ldap_spec.rb 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Ldap import', integration: true, required_envs: %w[IMPORT_LDAP_ENDPOINT IMPORT_LDAP_USER IMPORT_LDAP_PASSWORD], use_vcr: false do # rubocop:disable RSpec/DescribeClass
  4. let(:ldap_source) { create(:ldap_source, :with_config) }
  5. let(:expected_result) do
  6. { 'skipped' => 0,
  7. 'created' => 14,
  8. 'updated' => 0,
  9. 'unchanged' => 0,
  10. 'failed' => 0,
  11. 'deactivated' => 0,
  12. 'sum' => 14,
  13. 'total' => 14,
  14. 'role_ids' =>
  15. { 3 =>
  16. { 'skipped' => 0,
  17. 'created' => 10,
  18. 'updated' => 0,
  19. 'unchanged' => 0,
  20. 'failed' => 0,
  21. 'deactivated' => 0,
  22. 'sum' => 10,
  23. 'total' => 0 },
  24. 1 =>
  25. { 'skipped' => 0,
  26. 'created' => 2,
  27. 'updated' => 0,
  28. 'unchanged' => 0,
  29. 'failed' => 0,
  30. 'deactivated' => 0,
  31. 'sum' => 2,
  32. 'total' => 0 },
  33. 2 =>
  34. { 'skipped' => 0,
  35. 'created' => 2,
  36. 'updated' => 0,
  37. 'unchanged' => 0,
  38. 'failed' => 0,
  39. 'deactivated' => 0,
  40. 'sum' => 2,
  41. 'total' => 0 } } }
  42. end
  43. shared_examples 'ldap import' do
  44. it 'does import users and roles' do
  45. expect(ImportJob.last.result).to eq(expected_result)
  46. user_ab = User.find_by(login: 'ab')
  47. expect(user_ab.firstname).to eq('Albert')
  48. expect(user_ab.lastname).to eq('Braun')
  49. expect(user_ab.email).to eq('ab@example.com')
  50. expect(user_ab.roles.first.name).to eq('Admin')
  51. expect(user_ab.roles.count).to eq(1)
  52. user_lb = User.find_by(login: 'lb')
  53. expect(user_lb.firstname).to eq('Lena')
  54. expect(user_lb.lastname).to eq('Braun')
  55. expect(user_lb.email).to eq('lb@example.com')
  56. expect(user_lb.roles.first.name).to eq('Agent')
  57. expect(user_lb.roles.count).to eq(1)
  58. end
  59. end
  60. shared_examples 'certificate verification error' do
  61. it 'returns certificate verify failed error' do
  62. expect(ImportJob.last.result[:error]).to match(%r{error: certificate verify failed \(self(-|\s)signed certificate in certificate chain\)})
  63. end
  64. end
  65. context 'when importing' do
  66. before do
  67. before_hook if defined? before_hook
  68. Setting.set('ldap_integration', true)
  69. TCR.turned_off do
  70. ldap_source
  71. ImportJob.start_registered
  72. end
  73. end
  74. include_examples 'ldap import'
  75. context 'with ssl' do
  76. context 'with ssl verification' do
  77. context 'with trusted certificate' do
  78. let(:ldap_source) { create(:ldap_source, :with_ssl_verified) }
  79. let(:before_hook) do
  80. import_ca_certificate
  81. end
  82. include_examples 'ldap import'
  83. end
  84. context 'without trusted certificate' do
  85. let(:ldap_source) { create(:ldap_source, :with_ssl_verified) }
  86. include_examples 'certificate verification error'
  87. end
  88. end
  89. context 'without ssl verification' do
  90. let(:ldap_source) { create(:ldap_source, :with_ssl) }
  91. include_examples 'ldap import'
  92. end
  93. end
  94. context 'with starttls' do
  95. context 'with ssl verification' do
  96. context 'with trusted certificate' do
  97. let(:ldap_source) { create(:ldap_source, :with_starttls_verified) }
  98. let(:before_hook) do
  99. import_ca_certificate
  100. end
  101. include_examples 'ldap import'
  102. end
  103. context 'without trusted certificate' do
  104. let(:ldap_source) { create(:ldap_source, :with_ssl_verified) }
  105. include_examples 'certificate verification error'
  106. end
  107. end
  108. context 'without ssl verification' do
  109. let(:ldap_source) { create(:ldap_source, :with_starttls) }
  110. include_examples 'ldap import'
  111. end
  112. end
  113. def import_ca_certificate
  114. # Import CA certificate into the trust store.
  115. SSLCertificate.create!(certificate: Rails.root.join('spec/fixtures/files/ldap/ca.crt').read)
  116. end
  117. end
  118. end