forked from lix-project/hydra
Move ldap.t to a legacy-ldap.t, make ldap.t use the new format config.
This commit is contained in:
parent
d0bc0d0eda
commit
76b4b43ac5
2 changed files with 155 additions and 35 deletions
105
t/Hydra/Controller/User/ldap-legacy.t
Normal file
105
t/Hydra/Controller/User/ldap-legacy.t
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
use Setup;
|
||||||
|
use LDAPContext;
|
||||||
|
use Test2::V0;
|
||||||
|
use Catalyst::Test ();
|
||||||
|
use HTTP::Request::Common;
|
||||||
|
use JSON::MaybeXS;
|
||||||
|
|
||||||
|
my $ldap = LDAPContext->new();
|
||||||
|
my $users = {
|
||||||
|
unrelated => $ldap->add_user("unrelated_user"),
|
||||||
|
admin => $ldap->add_user("admin_user"),
|
||||||
|
not_admin => $ldap->add_user("not_admin_user"),
|
||||||
|
many_roles => $ldap->add_user("many_roles"),
|
||||||
|
};
|
||||||
|
|
||||||
|
$ldap->add_group("hydra_admin", $users->{"admin"}->{"username"});
|
||||||
|
$ldap->add_group("hydra-admin", $users->{"not_admin"}->{"username"});
|
||||||
|
|
||||||
|
$ldap->add_group("hydra_create-projects", $users->{"many_roles"}->{"username"});
|
||||||
|
$ldap->add_group("hydra_restart-jobs", $users->{"many_roles"}->{"username"});
|
||||||
|
$ldap->add_group("hydra_bump-to-front", $users->{"many_roles"}->{"username"});
|
||||||
|
$ldap->add_group("hydra_cancel-build", $users->{"many_roles"}->{"username"});
|
||||||
|
|
||||||
|
my $hydra_ldap_config = "${\$ldap->tmpdir()}/hydra_ldap_config.yaml";
|
||||||
|
LDAPContext::write_file($hydra_ldap_config, <<YAML);
|
||||||
|
credential:
|
||||||
|
class: Password
|
||||||
|
password_field: password
|
||||||
|
password_type: self_check
|
||||||
|
store:
|
||||||
|
class: LDAP
|
||||||
|
ldap_server: "${\$ldap->server_url()}"
|
||||||
|
ldap_server_options:
|
||||||
|
timeout: 30
|
||||||
|
debug: 0
|
||||||
|
binddn: "cn=root,dc=example"
|
||||||
|
bindpw: notapassword
|
||||||
|
start_tls: 0
|
||||||
|
start_tls_options:
|
||||||
|
verify: none
|
||||||
|
user_basedn: "ou=users,dc=example"
|
||||||
|
user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))"
|
||||||
|
user_scope: one
|
||||||
|
user_field: cn
|
||||||
|
user_search_options:
|
||||||
|
deref: always
|
||||||
|
use_roles: 1
|
||||||
|
role_basedn: "ou=groups,dc=example"
|
||||||
|
role_filter: "(&(objectClass=groupOfNames)(member=%s))"
|
||||||
|
role_scope: one
|
||||||
|
role_field: cn
|
||||||
|
role_value: dn
|
||||||
|
role_search_options:
|
||||||
|
deref: always
|
||||||
|
YAML
|
||||||
|
|
||||||
|
$ENV{'HYDRA_LDAP_CONFIG'} = $hydra_ldap_config;
|
||||||
|
my $ctx = test_context();
|
||||||
|
|
||||||
|
Catalyst::Test->import('Hydra');
|
||||||
|
|
||||||
|
subtest "Valid login attempts" => sub {
|
||||||
|
my %users_to_roles = (
|
||||||
|
unrelated => [],
|
||||||
|
admin => ["admin"],
|
||||||
|
not_admin => [],
|
||||||
|
many_roles => [ "create-projects", "restart-jobs", "bump-to-front", "cancel-build" ],
|
||||||
|
);
|
||||||
|
for my $username (keys %users_to_roles) {
|
||||||
|
my $user = $users->{$username};
|
||||||
|
my $roles = $users_to_roles{$username};
|
||||||
|
|
||||||
|
subtest "Verifying $username" => sub {
|
||||||
|
my $req = request(POST '/login',
|
||||||
|
Referer => 'http://localhost/',
|
||||||
|
Accept => 'application/json',
|
||||||
|
Content => {
|
||||||
|
username => $user->{"username"},
|
||||||
|
password => $user->{"password"}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
is($req->code, 302, "The login redirects");
|
||||||
|
my $data = decode_json($req->content());
|
||||||
|
is($data->{"username"}, $user->{"username"}, "Username matches");
