jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

groups: members cannot be set for external groups

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-19 22:48:29 +01:00
parent a1217e52c8
commit 8bdcdd7810
8 changed files with 108 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/test/directoryserver-test.js
View File

@@ -85,11 +85,11 @@ describe('Directory Server (LDAP)', function () {
directoryServer.setConfig.bind(null, { enabled: true, secret: auth.secret, allowlist: '127.0.0.1' }, auditSource),
async () => {
group = await groups.add({ name: 'ldap-test-1' });
await groups.setMembers(group.id, [ admin.id, user.id ]);
await groups.setMembers(group, [ admin.id, user.id ], {});
},
async () => {
group2 = await groups.add({ name: 'ldap-test-2' });
await groups.setMembers(group2.id, [ admin.id ]);
await groups.setMembers(group2, [ admin.id ], {});
}
], done);
});

26
src/test/externalldap-test.js
View File

@@ -397,7 +397,7 @@ describe('External LDAP', function () {
await externalLdap.sync(function progress() {});
const result = await users.list();
expect(result.find(function (u) {
return u.username === 'firstuser' && u.email === 'first@user.com' && u.displayName === 'First User';
return u.username === 'firstuser' && u.email === 'first@user.com' && u.displayName === 'First User' && u.source === 'ldap';
})).to.be.ok();
});
@@ -408,11 +408,11 @@ describe('External LDAP', function () {
await externalLdap.sync(function progress() {});
const result = await users.list();
expect(result.find(function (u) {
return u.username === 'firstuser' && u.email === 'first@changed.com' && u.displayName === 'User First';
return u.username === 'firstuser' && u.email === 'first@changed.com' && u.displayName === 'User First' && u.source === 'ldap';
})).to.be.ok();
});
it('mapps already existing users with same username', async function () {
it('maps already existing users with same username', async function () {
gLdapUsers.push({
username: admin.username,
displayName: 'Something Else',
@@ -436,6 +436,11 @@ describe('External LDAP', function () {
expect(result.length).to.equal(0);
});
it('can set groups of external user when group sync is disabled', async function () {
const user = await users.getByUsername(gLdapUsers[0].username);
await groups.setMembership(user, []);
});
it('enable with groupSync', async function () {
let conf = Object.assign({}, LDAP_CONFIG);
conf.syncGroups = true;
@@ -458,7 +463,7 @@ describe('External LDAP', function () {
await externalLdap.sync(function progress() {});
const result = await groups.list();
expect(result.find(function (g) {
return g.name === 'extgroup1';
return g.name === 'extgroup1' && g.source === 'ldap';
})).to.be.ok();
});
@@ -471,11 +476,11 @@ describe('External LDAP', function () {
const result = await groups.list();
expect(result.length).to.be(2);
expect(result.find(function (g) {
return g.name === 'extgroup2';
return g.name === 'extgroup2' && g.source === 'ldap';
})).to.be.ok();
});
it('does not create already existing group', async function () {
it('does not create or change already existing group', async function () {
gLdapGroups.push({
groupname: 'INTERNALgroup' // also tests lowercasing
});
@@ -485,6 +490,9 @@ describe('External LDAP', function () {
const result = await groups.list();
expect(result.length).to.equal(3);
expect(result.find(function (g) {
return g.name === 'internalgroup' && g.source === 'ldap'; // source is updated to LDAP
})).to.be.ok();
});
it('adds users of groups', async function () {
@@ -530,6 +538,12 @@ describe('External LDAP', function () {
const u = await users.get(result2[0]);
expect(u.username).to.equal(gLdapUsers[0].username);
});
it('cannot set groups of external user when group sync is disabled', async function () {
const user = await users.getByUsername(gLdapUsers[0].username);
const [error] = await safe(groups.setMembership(user, []));
expect(error.reason).to.be(BoxError.BAD_STATE);
});
});
describe('user auto creation', function () {

