From 37dcbc92468b29ca03d06e93f5ed3e95a53eec89 Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 21:49:23 +0200 Subject: [PATCH 1/9] fix configuration of unit test --- tests/cfg/ldapcherry.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cfg/ldapcherry.ini b/tests/cfg/ldapcherry.ini index f67674f..b04dbd7 100644 --- a/tests/cfg/ldapcherry.ini +++ b/tests/cfg/ldapcherry.ini @@ -71,7 +71,7 @@ ldap.groupdn = 'ou=groups,dc=example,dc=org' ldap.userdn = 'ou=people,dc=example,dc=org' ldap.binddn = 'cn=dnscherry,dc=example,dc=org' ldap.password = 'password' -ldap.uri = 'ldap://ldap.ldapcherry.org:637' +ldap.uri = 'ldap://ldap.ldapcherry.org:390' ldap.ca = '/etc/dnscherry/TEST-cacert.pem' ldap.starttls = 'off' ldap.checkcert = 'off' From c6ffdc20d88ebad65e438532761559201cd93968 Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 22:20:21 +0200 Subject: [PATCH 2/9] reenable ssl no cert check --- tests/test_BackendLdap.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 2474c96..ad54417 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -45,13 +45,13 @@ class TestError(object): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') return True -# def testConnectSSLNoCheck(self): -# cfg2 = cfg.copy() -# cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' -# cfg2['checkcert'] = 'off' -# inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') -# ldap = inv._connect() -# ldap.simple_bind_s(inv.binddn, inv.bindpassword) + def testConnectSSLNoCheck(self): + cfg2 = cfg.copy() + cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' + cfg2['checkcert'] = 'off' + inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') + ldap = inv._connect() + ldap.simple_bind_s(inv.binddn, inv.bindpassword) def testConnect(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') From 05a897f3559e52e69cf2db6b93b3f7b56986ccbe Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 22:41:42 +0200 Subject: [PATCH 3/9] fix path to ca --- tests/test_BackendLdap.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index ad54417..4b2a561 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -20,7 +20,7 @@ cfg = { 'binddn' : 'cn=dnscherry,dc=example,dc=org', 'password' : 'password', 'uri' : 'ldap://ldap.dnscherry.org:390', -'ca' : './tests/test_env/etc/ldapcherry/TEST-cacert.pem', +'ca' : './test/cfg/ca.crt', 'starttls' : 'off', 'checkcert' : 'off', 'user_filter_tmpl' : '(uid=%(username)s)', @@ -71,7 +71,6 @@ class TestError(object): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://notaldap:637' cfg2['checkcert'] = 'on' - cfg2['ca'] = './cfg/ca.crt' inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') ldapc = inv._connect() try: @@ -85,7 +84,7 @@ class TestError(object): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' cfg2['checkcert'] = 'on' - cfg2['ca'] = './cfg/wrong_ca.crt' + cfg2['ca'] = './test/cfg/wrong_ca.crt' inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') ldapc = inv._connect() try: From a3c75f97f549ae0cd90a4a3c81697556c5e48a65 Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 22:51:33 +0200 Subject: [PATCH 4/9] adding unit test for starttls --- tests/test_BackendLdap.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 4b2a561..60be994 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -92,6 +92,21 @@ class TestError(object): except ldap.SERVER_DOWN as e: assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate' + def testConnectStartTLS(self): + cfg2 = cfg.copy() + cfg2['uri'] = 'ldap://ldap.ldapcherry.org:390' + cfg2['checkcert'] = 'off' + cfg2['starttls'] = 'on' + cfg2['ca'] = './test/cfg/ca.crt' + inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') + ldapc = inv._connect() + try: + ldapc.simple_bind_s(inv.binddn, inv.bindpassword) + except ldap.SERVER_DOWN as e: + assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate' + + + def testAuthSuccess(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') return True From b54b8b5af335d4d4c6ad010ab1f308514db48155 Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 22:58:31 +0200 Subject: [PATCH 5/9] test --- ldapcherry/backend/backendLdap.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index a978019..2d6beb9 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -58,20 +58,20 @@ class Backend(ldapcherry.backend.Backend): def _connect(self): ldap_client = ldap.initialize(self.uri) - ldap_client.set_option(ldap.OPT_REFERRALS, 0) - ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout) + client.set_option(ldap.OPT_REFERRALS, 0) + client.set_option(ldap.OPT_TIMEOUT, self.timeout) if self.starttls == 'on': - ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, True) + client.set_option(ldap.OPT_X_TLS_DEMAND, True) else: - ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, False) + client.set_option(ldap.OPT_X_TLS_DEMAND, False) if self.ca and self.checkcert == 'on': - ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) + client.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) #else: - # ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, '') + # client.set_option(ldap.OPT_X_TLS_CACERTFILE, '') if self.checkcert == 'off': - ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) + client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) else: - ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) + client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) if self.starttls == 'on': try: ldap_client.start_tls_s() From 19c87b6cc177a2270a4f9576e9edd18d98d72be3 Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 23:16:24 +0200 Subject: [PATCH 6/9] another test --- ldapcherry/backend/backendLdap.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index 2d6beb9..a978019 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -58,20 +58,20 @@ class Backend(ldapcherry.backend.Backend): def _connect(self): ldap_client = ldap.initialize(self.uri) - client.set_option(ldap.OPT_REFERRALS, 0) - client.set_option(ldap.OPT_TIMEOUT, self.timeout) + ldap_client.set_option(ldap.OPT_REFERRALS, 0) + ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout) if self.starttls == 'on': - client.set_option(ldap.OPT_X_TLS_DEMAND, True) + ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, True) else: - client.set_option(ldap.OPT_X_TLS_DEMAND, False) + ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, False) if self.ca and self.checkcert == 'on': - client.