Refactor LDAP tests with reusable code

2025-07-27 09:09:44 +02:00 · 2018-08-30 16:01:36 +01:00 · 2018-08-30 16:01:36 +01:00 · a7865d0f71
commit a7865d0f71
parent 7df0fbcb2b
5 changed files with 346 additions and 375 deletions
--- a/domain/auth/ldap/public_test.go
+++ b/domain/auth/ldap/public_test.go
@ -1,4 +1,4 @@
-// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+// Copyright 2016 Documize IntestConfigPublicLDAP. <legal@documize.com>. All rights reserved.
 //
 // This software (Documize Community Edition) is licensed under
 // GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
@ -12,7 +12,6 @@
 package ldap

 import (
-	"crypto/tls"
 	"fmt"
 	"strings"
 	"testing"
@ -23,61 +22,50 @@ import (

 // Works against https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

+var testConfigPublicLDAP = lm.LDAPConfig{
+	ServerType:               lm.ServerTypeLDAP,
+	ServerHost:               "ldap.forumsys.com",
+	ServerPort:               389,
+	EncryptionType:           "none",
+	BaseDN:                   "dc=example,dc=com",
+	BindDN:                   "cn=read-only-admin,dc=example,dc=com",
+	BindPassword:             "password",
+	UserFilter:               "",
+	GroupFilter:              "",
+	AttributeUserRDN:         "uid",
+	AttributeUserFirstname:   "givenName",
+	AttributeUserLastname:    "sn",
+	AttributeUserEmail:       "mail",
+	AttributeUserDisplayName: "",
+	AttributeUserGroupName:   "",
+	AttributeGroupMember:     "uniqueMember",
+}
+
 func TestPublicLDAPServer_UserList(t *testing.T) {
-	c := lm.LDAPConfig{}
-	c.ServerHost = "ldap.forumsys.com"
-	c.ServerPort = 389
-	c.EncryptionType = "none"
-	c.BaseDN = "dc=example,dc=com"
-	c.BindDN = "cn=read-only-admin,dc=example,dc=com"
-	c.BindPassword = "password"
-	c.UserFilter = ""
-	c.GroupFilter = ""
+	testConfigPublicLDAP.UserFilter = "(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))"
+	testConfigPublicLDAP.GroupFilter = ""
+	userAttrs := testConfigPublicLDAP.GetUserFilterAttributes()

-	address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
-
-	t.Log("Connecting to LDAP server", address)
-
-	l, err := ld.Dial("tcp", address)
+	l, err := Connect(testConfigPublicLDAP)
 	if err != nil {
 		t.Error("Error: unable to dial LDAP server: ", err.Error())
 		return
 	}
 	defer l.Close()

-	if c.EncryptionType == "starttls" {
-		t.Log("Using StartTLS with LDAP server")
-		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			t.Error("Error: unable to startTLS with LDAP server: ", err.Error())
-			return
-		}
-	}
-
 	// Authenticate with LDAP server using admin credentials.
 	t.Log("Binding LDAP admin user")
-	err = l.Bind(c.BindDN, c.BindPassword)
+	err = l.Bind(testConfigPublicLDAP.BindDN, testConfigPublicLDAP.BindPassword)
 	if err != nil {
 		t.Error("Error: unable to bind specified admin user to LDAP: ", err.Error())
 		return
 	}

-	// Get users from LDAP server by using filter
-	filter := ""
-	attrs := []string{}
-	if len(c.GroupFilter) > 0 {
-		filter = fmt.Sprintf("(&(objectClass=group)(cn=%s))", c.GroupFilter)
-		attrs = []string{"cn"}
-	} else {
-		filter = "(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))"
-		attrs = []string{"dn", "cn", "givenName", "sn", "mail", "uid"}
-	}
-
 	searchRequest := ld.NewSearchRequest(
-		c.BaseDN,
+		testConfigPublicLDAP.BaseDN,
 		ld.ScopeWholeSubtree, ld.NeverDerefAliases, 0, 0, false,
-		filter,
-		attrs,
+		testConfigPublicLDAP.UserFilter,
+		userAttrs,
 		nil,
 	)

