jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8c81a97a4bfbe797f9cc96a70f5e6bdd31e8a4cf
cloudron-box/src/test/ldap-test.js

867 lines
35 KiB
JavaScript
Raw Normal View History

Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */
'use strict';
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
var appdb = require('../appdb.js'),
assert = require('assert'),
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
async = require('async'),
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
database = require('../database.js'),
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
config = require('../config.js'),
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
EventEmitter = require('events').EventEmitter,
expect = require('expect.js'),
test ldap mailing list search
2016-09-27 15:56:02 -07:00
groups = require('../groups.js'),
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
http = require('http'),
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
ldapServer = require('../ldap.js'),
add sendmail/recvmail ldap tests
2017-03-26 20:42:46 -07:00
mailboxdb = require('../mailboxdb.js'),
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
settings = require('../settings.js'),
settingsdb = require('../settingsdb.js'),
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
ldap = require('ldapjs'),
user = require('../user.js');
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
make all tests work after group changes
2016-02-09 09:37:12 -08:00
// owner
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
var USER_0 = {
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
username: 'userName0',
make all tests work after group changes
2016-02-09 09:37:12 -08:00
password: 'Username0pass?1234',
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
email: 'user0@EMAIL.com',
make all tests work after group changes
2016-02-09 09:37:12 -08:00
displayName: 'User 0'
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
};
Do not return aliases as mailboxes
2016-09-28 10:26:41 -07:00
var USER_0_ALIAS = 'Asterix';
make all tests work after group changes
2016-02-09 09:37:12 -08:00
// normal user
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
var USER_1 = {
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
username: 'Username1',
make all tests work after group changes
2016-02-09 09:37:12 -08:00
password: 'Username1pass?12345',
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
email: 'USER1@email.com',
make all tests work after group changes
2016-02-09 09:37:12 -08:00
displayName: 'User 1'
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
};
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
var USER_2 = {
username: 'Username2',
password: 'Username2pass?12345',
email: 'USER2@email.com',
displayName: 'User 2'
};
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
use unique ids for groups
2016-09-30 09:18:41 -07:00
var GROUP_ID, GROUP_NAME = 'developers';
test ldap mailing list search
2016-09-27 15:56:02 -07:00
make user.create take auditSource
2016-05-01 20:01:34 -07:00
var AUDIT_SOURCE = {
ip: '1.2.3.4'
};
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
var APP_0 = {
id: 'appid-0',
appStoreId: 'appStoreId-0',
dnsRecordId: null,
installationState: appdb.ISTATE_INSTALLED,
installationProgress: null,
runState: appdb.RSTATE_RUNNING,
location: 'some-location-0',
manifest: { version: '0.1', dockerImage: 'docker/app0', healthCheckPath: '/', httpPort: 80, title: 'app0' },
httpPort: null,
containerId: 'someContainerId',
portBindings: { port: 5678 },
health: null,
accessRestriction: null,
lastBackupId: null,
oldConfig: null,
memoryLimit: 4294967296
};
var dockerProxy;
function startDockerProxy(interceptor, callback) {
assert.strictEqual(typeof interceptor, 'function');
assert.strictEqual(typeof callback, 'function');
return http.createServer(interceptor).listen(5687, callback);
}
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
function setup(done) {
async.series([
database.initialize.bind(null),
database._clear.bind(null),
ldapServer.start.bind(null),
make appdb.add take a data object
2016-06-17 16:43:35 -05:00
appdb.add.bind(null, APP_0.id, APP_0.appStoreId, APP_0.manifest, APP_0.location, APP_0.portBindings, APP_0),
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
appdb.update.bind(null, APP_0.id, { containerId: APP_0.containerId }),
add sendmail/recvmail ldap tests
