forgejo/integrations/auth_ldap_test.go

// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package integrations

import (
	"net/http"
	"os"
	"strings"
	"testing"

	"code.gitea.io/gitea/models"

	"github.com/stretchr/testify/assert"
	"github.com/unknwon/i18n"
)

type ldapUser struct {
	UserName    string
	Password    string
	FullName    string
	Email       string
	OtherEmails []string
	IsAdmin     bool
	SSHKeys     []string
}

var gitLDAPUsers = []ldapUser{
	{
		UserName:    "professor",
		Password:    "professor",
		FullName:    "Hubert Farnsworth",
		Email:       "professor@planetexpress.com",
		OtherEmails: []string{"hubert@planetexpress.com"},
		IsAdmin:     true,
	},
	{
		UserName: "hermes",
		Password: "hermes",
		FullName: "Conrad Hermes",
		Email:    "hermes@planetexpress.com",
		SSHKeys: []string{
			"SHA256:qLY06smKfHoW/92yXySpnxFR10QFrLdRjf/GNPvwcW8",
			"SHA256:QlVTuM5OssDatqidn2ffY+Lc4YA5Fs78U+0KOHI51jQ",
			"SHA256:DXdeUKYOJCSSmClZuwrb60hUq7367j4fA+udNC3FdRI",
		},
		IsAdmin: true,
	},
	{
		UserName: "fry",
		Password: "fry",
		FullName: "Philip Fry",
		Email:    "fry@planetexpress.com",
	},
	{
		UserName: "leela",
		Password: "leela",
		FullName: "Leela Turanga",
		Email:    "leela@planetexpress.com",
	},
	{
		UserName: "bender",
		Password: "bender",
		FullName: "Bender Rodríguez",
		Email:    "bender@planetexpress.com",
	},
}

var otherLDAPUsers = []ldapUser{
	{
		UserName: "zoidberg",
		Password: "zoidberg",
		FullName: "John Zoidberg",
		Email:    "zoidberg@planetexpress.com",
	},
	{
		UserName: "amy",
		Password: "amy",
		FullName: "Amy Kroker",
		Email:    "amy@planetexpress.com",
	},
}

func skipLDAPTests() bool {
	return os.Getenv("TEST_LDAP") != "1"
}

func getLDAPServerHost() string {
	host := os.Getenv("TEST_LDAP_HOST")
	if len(host) == 0 {
		host = "ldap"
	}
	return host
}

func addAuthSourceLDAP(t *testing.T, sshKeyAttribute string) {
	session := loginUser(t, "user1")
	csrf := GetCSRF(t, session, "/admin/auths/new")
	req := NewRequestWithValues(t, "POST", "/admin/auths/new", map[string]string{
		"_csrf":                    csrf,
		"type":                     "2",
		"name":                     "ldap",
		"host":                     getLDAPServerHost(),
		"port":                     "389",
		"bind_dn":                  "uid=gitea,ou=service,dc=planetexpress,dc=com",
		"bind_password":            "password",
		"user_base":                "ou=people,dc=planetexpress,dc=com",
		"filter":                   "(&(objectClass=inetOrgPerson)(memberOf=cn=git,ou=people,dc=planetexpress,dc=com)(uid=%s))",
		"admin_filter":             "(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)",
		"attribute_username":       "uid",
		"attribute_name":           "givenName",
		"attribute_surname":        "sn",
		"attribute_mail":           "mail",
		"attribute_ssh_public_key": sshKeyAttribute,
		"is_sync_enabled":          "on",
		"is_active":                "on",
	})
	session.MakeRequest(t, req, http.StatusFound)
}

func TestLDAPUserSignin(t *testing.T) {
	if skipLDAPTests() {
		t.Skip()
		return
	}
	defer prepareTestEnv(t)()
	addAuthSourceLDAP(t, "")

	u := gitLDAPUsers[0]

	session := loginUserWithPassword(t, u.UserName, u.Password)
	req := NewRequest(t, "GET", "/user/settings")
	resp := session.MakeRequest(t, req, http.StatusOK)

	htmlDoc := NewHTMLParser(t, resp.Body)

