2018-05-11 10:55:32 +03:00
// Copyright 2018 The Gitea Authors. All rights reserved.
2022-11-27 21:20:29 +03:00
// SPDX-License-Identifier: MIT
2018-05-11 10:55:32 +03:00
2022-09-02 22:18:23 +03:00
package integration
2018-05-11 10:55:32 +03:00
import (
2019-12-15 12:51:28 +03:00
"context"
2018-05-11 10:55:32 +03:00
"net/http"
"os"
"strings"
"testing"
2022-02-11 17:24:58 +03:00
"code.gitea.io/gitea/models"
2023-02-02 10:45:00 +03:00
auth_model "code.gitea.io/gitea/models/auth"
2022-03-29 09:29:02 +03:00
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization"
2022-02-11 17:24:58 +03:00
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
2022-06-26 17:19:22 +03:00
"code.gitea.io/gitea/modules/translation"
2021-07-24 13:16:34 +03:00
"code.gitea.io/gitea/services/auth"
2023-02-02 10:45:00 +03:00
"code.gitea.io/gitea/services/auth/source/ldap"
2022-09-02 22:18:23 +03:00
"code.gitea.io/gitea/tests"
2018-05-11 10:55:32 +03:00
"github.com/stretchr/testify/assert"
)
type ldapUser struct {
2020-03-05 09:30:33 +03:00
UserName string
Password string
FullName string
Email string
OtherEmails [ ] string
IsAdmin bool
IsRestricted bool
SSHKeys [ ] string
2018-05-11 10:55:32 +03:00
}
var gitLDAPUsers = [ ] ldapUser {
{
UserName : "professor" ,
Password : "professor" ,
FullName : "Hubert Farnsworth" ,
Email : "professor@planetexpress.com" ,
OtherEmails : [ ] string { "hubert@planetexpress.com" } ,
IsAdmin : true ,
} ,
{
UserName : "hermes" ,
Password : "hermes" ,
FullName : "Conrad Hermes" ,
Email : "hermes@planetexpress.com" ,
2018-05-24 07:59:02 +03:00
SSHKeys : [ ] string {
"SHA256:qLY06smKfHoW/92yXySpnxFR10QFrLdRjf/GNPvwcW8" ,
"SHA256:QlVTuM5OssDatqidn2ffY+Lc4YA5Fs78U+0KOHI51jQ" ,
2018-10-31 03:08:30 +03:00
"SHA256:DXdeUKYOJCSSmClZuwrb60hUq7367j4fA+udNC3FdRI" ,
2018-05-24 07:59:02 +03:00
} ,
IsAdmin : true ,
2018-05-11 10:55:32 +03:00
} ,
{
UserName : "fry" ,
Password : "fry" ,
FullName : "Philip Fry" ,
Email : "fry@planetexpress.com" ,
} ,
{
2020-03-05 09:30:33 +03:00
UserName : "leela" ,
Password : "leela" ,
FullName : "Leela Turanga" ,
Email : "leela@planetexpress.com" ,
IsRestricted : true ,
2018-05-11 10:55:32 +03:00
} ,
{
UserName : "bender" ,
Password : "bender" ,
FullName : "Bender Rodríguez" ,
Email : "bender@planetexpress.com" ,
} ,
}
var otherLDAPUsers = [ ] ldapUser {
{
UserName : "zoidberg" ,
Password : "zoidberg" ,
FullName : "John Zoidberg" ,
Email : "zoidberg@planetexpress.com" ,
} ,
{
UserName : "amy" ,
Password : "amy" ,
FullName : "Amy Kroker" ,
Email : "amy@planetexpress.com" ,
} ,
}
func skipLDAPTests ( ) bool {
return os . Getenv ( "TEST_LDAP" ) != "1"
}
func getLDAPServerHost ( ) string {
host := os . Getenv ( "TEST_LDAP_HOST" )
if len ( host ) == 0 {
host = "ldap"
}
return host
}
2023-02-02 10:45:00 +03:00
func getLDAPServerPort ( ) string {
port := os . Getenv ( "TEST_LDAP_PORT" )
if len ( port ) == 0 {
port = "389"
}
return port
}
2023-02-08 09:44:42 +03:00
func buildAuthSourceLDAPPayload ( csrf , sshKeyAttribute , groupFilter , groupTeamMap , groupTeamMapRemoval string ) map [ string ] string {
2023-02-02 10:45:00 +03:00
// Modify user filter to test group filter explicitly
userFilter := "(&(objectClass=inetOrgPerson)(memberOf=cn=git,ou=people,dc=planetexpress,dc=com)(uid=%s))"