2017-03-26 20:42:46 -07:00
appdb.setAddonConfig.bind(null, APP_0.id, 'sendmail', [{ name: 'MAIL_SMTP_PASSWORD', value : 'sendmailpassword' }]),
appdb.setAddonConfig.bind(null, APP_0.id, 'recvmail', [{ name: 'MAIL_IMAP_PASSWORD', value : 'recvmailpassword' }]),
mailboxdb.add.bind(null, APP_0.location + '.app', APP_0.id, mailboxdb.TYPE_APP),
Fixup ldap tests
2016-04-04 16:36:42 +02:00
function (callback) {
make user.create take auditSource
2016-05-01 20:01:34 -07:00
user.createOwner(USER_0.username, USER_0.password, USER_0.email, USER_0.displayName, AUDIT_SOURCE, function (error, result) {
Fixup ldap tests
2016-04-04 16:36:42 +02:00
if (error) return callback(error);
USER_0.id = result.id;
callback(null);
});
},
function (callback) {
make user.create take auditSource
2016-05-01 20:01:34 -07:00
user.create(USER_1.username, USER_1.password, USER_1.email, USER_0.displayName, AUDIT_SOURCE, { invitor: USER_0 }, function (error, result) {
Fixup ldap tests
2016-04-04 16:36:42 +02:00
if (error) return callback(error);
USER_1.id = result.id;
callback(null);
});
test ldap mailing list search
2016-09-27 15:56:02 -07:00
},
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
function (callback) {
user.create(USER_2.username, USER_2.password, USER_2.email, USER_0.displayName, AUDIT_SOURCE, { invitor: USER_0 }, function (error, result) {
if (error) return callback(error);
USER_2.id = result.id;
callback(null);
});
},
use unique ids for groups
2016-09-30 09:18:41 -07:00
function (callback) {
groups.create(GROUP_NAME, function (error, result) {
if (error) return callback(error);
GROUP_ID = result.id;
callback();
});
},
test ldap mailing list search
2016-09-27 15:56:02 -07:00
function (callback) {
async.series([
Do not return aliases as mailboxes
2016-09-28 10:26:41 -07:00
user.setAliases.bind(null, USER_0.id, [ USER_0_ALIAS, 'obelix' ]),
test ldap mailing list search
2016-09-27 15:56:02 -07:00
groups.addMember.bind(null, GROUP_ID, USER_0.id),
groups.addMember.bind(null, GROUP_ID, USER_1.id)
], callback);
Fixup ldap tests
2016-04-04 16:36:42 +02:00
}
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
], function (error) {
if (error) return done(error);
dockerProxy = startDockerProxy(function interceptor(req, res) {
var answer = {};
var status = 500;
if (req.method === 'GET' && req.url === '/networks') {
answer = [{
Name: "irrelevant"
}, {
fix response to say cloudron network
2016-06-17 10:10:18 -05:00
Name: "cloudron",
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
Scope: "local",
Driver: "bridge",
IPAM: {
Driver: "default",
Config: [{
start addons and apps in the cloudron network also remove getLinkSync, since we don't use linking anymore
2016-06-14 20:46:29 -07:00
Subnet: "172.18.0.0/16"
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
}]
},
"Containers": {
someOtherContainerId: {
"EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "127.0.0.2/16",
"IPv6Address": ""
},
someContainerId: {
"EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "127.0.0.1/16",
"IPv6Address": ""
}
}
}];
status = 200;
}
res.writeHead(status);
res.write(JSON.stringify(answer));
res.end();
}, done);
});
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
}
function cleanup(done) {
stop ldap server in test
2016-05-23 21:48:25 -07:00
async.series([
ldapServer.stop,
database._clear
], function () {
dockerProxy.close(function () { done(); }); // some strange error
Stop docker proxy in ldap tests
2016-03-09 07:33:13 +01:00
});
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
}
describe('Ldap', function () {
LDAP tests need more time on my end
2016-09-27 15:16:36 +02:00
this.timeout(10000);
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
before(setup);
after(cleanup);
describe('bind', function () {
it('fails for nonexisting user', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=doesnotexist,ou=users,dc=cloudron', 'password', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
it('fails with wrong password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Support ldap DNs with userId, username and email
2016-04-05 16:32:12 +02:00
client.bind('cn=' + USER_0.id + ',ou=users,dc=cloudron', 'wrongpassword', function (error) {
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
expect(error).to.be.a(ldap.InvalidCredentialsError);
done();
});
});
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
