github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/ldap_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "testing" 8 9 "github.com/stretchr/testify/require" 10 11 "github.com/masterhung0112/hk_server/v5/einterfaces/mocks" 12 "github.com/masterhung0112/hk_server/v5/model" 13 "github.com/masterhung0112/hk_server/v5/plugin/plugintest/mock" 14 ) 15 16 var spPrivateKey = `-----BEGIN PRIVATE KEY----- 17 MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDbVbUfO8gFDgqx 18 w3Z7gX5layTKKXQT623h0eUHXo95jIdApMyCdhRYoYz9OUvo01aQ0UyErcyWKUJE 19 3E0YEP/MjvBGTIemmkj/NQWtLqIxZZFnl8uVcm5gPWTJgEhzy9i4/D49qolYakJO 20 VkK+fnAWUzIiO5GIM6It8zuDIK9a8lnLK6CGWhWUDR8s6nlxOmiG32LRKPAOJrlx 21 NPbDJO5SV/Wkte/1UdVCR9cW5FroJ5ae/cUEpMeNpiFMCc49gDPEOLOTAroYs1bO 22 hS4mGArlO0WZUz37cyZSo/MtWJo2Y7bkVejAt6pdMcmvYNy5yddrslA+0OiteZS4 23 dN01tHa4QiEaNVZ+DdKWfpJFYqqVNNq/YMveUjk7IbnnJpz+ylOc8zNneoiwE5CI 24 +mmFp0X0+Zt1IJD7BXZEw37Jhk+YeBdQUnkHPWKHj4dkKPpfjPX/K1r2G1CY7iDG 25 3V1fPsIFAfCUvLbWH994haezz9U+hXu89LmhnKq638fDduGYKQOyYz8/BsQ1MQP5 26 kCrDg5HhnqUx/dECElFlHCnq3Z/gHoQOicxA8f1GeCDiIE2VFYZRQLDL21lb9ozQ 27 BFbLZZfGaLGmUPhecQ0RrQ/W4YPNhBvyXELOjCsDfu6ltnob6E8Lux7sNohFuLaY 28 g0AzDRfezhU0RqWXURKlpiqG0qaoWwIDAQABAoICAQDXt4vTlDA9CHpsKxm0jr+J 29 b79XNT38+Wew2YavoMjretLrOSoKhaetI/ZOdrO54WEaPT9MnsLATQPoReNs8Asl 30 XM/j1BD2QnfYyIU0ttC+VG6VvC12Zn04GimuJIUdnjcgeLWeYMOEOb3M3fn28NO8 31 oUaFdKDFnEK9fqPha5wLjp/Ruq6+dIsUeXNX8aRPQGrde4bsv56ZzGxGcxjfBMuA 32 IRJvVKEUXc+oyI867IycF5OD+4Jx9r5tCh9lcZ9tzVEcg8fZpqzw7jFKHKIuxSay 33 HYFuMvia/b2LOcRJrQK+y4NtPzETmY/s6LK70kBEWceNHGrf3Qd61kD2yblmwH6h 34 F47M/tY8OAXoSmxS259HzJc7DT1WvaDiCZzfVntoJPv6x7CaP6XfLySAq3MTP77x 35 jGIVZYMg9lGQBTQE6SHCuoM/szUT6PYRtbrcpqjh/MOHvALzgjgtAXWrDf8zLRpD 36 RAAOKjBILIgNC92h3Oe9bFFfRMEkWvDYWeUs2tmEVJtZm7lDB02vVcRyvRk1sFy3 37 BkDNB+INbZX/aDblFl8Z7W60jOa7Wr+Hn68dds56PYzsl5NxNTL3fFlx8Yaztd6b 38 3j654bXGiYSKLPn2PGatWdNcmIsFXN5UIKEDHrn/YeiagFoNvPL1AzpyVvzbkKp0 39 g+HWAssgI7TTQ3fRMtolgQKCAQEA+B7cdp2k41mKmKrDdmj4iS4ES/SR133ED0SJ 40 F3fVcJPyKv7iW2zTl8vwTE817HBavPX01bBah51ZSI0RZv+VL11hsGFZfKKYIX5t 41 60v5zKk5Z+WKlAyM/BHs43gej4KKrd5SMxma/cXpCNdgRJjz8YJpEuoI14Tq7qXC 42 Bi1v1GLrGXOLng8Mklh7rgs0pwF7BZIzur1xtAKDztebhofrLTXLmLZS/DkHI5qY 43 qeMonrm5MI/B66FiQEsVt+guz4fMAeNp/sLUPk2iL/qGFyDjvXOosHChffNDv2+l 44 A17X/oKGpd3jahXRrP/UeuuVyVt5B5xA+SCbzJHF87A0pnKTWQKCAQEA4kzT2lou 45 vToJxJZWM92TN+1kOfN3VIq5yWpOcesd2NOnVf9SwmSYf/KKsyvzcrMXWSIL8Gp3 46 h5eBK69N0bHkWfSkGTFa9WwrXx1yR3IOir1L+iFhd6Z8ASvwK93QIBYTSyE3eK9d 47 RU3ahXIQJFifx1tNoU8RbhlgLukaovnfQjt9xI67cgvXrb9RA0d8hZ81r8Lg/uz4 48 PN5htNCe6YWC01c2ufIGOqwO6QoYYW3yR00L1ANkE1ohHSrz7JGKthS8vdK/Ogfh 49 UwR/JaA3kZ6DdoWAfzZd1BbT3WgMG36Il6Hk2EtOCYuD0AuURWcQjJGkN4+xWqtS 50 U+bfB11bUBgm0wKCAQBnStm226vwJa+oHLbgjZSh7zFEuZ0ZW7cKMBruVSnbAww2 51 0ANF0klIEVOJQRSOyLtNnQr/Brq5aEzqAigze8UMgdCQUAaj90Bj+TEjWm60v+Ix 52 