janik/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

LDAP add test for roles and multiple users

Browse source
This commit is contained in:
Andreas Rammhold 2020-09-09 22:47:36 +02:00
parent cfc01e2518
commit f229da352e
No known key found for this signature in database
GPG key ID: E432E410B5E48C86
1 changed files with 44 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
flake.nix
View file

@ -381,6 +381,18 @@
objectClass: top objectClass: top
objectClass: organizationalUnit objectClass: organizationalUnit
dn: ou=groups,dc=example
ou: groups
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: cn=hydra_admin,ou=groups,dc=example
cn: hydra_admin
description: Hydra Admin user group
objectClass: groupOfNames
member: cn=admin,ou=users,dc=example
dn: cn=user,ou=users,dc=example dn: cn=user,ou=users,dc=example
objectClass: organizationalPerson objectClass: organizationalPerson
objectClass: inetOrgPerson objectClass: inetOrgPerson
@ -388,6 +400,14 @@
cn: user cn: user
mail: user@example mail: user@example
userPassword: foobar userPassword: foobar
dn: cn=admin,ou=users,dc=example
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: admin
cn: admin
mail: admin@example
userPassword: password
''; '';
}; };
systemd.services.hdyra-server.environment.CATALYST_DEBUG = "1"; systemd.services.hdyra-server.environment.CATALYST_DEBUG = "1";
@ -413,11 +433,11 @@
user_field: cn user_field: cn
user_search_options: user_search_options:
deref: always deref: always
use_roles: 0 use_roles: 1
role_basedn: "ou=groups,ou=OxObjects,dc=yourcompany,dc=com" role_basedn: "ou=groups,dc=example"
role_filter: "(&(objectClass=posixGroup)(memberUid=%s))" role_filter: "(&(objectClass=groupOfNames)(member=%s))"
role_scope: one role_scope: one
role_field: uid role_field: cn
role_value: dn role_value: dn
role_search_options: role_search_options:
deref: always deref: always
@ -425,15 +445,34 @@
networking.firewall.enable = false; networking.firewall.enable = false;
}; };
testScript = '' testScript = ''
import json
machine.wait_for_unit("openldap.service") machine.wait_for_unit("openldap.service")
machine.wait_for_job("hydra-init") machine.wait_for_job("hydra-init")
machine.wait_for_open_port("3000") machine.wait_for_open_port("3000")
machine.succeed( response = machine.succeed(
"curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=user&password=foobar'" "curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=user&password=foobar'"
) )
response_json = json.loads(response)
assert "user" == response_json["username"]
assert "user@example" == response_json["emailaddress"]
assert len(response_json["userroles"]) == 0
# logging on with wrong credentials shouldn't work
machine.fail( machine.fail(
"curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=user&password=wrongpassword'" "curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=user&password=wrongpassword'"
) )
# the admin user should get the admin role from his group membership in `hydra_admin`
response = machine.succeed(
"curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=admin&password=password'"
)
response_json = json.loads(response)
assert "admin" == response_json["username"]
assert "admin@example" == response_json["emailaddress"]
assert "admin" in response_json["userroles"]
''; '';
}; };