it('succeeds without accessRestriction', function (done) {
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Support ldap DNs with userId, username and email
2016-04-05 16:32:12 +02:00
client.bind('cn=' + USER_0.id + ',ou=users,dc=cloudron', USER_0.password, function (error) {
expect(error).to.be(null);
done();
});
});
it('succeeds with username and without accessRestriction', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
client.bind('cn=' + USER_0.username + ',ou=users,dc=cloudron', USER_0.password, function (error) {
expect(error).to.be(null);
done();
});
});
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
Allow to use email and username for ldap bind
2016-03-24 21:03:04 +01:00
it('succeeds with email and without accessRestriction', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + USER_0.email + ',ou=users,dc=cloudron', USER_0.password, function (error) {
expect(error).to.be(null);
done();
});
});
Adjust tests to fail with invite email if cloudron mail is enabled
2016-09-27 17:35:44 +02:00
it('succeeds without accessRestriction when email is enabled', function (done) {
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
// user settingsdb instead of settings, to not trigger further events
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true }), function (error) {
expect(error).not.to.be.ok();
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Adjust tests to fail with invite email if cloudron mail is enabled
2016-09-27 17:35:44 +02:00
client.bind('cn=' + USER_0.username.toLowerCase() + '@' + config.fqdn() + ',ou=users,dc=cloudron', USER_0.password, function (error) {
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
expect(error).to.be(null);
Adjust tests to fail with invite email if cloudron mail is enabled
2016-09-27 17:35:44 +02:00
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: false }), done);
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
});
});
});
Allow to use email and username for ldap bind
2016-03-24 21:03:04 +01:00
it('fails with username for mail attribute and without accessRestriction', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('mail=' + USER_0.username + ',ou=users,dc=cloudron', USER_0.password, function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
it('fails with accessRestriction denied', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Fixup ldap tests
2016-04-04 16:36:42 +02:00
appdb.update(APP_0.id, { accessRestriction: { users: [ USER_1.id ], groups: [] }}, function (error) {
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
expect(error).to.eql(null);
Support ldap DNs with userId, username and email
2016-04-05 16:32:12 +02:00
client.bind('cn=' + USER_0.id + ',ou=users,dc=cloudron', USER_0.password, function (error) {
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
});
it('succeeds with accessRestriction allowed', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Fixup ldap tests
2016-04-04 16:36:42 +02:00
appdb.update(APP_0.id, { accessRestriction: { users: [ USER_1.id, USER_0.id ], groups: [] }}, function (error) {
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
expect(error).to.eql(null);
Support ldap DNs with userId, username and email
2016-04-05 16:32:12 +02:00
client.bind('cn=' + USER_0.id + ',ou=users,dc=cloudron', USER_0.password, function (error) {
Add access restriction tests for ldap auth
2016-02-18 17:40:53 +01:00
expect(error).to.be(null);
done();
});
});
});
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
});
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
describe('search users', function () {
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
it ('fails for non existing tree', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
make all tests work after group changes
2016-02-09 09:37:12 -08:00
filter: '(&(l=Seattle)(email=*@email.com))'
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
};
client.search('o=example', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
result.on('error', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
result.on('end', function (result) {
done(new Error('Should not succeed. Status ' + result.status));
});
});
});
it ('succeeds with basic filter', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: 'objectcategory=person'
};
client.search('ou=users,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
Fixup ldap tests
