lemur/lemur/tests/test_ldap.py

83 lines
2.7 KiB
Python

import pytest
from lemur.auth.ldap import * # noqa
from mock import patch, MagicMock
class LdapPrincipalTester(LdapPrincipal):
def __init__(self, args):
super().__init__(args)
self.ldap_server = "ldap://localhost"
def bind_test(self):
groups = [
(
"user",
{
"memberOf": [
"CN=Lemur Access,OU=Groups,DC=example,DC=com".encode("utf-8"),
"CN=Pen Pushers,OU=Groups,DC=example,DC=com".encode("utf-8"),
]
},
)
]
self.ldap_client = MagicMock()
self.ldap_client.search_s.return_value = groups
self._bind()
def authorize_test_groups_to_roles_admin(self):
self.ldap_groups = "".join(
[
"CN=Pen Pushers,OU=Groups,DC=example,DC=com",
"CN=Lemur Admins,OU=Groups,DC=example,DC=com",
"CN=Lemur Read Only,OU=Groups,DC=example,DC=com",
]
)
self.ldap_required_group = None
self.ldap_groups_to_roles = {
"Lemur Admins": "admin",
"Lemur Read Only": "read-only",
}
return self._authorize()
def authorize_test_required_group(self, group):
self.ldap_groups = "".join(
[
"CN=Lemur Access,OU=Groups,DC=example,DC=com",
"CN=Pen Pushers,OU=Groups,DC=example,DC=com",
]
)
self.ldap_required_group = group
return self._authorize()
@pytest.fixture()
def principal(session):
args = {"username": "user", "password": "p4ssw0rd"}
yield LdapPrincipalTester(args)
class TestLdapPrincipal:
@patch("ldap.initialize")
def test_bind(self, app, principal):
self.test_ldap_user = principal
self.test_ldap_user.bind_test()
group = "Pen Pushers"
assert group in self.test_ldap_user.ldap_groups
assert self.test_ldap_user.ldap_principal == "user@example.com"
def test_authorize_groups_to_roles_admin(self, app, principal):
self.test_ldap_user = principal
roles = self.test_ldap_user.authorize_test_groups_to_roles_admin()
assert any(x.name == "admin" for x in roles)
def test_authorize_required_group_missing(self, app, principal):
self.test_ldap_user = principal
roles = self.test_ldap_user.authorize_test_required_group("Not Allowed")
assert not roles
def test_authorize_required_group_access(self, session, principal):
self.test_ldap_user = principal
roles = self.test_ldap_user.authorize_test_required_group("Lemur Access")
assert len(roles) >= 1
assert any(x.name == "user@example.com" for x in roles)