if groupFilter != "" {
userFilter = "(&(objectClass=inetOrgPerson)(uid=%s))"
}
2023-02-08 09:44:42 +03:00
return map [ string ] string {
2018-05-24 07:59:02 +03:00
"_csrf" : csrf ,
"type" : "2" ,
"name" : "ldap" ,
"host" : getLDAPServerHost ( ) ,
2023-02-02 10:45:00 +03:00
"port" : getLDAPServerPort ( ) ,
2018-05-24 07:59:02 +03:00
"bind_dn" : "uid=gitea,ou=service,dc=planetexpress,dc=com" ,
"bind_password" : "password" ,
"user_base" : "ou=people,dc=planetexpress,dc=com" ,
2023-02-02 10:45:00 +03:00
"filter" : userFilter ,
2018-05-24 07:59:02 +03:00
"admin_filter" : "(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)" ,
2020-03-05 09:30:33 +03:00
"restricted_filter" : "(uid=leela)" ,
2018-05-24 07:59:02 +03:00
"attribute_username" : "uid" ,
"attribute_name" : "givenName" ,
"attribute_surname" : "sn" ,
"attribute_mail" : "mail" ,
"attribute_ssh_public_key" : sshKeyAttribute ,
"is_sync_enabled" : "on" ,
"is_active" : "on" ,
2022-02-11 17:24:58 +03:00
"groups_enabled" : "on" ,
"group_dn" : "ou=people,dc=planetexpress,dc=com" ,
"group_member_uid" : "member" ,
2023-02-02 10:45:00 +03:00
"group_filter" : groupFilter ,
2022-02-11 17:24:58 +03:00
"group_team_map" : groupTeamMap ,
"group_team_map_removal" : groupTeamMapRemoval ,
"user_uid" : "DN" ,
2023-02-08 09:44:42 +03:00
}
}
func addAuthSourceLDAP ( t * testing . T , sshKeyAttribute , groupFilter string , groupMapParams ... string ) {
groupTeamMapRemoval := "off"
groupTeamMap := ""
if len ( groupMapParams ) == 2 {
groupTeamMapRemoval = groupMapParams [ 0 ]
groupTeamMap = groupMapParams [ 1 ]
}
session := loginUser ( t , "user1" )
csrf := GetCSRF ( t , session , "/admin/auths/new" )
req := NewRequestWithValues ( t , "POST" , "/admin/auths/new" , buildAuthSourceLDAPPayload ( csrf , sshKeyAttribute , groupFilter , groupTeamMap , groupTeamMapRemoval ) )
2022-03-23 07:54:07 +03:00
session . MakeRequest ( t , req , http . StatusSeeOther )
2018-05-11 10:55:32 +03:00
}
func TestLDAPUserSignin ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "" , "" )
2018-05-11 10:55:32 +03:00
u := gitLDAPUsers [ 0 ]
session := loginUserWithPassword ( t , u . UserName , u . Password )
req := NewRequest ( t , "GET" , "/user/settings" )
resp := session . MakeRequest ( t , req , http . StatusOK )
htmlDoc := NewHTMLParser ( t , resp . Body )
assert . Equal ( t , u . UserName , htmlDoc . GetInputValueByName ( "name" ) )
assert . Equal ( t , u . FullName , htmlDoc . GetInputValueByName ( "full_name" ) )
2020-10-29 01:33:14 +03:00
assert . Equal ( t , u . Email , htmlDoc . Find ( ` label[for="email"] ` ) . Siblings ( ) . First ( ) . Text ( ) )
2018-05-11 10:55:32 +03:00
}
2021-07-20 14:30:22 +03:00
func TestLDAPAuthChange ( t * testing . T ) {
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "" , "" )
2021-07-20 14:30:22 +03:00
session := loginUser ( t , "user1" )
req := NewRequest ( t , "GET" , "/admin/auths" )
resp := session . MakeRequest ( t , req , http . StatusOK )
doc := NewHTMLParser ( t , resp . Body )
href , exists := doc . Find ( "table.table td a" ) . Attr ( "href" )
if ! exists {
assert . True ( t , exists , "No authentication source found" )
return
}
req = NewRequest ( t , "GET" , href )
resp = session . MakeRequest ( t , req , http . StatusOK )
