2019-04-25 04:52:08 +07:00
package validator
import (
2022-04-04 14:46:55 +07:00
"net/url"
2019-04-25 04:52:08 +07:00
"testing"
2021-08-05 11:30:00 +07:00
"time"
2019-04-25 04:52:08 +07:00
"github.com/stretchr/testify/assert"
2019-12-06 15:15:54 +07:00
"github.com/stretchr/testify/require"
2019-04-25 04:52:08 +07:00
"github.com/stretchr/testify/suite"
2020-04-05 19:37:21 +07:00
2021-08-11 08:04:35 +07:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2019-04-25 04:52:08 +07:00
)
2021-03-22 16:04:09 +07:00
func TestShouldRaiseErrorWhenBothBackendsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
backendConfig := schema . AuthenticationBackendConfiguration { }
2021-04-16 08:44:37 +07:00
backendConfig . LDAP = & schema . LDAPAuthenticationBackendConfiguration { }
2021-03-22 16:04:09 +07:00
backendConfig . File = & schema . FileAuthenticationBackendConfiguration {
Path : "/tmp" ,
}
ValidateAuthenticationBackend ( & backendConfig , validator )
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "authentication_backend: please ensure only one of the 'file' or 'ldap' backend is configured" )
2021-03-22 16:04:09 +07:00
}
func TestShouldRaiseErrorWhenNoBackendProvided ( t * testing . T ) {
2019-04-25 04:52:08 +07:00
validator := schema . NewStructValidator ( )
backendConfig := schema . AuthenticationBackendConfiguration { }
ValidateAuthenticationBackend ( & backendConfig , validator )
2020-11-27 16:59:22 +07:00
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured" )
2019-04-25 04:52:08 +07:00
}
type FileBasedAuthenticationBackend struct {
suite . Suite
2022-02-28 10:15:01 +07:00
config schema . AuthenticationBackendConfiguration
validator * schema . StructValidator
2019-04-25 04:52:08 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
2022-02-28 10:15:01 +07:00
suite . config = schema . AuthenticationBackendConfiguration { }
suite . config . File = & schema . FileAuthenticationBackendConfiguration { Path : "/a/path" , Password : & schema . PasswordConfiguration {
2020-04-11 10:54:18 +07:00
Algorithm : schema . DefaultPasswordConfiguration . Algorithm ,
Iterations : schema . DefaultPasswordConfiguration . Iterations ,
Parallelism : schema . DefaultPasswordConfiguration . Parallelism ,
Memory : schema . DefaultPasswordConfiguration . Memory ,
KeyLength : schema . DefaultPasswordConfiguration . KeyLength ,
SaltLength : schema . DefaultPasswordConfiguration . SaltLength ,
2020-03-06 08:38:02 +07:00
} }
2022-02-28 10:15:01 +07:00
suite . config . File . Password . Algorithm = schema . DefaultPasswordConfiguration . Algorithm
2019-04-25 04:52:08 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldValidateCompleteConfiguration ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2019-04-25 04:52:08 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenNoPathProvided ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Path = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: option 'path' is required" )
2019-04-25 04:52:08 +07:00
}
2020-03-06 08:38:02 +07:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenMemoryNotMoreThanEightTimesParallelism ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . Memory = 8
suite . config . File . Password . Parallelism = 2
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'memory' must at least be parallelism multiplied by 8 when using algorithm 'argon2id' with parallelism 2 it should be at least 16 but it is configured as '8'" )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultConfigurationWhenBlank ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password = & schema . PasswordConfiguration { }
2020-03-06 08:38:02 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . KeyLength )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . Parallelism )
2020-03-06 08:38:02 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-03-06 08:38:02 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-08-03 16:55:21 +07:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . KeyLength , suite . config . File . Password . KeyLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Iterations , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . SaltLength , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Algorithm , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Memory , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Parallelism , suite . config . File . Password . Parallelism )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultConfigurationWhenOnlySHA512Set ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password = & schema . PasswordConfiguration { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = "sha512"
2020-03-06 08:38:02 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-03-06 08:38:02 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-08-03 16:55:21 +07:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . KeyLength , suite . config . File . Password . KeyLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Iterations , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . SaltLength , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Algorithm , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Memory , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordSHA512Configuration . Parallelism , suite . config . File . Password . Parallelism )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenKeyLengthTooLow ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . KeyLength = 1
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'key_length' must be 16 or more when using algorithm 'argon2id' but it is configured as '1'" )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenSaltLengthTooLow ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . SaltLength = - 1
