github.com/tw-bc-group/fabric-ca@v2.0.0-alpha+incompatible/lib/server/ldap/client_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package ldap 8 9 import ( 10 "fmt" 11 "path/filepath" 12 "testing" 13 14 "github.com/stretchr/testify/assert" 15 ) 16 17 func TestLDAP(t *testing.T) { 18 testLDAP("ldap", 10389, t) 19 //testLDAP("ldaps", 10636, t) 20 testLDAPNegative(t) 21 } 22 23 func testLDAP(proto string, port int, t *testing.T) { 24 //dn := "uid=admin,ou=system" 25 //pwd := "secret" 26 dn := "cn=admin,dc=example,dc=org" 27 pwd := "admin" 28 //host, err := os.Hostname() 29 //if err != nil { 30 // t.Errorf("testLDAP os.Hostname failed: %s", err) 31 // return 32 //} 33 host := "localhost" 34 base := "dc=example,dc=org" 35 url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base) 36 c, err := NewClient(&Config{URL: url}, nil) 37 if err != nil { 38 t.Errorf("ldap.NewClient failure: %s", err) 39 return 40 } 41 user, err := c.GetUser("jsmith", []string{"mail"}) 42 if err != nil { 43 t.Errorf("ldap.Client.GetUser failure: %s", err) 44 return 45 } 46 err = user.Login("jsmithpw", -1) 47 if err != nil { 48 t.Errorf("ldap.User.Login failure: %s", err) 49 } 50 path := user.GetAffiliationPath() 51 if path == nil { 52 t.Error("ldap.User.GetAffiliationPath is nil") 53 } 54 err = user.Login("bogus", -1) 55 if err == nil { 56 t.Errorf("ldap.User.Login passed but should have failed") 57 } 58 email, err := user.GetAttribute("mail") 59 assert.NoError(t, err, "failed getting mail attribute") 60 if email.GetValue() == "" { 61 t.Errorf("ldap.User.GetAttribute failed: no mail found") 62 } else { 63 assert.EqualValues(t, "jsmith", email.Value) 64 } 65 } 66 67 func testLDAPNegative(t *testing.T) { 68 _, err := NewClient(nil, nil) 69 if err == nil { 70 t.Errorf("ldap.NewClient(nil) passed but should have failed") 71 } 72 _, err = NewClient(&Config{URL: "bogus"}, nil) 73 if err == nil { 74 t.Errorf("ldap.NewClient(bogus) passed but should have failed") 75 } 76 _, err = NewClient(&Config{URL: "ldaps://localhost"}, nil) 77 if err != nil { 78 t.Errorf("ldap.NewClient(ldaps) failed: %s", err) 79 } 80 _, err = NewClient(&Config{URL: "ldap://localhost:badport"}, nil) 81 if err == nil { 82 t.Errorf("ldap.NewClient(badport) passed but should have failed") 83 } 84 } 85 86 func TestLDAPTLS(t *testing.T) { 87 proto := "ldaps" 88 dn := "cn=admin,dc=example,dc=org" 89 pwd := "admin" 90 host := "localhost" 91 base := "dc=example,dc=org" 92 port := 10636 93 url := fmt.Sprintf("%s://%s:%s@%s:%d/%s", proto, dn, pwd, host, port, base) 94 c, err := NewClient(&Config{URL: url}, nil) 95 if err != nil { 96 t.Errorf("ldap.NewClient failure: %s", err) 97 return 98 } 99 testdata := "../../../../testdata" 100 c.TLS.CertFiles = []string{filepath.Join(testdata, "root.pem")} 101 c.TLS.Client.CertFile = filepath.Join(testdata, "tls_client-cert.pem") 102 c.TLS.Client.KeyFile = filepath.Join(testdata, "tls_client-key.pem") 103 user, err := c.GetUser("jsmith", []string{"mail"}) 104 if err != nil { 105 t.Errorf("ldap.Client.GetUser failure: %s", err) 106 return 107 } 108 err = user.Login("jsmithpw", -1) 109 if err != nil { 110 t.Errorf("ldap.User.Login failure: %s", err) 111 } 112 path := user.GetAffiliationPath() 113 if path == nil { 114 t.Error("ldap.User.GetAffiliationPath is nil") 115 } 116 err = user.Login("bogus", -1) 117 if err == nil { 118 t.Errorf("ldap.User.Login passed but should have failed") 119 } 120 email, err := user.GetAttribute("mail") 121 assert.NoError(t, err, "failed getting mail attribute") 122 if email == nil { 123 t.Errorf("ldap.User.GetAttribute failed: no mail found") 124 } else { 125 assert.EqualValues(t, "jsmith", email.Value) 126 } 127 } 128 129 // Tests String method of ldap.Config 130 func TestLDAPConfigStringer(t *testing.T) { 131 ldapConfig := Config{ 132 Enabled: true, 133 URL: "ldap://admin:adminpwd@localhost:8888/users", 134 UserFilter: "(uid=%s)", 135 GroupFilter: "(memberUid=%s)", 136 } 137 str := fmt.Sprintf("%+v", ldapConfig) // String method of Config is called here 138 t.Logf("Stringified LDAP Config: %s", str) 139 assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL") 140 assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL") 141 142 ldapConfig = Config{ 143 Enabled: true, 144 URL: "ldaps://admin:adminpwd@localhost:8888/users", 145 UserFilter: "(uid=%s)", 146 GroupFilter: "(memberUid=%s)", 147 } 148 str = fmt.Sprintf("%+v", ldapConfig) 149 t.Logf("Stringified LDAP Config: %s", str) 150 assert.NotContains(t, str, "admin", "Username is not masked in the ldap URL") 151 assert.NotContains(t, str, "adminpwd", "Password is not masked in the ldap URL") 152 }