1238 lines
50 KiB
Go
1238 lines
50 KiB
Go
|
package tests
|
||
|
|
|
||
|
|
// Assumes that the LDAP test server follows the PAAS-LDAP requirements which can be set using https://git.tronnet.net/tronnet/open-ldap-setup.
|
||
|
|
// Alternatively run `make dev-init` followed by `make test`.
|
||
|
|
// The integration tests ensures that the LDAP client maintains the security and access control of PAAS-LDAP but likely does not address integration with generic LDAP setups.
|
||
|
|
|
||
|
|
import (
|
||
|
|
"fmt"
|
||
|
|
"net/http"
|
||
|
|
app "proxmoxaas-ldap/app"
|
||
|
|
"testing"
|
||
|
|
|
||
|
|
"github.com/gin-gonic/gin"
|
||
|
|
"github.com/go-ldap/ldap/v3"
|
||
|
|
)
|
||
|
|
|
||
|
|
var AdminUser = User{
|
||
|
|
username: "adminuser",
|
||
|
|
password: "admin123",
|
||
|
|
userObj: app.LDAPUser{
|
||
|
|
DN: fmt.Sprintf("uid=adminuser,%s", PeopleDN),
|
||
|
|
Attributes: app.LDAPUserAttributes{
|
||
|
|
CN: "admin",
|
||
|
|
SN: "user",
|
||
|
|
UID: "adminuser",
|
||
|
|
Mail: "adminuser@test.paasldap",
|
||
|
|
MemberOf: []string{
|
||
|
|
fmt.Sprintf("cn=adminuser,%s", GroupDN),
|
||
|
|
fmt.Sprintf("cn=admins,%s", GroupDN),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
var InvalidUser = User{
|
||
|
|
username: RandString(16),
|
||
|
|
password: RandString(16),
|
||
|
|
userObj: app.LDAPUser{},
|
||
|
|
}
|
||
|
|
|
||
|
|
var SampleUser = User{
|
||
|
|
username: "sampleuser",
|
||
|
|
password: "sample123",
|
||
|
|
userObj: app.LDAPUser{
|
||
|
|
DN: "uid=sampleuser,ou=people,dc=test,dc=paasldap",
|
||
|
|
Attributes: app.LDAPUserAttributes{
|
||
|
|
CN: "sample",
|
||
|
|
SN: "user",
|
||
|
|
UID: "sampleuser",
|
||
|
|
Mail: "sampleuser@test.paasldap",
|
||
|
|
MemberOf: []string{},
|
||
|
|
},
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
var UserDNMap = map[string]User{
|
||
|
|
AdminUser.userObj.DN: AdminUser,
|
||
|
|
SampleUser.userObj.DN: SampleUser,
|
||
|
|
// invalid user not included because it should not be added as a valid user
|
||
|
|
}
|
||
|
|
|
||
|
|
var AdminGroup = Group{
|
||
|
|
groupname: "admins",
|
||
|
|
groupObj: app.LDAPGroup{
|
||
|
|
DN: fmt.Sprintf("cn=admins,%s", GroupDN),
|
||
|
|
Attributes: app.LDAPGroupAttributes{
|
||
|
|
CN: "admins",
|
||
|
|
Member: []string{
|
||
|
|
fmt.Sprintf("uid=adminuser,%s", PeopleDN),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
var AdminUserGroup = Group{
|
||
|
|
groupname: "adminuser",
|
||
|
|
groupObj: app.LDAPGroup{
|
||
|
|
DN: fmt.Sprintf("cn=adminuser,%s", GroupDN),
|
||
|
|
Attributes: app.LDAPGroupAttributes{
|
||
|
|
CN: "adminuser",
|
||
|
|
Member: []string{
|
||
|
|
fmt.Sprintf("uid=adminuser,%s", PeopleDN),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
var SampleUserGroup = Group{
|
||
|
|
groupname: "sampleuser",
|
||
|
|
groupObj: app.LDAPGroup{
|
||
|
|
DN: fmt.Sprintf("cn=sampleuser,%s", GroupDN),
|
||
|
|
Attributes: app.LDAPGroupAttributes{
|
||
|
|
CN: "sampleuser",
|
||
|
|
Member: []string{
|
||
|
|
"",
|
||
|
|
fmt.Sprintf("uid=sampleuser,%s", PeopleDN),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
var InvalidGroup = Group{
|
||
|
|
groupname: "invalid",
|
||
|
|
groupObj: app.LDAPGroup{
|
||
|
|
DN: fmt.Sprintf("cn=invalid,%s", GroupDN),
|
||
|
|
Attributes: app.LDAPGroupAttributes{
|
||
|
|
CN: "invalid",
|
||
|
|
Member: []string{},
|
||
|
|
},
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
var GroupDNMap = map[string]Group{
|
||
|
|
AdminGroup.groupObj.DN: AdminGroup,
|
||
|
|
AdminUserGroup.groupObj.DN: AdminUserGroup,
|
||
|
|
SampleUserGroup.groupObj.DN: SampleUserGroup,
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestClientBind(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertEquals(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test a valid user bind which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test an invalid user bind which should return invalid credentials
|
||
|
|
err = client.BindUser(InvalidUser.username, InvalidUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(InvalidUser)", err, ldap.LDAPResultInvalidCredentials)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetAllUsers(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get all users anonymously which should succeed
|
||
|
|
status, res := client.GetAllUsers()
|
||
|
|
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusOK)
|
||
|
|
users := res["users"].([]gin.H)
|
||
|
|
AssertEquals(t, "GetAllUsers() -> len(res)", len(users), 1)
|
||
|
|
for i := 0; i < len(users); i++ {
|
||
|
|
user := users[i]
|
||
|
|
userDN := user["dn"].(string)
|
||
|
|
expectedUserObj := UserDNMap[userDN].userObj
|
||
|
|
AssertLDAPUserEquals(t, fmt.Sprintf("GetAllUsers() -> res[%d]", i), user, expectedUserObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ = client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// get all users with admin bind which should succeed
|
||
|
|
status, res = client.GetAllUsers()
|
||
|
|
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusOK)