28
src/test/groups-test.js
View File

@@ -18,10 +18,10 @@ describe('Groups', function () {
before(setup);
after(cleanup);
describe('add/get/del', function () {
let group0Name = 'administrators', group0Object;
let group1Name = 'externs', group1Object;
let group0Name = 'administrators', group0Object;
let group1Name = 'externs', group1Object;
describe('add', function () {
it('cannot add group - too small', async function () {
const [error] = await safe(groups.add({ name: '' }));
expect(error.reason).to.be(BoxError.BAD_FIELD);
@@ -72,7 +72,9 @@ describe('Groups', function () {
const [error] = await safe(groups.add({name: group0Name, source: 'ldap' }));
expect(error.reason).to.be(BoxError.ALREADY_EXISTS);
});
});
describe('get', function () {
it('cannot get invalid group', async function () {
const result = await groups.get('sometrandom');
expect(result).to.be(null);
@@ -82,18 +84,20 @@ describe('Groups', function () {
const result = await groups.get(group0Object.id);
expect(result.name).to.equal(group0Name);
});
});
describe('members', function () {
it('isMember returns false', async function () {
const isMember = await groups.isMember(group0Object.id, admin.id);
expect(isMember).to.be(false);
});
it('can set members', async function () {
await groups.setMembers(group0Object.id, [ admin.id, user.id ]);
await groups.setMembers(group0Object, [ admin.id, user.id ], {});
});
it('cannot set duplicate members', async function () {
const [error] = await safe(groups.setMembers(group0Object.id, [ admin.id, user.id, admin.id ]));
const [error] = await safe(groups.setMembers(group0Object, [ admin.id, user.id, admin.id ], {}));
expect(error.reason).to.be(BoxError.CONFLICT);
});
@@ -127,17 +131,17 @@ describe('Groups', function () {
expect(result.userIds).to.eql([ admin.id ]);
});
it('can set groups', async function () {
await groups.setMembership(admin.id, [ group0Object.id ]);
it('can set group membership', async function () {
await groups.setMembership(admin, [ group0Object.id ]);
});
it('cannot set user to same group twice', async function () {
const [error] = await safe(groups.setMembership(admin.id, [ group0Object.id, group0Object.id ]));
const [error] = await safe(groups.setMembership(admin, [ group0Object.id, group0Object.id ]));
expect(error.reason).to.be(BoxError.CONFLICT);
});
it('can set user to multiple groups', async function () {
await groups.setMembership(admin.id, [ group0Object.id, group1Object.id ]);
await groups.setMembership(admin, [ group0Object.id, group1Object.id ]);
});
it('can get groups membership', async function () {
@@ -145,7 +149,9 @@ describe('Groups', function () {
expect(groupIds.length).to.be(2);
expect(groupIds.sort()).to.eql([ group0Object.id, group1Object.id ].sort());
});
});
describe('list', function () {
it('can list', async function () {
const result = await groups.list();
expect(result.length).to.be(2);
@@ -160,14 +166,16 @@ describe('Groups', function () {
expect(result[1].userIds).to.eql([ admin.id ]);
expect(result[1].name).to.be(group1Name);
});
});
describe('delete', function () {
it('cannot delete invalid group', async function () {
const [error] = await safe(groups.remove('random'));
expect(error.reason).to.be(BoxError.NOT_FOUND);
});
it('can delete valid group', async function () {
await groups.setMembers(group0Object.id, [ admin.id, user.id ]); // ensure group has some members
await groups.setMembers(group0Object, [ admin.id, user.id ], {}); // ensure group has some members
await groups.remove(group0Object.id);
});
});

4
src/test/ldapserver-test.js
View File

@@ -78,11 +78,11 @@ describe('Ldap', function () {
ldapServer.start.bind(null),
async () => {
group = await groups.add({ name: 'ldap-test-1' });
await groups.setMembers(group.id, [ admin.id, user.id ]);
await groups.setMembers(group, [ admin.id, user.id ], {});
},
async () => {
group2 = await groups.add({ name: 'ldap-test-2' });
await groups.setMembers(group2.id, [ admin.id ]);
await groups.setMembers(group2, [ admin.id ], {});
}
], done);