ldapcherry/tests/test_BackendLdap.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from __future__ import with_statement
from __future__ import unicode_literals

import pytest
import sys
from sets import Set
from ldapcherry.backend.backendLdap import Backend, DelUserDontExists
from ldapcherry.exceptions import * 
import cherrypy
import logging
import ldap

cfg = {
'module'             : 'ldapcherry.backend.ldap',
'groupdn'            : 'ou=groups,dc=example,dc=org',
'userdn'             : 'ou=People,dc=example,dc=org',
'binddn'             : 'cn=dnscherry,dc=example,dc=org',
'password'           : 'password',
'uri'                : 'ldap://ldap.ldapcherry.org:390',
'ca'                 : './tests/test_env/etc/ldapcherry/TEST-cacert.pem',
'starttls'           : 'off',
'checkcert'          : 'off',
'user_filter_tmpl'   : '(uid=%(username)s)',
'group_filter_tmpl'  : '(member=%(userdn)s)',
'search_filter_tmpl' : '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))',
'objectclasses'      : 'top, person, organizationalPerson, simpleSecurityObject, posixAccount',
'dn_user_attr'       : 'uid',
}

def syslog_error(msg='', context='',
        severity=logging.INFO, traceback=False):
    pass

cherrypy.log.error = syslog_error
attr = ['shéll', 'shell', 'cn', 'uid', 'uidNumber', 'gidNumber', 'home', 'userPassword', 'givenName', 'email', 'sn']

class TestError(object):

    def testNominal(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        return True

    def testConnect(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        ldap = inv._connect()
        ldap.simple_bind_s(inv.binddn, inv.bindpassword)
        return True

    def testConnectSSL(self):
        cfg2 = cfg.copy()
        cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
        cfg2['checkcert'] = 'on'
        inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
        ldap = inv._connect()
        ldap.simple_bind_s(inv.binddn, inv.bindpassword)

    def testLdapUnavaible(self):
        cfg2 = cfg.copy()
        cfg2['uri'] = 'ldaps://notaldap:637'
        cfg2['checkcert'] = 'on'
        cfg2['ca'] = './cfg/ca.crt'
        inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
        ldapc = inv._connect()
        try:
            ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
        except ldap.SERVER_DOWN as e:
            return 
        else:
            raise AssertionError("expected an exception")

    def testConnectSSLWrongCA(self):
        cfg2 = cfg.copy()
        cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
        cfg2['checkcert'] = 'on'
        cfg2['ca'] = './cfg/wrong_ca.crt'
        inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
        ldapc = inv._connect()
        try:
            ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
        except ldap.SERVER_DOWN as e:
            assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate'

#    def testConnectSSLNoCheck(self):
#        cfg2 = cfg.copy()
#        cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
#        cfg2['checkcert'] = 'off'
#        inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
#        ldap = inv._connect()
#        ldap.simple_bind_s(inv.binddn, inv.bindpassword)

    def testAuthSuccess(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        return True

    def testAuthSuccess(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        ret = inv.auth('jwatson', 'passwordwatson')
        assert ret == True

    def testAuthFailure(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        res = inv.auth('notauser', 'password') or inv.auth('jwatson', 'notapassword')
        assert res == False

    def testMissingParam(self):
        cfg2 = {}
        return True
        try:
            inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
        except MissingKey:
            return
        else:
            raise AssertionError("expected an exception")

    def testGetUser(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        ret = inv.get_user('jwatson')
        expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'}
        assert ret == expected

    def testGetUser(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        ret = inv.get_groups('jwatson')
        expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
        assert ret == expected

    def testSearchUser(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        ret = inv.search('smith')
        expected = [('cn=Sheri Smith,ou=People,dc=example,dc=org', {'uid': ['ssmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HERCAR 125'], 'sn': ['smith'], 'mail': ['s.smith@example.com', 'ssmith@example.com', 'sheri.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['Sheri Smith']}), ('cn=John Smith,ou=People,dc=example,dc=org', {'uid': ['jsmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HISCAR 125'], 'sn': ['Smith'], 'mail': ['j.smith@example.com', 'jsmith@example.com', 'jsmith.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['John Smith']})]
        assert ret == expected

    def testAddUser(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        user = {
        'uid': 'test',
        'sn':  'test',
        'cn':  'test',
        'userPassword': 'test',
        'uidNumber': '42',
        'gidNumber': '42',
        'homeDirectory': '/home/test/'
        }
        inv.add_user(user)
        inv.del_user('test')

    def testAddUserDuplicate(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        user = {
        'uid': 'test',
        'sn':  'test',
        'cn':  'test',
        'uidNumber': '42',
        'userPassword': 'test',
        'gidNumber': '42',
        'homeDirectory': '/home/test/'
        }
        try:
            inv.add_user(user)
            inv.add_user(user)
        except ldap.ALREADY_EXISTS:
            inv.del_user('test')
            return
        else:
            inv.del_user('test')
            raise AssertionError("expected an exception")

    def testDelUserDontExists(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        try:
            inv.del_user('test')
            inv.del_user('test')
        except DelUserDontExists:
            return
        else:
            raise AssertionError("expected an exception")


    def testAddUserMissingMustAttribute(self):
        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
        user = {
        'uid': 'test',
        'sn':  'test',
        'cn':  'test',
        'userPassword': 'test',
        'gidNumber': '42',
        'homeDirectory': '/home/test/'
        }
        try:
            inv.add_user(user)
        except ldap.OBJECT_CLASS_VIOLATION:
            return
        else:
            inv.del_user('test')
            raise AssertionError("expected an exception")
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`