@ -94,75 +82,45 @@ func TestPublicLDAPServer_UserList(t *testing.T) {
 	}

 	for _, entry := range sr.Entries {
-		fmt.Printf("[%s] %s (%s %s) @ %s\n",
-			entry.GetAttributeValue("uid"),
+		t.Logf("[%s] %s (%s %s) @ %s\n",
+			entry.GetAttributeValue(testConfigPublicLDAP.AttributeUserRDN),
 			entry.GetAttributeValue("cn"),
-			entry.GetAttributeValue("givenName"),
-			entry.GetAttributeValue("sn"),
-			entry.GetAttributeValue("mail"))
+			entry.GetAttributeValue(testConfigPublicLDAP.AttributeUserFirstname),
+			entry.GetAttributeValue(testConfigPublicLDAP.AttributeUserLastname),
+			entry.GetAttributeValue(testConfigPublicLDAP.AttributeUserEmail))
 	}
 }

 func TestPublicLDAPServer_Groups(t *testing.T) {
-	c := lm.LDAPConfig{}
-	c.ServerHost = "ldap.forumsys.com"
-	c.ServerPort = 389
-	c.EncryptionType = "none"
-	c.BaseDN = "dc=example,dc=com"
-	c.BindDN = "cn=read-only-admin,dc=example,dc=com"
-	c.BindPassword = "password"
-	c.UserFilter = ""
-	c.GroupFilter = "(|(ou=mathematicians)(ou=chemists))"
+	testConfigPublicLDAP.UserFilter = ""
+	testConfigPublicLDAP.GroupFilter = "(|(ou=mathematicians)(ou=chemists))"
+	groupAttrs := testConfigPublicLDAP.GetGroupFilterAttributes()
+	userAttrs := testConfigPublicLDAP.GetUserFilterAttributes()

-	address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
-	t.Log("Connecting to LDAP server", address)
-	l, err := ld.Dial("tcp", address)
+	l, err := Connect(testConfigPublicLDAP)
 	if err != nil {
 		t.Error("Error: unable to dial LDAP server: ", err.Error())
 		return
 	}
 	defer l.Close()

-	if c.EncryptionType == "starttls" {
-		t.Log("Using StartTLS with LDAP server")
-		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			t.Error("Error: unable to startTLS with LDAP server: ", err.Error())
-			return
-		}
-	}
-
 	// Authenticate with LDAP server using admin credentials.
 	t.Log("Binding LDAP admin user")
-	err = l.Bind(c.BindDN, c.BindPassword)
+	err = l.Bind(testConfigPublicLDAP.BindDN, testConfigPublicLDAP.BindPassword)
 	if err != nil {
 		t.Error("Error: unable to bind specified admin user to LDAP: ", err.Error())
 		return
 	}

-	// Get users from LDAP server by using filter
-	filter := ""
-	attrs := []string{}
-	if len(c.GroupFilter) > 0 {
-		filter = c.GroupFilter
-		attrs = []string{"dn", "cn", "uniqueMember"}
-	} else if len(c.UserFilter) > 0 {
-		filter = c.UserFilter
-		attrs = []string{"dn", "cn", "givenName", "sn", "mail", "uid"}
-	} else {
-		filter = "(|(objectClass=person)(objectClass=user)(objectClass=inetOrgPerson))"
-		attrs = []string{"dn", "cn", "givenName", "sn", "mail", "uid"}
-	}
-
 	searchRequest := ld.NewSearchRequest(
-		c.BaseDN,
+		testConfigPublicLDAP.BaseDN,
 		ld.ScopeWholeSubtree, ld.NeverDerefAliases, 0, 0, false,
-		filter,
-		attrs,
+		testConfigPublicLDAP.GroupFilter,
+		groupAttrs,
 		nil,
 	)

-	t.Log("LDAP search filter:", filter)
+	t.Log("LDAP search filter:", testConfigPublicLDAP.GroupFilter)
 	sr, err := l.Search(searchRequest)
 	if err != nil {
 		t.Error("Error: unable to execute directory search: ", err.Error())
@ -179,7 +137,7 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
 	for _, group := range sr.Entries {
 		t.Log("Found group", group.DN)

