forked from Github-Mirrors/canaille
123 lines
4.2 KiB
Python
123 lines
4.2 KiB
Python
import os
|
|
|
|
import ldap
|
|
import pytest
|
|
from canaille import create_app
|
|
from canaille.commands import cli
|
|
from canaille.installation import InstallationException
|
|
from canaille.installation import setup_schemas
|
|
from canaille.ldap_backend.ldapobject import LDAPObject
|
|
from canaille.models import Group
|
|
from canaille.models import User
|
|
from flask_webtest import TestApp
|
|
from tests.conftest import CustomSlapdObject
|
|
|
|
|
|
@pytest.fixture
|
|
def slapd_server():
|
|
slapd = CustomSlapdObject()
|
|
try:
|
|
slapd.start()
|
|
slapd.init_tree()
|
|
for ldif in (
|
|
"demo/ldif/memberof-config.ldif",
|
|
"demo/ldif/bootstrap-users-tree.ldif",
|
|
"demo/ldif/bootstrap-users.ldif",
|
|
):
|
|
with open(ldif) as fd:
|
|
slapd.ldapadd(fd.read())
|
|
|
|
yield slapd
|
|
finally:
|
|
slapd.stop()
|
|
|
|
|
|
def test_setup_ldap_tree(slapd_server, configuration):
|
|
output = slapd_server.slapcat().stdout.decode("utf-8")
|
|
assert "dn: ou=tokens,ou=oauth,dc=mydomain,dc=tld" not in output
|
|
testclient = TestApp(create_app(configuration, validate=False))
|
|
runner = testclient.app.test_cli_runner()
|
|
runner.invoke(cli, ["install"])
|
|
|
|
output = slapd_server.slapcat().stdout.decode("utf-8")
|
|
assert "dn: ou=tokens,ou=oauth,dc=mydomain,dc=tld" in output
|
|
|
|
|
|
def test_install_keypair(configuration, tmpdir):
|
|
keys_dir = os.path.join(tmpdir, "keys")
|
|
os.makedirs(keys_dir)
|
|
configuration["JWT"]["PRIVATE_KEY"] = os.path.join(keys_dir, "private.pem")
|
|
configuration["JWT"]["PUBLIC_KEY"] = os.path.join(keys_dir, "public.pem")
|
|
|
|
assert not os.path.exists(configuration["JWT"]["PRIVATE_KEY"])
|
|
assert not os.path.exists(configuration["JWT"]["PUBLIC_KEY"])
|
|
|
|
testclient = TestApp(create_app(configuration, validate=False))
|
|
runner = testclient.app.test_cli_runner()
|
|
runner.invoke(cli, ["install"])
|
|
|
|
assert os.path.exists(configuration["JWT"]["PRIVATE_KEY"])
|
|
assert os.path.exists(configuration["JWT"]["PUBLIC_KEY"])
|
|
|
|
|
|
def test_install_schemas(configuration, slapd_server):
|
|
configuration["LDAP"]["ROOT_DN"] = slapd_server.suffix
|
|
configuration["LDAP"]["URI"] = slapd_server.ldap_uri
|
|
configuration["LDAP"]["BIND_DN"] = slapd_server.root_dn
|
|
configuration["LDAP"]["BIND_PW"] = slapd_server.root_pw
|
|
|
|
conn = ldap.ldapobject.SimpleLDAPObject(slapd_server.ldap_uri)
|
|
conn.protocol_version = 3
|
|
conn.simple_bind_s(slapd_server.root_dn, slapd_server.root_pw)
|
|
|
|
assert "oauthClient" not in LDAPObject.ldap_object_classes(conn=conn, force=True)
|
|
|
|
setup_schemas(configuration)
|
|
|
|
assert "oauthClient" in LDAPObject.ldap_object_classes(conn=conn, force=True)
|
|
|
|
conn.unbind_s()
|
|
slapd_server.stop()
|
|
|
|
|
|
def test_install_no_permissions_to_install_schemas(configuration, slapd_server):
|
|
configuration["LDAP"]["ROOT_DN"] = slapd_server.suffix
|
|
configuration["LDAP"]["URI"] = slapd_server.ldap_uri
|
|
configuration["LDAP"]["BIND_DN"] = "uid=admin,ou=users,dc=mydomain,dc=tld"
|
|
configuration["LDAP"]["BIND_PW"] = "admin"
|
|
|
|
conn = ldap.ldapobject.SimpleLDAPObject(slapd_server.ldap_uri)
|
|
conn.protocol_version = 3
|
|
conn.simple_bind_s(slapd_server.root_dn, slapd_server.root_pw)
|
|
|
|
assert "oauthClient" not in LDAPObject.ldap_object_classes(conn=conn, force=True)
|
|
|
|
with pytest.raises(InstallationException):
|
|
setup_schemas(configuration)
|
|
|
|
assert "oauthClient" not in LDAPObject.ldap_object_classes(conn=conn, force=True)
|
|
|
|
conn.unbind_s()
|
|
slapd_server.stop()
|
|
|
|
|
|
def test_install_schemas_command(configuration, slapd_server):
|
|
configuration["LDAP"]["ROOT_DN"] = slapd_server.suffix
|
|
configuration["LDAP"]["URI"] = slapd_server.ldap_uri
|
|
configuration["LDAP"]["BIND_DN"] = slapd_server.root_dn
|
|
configuration["LDAP"]["BIND_PW"] = slapd_server.root_pw
|
|
|
|
conn = ldap.ldapobject.SimpleLDAPObject(slapd_server.ldap_uri)
|
|
conn.protocol_version = 3
|
|
conn.simple_bind_s(slapd_server.root_dn, slapd_server.root_pw)
|
|
|
|
assert "oauthClient" not in LDAPObject.ldap_object_classes(conn=conn, force=True)
|
|
|
|
testclient = TestApp(create_app(configuration, validate=False))
|
|
runner = testclient.app.test_cli_runner()
|
|
runner.invoke(cli, ["install"])
|
|
|
|
assert "oauthClient" in LDAPObject.ldap_object_classes(conn=conn, force=True)
|
|
|
|
conn.unbind_s()
|
|
slapd_server.stop()
|