You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

232 lines
5.8 KiB

  1. // Copyright 2018 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "net/http"
  7. "os"
  8. "strings"
  9. "testing"
  10. "code.gitea.io/gitea/models"
  11. "github.com/Unknwon/i18n"
  12. "github.com/stretchr/testify/assert"
  13. )
  14. type ldapUser struct {
  15. UserName string
  16. Password string
  17. FullName string
  18. Email string
  19. OtherEmails []string
  20. IsAdmin bool
  21. SSHKeys []string
  22. }
  23. var gitLDAPUsers = []ldapUser{
  24. {
  25. UserName: "professor",
  26. Password: "professor",
  27. FullName: "Hubert Farnsworth",
  28. Email: "professor@planetexpress.com",
  29. OtherEmails: []string{"hubert@planetexpress.com"},
  30. IsAdmin: true,
  31. },
  32. {
  33. UserName: "hermes",
  34. Password: "hermes",
  35. FullName: "Conrad Hermes",
  36. Email: "hermes@planetexpress.com",
  37. SSHKeys: []string{
  38. "SHA256:qLY06smKfHoW/92yXySpnxFR10QFrLdRjf/GNPvwcW8",
  39. "SHA256:QlVTuM5OssDatqidn2ffY+Lc4YA5Fs78U+0KOHI51jQ",
  40. "SHA256:DXdeUKYOJCSSmClZuwrb60hUq7367j4fA+udNC3FdRI",
  41. },
  42. IsAdmin: true,
  43. },
  44. {
  45. UserName: "fry",
  46. Password: "fry",
  47. FullName: "Philip Fry",
  48. Email: "fry@planetexpress.com",
  49. },
  50. {
  51. UserName: "leela",
  52. Password: "leela",
  53. FullName: "Leela Turanga",
  54. Email: "leela@planetexpress.com",
  55. },
  56. {
  57. UserName: "bender",
  58. Password: "bender",
  59. FullName: "Bender Rodríguez",
  60. Email: "bender@planetexpress.com",
  61. },
  62. }
  63. var otherLDAPUsers = []ldapUser{
  64. {
  65. UserName: "zoidberg",
  66. Password: "zoidberg",
  67. FullName: "John Zoidberg",
  68. Email: "zoidberg@planetexpress.com",
  69. },
  70. {
  71. UserName: "amy",
  72. Password: "amy",
  73. FullName: "Amy Kroker",
  74. Email: "amy@planetexpress.com",
  75. },
  76. }
  77. func skipLDAPTests() bool {
  78. return os.Getenv("TEST_LDAP") != "1"
  79. }
  80. func getLDAPServerHost() string {
  81. host := os.Getenv("TEST_LDAP_HOST")
  82. if len(host) == 0 {
  83. host = "ldap"
  84. }
  85. return host
  86. }
  87. func addAuthSourceLDAP(t *testing.T, sshKeyAttribute string) {
  88. session := loginUser(t, "user1")
  89. csrf := GetCSRF(t, session, "/admin/auths/new")
  90. req := NewRequestWithValues(t, "POST", "/admin/auths/new", map[string]string{
  91. "_csrf": csrf,
  92. "type": "2",
  93. "name": "ldap",
  94. "host": getLDAPServerHost(),
  95. "port": "389",
  96. "bind_dn": "uid=gitea,ou=service,dc=planetexpress,dc=com",
  97. "bind_password": "password",
  98. "user_base": "ou=people,dc=planetexpress,dc=com",
  99. "filter": "(&(objectClass=inetOrgPerson)(memberOf=cn=git,ou=people,dc=planetexpress,dc=com)(uid=%s))",
  100. "admin_filter": "(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)",
  101. "attribute_username": "uid",
  102. "attribute_name": "givenName",
  103. "attribute_surname": "sn",
  104. "attribute_mail": "mail",
  105. "attribute_ssh_public_key": sshKeyAttribute,
  106. "is_sync_enabled": "on",
  107. "is_active": "on",
  108. })
  109. session.MakeRequest(t, req, http.StatusFound)
  110. }
  111. func TestLDAPUserSignin(t *testing.T) {
