github.com/tw-bc-group/fabric-ca@v2.0.0-alpha+incompatible/lib/server/ldap/client_test.go

github.com/tw-bc-group/fabric-ca@v2.0.0-alpha+incompatible/lib/server/ldap/client_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package ldap
     8  
     9  import (
    10  	"fmt"
    11  	"path/filepath"
    12  	"testing"
    13  
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  func TestLDAP(t *testing.T) {
    18  	testLDAP("ldap", 10389, t)
    19  	//testLDAP("ldaps", 10636, t)
    20  	testLDAPNegative(t)
    21  }
    22  
    23  func testLDAP(proto string, port int, t *testing.T) {
    24  	//dn := "uid=admin,ou=system"
    25  	//pwd := "secret"
    26  	dn := "cn=admin,dc=example,dc=org"
    27  	pwd := "admin"
    28  	//host, err := os.Hostname()
    29  	//if err != nil {
    30  	//	t.Errorf("testLDAP os.Hostname failed: %s", err)
    31  	//	return
    32  	//}
    33  	host := "localhost"
    34  	base := "dc=example,dc=org"
    35  	url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base)
    36  	c, err := NewClient(&Config{URL: url}, nil)
    37  	if err != nil {
    38  		t.Errorf("ldap.NewClient failure: %s", err)
    39  		return
    40  	}
    41  	user, err := c.GetUser("jsmith", []string{"mail"})
    42  	if err != nil {
    43  		t.Errorf("ldap.Client.GetUser failure: %s", err)
    44  		return
    45  	}
    46  	err = user.Login("jsmithpw", -1)
    47  	if err != nil {
    48  		t.Errorf("ldap.User.Login failure: %s", err)
    49  	}
    50  	path := user.GetAffiliationPath()
    51  	if path == nil {
    52  		t.Error("ldap.User.GetAffiliationPath is nil")
    53  	}
    54  	err = user.Login("bogus", -1)
    55  	if err == nil {
    56  		t.Errorf("ldap.User.Login passed but should have failed")
    57  	}
    58  	email, err := user.GetAttribute("mail")
    59  	assert.NoError(t, err, "failed getting mail attribute")
    60  	if email.GetValue() == "" {
    61  		t.Errorf("ldap.User.GetAttribute failed: no mail found")
    62  	} else {
    63  		assert.EqualValues(t, "jsmith", email.Value)
    64  	}
    65  }
    66  
    67  func testLDAPNegative(t *testing.T) {
    68  	_, err := NewClient(nil, nil)
    69  	if err == nil {
    70  		t.Errorf("ldap.NewClient(nil) passed but should have failed")
    71  	}
    72  	_, err = NewClient(&Config{URL: "bogus"}, nil)
    73  	if err == nil {
    74  		t.Errorf("ldap.NewClient(bogus) passed but should have failed")
    75  	}
    76  	_, err = NewClient(&Config{URL: "ldaps://localhost"}, nil)
    77  	if err != nil {
    78  		t.Errorf("ldap.NewClient(ldaps) failed: %s", err)
    79  	}
    80  	_, err = NewClient(&Config{URL: "ldap://localhost:badport"}, nil)
    81  	if err == nil {
    82  		t.Errorf("ldap.NewClient(badport) passed but should have failed")
    83  	}
    84  }
    85  
    86  func TestLDAPTLS(t *testing.T) {
    87  	proto := "ldaps"
    88  	dn := "cn=admin,dc=example,dc=org"
    89  	pwd := "admin"
    90  	host := "localhost"
    91  	base := "dc=example,dc=org"
    92  	port := 10636
    93  	url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base)
    94  	c, err := NewClient(&Config{URL: url}, nil)
    95  	if err != nil {
    96  		t.Errorf("ldap.NewClient failure: %s", err)
    97  		return
    98  	}
    99  	testdata := "../../../../testdata"
   100  	c.TLS.CertFiles = []string{filepath.Join(testdata, "root.pem")}
   101  	c.TLS.Client.CertFile = filepath.Join(testdata, "tls_client-cert.pem")
   102  	c.TLS.Client.KeyFile = filepath.Join(testdata, "tls_client-key.pem")
   103  	user, err := c.GetUser("jsmith", []string{"mail"})
   104  	if err != nil {
   105  		t.Errorf("ldap.Client.GetUser failure: %s", err)
   106  		return
   107  	}
   108  	err = user.Login("jsmithpw", -1)
   109  	if err != nil {
   110  		t.Errorf("ldap.User.Login failure: %s", err)
   111  	}
   112  	path := user.GetAffiliationPath()
   113  	if path == nil {
   114  		t.Error("ldap.User.GetAffiliationPath is nil")
   115  	}
   116  	err = user.Login("bogus", -1)
   117  	if err == nil {
   118  		t.Errorf("ldap.User.Login passed but should have failed")
   119  	}
   120  	email, err := user.GetAttribute("mail")
   121  	assert.NoError(t, err, "failed getting mail attribute")
   122  	if email == nil {
   123  		t.Errorf("ldap.User.GetAttribute failed: no mail found")
   124  	} else {
   125  		assert.EqualValues(t, "jsmith", email.Value)
   126  	}
   127  }
   128  
   129  // Tests String method of ldap.Config
   130  func TestLDAPConfigStringer(t *testing.T) {
   131  	ldapConfig := Config{
   132  		Enabled:     true,
   133  		URL:         "ldap://admin:adminpwd@localhost:8888/users",
   134  		UserFilter:  "(uid=%s)",
   135  		GroupFilter: "(memberUid=%s)",
   136  	}
   137  	str := fmt.Sprintf("%+v", ldapConfig) // String method of Config is called here
   138  	t.Logf("Stringified LDAP Config: %s", str)
   139  	assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL")
   140  	assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL")
   141  
   142  	ldapConfig = Config{
   143  		Enabled:     true,
   144  		URL:         "ldaps://admin:adminpwd@localhost:8888/users",
   145  		UserFilter:  "(uid=%s)",
   146  		GroupFilter: "(memberUid=%s)",
   147  	}
   148  	str = fmt.Sprintf("%+v", ldapConfig)
   149  	t.Logf("Stringified LDAP Config: %s", str)
   150  	assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL")
   151  	assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL")
   152  }