|
||
|
|
users = res["users"].([]gin.H)
|
||
|
|
AssertEquals(t, "GetAllUsers() -> len(res)", len(users), 2)
|
||
|
|
for i := 0; i < len(users); i++ {
|
||
|
|
user := users[i]
|
||
|
|
userDN := user["dn"].(string)
|
||
|
|
expectedUserObj := UserDNMap[userDN].userObj
|
||
|
|
AssertLDAPUserEquals(t, fmt.Sprintf("GetAllUsers() -> res[%d]", i), user, expectedUserObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
// bind using sample user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get all users with sample user bind which should succeed
|
||
|
|
status, res = client.GetAllUsers()
|
||
|
|
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusOK)
|
||
|
|
users = res["users"].([]gin.H)
|
||
|
|
AssertEquals(t, "GetAllUsers() -> len(res)", len(users), 2)
|
||
|
|
for i := 0; i < len(users); i++ {
|
||
|
|
user := users[i]
|
||
|
|
userDN := user["dn"].(string)
|
||
|
|
expectedUserObj := UserDNMap[userDN].userObj
|
||
|
|
AssertLDAPUserEquals(t, fmt.Sprintf("GetAllUsers() -> res[%d]", i), user, expectedUserObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
// This contrived test shows how difficult it should be for GetAllUsers to return an error
|
||
|
|
func TestGetAllUsers_InvalidBaseDN(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
config.BaseDN = RandDN(16)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get all users anonymously which should fail because of the incorrect DN
|
||
|
|
status, res := client.GetAllUsers()
|
||
|
|
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetAllUsers() -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetUser_SelfUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get the admin user which should return the expected user
|
||
|
|
status, res := client.GetUser(AdminUser.username)
|
||
|
|
AssertStatus(t, "GetUser(AdminUser) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPUserEquals(t, "GetUser(AdminUser) -> result", res["user"], AdminUser.userObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetUser_OtherUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind using sample user credentials which should succeed
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try reading the admin user, which should return the expected admin user
|
||
|
|
status, res := client.GetUser(AdminUser.username)
|
||
|
|
AssertStatus(t, "GetUser(AdminUser) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPUserEquals(t, "GetUser(AdminUser) -> result", res["user"], AdminUser.userObj)
|
||
|
|
|
||
|
|
// rebind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetUser_NoSuchUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get the invalid user which should return NoSuchObject error
|
||
|
|
status, res := client.GetUser(InvalidUser.username)
|
||
|
|
AssertStatus(t, "GetUser(InvalidUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModUser_SelfUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
modification := app.UserOptional{
|
||
|
|
CN: "testnewcn",
|
||
|
|
SN: "testnewsn",
|
||
|
|
Mail: "testnewmail@test.paasldap",
|
||
|
|
UserPassword: "test345",
|
||
|
|
}
|
||
|
|
|
||
|
|
ModifiedUser := AdminUser
|
||
|
|
ModifiedUser.userObj.Attributes.CN = modification.CN
|
||
|
|
ModifiedUser.userObj.Attributes.SN = modification.SN
|
||
|
|
ModifiedUser.userObj.Attributes.Mail = modification.Mail
|
||
|
|
ModifiedUser.password = modification.UserPassword
|
||
|
|
|
||
|
|
// try modification, which should succeed
|
||
|
|
status, _ := client.ModUser(AdminUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(AdminUser -> ModifiedUser)", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the update, which should return the expected updated user
|
||
|
|
status, res := client.GetUser(ModifiedUser.username)
|
||
|
|
AssertStatus(t, "GetUser(ModifiedUser) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPUserEquals(t, "GetUser(ModifiedUser) -> result", res["user"], ModifiedUser.userObj)
|
||
|
|
|
||
|
|
// try binding with the original password, which should fail with invalid credentials
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultInvalidCredentials)
|
||
|
|
|
||
|
|
// try binding with the updated password, which should succeed
|
||
|
|
err = client.BindUser(ModifiedUser.username, ModifiedUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(ModifiedUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
modification = app.UserOptional{
|
||
|
|
CN: AdminUser.userObj.Attributes.CN,
|
||
|
|
SN: AdminUser.userObj.Attributes.SN,
|
||
|
|
Mail: AdminUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: AdminUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// revert previous mod, which should not have errors
|
||
|
|
status, _ = client.ModUser(ModifiedUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(ModifiedUser -> AdminUser)", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the revert, which should return the expected original user
|
||
|
|
status, res = client.GetUser(AdminUser.username)
|
||
|
|
