ProxmoxAAS-LDAP/test/integration_test.go

1238 lines
50 KiB
Go
Raw Permalink Normal View History

package tests
// Assumes that the LDAP test server follows the PAAS-LDAP requirements which can be set using https://git.tronnet.net/tronnet/open-ldap-setup.
// Alternatively run `make dev-init` followed by `make test`.
// The integration tests ensures that the LDAP client maintains the security and access control of PAAS-LDAP but likely does not address integration with generic LDAP setups.
import (
"fmt"
"net/http"
app "proxmoxaas-ldap/app"
"testing"
"github.com/gin-gonic/gin"
"github.com/go-ldap/ldap/v3"
)
var AdminUser = User{
username: "adminuser",
password: "admin123",
userObj: app.LDAPUser{
DN: fmt.Sprintf("uid=adminuser,%s", PeopleDN),
Attributes: app.LDAPUserAttributes{
CN: "admin",
SN: "user",
UID: "adminuser",
Mail: "adminuser@test.paasldap",
MemberOf: []string{
fmt.Sprintf("cn=adminuser,%s", GroupDN),
fmt.Sprintf("cn=admins,%s", GroupDN),
},
},
},
}
var InvalidUser = User{
username: RandString(16),
password: RandString(16),
userObj: app.LDAPUser{},
}
var SampleUser = User{
username: "sampleuser",
password: "sample123",
userObj: app.LDAPUser{
DN: "uid=sampleuser,ou=people,dc=test,dc=paasldap",
Attributes: app.LDAPUserAttributes{
CN: "sample",
SN: "user",
UID: "sampleuser",
Mail: "sampleuser@test.paasldap",
MemberOf: []string{},
},
},
}
var UserDNMap = map[string]User{
AdminUser.userObj.DN: AdminUser,
SampleUser.userObj.DN: SampleUser,
// invalid user not included because it should not be added as a valid user
}
var AdminGroup = Group{
groupname: "admins",
groupObj: app.LDAPGroup{
DN: fmt.Sprintf("cn=admins,%s", GroupDN),
Attributes: app.LDAPGroupAttributes{
CN: "admins",
Member: []string{
fmt.Sprintf("uid=adminuser,%s", PeopleDN),
},
},
},
}
var AdminUserGroup = Group{
groupname: "adminuser",
groupObj: app.LDAPGroup{
DN: fmt.Sprintf("cn=adminuser,%s", GroupDN),
Attributes: app.LDAPGroupAttributes{
CN: "adminuser",
Member: []string{
fmt.Sprintf("uid=adminuser,%s", PeopleDN),
},
},
},
}
var SampleUserGroup = Group{
groupname: "sampleuser",
groupObj: app.LDAPGroup{
DN: fmt.Sprintf("cn=sampleuser,%s", GroupDN),
Attributes: app.LDAPGroupAttributes{
CN: "sampleuser",
Member: []string{
"",
fmt.Sprintf("uid=sampleuser,%s", PeopleDN),
},
},
},
}
var InvalidGroup = Group{
groupname: "invalid",
groupObj: app.LDAPGroup{
DN: fmt.Sprintf("cn=invalid,%s", GroupDN),
Attributes: app.LDAPGroupAttributes{
CN: "invalid",
Member: []string{},
},
},
}
var GroupDNMap = map[string]Group{
AdminGroup.groupObj.DN: AdminGroup,
AdminUserGroup.groupObj.DN: AdminUserGroup,
SampleUserGroup.groupObj.DN: SampleUserGroup,
}
func TestClientBind(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertEquals(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// test a valid user bind which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// test an invalid user bind which should return invalid credentials
err = client.BindUser(InvalidUser.username, InvalidUser.password)
AssertLDAPError(t, "BindUser(InvalidUser)", err, ldap.LDAPResultInvalidCredentials)
}
func TestGetAllUsers(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// get all users anonymously which should succeed
status, res := client.GetAllUsers()
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusOK)
users := res["users"].([]gin.H)
AssertEquals(t, "GetAllUsers() -> len(res)", len(users), 1)
for i := 0; i < len(users); i++ {
user := users[i]
userDN := user["dn"].(string)
expectedUserObj := UserDNMap[userDN].userObj
AssertLDAPUserEquals(t, fmt.Sprintf("GetAllUsers() -> res[%d]", i), user, expectedUserObj)
}
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ = client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// get all users with admin bind which should succeed
status, res = client.GetAllUsers()
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusOK)
users = res["users"].([]gin.H)
AssertEquals(t, "GetAllUsers() -> len(res)", len(users), 2)
for i := 0; i < len(users); i++ {
user := users[i]
userDN := user["dn"].(string)
expectedUserObj := UserDNMap[userDN].userObj
AssertLDAPUserEquals(t, fmt.Sprintf("GetAllUsers() -> res[%d]", i), user, expectedUserObj)
}
// bind using sample user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// get all users with sample user bind which should succeed
status, res = client.GetAllUsers()
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusOK)