2016-04-04 16:36:42 +02:00
entries.sort(function (a, b) { return a.username > b.username; });
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
expect(entries[0].mail).to.equal(USER_0.email.toLowerCase());
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
expect(entries[1].username).to.equal(USER_1.username.toLowerCase());
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
expect(entries[1].mail).to.equal(USER_1.email.toLowerCase());
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
done();
});
});
});
Add ldap tests for login with cloudron mail
2016-09-27 16:22:39 +02:00
it ('succeeds with basic filter and email enabled', function (done) {
// user settingsdb instead of settings, to not trigger further events
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true }), function (error) {
expect(error).not.to.be.ok();
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: 'objectcategory=person'
};
client.search('ou=users,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
entries.sort(function (a, b) { return a.username > b.username; });
expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
expect(entries[0].mailAlternateAddress).to.equal(USER_0.email.toLowerCase());
expect(entries[0].mail).to.equal(USER_0.username.toLowerCase() + '@' + config.fqdn());
expect(entries[1].username).to.equal(USER_1.username.toLowerCase());
expect(entries[1].mailAlternateAddress).to.equal(USER_1.email.toLowerCase());
expect(entries[1].mail).to.equal(USER_1.username.toLowerCase() + '@' + config.fqdn());
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: false }), done);
});
});
});
});
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
it ('succeeds with username wildcard filter', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
make all tests work after group changes
2016-02-09 09:37:12 -08:00
filter: '&(objectcategory=person)(username=username*)'
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
};
client.search('ou=users,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
Fixup ldap tests
2016-04-04 16:36:42 +02:00
entries.sort(function (a, b) { return a.username > b.username; });
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
expect(entries[1].username).to.equal(USER_1.username.toLowerCase());
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
done();
});
});
});
it ('succeeds with username filter', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: '&(objectcategory=person)(username=' + USER_0.username + ')'
};
client.search('ou=users,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(1);
Ensure ldap filter values are treated lowercase only
2016-04-13 12:28:44 +02:00
expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
expect(entries[0].memberof.length).to.equal(2);
done();
});
});
});
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
it ('does not list users who have no access', function (done) {
appdb.update(APP_0.id, { accessRestriction: { users: [], groups: [] } }, function (error) {
expect(error).to.be(null);
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: 'objectcategory=person'
};
client.search('ou=users,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(0);
appdb.update(APP_0.id, { accessRestriction: null }, done);
});
});
});
});
Only list users in ldap groups who have access to the app Fixes #215
2017-03-13 11:06:27 +01:00
it ('does only list users who have access', function (done) {
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
appdb.update(APP_0.id, { accessRestriction: { users: [], groups: [ GROUP_ID ] } }, function (error) {
expect(error).to.be(null);
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: 'objectcategory=person'
};
client.search('ou=users,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
entries.sort(function (a, b) { return a.username > b.username; });
expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
expect(entries[1].username).to.equal(USER_1.username.toLowerCase());
appdb.update(APP_0.id, { accessRestriction: null }, done);
});
});
});
});
Add ldap search unit tests
2015-08-12 15:31:54 +02:00
});
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
describe('search groups', function () {
it ('succeeds with basic filter', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: 'objectclass=group'
};
client.search('ou=groups,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
Support ldap DNs with userId, username and email
