github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/lib/ldap/client_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package ldap
    18  
    19  import (
    20  	"fmt"
    21  	"testing"
    22  
    23  	"github.com/stretchr/testify/assert"
    24  )
    25  
    26  func TestLDAP(t *testing.T) {
    27  	testLDAP("ldap", 10389, t)
    28  	//testLDAP("ldaps", 10636, t)
    29  	testLDAPNegative(t)
    30  }
    31  
    32  func testLDAP(proto string, port int, t *testing.T) {
    33  	//dn := "uid=admin,ou=system"
    34  	//pwd := "secret"
    35  	dn := "cn=admin,dc=example,dc=org"
    36  	pwd := "admin"
    37  	//host, err := os.Hostname()
    38  	//if err != nil {
    39  	//	t.Errorf("testLDAP os.Hostname failed: %s", err)
    40  	//	return
    41  	//}
    42  	host := "localhost"
    43  	base := "dc=example,dc=org"
    44  	url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base)
    45  	c, err := NewClient(&Config{URL: url}, nil)
    46  	if err != nil {
    47  		t.Errorf("ldap.NewClient failure: %s", err)
    48  		return
    49  	}
    50  	user, err := c.GetUser("jsmith", []string{"mail"})
    51  	if err != nil {
    52  		t.Errorf("ldap.Client.GetUser failure: %s", err)
    53  		return
    54  	}
    55  	err = user.Login("jsmithpw", -1)
    56  	if err != nil {
    57  		t.Errorf("ldap.User.Login failure: %s", err)
    58  	}
    59  	path := user.GetAffiliationPath()
    60  	if path == nil {
    61  		t.Error("ldap.User.GetAffiliationPath is nil")
    62  	}
    63  	err = user.Login("bogus", -1)
    64  	if err == nil {
    65  		t.Errorf("ldap.User.Login passed but should have failed")
    66  	}
    67  	email, err := user.GetAttribute("mail")
    68  	assert.NoError(t, err, "failed getting mail attribute")
    69  	if email.GetValue() == "" {
    70  		t.Errorf("ldap.User.GetAttribute failed: no mail found")
    71  	} else {
    72  		assert.EqualValues(t, "jsmith", email.Value)
    73  	}
    74  }
    75  
    76  func testLDAPNegative(t *testing.T) {
    77  	_, err := NewClient(nil, nil)
    78  	if err == nil {
    79  		t.Errorf("ldap.NewClient(nil) passed but should have failed")
    80  	}
    81  	_, err = NewClient(&Config{URL: "bogus"}, nil)
    82  	if err == nil {
    83  		t.Errorf("ldap.NewClient(bogus) passed but should have failed")
    84  	}
    85  	_, err = NewClient(&Config{URL: "ldaps://localhost"}, nil)
    86  	if err != nil {
    87  		t.Errorf("ldap.NewClient(ldaps) failed: %s", err)
    88  	}
    89  	_, err = NewClient(&Config{URL: "ldap://localhost:badport"}, nil)
    90  	if err == nil {
    91  		t.Errorf("ldap.NewClient(badport) passed but should have failed")
    92  	}
    93  }
    94  
    95  func TestLDAPTLS(t *testing.T) {
    96  	proto := "ldaps"
    97  	dn := "cn=admin,dc=example,dc=org"
    98  	pwd := "admin"
    99  	host := "localhost"
   100  	base := "dc=example,dc=org"
   101  	port := 10636
   102  	url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base)
   103  	c, err := NewClient(&Config{URL: url}, nil)
   104  	if err != nil {
   105  		t.Errorf("ldap.NewClient failure: %s", err)
   106  		return
   107  	}
   108  	c.TLS.CertFiles = []string{"../../testdata/root.pem"}
   109  	c.TLS.Client.CertFile = "../../testdata/tls_client-cert.pem"
   110  	c.TLS.Client.KeyFile = "../../testdata/tls_client-key.pem"
   111  	user, err := c.GetUser("jsmith", []string{"mail"})
   112  	if err != nil {
   113  		t.Errorf("ldap.Client.GetUser failure: %s", err)
   114  		return
   115  	}
   116  	err = user.Login("jsmithpw", -1)
   117  	if err != nil {
   118  		t.Errorf("ldap.User.Login failure: %s", err)
   119  	}
   120  	path := user.GetAffiliationPath()
   121  	if path == nil {
   122  		t.Error("ldap.User.GetAffiliationPath is nil")
   123  	}
   124  	err = user.Login("bogus", -1)
   125  	if err == nil {
   126  		t.Errorf("ldap.User.Login passed but should have failed")
   127  	}
   128  	email, err := user.GetAttribute("mail")
   129  	assert.NoError(t, err, "failed getting mail attribute")
   130  	if email == nil {
   131  		t.Errorf("ldap.User.GetAttribute failed: no mail found")
   132  	} else {
   133  		assert.EqualValues(t, "jsmith", email.Value)
   134  	}
   135  }
   136  
   137  // Tests String method of ldap.Config
   138  func TestLDAPConfigStringer(t *testing.T) {
   139  	ldapConfig := Config{
   140  		Enabled:     true,
   141  		URL:         "ldap://admin:adminpwd@localhost:8888/users",
   142  		UserFilter:  "(uid=%s)",
   143  		GroupFilter: "(memberUid=%s)",
   144  	}
   145  	str := fmt.Sprintf("%+v", ldapConfig) // String method of Config is called here
   146  	t.Logf("Stringified LDAP Config: %s", str)
   147  	assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL")
   148  	assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL")
   149  
   150  	ldapConfig = Config{
   151  		Enabled:     true,
   152  		URL:         "ldaps://admin:adminpwd@localhost:8888/users",
   153  		UserFilter:  "(uid=%s)",
   154  		GroupFilter: "(memberUid=%s)",
   155  	}
   156  	str = fmt.Sprintf("%+v", ldapConfig)
   157  	t.Logf("Stringified LDAP Config: %s", str)
   158  	assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL")
   159  	assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL")
   160  }