SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546
							require 'rails_helper'

RSpec.describe Import::Ldap::UserFactory do

  describe '.import' do

    it 'responds to .import' do
      expect(described_class).to respond_to(:import)
    end

    it 'imports users matching the configured filter' do

      config = {
        user_filter:     '(objectClass=user)',
        group_filter:    '(objectClass=group)',
        user_uid:        'uid',
        user_attributes: {
          'uid'   => 'login',
          'email' => 'email',
        }
      }

      mocked_entry = build(:ldap_entry)

      mocked_entry['uid']   = ['exampleuid']
      mocked_entry['email'] = ['example@example.com']

      mocked_ldap = double(
        host:    'ldap.example.com',
        port:    636,
        ssl:     true,
        base_dn: 'dc=example,dc=com'
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      allow(mocked_ldap).to receive(:count).and_return(1)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(mocked_entry)

      expect do
        described_class.import(
          config: config,
          ldap:   mocked_ldap
        )
      end.to change {
        User.count
      }.by(1)
    end

    it 'deactivates lost users' do

      config = {
        user_filter:     '(objectClass=user)',
        group_filter:    '(objectClass=group)',
        user_uid:        'uid',
        user_attributes: {
          'uid' => 'login',
          'email' => 'email',
        }
      }

      persistent_entry          = build(:ldap_entry)
      persistent_entry['uid']   = ['exampleuid']
      persistent_entry['email'] = ['example@example.com']

      lost_entry          = build(:ldap_entry)
      lost_entry['uid']   = ['exampleuid_lost']
      lost_entry['email'] = ['lost@example.com']

      mocked_ldap = double(
        host:    'ldap.example.com',
        port:    636,
        ssl:     true,
        base_dn: 'dc=example,dc=com'
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      expect(mocked_ldap).to receive(:count).and_return(2)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry).and_yield(lost_entry)

      described_class.import(
        config: config,
        ldap:   mocked_ldap,
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      expect(mocked_ldap).to receive(:count).and_return(1)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry)

      expect do
        described_class.import(
          config: config,
          ldap:   mocked_ldap,
        )
      end.to change {
        User.find_by(email: 'lost@example.com').active
      }
    end

    it 're-activates previously lost users' do

      config = {
        user_filter:     '(objectClass=user)',
        group_filter:    '(objectClass=group)',
        user_uid:        'uid',
        user_attributes: {
          'uid' => 'login',
          'email' => 'email',
        }
      }

      persistent_entry          = build(:ldap_entry)
      persistent_entry['uid']   = ['exampleuid']
      persistent_entry['email'] = ['example@example.com']

      lost_entry          = build(:ldap_entry)
      lost_entry['uid']   = ['exampleuid_lost']
      lost_entry['email'] = ['lost@example.com']

      mocked_ldap = double(
        host:    'ldap.example.com',
        port:    636,
        ssl:     true,
        base_dn: 'dc=example,dc=com'
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      expect(mocked_ldap).to receive(:count).and_return(2)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry).and_yield(lost_entry)

      described_class.import(
        config: config,
        ldap:   mocked_ldap,
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      expect(mocked_ldap).to receive(:count).and_return(1)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry)

      described_class.import(
        config: config,
        ldap:   mocked_ldap,
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      expect(mocked_ldap).to receive(:count).and_return(2)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry).and_yield(lost_entry)

      expect do
        described_class.import(
          config: config,
          ldap:   mocked_ldap,
        )
      end.to change {
        User.find_by(email: 'lost@example.com').active
      }
    end

    it 'deactivates skipped users' do

      config = {
        user_filter:     '(objectClass=user)',
        group_filter:    '(objectClass=group)',
        user_uid:        'uid',
        user_attributes: {
          'uid' => 'login',
          'email' => 'email',
        },
      }

      lost_entry          = build(:ldap_entry)
      lost_entry['uid']   = ['exampleuid']
      lost_entry['email'] = ['example@example.com']

      mocked_ldap = double(
        host:    'ldap.example.com',
        port:    636,
        ssl:     true,
        base_dn: 'dc=example,dc=com'
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      expect(mocked_ldap).to receive(:count).and_return(2)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(lost_entry)

      described_class.import(
        config: config,
        ldap:   mocked_ldap,
      )