users = res["users"].([]gin.H)
AssertEquals(t, "GetAllUsers() -> len(res)", len(users), 2)
for i := 0; i < len(users); i++ {
user := users[i]
userDN := user["dn"].(string)
expectedUserObj := UserDNMap[userDN].userObj
AssertLDAPUserEquals(t, fmt.Sprintf("GetAllUsers() -> res[%d]", i), user, expectedUserObj)
}
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
// This contrived test shows how difficult it should be for GetAllUsers to return an error
func TestGetAllUsers_InvalidBaseDN(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
config.BaseDN = RandDN(16)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// get all users anonymously which should fail because of the incorrect DN
status, res := client.GetAllUsers()
AssertStatus(t, "GetAllUsers() -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetAllUsers() -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestGetUser_SelfUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// get the admin user which should return the expected user
status, res := client.GetUser(AdminUser.username)
AssertStatus(t, "GetUser(AdminUser) -> status", status, http.StatusOK)
AssertLDAPUserEquals(t, "GetUser(AdminUser) -> result", res["user"], AdminUser.userObj)
}
func TestGetUser_OtherUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind using sample user credentials which should succeed
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
// try reading the admin user, which should return the expected admin user
status, res := client.GetUser(AdminUser.username)
AssertStatus(t, "GetUser(AdminUser) -> status", status, http.StatusOK)
AssertLDAPUserEquals(t, "GetUser(AdminUser) -> result", res["user"], AdminUser.userObj)
// rebind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestGetUser_NoSuchUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// get the invalid user which should return NoSuchObject error
status, res := client.GetUser(InvalidUser.username)
AssertStatus(t, "GetUser(InvalidUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestModUser_SelfUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
modification := app.UserOptional{
CN: "testnewcn",
SN: "testnewsn",
Mail: "testnewmail@test.paasldap",
UserPassword: "test345",
}
ModifiedUser := AdminUser
ModifiedUser.userObj.Attributes.CN = modification.CN
ModifiedUser.userObj.Attributes.SN = modification.SN
ModifiedUser.userObj.Attributes.Mail = modification.Mail
ModifiedUser.password = modification.UserPassword
// try modification, which should succeed
status, _ := client.ModUser(AdminUser.username, modification)
AssertStatus(t, "ModUser(AdminUser -> ModifiedUser)", status, http.StatusOK)
// try reading the update, which should return the expected updated user
status, res := client.GetUser(ModifiedUser.username)
AssertStatus(t, "GetUser(ModifiedUser) -> status", status, http.StatusOK)
AssertLDAPUserEquals(t, "GetUser(ModifiedUser) -> result", res["user"], ModifiedUser.userObj)
// try binding with the original password, which should fail with invalid credentials
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultInvalidCredentials)
// try binding with the updated password, which should succeed
err = client.BindUser(ModifiedUser.username, ModifiedUser.password)
AssertLDAPError(t, "BindUser(ModifiedUser)", err, ldap.LDAPResultSuccess)
modification = app.UserOptional{
CN: AdminUser.userObj.Attributes.CN,
SN: AdminUser.userObj.Attributes.SN,
Mail: AdminUser.userObj.Attributes.Mail,
UserPassword: AdminUser.password,
}
// revert previous mod, which should not have errors
status, _ = client.ModUser(ModifiedUser.username, modification)
AssertStatus(t, "ModUser(ModifiedUser -> AdminUser)", status, http.StatusOK)
// try reading the revert, which should return the expected original user
status, res = client.GetUser(AdminUser.username)
AssertStatus(t, "GetUser(AdminUser) -> status", status, http.StatusOK)
AssertLDAPUserEquals(t, "GetUser(AdminUser) -> result", res["user"], AdminUser.userObj)
// try binding with the original password, which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// try binding with the updated password, which should fail with invalid credentials
err = client.BindUser(ModifiedUser.username, ModifiedUser.password)
AssertLDAPError(t, "BindUser(ModifiedUser)", err, ldap.LDAPResultInvalidCredentials)
}
func TestModUser_OtherUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
newPassword := RandString(16)
modification := app.UserOptional{