  112. if skipLDAPTests() {
  113. t.Skip()
  114. return
  115. }
  116. prepareTestEnv(t)
  117. addAuthSourceLDAP(t, "")
  118. u := gitLDAPUsers[0]
  119. session := loginUserWithPassword(t, u.UserName, u.Password)
  120. req := NewRequest(t, "GET", "/user/settings")
  121. resp := session.MakeRequest(t, req, http.StatusOK)
  122. htmlDoc := NewHTMLParser(t, resp.Body)
  123. assert.Equal(t, u.UserName, htmlDoc.GetInputValueByName("name"))
  124. assert.Equal(t, u.FullName, htmlDoc.GetInputValueByName("full_name"))
  125. assert.Equal(t, u.Email, htmlDoc.GetInputValueByName("email"))
  126. }
  127. func TestLDAPUserSync(t *testing.T) {
  128. if skipLDAPTests() {
  129. t.Skip()
  130. return
  131. }
  132. prepareTestEnv(t)
  133. addAuthSourceLDAP(t, "")
  134. models.SyncExternalUsers()
  135. session := loginUser(t, "user1")
  136. // Check if users exists
  137. for _, u := range gitLDAPUsers {
  138. req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)
  139. resp := session.MakeRequest(t, req, http.StatusOK)
  140. htmlDoc := NewHTMLParser(t, resp.Body)
  141. tr := htmlDoc.doc.Find("table.table tbody tr")
  142. if !assert.True(t, tr.Length() == 1) {
  143. continue
  144. }
  145. tds := tr.Find("td")
  146. if !assert.True(t, tds.Length() > 0) {
  147. continue
  148. }
  149. assert.Equal(t, u.UserName, strings.TrimSpace(tds.Find("td:nth-child(2) a").Text()))
  150. assert.Equal(t, u.Email, strings.TrimSpace(tds.Find("td:nth-child(3) span").Text()))
  151. if u.IsAdmin {
  152. assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-check-square-o"))
  153. } else {
  154. assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-square-o"))
  155. }
  156. }
  157. // Check if no users exist
  158. for _, u := range otherLDAPUsers {
  159. req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)
  160. resp := session.MakeRequest(t, req, http.StatusOK)
  161. htmlDoc := NewHTMLParser(t, resp.Body)
  162. tr := htmlDoc.doc.Find("table.table tbody tr")
  163. assert.True(t, tr.Length() == 0)
  164. }
  165. }
  166. func TestLDAPUserSigninFailed(t *testing.T) {
  167. if skipLDAPTests() {
  168. t.Skip()
  169. return
  170. }
  171. prepareTestEnv(t)
  172. addAuthSourceLDAP(t, "")
  173. u := otherLDAPUsers[0]
  174. testLoginFailed(t, u.UserName, u.Password, i18n.Tr("en", "form.username_password_incorrect"))
  175. }
  176. func TestLDAPUserSSHKeySync(t *testing.T) {
  177. if skipLDAPTests() {
  178. t.Skip()
  179. return
  180. }
  181. prepareTestEnv(t)
  182. addAuthSourceLDAP(t, "sshPublicKey")
  183. models.SyncExternalUsers()
  184. // Check if users has SSH keys synced
  185. for _, u := range gitLDAPUsers {
  186. if len(u.SSHKeys) == 0 {
  187. continue
  188. }
  189. session := loginUserWithPassword(t, u.UserName, u.Password)
  190. req := NewRequest(t, "GET", "/user/settings/keys")
  191. resp := session.MakeRequest(t, req, http.StatusOK)
  192. htmlDoc := NewHTMLParser(t, resp.Body)
  193. divs := htmlDoc.doc.Find(".key.list .print.meta")
  194. syncedKeys := make([]string, divs.Length())
  195. for i := 0; i < divs.Length(); i++ {
  196. syncedKeys[i] = strings.TrimSpace(divs.Eq(i).Text())
  197. }
  198. assert.ElementsMatch(t, u.SSHKeys, syncedKeys)
  199. }
  200. }