      # activate skipping
      config[:unassigned_users] = 'skip_sync'
      config[:group_role_map]   = {
        'dummy' => %w[1 2],
      }

      # group user role mapping
      mocked_entry           = build(:ldap_entry)
      mocked_entry['dn']     = 'dummy'
      mocked_entry['member'] = ['dummy']
      expect(mocked_ldap).to receive(:search).and_yield(mocked_entry)

      # user counting
      expect(mocked_ldap).to receive(:count).and_return(1)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(lost_entry)

      expect do
        described_class.import(
          config: config,
          ldap:   mocked_ldap,
        )
      end.to change {
        User.find_by(email: 'example@example.com').active
      }
    end

    context 'dry run' do

      it "doesn't sync users" do

        config = {
          user_filter:     '(objectClass=user)',
          group_filter:    '(objectClass=group)',
          user_uid:        'uid',
          user_attributes: {
            'uid'   => 'login',
            'email' => 'email',
          }
        }

        mocked_entry = build(:ldap_entry)

        mocked_entry['uid']   = ['exampleuid']
        mocked_entry['email'] = ['example@example.com']

        mocked_ldap = double(
          host:    'ldap.example.com',
          port:    636,
          ssl:     true,
          base_dn: 'dc=example,dc=com'
        )

        # group user role mapping
        expect(mocked_ldap).to receive(:search)
        # user counting
        expect(mocked_ldap).to receive(:count).and_return(1)
        # user search
        expect(mocked_ldap).to receive(:search).and_yield(mocked_entry)

        expect do
          described_class.import(
            config:  config,
            ldap:    mocked_ldap,
            dry_run: true
          )
        end.not_to change {
          User.count
        }
      end

      it "doesn't deactivates lost users" do

        config = {
          user_filter:     '(objectClass=user)',
          group_filter:    '(objectClass=group)',
          user_uid:        'uid',
          user_attributes: {
            'uid' => 'login',
            'email' => 'email',
          }
        }

        persistent_entry          = build(:ldap_entry)
        persistent_entry['uid']   = ['exampleuid']
        persistent_entry['email'] = ['example@example.com']

        lost_entry          = build(:ldap_entry)
        lost_entry['uid']   = ['exampleuid']
        lost_entry['email'] = ['example@example.com']

        mocked_ldap = double(
          host:    'ldap.example.com',
          port:    636,
          ssl:     true,
          base_dn: 'dc=example,dc=com'
        )

        # group user role mapping
        expect(mocked_ldap).to receive(:search)
        # user counting
        expect(mocked_ldap).to receive(:count).and_return(2)
        # user search
        expect(mocked_ldap).to receive(:search).and_yield(persistent_entry).and_yield(lost_entry)

        described_class.import(
          config:  config,
          ldap:    mocked_ldap,
          dry_run: true
        )

        # group user role mapping
        expect(mocked_ldap).to receive(:search)
        # user counting
        expect(mocked_ldap).to receive(:count).and_return(1)
        # user search
        expect(mocked_ldap).to receive(:search).and_yield(persistent_entry)

        expect do
          described_class.import(
            config:  config,
            ldap:    mocked_ldap,
            dry_run: true
          )
        end.not_to change {
          User.count
        }
      end
    end
  end

  describe '.add_to_statistics' do

    it 'responds to .add_to_statistics' do
      expect(described_class).to respond_to(:add_to_statistics)
    end

    it 'adds statistics per user role' do

      mocked_backend_instance = double(
        action:   :created,
        resource: double(
          role_ids: [1, 2]
        )
      )