UserPassword: newPassword,
}
// try password modification, which should succeed
status, _ = client.ModUser(SampleUser.username, modification)
AssertStatus(t, "ModUser(SampleUser -> ModifiedUser) -> status", status, http.StatusOK)
// try binding with the original password, which should fail with invalid credentials
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultInvalidCredentials)
// try binding with the updated password, which should succeed
err = client.BindUser(SampleUser.username, newPassword)
AssertLDAPError(t, "BindUser(ModifiedUser)", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
modification = app.UserOptional{
CN: RandString(16),
}
// try cn modification, which should fail
status, res := client.ModUser(SampleUser.username, modification)
AssertStatus(t, "ModUser(SampleUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "BindUser(ModifiedUser)", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestModUser_NoSuchUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
modification := app.UserOptional{
CN: "invalid",
}
// try modification, which should fail with NoSuchObject
status, res := client.ModUser(InvalidUser.username, modification)
AssertStatus(t, "ModUser(InvalidUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "ModUser(InvalidUser -> ModifiedUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestModUser_InsufficientPermission(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind as the new sample user
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
modification := app.UserOptional{
CN: "invalid",
}
// try modification, which should fail with InsufficientAccessRights
status, res := client.ModUser(AdminUser.username, modification)
AssertStatus(t, "ModUser(AdminUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "ModUser(AdminUser -> ModifiedUser) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestModUser_MissingRequiredField(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
modification := app.UserOptional{}
// try modification, which should fail with mising one of cn, sn, mail, or userpassword
status, res := client.ModUser(AdminUser.username, modification)
AssertStatus(t, "ModUser(AdminUser -> ModifiedUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "ModUser(AdminUser -> ModifiedUser) -> result", res["error"].(error), ldap.LDAPResultUnwillingToPerform)
}
func TestModUser_NoAuth(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
newUser := app.UserOptional{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// test mod admin user as anonymous which should fail with AuthenticationRequired
status, res := client.ModUser(AdminUser.username, newUser)
AssertStatus(t, "ModUser(AdminUser -> SampleUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "ModUser(AdminUser -> SampleUser) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
}
func TestAddGetDelUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// try reading the new user, which should return the expected sample user
status, res := client.GetUser(SampleUser.username)
AssertStatus(t, "GetUser(SampleUser) -> status", status, http.StatusOK)
AssertLDAPUserEquals(t, "GetUser(SampleUser) -> result", res["user"], SampleUser.userObj)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
// try reading the new user, which should return a an error since it has been deleted
status, res = client.GetUser(SampleUser.username)
AssertStatus(t, "GetUser(SampleUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestAddUser_DuplicateUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// try to create new sample user again, which should fail with object already exists
status, res := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultEntryAlreadyExists)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestAddUser_InsufficientPermission(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind as the sample user
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
// try to create a new user, which should fail with insufficient permission
status, res := client.AddUser(InvalidUser.username, newUser)
AssertStatus(t, "AddUser(InvalidUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestAddUser_MissingRequiredField(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{}
// try add invalid user, which should fail with mising all of cn, sn, mail, or userpassword
status, res := client.AddUser(InvalidUser.username, newUser)