doc = NewHTMLParser ( t , resp . Body )
csrf := doc . GetCSRF ( )
host , _ := doc . Find ( ` input[name="host"] ` ) . Attr ( "value" )
assert . Equal ( t , host , getLDAPServerHost ( ) )
binddn , _ := doc . Find ( ` input[name="bind_dn"] ` ) . Attr ( "value" )
2023-04-23 00:56:27 +03:00
assert . Equal ( t , "uid=gitea,ou=service,dc=planetexpress,dc=com" , binddn )
2021-07-20 14:30:22 +03:00
2023-02-08 09:44:42 +03:00
req = NewRequestWithValues ( t , "POST" , href , buildAuthSourceLDAPPayload ( csrf , "" , "" , "" , "off" ) )
2022-03-23 07:54:07 +03:00
session . MakeRequest ( t , req , http . StatusSeeOther )
2021-07-20 14:30:22 +03:00
req = NewRequest ( t , "GET" , href )
resp = session . MakeRequest ( t , req , http . StatusOK )
doc = NewHTMLParser ( t , resp . Body )
host , _ = doc . Find ( ` input[name="host"] ` ) . Attr ( "value" )
assert . Equal ( t , host , getLDAPServerHost ( ) )
binddn , _ = doc . Find ( ` input[name="bind_dn"] ` ) . Attr ( "value" )
2023-04-23 00:56:27 +03:00
assert . Equal ( t , "uid=gitea,ou=service,dc=planetexpress,dc=com" , binddn )
2021-07-20 14:30:22 +03:00
}
2018-05-11 10:55:32 +03:00
func TestLDAPUserSync ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "" , "" )
2021-07-24 13:16:34 +03:00
auth . SyncExternalUsers ( context . Background ( ) , true )
2018-05-11 10:55:32 +03:00
// Check if users exists
2023-07-22 13:54:48 +03:00
for _ , gitLDAPUser := range gitLDAPUsers {
dbUser , err := user_model . GetUserByName ( db . DefaultContext , gitLDAPUser . UserName )
assert . NoError ( t , err )
assert . Equal ( t , gitLDAPUser . UserName , dbUser . Name )
assert . Equal ( t , gitLDAPUser . Email , dbUser . Email )
assert . Equal ( t , gitLDAPUser . IsAdmin , dbUser . IsAdmin )
assert . Equal ( t , gitLDAPUser . IsRestricted , dbUser . IsRestricted )
2018-05-11 10:55:32 +03:00
}
// Check if no users exist
2023-07-22 13:54:48 +03:00
for _ , otherLDAPUser := range otherLDAPUsers {
_ , err := user_model . GetUserByName ( db . DefaultContext , otherLDAPUser . UserName )
assert . True ( t , user_model . IsErrUserNotExist ( err ) )
2018-05-11 10:55:32 +03:00
}
}
2023-06-20 06:04:13 +03:00
func TestLDAPUserSyncWithEmptyUsernameAttribute ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
defer tests . PrepareTestEnv ( t ) ( )
session := loginUser ( t , "user1" )
csrf := GetCSRF ( t , session , "/admin/auths/new" )
payload := buildAuthSourceLDAPPayload ( csrf , "" , "" , "" , "" )
payload [ "attribute_username" ] = ""
req := NewRequestWithValues ( t , "POST" , "/admin/auths/new" , payload )
session . MakeRequest ( t , req , http . StatusSeeOther )
for _ , u := range gitLDAPUsers {
req := NewRequest ( t , "GET" , "/admin/users?q=" + u . UserName )
resp := session . MakeRequest ( t , req , http . StatusOK )
htmlDoc := NewHTMLParser ( t , resp . Body )
tr := htmlDoc . doc . Find ( "table.table tbody tr" )
assert . True ( t , tr . Length ( ) == 0 )
}
for _ , u := range gitLDAPUsers {
req := NewRequestWithValues ( t , "POST" , "/user/login" , map [ string ] string {
"_csrf" : csrf ,
"user_name" : u . UserName ,
"password" : u . Password ,
} )
MakeRequest ( t , req , http . StatusSeeOther )
}
auth . SyncExternalUsers ( context . Background ( ) , true )
