authelia/test/unit/server/ldap/Authenticator.test.ts


import { Authenticator } from "../../../../src/server/lib/ldap/Authenticator";
import { LdapConfiguration } from "../../../../src/server/lib/configuration/Configuration";

import Sinon = require("sinon");
import BluebirdPromise = require("bluebird");
import Assert = require("assert");

import { ClientFactoryStub } from "../mocks/ldap/ClientFactoryStub";
import { ClientStub } from "../mocks/ldap/ClientStub";


describe("test ldap authentication", function () {
  const USERNAME = "username";
  const PASSWORD = "password";

  const ADMIN_USER_DN = "cn=admin,dc=example,dc=com";
  const ADMIN_PASSWORD = "admin_password";

  let clientFactoryStub: ClientFactoryStub;
  let adminClientStub: ClientStub;
  let userClientStub: ClientStub;

  let authenticator: Authenticator;
  let ldapConfig: LdapConfiguration;

  beforeEach(function () {
    clientFactoryStub = new ClientFactoryStub();
    adminClientStub = new ClientStub();
    userClientStub = new ClientStub();

    ldapConfig = {
      url: "http://localhost:324",
      users_dn: "ou=users,dc=example,dc=com",
      users_filter: "cn={0}",
      groups_dn: "ou=groups,dc=example,dc=com",
      groups_filter: "member={0}",
      mail_attribute: "mail",
      group_name_attribute: "cn",
      user: ADMIN_USER_DN,
      password: ADMIN_PASSWORD
    };

    authenticator = new Authenticator(ldapConfig, clientFactoryStub);
  });

  describe("success", function () {
    it("should bind the user if good credentials provided", function () {
      clientFactoryStub.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD)
        .returns(adminClientStub);
      clientFactoryStub.createStub.withArgs("cn=" + USERNAME + ",ou=users,dc=example,dc=com", PASSWORD)
        .returns(userClientStub);

      // admin connects successfully
      adminClientStub.openStub.returns(BluebirdPromise.resolve());
      adminClientStub.closeStub.returns(BluebirdPromise.resolve());

      // admin search for user dn of user
      adminClientStub.searchUserDnStub.withArgs(USERNAME)
        .returns(BluebirdPromise.resolve("cn=" + USERNAME + ",ou=users,dc=example,dc=com"));

      // user connects successfully
      userClientStub.openStub.returns(BluebirdPromise.resolve());
      userClientStub.closeStub.returns(BluebirdPromise.resolve());

      // admin retrieves emails and groups of user
      adminClientStub.searchEmailsAndGroupsStub.returns(BluebirdPromise.resolve({
        groups: ["group1"],
        emails: ["user@example.com"]
      }));

      return authenticator.authenticate(USERNAME, PASSWORD);
    });
  });

  describe("failure", function () {
    it("should not bind the user if wrong credentials provided", function () {
      clientFactoryStub.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD)
        .returns(adminClientStub);
      clientFactoryStub.createStub.withArgs("cn=" + USERNAME + ",ou=users,dc=example,dc=com", PASSWORD)
        .returns(userClientStub);

      // admin connects successfully
      adminClientStub.openStub.returns(BluebirdPromise.resolve());
      adminClientStub.closeStub.returns(BluebirdPromise.resolve());

      // admin search for user dn of user
      adminClientStub.searchUserDnStub.withArgs(USERNAME)
        .returns(BluebirdPromise.resolve("cn=" + USERNAME + ",ou=users,dc=example,dc=com"));

      // user connects successfully
      userClientStub.openStub.returns(BluebirdPromise.reject(new Error("Error while binding")));
      userClientStub.closeStub.returns(BluebirdPromise.resolve());

      return authenticator.authenticate(USERNAME, PASSWORD)
        .then(function () { return BluebirdPromise.reject("Should not be here!"); })
        .catch(function () {
          return BluebirdPromise.resolve();
        });
    });

    it("should not bind the user if search of emails or group fails", function () {
      clientFactoryStub.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD)
        .returns(adminClientStub);
      clientFactoryStub.createStub.withArgs("cn=" + USERNAME + ",ou=users,dc=example,dc=com", PASSWORD)
        .returns(userClientStub);

      // admin connects successfully
      adminClientStub.openStub.returns(BluebirdPromise.resolve());
      adminClientStub.closeStub.returns(BluebirdPromise.resolve());

      // admin search for user dn of user
      adminClientStub.searchUserDnStub.withArgs(USERNAME)
        .returns(BluebirdPromise.resolve("cn=" + USERNAME + ",ou=users,dc=example,dc=com"));

      // user connects successfully
      userClientStub.openStub.returns(BluebirdPromise.resolve());
      userClientStub.closeStub.returns(BluebirdPromise.resolve());

      // admin retrieves emails and groups of user
      adminClientStub.searchEmailsAndGroupsStub
        .returns(BluebirdPromise.reject(new Error("Error while retrieving emails and groups")));

      return authenticator.authenticate(USERNAME, PASSWORD)
        .then(function () { return BluebirdPromise.reject("Should not be here!"); })
        .catch(function () {
          return BluebirdPromise.resolve();
        });
    });
  });
});
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
			`import { Authenticator } from "../../../../src/server/lib/ldap/Authenticator";`
Add Mongo as scalable and resilient storage backend 2017-07-19 19:06:12 +00:00			`import { LdapConfiguration } from "../../../../src/server/lib/configuration/Configuration";`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`import Sinon = require("sinon");`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00			`import BluebirdPromise = require("bluebird");`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`import Assert = require("assert");`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`import { ClientFactoryStub } from "../mocks/ldap/ClientFactoryStub";`
			`import { ClientStub } from "../mocks/ldap/ClientStub";`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00