GYMWXR84NPIsRC5cyhiXh00rDsbSTNjVoGvoQtCTQxohEKL7rc7r6L+cOMAsZ729 53 y7dc5qDyL7nVW77go6ImUJYOcJ1sNfvPWTzaxaynFpUajxR/AfKx5MMXPoUDhwfM 54 apxtTrMLVvbEp/kM1liclKLktxEKmuEhHidCa6PDk+mvAkSInYQfpwfIHmzG/Gm3 55 lWb+G/U9EwfO4FJsEBOTkn4N+IBDqpABAeL5RAuJAoIBAHFi9z9Psl2DqANFJFoG 56 ak46dt6Ge8LzY1VlG3r+yEys+AohzRCzoKlzGEXf/rH4w/kYEw1Z+xwIMGN4CbDI 57 xlbAOjyZOy7/DNgyg+ECaADiCiCA+zodQ8K+hi8ki7SX+wDI2udwTnZ8JMJ6PVZI 58 xX345HOvj1cwBb5bc8o3EsM31bNXpNnmzyEyW+AdwGmfNSIkreFtUJAHCMO1R/pP 59 uBY2e6g9eRuKvEnNkhu3IA7TrtqC/HCp1y+rJt7gqbTDvTILV183NZIIDcEHfvBK 60 kSogiBq1Xdv3uB4WlQJtqvj22Bf721Ty/4+NTbRciLE2BCcGq2F3t99sLVGeWDNQ 61 dpsCggEAcuxrYqR659hvqAhjFjfiOY3X5VMzaWJO7ERDCgVjtVsopBOaM23Gg9zl 62 4TISwG3MXBjDwOqhpP7T6ytxWZphyN51zXgwGghhcze8f+HstGo0dpjnFSM5ml+Y 63 q0o8LMYlM6NrtYwocMTm4fzh9gXa6aDGadb/dW8DsWmYmBHXH5ViZB7uzbcbtQRI 64 7EuwV+DYLualVpJ99pjbb7a8PPPvQrGLb2Lhlk7P2NT25Nal26vwUTPHTZVV4s7W 65 0HY6fD+opKhBHQami5XbSUVznTWus6Zgc3bi4k9NsSNUQNfBKz79zM/EvIPXEklP 66 kSU80FrXITorOgZogkDk0FVpJA3qvQ== 67 -----END PRIVATE KEY-----` 68 69 var spPublicCertificate = `-----BEGIN CERTIFICATE----- 70 MIIFijCCA3KgAwIBAgIJAIRQ3EwrvOprMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV 71 BAYTAlVTMRIwEAYDVQQHDAlQYWxvIEFsdG8xEzARBgNVBAoMCk1hdHRlcm1vc3Qx 72 DzANBgNVBAsMBkRldk9wczETMBEGA1UEAwwKY2xpZW50LmNvbTAeFw0xOTA5MTIx 73 NzM1MzdaFw0yOTA5MDkxNzM1MzdaMFwxCzAJBgNVBAYTAlVTMRIwEAYDVQQHDAlQ 74 YWxvIEFsdG8xEzARBgNVBAoMCk1hdHRlcm1vc3QxDzANBgNVBAsMBkRldk9wczET 75 MBEGA1UEAwwKY2xpZW50LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC 76 ggIBANtVtR87yAUOCrHDdnuBfmVrJMopdBPrbeHR5Qdej3mMh0CkzIJ2FFihjP05 77 S+jTVpDRTIStzJYpQkTcTRgQ/8yO8EZMh6aaSP81Ba0uojFlkWeXy5VybmA9ZMmA 78 SHPL2Lj8Pj2qiVhqQk5WQr5+cBZTMiI7kYgzoi3zO4Mgr1ryWcsroIZaFZQNHyzq 79 eXE6aIbfYtEo8A4muXE09sMk7lJX9aS17/VR1UJH1xbkWugnlp79xQSkx42mIUwJ 80 zj2AM8Q4s5MCuhizVs6FLiYYCuU7RZlTPftzJlKj8y1YmjZjtuRV6MC3ql0xya9g 81 3LnJ12uyUD7Q6K15lLh03TW0drhCIRo1Vn4N0pZ+kkViqpU02r9gy95SOTshuecm 82 nP7KU5zzM2d6iLATkIj6aYWnRfT5m3UgkPsFdkTDfsmGT5h4F1BSeQc9YoePh2Qo 83 +l+M9f8rWvYbUJjuIMbdXV8+wgUB8JS8ttYf33iFp7PP1T6Fe7z0uaGcqrrfx8N2 84 4ZgpA7JjPz8GxDUxA/mQKsODkeGepTH90QISUWUcKerdn+AehA6JzEDx/UZ4IOIg 85 TZUVhlFAsMvbWVv2jNAEVstll8ZosaZQ+F5xDRGtD9bhg82EG/JcQs6MKwN+7qW2 86 ehvoTwu7Huw2iEW4tpiDQDMNF97OFTRGpZdREqWmKobSpqhbAgMBAAGjTzBNMBIG 87 A1UdEwEB/wQIMAYBAf8CAQAwNwYDVR0RBDAwLoIOd3d3LmNsaWVudC5jb22CEGFk 88 bWluLmNsaWVudC5jb22HBMCoAQqHBAoAAOowDQYJKoZIhvcNAQELBQADggIBAFEI 89 D1ySRS+lQYVm24PPIUH5OmBEJUsVKI/zUXEQ4hdqEqN4UA3NGKkujajTz2fStaOj 90 LfGDup1ZQRYG6VVvNwbZHX9G9mb8TyZ12XFLVjPTbxoG+NZb3ipue9S6qZcT9WEF 91 sjaXhkVNhhVc1GOMnv/FNiclLPWLMnR8WST+Y+WSsT59wP40kJynaT7wQt2TmImg 92 kQfM69jQNgAkyrFwO8y1YcnH7Avrw9YvzhUWG2FfNCTTVNb+StxNtqGwvDV33iZ2 93 bBUWIy2fsNUA4tUYK31Ye6thJiKmvy/LqVJ415gPsI3zHzTCLU/GBUCNCNnEDnhU 94 KO2K3mk1wK3sshMGcda/Xz2a9TfkIxs0pkenS57bZ8xT7mxBzXsZGm7Mnb2fujmX 