      # initialize empty statistic
      described_class.reset_statistics

      described_class.add_to_statistics(mocked_backend_instance)

      expected = {
        role_ids: {
          1 => {
            created:     1,
            updated:     0,
            unchanged:   0,
            failed:      0,
            deactivated: 0,
          },
          2 => {
            created:     1,
            updated:     0,
            unchanged:   0,
            failed:      0,
            deactivated: 0,
          },
        },
        skipped:     0,
        created:     1,
        updated:     0,
        unchanged:   0,
        failed:      0,
        deactivated: 0,
      }

      expect(described_class.statistics).to include(expected)
    end

    it 'adds deactivated users' do
      config = {
        user_filter:     '(objectClass=user)',
        group_filter:    '(objectClass=group)',
        user_uid:        'uid',
        user_attributes: {
          'uid' => 'login',
          'email' => 'email',
        }
      }

      persistent_entry          = build(:ldap_entry)
      persistent_entry['uid']   = ['exampleuid']
      persistent_entry['email'] = ['example@example.com']

      lost_entry          = build(:ldap_entry)
      lost_entry['uid']   = ['exampleuid_lost']
      lost_entry['email'] = ['lost@example.com']

      mocked_ldap = double(
        host:    'ldap.example.com',
        port:    636,
        ssl:     true,
        base_dn: 'dc=example,dc=com'
      )

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      allow(mocked_ldap).to receive(:count).and_return(2)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry).and_yield(lost_entry)

      described_class.import(
        config: config,
        ldap:   mocked_ldap,
      )

      # simulate new import
      described_class.reset_statistics

      # group user role mapping
      expect(mocked_ldap).to receive(:search)
      # user counting
      allow(mocked_ldap).to receive(:count).and_return(1)
      # user search
      expect(mocked_ldap).to receive(:search).and_yield(persistent_entry)

      described_class.import(
        config: config,
        ldap:   mocked_ldap,
      )

      expected = {
        skipped:     0,
        created:     0,
        updated:     0,
        unchanged:   1,
        failed:      0,
        deactivated: 1,
      }

      expect(described_class.statistics).to include(expected)
    end

    it 'skips not created instances' do

      mocked_backend_instance = double(
        action:   :skipped,
        resource: nil,
      )

      # initialize empty statistic
      described_class.reset_statistics

      described_class.add_to_statistics(mocked_backend_instance)

      expected = {
        skipped:     1,
        created:     0,
        updated:     0,
        unchanged:   0,
        failed:      0,
        deactivated: 0,
      }

      expect(described_class.statistics).to include(expected)
    end

    it 'skips unwanted actions instances' do

      mocked_backend_instance = double(
        action:   :skipped,
        resource: double(
          role_ids: [1, 2]
        )
      )

      # initialize empty statistic
      described_class.reset_statistics

      described_class.add_to_statistics(mocked_backend_instance)

      expected = {
        skipped:     1,
        created:     0,
        updated:     0,
        unchanged:   0,
        failed:      0,
        deactivated: 0,
      }

      expect(described_class.statistics).to include(expected)
    end

  end

  describe '.user_roles' do

    it 'responds to .user_roles' do
      expect(described_class).to respond_to(:user_roles)
    end

    it 'fetches the user DN to local role mapping' do

      group_dn = 'dn=... admin group...'
      user_dn  = 'dn=... admin user...'

      config = {
        group_filter:   '(objectClass=group)',
        group_role_map: {
          group_dn => %w[1 2],
        }
      }

      mocked_entry = build(:ldap_entry)

      mocked_entry['dn']     = group_dn
      mocked_entry['member'] = [user_dn]

      mocked_ldap = double()
      expect(mocked_ldap).to receive(:search).and_yield(mocked_entry)

      user_roles = described_class.user_roles(
        ldap:   mocked_ldap,
        config: config,
      )

      expected = {
        user_dn => [1, 2]
      }

      expect(user_roles).to be_a(Hash)
      expect(user_roles).to eq(expected)
    end
  end
end