			`describe("test ldap authentication", function () {`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`const USERNAME = "username";`
			`const PASSWORD = "password";`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`const ADMIN_USER_DN = "cn=admin,dc=example,dc=com";`
			`const ADMIN_PASSWORD = "admin_password";`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`let clientFactoryStub: ClientFactoryStub;`
			`let adminClientStub: ClientStub;`
			`let userClientStub: ClientStub;`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`let authenticator: Authenticator;`
			`let ldapConfig: LdapConfiguration;`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
			`beforeEach(function () {`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`clientFactoryStub = new ClientFactoryStub();`
			`adminClientStub = new ClientStub();`
			`userClientStub = new ClientStub();`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00
			`ldapConfig = {`
			`url: "http://localhost:324",`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`users_dn: "ou=users,dc=example,dc=com",`
			`users_filter: "cn={0}",`
			`groups_dn: "ou=groups,dc=example,dc=com",`
			`groups_filter: "member={0}",`
			`mail_attribute: "mail",`
			`group_name_attribute: "cn",`
			`user: ADMIN_USER_DN,`
			`password: ADMIN_PASSWORD`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00			`};`

Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`authenticator = new Authenticator(ldapConfig, clientFactoryStub);`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00			`});`

			`describe("success", function () {`
			`it("should bind the user if good credentials provided", function () {`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`clientFactoryStub.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD)`
			`.returns(adminClientStub);`
			`clientFactoryStub.createStub.withArgs("cn=" + USERNAME + ",ou=users,dc=example,dc=com", PASSWORD)`
			`.returns(userClientStub);`

			`// admin connects successfully`
			`adminClientStub.openStub.returns(BluebirdPromise.resolve());`
			`adminClientStub.closeStub.returns(BluebirdPromise.resolve());`

			`// admin search for user dn of user`
			`adminClientStub.searchUserDnStub.withArgs(USERNAME)`
			`.returns(BluebirdPromise.resolve("cn=" + USERNAME + ",ou=users,dc=example,dc=com"));`

			`// user connects successfully`
			`userClientStub.openStub.returns(BluebirdPromise.resolve());`
			`userClientStub.closeStub.returns(BluebirdPromise.resolve());`

			`// admin retrieves emails and groups of user`
			`adminClientStub.searchEmailsAndGroupsStub.returns(BluebirdPromise.resolve({`
			`groups: ["group1"],`
			`emails: ["user@example.com"]`
			`}));`

			`return authenticator.authenticate(USERNAME, PASSWORD);`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00			`});`
			`});`

			`describe("failure", function () {`
			`it("should not bind the user if wrong credentials provided", function () {`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`clientFactoryStub.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD)`
			`.returns(adminClientStub);`
			`clientFactoryStub.createStub.withArgs("cn=" + USERNAME + ",ou=users,dc=example,dc=com", PASSWORD)`
			`.returns(userClientStub);`

			`// admin connects successfully`
			`adminClientStub.openStub.returns(BluebirdPromise.resolve());`
			`adminClientStub.closeStub.returns(BluebirdPromise.resolve());`

			`// admin search for user dn of user`
			`adminClientStub.searchUserDnStub.withArgs(USERNAME)`
			`.returns(BluebirdPromise.resolve("cn=" + USERNAME + ",ou=users,dc=example,dc=com"));`

			`// user connects successfully`
			`userClientStub.openStub.returns(BluebirdPromise.reject(new Error("Error while binding")));`
			`userClientStub.closeStub.returns(BluebirdPromise.resolve());`

			`return authenticator.authenticate(USERNAME, PASSWORD)`
			`.then(function () { return BluebirdPromise.reject("Should not be here!"); })`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00			`.catch(function () {`
			`return BluebirdPromise.resolve();`
			`});`
			`});`

			`it("should not bind the user if search of emails or group fails", function () {`
Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 20:38:26 +00:00			`clientFactoryStub.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD)`
			`.returns(adminClientStub);`
			`clientFactoryStub.createStub.withArgs("cn=" + USERNAME + ",ou=users,dc=example,dc=com", PASSWORD)`
			`.returns(userClientStub);`

			`// admin connects successfully`
			`adminClientStub.openStub.returns(BluebirdPromise.resolve());`
			`adminClientStub.closeStub.returns(BluebirdPromise.resolve());`

			`// admin search for user dn of user`
			`adminClientStub.searchUserDnStub.withArgs(USERNAME)`
			`.returns(BluebirdPromise.resolve("cn=" + USERNAME + ",ou=users,dc=example,dc=com"));`

			`// user connects successfully`
			`userClientStub.openStub.returns(BluebirdPromise.resolve());`
			`userClientStub.closeStub.returns(BluebirdPromise.resolve());`

			`// admin retrieves emails and groups of user`
			`adminClientStub.searchEmailsAndGroupsStub`
			`.returns(BluebirdPromise.reject(new Error("Error while retrieving emails and groups")));`

			`return authenticator.authenticate(USERNAME, PASSWORD)`
			`.then(function () { return BluebirdPromise.reject("Should not be here!"); })`
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-16 15:37:13 +00:00			`.catch(function () {`
			`return BluebirdPromise.resolve();`
			`});`
			`});`
			`});`
			`});`