=John (johnny) Doe>"`
unit tests: ldap objects repr 2022-12-14 20:06:59 +00:00

Issue 12 groups 2021-06-03 13:00:11 +00:00			`def test_equality(slapd_connection, foo_group, bar_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`Group.ldap_object_attributes()`
Issue 12 groups 2021-06-03 13:00:11 +00:00			`assert foo_group != bar_group`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`foo_group2 = Group.get(dn=foo_group.dn)`
Issue 12 groups 2021-06-03 13:00:11 +00:00			`assert foo_group == foo_group2`
fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00

			`def test_dn_when_leading_space_in_id_attribute(slapd_connection):`
			`User.initialize(slapd_connection)`
			`user = User(`
			`cn=" Doe", # leading space`
			`sn="Doe",`
			`uid="user",`
			`mail="john@doe.com",`
			`)`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user.save()`
fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00
			`assert ldap.dn.is_dn(user.dn)`
			`assert ldap.dn.dn2str(ldap.dn.str2dn(user.dn)) == user.dn`
unit tests: ldap domain is dc=mydomain,dc=tld 2022-11-05 18:52:57 +00:00			`assert user.dn == "cn=Doe,ou=users,dc=mydomain,dc=tld"`
fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user.delete()`
Test refactoring 2022-05-18 09:31:26 +00:00
fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00
			`def test_dn_when_ldap_special_char_in_id_attribute(slapd_connection):`
			`User.initialize(slapd_connection)`
			`user = User(`
			`cn="#Doe", # special char`
			`sn="Doe",`
			`uid="user",`
			`mail="john@doe.com",`
			`)`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user.save()`
fix dn in case of leading space or special char in id attribute according to openldap doc, the default is to silently eliminate spaces around AVA separators, RDN component separators and RDN separators https://www.openldap.org/software/man.cgi?query=ldap_str2dn 2022-03-02 17:31:48 +00:00
			`assert ldap.dn.is_dn(user.dn)`
			`assert ldap.dn.dn2str(ldap.dn.str2dn(user.dn)) == user.dn`
unit tests: ldap domain is dc=mydomain,dc=tld 2022-11-05 18:52:57 +00:00			`assert user.dn == "cn=\\#Doe,ou=users,dc=mydomain,dc=tld"`
Test refactoring 2022-05-18 09:31:26 +00:00
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user.delete()`
unit tests: ldap utils 2022-12-14 23:03:01 +00:00

unit tests: ldap filter tests 2022-12-14 23:15:10 +00:00			`def test_filter(slapd_connection, foo_group, bar_group):`
Merge LDAPObject.all and LDAPObject.filter in LDAPObject.query 2023-03-07 13:49:44 +00:00			`assert Group.query(cn="foo") == [foo_group]`
			`assert Group.query(cn="bar") == [bar_group]`
unit tests: ldap filter tests 2022-12-14 23:15:10 +00:00
LDAPObject pagination performance improvements Creates a LDAPObjectQuery class that is returned by LDAPObject.filter This avoids to create objects for each ldap result, but only for the asked slice. It also store the whole results length so `len` calls are a bit faster. 2023-03-02 17:35:26 +00:00			`assert Group.query(cn="foo") != 3`

Merge LDAPObject.all and LDAPObject.filter in LDAPObject.query 2023-03-07 13:49:44 +00:00			`assert Group.query(cn=["foo"]) == [foo_group]`
			`assert Group.query(cn=["bar"]) == [bar_group]`
unit tests: ldap filter tests 2022-12-14 23:15:10 +00:00
Merge LDAPObject.all and LDAPObject.filter in LDAPObject.query 2023-03-07 13:49:44 +00:00			`assert set(Group.query(cn=["foo", "bar"])) == {foo_group, bar_group}`
unit tests: ldap filter tests 2022-12-14 23:15:10 +00:00

LDAPObject fuzzy search 2023-03-07 16:46:34 +00:00			`def test_fuzzy(slapd_connection, user, moderator, admin):`
			`assert set(User.query()) == {user, moderator, admin}`
			`assert set(User.fuzzy("Jack")) == {moderator}`
			`assert set(User.fuzzy("moderator")) == {moderator}`
			`assert set(User.fuzzy("oderat")) == {moderator}`
			`assert set(User.fuzzy("oDeRat")) == {moderator}`
			`assert set(User.fuzzy("ack")) == {moderator}`


unit tests: ldap utils 2022-12-14 23:03:01 +00:00			`def test_ldap_to_python():`
			`assert (`
			`python_to_ldap(datetime.datetime.min, Syntax.GENERALIZED_TIME)`
			`== b"000001010000Z"`
			`)`
			`assert (`
			`python_to_ldap(datetime.datetime(2000, 1, 2, 3, 4, 5), Syntax.GENERALIZED_TIME)`
			`== b"20000102030405Z"`
			`)`

			`assert python_to_ldap(1337, Syntax.INTEGER) == b"1337"`

			`assert python_to_ldap(True, Syntax.BOOLEAN) == b"TRUE"`
			`assert python_to_ldap(False, Syntax.BOOLEAN) == b"FALSE"`

			`assert python_to_ldap("foobar", Syntax.DIRECTORY_STRING) == b"foobar"`

			`assert python_to_ldap(b"foobar", Syntax.JPEG) == b"foobar"`


			`def test_python_to_ldap():`
			`assert ldap_to_python(`
			`b"20000102030405Z", Syntax.GENERALIZED_TIME`
			`) == datetime.datetime(2000, 1, 2, 3, 4, 5)`
			`assert (`
			`ldap_to_python(b"000001010000Z", Syntax.GENERALIZED_TIME)`
			`== datetime.datetime.min`
			`)`

			`assert ldap_to_python(b"1337", Syntax.INTEGER) == 1337`

			`assert ldap_to_python(b"TRUE", Syntax.BOOLEAN) is True`
			`assert ldap_to_python(b"FALSE", Syntax.BOOLEAN) is False`

			`assert ldap_to_python(b"foobar", Syntax.DIRECTORY_STRING) == "foobar"`

			`assert ldap_to_python(b"foobar", Syntax.JPEG) == b"foobar"`
Fixed LDAP operational attributes handling 2022-12-15 11:41:31 +00:00

			`def test_operational_attribute_conversion(slapd_connection):`
			`assert "oauthClientName" in LDAPObject.ldap_object_attributes(slapd_connection)`
			`assert "invalidAttribute" not in LDAPObject.ldap_object_attributes(slapd_connection)`

LDAPObject refactoring 2023-03-09 00:14:07 +00:00			`assert python_attrs_to_ldap(`
Fixed LDAP operational attributes handling 2022-12-15 11:41:31 +00:00			`{`
			`"oauthClientName": ["foobar_name"],`
			`"invalidAttribute": ["foobar"],`
			`}`
			`) == {`
			`"oauthClientName": [b"foobar_name"],`
			`"invalidAttribute": [b"foobar"],`
			`}`
LDAPObject dn attributes are automatically initialized 2023-03-08 22:53:53 +00:00

			`def test_guess_object_from_dn(slapd_connection, testclient, foo_group):`
			`foo_group.member = [foo_group]`
			`foo_group.save()`
			`g = LDAPObject.get(dn=foo_group.dn)`
			`assert isinstance(g, Group)`
			`assert g == foo_group`
			`assert g.cn == foo_group.cn`

			`ou = LDAPObject.get(dn=f"{Group.base},{Group.root_dn}")`
			`assert isinstance(g, LDAPObject)`