AssertStatus(t, "AddUser(InvalidUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultUnwillingToPerform)
}
func TestAddUser_NoAuth(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// test add admin user as anonymous which should fail with AuthenticationRequired
status, res := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
}
func TestDelUser_NoSuchUser(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// try delete invalid user, which should fail with NoSuchObject
status, res := client.DelUser(InvalidUser.username)
AssertStatus(t, "DelUser(InvalidUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelUser(InvalidUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestDelUser_InsufficientPermission(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind as the sample user
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
// try delete admin user, which should fail with InsufficientAccessRights
status, res := client.DelUser(AdminUser.username)
AssertStatus(t, "DelUser(AdminUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelUser(AdminUser) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestDelUser_NoAuth(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// test delete admin user as anonymous which should fail with AuthenticationRequired
status, res := client.DelUser(AdminUser.username)
AssertStatus(t, "DelUser(AdminUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelUser(AdminUser) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
}
func TestGetAllGroups(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// get all groups anonymously which should succeed
status, res := client.GetAllGroups()
AssertStatus(t, "GetAllGroups() -> status", status, http.StatusOK)
groups := res["groups"].([]gin.H)
AssertEquals(t, "GetAllGroups() -> len(res)", len(groups), 2)
for i := 0; i < len(groups); i++ {
group := groups[i]
groupDN := group["dn"].(string)
expectedGroupObj := GroupDNMap[groupDN].groupObj
AssertLDAPGroupEquals(t, fmt.Sprintf("GetAllGroups() -> res[%d]", i), group, expectedGroupObj)
}
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// get all groups as admin user which should succeed
status, res = client.GetAllGroups()
AssertStatus(t, "GetAllGroups() -> status", status, http.StatusOK)
groups = res["groups"].([]gin.H)
AssertEquals(t, "GetAllGroups() -> len(res)", len(groups), 2)
for i := 0; i < len(groups); i++ {
group := groups[i]
groupDN := group["dn"].(string)
expectedGroupObj := GroupDNMap[groupDN].groupObj
AssertLDAPGroupEquals(t, fmt.Sprintf("GetAllGroups() -> res[%d]", i), group, expectedGroupObj)
}
}
// This contrived test shows how difficult it should be for GetAllGroups to return an error
func TestGetAllGroups_InvalidBaseDN(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
config.BaseDN = RandDN(16)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// get all groups anonymously which should fail because of the incorrect DN
status, res := client.GetAllGroups()
AssertStatus(t, "GetAllGroups() -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetAllGroups() -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestGetGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// test get admin group anonymously which should succeed
status, res := client.GetGroup(AdminGroup.groupname)
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusOK)
AssertLDAPGroupEquals(t, "GetAllGroups(AdminGroup) -> result", res["group"], AdminGroup.groupObj)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// test get admin group as admin user which should succeed
status, res = client.GetGroup(AdminGroup.groupname)
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusOK)
AssertLDAPGroupEquals(t, "GetGroup(AdminGroup) -> result", res["group"], AdminGroup.groupObj)
}
func TestGetGroup_NoSuchGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// test get invalid group anonymously which should fail with NoSuchObject
status, res := client.GetGroup(InvalidGroup.groupname)
AssertStatus(t, "GetGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// test get invalid group as admin user which should fail with NoSuchObject
status, res = client.GetGroup(InvalidGroup.groupname)
AssertStatus(t, "GetGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
// ModGroup does nothing since LDAP GroupOfNames does not store any attributes except CN and Members.
// CN should not be changed and Members should be added or removed using the appropriate functions.
