Fixup ldap group tests

This commit is contained in:
Johannes Zellner
2021-12-09 17:23:14 +01:00
parent d02d2dcb80
commit 86d642c8a3
2 changed files with 84 additions and 26 deletions

View File

@@ -60,7 +60,7 @@ async function ldapSearch(dn, opts) {
describe('Ldap', function () {
const { setup, cleanup, admin, user, app, domain, auditSource } = common;
let group;
let group, group2;
const mockApp = Object.assign({}, app);
const mailboxName = 'support';
@@ -75,8 +75,12 @@ describe('Ldap', function () {
async () => await mail.setAliases(mailboxName, domain.domain, [ { name: mailAliasName, domain: domain.domain} ], auditSource),
ldapServer.start.bind(null),
async () => {
group = await groups.add({ name: 'ldap-test' });
group = await groups.add({ name: 'ldap-test-1' });
await groups.setMembers(group.id, [ admin.id, user.id ]);
},
async () => {
group2 = await groups.add({ name: 'ldap-test-2' });
await groups.setMembers(group2.id, [ admin.id ]);
}
], done);
@@ -203,68 +207,120 @@ describe('Ldap', function () {
describe('group search', function () {
it('succeeds with basic filter', async function () {
mockApp.accessRestriction = null;
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: 'objectclass=group' });
expect(entries.length).to.equal(2);
expect(entries.length).to.equal(4);
// ensure order for testability
entries.sort(function (a, b) { return a.username < b.username; });
entries.sort(function (a, b) { return a.cn < b.cn; });
expect(entries[0].cn).to.equal('users');
expect(entries[0].memberuid.length).to.equal(2);
expect(entries[0].memberuid[0]).to.equal(admin.id);
expect(entries[0].memberuid[1]).to.equal(user.id);
expect(entries[0].memberuid).to.contain(admin.id);
expect(entries[0].memberuid).to.contain(user.id);
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
expect(entries[1].memberuid).to.equal(admin.id);
expect(entries[2].cn).to.equal('ldap-test-1');
expect(entries[2].memberuid.length).to.equal(2);
expect(entries[2].memberuid).to.contain(admin.id);
expect(entries[2].memberuid).to.contain(user.id);
expect(entries[3].cn).to.equal('ldap-test-2');
expect(entries[3].memberuid).to.equal(admin.id);
});
it ('succeeds with cn wildcard filter', async function () {
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(cn=*)' });
expect(entries.length).to.equal(2);
expect(entries.length).to.equal(4);
// ensure order for testability
entries.sort(function (a, b) { return a.cn < b.cn; });
expect(entries[0].cn).to.equal('users');
expect(entries[0].memberuid.length).to.equal(2);
expect(entries[0].memberuid[0]).to.equal(admin.id);
expect(entries[0].memberuid[1]).to.equal(user.id);
expect(entries[0].memberuid).to.contain(admin.id);
expect(entries[0].memberuid).to.contain(user.id);
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
expect(entries[1].memberuid).to.equal(admin.id);
expect(entries[2].cn).to.equal('ldap-test-1');
expect(entries[2].memberuid.length).to.equal(2);
expect(entries[2].memberuid).to.contain(admin.id);
expect(entries[2].memberuid).to.contain(user.id);
expect(entries[3].cn).to.equal('ldap-test-2');
expect(entries[3].memberuid).to.equal(admin.id);
});
it('succeeds with memberuid filter', async function () {
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(memberuid=' + user.id + ')' });
expect(entries.length).to.equal(1);
expect(entries.length).to.equal(2);
// ensure order for testability
entries.sort(function (a, b) { return a.cn < b.cn; });
expect(entries[0].cn).to.equal('users');
expect(entries[0].memberuid.length).to.equal(2);
expect(entries[1].cn).to.equal('ldap-test-1');
expect(entries[1].memberuid.length).to.equal(2);
expect(entries[1].memberuid).to.contain(admin.id);
expect(entries[1].memberuid).to.contain(user.id);
});
it ('does only list users who have access', async function () {
it ('does only list groups who have access', async function () {
mockApp.accessRestriction = { users: [], groups: [ group.id ] };
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(cn=*)' });
expect(entries.length).to.equal(2);
// ensure order for testability
entries.sort(function (a, b) { return a.cn < b.cn; });
expect(entries.length).to.equal(3);
expect(entries[0].cn).to.equal('users');
expect(entries[0].memberuid.length).to.equal(2);
expect(entries[0].memberuid[0]).to.equal(admin.id);
expect(entries[0].memberuid[1]).to.equal(user.id);
expect(entries[0].memberuid).to.contain(admin.id);
expect(entries[0].memberuid).to.contain(user.id);
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
expect(entries[1].memberuid).to.equal(admin.id);
expect(entries[2].cn).to.equal('ldap-test-1');
expect(entries[2].memberuid.length).to.equal(2);
expect(entries[2].memberuid).to.contain(admin.id);
expect(entries[2].memberuid).to.contain(user.id);
});
it ('succeeds with pagination', async function () {
mockApp.accessRestriction = null;
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: 'objectclass=group', paged: true });
expect(entries.length).to.equal(2);
expect(entries.length).to.equal(4);
// ensure order for testability
entries.sort(function (a, b) { return a.username < b.username; });
entries.sort(function (a, b) { return a.cn < b.cn; });
expect(entries[0].cn).to.equal('users');
expect(entries[0].memberuid.length).to.equal(2);
expect(entries[0].memberuid[0]).to.equal(admin.id);
expect(entries[0].memberuid[1]).to.equal(user.id);
expect(entries[0].memberuid).to.contain(admin.id);
expect(entries[0].memberuid).to.contain(user.id);
expect(entries[1].cn).to.equal('admins');
// if only one entry, the array becomes a string :-/
expect(entries[1].memberuid).to.equal(admin.id);
expect(entries[2].cn).to.equal('ldap-test-1');
expect(entries[2].memberuid.length).to.equal(2);
expect(entries[2].memberuid).to.contain(admin.id);
expect(entries[2].memberuid).to.contain(user.id);
expect(entries[3].cn).to.equal('ldap-test-2');
expect(entries[3].memberuid).to.equal(admin.id);
});
});