authSource := unittest . AssertExistsAndLoadBean ( t , & auth_model . Source {
Name : payload [ "name" ] ,
} )
unittest . AssertCount ( t , & user_model . User {
LoginType : auth_model . LDAP ,
LoginSource : authSource . ID ,
} , len ( gitLDAPUsers ) )
for _ , u := range gitLDAPUsers {
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User {
Name : u . UserName ,
} )
assert . True ( t , user . IsActive )
}
}
2023-02-02 10:45:00 +03:00
func TestLDAPUserSyncWithGroupFilter ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
defer tests . PrepareTestEnv ( t ) ( )
addAuthSourceLDAP ( t , "" , "(cn=git)" )
// Assert a user not a member of the LDAP group "cn=git" cannot login
// This test may look like TestLDAPUserSigninFailed but it is not.
// The later test uses user filter containing group membership filter (memberOf)
// This test is for the case when LDAP user records may not be linked with
// all groups the user is a member of, the user filter is modified accordingly inside
// the addAuthSourceLDAP based on the value of the groupFilter
u := otherLDAPUsers [ 0 ]
testLoginFailed ( t , u . UserName , u . Password , translation . NewLocale ( "en-US" ) . Tr ( "form.username_password_incorrect" ) )
auth . SyncExternalUsers ( context . Background ( ) , true )
// Assert members of LDAP group "cn=git" are added
for _ , gitLDAPUser := range gitLDAPUsers {
unittest . BeanExists ( t , & user_model . User {
Name : gitLDAPUser . UserName ,
} )
}
// Assert everyone else is not added
for _ , gitLDAPUser := range otherLDAPUsers {
unittest . AssertNotExistsBean ( t , & user_model . User {
Name : gitLDAPUser . UserName ,
} )
}
ldapSource := unittest . AssertExistsAndLoadBean ( t , & auth_model . Source {
Name : "ldap" ,
} )
ldapConfig := ldapSource . Cfg . ( * ldap . Source )
ldapConfig . GroupFilter = "(cn=ship_crew)"
2023-10-11 07:24:07 +03:00
auth_model . UpdateSource ( db . DefaultContext , ldapSource )
2023-02-02 10:45:00 +03:00
auth . SyncExternalUsers ( context . Background ( ) , true )
for _ , gitLDAPUser := range gitLDAPUsers {
if gitLDAPUser . UserName == "fry" || gitLDAPUser . UserName == "leela" || gitLDAPUser . UserName == "bender" {
// Assert members of the LDAP group "cn-ship_crew" are still active
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User {
Name : gitLDAPUser . UserName ,
} )
assert . True ( t , user . IsActive , "User %s should be active" , gitLDAPUser . UserName )
} else {
// Assert everyone else is inactive
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User {
Name : gitLDAPUser . UserName ,
} )
assert . False ( t , user . IsActive , "User %s should be inactive" , gitLDAPUser . UserName )
}
}
}
2018-05-11 10:55:32 +03:00
func TestLDAPUserSigninFailed ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "" , "" )
2018-05-11 10:55:32 +03:00
u := otherLDAPUsers [ 0 ]
2022-06-26 17:19:22 +03:00
testLoginFailed ( t , u . UserName , u . Password , translation . NewLocale ( "en-US" ) . Tr ( "form.username_password_incorrect" ) )
2018-05-11 10:55:32 +03:00
}
2018-05-24 07:59:02 +03:00
func TestLDAPUserSSHKeySync ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "sshPublicKey" , "" )
2019-12-15 12:51:28 +03:00
2021-07-24 13:16:34 +03:00
auth . SyncExternalUsers ( context . Background ( ) , true )
