janik/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

Move ldap.t to a legacy-ldap.t, make ldap.t use the new format config.

Browse source
This commit is contained in:
Graham Christensen 2022-02-09 15:01:42 -05:00
parent d0bc0d0eda
commit 76b4b43ac5
2 changed files with 155 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
t/Hydra/Controller/User/ldap-legacy.t Normal file
View file

@ -0,0 +1,105 @@
use strict;
use warnings;
use Setup;
use LDAPContext;
use Test2::V0;
use Catalyst::Test ();
use HTTP::Request::Common;
use JSON::MaybeXS;
my $ldap = LDAPContext->new();
my $users = {
unrelated => $ldap->add_user("unrelated_user"),
admin => $ldap->add_user("admin_user"),
not_admin => $ldap->add_user("not_admin_user"),
many_roles => $ldap->add_user("many_roles"),
};
$ldap->add_group("hydra_admin", $users->{"admin"}->{"username"});
$ldap->add_group("hydra-admin", $users->{"not_admin"}->{"username"});
$ldap->add_group("hydra_create-projects", $users->{"many_roles"}->{"username"});
$ldap->add_group("hydra_restart-jobs", $users->{"many_roles"}->{"username"});
$ldap->add_group("hydra_bump-to-front", $users->{"many_roles"}->{"username"});
$ldap->add_group("hydra_cancel-build", $users->{"many_roles"}->{"username"});
my $hydra_ldap_config = "${\$ldap->tmpdir()}/hydra_ldap_config.yaml";
LDAPContext::write_file($hydra_ldap_config, <<YAML);
credential:
class: Password
password_field: password
password_type: self_check
store:
class: LDAP
ldap_server: "${\$ldap->server_url()}"
ldap_server_options:
timeout: 30
debug: 0
binddn: "cn=root,dc=example"
bindpw: notapassword
start_tls: 0
start_tls_options:
verify: none
user_basedn: "ou=users,dc=example"
user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))"
user_scope: one
user_field: cn
user_search_options:
deref: always
use_roles: 1
role_basedn: "ou=groups,dc=example"
role_filter: "(&(objectClass=groupOfNames)(member=%s))"
role_scope: one
role_field: cn
role_value: dn
role_search_options:
deref: always
YAML
$ENV{'HYDRA_LDAP_CONFIG'} = $hydra_ldap_config;
my $ctx = test_context();
Catalyst::Test->import('Hydra');
subtest "Valid login attempts" => sub {
my %users_to_roles = (
unrelated => [],
admin => ["admin"],
not_admin => [],
many_roles => [ "create-projects", "restart-jobs", "bump-to-front", "cancel-build" ],
);
for my $username (keys %users_to_roles) {
my $user = $users->{$username};
my $roles = $users_to_roles{$username};
subtest "Verifying $username" => sub {
my $req = request(POST '/login',
Referer => 'http://localhost/',
Accept => 'application/json',
Content => {
username => $user->{"username"},
password => $user->{"password"}
}
);
is($req->code, 302, "The login redirects");
my $data = decode_json($req->content());
is($data->{"username"}, $user->{"username"}, "Username matches");
is($data->{"emailaddress"}, $user->{"email"}, "Email matches");
is([sort @{$data->{"userroles"}}], [sort @$roles], "Roles match");
};
}
};
# Logging in with an invalid user is rejected
is(request(POST '/login',
Referer => 'http://localhost/',
Content => {
username => 'alice',
password => 'foobar'
}
)->code, 403, "Logging in with invalid credentials does not work");
done_testing;

85
t/Hydra/Controller/User/ldap.t
View file

@ -23,41 +23,56 @@ $ldap->add_group("hydra_restart-jobs", $users->{"many_roles"}->{"username"});
$ldap->add_group("hydra_bump-to-front", $users->{"many_roles"}->{"username"}); $ldap->add_group("hydra_bump-to-front", $users->{"many_roles"}->{"username"});
$ldap->add_group("hydra_cancel-build", $users->{"many_roles"}->{"username"}); $ldap->add_group("hydra_cancel-build", $users->{"many_roles"}->{"username"});
my $hydra_ldap_config = "${\$ldap->tmpdir()}/hydra_ldap_config.yaml"; my $ctx = test_context(
LDAPContext::write_file($hydra_ldap_config, <<YAML); hydra_config => <<CFG
credential: <ldap>
class: Password <config>
password_field: password <credential>
password_type: self_check class = Password
store: password_field = password
class: LDAP password_type = self_check
ldap_server: "${\$ldap->server_url()}" </credential>
ldap_server_options: <store>
timeout: 30 class = LDAP
debug: 0 ldap_server = ${\$ldap->server_url()}
binddn: "cn=root,dc=example" <ldap_server_options>
bindpw: notapassword timeout = 30
start_tls: 0 debug = 0
start_tls_options: </ldap_server_options>
verify: none binddn = "cn=root,dc=example"
user_basedn: "ou=users,dc=example" bindpw = notapassword
user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))" start_tls = 0
user_scope: one <start_tls_options>
user_field: cn verify = none
user_search_options: </start_tls_options>
deref: always user_basedn = "ou=users,dc=example"
use_roles: 1 user_filter = "(&(objectClass=inetOrgPerson)(cn=%s))"
role_basedn: "ou=groups,dc=example" user_scope = one
role_filter: "(&(objectClass=groupOfNames)(member=%s))" user_field = cn
role_scope: one <user_search_options>
role_field: cn deref = always
role_value: dn </user_search_options>
role_search_options: use_roles = 1
deref: always role_basedn = "ou=groups,dc=example"
YAML role_filter = "(&(objectClass=groupOfNames)(member=%s))"
role_scope = one
$ENV{'HYDRA_LDAP_CONFIG'} = $hydra_ldap_config; role_field = cn
my $ctx = test_context(); role_value = dn
<role_search_options>
deref = always
</role_search_options>
</store>
</config>
<role_mapping>
hydra_admin = admin
hydra_create-projects = create-projects
hydra_cancel-build = cancel-build
hydra_bump-to-front = bump-to-front
hydra_restart-jobs = restart-jobs
</role_mapping>
</ldap>
CFG
);
Catalyst::Test->import('Hydra'); Catalyst::Test->import('Hydra');