add ldap group tests and fixes for the found issues
This commit is contained in:
Johannes Zellner
@@ -12,6 +12,7 @@ var async = require('async'),
|
||||
expect = require('expect.js'),
|
||||
externalldap = require('../externalldap.js'),
|
||||
groupdb = require('../groupdb.js'),
|
||||
groups = require('../groups.js'),
|
||||
domains = require('../domains.js'),
|
||||
ldap = require('ldapjs'),
|
||||
mailboxdb = require('../mailboxdb.js'),
|
||||
@@ -45,12 +46,17 @@ const DOMAIN_0 = {
|
||||
const LDAP_SHARED_PASSWORD = 'validpassword';
|
||||
const LDAP_PORT = 4321;
|
||||
const LDAP_BASE_DN = 'ou=Users,dc=cloudron,dc=io';
|
||||
const LDAP_GROUP_BASE_DN = 'ou=Groups,dc=cloudron,dc=io';
|
||||
const LDAP_CONFIG = {
|
||||
provider: 'testserver',
|
||||
url: `ldap://localhost:${LDAP_PORT}`,
|
||||
usernameField: 'customusernameprop',
|
||||
baseDn: LDAP_BASE_DN,
|
||||
filter: '(objectClass=inetOrgPerson)',
|
||||
syncGroups: false,
|
||||
groupBaseDn: LDAP_GROUP_BASE_DN,
|
||||
groupFilter: '(objectClass=groupOfNames)',
|
||||
groupnameField: 'customgroupnameprop',
|
||||
autoCreate: false
|
||||
};
|
||||
|
||||
@@ -134,11 +140,12 @@ function finalSend(results, req, res, next) {
|
||||
}
|
||||
|
||||
let gLdapUsers = [];
|
||||
let gLdapGroups = [];
|
||||
|
||||
function startLdapServer(callback) {
|
||||
gLdapServer = ldap.createServer();
|
||||
|
||||
gLdapServer.search(LDAP_CONFIG.baseDn, function (req, res, next) {
|
||||
gLdapServer.search(LDAP_BASE_DN, function (req, res, next) {
|
||||
let results = [];
|
||||
|
||||
gLdapUsers.forEach(function (entry) {
|
||||
@@ -163,7 +170,32 @@ function startLdapServer(callback) {
|
||||
finalSend(results, req, res, next);
|
||||
});
|
||||
|
||||
gLdapServer.bind(LDAP_CONFIG.baseDn, function (req, res, next) {
|
||||
gLdapServer.search(LDAP_GROUP_BASE_DN, function (req, res, next) {
|
||||
let results = [];
|
||||
|
||||
gLdapGroups.forEach(function (entry) {
|
||||
var dn = ldap.parseDN(`cn=${entry.groupname},${LDAP_GROUP_BASE_DN}`);
|
||||
|
||||
var obj = {
|
||||
dn: dn.toString(),
|
||||
attributes: {
|
||||
objectclass: [ 'groupOfNames' ],
|
||||
cn: entry.groupname,
|
||||
member: entry.member || []
|
||||
}
|
||||
};
|
||||
|
||||
obj.attributes[LDAP_CONFIG.groupnameField] = entry.groupname;
|
||||
|
||||
if ((req.dn.equals(dn) || req.dn.parentOf(dn)) && req.filter.matches(obj.attributes)) {
|
||||
results.push(obj);
|
||||
}
|
||||
});
|
||||
|
||||
finalSend(results, req, res, next);
|
||||
});
|
||||
|
||||
gLdapServer.bind(LDAP_BASE_DN, function (req, res, next) {
|
||||
// extract the common name which might have different attribute names
|
||||
var attributeName = Object.keys(req.dn.rdns[0].attrs)[0];
|
||||
var commonName = req.dn.rdns[0].attrs[attributeName].value;
|
||||
@@ -308,6 +340,96 @@ describe('External LDAP', function () {
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
// now test with groups
|
||||
it('enabling with groups fails with missing groupBaseDn', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
delete conf.groupBaseDn;
|
||||
|
||||
enable(conf, function (error) {
|
||||
expect(error).to.be.ok();
|
||||
expect(error.reason).to.equal(BoxError.BAD_FIELD);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('enabling with groups fails with empty groupBaseDn', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
conf.groupBaseDn = '';
|
||||
|
||||
enable(conf, function (error) {
|
||||
expect(error).to.be.ok();
|
||||
expect(error.reason).to.equal(BoxError.BAD_FIELD);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('enabling with groups fails with missing groupFilter', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
delete conf.groupFilter;
|
||||
|
||||
enable(conf, function (error) {
|
||||
expect(error).to.be.ok();
|
||||
expect(error.reason).to.equal(BoxError.BAD_FIELD);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('enabling with groups fails with empty groupFilter', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
conf.groupFilter = '';
|
||||
|
||||
enable(conf, function (error) {
|
||||
expect(error).to.be.ok();
|
||||
expect(error.reason).to.equal(BoxError.BAD_FIELD);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('enabling with groups fails with missing groupnameField', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