			`from __future__ import with_statement`
			`from __future__ import unicode_literals`

			`import pytest`
			`import sys`
			`from sets import Set`
adding unit test for del user if user don't exist 2015-05-28 09:51:19 +02:00			`from ldapcherry.backend.backendLdap import Backend, DelUserDontExists`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`from ldapcherry.exceptions import *`
			`import cherrypy`
adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`import logging`
			`import ldap`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00
			`cfg = {`
adding search template 2015-05-25 18:52:14 +02:00			`'module' : 'ldapcherry.backend.ldap',`
add unit test for get_groups 2015-05-27 21:56:55 +02:00			`'groupdn' : 'ou=groups,dc=example,dc=org',`
adding search template 2015-05-25 18:52:14 +02:00			`'userdn' : 'ou=People,dc=example,dc=org',`
			`'binddn' : 'cn=dnscherry,dc=example,dc=org',`
			`'password' : 'password',`
			`'uri' : 'ldap://ldap.ldapcherry.org:390',`
			`'ca' : './tests/test_env/etc/ldapcherry/TEST-cacert.pem',`
			`'starttls' : 'off',`
			`'checkcert' : 'off',`
			`'user_filter_tmpl' : '(uid=%(username)s)',`
			`'group_filter_tmpl' : '(member=%(userdn)s)',`
implementing search users * adding search * adding unit tests 2015-05-25 19:30:41 +02:00			`'search_filter_tmpl' : '(\|(uid=%(searchstring)s)(sn=%(searchstring)s))',`
adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`'objectclasses' : 'top, person, organizationalPerson, simpleSecurityObject, posixAccount',`
			`'dn_user_attr' : 'uid',`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`}`

adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`def syslog_error(msg='', context='',`
			`severity=logging.INFO, traceback=False):`
			`pass`

multiple changes * change parameters name for Backend Ldap * fix default value handling in backends get_param * correct exception in backends get_param * fix syntaxe error * add backend name in test_BackendLdap.py 2015-05-21 21:40:13 +02:00			`cherrypy.log.error = syslog_error`
multiple changes * implemeting recover user attributes * adding a unit test for unavailable ldap * adding a parameter timeout to set the ldap timeout connexion 2015-05-22 20:05:24 +02:00			`attr = ['shéll', 'shell', 'cn', 'uid', 'uidNumber', 'gidNumber', 'home', 'userPassword', 'givenName', 'email', 'sn']`
multiple changes * change parameters name for Backend Ldap * fix default value handling in backends get_param * correct exception in backends get_param * fix syntaxe error * add backend name in test_BackendLdap.py 2015-05-21 21:40:13 +02:00
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`class TestError(object):`

			`def testNominal(self):`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`return True`

			`def testConnect(self):`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`ldap = inv._connect()`
			`ldap.simple_bind_s(inv.binddn, inv.bindpassword)`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`return True`

			`def testConnectSSL(self):`
many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`cfg2 = cfg.copy()`
			`cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'`
			`cfg2['checkcert'] = 'on'`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg2, cherrypy.log, 'ldap', attr)`
many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`ldap = inv._connect()`
			`ldap.simple_bind_s(inv.binddn, inv.bindpassword)`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00
adding unit test for ldap server unavailable 2015-05-22 19:38:41 +02:00			`def testLdapUnavaible(self):`
			`cfg2 = cfg.copy()`
			`cfg2['uri'] = 'ldaps://notaldap:637'`
			`cfg2['checkcert'] = 'on'`
			`cfg2['ca'] = './cfg/ca.crt'`
			`inv = Backend(cfg2, cherrypy.log, 'ldap', attr)`
			`ldapc = inv._connect()`
			`try:`
			`ldapc.simple_bind_s(inv.binddn, inv.bindpassword)`
adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`except ldap.SERVER_DOWN as e:`
adding unit test for ldap server unavailable 2015-05-22 19:38:41 +02:00			`return`
			`else:`
			`raise AssertionError("expected an exception")`

many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`def testConnectSSLWrongCA(self):`
			`cfg2 = cfg.copy()`
			`cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'`
			`cfg2['checkcert'] = 'on'`
			`cfg2['ca'] = './cfg/wrong_ca.crt'`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg2, cherrypy.log, 'ldap', attr)`
many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`ldapc = inv._connect()`
			`try:`
			`ldapc.simple_bind_s(inv.binddn, inv.bindpassword)`
adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`except ldap.SERVER_DOWN as e:`
many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate'`

