1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- require 'lib/auth/backend/backend_examples'
- RSpec.describe Auth::Backend::Ldap do
- let(:ldap_source) { create(:ldap_source) }
- let(:user) { create(:user, source: "Ldap::#{ldap_source.id}") }
- let(:password) { 'secure' }
- let(:auth) { Auth.new(user.login, password) }
- let(:config) do
- {
- adapter: described_class.name
- }
- end
- let(:instance) { described_class.new(config, auth) }
- let(:ldap_integration) { true }
- before do
- Setting.set('ldap_integration', ldap_integration)
- end
- describe '#valid?' do
- let(:ldap_user) { instance_double(Ldap::User) }
- before do
- allow(Ldap::User).to receive(:new).with(any_args).and_return(ldap_user)
- allow(ldap_user).to receive(:valid?).with(any_args).and_return(true)
- end
- it_behaves_like 'Auth backend'
- it 'authenticates users' do
- expect(instance.valid?).to be true
- end
- context 'when custom login attribute is configured' do
- let(:config) do
- super().merge(
- login_attributes: %w[firstname]
- )
- end
- it 'authenticates' do
- allow(ldap_user).to receive(:valid?).with(user.firstname, password).and_return(true)
- expect(instance.valid?).to be true
- end
- end
- context 'when Setting ldap_integration is false' do
- let(:ldap_integration) { false }
- it "doesn't authenticate" do
- expect(instance.valid?).to be false
- end
- end
- context 'when LDAP authentication fails' do
- it "doesn't authenticate" do
- allow(ldap_user).to receive(:valid?).with(any_args).and_return(false)
- expect(instance.valid?).to be false
- end
- end
- context 'when User#source does not match Ldap' do
- context 'when blank' do
- let(:user) { create(:user) }
- it "doesn't authenticate" do
- expect(instance.valid?).to be false
- end
- end
- context 'when some other value' do
- let(:user) { create(:user, source: 'some other value') }
- it "doesn't authenticate" do
- expect(instance.valid?).to be false
- end
- end
- end
- end
- end
|