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'salt_length' must be 2 or more but it is configured a '-1'" )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenBadAlgorithmDefined ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . Algorithm = "bogus"
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'algorithm' must be either 'argon2id' or 'sha512' but it is configured as 'bogus'" )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenIterationsTooLow ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . Iterations = - 1
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'iterations' must be 1 or more but it is configured as '-1'" )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenParallelismTooLow ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . Parallelism = - 1
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'parallelism' must be 1 or more when using algorithm 'argon2id' but it is configured as '-1'" )
2020-03-06 08:38:02 +07:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultValues ( ) {
2022-02-28 10:15:01 +07:00
suite . config . File . Password . Algorithm = ""
suite . config . File . Password . Iterations = 0
suite . config . File . Password . SaltLength = 0
suite . config . File . Password . Memory = 0
suite . config . File . Password . Parallelism = 0
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Algorithm , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Iterations , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . SaltLength , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Memory , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfiguration . Parallelism , suite . config . File . Password . Parallelism )
2020-03-06 08:38:02 +07:00
}
2019-04-25 04:52:08 +07:00
func TestFileBasedAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( FileBasedAuthenticationBackend ) )
}
2021-04-16 08:44:37 +07:00
type LDAPAuthenticationBackendSuite struct {
2019-04-25 04:52:08 +07:00
suite . Suite
2022-02-28 10:15:01 +07:00
config schema . AuthenticationBackendConfiguration
validator * schema . StructValidator
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) SetupTest ( ) {
2019-04-25 04:52:08 +07:00
suite . validator = schema . NewStructValidator ( )
2022-02-28 10:15:01 +07:00
suite . config = schema . AuthenticationBackendConfiguration { }
suite . config . LDAP = & schema . LDAPAuthenticationBackendConfiguration { }
suite . config . LDAP . Implementation = schema . LDAPImplementationCustom
suite . config . LDAP . URL = testLDAPURL
suite . config . LDAP . User = testLDAPUser
suite . config . LDAP . Password = testLDAPPassword
suite . config . LDAP . BaseDN = testLDAPBaseDN
suite . config . LDAP . UsernameAttribute = "uid"
suite . config . LDAP . UsersFilter = "({username_attribute}={input})"
suite . config . LDAP . GroupsFilter = "(cn={input})"
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldValidateCompleteConfiguration ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenResetURLIsInvalid ( ) {
suite . config . PasswordReset . CustomURL = url . URL { Scheme : "ldap" , Host : "google.com" }
suite . config . DisableResetPassword = true
suite . Assert ( ) . True ( suite . config . DisableResetPassword )
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: password_reset: option 'custom_url' is configured to 'ldap://google.com' which has the scheme 'ldap' but the scheme must be either 'http' or 'https'" )
suite . Assert ( ) . True ( suite . config . DisableResetPassword )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldNotRaiseErrorWhenResetURLIsValid ( ) {
suite . config . PasswordReset . CustomURL = url . URL { Scheme : "https" , Host : "google.com" }
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldConfigureDisableResetPasswordWhenCustomURL ( ) {
suite . config . PasswordReset . CustomURL = url . URL { Scheme : "https" , Host : "google.com" }
suite . config . DisableResetPassword = true
suite . Assert ( ) . True ( suite . config . DisableResetPassword )
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . False ( suite . config . DisableResetPassword )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldValidateDefaultImplementationAndUsernameAttribute ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . Implementation = ""
suite . config . LDAP . UsernameAttribute = ""
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-03-05 11:18:31 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( schema . LDAPImplementationCustom , suite . config . LDAP . Implementation )
2021-03-05 11:18:31 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( suite . config . LDAP . UsernameAttribute , schema . DefaultLDAPAuthenticationBackendConfiguration . UsernameAttribute )
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-03-05 11:18:31 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenImplementationIsInvalidMSAD ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . Implementation = "masd"
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'implementation' is configured as 'masd' but must be one of the following values: 'custom', 'activedirectory'" )
2020-11-27 16:59:22 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenURLNotProvided ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . URL = ""
