Gitblit devel
view | history | commit | commitdiff
James Moger
2012-10-01 eb1405f736f2f98e14215774dd53eea9b9a77017
commit | author | age
f3b625 1 /*
JC 2  * Copyright 2012 John Crygier
3  * Copyright 2012 gitblit.com
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package com.gitblit.tests;
18
7e0ce4 19 import static org.junit.Assert.assertEquals;
98b4b9 20 import static org.junit.Assert.assertNotNull;
JM 21 import static org.junit.Assert.assertNull;
22 import static org.junit.Assert.assertTrue;
f3b625 23
JC 24 import java.util.HashMap;
25 import java.util.Map;
26
27 import org.junit.Before;
7e0ce4 28 import org.junit.BeforeClass;
f3b625 29 import org.junit.Test;
JC 30
31 import com.gitblit.LdapUserService;
32 import com.gitblit.models.UserModel;
33 import com.gitblit.tests.mock.MemorySettings;
34 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
35 import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
36 import com.unboundid.ldap.listener.InMemoryListenerConfig;
37 import com.unboundid.ldif.LDIFReader;
38
39 /**
40  * An Integration test for LDAP that tests going against an in-memory UnboundID
41  * LDAP server.
42  * 
43  * @author jcrygier
44  *
45  */
46 public class LdapUserServiceTest {
47     
48     private LdapUserService ldapUserService;
49     
d2426e 50     static int ldapPort = 1389;
98b4b9 51     
7e0ce4 52     @BeforeClass
JC 53     public static void createInMemoryLdapServer() throws Exception {
f3b625 54         InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=MyDomain");
JC 55         config.addAdditionalBindCredentials("cn=Directory Manager", "password");
98b4b9 56         config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", ldapPort));
f3b625 57         config.setSchema(null);
JC 58         
59         InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
7e0ce4 60         ds.importFromLDIF(true, new LDIFReader(LdapUserServiceTest.class.getResourceAsStream("resources/ldapUserServiceSampleData.ldif")));
f3b625 61         ds.startListening();
JC 62     }
63     
64     @Before
65     public void createLdapUserService() {
7e0ce4 66         ldapUserService = new LdapUserService();
JC 67         ldapUserService.setup(getSettings());
68     }
69     
70     private MemorySettings getSettings() {
874be0 71         Map<String, Object> backingMap = new HashMap<String, Object>();
98b4b9 72         backingMap.put("realm.ldap.server", "ldap://localhost:" + ldapPort);
f3b625 73         backingMap.put("realm.ldap.domain", "");
JC 74         backingMap.put("realm.ldap.username", "cn=Directory Manager");
75         backingMap.put("realm.ldap.password", "password");
76         backingMap.put("realm.ldap.backingUserService", "users.conf");
77         backingMap.put("realm.ldap.maintainTeams", "true");
78         backingMap.put("realm.ldap.accountBase", "OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
79         backingMap.put("realm.ldap.accountPattern", "(&(objectClass=person)(sAMAccountName=${username}))");
80         backingMap.put("realm.ldap.groupBase", "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain");
81         backingMap.put("realm.ldap.groupPattern", "(&(objectClass=group)(member=${dn}))");
3d699c 82         backingMap.put("realm.ldap.admins", "UserThree @Git_Admins \"@Git Admins\"");
7e0ce4 83         backingMap.put("realm.ldap.displayName", "displayName");
JC 84         backingMap.put("realm.ldap.email", "email");
f3b625 85         
JC 86         MemorySettings ms = new MemorySettings(backingMap);
7e0ce4 87         return ms;
f3b625 88     }
JC 89     
90     @Test
91     public void testAuthenticate() {        
92         UserModel userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
93         assertNotNull(userOneModel);
94         assertNotNull(userOneModel.getTeam("git_admins"));
95         assertNotNull(userOneModel.getTeam("git_users"));
96         assertTrue(userOneModel.canAdmin);
97         
98         UserModel userOneModelFailedAuth = ldapUserService.authenticate("UserOne", "userTwoPassword".toCharArray());
99         assertNull(userOneModelFailedAuth);
100         
101         UserModel userTwoModel = ldapUserService.authenticate("UserTwo", "userTwoPassword".toCharArray());
102         assertNotNull(userTwoModel);
103         assertNotNull(userTwoModel.getTeam("git_users"));
104         assertNull(userTwoModel.getTeam("git_admins"));
3d699c 105         assertNotNull(userTwoModel.getTeam("git admins"));
U 106         assertTrue(userTwoModel.canAdmin);
f3b625 107         
JC 108         UserModel userThreeModel = ldapUserService.authenticate("UserThree", "userThreePassword".toCharArray());
109         assertNotNull(userThreeModel);
110         assertNotNull(userThreeModel.getTeam("git_users"));
111         assertNull(userThreeModel.getTeam("git_admins"));
112         assertTrue(userThreeModel.canAdmin);
113     }
7e0ce4 114     
JC 115     @Test
116     public void testDisplayName() {
117         UserModel userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
118         assertNotNull(userOneModel);
119         assertEquals("User One", userOneModel.displayName);
120         
121         // Test more complicated scenarios - concat
122         MemorySettings ms = getSettings();
123         ms.put("realm.ldap.displayName", "${personalTitle}. ${givenName} ${surname}");
124         ldapUserService = new LdapUserService();
125         ldapUserService.setup(ms);
126         
127         userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
128         assertNotNull(userOneModel);
129         assertEquals("Mr. User One", userOneModel.displayName);
130     }
131     
132     @Test
133     public void testEmail() {
134         UserModel userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
135         assertNotNull(userOneModel);
136         assertEquals("userone@gitblit.com", userOneModel.emailAddress);
137         
138         // Test more complicated scenarios - concat
139         MemorySettings ms = getSettings();
140         ms.put("realm.ldap.email", "${givenName}.${surname}@gitblit.com");
141         ldapUserService = new LdapUserService();
142         ldapUserService.setup(ms);
143         
144         userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
145         assertNotNull(userOneModel);
146         assertEquals("User.One@gitblit.com", userOneModel.emailAddress);
147     }
148     
149     @Test
150     public void testLdapInjection() {
151         // Inject so "(&(objectClass=person)(sAMAccountName=${username}))" becomes "(&(objectClass=person)(sAMAccountName=*)(userPassword=userOnePassword))"
152         // Thus searching by password
153         
154         UserModel userOneModel = ldapUserService.authenticate("*)(userPassword=userOnePassword", "userOnePassword".toCharArray());
155         assertNull(userOneModel);
156     }
f3b625 157
JC 158 }