users_spec.rb 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Sequencer::Sequence::Import::Ldap::Users, sequencer: :sequence do
  4. let(:ldap_source) { create(:ldap_source) }
  5. context 'lost group assignment' do
  6. context 'config "unassigned_users": "skip_sync"' do
  7. it 'returns found ids based on ldap search', last_admin_check: false do
  8. user_entry = build(:ldap_entry)
  9. user_entry['objectguid'] = ['user1337']
  10. user_entry['samaccountname'] = ['login123']
  11. user_entry['first_name'] = ['Hans']
  12. group_entry = build(:ldap_entry)
  13. group_entry['member'] = [user_entry.dn]
  14. ldap_config = {
  15. id: ldap_source.id,
  16. user_filter: 'user=filter',
  17. group_role_map: {
  18. group_entry.dn => [1, 2]
  19. },
  20. user_attributes: {
  21. 'samaccountname' => 'login',
  22. 'first_name' => 'firstname',
  23. },
  24. user_uid: 'objectguid',
  25. unassigned_users: 'skip_sync',
  26. }
  27. import_job = build_stubbed(:import_job, name: 'Import::Ldap')
  28. connection = double(
  29. host: 'example.com',
  30. port: 1337,
  31. ssl: true,
  32. base_dn: 'test'
  33. )
  34. # LDAP::Group
  35. allow(connection).to receive(:search).and_yield(group_entry)
  36. allow(connection).to receive(:entries?).and_return(true)
  37. # Sequencer::Unit::Import::Ldap::Users::Total
  38. allow(connection).to receive(:count).and_return(1)
  39. # Sequencer::Unit::Import::Ldap::Users::SubSequence
  40. allow(connection).to receive(:search).and_yield(user_entry)
  41. result = process(
  42. dry_run: false,
  43. resource: ldap_config,
  44. ldap_connection: connection,
  45. import_job: import_job,
  46. )
  47. expect(result[:found_ids]).to eq([User.last.id])
  48. imported_user = User.last
  49. expect(imported_user.active).to be true
  50. expect(imported_user.source).to eq("Ldap::#{ldap_source.id}")
  51. connection = double(
  52. host: 'example.com',
  53. port: 1337,
  54. ssl: true,
  55. base_dn: 'test'
  56. )
  57. group_entry['member'] = ['some.other.dn']
  58. # LDAP::Group
  59. allow(connection).to receive(:search).and_yield(group_entry)
  60. allow(connection).to receive(:entries?).and_return(true)
  61. result = process(
  62. dry_run: false,
  63. resource: ldap_config,
  64. ldap_connection: connection,
  65. import_job: import_job,
  66. )
  67. expect(result[:found_ids]).to eq([])
  68. end
  69. end
  70. context 'config "unassigned_users": nil / "sigup_roles"' do
  71. it 'assigns signup roles', last_admin_check: false do
  72. user_entry = build(:ldap_entry)
  73. user_entry['objectguid'] = ['user1337']
  74. user_entry['samaccountname'] = ['login123']
  75. user_entry['first_name'] = ['Hans']
  76. group_entry = build(:ldap_entry)
  77. group_entry['member'] = [user_entry.dn]
  78. agent_admin_role_ids = [1, 2]
  79. ldap_config = {
  80. user_filter: 'user=filter',
  81. group_role_map: {
  82. group_entry.dn => agent_admin_role_ids
  83. },
  84. user_attributes: {
  85. 'samaccountname' => 'login',
  86. 'first_name' => 'firstname',
  87. },
  88. user_uid: 'objectguid',
  89. }
  90. import_job = build_stubbed(:import_job, name: 'Import::Ldap')
  91. connection = double(
  92. host: 'example.com',
  93. port: 1337,
  94. ssl: true,
  95. base_dn: 'test'
  96. )
  97. # LDAP::Group and Sequencer::Unit::Import::Ldap::Users::SubSequence
  98. allow(connection).to receive(:search).and_yield(group_entry).and_yield(user_entry)
  99. allow(connection).to receive(:entries?).and_return(true)
  100. # Sequencer::Unit::Import::Ldap::Users::Total
  101. allow(connection).to receive(:count).and_return(1)
  102. expect do
  103. process(
  104. dry_run: false,
  105. resource: ldap_config,
  106. ldap_connection: connection,
  107. import_job: import_job,
  108. )
  109. end.to change(User, :count).by(1)
  110. imported_user = User.last
  111. expect(imported_user.role_ids).to eq(agent_admin_role_ids)
  112. connection = double(
  113. host: 'example.com',
  114. port: 1337,
  115. ssl: true,
  116. base_dn: 'test'
  117. )
  118. group_entry['member'] = ['some.other.dn']
  119. # LDAP::Group
  120. allow(connection).to receive(:search).and_yield(group_entry)
  121. allow(connection).to receive(:entries?).and_return(true)
  122. # Sequencer::Unit::Import::Ldap::Users::Total
  123. # cached
  124. # expect(connection).to receive(:count).and_return(1)
  125. # Sequencer::Unit::Import::Ldap::Users::SubSequence
  126. allow(connection).to receive(:search).and_yield(user_entry)
  127. expect do
  128. process(
  129. dry_run: false,
  130. resource: ldap_config,
  131. ldap_connection: connection,
  132. import_job: import_job,
  133. )
  134. end.not_to change(User, :count)
  135. imported_user.reload
  136. expect(imported_user.roles).to eq(Role.signup_roles)
  137. end
  138. end
  139. end
  140. end