AssertStatus(t, "GetUser(AdminUser) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPUserEquals(t, "GetUser(AdminUser) -> result", res["user"], AdminUser.userObj)
|
||
|
|
|
||
|
|
// try binding with the original password, which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try binding with the updated password, which should fail with invalid credentials
|
||
|
|
err = client.BindUser(ModifiedUser.username, ModifiedUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(ModifiedUser)", err, ldap.LDAPResultInvalidCredentials)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModUser_OtherUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
newPassword := RandString(16)
|
||
|
|
|
||
|
|
modification := app.UserOptional{
|
||
|
|
UserPassword: newPassword,
|
||
|
|
}
|
||
|
|
|
||
|
|
// try password modification, which should succeed
|
||
|
|
status, _ = client.ModUser(SampleUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(SampleUser -> ModifiedUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try binding with the original password, which should fail with invalid credentials
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultInvalidCredentials)
|
||
|
|
|
||
|
|
// try binding with the updated password, which should succeed
|
||
|
|
err = client.BindUser(SampleUser.username, newPassword)
|
||
|
|
AssertLDAPError(t, "BindUser(ModifiedUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
modification = app.UserOptional{
|
||
|
|
CN: RandString(16),
|
||
|
|
}
|
||
|
|
|
||
|
|
// try cn modification, which should fail
|
||
|
|
status, res := client.ModUser(SampleUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(SampleUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "BindUser(ModifiedUser)", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModUser_NoSuchUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
modification := app.UserOptional{
|
||
|
|
CN: "invalid",
|
||
|
|
}
|
||
|
|
|
||
|
|
// try modification, which should fail with NoSuchObject
|
||
|
|
status, res := client.ModUser(InvalidUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(InvalidUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "ModUser(InvalidUser -> ModifiedUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModUser_InsufficientPermission(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind as the new sample user
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
modification := app.UserOptional{
|
||
|
|
CN: "invalid",
|
||
|
|
}
|
||
|
|
|
||
|
|
// try modification, which should fail with InsufficientAccessRights
|
||
|
|
status, res := client.ModUser(AdminUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(AdminUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "ModUser(AdminUser -> ModifiedUser) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModUser_MissingRequiredField(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
modification := app.UserOptional{}
|
||
|
|
|
||
|
|
// try modification, which should fail with mising one of cn, sn, mail, or userpassword
|
||
|
|
status, res := client.ModUser(AdminUser.username, modification)
|
||
|
|
AssertStatus(t, "ModUser(AdminUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "ModUser(AdminUser -> ModifiedUser) -> result", res["error"].(error), ldap.LDAPResultUnwillingToPerform)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModUser_NoAuth(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserOptional{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// test mod admin user as anonymous which should fail with AuthenticationRequired
|
||
|
|
status, res := client.ModUser(AdminUser.username, newUser)
|
||
|
|
AssertStatus(t, "ModUser(AdminUser -> SampleUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "ModUser(AdminUser -> SampleUser) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddGetDelUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the new user, which should return the expected sample user
|
||
|
|
status, res := client.GetUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "GetUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPUserEquals(t, "GetUser(SampleUser) -> result", res["user"], SampleUser.userObj)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the new user, which should return a an error since it has been deleted
|
||
|
|
status, res = client.GetUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "GetUser(SampleUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddUser_DuplicateUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try to create new sample user again, which should fail with object already exists
|
||
|
|
status, res := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultEntryAlreadyExists)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddUser_InsufficientPermission(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind as the sample user
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try to create a new user, which should fail with insufficient permission