-		rawMembers := group.GetAttributeValues("uniqueMember")
+		rawMembers := group.GetAttributeValues(testConfigPublicLDAP.AttributeGroupMember)
 		if len(rawMembers) == 0 {
 			t.Log("Error: group member attribute returned no users")
 			continue
@ -196,10 +154,10 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
 			filter := fmt.Sprintf("(%s)", parts[0])

 			usr := ld.NewSearchRequest(
-				c.BaseDN,
+				testConfigPublicLDAP.BaseDN,
 				ld.ScopeWholeSubtree, ld.NeverDerefAliases, 0, 0, false,
 				filter,
-				[]string{"dn", "cn", "givenName", "sn", "mail", "uid"},
+				userAttrs,
 				nil,
 			)
 			ue, err := l.Search(usr)
@ -210,7 +168,12 @@ func TestPublicLDAPServer_Groups(t *testing.T) {

 			if len(ue.Entries) > 0 {
 				for _, ur := range ue.Entries {
-					t.Logf("%s", ur.GetAttributeValue("mail"))
+					t.Logf("[%s] %s (%s %s) @ %s\n",
+						ur.GetAttributeValue(testConfigPublicLDAP.AttributeUserRDN),
+						ur.GetAttributeValue("cn"),
+						ur.GetAttributeValue(testConfigPublicLDAP.AttributeUserFirstname),
+						ur.GetAttributeValue(testConfigPublicLDAP.AttributeUserLastname),
+						ur.GetAttributeValue(testConfigPublicLDAP.AttributeUserEmail))
 				}
 			} else {
 				t.Log("group member search failed:", filter)
@ -220,37 +183,20 @@ func TestPublicLDAPServer_Groups(t *testing.T) {
 }

 func TestPublicLDAP_Authenticate(t *testing.T) {
-	c := lm.LDAPConfig{}
-	c.ServerHost = "ldap.forumsys.com"
-	c.ServerPort = 389
-	c.EncryptionType = "none"
-	c.BaseDN = "dc=example,dc=com"
-	c.BindDN = "cn=read-only-admin,dc=example,dc=com"
-	c.BindPassword = "password"
-	c.UserFilter = ""
-	c.GroupFilter = ""
+	testConfigPublicLDAP.UserFilter = ""
+	testConfigPublicLDAP.GroupFilter = ""
+	userAttrs := testConfigPublicLDAP.GetUserFilterAttributes()

-	address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
-	t.Log("Connecting to LDAP server", address)
-	l, err := ld.Dial("tcp", address)
+	l, err := Connect(testConfigPublicLDAP)
 	if err != nil {
-		t.Error("Error: unable to dial AD server: ", err.Error())
+		t.Error("Error: unable to dial LDAP server: ", err.Error())
 		return
 	}
 	defer l.Close()

-	if c.EncryptionType == "starttls" {
-		t.Log("Using StartTLS with LDAP server")
-		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			t.Error("Error: unable to startTLS with LDAP server: ", err.Error())
-			return
-		}
-	}
-
 	// Authenticate with LDAP server using admin credentials.
 	t.Log("Binding LDAP admin user")
-	err = l.Bind(c.BindDN, c.BindPassword)
+	err = l.Bind(testConfigPublicLDAP.BindDN, testConfigPublicLDAP.BindPassword)
 	if err != nil {
 		t.Error("Error: unable to bind specified admin user to LDAP: ", err.Error())
 		return
@ -258,13 +204,13 @@ func TestPublicLDAP_Authenticate(t *testing.T) {

 	username := "newton"
 	password := "password"
-	filter := fmt.Sprintf("(uid=%s)", username)
+	filter := fmt.Sprintf("(%s=%s)", testConfigPublicLDAP.AttributeUserRDN, username)

 	searchRequest := ld.NewSearchRequest(
-		c.BaseDN,
+		testConfigPublicLDAP.BaseDN,
 		ld.ScopeWholeSubtree, ld.NeverDerefAliases, 0, 0, false,
 		filter,
-		[]string{"mail"},
+		userAttrs,
 		nil,
 	)