allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [10/11] git commit: [#7388] ticket:591 Add unit tests for LDAP auth provider
Date Fri, 23 May 2014 17:55:03 GMT
[#7388] ticket:591 Add unit tests for LDAP auth provider


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/4b2dd8d5
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/4b2dd8d5
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/4b2dd8d5

Branch: refs/heads/master
Commit: 4b2dd8d5cee61d1183e244bd2da3e8193af1a5dd
Parents: 5e5cdea
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Mon May 19 11:48:31 2014 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Fri May 23 17:53:45 2014 +0000

----------------------------------------------------------------------
 .../tests/model/test_ldap_auth_provider.py      | 99 ++++++++++++++++++++
 Allura/test.ini                                 | 11 +++
 2 files changed, 110 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/4b2dd8d5/Allura/allura/tests/model/test_ldap_auth_provider.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/model/test_ldap_auth_provider.py b/Allura/allura/tests/model/test_ldap_auth_provider.py
new file mode 100644
index 0000000..2887133
--- /dev/null
+++ b/Allura/allura/tests/model/test_ldap_auth_provider.py
@@ -0,0 +1,99 @@
+# -*- coding: utf-8 -*-
+
+#       Licensed to the Apache Software Foundation (ASF) under one
+#       or more contributor license agreements.  See the NOTICE file
+#       distributed with this work for additional information
+#       regarding copyright ownership.  The ASF licenses this file
+#       to you under the Apache License, Version 2.0 (the
+#       "License"); you may not use this file except in compliance
+#       with the License.  You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#       Unless required by applicable law or agreed to in writing,
+#       software distributed under the License is distributed on an
+#       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#       KIND, either express or implied.  See the License for the
+#       specific language governing permissions and limitations
+#       under the License.
+
+from mock import patch, Mock
+from nose.tools import assert_equal, assert_not_equal, assert_true
+from webob import Request
+from ming.orm.ormsession import ThreadLocalORMSession
+
+from alluratest.controller import setup_basic_test
+from allura.lib import plugin
+from allura import model as M
+
+
+class TestLdapAuthenticationProvider(object):
+
+    def setUp(self):
+        setup_basic_test()
+        self.provider = plugin.LdapAuthenticationProvider(Request.blank('/'))
+
+    def test_password_encoder(self):
+        # Verify salt
+        ep = self.provider._encode_password
+        assert_not_equal(ep('test_pass'), ep('test_pass'))
+        assert_equal(ep('test_pass', '0000'), ep('test_pass', '0000'))
+        # Test password format
+        assert_true(ep('pwd').startswith('{CRYPT}$6$rounds=6000$'))
+
+    @patch('allura.lib.plugin.ldap')
+    def test_set_password(self, ldap):
+        user = Mock(username='test-user')
+        self.provider._encode_password = Mock(return_value='new-pass-hash')
+        ldap.dn.escape_dn_chars = lambda x: x
+
+        dn = 'uid=%s,ou=users,dc=sf,dc=net' % user.username
+        self.provider.set_password(user, 'old-pass', 'new-pass')
+        ldap.initialize.assert_called_once_with('ldaps://localhost/')
+        connection = ldap.initialize.return_value
+        connection.bind_s.called_once_with(dn, 'old-pass')
+        connection.modify_s.assert_called_once_with(
+            dn, [(ldap.MOD_REPLACE, 'userPassword', 'new-pass-hash')])
+        connection.unbind_s.assert_called_once()
+
+    @patch('allura.lib.plugin.ldap')
+    def test_login(self, ldap):
+        params = {
+            'username': 'test-user',
+            'password': 'test-password',
+        }
+        self.provider.request.method = 'POST'
+        self.provider.request.body = '&'.join(['%s=%s' % (k,v) for k,v in params.iteritems()])
+        ldap.dn.escape_dn_chars = lambda x: x
+
+        dn = 'uid=%s,ou=users,dc=sf,dc=net' % params['username']
+        self.provider._login()
+        ldap.initialize.assert_called_once_with('ldaps://localhost/')
+        connection = ldap.initialize.return_value
+        connection.bind_s.called_once_with(dn, 'test-password')
+        connection.unbind_s.assert_called_once()
+
+    @patch('allura.lib.plugin.modlist')
+    @patch('allura.lib.plugin.ldap')
+    def test_register_user(self, ldap, modlist):
+        user_doc = {
+            'username': u'new-user',
+            'display_name': u'New User',
+            'password': u'new-password',
+        }
+        ldap.dn.escape_dn_chars = lambda x: x
+        self.provider._encode_password = Mock(return_value='new-password-hash')
+
+        assert_equal(M.User.query.get(username=user_doc['username']), None)
+        self.provider.register_user(user_doc)
+        ThreadLocalORMSession.flush_all()
+        assert_not_equal(M.User.query.get(username=user_doc['username']), None)
+
+        dn = 'uid=%s,ou=users,dc=sf,dc=net' % user_doc['username']
+        ldap.initialize.assert_called_once_with('ldaps://localhost/')
+        connection = ldap.initialize.return_value
+        connection.bind_s.called_once_with(
+            'cn=site,ou=admin,dc=sf,dc=net',
+            'admin-password')
+        connection.add_s.assert_called_once_with(dn, modlist.addModlist.return_value)
+        connection.unbind_s.assert_called_once()

http://git-wip-us.apache.org/repos/asf/allura/blob/4b2dd8d5/Allura/test.ini
----------------------------------------------------------------------
diff --git a/Allura/test.ini b/Allura/test.ini
index a82fbf2..b82be62 100644
--- a/Allura/test.ini
+++ b/Allura/test.ini
@@ -136,6 +136,17 @@ markdown_render_max_length = 40000
 user_message.time_interval = 3600
 user_message.max_messages = 200
 
+# LDAP auth provider
+auth.ldap.server = ldaps://localhost/
+auth.ldap.suffix = ou=users,dc=sf,dc=net
+auth.ldap.admin_dn = cn=site,ou=admin,dc=sf,dc=net
+auth.ldap.admin_password = admin-password
+auth.ldap.use_schroot = False
+auth.ldap.password.algorithm = 6
+auth.ldap.password.rounds = 6000
+auth.ldap.password.salt_len = 16
+
+
 [app:main_with_amqp]
 use = main
 # Use test RabbitMQ vhost


Mime
View raw message