2018-05-24 07:59:02 +03:00
// Check if users has SSH keys synced
for _ , u := range gitLDAPUsers {
if len ( u . SSHKeys ) == 0 {
continue
}
session := loginUserWithPassword ( t , u . UserName , u . Password )
req := NewRequest ( t , "GET" , "/user/settings/keys" )
resp := session . MakeRequest ( t , req , http . StatusOK )
htmlDoc := NewHTMLParser ( t , resp . Body )
2023-08-01 01:13:42 +03:00
divs := htmlDoc . doc . Find ( "#keys-ssh .flex-item .flex-item-body:not(:last-child)" )
2018-05-24 07:59:02 +03:00
syncedKeys := make ( [ ] string , divs . Length ( ) )
for i := 0 ; i < divs . Length ( ) ; i ++ {
syncedKeys [ i ] = strings . TrimSpace ( divs . Eq ( i ) . Text ( ) )
}
2020-12-18 20:44:18 +03:00
assert . ElementsMatch ( t , u . SSHKeys , syncedKeys , "Unequal number of keys synchronized for user: %s" , u . UserName )
2018-05-24 07:59:02 +03:00
}
}
2022-02-11 17:24:58 +03:00
func TestLDAPGroupTeamSyncAddMember ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "" , "" , "on" , ` { "cn=ship_crew,ou=people,dc=planetexpress,dc=com": { "org26": ["team11"]},"cn=admin_staff,ou=people,dc=planetexpress,dc=com": { "non-existent": ["non-existent"]}} ` )
2023-02-08 09:44:42 +03:00
org , err := organization . GetOrgByName ( db . DefaultContext , "org26" )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
2022-05-20 17:08:52 +03:00
team , err := organization . GetTeam ( db . DefaultContext , org . ID , "team11" )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
auth . SyncExternalUsers ( context . Background ( ) , true )
for _ , gitLDAPUser := range gitLDAPUsers {
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User {
Name : gitLDAPUser . UserName ,
2022-08-16 05:22:25 +03:00
} )
2023-10-03 13:30:41 +03:00
usersOrgs , err := organization . FindOrgs ( db . DefaultContext , organization . FindOrgOptions {
2022-02-11 17:24:58 +03:00
UserID : user . ID ,
IncludePrivate : true ,
} )
assert . NoError ( t , err )
2022-03-29 09:29:02 +03:00
allOrgTeams , err := organization . GetUserOrgTeams ( db . DefaultContext , org . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
if user . Name == "fry" || user . Name == "leela" || user . Name == "bender" {
// assert members of LDAP group "cn=ship_crew" are added to mapped teams
2023-04-23 00:56:27 +03:00
assert . Len ( t , usersOrgs , 1 , "User [%s] should be member of one organization" , user . Name )
assert . Equal ( t , "org26" , usersOrgs [ 0 ] . Name , "Membership should be added to the right organization" )
2022-03-29 09:29:02 +03:00
isMember , err := organization . IsTeamMember ( db . DefaultContext , usersOrgs [ 0 ] . ID , team . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
assert . True ( t , isMember , "Membership should be added to the right team" )
2023-09-14 20:09:32 +03:00
err = models . RemoveTeamMember ( db . DefaultContext , team , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
2023-10-15 18:46:06 +03:00
err = models . RemoveOrgUser ( db . DefaultContext , usersOrgs [ 0 ] . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
} else {
// assert members of LDAP group "cn=admin_staff" keep initial team membership since mapped team does not exist
assert . Empty ( t , usersOrgs , "User should be member of no organization" )