|
||
|
|
status, res := client.AddUser(InvalidUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(InvalidUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddUser_MissingRequiredField(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{}
|
||
|
|
|
||
|
|
// try add invalid user, which should fail with mising all of cn, sn, mail, or userpassword
|
||
|
|
status, res := client.AddUser(InvalidUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(InvalidUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultUnwillingToPerform)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddUser_NoAuth(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// test add admin user as anonymous which should fail with AuthenticationRequired
|
||
|
|
status, res := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelUser_NoSuchUser(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try delete invalid user, which should fail with NoSuchObject
|
||
|
|
status, res := client.DelUser(InvalidUser.username)
|
||
|
|
AssertStatus(t, "DelUser(InvalidUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelUser_InsufficientPermission(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind as the sample user
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try delete admin user, which should fail with InsufficientAccessRights
|
||
|
|
status, res := client.DelUser(AdminUser.username)
|
||
|
|
AssertStatus(t, "DelUser(AdminUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelUser(AdminUser) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelUser_NoAuth(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test delete admin user as anonymous which should fail with AuthenticationRequired
|
||
|
|
status, res := client.DelUser(AdminUser.username)
|
||
|
|
AssertStatus(t, "DelUser(AdminUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelUser(AdminUser) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetAllGroups(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get all groups anonymously which should succeed
|
||
|
|
status, res := client.GetAllGroups()
|
||
|
|
AssertStatus(t, "GetAllGroups() -> status", status, http.StatusOK)
|
||
|
|
groups := res["groups"].([]gin.H)
|
||
|
|
AssertEquals(t, "GetAllGroups() -> len(res)", len(groups), 2)
|
||
|
|
for i := 0; i < len(groups); i++ {
|
||
|
|
group := groups[i]
|
||
|
|
groupDN := group["dn"].(string)
|
||
|
|
expectedGroupObj := GroupDNMap[groupDN].groupObj
|
||
|
|
AssertLDAPGroupEquals(t, fmt.Sprintf("GetAllGroups() -> res[%d]", i), group, expectedGroupObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get all groups as admin user which should succeed
|
||
|
|
status, res = client.GetAllGroups()
|
||
|
|
AssertStatus(t, "GetAllGroups() -> status", status, http.StatusOK)
|
||
|
|
groups = res["groups"].([]gin.H)
|
||
|
|
AssertEquals(t, "GetAllGroups() -> len(res)", len(groups), 2)
|
||
|
|
for i := 0; i < len(groups); i++ {
|
||
|
|
group := groups[i]
|
||
|
|
groupDN := group["dn"].(string)
|
||
|
|
expectedGroupObj := GroupDNMap[groupDN].groupObj
|
||
|
|
AssertLDAPGroupEquals(t, fmt.Sprintf("GetAllGroups() -> res[%d]", i), group, expectedGroupObj)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
// This contrived test shows how difficult it should be for GetAllGroups to return an error
|
||
|
|
func TestGetAllGroups_InvalidBaseDN(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
config.BaseDN = RandDN(16)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// get all groups anonymously which should fail because of the incorrect DN
|
||
|
|
status, res := client.GetAllGroups()
|
||
|
|
AssertStatus(t, "GetAllGroups() -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetAllGroups() -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test get admin group anonymously which should succeed
|
||
|
|
status, res := client.GetGroup(AdminGroup.groupname)
|
||
|
|
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPGroupEquals(t, "GetAllGroups(AdminGroup) -> result", res["group"], AdminGroup.groupObj)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test get admin group as admin user which should succeed
|
||
|
|
status, res = client.GetGroup(AdminGroup.groupname)
|
||
|
|
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPGroupEquals(t, "GetGroup(AdminGroup) -> result", res["group"], AdminGroup.groupObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestGetGroup_NoSuchGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test get invalid group anonymously which should fail with NoSuchObject
|
||
|
|
status, res := client.GetGroup(InvalidGroup.groupname)
|
||
|
|
AssertStatus(t, "GetGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test get invalid group as admin user which should fail with NoSuchObject
|
||
|
|
status, res = client.GetGroup(InvalidGroup.groupname)
|
||
|
|
AssertStatus(t, "GetGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
// ModGroup does nothing since LDAP GroupOfNames does not store any attributes except CN and Members.
