documize/domain/auth/ldap/ad_test.go

// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com

package ldap

import (
	"testing"

	lm "github.com/documize/community/model/auth"
)

// Works against AD server in Azure configured using:
//
//      https://auth0.com/docs/connector/test-dc
//
// Ensure VM network settings open up ports 389 and 636.

var testConfigPublicAD = lm.LDAPConfig{
	ServerType:               lm.ServerTypeAD,
	ServerHost:               "documize-ad.eastus.cloudapp.azure.com",
	ServerPort:               389,
	EncryptionType:           lm.EncryptionTypeNone,
	BaseDN:                   "DC=mycompany,DC=local",
	BindDN:                   "CN=ad-admin,CN=Users,DC=mycompany,DC=local",
	BindPassword:             "8B5tNRLvbk8K",
	UserFilter:               "",
	GroupFilter:              "",
	AttributeUserRDN:         "sAMAccountName",
	AttributeUserFirstname:   "givenName",
	AttributeUserLastname:    "sn",
	AttributeUserEmail:       "mail",
	AttributeUserDisplayName: "",
	AttributeUserGroupName:   "",
	AttributeGroupMember:     "member",
}

func TestUserFilter_PublicAD(t *testing.T) {
	testConfigPublicAD.UserFilter = "(|(objectCategory=person)(objectClass=user)(objectClass=inetOrgPerson))"

	e, err := executeUserFilter(testConfigPublicAD)
	if err != nil {
		t.Error("unable to exeucte user filter", err.Error())
		return
	}
	if len(e) == 0 {
		t.Error("Received zero user LDAP search entries")
		return
	}

	t.Logf("LDAP search entries found: %d", len(e))

	for _, u := range e {
		t.Logf("[%s] %s (%s %s) @ %s\n",
			u.RemoteID, u.CN, u.Firstname, u.Lastname, u.Email)
	}
}

func TestGroupFilter_PublicAD(t *testing.T) {
	testConfigPublicAD.GroupFilter = "(|(cn=Accounting)(cn=IT))"

	e, err := executeGroupFilter(testConfigPublicAD)
	if err != nil {
		t.Error("unable to exeucte group filter", err.Error())
		return
	}
	if len(e) == 0 {
		t.Error("Received zero group LDAP search entries")
		return
	}

	t.Logf("LDAP group search entries found: %d", len(e))

	for _, u := range e {
		t.Logf("[%s] %s (%s %s) @ %s\n",
			u.RemoteID, u.CN, u.Firstname, u.Lastname, u.Email)
	}
}

func TestAuthenticate_PublicAD(t *testing.T) {
	l, err := connect(testConfigPublicAD)
	if err != nil {
		t.Error("Error: unable to dial LDAP server: ", err.Error())
		return
	}
	defer l.Close()

	ok, err := authenticate(l, testConfigPublicAD, "bob.johnson", "Pass@word1!")
	if err != nil {
		t.Error("error during LDAP authentication: ", err.Error())
		return
	}
	if !ok {
		t.Error("failed LDAP authentication")
	}

	t.Log("Authenticated")
}

func TestNotAuthenticate_PublicAD(t *testing.T) {
	l, err := connect(testConfigPublicAD)
	if err != nil {
		t.Error("Error: unable to dial LDAP server: ", err.Error())
		return
	}
	defer l.Close()

	ok, err := authenticate(l, testConfigPublicAD, "junk", "junk")
	if err != nil {
		t.Error("error during LDAP authentication: ", err.Error())
		return
	}
	if ok {
		t.Error("incorrect LDAP authentication")
	}

	t.Log("Not authenticated")
}
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.`
			`//`
			`// This software (Documize Community Edition) is licensed under`
			`// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html`
			`//`
			`// You can operate outside the AGPL restrictions by purchasing`
			`// Documize Enterprise Edition and obtaining a commercial license`
			`// by contacting <sales@documize.com>.`
			`//`
			`// https://documize.com`

			`package ldap`

			`import (`
			`"testing"`

			`lm "github.com/documize/community/model/auth"`
			`)`

Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`// Works against AD server in Azure configured using:`
Process mulitple groups in LDAP/AD group filter 2018-08-30 11:37:05 +01:00			`//`
Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00			`// https://auth0.com/docs/connector/test-dc`
Process mulitple groups in LDAP/AD group filter 2018-08-30 11:37:05 +01:00			`//`
			`// Ensure VM network settings open up ports 389 and 636.`

Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00			`var testConfigPublicAD = lm.LDAPConfig{`
			`ServerType: lm.ServerTypeAD,`
			`ServerHost: "documize-ad.eastus.cloudapp.azure.com",`
			`ServerPort: 389,`
Discrete data loading functions 2018-09-01 14:50:37 +01:00			`EncryptionType: lm.EncryptionTypeNone,`
Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00			`BaseDN: "DC=mycompany,DC=local",`
			`BindDN: "CN=ad-admin,CN=Users,DC=mycompany,DC=local",`
			`BindPassword: "8B5tNRLvbk8K",`
			`UserFilter: "",`
			`GroupFilter: "",`
			`AttributeUserRDN: "sAMAccountName",`
			`AttributeUserFirstname: "givenName",`
			`AttributeUserLastname: "sn",`
			`AttributeUserEmail: "mail",`
			`AttributeUserDisplayName: "",`
			`AttributeUserGroupName: "",`
			`AttributeGroupMember: "member",`
			`}`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`func TestUserFilter_PublicAD(t *testing.T) {`
Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00			`testConfigPublicAD.UserFilter = "(\|(objectCategory=person)(objectClass=user)(objectClass=inetOrgPerson))"`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`e, err := executeUserFilter(testConfigPublicAD)`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`if err != nil {`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Error("unable to exeucte user filter", err.Error())`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`return`
			`}`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`if len(e) == 0 {`
Discrete data loading functions 2018-09-01 14:50:37 +01:00			`t.Error("Received zero user LDAP search entries")`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`return`
			`}`

Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Logf("LDAP search entries found: %d", len(e))`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`for _, u := range e {`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`t.Logf("[%s] %s (%s %s) @ %s\n",`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`u.RemoteID, u.CN, u.Firstname, u.Lastname, u.Email)`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`}`
			`}`

Discrete data loading functions 2018-09-01 14:50:37 +01:00			`func TestGroupFilter_PublicAD(t *testing.T) {`
Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00			`testConfigPublicAD.GroupFilter = "(\|(cn=Accounting)(cn=IT))"`

Discrete data loading functions 2018-09-01 14:50:37 +01:00			`e, err := executeGroupFilter(testConfigPublicAD)`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`if err != nil {`
Discrete data loading functions 2018-09-01 14:50:37 +01:00			`t.Error("unable to exeucte group filter", err.Error())`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`return`
			`}`
Discrete data loading functions 2018-09-01 14:50:37 +01:00			`if len(e) == 0 {`
			`t.Error("Received zero group LDAP search entries")`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`return`
			`}`

Discrete data loading functions 2018-09-01 14:50:37 +01:00			`t.Logf("LDAP group search entries found: %d", len(e))`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00
Discrete data loading functions 2018-09-01 14:50:37 +01:00			`for _, u := range e {`
			`t.Logf("[%s] %s (%s %s) @ %s\n",`
			`u.RemoteID, u.CN, u.Firstname, u.Lastname, u.Email)`
LDAP group fetching and AD connectivity 2018-08-29 16:20:37 +01:00			`}`
			`}`
Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`func TestAuthenticate_PublicAD(t *testing.T) {`
			`l, err := connect(testConfigPublicAD)`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`if err != nil {`
Refactor LDAP tests with reusable code 2018-08-30 16:01:36 +01:00			`t.Error("Error: unable to dial LDAP server: ", err.Error())`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`return`
			`}`
			`defer l.Close()`

Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`ok, err := authenticate(l, testConfigPublicAD, "bob.johnson", "Pass@word1!")`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`if err != nil {`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Error("error during LDAP authentication: ", err.Error())`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`return`
			`}`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`if !ok {`
			`t.Error("failed LDAP authentication")`
			`}`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Log("Authenticated")`
			`}`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`func TestNotAuthenticate_PublicAD(t *testing.T) {`
			`l, err := connect(testConfigPublicAD)`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`if err != nil {`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Error("Error: unable to dial LDAP server: ", err.Error())`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`return`
			`}`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`defer l.Close()`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`ok, err := authenticate(l, testConfigPublicAD, "junk", "junk")`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`if err != nil {`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Error("error during LDAP authentication: ", err.Error())`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`return`
			`}`
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`if ok {`
			`t.Error("incorrect LDAP authentication")`
			`}`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00
Refactor LDAP code into discrete functions 2018-08-31 21:00:51 +01:00			`t.Log("Not authenticated")`
Authentication tests against LDAP and AD 2018-08-29 16:58:54 +01:00			`}`