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'url' is required" )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenUserNotProvided ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . User = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'user' is required" )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenPasswordNotProvided ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . Password = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'password' is required" )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenBaseDNNotProvided ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . BaseDN = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'base_dn' is required" )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnEmptyGroupsFilter ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . GroupsFilter = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'groups_filter' is required" )
2020-03-15 19:10:13 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnEmptyUsersFilter ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' is required" )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotRaiseOnEmptyUsernameAttribute ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsernameAttribute = ""
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnBadRefreshInterval ( ) {
2022-02-28 10:15:01 +07:00
suite . config . RefreshInterval = "blah"
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: option 'refresh_interval' is configured to 'blah' but it must be either a duration notation or one of 'disable', or 'always': could not parse 'blah' as a duration" )
2020-05-05 02:39:25 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultImplementation ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( schema . LDAPImplementationCustom , suite . config . LDAP . Implementation )
2020-11-27 16:59:22 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorOnBadFilterPlaceholders ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter = "(&({username_attribute}={0})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
suite . config . LDAP . GroupsFilter = "(&({username_attribute}={1})(member={0})(objectClass=group)(objectCategory=group))"
2021-04-16 08:44:37 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-04-16 08:44:37 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-04-16 08:44:37 +07:00
suite . Assert ( ) . True ( suite . validator . HasErrors ( ) )
2022-02-28 10:15:01 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 4 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' has an invalid placeholder: '{0}' has been removed, please use '{input}' instead" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: ldap: option 'groups_filter' has an invalid placeholder: '{0}' has been removed, please use '{input}' instead" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "authentication_backend: ldap: option 'groups_filter' has an invalid placeholder: '{1}' has been removed, please use '{username}' instead" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 3 ] , "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{input}' but it is required" )
2021-04-16 08:44:37 +07:00
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultGroupNameAttribute ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( "cn" , suite . config . LDAP . GroupNameAttribute )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultMailAttribute ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( "mail" , suite . config . LDAP . MailAttribute )
2019-04-25 04:52:08 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultDisplayNameAttribute ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( "displayName" , suite . config . LDAP . DisplayNameAttribute )
2020-11-27 16:59:22 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultRefreshInterval ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( "5m" , suite . config . RefreshInterval )
2020-05-05 02:39:25 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter = "{username_attribute}={input}"
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' must contain enclosing parenthesis: '{username_attribute}={input}' should probably be '({username_attribute}={input})'" )
2019-12-09 05:21:55 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . GroupsFilter = "cn={input}"
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'groups_filter' must contain enclosing parenthesis: 'cn={input}' should probably be '(cn={input})'" )
2020-03-31 05:36:04 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenUsersFilterDoesNotContainUsernameAttribute ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter = "(&({mail_attribute}={input})(objectClass=person))"
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{username_attribute}' but it is required" )
2020-11-27 20:30:27 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldHelpDetectNoInputPlaceholder ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter = "(&({username_attribute}={mail_attribute})(objectClass=person))"
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{input}' but it is required" )
2019-12-06 15:15:54 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultTLSMinimumVersion ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . TLS = & schema . TLSConfig { MinimumVersion : "" }
2021-04-16 08:44:37 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 17:28:55 +07:00
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . Equal ( schema . DefaultLDAPAuthenticationBackendConfiguration . TLS . MinimumVersion , suite . config . LDAP . TLS . MinimumVersion )
2020-12-03 12:23:52 +07:00
}
2021-04-16 08:44:37 +07:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotAllowInvalidTLSValue ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . TLS = & schema . TLSConfig {
2021-01-04 17:28:55 +07:00
MinimumVersion : "SSL2.0" ,
}
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 17:28:55 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 17:28:55 +07:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 10:15:01 +07:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: tls: option 'minimum_tls_version' is invalid: SSL2.0: supplied tls version isn't supported" )