|
||||||
|
is($data->{"emailaddress"}, $user->{"email"}, "Email matches");
|
||||||
|
is([sort @{$data->{"userroles"}}], [sort @$roles], "Roles match");
|
||||||
|
};
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
# Logging in with an invalid user is rejected
|
||||||
|
is(request(POST '/login',
|
||||||
|
Referer => 'http://localhost/',
|
||||||
|
Content => {
|
||||||
|
username => 'alice',
|
||||||
|
password => 'foobar'
|
||||||
|
}
|
||||||
|
)->code, 403, "Logging in with invalid credentials does not work");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
done_testing;
|
|
@ -23,41 +23,56 @@ $ldap->add_group("hydra_restart-jobs", $users->{"many_roles"}->{"username"});
|
||||||
$ldap->add_group("hydra_bump-to-front", $users->{"many_roles"}->{"username"});
|
$ldap->add_group("hydra_bump-to-front", $users->{"many_roles"}->{"username"});
|
||||||
$ldap->add_group("hydra_cancel-build", $users->{"many_roles"}->{"username"});
|
$ldap->add_group("hydra_cancel-build", $users->{"many_roles"}->{"username"});
|
||||||
|
|
||||||
my $hydra_ldap_config = "${\$ldap->tmpdir()}/hydra_ldap_config.yaml";
|
my $ctx = test_context(
|
||||||
LDAPContext::write_file($hydra_ldap_config, <<YAML);
|
hydra_config => <<CFG
|
||||||
credential:
|
<ldap>
|
||||||
class: Password
|
<config>
|
||||||
password_field: password
|
<credential>
|
||||||
password_type: self_check
|
class = Password
|
||||||
store:
|
password_field = password
|
||||||
class: LDAP
|
password_type = self_check
|
||||||
ldap_server: "${\$ldap->server_url()}"
|
</credential>
|
||||||
ldap_server_options:
|
<store>
|
||||||
timeout: 30
|
class = LDAP
|
||||||
debug: 0
|
ldap_server = ${\$ldap->server_url()}
|
||||||
binddn: "cn=root,dc=example"
|
<ldap_server_options>
|
||||||
bindpw: notapassword
|
timeout = 30
|
||||||
start_tls: 0
|
debug = 0
|
||||||
start_tls_options:
|
</ldap_server_options>
|
||||||
verify: none
|
binddn = "cn=root,dc=example"
|
||||||
user_basedn: "ou=users,dc=example"
|
bindpw = notapassword
|
||||||
user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))"
|
start_tls = 0
|
||||||
user_scope: one
|
<start_tls_options>
|
||||||
user_field: cn
|
verify = none
|
||||||
user_search_options:
|
</start_tls_options>
|
||||||
deref: always
|
user_basedn = "ou=users,dc=example"
|
||||||
use_roles: 1
|
user_filter = "(&(objectClass=inetOrgPerson)(cn=%s))"
|
||||||
role_basedn: "ou=groups,dc=example"
|
user_scope = one
|
||||||
role_filter: "(&(objectClass=groupOfNames)(member=%s))"
|
user_field = cn
|
||||||
role_scope: one
|
<user_search_options>
|
||||||
role_field: cn
|
deref = always
|
||||||
role_value: dn
|
</user_search_options>
|
||||||
role_search_options:
|
use_roles = 1
|
||||||
deref: always
|
role_basedn = "ou=groups,dc=example"
|
||||||
YAML
|
role_filter = "(&(objectClass=groupOfNames)(member=%s))"
|
||||||
|
role_scope = one
|
||||||
$ENV{'HYDRA_LDAP_CONFIG'} = $hydra_ldap_config;
|
role_field = cn
|
||||||
my $ctx = test_context();
|
role_value = dn
|
||||||
|
<role_search_options>
|
||||||
|
deref = always
|
||||||
|
</role_search_options>
|
||||||
|
</store>
|
||||||
|
</config>
|
||||||
|
<role_mapping>
|
||||||
|
hydra_admin = admin
|
||||||
|
hydra_create-projects = create-projects
|
||||||
|
hydra_cancel-build = cancel-build
|
||||||
|
hydra_bump-to-front = bump-to-front
|
||||||
|
hydra_restart-jobs = restart-jobs
|
||||||
|
</role_mapping>
|
||||||
|
</ldap>
|
||||||
|
CFG
|
||||||
|
);
|
||||||
|
|
||||||
Catalyst::Test->import('Hydra');
|
Catalyst::Test->import('Hydra');
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue