ldap_spec.rb 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340
  1. require 'rails_helper'
  2. RSpec.describe Ldap do
  3. context 'initialization config parameters' do
  4. # required as 'let' to perform test based
  5. # expectations and reuse it in mock_initialization
  6. # as return param of Net::LDAP.new
  7. let(:mocked_ldap) { double(bind: true) }
  8. def mock_initialization(given:, expected:)
  9. expect(Net::LDAP).to receive(:new).with(expected).and_return(mocked_ldap)
  10. described_class.new(given)
  11. end
  12. it 'uses explicit host and port' do
  13. config = {
  14. host: 'localhost',
  15. port: 1337,
  16. }
  17. mock_initialization(
  18. given: config,
  19. expected: config,
  20. )
  21. end
  22. context 'bind credentials' do
  23. it 'uses given credentials' do
  24. config = {
  25. host: 'localhost',
  26. port: 1337,
  27. bind_user: 'JohnDoe',
  28. bind_pw: 'zammad',
  29. }
  30. params = {
  31. host: 'localhost',
  32. port: 1337,
  33. }
  34. expect(mocked_ldap).to receive(:auth).with(config[:bind_user], config[:bind_pw])
  35. mock_initialization(
  36. given: config,
  37. expected: params,
  38. )
  39. end
  40. it 'requires bind_user' do
  41. config = {
  42. host: 'localhost',
  43. port: 1337,
  44. bind_pw: 'zammad',
  45. }
  46. params = {
  47. host: 'localhost',
  48. port: 1337,
  49. }
  50. expect(mocked_ldap).not_to receive(:auth).with(config[:bind_user], config[:bind_pw])
  51. mock_initialization(
  52. given: config,
  53. expected: params,
  54. )
  55. end
  56. it 'requires bind_pw' do
  57. config = {
  58. host: 'localhost',
  59. port: 1337,
  60. bind_user: 'JohnDoe',
  61. }
  62. params = {
  63. host: 'localhost',
  64. port: 1337,
  65. }
  66. expect(mocked_ldap).not_to receive(:auth).with(config[:bind_user], config[:bind_pw])
  67. mock_initialization(
  68. given: config,
  69. expected: params,
  70. )
  71. end
  72. end
  73. it 'extracts port from host' do
  74. config = {
  75. host: 'localhost:1337'
  76. }
  77. params = {
  78. host: 'localhost',
  79. port: 1337,
  80. }
  81. mock_initialization(
  82. given: config,
  83. expected: params,
  84. )
  85. end
  86. context 'host_url' do
  87. it 'parses protocol and host' do
  88. config = {
  89. host_url: 'ldaps://localhost'
  90. }
  91. params = {
  92. host: 'localhost',
  93. port: 636,
  94. encryption: Hash
  95. }
  96. mock_initialization(
  97. given: config,
  98. expected: params,
  99. )
  100. end
  101. it 'prefers parsing over explicit parameters' do
  102. config = {
  103. host: 'anotherhost',
  104. port: 7777,
  105. host_url: 'ldap://localhost:389'
  106. }
  107. params = {
  108. host: 'localhost',
  109. port: 389,
  110. }
  111. mock_initialization(
  112. given: config,
  113. expected: params,
  114. )
  115. end
  116. end
  117. it 'falls back to default ldap port' do
  118. config = {
  119. host: 'localhost',
  120. }
  121. params = {
  122. host: 'localhost',
  123. port: 389,
  124. }
  125. mock_initialization(
  126. given: config,
  127. expected: params,
  128. )
  129. end
  130. it 'uses explicit ssl' do
  131. config = {
  132. host: 'localhost',
  133. port: 1337,
  134. ssl: true,
  135. }
  136. expected = {
  137. host: 'localhost',
  138. port: 1337,
  139. encryption: Hash,
  140. }
  141. mock_initialization(
  142. given: config,
  143. expected: expected,
  144. )
  145. end
  146. it "uses 'ldap_config' Setting as fallback" do
  147. config = {
  148. host: 'localhost',
  149. port: 1337,
  150. }
  151. expect(Setting).to receive(:get).with('ldap_config').and_return(config)
  152. mock_initialization(
  153. given: nil,
  154. expected: config,
  155. )
  156. end
  157. end
  158. context 'instance methods' do
  159. # required as 'let' to perform test based
  160. # expectations and reuse it in 'let' instance
  161. # as return param of Net::LDAP.new
  162. let(:mocked_ldap) { double(bind: true) }
  163. let(:instance) do
  164. expect(Net::LDAP).to receive(:new).and_return(mocked_ldap)
  165. described_class.new(
  166. host: 'localhost',
  167. port: 1337,
  168. )
  169. end
  170. context '#preferences' do
  171. it 'responds to #preferences' do
  172. expect(instance).to respond_to(:preferences)
  173. end
  174. it 'returns preferences' do
  175. attributes = {
  176. namingcontexts: ['ou=dep1,ou=org', 'ou=dep2,ou=org']
  177. }
  178. expect(mocked_ldap).to receive(:search_root_dse).and_return(attributes)
  179. expect(instance.preferences).to eq(attributes)
  180. end
  181. end
  182. context '#search' do
  183. let(:base) { 'DC=domain,DC=tld' }
  184. let(:filter) { '(objectClass=user)' }
  185. it 'responds to #search' do
  186. expect(instance).to respond_to(:search)
  187. end
  188. it 'performs search for a filter, base and scope and yields of returned entries' do
  189. scope = Net::LDAP::SearchScope_BaseObject
  190. additional = {
  191. base: base,
  192. scope: scope,
  193. }
  194. expected = {
  195. filter: filter,
  196. base: base,
  197. scope: scope,
  198. }
  199. yield_entry = build(:ldap_entry)
  200. expect(mocked_ldap).to receive(:search).with(include(expected)).and_yield(yield_entry).and_return(true)
  201. check_entry = nil
  202. instance.search(filter, additional) { |entry| check_entry = entry }
  203. expect(check_entry).to eq(yield_entry)
  204. end
  205. it 'falls back to whole subtree scope search' do
  206. additional = {
  207. base: base,
  208. }
  209. expected = {
  210. filter: filter,
  211. base: base,
  212. scope: Net::LDAP::SearchScope_WholeSubtree,
  213. }
  214. yield_entry = build(:ldap_entry)
  215. expect(mocked_ldap).to receive(:search).with(include(expected)).and_yield(yield_entry).and_return(true)
  216. check_entry = nil
  217. instance.search(filter, additional) { |entry| check_entry = entry }
  218. expect(check_entry).to eq(yield_entry)
  219. end
  220. it 'falls back to base_dn configuration parameter' do
  221. expected = {
  222. filter: filter,
  223. base: base,
  224. scope: Net::LDAP::SearchScope_WholeSubtree,
  225. }
  226. expect(Net::LDAP).to receive(:new).and_return(mocked_ldap)
  227. instance = described_class.new(
  228. host: 'localhost',
  229. port: 1337,
  230. base_dn: base,
  231. )
  232. yield_entry = build(:ldap_entry)
  233. expect(mocked_ldap).to receive(:search).with(include(expected)).and_yield(yield_entry).and_return(true)
  234. check_entry = nil
  235. instance.search(filter) { |entry| check_entry = entry }
  236. expect(check_entry).to eq(yield_entry)
  237. end
  238. end
  239. context '#entries?' do
  240. let(:filter) { '(objectClass=user)' }
  241. it 'responds to #entries?' do
  242. expect(instance).to respond_to(:entries?)
  243. end
  244. it 'returns true if entries are present' do
  245. params = {
  246. filter: filter
  247. }
  248. expect(mocked_ldap).to receive(:search).with(include(params)).and_yield(build(:ldap_entry)).and_return(nil)
  249. expect(instance.entries?(filter)).to be true
  250. end
  251. it 'returns false if no entries are present' do
  252. params = {
  253. filter: filter
  254. }
  255. expect(mocked_ldap).to receive(:search).with(include(params)).and_return(true)
  256. expect(instance.entries?(filter)).to be false
  257. end
  258. end
  259. end
  260. end