	assert.Equal(t, u.UserName, htmlDoc.GetInputValueByName("name"))
	assert.Equal(t, u.FullName, htmlDoc.GetInputValueByName("full_name"))
	assert.Equal(t, u.Email, htmlDoc.GetInputValueByName("email"))
}

func TestLDAPUserSync(t *testing.T) {
	if skipLDAPTests() {
		t.Skip()
		return
	}
	defer prepareTestEnv(t)()
	addAuthSourceLDAP(t, "")
	models.SyncExternalUsers()

	session := loginUser(t, "user1")
	// Check if users exists
	for _, u := range gitLDAPUsers {
		req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)
		resp := session.MakeRequest(t, req, http.StatusOK)

		htmlDoc := NewHTMLParser(t, resp.Body)

		tr := htmlDoc.doc.Find("table.table tbody tr")
		if !assert.True(t, tr.Length() == 1) {
			continue
		}
		tds := tr.Find("td")
		if !assert.True(t, tds.Length() > 0) {
			continue
		}
		assert.Equal(t, u.UserName, strings.TrimSpace(tds.Find("td:nth-child(2) a").Text()))
		assert.Equal(t, u.Email, strings.TrimSpace(tds.Find("td:nth-child(3) span").Text()))
		if u.IsAdmin {
			assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-check-square-o"))
		} else {
			assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-square-o"))
		}
	}

	// Check if no users exist
	for _, u := range otherLDAPUsers {
		req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)
		resp := session.MakeRequest(t, req, http.StatusOK)

		htmlDoc := NewHTMLParser(t, resp.Body)

		tr := htmlDoc.doc.Find("table.table tbody tr")
		assert.True(t, tr.Length() == 0)
	}
}

func TestLDAPUserSigninFailed(t *testing.T) {
	if skipLDAPTests() {
		t.Skip()
		return
	}
	defer prepareTestEnv(t)()
	addAuthSourceLDAP(t, "")

	u := otherLDAPUsers[0]

	testLoginFailed(t, u.UserName, u.Password, i18n.Tr("en", "form.username_password_incorrect"))
}

func TestLDAPUserSSHKeySync(t *testing.T) {
	if skipLDAPTests() {
		t.Skip()
		return
	}
	defer prepareTestEnv(t)()
	addAuthSourceLDAP(t, "sshPublicKey")
	models.SyncExternalUsers()

	// Check if users has SSH keys synced
	for _, u := range gitLDAPUsers {
		if len(u.SSHKeys) == 0 {
			continue
		}
		session := loginUserWithPassword(t, u.UserName, u.Password)

		req := NewRequest(t, "GET", "/user/settings/keys")
		resp := session.MakeRequest(t, req, http.StatusOK)

		htmlDoc := NewHTMLParser(t, resp.Body)

		divs := htmlDoc.doc.Find(".key.list .print.meta")

		syncedKeys := make([]string, divs.Length())
		for i := 0; i < divs.Length(); i++ {
			syncedKeys[i] = strings.TrimSpace(divs.Eq(i).Text())
		}

		assert.ElementsMatch(t, u.SSHKeys, syncedKeys)
	}
}
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00			`// Copyright 2018 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package integrations`

			`import (`
			`"net/http"`
			`"os"`
			`"strings"`
			`"testing"`

			`"code.gitea.io/gitea/models"`

			`"github.com/stretchr/testify/assert"`
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com> 2019-08-23 19:40:30 +03:00			`"github.com/unknwon/i18n"`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00			`)`

			`type ldapUser struct {`
			`UserName string`
			`Password string`
			`FullName string`
			`Email string`
			`OtherEmails []string`
			`IsAdmin bool`
			`SSHKeys []string`
			`}`