// TODO update this when the function actually produces proper results
func TestModGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// test mod admin group as admin which should succeed
status, _ := client.ModGroup(AdminGroup.groupname, app.Group{})
AssertStatus(t, "ModGroup(AdminGroup -> AdminGroup) -> status", status, http.StatusOK)
// test get admin group as admin user which should return the same admin group since no operation has been done
status, res := client.GetGroup(AdminGroup.groupname)
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusOK)
AssertLDAPGroupEquals(t, "GetGroup(AdminGroup) -> result", res["group"], AdminGroup.groupObj)
}
func TestModGroup_NoSuchGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// test mod invalid group as sample user which should fail with InsufficientPermission
status, res := client.ModGroup(InvalidGroup.groupname, app.Group{})
AssertStatus(t, "ModGroup(InvalidGroup -> InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "ModGroup(InvalidGroup -> InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestModGroup_InsufficientPermission(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind as the sample user
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
// test mod admin group as sample user which should fail with InsufficientPermission
status, res := client.ModGroup(AdminGroup.groupname, app.Group{})
AssertStatus(t, "ModGroup(AdminGroup -> AdminGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "ModGroup(AdminGroup -> AdminGroup) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestModGroup_NoAuth(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// test mod admin group as anonymous which should fail with AuthenticationRequired
status, res := client.ModGroup(AdminGroup.groupname, app.Group{})
AssertStatus(t, "GetGroup(AdminGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetGroup(AdminGroup) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
}
func TestAddGetDelGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newGroup := app.Group{}
// create new sample user group
status, _ := client.AddGroup(SampleUserGroup.groupname, newGroup)
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusOK)
// try reading the new group, which should return the expected sample group with no members
status, res := client.GetGroup(SampleUserGroup.groupname)
expectedGroup := SampleUserGroup.groupObj
expectedGroup.Attributes.Member = []string{""} // override the expected members since we aren't testing that here
AssertStatus(t, "GetGroup(SampleUserGroup) -> status", status, http.StatusOK)
AssertLDAPGroupEquals(t, "GetGroup(SampleUserGroup) -> result", res["group"], expectedGroup)
// delete the sample user group
status, _ = client.DelGroup(SampleUserGroup.groupname)
AssertStatus(t, "DelGroup(SampleUserGroup) -> status", status, http.StatusOK)
// try reading the new group, which should return a an error since it has been deleted
status, res = client.GetGroup(SampleUserGroup.groupname)
AssertStatus(t, "GetUser(SampleUser) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "GetUser(SampleUser) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestAddGroup_DuplicateGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newGroup := app.Group{}
// create new sample user group
status, _ := client.AddGroup(SampleUserGroup.groupname, newGroup)
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusOK)
// try to create new sample user again, which should fail with object already exists
status, res := client.AddGroup(SampleUserGroup.groupname, newGroup)
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddGroup(SampleUserGroup) -> result", res["error"].(error), ldap.LDAPResultEntryAlreadyExists)
// delete the sample group
status, _ = client.DelGroup(SampleUserGroup.groupname)
AssertStatus(t, "DelGroup(SampleUserGroup) -> status", status, http.StatusOK)
}
func TestAddGroup_InsufficientPermission(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind as the sample user
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
newGroup := app.Group{}
// try to create a new group, which should fail with insufficient permission
status, res := client.AddGroup(InvalidGroup.groupname, newGroup)
AssertStatus(t, "AddGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestAddGroup_NoAuth(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
newGroup := app.Group{}
// try to create a new group, which should fail with AuthenticationRequired
status, res := client.AddGroup(InvalidGroup.groupname, newGroup)
AssertStatus(t, "AddGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
}
func TestDelGroup_NoSuchGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// try delete invalid group, which should fail with NoSuchObject