|
||
|
|
// CN should not be changed and Members should be added or removed using the appropriate functions.
|
||
|
|
// TODO update this when the function actually produces proper results
|
||
|
|
func TestModGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test mod admin group as admin which should succeed
|
||
|
|
status, _ := client.ModGroup(AdminGroup.groupname, app.Group{})
|
||
|
|
AssertStatus(t, "ModGroup(AdminGroup -> AdminGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// test get admin group as admin user which should return the same admin group since no operation has been done
|
||
|
|
status, res := client.GetGroup(AdminGroup.groupname)
|
||
|
|
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPGroupEquals(t, "GetGroup(AdminGroup) -> result", res["group"], AdminGroup.groupObj)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModGroup_NoSuchGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test mod invalid group as sample user which should fail with InsufficientPermission
|
||
|
|
status, res := client.ModGroup(InvalidGroup.groupname, app.Group{})
|
||
|
|
AssertStatus(t, "ModGroup(InvalidGroup -> InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "ModGroup(InvalidGroup -> InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModGroup_InsufficientPermission(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind as the sample user
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test mod admin group as sample user which should fail with InsufficientPermission
|
||
|
|
status, res := client.ModGroup(AdminGroup.groupname, app.Group{})
|
||
|
|
AssertStatus(t, "ModGroup(AdminGroup -> AdminGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "ModGroup(AdminGroup -> AdminGroup) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestModGroup_NoAuth(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test mod admin group as anonymous which should fail with AuthenticationRequired
|
||
|
|
status, res := client.ModGroup(AdminGroup.groupname, app.Group{})
|
||
|
|
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetGroup(AdminGroup) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddGetDelGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newGroup := app.Group{}
|
||
|
|
|
||
|
|
// create new sample user group
|
||
|
|
status, _ := client.AddGroup(SampleUserGroup.groupname, newGroup)
|
||
|
|
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the new group, which should return the expected sample group with no members
|
||
|
|
status, res := client.GetGroup(SampleUserGroup.groupname)
|
||
|
|
expectedGroup := SampleUserGroup.groupObj
|
||
|
|
expectedGroup.Attributes.Member = []string{""} // override the expected members since we aren't testing that here
|
||
|
|
AssertStatus(t, "GetGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPGroupEquals(t, "GetGroup(SampleUserGroup) -> result", res["group"], expectedGroup)
|
||
|
|
|
||
|
|
// delete the sample user group
|
||
|
|
status, _ = client.DelGroup(SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "DelGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the new group, which should return a an error since it has been deleted
|
||
|
|
status, res = client.GetGroup(SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "GetUser(SampleUser) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "GetUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddGroup_DuplicateGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newGroup := app.Group{}
|
||
|
|
|
||
|
|
// create new sample user group
|
||
|
|
status, _ := client.AddGroup(SampleUserGroup.groupname, newGroup)
|
||
|
|
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try to create new sample user again, which should fail with object already exists
|
||
|
|
status, res := client.AddGroup(SampleUserGroup.groupname, newGroup)
|
||
|
|
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddGroup(SampleUserGroup) -> result", res["error"].(error), ldap.LDAPResultEntryAlreadyExists)
|
||
|
|
|
||
|
|
// delete the sample group
|
||
|
|
status, _ = client.DelGroup(SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "DelGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddGroup_InsufficientPermission(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind as the sample user
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newGroup := app.Group{}
|
||
|
|
|
||
|
|
// try to create a new group, which should fail with insufficient permission
|
||
|
|
status, res := client.AddGroup(InvalidGroup.groupname, newGroup)
|
||
|
|
AssertStatus(t, "AddGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddGroup_NoAuth(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newGroup := app.Group{}
|
||
|
|
|
||
|
|
// try to create a new group, which should fail with AuthenticationRequired
|
||
|
|
status, res := client.AddGroup(InvalidGroup.groupname, newGroup)
|
||
|
|