2016-04-05 16:32:12 +02:00
// ensure order for testability
entries.sort(function (a, b) { return a.username < b.username; });
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
expect(entries[0].cn).to.equal('users');
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
expect(entries[0].memberuid.length).to.equal(3);
Fixup ldap tests
2016-04-04 16:36:42 +02:00
expect(entries[0].memberuid[0]).to.equal(USER_0.id);
expect(entries[0].memberuid[1]).to.equal(USER_1.id);
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
expect(entries[0].memberuid[2]).to.equal(USER_2.id);
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
Fixup ldap tests
2016-04-04 16:36:42 +02:00
expect(entries[1].memberuid).to.equal(USER_0.id);
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
done();
});
});
});
it ('succeeds with cn wildcard filter', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: '&(objectclass=group)(cn=*)'
};
client.search('ou=groups,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
expect(entries[0].cn).to.equal('users');
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
expect(entries[0].memberuid.length).to.equal(3);
Fixup ldap tests
2016-04-04 16:36:42 +02:00
expect(entries[0].memberuid[0]).to.equal(USER_0.id);
expect(entries[0].memberuid[1]).to.equal(USER_1.id);
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
expect(entries[0].memberuid[2]).to.equal(USER_2.id);
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
Fixup ldap tests
2016-04-04 16:36:42 +02:00
expect(entries[1].memberuid).to.equal(USER_0.id);
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
done();
});
});
});
it('succeeds with memberuid filter', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
Fixup ldap tests
2016-04-04 16:36:42 +02:00
filter: '&(objectclass=group)(memberuid=' + USER_1.id + ')'
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
};
client.search('ou=groups,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(1);
expect(entries[0].cn).to.equal('users');
Only list users who have access to the app in an ldap search Part of #215
2017-03-13 11:01:11 +01:00
expect(entries[0].memberuid.length).to.equal(3);
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
done();
});
});
});
Only list users in ldap groups who have access to the app Fixes #215
2017-03-13 11:06:27 +01:00
it ('does only list users who have access', function (done) {
appdb.update(APP_0.id, { accessRestriction: { users: [], groups: [ GROUP_ID ] } }, function (error) {
expect(error).to.be(null);
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: '&(objectclass=group)(cn=*)'
};
client.search('ou=groups,dc=cloudron', opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', done);
result.on('end', function (result) {
expect(result.status).to.equal(0);
expect(entries.length).to.equal(2);
expect(entries[0].cn).to.equal('users');
expect(entries[0].memberuid.length).to.equal(2);
expect(entries[0].memberuid[0]).to.equal(USER_0.id);
expect(entries[0].memberuid[1]).to.equal(USER_1.id);
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
expect(entries[1].memberuid).to.equal(USER_0.id);
appdb.update(APP_0.id, { accessRestriction: null }, done);
});
});
});
});
Add ldap 'users' group
2015-08-12 17:38:31 +02:00
});
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
function ldapSearch(dn, filter, callback) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
var opts = {
filter: filter
};
client.search(dn, opts, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an(EventEmitter);
var entries = [];
result.on('searchEntry', function (entry) { entries.push(entry.object); });
result.on('error', callback);
result.on('end', function (result) {
expect(result.status).to.equal(0);
callback(null, entries);
});
});
}
describe('search mailbox', function () {
it('get specific mailbox', function (done) {
ldapSearch('cn=' + USER_0.username + ',ou=mailboxes,dc=cloudron', 'objectclass=mailbox', function (error, entries) {
if (error) return done(error);
expect(entries.length).to.equal(1);
expect(entries[0].cn).to.equal(USER_0.username.toLowerCase());
done();
});
});
allow mailbox search by email
2016-09-26 21:03:07 -07:00
it('get specific mailbox by email', function (done) {
ldapSearch('cn=' + USER_0.username + '@' + config.fqdn() + ',ou=mailboxes,dc=cloudron', 'objectclass=mailbox', function (error, entries) {
if (error) return done(error);