			`var gitLDAPUsers = []ldapUser{`
			`{`
			`UserName: "professor",`
			`Password: "professor",`
			`FullName: "Hubert Farnsworth",`
			`Email: "professor@planetexpress.com",`
			`OtherEmails: []string{"hubert@planetexpress.com"},`
			`IsAdmin: true,`
			`},`
			`{`
			`UserName: "hermes",`
			`Password: "hermes",`
			`FullName: "Conrad Hermes",`
			`Email: "hermes@planetexpress.com",`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`SSHKeys: []string{`
			`"SHA256:qLY06smKfHoW/92yXySpnxFR10QFrLdRjf/GNPvwcW8",`
			`"SHA256:QlVTuM5OssDatqidn2ffY+Lc4YA5Fs78U+0KOHI51jQ",`
Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094) * Fix issue where ecdsa and other key types are not synced from LDAP authentication provider fixes #5092 * integrations/auth_ldap_test.go: Add Hermes Conrad new ecdsa-sha2-nistp256 publickey fingerprint * integrations/auth_ldap_test.go: Use ssh-keygen -lf <filename> -E sha256 2018-10-31 03:08:30 +03:00			`"SHA256:DXdeUKYOJCSSmClZuwrb60hUq7367j4fA+udNC3FdRI",`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`},`
			`IsAdmin: true,`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00			`},`
			`{`
			`UserName: "fry",`
			`Password: "fry",`
			`FullName: "Philip Fry",`
			`Email: "fry@planetexpress.com",`
			`},`
			`{`
			`UserName: "leela",`
			`Password: "leela",`
			`FullName: "Leela Turanga",`
			`Email: "leela@planetexpress.com",`
			`},`
			`{`
			`UserName: "bender",`
			`Password: "bender",`
			`FullName: "Bender Rodríguez",`
			`Email: "bender@planetexpress.com",`
			`},`
			`}`

			`var otherLDAPUsers = []ldapUser{`
			`{`
			`UserName: "zoidberg",`
			`Password: "zoidberg",`
			`FullName: "John Zoidberg",`
			`Email: "zoidberg@planetexpress.com",`
			`},`
			`{`
			`UserName: "amy",`
			`Password: "amy",`
			`FullName: "Amy Kroker",`
			`Email: "amy@planetexpress.com",`
			`},`
			`}`

			`func skipLDAPTests() bool {`
			`return os.Getenv("TEST_LDAP") != "1"`
			`}`

			`func getLDAPServerHost() string {`
			`host := os.Getenv("TEST_LDAP_HOST")`
			`if len(host) == 0 {`
			`host = "ldap"`
			`}`
			`return host`
			`}`

LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`func addAuthSourceLDAP(t *testing.T, sshKeyAttribute string) {`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00			`session := loginUser(t, "user1")`
			`csrf := GetCSRF(t, session, "/admin/auths/new")`
			`req := NewRequestWithValues(t, "POST", "/admin/auths/new", map[string]string{`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`"_csrf": csrf,`
			`"type": "2",`
			`"name": "ldap",`
			`"host": getLDAPServerHost(),`
			`"port": "389",`
			`"bind_dn": "uid=gitea,ou=service,dc=planetexpress,dc=com",`
			`"bind_password": "password",`
			`"user_base": "ou=people,dc=planetexpress,dc=com",`
			`"filter": "(&(objectClass=inetOrgPerson)(memberOf=cn=git,ou=people,dc=planetexpress,dc=com)(uid=%s))",`
			`"admin_filter": "(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)",`
			`"attribute_username": "uid",`
			`"attribute_name": "givenName",`
			`"attribute_surname": "sn",`
			`"attribute_mail": "mail",`
			`"attribute_ssh_public_key": sshKeyAttribute,`
			`"is_sync_enabled": "on",`
			`"is_active": "on",`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00			`})`
			`session.MakeRequest(t, req, http.StatusFound)`
			`}`

			`func TestLDAPUserSignin(t *testing.T) {`
			`if skipLDAPTests() {`
			`t.Skip()`
			`return`
			`}`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-26 02:21:37 +03:00			`defer prepareTestEnv(t)()`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`addAuthSourceLDAP(t, "")`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00
			`u := gitLDAPUsers[0]`

			`session := loginUserWithPassword(t, u.UserName, u.Password)`
			`req := NewRequest(t, "GET", "/user/settings")`
			`resp := session.MakeRequest(t, req, http.StatusOK)`

