123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe Ldap do
- describe 'initialization config parameters' do
- # required as 'let' to perform test based
- # expectations and reuse it in mock_initialization
- # as return param of Net::LDAP.new
- let(:mocked_ldap) { double(bind: true) }
- def mock_initialization(given:, expected:)
- allow(Net::LDAP).to receive(:new).with(expected).and_return(mocked_ldap)
- described_class.new(given)
- end
- it 'uses explicit host and port' do
- config = {
- host: 'localhost',
- port: 1337,
- }
- mock_initialization(
- given: config,
- expected: config,
- )
- end
- describe 'bind credentials' do
- it 'uses given credentials' do
- config = {
- host: 'localhost',
- port: 1337,
- bind_user: 'JohnDoe',
- bind_pw: 'zammad',
- }
- params = {
- host: 'localhost',
- port: 1337,
- }
- allow(mocked_ldap).to receive(:auth).with(config[:bind_user], config[:bind_pw])
- mock_initialization(
- given: config,
- expected: params,
- )
- end
- it 'requires bind_user' do
- config = {
- host: 'localhost',
- port: 1337,
- bind_pw: 'zammad',
- }
- params = {
- host: 'localhost',
- port: 1337,
- }
- allow(mocked_ldap).to receive(:auth)
- mock_initialization(
- given: config,
- expected: params,
- )
- expect(mocked_ldap).not_to have_received(:auth).with(config[:bind_user], config[:bind_pw])
- end
- it 'requires bind_pw' do
- config = {
- host: 'localhost',
- port: 1337,
- bind_user: 'JohnDoe',
- }
- params = {
- host: 'localhost',
- port: 1337,
- }
- allow(mocked_ldap).to receive(:auth)
- mock_initialization(
- given: config,
- expected: params,
- )
- expect(mocked_ldap).not_to have_received(:auth).with(config[:bind_user], config[:bind_pw])
- end
- end
- it 'extracts port from host' do
- config = {
- host: 'localhost:1337'
- }
- params = {
- host: 'localhost',
- port: 1337,
- }
- mock_initialization(
- given: config,
- expected: params,
- )
- end
- it 'falls back to default ldap port' do
- config = {
- host: 'localhost',
- }
- params = {
- host: 'localhost',
- port: 389,
- }
- mock_initialization(
- given: config,
- expected: params,
- )
- end
- it 'uses explicit ssl' do
- config = {
- host: 'localhost',
- port: 1337,
- ssl: 'ssl',
- }
- expected = {
- host: 'localhost',
- port: 1337,
- encryption: Hash,
- }
- mock_initialization(
- given: config,
- expected: expected,
- )
- end
- it 'uses ssl with default port' do
- config = {
- host: 'localhost',
- ssl: 'ssl',
- }
- expected = {
- host: 'localhost',
- port: 636,
- encryption: {
- method: :simple_tls,
- tls_options: {
- verify_mode: 0
- }
- }
- }
- mock_initialization(
- given: config,
- expected: expected,
- )
- end
- it 'uses starttls with default port' do
- config = {
- host: 'localhost',
- ssl: 'starttls',
- }
- expected = {
- host: 'localhost',
- port: 389,
- encryption: {
- method: :start_tls,
- tls_options: {
- verify_mode: 0
- }
- }
- }
- mock_initialization(
- given: config,
- expected: expected,
- )
- end
- end
- describe 'instance methods' do
- # required as 'let' to perform test based
- # expectations and reuse it in 'let' instance
- # as return param of Net::LDAP.new
- let(:mocked_ldap) { double(bind: true) }
- let(:instance) do
- allow(Net::LDAP).to receive(:new).and_return(mocked_ldap)
- described_class.new(
- host: 'localhost',
- port: 1337,
- )
- end
- describe '#preferences' do
- it 'responds to #preferences' do
- expect(instance).to respond_to(:preferences)
- end
- it 'returns preferences' do
- attributes = {
- namingcontexts: ['ou=dep1,ou=org', 'ou=dep2,ou=org']
- }
- allow(mocked_ldap).to receive(:search_root_dse).and_return(attributes)
- expect(instance.preferences).to eq(attributes)
- end
- end
- describe '#search' do
- let(:base) { 'DC=domain,DC=tld' }
- let(:filter) { '(objectClass=user)' }
- it 'responds to #search' do
- expect(instance).to respond_to(:search)
- end
- it 'performs search for a filter, base and scope and yields of returned entries' do
- scope = Net::LDAP::SearchScope_BaseObject
- additional = {
- base: base,
- scope: scope,
- }
- expected = {
- filter: filter,
- base: base,
- scope: scope,
- }
- yield_entry = build(:ldap_entry)
- allow(mocked_ldap).to receive(:search).with(include(expected)).and_yield(yield_entry).and_return(true)
- check_entry = nil
- instance.search(filter, **additional) { |entry| check_entry = entry }
- expect(check_entry).to eq(yield_entry)
- end
- it 'falls back to whole subtree scope search' do
- additional = {
- base: base,
- }
- expected = {
- filter: filter,
- base: base,
- scope: Net::LDAP::SearchScope_WholeSubtree,
- }
- yield_entry = build(:ldap_entry)
- allow(mocked_ldap).to receive(:search).with(include(expected)).and_yield(yield_entry).and_return(true)
- check_entry = nil
- instance.search(filter, **additional) { |entry| check_entry = entry }
- expect(check_entry).to eq(yield_entry)
- end
- it 'falls back to base_dn configuration parameter' do
- expected = {
- filter: filter,
- base: base,
- scope: Net::LDAP::SearchScope_WholeSubtree,
- }
- allow(Net::LDAP).to receive(:new).and_return(mocked_ldap)
- instance = described_class.new(
- host: 'localhost',
- port: 1337,
- base_dn: base,
- )
- yield_entry = build(:ldap_entry)
- allow(mocked_ldap).to receive(:search).with(include(expected)).and_yield(yield_entry).and_return(true)
- check_entry = nil
- instance.search(filter) { |entry| check_entry = entry }
- expect(check_entry).to eq(yield_entry)
- end
- end
- describe '#entries?' do
- let(:filter) { '(objectClass=user)' }
- it 'responds to #entries?' do
- expect(instance).to respond_to(:entries?)
- end
- it 'returns true if entries are present' do
- params = {
- filter: filter
- }
- allow(mocked_ldap).to receive(:search).with(include(params)).and_yield(build(:ldap_entry)).and_return(nil)
- expect(instance.entries?(filter)).to be true
- end
- it 'returns false if no entries are present' do
- params = {
- filter: filter
- }
- allow(mocked_ldap).to receive(:search).with(include(params)).and_return(true)
- expect(instance.entries?(filter)).to be false
- end
- end
- end
- end
|