expect(entries.length).to.equal(1);
expect(entries[0].cn).to.equal(USER_0.username.toLowerCase());
done();
});
});
Do not return aliases as mailboxes
2016-09-28 10:26:41 -07:00
it('cannot get alias as a mailbox', function (done) {
ldapSearch('cn=' + USER_0_ALIAS + ',ou=mailboxes,dc=cloudron', 'objectclass=mailbox', function (error, entries) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
it('non-existent mailbox', function (done) {
Fix mailAlias LDAP listing
2016-09-26 14:38:23 -07:00
ldapSearch('cn=random,ou=mailboxes,dc=cloudron', 'objectclass=mailbox', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
});
describe('search aliases', function () {
test ldap mailing list search
2016-09-27 15:56:02 -07:00
it('get specific alias', function (done) {
Do not return aliases as mailboxes
2016-09-28 10:26:41 -07:00
ldapSearch('cn=' + USER_0_ALIAS + ',ou=mailaliases,dc=cloudron', 'objectclass=nismailalias', function (error, entries) {
test ldap mailing list search
2016-09-27 15:56:02 -07:00
if (error) return done(error);
expect(entries.length).to.equal(1);
expect(entries[0].cn).to.equal('asterix');
Revert "make rfc822MailMember a complete address" This reverts commit b9823fff44e54ca7cd36db7e30b5cbd7ec313a61. Most examples on internet don't have the complete address. https://wiki.debian.org/LDAP/MigrationTools/Examples
2016-09-27 16:04:50 -07:00
expect(entries[0].rfc822MailMember).to.equal(USER_0.username.toLowerCase());
test ldap mailing list search
2016-09-27 15:56:02 -07:00
done();
});
});
Do not return aliases as mailboxes
2016-09-28 10:26:41 -07:00
it('cannot get mailbox as alias', function (done) {
ldapSearch('cn=' + USER_0.username + ',ou=mailaliases,dc=cloudron', 'objectclass=nismailalias', function (error, entries) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
test ldap mailing list search
2016-09-27 15:56:02 -07:00
it('non-existent alias', function (done) {
ldapSearch('cn=random,ou=mailaliases,dc=cloudron', 'objectclass=mailbox', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
Fix mailAlias LDAP listing
2016-09-26 14:38:23 -07:00
});
test ldap mailing list search
2016-09-27 15:56:02 -07:00
});
Fix mailAlias LDAP listing
2016-09-26 14:38:23 -07:00
test ldap mailing list search
2016-09-27 15:56:02 -07:00
describe('search groups', function () {
Fix mailAlias LDAP listing
2016-09-26 14:38:23 -07:00
it('get specific alias', function (done) {
Do not return aliases as mailboxes
2016-09-28 10:26:41 -07:00
ldapSearch('cn=' + USER_0_ALIAS + ',ou=mailaliases,dc=cloudron', 'objectclass=nismailalias', function (error, entries) {
Fix mailAlias LDAP listing
2016-09-26 14:38:23 -07:00
if (error) return done(error);
expect(entries.length).to.equal(1);
expect(entries[0].cn).to.equal('asterix');
Revert "make rfc822MailMember a complete address" This reverts commit b9823fff44e54ca7cd36db7e30b5cbd7ec313a61. Most examples on internet don't have the complete address. https://wiki.debian.org/LDAP/MigrationTools/Examples
2016-09-27 16:04:50 -07:00
expect(entries[0].rfc822MailMember).to.equal(USER_0.username.toLowerCase());
Fix mailAlias LDAP listing
2016-09-26 14:38:23 -07:00
done();
});
});
it('non-existent alias', function (done) {
ldapSearch('cn=random,ou=mailaliases,dc=cloudron', 'objectclass=mailbox', function (error) {
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
});
return members of mailing list
2016-09-27 16:27:22 -07:00
describe('search mailing list', function () {
it('get specific list', function (done) {
ldapSearch('cn=developers,ou=mailinglists,dc=cloudron', 'objectclass=mailGroup', function (error, entries) {
if (error) return done(error);
expect(entries.length).to.equal(1);
expect(entries[0].cn).to.equal('developers');
expect(entries[0].mgrpRFC822MailMember).to.eql([ USER_0.username.toLowerCase(), USER_1.username.toLowerCase() ]);
done();
});
});
it('non-existent list', function (done) {
ldapSearch('cn=random,ou=mailinglists,dc=cloudron', 'objectclass=mailGroup', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
});
add sendmail/recvmail ldap tests
2017-03-26 20:42:46 -07:00
describe('user sendmail bind', function () {
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
it('does not allow with invalid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Verify password for sendmail/recvmail addon Part of #109
2017-03-26 19:14:50 -07:00