			`htmlDoc := NewHTMLParser(t, resp.Body)`

			`assert.Equal(t, u.UserName, htmlDoc.GetInputValueByName("name"))`
			`assert.Equal(t, u.FullName, htmlDoc.GetInputValueByName("full_name"))`
			`assert.Equal(t, u.Email, htmlDoc.GetInputValueByName("email"))`
			`}`

			`func TestLDAPUserSync(t *testing.T) {`
			`if skipLDAPTests() {`
			`t.Skip()`
			`return`
			`}`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-26 02:21:37 +03:00			`defer prepareTestEnv(t)()`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`addAuthSourceLDAP(t, "")`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00			`models.SyncExternalUsers()`

			`session := loginUser(t, "user1")`
			`// Check if users exists`
			`for _, u := range gitLDAPUsers {`
			`req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)`
			`resp := session.MakeRequest(t, req, http.StatusOK)`

			`htmlDoc := NewHTMLParser(t, resp.Body)`

			`tr := htmlDoc.doc.Find("table.table tbody tr")`
			`if !assert.True(t, tr.Length() == 1) {`
			`continue`
			`}`
			`tds := tr.Find("td")`
			`if !assert.True(t, tds.Length() > 0) {`
			`continue`
			`}`
			`assert.Equal(t, u.UserName, strings.TrimSpace(tds.Find("td:nth-child(2) a").Text()))`
			`assert.Equal(t, u.Email, strings.TrimSpace(tds.Find("td:nth-child(3) span").Text()))`
			`if u.IsAdmin {`
			`assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-check-square-o"))`
			`} else {`
			`assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-square-o"))`
			`}`
			`}`

			`// Check if no users exist`
			`for _, u := range otherLDAPUsers {`
			`req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)`
			`resp := session.MakeRequest(t, req, http.StatusOK)`

			`htmlDoc := NewHTMLParser(t, resp.Body)`

			`tr := htmlDoc.doc.Find("table.table tbody tr")`
			`assert.True(t, tr.Length() == 0)`
			`}`
			`}`

			`func TestLDAPUserSigninFailed(t *testing.T) {`
			`if skipLDAPTests() {`
			`t.Skip()`
			`return`
			`}`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-26 02:21:37 +03:00			`defer prepareTestEnv(t)()`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`addAuthSourceLDAP(t, "")`
Add LDAP integration tests (#3897) * Add LDAP service for tests * Add LDAP login source and test user sign-in * Add checks to test if user data is correct * Add LDAP user sync test * Add failed user sign-in test 2018-05-11 10:55:32 +03:00
			`u := otherLDAPUsers[0]`

			`testLoginFailed(t, u.UserName, u.Password, i18n.Tr("en", "form.username_password_incorrect"))`
			`}`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00
			`func TestLDAPUserSSHKeySync(t *testing.T) {`
			`if skipLDAPTests() {`
			`t.Skip()`
			`return`
			`}`
Fix "data race" in testlogger (#9159) * Fix data race in testlogger * Update git_helper_for_declarative_test.go 2019-11-26 02:21:37 +03:00			`defer prepareTestEnv(t)()`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify) 2018-05-24 07:59:02 +03:00			`addAuthSourceLDAP(t, "sshPublicKey")`
			`models.SyncExternalUsers()`

			`// Check if users has SSH keys synced`
			`for _, u := range gitLDAPUsers {`
			`if len(u.SSHKeys) == 0 {`
			`continue`
			`}`
			`session := loginUserWithPassword(t, u.UserName, u.Password)`

			`req := NewRequest(t, "GET", "/user/settings/keys")`
			`resp := session.MakeRequest(t, req, http.StatusOK)`

			`htmlDoc := NewHTMLParser(t, resp.Body)`

			`divs := htmlDoc.doc.Find(".key.list .print.meta")`

			`syncedKeys := make([]string, divs.Length())`
			`for i := 0; i < divs.Length(); i++ {`
			`syncedKeys[i] = strings.TrimSpace(divs.Eq(i).Text())`
			`}`

			`assert.ElementsMatch(t, u.SSHKeys, syncedKeys)`
			`}`
			`}`