2021-01-04 17:28:55 +07:00
}
2019-04-25 04:52:08 +07:00
func TestLdapAuthenticationBackend ( t * testing . T ) {
2021-04-16 08:44:37 +07:00
suite . Run ( t , new ( LDAPAuthenticationBackendSuite ) )
2019-04-25 04:52:08 +07:00
}
2020-12-03 12:23:52 +07:00
type ActiveDirectoryAuthenticationBackendSuite struct {
suite . Suite
2022-02-28 10:15:01 +07:00
config schema . AuthenticationBackendConfiguration
validator * schema . StructValidator
2020-12-03 12:23:52 +07:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
2022-02-28 10:15:01 +07:00
suite . config = schema . AuthenticationBackendConfiguration { }
suite . config . LDAP = & schema . LDAPAuthenticationBackendConfiguration { }
suite . config . LDAP . Implementation = schema . LDAPImplementationActiveDirectory
suite . config . LDAP . URL = testLDAPURL
suite . config . LDAP . User = testLDAPUser
suite . config . LDAP . Password = testLDAPPassword
suite . config . LDAP . BaseDN = testLDAPBaseDN
suite . config . LDAP . TLS = schema . DefaultLDAPAuthenticationBackendConfiguration . TLS
2020-12-03 12:23:52 +07:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldSetActiveDirectoryDefaults ( ) {
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-12-03 12:23:52 +07:00
2022-04-04 14:46:55 +07:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2020-12-03 12:23:52 +07:00
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Equal (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendConfiguration . Timeout ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . Timeout )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Equal (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsersFilter ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Equal (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsernameAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsernameAttribute )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Equal (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . DisplayNameAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . DisplayNameAttribute )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Equal (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . MailAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . MailAttribute )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . Equal (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupsFilter ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . GroupsFilter )
2021-08-05 11:30:00 +07:00
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupNameAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . GroupNameAttribute )
2020-12-03 12:23:52 +07:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldOnlySetDefaultsIfNotManuallyConfigured ( ) {
2022-02-28 10:15:01 +07:00
suite . config . LDAP . Timeout = time . Second * 2
suite . config . LDAP . UsersFilter = "(&({username_attribute}={input})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
suite . config . LDAP . UsernameAttribute = "cn"
suite . config . LDAP . MailAttribute = "userPrincipalName"
suite . config . LDAP . DisplayNameAttribute = "name"
suite . config . LDAP . GroupsFilter = "(&(member={dn})(objectClass=group)(objectCategory=group))"
suite . config . LDAP . GroupNameAttribute = "distinguishedName"
2020-12-03 12:23:52 +07:00
2022-02-28 10:15:01 +07:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-12-03 12:23:52 +07:00
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . NotEqual (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendConfiguration . Timeout ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . Timeout )
2021-08-05 11:30:00 +07:00
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsersFilter ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsersFilter )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . NotEqual (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . UsernameAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . UsernameAttribute )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . NotEqual (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . DisplayNameAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . DisplayNameAttribute )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . NotEqual (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . MailAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . MailAttribute )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . NotEqual (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupsFilter ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . GroupsFilter )
2021-01-04 17:28:55 +07:00
suite . Assert ( ) . NotEqual (
2021-08-05 11:30:00 +07:00
schema . DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration . GroupNameAttribute ,
2022-02-28 10:15:01 +07:00
suite . config . LDAP . GroupNameAttribute )
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldRaiseErrorOnInvalidURLWithHTTP ( ) {
suite . config . LDAP . URL = "http://dc1:389"
validateLDAPAuthenticationBackendURL ( suite . config . LDAP , suite . validator )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'url' must have either the 'ldap' or 'ldaps' scheme but it is configured as 'http'" )
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldRaiseErrorOnInvalidURLWithBadCharacters ( ) {
suite . config . LDAP . URL = "ldap://dc1:abc"
validateLDAPAuthenticationBackendURL ( suite . config . LDAP , suite . validator )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'url' could not be parsed: parse \"ldap://dc1:abc\": invalid port \":abc\" after host" )
2020-12-03 12:23:52 +07:00
}
func TestActiveDirectoryAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( ActiveDirectoryAuthenticationBackendSuite ) )
}