client.bind('cn=' + USER_0.username + ',ou=sendmail,dc=cloudron', USER_0.password + 'nope', function (error) {
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
expect(error).to.be.a(ldap.InvalidCredentialsError);
done();
});
});
it('allows with valid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Verify password for sendmail/recvmail addon Part of #109
2017-03-26 19:14:50 -07:00
client.bind('cn=' + USER_0.username + ',ou=sendmail,dc=cloudron', USER_0.password, function (error) {
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
done(error);
});
});
allow login via email cn to access mailbox
2016-09-26 12:03:37 -07:00
it('allows with valid email', function (done) {
Only allow bind by cloudron mail if enabled
2016-09-27 16:23:11 +02:00
// user settingsdb instead of settings, to not trigger further events
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true }), function (error) {
expect(error).not.to.be.ok();
allow login via email cn to access mailbox
2016-09-26 12:03:37 -07:00
Only allow bind by cloudron mail if enabled
2016-09-27 16:23:11 +02:00
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
Verify password for sendmail/recvmail addon Part of #109
2017-03-26 19:14:50 -07:00
client.bind('cn=' + USER_0.username + '@' + config.fqdn() + ',ou=sendmail,dc=cloudron', USER_0.password, function (error) {
Only allow bind by cloudron mail if enabled
2016-09-27 16:23:11 +02:00
expect(error).not.to.be.ok();
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: false }), done);
});
allow login via email cn to access mailbox
2016-09-26 12:03:37 -07:00
});
});
ldap: fix mailbox search and bind
2016-09-26 10:18:58 -07:00
});
Verify password for sendmail/recvmail addon Part of #109
2017-03-26 19:14:50 -07:00
add sendmail/recvmail ldap tests
2017-03-26 20:42:46 -07:00
describe('app sendmail bind', function () {
it('does not allow with invalid app', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=hacker.app,ou=sendmail,dc=cloudron', 'nope', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
it('does not allow with invalid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + APP_0.location + '.app,ou=sendmail,dc=cloudron', 'nope', function (error) {
expect(error).to.be.a(ldap.InvalidCredentialsError);
done();
});
});
it('allows with valid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + APP_0.location + '.app,ou=sendmail,dc=cloudron', 'sendmailpassword', function (error) {
done(error);
});
});
});
describe('user recvmail bind', function () {
Verify password for sendmail/recvmail addon Part of #109
2017-03-26 19:14:50 -07:00
it('does not allow with invalid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + USER_0.username + ',ou=recvmail,dc=cloudron', USER_0.password + 'nope', function (error) {
expect(error).to.be.a(ldap.InvalidCredentialsError);
done();
});
});
it('allows with valid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + USER_0.username + ',ou=recvmail,dc=cloudron', USER_0.password, function (error) {
done(error);
});
});
it('allows with valid email', function (done) {
// user settingsdb instead of settings, to not trigger further events
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true }), function (error) {
expect(error).not.to.be.ok();
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + USER_0.username + '@' + config.fqdn() + ',ou=recvmail,dc=cloudron', USER_0.password, function (error) {
expect(error).not.to.be.ok();
settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: false }), done);
});
});
});
});
add sendmail/recvmail ldap tests
2017-03-26 20:42:46 -07:00
describe('app recvmail bind', function () {
it('does not allow with invalid app', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=hacker.app,ou=recvmail,dc=cloudron', 'nope', function (error) {
expect(error).to.be.a(ldap.NoSuchObjectError);
done();
});
});
it('does not allow with invalid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + APP_0.location + '.app,ou=recvmail,dc=cloudron', 'nope', function (error) {
expect(error).to.be.a(ldap.InvalidCredentialsError);
done();
});
});
it('allows with valid password', function (done) {
var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
client.bind('cn=' + APP_0.location + '.app,ou=recvmail,dc=cloudron', 'recvmailpassword', function (error) {
done(error);
});
});
});
Add initial ldap unit tests
2015-08-12 15:00:38 +02:00
});
Reference in New Issue Copy Permalink