delete conf.groupnameField;
|
||||
|
||||
enable(conf, function (error) {
|
||||
expect(error).to.be.ok();
|
||||
expect(error.reason).to.equal(BoxError.BAD_FIELD);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('enabling with groups fails with empty groupnameField', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
conf.groupnameField = '';
|
||||
|
||||
enable(conf, function (error) {
|
||||
expect(error).to.be.ok();
|
||||
expect(error.reason).to.equal(BoxError.BAD_FIELD);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('enabling with groups succeeds', function (done) {
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
|
||||
enable(function (error) {
|
||||
expect(error).to.equal(null);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('disabling succeeds', function (done) {
|
||||
disable(function (error) {
|
||||
expect(error).to.equal(null);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('sync', function () {
|
||||
@@ -385,6 +507,148 @@ describe('External LDAP', function () {
|
||||
});
|
||||
});
|
||||
|
||||
it('does not sync group if group sync is disabled', function (done) {
|
||||
gLdapGroups.push({
|
||||
groupname: 'extGroup1'
|
||||
});
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getAll(function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(0);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('enable with groupSync', function (done) {
|
||||
disable(function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
let conf = _.extend({}, LDAP_CONFIG);
|
||||
conf.syncGroups = true;
|
||||
|
||||
enable(conf, done);
|
||||
});
|
||||
});
|
||||
|
||||
it('succeeds with groups enabled', function (done) {
|
||||
gLdapGroups = [];
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getAll(function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(0);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('succeeds with groups enabled and new group', function (done) {
|
||||
gLdapGroups.push({
|
||||
groupname: 'extGroup1'
|
||||
});
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getAll(function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(1);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('succeeds with groups enabled and second new group', function (done) {
|
||||
gLdapGroups.push({
|
||||
groupname: 'extGroup2'
|
||||
});
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getAll(function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(2);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('does not create already existing group', function (done) {
|
||||
gLdapGroups.push({
|
||||
groupname: 'INTERNALgroup' // also tests lowercasing
|
||||
});
|
||||
|
||||
groups.create('internalgroup', '', function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getAll(function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(3);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('adds users of groups', function (done) {
|
||||
gLdapGroups.push({
|
||||
groupname: 'nonEmptyGroup',
|
||||
member: gLdapUsers.slice(-2).map(function (u) { return `cn=${u.username},${LDAP_CONFIG.baseDn}`; })
|
||||
});
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getByName('nonemptygroup', function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getMembers(result.id, function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(2);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('adds new users of groups', function (done) {
|
||||
gLdapGroups.push({
|
||||
groupname: 'nonEmptyGroup',
|
||||
member: gLdapUsers.map(function (u) { return `cn=${u.username},${LDAP_CONFIG.baseDn}`; })
|
||||
});
|
||||
|
||||
externalldap.sync(function progress() {}, function (error) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getByName('nonemptygroup', function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
|
||||
groups.getMembers(result.id, function (error, result) {
|
||||
expect(error).to.equal(null);
|
||||
expect(result.length).to.equal(4);
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('disable', disable);
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user