			`# def testConnectSSLNoCheck(self):`
			`# cfg2 = cfg.copy()`
			`# cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'`
			`# cfg2['checkcert'] = 'off'`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`# inv = Backend(cfg2, cherrypy.log, 'ldap', attr)`
many fixes in unit tests + fix in params + fix in constant Oh god, python-ldap is crap... * add better unit test * correct params name * correct exception handling * disable testConnectSSLNoCheck (impossible to test with a certificate previously defined) 2015-05-22 01:16:53 +02:00			`# ldap = inv._connect()`
			`# ldap.simple_bind_s(inv.binddn, inv.bindpassword)`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00
			`def testAuthSuccess(self):`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`return True`

			`def testAuthSuccess(self):`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
implement unit test on auth test 2015-05-22 01:33:15 +02:00			`ret = inv.auth('jwatson', 'passwordwatson')`
			`assert ret == True`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00
			`def testAuthFailure(self):`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
implement unit test on auth test 2015-05-22 01:33:15 +02:00			`res = inv.auth('notauser', 'password') or inv.auth('jwatson', 'notapassword')`
			`assert res == False`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00
			`def testMissingParam(self):`
			`cfg2 = {}`
			`return True`
			`try:`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg2, cherrypy.log, 'ldap', attr)`
adding skeleton for ldap backed 2015-05-21 08:33:56 +02:00			`except MissingKey:`
			`return`
			`else:`
			`raise AssertionError("expected an exception")`

			`def testGetUser(self):`
add passing attributes list to backend 2015-05-22 10:27:46 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
multiple changes * implemeting recover user attributes * adding a unit test for unavailable ldap * adding a parameter timeout to set the ldap timeout connexion 2015-05-22 20:05:24 +02:00			`ret = inv.get_user('jwatson')`
fix test on ldap backend 2015-05-26 22:51:29 +02:00			`expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'}`
multiple changes * implemeting recover user attributes * adding a unit test for unavailable ldap * adding a parameter timeout to set the ldap timeout connexion 2015-05-22 20:05:24 +02:00			`assert ret == expected`
implementing search users * adding search * adding unit tests 2015-05-25 19:30:41 +02:00
add unit test for get_groups 2015-05-27 21:56:55 +02:00			`def testGetUser(self):`
			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
			`ret = inv.get_groups('jwatson')`
			`expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']`
			`assert ret == expected`

adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`def testSearchUser(self):`
implementing search users * adding search * adding unit tests 2015-05-25 19:30:41 +02:00			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
			`ret = inv.search('smith')`
			expected = [('cn=Sheri Smith,ou=People,dc=example,dc=org', {'uid': ['ssmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HERCAR 125'], 'sn': ['smith'], 'mail': ['s.smith@example.com', 'ssmith@example.com', 'sheri.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['Sheri Smith']}), ('cn=John Smith,ou=People,dc=example,dc=org', {'uid': ['jsmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HISCAR 125'], 'sn': ['Smith'], 'mail': ['j.smith@example.com', 'jsmith@example.com', 'jsmith.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['John Smith']})]
			`assert ret == expected`
adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00
			`def testAddUser(self):`
			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
			`user = {`
			`'uid': 'test',`
			`'sn': 'test',`
			`'cn': 'test',`
			`'userPassword': 'test',`
			`'uidNumber': '42',`
			`'gidNumber': '42',`
			`'homeDirectory': '/home/test/'`
			`}`
			`inv.add_user(user)`
			`inv.del_user('test')`

			`def testAddUserDuplicate(self):`
			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
			`user = {`
			`'uid': 'test',`
			`'sn': 'test',`
			`'cn': 'test',`
			`'uidNumber': '42',`
			`'userPassword': 'test',`
			`'gidNumber': '42',`
			`'homeDirectory': '/home/test/'`
			`}`
			`try:`
			`inv.add_user(user)`
			`inv.add_user(user)`
			`except ldap.ALREADY_EXISTS:`
			`inv.del_user('test')`
			`return`
			`else:`
			`inv.del_user('test')`
			`raise AssertionError("expected an exception")`

adding unit test for del user if user don't exist 2015-05-28 09:51:19 +02:00			`def testDelUserDontExists(self):`
			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
			`try:`
			`inv.del_user('test')`
			`inv.del_user('test')`
			`except DelUserDontExists:`
			`return`
			`else:`
			`raise AssertionError("expected an exception")`


adding methods add_user and del_user * adding add_user * adding del_user * adding unit tests * adding configuration parameters for adding users 2015-05-26 00:33:36 +02:00			`def testAddUserMissingMustAttribute(self):`
			`inv = Backend(cfg, cherrypy.log, 'ldap', attr)`
			`user = {`
			`'uid': 'test',`
			`'sn': 'test',`
			`'cn': 'test',`
			`'userPassword': 'test',`
			`'gidNumber': '42',`
			`'homeDirectory': '/home/test/'`
			`}`
			`try:`
			`inv.add_user(user)`
			`except ldap.OBJECT_CLASS_VIOLATION:`
			`return`
			`else:`
			`inv.del_user('test')`
			`raise AssertionError("expected an exception")`