status, res := client.DelGroup(InvalidGroup.groupname)
AssertStatus(t, "DelGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
}
func TestDelGroup_InsufficientPermission(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// bind as the sample user
err = client.BindUser(SampleUser.username, SampleUser.password)
AssertLDAPError(t, "BindUser(SampleUser)", err, ldap.LDAPResultSuccess)
// try delete admin group, which should fail with InsufficientAccessRights
status, res := client.DelGroup(AdminGroup.groupname)
AssertStatus(t, "DelGroup(AdminGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelGroup(AdminGroup) -> result", res["error"].(error), ldap.LDAPResultInsufficientAccessRights)
// rebind as admin user
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestDelGroup_NoAuth(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// test del admin group as anonymous which should fail with AuthenticationRequired
status, res := client.DelGroup(InvalidGroup.groupname)
AssertStatus(t, "DelGroup(InvalidGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultStrongAuthRequired)
}
func TestAddDelUserToGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
newGroup := app.Group{}
// try to create a new group, which should succeed
status, _ = client.AddGroup(SampleUserGroup.groupname, newGroup)
AssertStatus(t, "AddGroup(SampleUserGroup) -> status", status, http.StatusOK)
// try adding sample user to the sample user group which should succeed
status, _ = client.AddUserToGroup(SampleUser.username, SampleUserGroup.groupname)
AssertStatus(t, "AddUserToGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusOK)
// try reading the new group, which should return the expected sample group with member
status, res := client.GetGroup(SampleUserGroup.groupname)
AssertStatus(t, "GetGroup(SampleUserGroup) -> status", status, http.StatusOK)
AssertLDAPGroupEquals(t, "GetGroup(SampleUserGroup) -> result", res["group"], SampleUserGroup.groupObj)
// try removing sample user from the sample user group which should succeed
status, _ = client.DelUserFromGroup(SampleUser.username, SampleUserGroup.groupname)
AssertStatus(t, "DelUserFromGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusOK)
// try reading the new group, which should return the expected sample group without any members
status, res = client.GetGroup(SampleUserGroup.groupname)
expectedGroup := SampleUserGroup.groupObj
expectedGroup.Attributes.Member = []string{""} // override the expected members since we aren't testing that here
AssertStatus(t, "GetGroup(SampleUserGroup) -> status", status, http.StatusOK)
AssertLDAPGroupEquals(t, "GetGroup(SampleUserGroup) -> result", res["group"], expectedGroup)
// delete the sample user group
status, _ = client.DelGroup(SampleUserGroup.groupname)
AssertStatus(t, "DelGroup(SampleUserGroup) -> status", status, http.StatusOK)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestAddUserToGroup_NoSuchGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// try adding sample user to the sample user group which should fail with NoSuchObject
status, res := client.AddUserToGroup(SampleUser.username, SampleUserGroup.groupname)
AssertStatus(t, "AddUserToGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "AddUserToGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}
func TestDelUserFromGroup_NoSuchGroup(t *testing.T) {
// create client
config, err := app.GetConfig("test_config.json")
AssertError(t, "GetConfig()", err, nil)
client, err := app.NewLDAPClient(config)
AssertLDAPError(t, "NewLDAPClient()", err, ldap.LDAPResultSuccess)
// bind using admin user credentials which should succeed
err = client.BindUser(AdminUser.username, AdminUser.password)
AssertLDAPError(t, "BindUser(AdminUser)", err, ldap.LDAPResultSuccess)
newUser := app.UserRequired{
CN: SampleUser.userObj.Attributes.CN,
SN: SampleUser.userObj.Attributes.SN,
Mail: SampleUser.userObj.Attributes.Mail,
UserPassword: SampleUser.password,
}
// create new sample user, which should succeed
status, _ := client.AddUser(SampleUser.username, newUser)
AssertStatus(t, "AddUser(SampleUser) -> status", status, http.StatusOK)
// try adding sample user to the sample user group which should fail with NoSuchObject
status, res := client.DelUserFromGroup(SampleUser.username, SampleUserGroup.groupname)
AssertStatus(t, "DelUserFromGroup(SampleUser -> SampleUserGroup) -> status", status, http.StatusBadRequest)
AssertLDAPError(t, "DelUserFromGroup(InvalidGroup) -> result", res["error"].(error), ldap.LDAPResultNoSuchObject)
// delete the sample user
status, _ = client.DelUser(SampleUser.username)
AssertStatus(t, "DelUser(SampleUser) -> status", status, http.StatusOK)
}