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) + ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) #else: - # client.set_option(ldap.OPT_X_TLS_CACERTFILE, '') + # ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, '') if self.checkcert == 'off': - client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) + ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) else: - client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) + ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) if self.starttls == 'on': try: ldap_client.start_tls_s() From 5508e4023a14205e8a89293521e8cac3a1c83f62 Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 23:57:43 +0200 Subject: [PATCH 7/9] test... again --- ldapcherry/backend/backendLdap.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index a978019..bf48c6b 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -58,20 +58,20 @@ class Backend(ldapcherry.backend.Backend): def _connect(self): ldap_client = ldap.initialize(self.uri) - ldap_client.set_option(ldap.OPT_REFERRALS, 0) - ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout) + ldap.set_option(ldap.OPT_REFERRALS, 0) + ldap.set_option(ldap.OPT_TIMEOUT, self.timeout) if self.starttls == 'on': - ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, True) + ldap.set_option(ldap.OPT_X_TLS_DEMAND, True) else: - ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, False) + ldap.set_option(ldap.OPT_X_TLS_DEMAND, False) if self.ca and self.checkcert == 'on': - ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) + ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) #else: - # ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, '') + # ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '') if self.checkcert == 'off': - ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) else: - ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) if self.starttls == 'on': try: ldap_client.start_tls_s() From c75fd2c568d69b41c472ff9cb247c022710045dd Mon Sep 17 00:00:00 2001 From: kakwa Date: Wed, 17 Jun 2015 23:59:44 +0200 Subject: [PATCH 8/9] fix decorator to disable check on travis --- tests/disable.py | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 tests/disable.py diff --git a/tests/disable.py b/tests/disable.py new file mode 100644 index 0000000..089e3d6 --- /dev/null +++ b/tests/disable.py @@ -0,0 +1,8 @@ +import os +def travis_disabled(f): + def _decorator(f): + print 'test has been disabled on travis' + if 'TRAVIS' in os.environ and os.environ['TRAVIS'] == 'yes': + return _decorator + else: + return f From a8f1b7be59032d3c5e6c0d4b19d4dccaf9417d41 Mon Sep 17 00:00:00 2001 From: kakwa Date: Thu, 18 Jun 2015 00:23:00 +0200 Subject: [PATCH 9/9] reverse because no effect + disable ssl unit test on travis --- ldapcherry/backend/backendLdap.py | 16 ++++++++-------- tests/test_BackendLdap.py | 7 +++++-- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index bf48c6b..a978019 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -58,20 +58,20 @@ class Backend(ldapcherry.backend.Backend): def _connect(self): ldap_client = ldap.initialize(self.uri) - ldap.set_option(ldap.OPT_REFERRALS, 0) - ldap.set_option(ldap.OPT_TIMEOUT, self.timeout) + ldap_client.set_option(ldap.OPT_REFERRALS, 0) + ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout) if self.starttls == 'on': - ldap.set_option(ldap.OPT_X_TLS_DEMAND, True) + ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, True) else: - ldap.set_option(ldap.OPT_X_TLS_DEMAND, False) + ldap_client.set_option(ldap.OPT_X_TLS_DEMAND, False) if self.ca and self.checkcert == 'on': - ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) + ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca) #else: - # ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '') + # ldap_client.set_option(ldap.OPT_X_TLS_CACERTFILE, '') if self.checkcert == 'off': - ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) + ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) else: - ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) + ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) if self.starttls == 'on': try: ldap_client.start_tls_s() diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 60be994..752c6b4 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -9,6 +9,7 @@ import sys from sets import Set from ldapcherry.backend.backendLdap import Backend, DelUserDontExists from ldapcherry.exceptions import * +from disable import travis_disabled import cherrypy import logging import ldap @@ -45,6 +46,7 @@ class TestError(object): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') return True + @travis_disabled def testConnectSSLNoCheck(self): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' @@ -59,6 +61,7 @@ class TestError(object): ldap.simple_bind_s(inv.binddn, inv.bindpassword) return True + @travis_disabled def testConnectSSL(self): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://ldap.dnscherry.org:637' @@ -80,6 +83,7 @@ class TestError(object): else: raise AssertionError("expected an exception") + @travis_disabled def testConnectSSLWrongCA(self): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' @@ -92,6 +96,7 @@ class TestError(object): except ldap.SERVER_DOWN as e: assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate' + @travis_disabled def testConnectStartTLS(self): cfg2 = cfg.copy() cfg2['uri'] = 'ldap://ldap.ldapcherry.org:390' @@ -105,8 +110,6 @@ class TestError(object): except ldap.SERVER_DOWN as e: assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate' - - def testAuthSuccess(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') return True