AssertStatus(t, "AddGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelGroup_NoSuchGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try delete invalid group, which should fail with NoSuchObject
|
||
|
|
status, res := client.DelGroup(InvalidGroup.groupname)
|
||
|
|
AssertStatus(t, "DelGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelGroup_InsufficientPermission(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// bind as the sample user
|
||
|
|
err = client.BindUser(SampleUser.username, SampleUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// try delete admin group, which should fail with InsufficientAccessRights
|
||
|
|
status, res := client.DelGroup(AdminGroup.groupname)
|
||
|
|
AssertStatus(t, "DelGroup(AdminGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelGroup(AdminGroup) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
|
||
|
|
|
||
|
|
// rebind as admin user
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelGroup_NoAuth(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// test del admin group as anonymous which should fail with AuthenticationRequired
|
||
|
|
status, res := client.DelGroup(InvalidGroup.groupname)
|
||
|
|
AssertStatus(t, "DelGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddDelUserToGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
newGroup := app.Group{}
|
||
|
|
|
||
|
|
// try to create a new group, which should succeed
|
||
|
|
status, _ = client.AddGroup(SampleUserGroup.groupname, newGroup)
|
||
|
|
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try adding sample user to the sample user group which should succeed
|
||
|
|
status, _ = client.AddUserToGroup(SampleUser.username, SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "AddUserToGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the new group, which should return the expected sample group with member
|
||
|
|
status, res := client.GetGroup(SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "GetGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPGroupEquals(t, "GetGroup(SampleUserGroup) -> result", res["group"], SampleUserGroup.groupObj)
|
||
|
|
|
||
|
|
// try removing sample user from the sample user group which should succeed
|
||
|
|
status, _ = client.DelUserFromGroup(SampleUser.username, SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "DelUserFromGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try reading the new group, which should return the expected sample group without any members
|
||
|
|
status, res = client.GetGroup(SampleUserGroup.groupname)
|
||
|
|
expectedGroup := SampleUserGroup.groupObj
|
||
|
|
expectedGroup.Attributes.Member = []string{""} // override the expected members since we aren't testing that here
|
||
|
|
AssertStatus(t, "GetGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
AssertLDAPGroupEquals(t, "GetGroup(SampleUserGroup) -> result", res["group"], expectedGroup)
|
||
|
|
|
||
|
|
// delete the sample user group
|
||
|
|
status, _ = client.DelGroup(SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "DelGroup(SampleUserGroup) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestAddUserToGroup_NoSuchGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try adding sample user to the sample user group which should fail with NoSuchObject
|
||
|
|
status, res := client.AddUserToGroup(SampleUser.username, SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "AddUserToGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "AddUserToGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestDelUserFromGroup_NoSuchGroup(t *testing.T) {
|
||
|
|
// create client
|
||
|
|
config, err := app.GetConfig("test_config.json")
|
||
|
|
AssertError(t, "GetConfig()", err, nil)
|
||
|
|
client, err := app.NewLDAPClient(config)
|
||
|
|
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
// bind using admin user credentials which should succeed
|
||
|
|
err = client.BindUser(AdminUser.username, AdminUser.password)
|
||
|
|
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
|
||
|
|
|
||
|
|
newUser := app.UserRequired{
|
||
|
|
CN: SampleUser.userObj.Attributes.CN,
|
||
|
|
SN: SampleUser.userObj.Attributes.SN,
|
||
|
|
Mail: SampleUser.userObj.Attributes.Mail,
|
||
|
|
UserPassword: SampleUser.password,
|
||
|
|
}
|
||
|
|
|
||
|
|
// create new sample user, which should succeed
|
||
|
|
status, _ := client.AddUser(SampleUser.username, newUser)
|
||
|
|
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
|
||
|
|
// try adding sample user to the sample user group which should fail with NoSuchObject
|
||
|
|
status, res := client.DelUserFromGroup(SampleUser.username, SampleUserGroup.groupname)
|
||
|
|
AssertStatus(t, "DelUserFromGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusBadRequest)
|
||
|
|
AssertLDAPError(t, "DelUserFromGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
|
||
|
|
|
||
|
|
// delete the sample user
|
||
|
|
status, _ = client.DelUser(SampleUser.username)
|
||
|
|
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
|
||
|
|
}
|