github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/lib/ldap/client_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package ldap 18 19 import ( 20 "fmt" 21 "testing" 22 23 "github.com/stretchr/testify/assert" 24 ) 25 26 func TestLDAP(t *testing.T) { 27 testLDAP("ldap", 10389, t) 28 //testLDAP("ldaps", 10636, t) 29 testLDAPNegative(t) 30 } 31 32 func testLDAP(proto string, port int, t *testing.T) { 33 //dn := "uid=admin,ou=system" 34 //pwd := "secret" 35 dn := "cn=admin,dc=example,dc=org" 36 pwd := "admin" 37 //host, err := os.Hostname() 38 //if err != nil { 39 // t.Errorf("testLDAP os.Hostname failed: %s", err) 40 // return 41 //} 42 host := "localhost" 43 base := "dc=example,dc=org" 44 url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base) 45 c, err := NewClient(&Config{URL: url}, nil) 46 if err != nil { 47 t.Errorf("ldap.NewClient failure: %s", err) 48 return 49 } 50 user, err := c.GetUser("jsmith", []string{"mail"}) 51 if err != nil { 52 t.Errorf("ldap.Client.GetUser failure: %s", err) 53 return 54 } 55 err = user.Login("jsmithpw", -1) 56 if err != nil { 57 t.Errorf("ldap.User.Login failure: %s", err) 58 } 59 path := user.GetAffiliationPath() 60 if path == nil { 61 t.Error("ldap.User.GetAffiliationPath is nil") 62 } 63 err = user.Login("bogus", -1) 64 if err == nil { 65 t.Errorf("ldap.User.Login passed but should have failed") 66 } 67 email, err := user.GetAttribute("mail") 68 assert.NoError(t, err, "failed getting mail attribute") 69 if email.GetValue() == "" { 70 t.Errorf("ldap.User.GetAttribute failed: no mail found") 71 } else { 72 assert.EqualValues(t, "jsmith", email.Value) 73 } 74 } 75 76 func testLDAPNegative(t *testing.T) { 77 _, err := NewClient(nil, nil) 78 if err == nil { 79 t.Errorf("ldap.NewClient(nil) passed but should have failed") 80 } 81 _, err = NewClient(&Config{URL: "bogus"}, nil) 82 if err == nil { 83 t.Errorf("ldap.NewClient(bogus) passed but should have failed") 84 } 85 _, err = NewClient(&Config{URL: "ldaps://localhost"}, nil) 86 if err != nil { 87 t.Errorf("ldap.NewClient(ldaps) failed: %s", err) 88 } 89 _, err = NewClient(&Config{URL: "ldap://localhost:badport"}, nil) 90 if err == nil { 91 t.Errorf("ldap.NewClient(badport) passed but should have failed") 92 } 93 } 94 95 func TestLDAPTLS(t *testing.T) { 96 proto := "ldaps" 97 dn := "cn=admin,dc=example,dc=org" 98 pwd := "admin" 99 host := "localhost" 100 base := "dc=example,dc=org" 101 port := 10636 102 url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base) 103 c, err := NewClient(&Config{URL: url}, nil) 104 if err != nil { 105 t.Errorf("ldap.NewClient failure: %s", err) 106 return 107 } 108 c.TLS.CertFiles = []string{"../../testdata/root.pem"} 109 c.TLS.Client.CertFile = "../../testdata/tls_client-cert.pem" 110 c.TLS.Client.KeyFile = "../../testdata/tls_client-key.pem" 111 user, err := c.GetUser("jsmith", []string{"mail"}) 112 if err != nil { 113 t.Errorf("ldap.Client.GetUser failure: %s", err) 114 return 115 } 116 err = user.Login("jsmithpw", -1) 117 if err != nil { 118 t.Errorf("ldap.User.Login failure: %s", err) 119 } 120 path := user.GetAffiliationPath() 121 if path == nil { 122 t.Error("ldap.User.GetAffiliationPath is nil") 123 } 124 err = user.Login("bogus", -1) 125 if err == nil { 126 t.Errorf("ldap.User.Login passed but should have failed") 127 } 128 email, err := user.GetAttribute("mail") 129 assert.NoError(t, err, "failed getting mail attribute") 130 if email == nil { 131 t.Errorf("ldap.User.GetAttribute failed: no mail found") 132 } else { 133 assert.EqualValues(t, "jsmith", email.Value) 134 } 135 } 136 137 // Tests String method of ldap.Config 138 func TestLDAPConfigStringer(t *testing.T) { 139 ldapConfig := Config{ 140 Enabled: true, 141 URL: "ldap://admin:adminpwd@localhost:8888/users", 142 UserFilter: "(uid=%s)", 143 GroupFilter: "(memberUid=%s)", 144 } 145 str := fmt.Sprintf("%+v", ldapConfig) // String method of Config is called here 146 t.Logf("Stringified LDAP Config: %s", str) 147 assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL") 148 assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL") 149 150 ldapConfig = Config{ 151 Enabled: true, 152 URL: "ldaps://admin:adminpwd@localhost:8888/users", 153 UserFilter: "(uid=%s)", 154 GroupFilter: "(memberUid=%s)", 155 } 156 str = fmt.Sprintf("%+v", ldapConfig) 157 t.Logf("Stringified LDAP Config: %s", str) 158 assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL") 159 assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL") 160 }