2022-03-29 09:29:02 +03:00
isMember , err := organization . IsTeamMember ( db . DefaultContext , org . ID , team . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
assert . False ( t , isMember , "User should no be added to this team" )
assert . Empty ( t , allOrgTeams , "User should not be added to any team" )
}
}
}
func TestLDAPGroupTeamSyncRemoveMember ( t * testing . T ) {
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2023-02-02 10:45:00 +03:00
addAuthSourceLDAP ( t , "" , "" , "on" , ` { "cn=dispatch,ou=people,dc=planetexpress,dc=com": { "org26": ["team11"]}} ` )
2023-02-08 09:44:42 +03:00
org , err := organization . GetOrgByName ( db . DefaultContext , "org26" )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
2022-05-20 17:08:52 +03:00
team , err := organization . GetTeam ( db . DefaultContext , org . ID , "team11" )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
loginUserWithPassword ( t , gitLDAPUsers [ 0 ] . UserName , gitLDAPUsers [ 0 ] . Password )
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User {
Name : gitLDAPUsers [ 0 ] . UserName ,
2022-08-16 05:22:25 +03:00
} )
2023-10-03 13:30:41 +03:00
err = organization . AddOrgUser ( db . DefaultContext , org . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
2023-09-14 20:09:32 +03:00
err = models . AddTeamMember ( db . DefaultContext , team , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
2022-03-29 09:29:02 +03:00
isMember , err := organization . IsOrganizationMember ( db . DefaultContext , org . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
assert . True ( t , isMember , "User should be member of this organization" )
2022-03-29 09:29:02 +03:00
isMember , err = organization . IsTeamMember ( db . DefaultContext , org . ID , team . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
assert . True ( t , isMember , "User should be member of this team" )
// assert team member "professor" gets removed from org26 team11
loginUserWithPassword ( t , gitLDAPUsers [ 0 ] . UserName , gitLDAPUsers [ 0 ] . Password )
2022-03-29 09:29:02 +03:00
isMember , err = organization . IsOrganizationMember ( db . DefaultContext , org . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
assert . False ( t , isMember , "User membership should have been removed from organization" )
2022-03-29 09:29:02 +03:00
isMember , err = organization . IsTeamMember ( db . DefaultContext , org . ID , team . ID , user . ID )
2022-02-11 17:24:58 +03:00
assert . NoError ( t , err )
assert . False ( t , isMember , "User membership should have been removed from team" )
}
2023-02-08 09:44:42 +03:00
func TestLDAPPreventInvalidGroupTeamMap ( t * testing . T ) {
2022-02-11 17:24:58 +03:00
if skipLDAPTests ( ) {
t . Skip ( )
return
}
2022-09-02 22:18:23 +03:00
defer tests . PrepareTestEnv ( t ) ( )
2022-02-11 17:24:58 +03:00
2023-02-08 09:44:42 +03:00
session := loginUser ( t , "user1" )
csrf := GetCSRF ( t , session , "/admin/auths/new" )
req := NewRequestWithValues ( t , "POST" , "/admin/auths/new" , buildAuthSourceLDAPPayload ( csrf , "" , "" , ` { "NOT_A_VALID_JSON"["MISSING_DOUBLE_POINT"]} ` , "off" ) )
session . MakeRequest ( t , req , http . StatusOK ) // StatusOK = failed, StatusSeeOther = ok
2022-02-11 17:24:58 +03:00
}