95 fBEyxQ2ot0Nl9Lp26WrBjQZojJ10Ic2IRxU3spC/FYK7BenQEAdnNHkyQ3lowAto 96 NpOL+j+1ooksPQbp4DeIBbrZDNKvFot+ja2aDJ738sgXf8ht7kGXA5DPNtPLsmUr 97 wpZrhxKD6pXVPhA6EeG2efdUP1ODslmehl4t2yX+FqHChnl7E012W8Cf0Ugybp1t 98 15IXg8GxCRENSNAwpOvTMkoonHqNvBkaCDZHtxeyJMJWQW1B0Xek1JY3CNHvnY7I 99 MCOV5SHi05kD42JSSbmw190VAa4QRGikaeWRhDsj 100 -----END CERTIFICATE-----` 101 102 func TestTestLdap(t *testing.T) { 103 th := Setup(t) 104 defer th.TearDown() 105 106 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 107 _, resp := client.TestLdap() 108 CheckNotImplementedStatus(t, resp) 109 require.NotNil(t, resp.Error) 110 require.Equal(t, "api.ldap_groups.license_error", resp.Error.Id) 111 }) 112 th.App.Srv().SetLicense(model.NewTestLicense("ldap_groups")) 113 114 _, resp := th.Client.TestLdap() 115 CheckForbiddenStatus(t, resp) 116 require.NotNil(t, resp.Error) 117 require.Equal(t, "api.context.permissions.app_error", resp.Error.Id) 118 119 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 120 _, resp = client.TestLdap() 121 CheckNotImplementedStatus(t, resp) 122 require.NotNil(t, resp.Error) 123 require.Equal(t, "ent.ldap.disabled.app_error", resp.Error.Id) 124 }) 125 } 126 127 func TestSyncLdap(t *testing.T) { 128 th := Setup(t) 129 defer th.TearDown() 130 131 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 132 _, resp := client.TestLdap() 133 CheckNotImplementedStatus(t, resp) 134 require.NotNil(t, resp.Error) 135 require.Equal(t, "api.ldap_groups.license_error", resp.Error.Id) 136 }) 137 138 th.App.Srv().SetLicense(model.NewTestLicense("ldap_groups")) 139 th.App.UpdateConfig(func(cfg *model.Config) { 140 *cfg.LdapSettings.EnableSync = true 141 }) 142 143 ldapMock := &mocks.LdapInterface{} 144 mockCall := ldapMock.On( 145 "StartSynchronizeJob", 146 mock.AnythingOfType("bool"), 147 mock.AnythingOfType("bool"), 148 ).Return(nil, nil) 149 ready := make(chan bool) 150 includeRemovedMembers := false 151 mockCall.RunFn = func(args mock.Arguments) { 152 includeRemovedMembers = args[1].(bool) 153 ready <- true 154 } 155 th.App.Srv().Ldap = ldapMock 156 157 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 158 _, resp := client.SyncLdap(false) 159 <-ready 160 CheckNoError(t, resp) 161 require.Equal(t, false, includeRemovedMembers) 162 163 _, resp = client.SyncLdap(true) 164 <-ready 165 CheckNoError(t, resp) 166 require.Equal(t, true, includeRemovedMembers) 167 }) 168 169 _, resp := th.Client.SyncLdap(false) 170 CheckForbiddenStatus(t, resp) 171 } 172 173 func TestGetLdapGroups(t *testing.T) { 174 th := Setup(t) 175 defer th.TearDown() 176 177 _, resp := th.Client.GetLdapGroups() 178 CheckForbiddenStatus(t, resp) 179 180 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 181 _, resp := client.GetLdapGroups() 182 CheckNotImplementedStatus(t, resp) 183 }) 184 } 185 186 func TestLinkLdapGroup(t *testing.T) { 187 const entryUUID string = "foo" 188 189 th := Setup(t) 190 defer th.TearDown() 191 192 _, resp := th.Client.LinkLdapGroup(entryUUID) 193 CheckForbiddenStatus(t, resp) 194 195 _, resp = th.SystemAdminClient.LinkLdapGroup(entryUUID) 196 CheckNotImplementedStatus(t, resp) 197 } 198 199 func TestUnlinkLdapGroup(t *testing.T) { 200 const entryUUID string = "foo" 201 202 th := Setup(t) 203 defer th.TearDown() 204 205 _, resp := th.Client.UnlinkLdapGroup(entryUUID) 206 CheckForbiddenStatus(t, resp) 207 208 _, resp = th.SystemAdminClient.UnlinkLdapGroup(entryUUID) 209 CheckNotImplementedStatus(t, resp) 210 } 211 212 func TestMigrateIdLdap(t *testing.T) { 213 th := Setup(t) 214 defer th.TearDown() 215 216 _, resp := th.Client.MigrateIdLdap("objectGUID") 217 CheckForbiddenStatus(t, resp) 218 219 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 220 _, resp = client.MigrateIdLdap("") 221 CheckBadRequestStatus(t, resp) 222 223 _, resp = client.MigrateIdLdap("objectGUID") 224 CheckNotImplementedStatus(t, resp) 225 }) 226 } 227 228 func TestUploadPublicCertificate(t *testing.T) { 229 th := Setup(t) 230 defer th.TearDown() 231 232 _, resp := th.Client.UploadLdapPublicCertificate([]byte(spPublicCertificate)) 233 require.NotNil(t, resp.Error, "Should have failed. No System Admin privileges") 234 235 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 236 _, resp = client.UploadLdapPublicCertificate([]byte(spPrivateKey)) 237 require.Nil(t, resp.Error, "Should have passed. System Admin privileges %v", resp.Error) 238 }) 239 240 _, resp = th.Client.DeleteLdapPublicCertificate() 241 require.NotNil(t, resp.Error, "Should have failed. No System Admin privileges") 242 243 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 244 _, resp := client.DeleteLdapPublicCertificate() 245 require.Nil(t, resp.Error, "Should have passed. System Admin privileges %v", resp.Error) 246 }) 247 } 248 249 func TestUploadPrivateCertificate(t *testing.T) { 250 th := Setup(t) 251 defer th.TearDown() 252 253 _, resp := th.Client.UploadLdapPrivateCertificate([]byte(spPrivateKey)) 254 require.NotNil(t, resp.Error, "Should have failed. No System Admin privileges") 255 256 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 257 _, resp = client.UploadLdapPrivateCertificate([]byte(spPrivateKey)) 258 require.Nil(t, resp.Error, "Should have passed. System Admin privileges %v", resp.Error) 259 }) 260 261 _, resp = th.Client.DeleteLdapPrivateCertificate() 262 require.NotNil(t, resp.Error, "Should have failed. No System Admin privileges") 263 264 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 265 _, resp := client.DeleteLdapPrivateCertificate() 266 require.Nil(t, resp.Error, "Should have passed. System Admin privileges %v", resp.Error) 267 }) 268 }