2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
var ldap = require('../../src/lib/ldap');
|
|
|
|
var sinon = require('sinon');
|
|
|
|
var Promise = require('bluebird');
|
|
|
|
var assert = require('assert');
|
|
|
|
|
|
|
|
|
|
|
|
describe('test ldap validation', function() {
|
|
|
|
var ldap_client;
|
|
|
|
|
|
|
|
beforeEach(function() {
|
|
|
|
ldap_client = {
|
2017-01-22 16:54:45 +00:00
|
|
|
bind: sinon.stub(),
|
2017-01-27 00:20:03 +00:00
|
|
|
search: sinon.stub(),
|
|
|
|
modify: sinon.stub(),
|
|
|
|
Change: sinon.spy()
|
2017-01-21 16:41:06 +00:00
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
describe('test binding', test_binding);
|
|
|
|
describe('test get email', test_get_email);
|
2017-01-27 00:20:03 +00:00
|
|
|
describe('test update password', test_update_password);
|
2017-01-22 16:54:45 +00:00
|
|
|
|
|
|
|
function test_binding() {
|
|
|
|
function test_validate() {
|
2017-01-21 16:41:06 +00:00
|
|
|
var username = 'user';
|
|
|
|
var password = 'password';
|
|
|
|
var users_dn = 'dc=example,dc=com';
|
2017-03-16 00:25:55 +00:00
|
|
|
return ldap.validate(ldap_client, username, password, users_dn);
|
2017-01-22 16:54:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
it('should bind the user if good credentials provided', function() {
|
|
|
|
ldap_client.bind.yields();
|
|
|
|
return test_validate();
|
|
|
|
});
|
|
|
|
|
2017-03-16 00:25:55 +00:00
|
|
|
it('should bind the user with correct DN', function(done) {
|
|
|
|
var username = 'user';
|
|
|
|
var password = 'password';
|
|
|
|
var user_search_base = 'dc=example,dc=com';
|
|
|
|
var user_search_filter = 'uid';
|
|
|
|
ldap_client.bind = sinon.spy(function(dn) {
|
|
|
|
if(dn == 'uid=user,dc=example,dc=com') done();
|
|
|
|
});
|
|
|
|
ldap.validate(ldap_client, username, password, user_search_base,
|
|
|
|
user_search_filter);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should default to cn user search filter if no filter provided', function(done) {
|
|
|
|
var username = 'user';
|
|
|
|
var password = 'password';
|
|
|
|
var user_search_base = 'dc=example,dc=com';
|
|
|
|
ldap_client.bind = sinon.spy(function(dn) {
|
|
|
|
if(dn == 'cn=user,dc=example,dc=com') done();
|
|
|
|
});
|
|
|
|
ldap.validate(ldap_client, username, password, user_search_base,
|
|
|
|
undefined);
|
|
|
|
});
|
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
// cover an issue with promisify context
|
|
|
|
it('should promisify correctly', function() {
|
|
|
|
function LdapClient() {
|
|
|
|
this.test = 'abc';
|
|
|
|
}
|
|
|
|
LdapClient.prototype.bind = function(username, password, fn) {
|
|
|
|
assert.equal('abc', this.test);
|
|
|
|
fn();
|
|
|
|
}
|
|
|
|
ldap_client = new LdapClient();
|
|
|
|
return test_validate();
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should not bind the user if wrong credentials provided', function() {
|
|
|
|
ldap_client.bind.yields('wrong credentials');
|
|
|
|
var promise = test_validate();
|
|
|
|
return promise.catch(function() {
|
|
|
|
return Promise.resolve();
|
|
|
|
});
|
|
|
|
});
|
2017-01-21 16:41:06 +00:00
|
|
|
}
|
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
function test_get_email() {
|
|
|
|
it('should retrieve the email of an existing user', function() {
|
|
|
|
var expected_doc = {};
|
|
|
|
expected_doc.object = {};
|
|
|
|
expected_doc.object.mail = 'user@example.com';
|
|
|
|
var res_emitter = {};
|
|
|
|
res_emitter.on = sinon.spy(function(event, fn) {
|
|
|
|
if(event != 'error') fn(expected_doc)
|
|
|
|
});
|
2017-01-21 16:41:06 +00:00
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
ldap_client.search.yields(undefined, res_emitter);
|
2017-01-21 16:41:06 +00:00
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
return ldap.get_email(ldap_client, 'user', 'dc=example,dc=com')
|
|
|
|
.then(function(doc) {
|
|
|
|
assert.deepEqual(doc, expected_doc.object);
|
|
|
|
return Promise.resolve();
|
|
|
|
})
|
|
|
|
});
|
|
|
|
|
2017-03-16 00:25:55 +00:00
|
|
|
it('should use the user filter', function(done) {
|
|
|
|
ldap_client.search = sinon.spy(function(dn) {
|
|
|
|
if(dn == 'uid=username,ou=users,dc=example,dc=com') done();
|
|
|
|
});
|
|
|
|
ldap.get_email(ldap_client, 'username', 'ou=users,dc=example,dc=com',
|
|
|
|
'uid')
|
|
|
|
});
|
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
it('should fail on error with search method', function(done) {
|
|
|
|
var expected_doc = {};
|
|
|
|
expected_doc.mail = [];
|
|
|
|
expected_doc.mail.push('user@example.com');
|
|
|
|
ldap_client.search.yields('error');
|
2017-01-21 16:41:06 +00:00
|
|
|
|
2017-01-22 16:54:45 +00:00
|
|
|
ldap.get_email(ldap_client, 'user', 'dc=example,dc=com')
|
|
|
|
.catch(function() {
|
|
|
|
done();
|
|
|
|
})
|
2017-01-21 16:41:06 +00:00
|
|
|
});
|
2017-01-22 16:54:45 +00:00
|
|
|
}
|
2017-01-27 00:20:03 +00:00
|
|
|
|
|
|
|
function test_update_password() {
|
|
|
|
it('should update the password successfully', function(done) {
|
|
|
|
var change = {};
|
|
|
|
change.operation = 'replace';
|
|
|
|
change.modification = {};
|
|
|
|
change.modification.userPassword = 'new-password';
|
|
|
|
|
|
|
|
var config = {};
|
2017-03-16 00:25:55 +00:00
|
|
|
config.ldap_user_search_base = 'dc=example,dc=com';
|
2017-01-27 00:20:03 +00:00
|
|
|
config.ldap_user = 'admin';
|
|
|
|
|
|
|
|
var userdn = 'cn=user,dc=example,dc=com';
|
|
|
|
|
|
|
|
var ldapjs = {};
|
|
|
|
ldapjs.Change = sinon.spy();
|
|
|
|
|
|
|
|
ldap_client.bind.yields(undefined);
|
|
|
|
ldap_client.modify.yields(undefined);
|
|
|
|
|
|
|
|
ldap.update_password(ldap_client, ldapjs, 'user', 'new-password', config)
|
|
|
|
.then(function() {
|
|
|
|
assert.deepEqual(ldap_client.modify.getCall(0).args[0], userdn);
|
|
|
|
assert.deepEqual(ldapjs.Change.getCall(0).args[0].operation, change.operation);
|
|
|
|
|
|
|
|
var userPassword = ldapjs.Change.getCall(0).args[0].modification.userPassword;
|
|
|
|
assert(/{SSHA}/.test(userPassword));
|
|
|
|
done();
|
|
|
|
})
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should fail when ldap throws an error', function(done) {
|
|
|
|
ldap_client.bind.yields(undefined);
|
|
|
|
ldap_client.modify.yields('Error');
|
|
|
|
|
|
|
|
var config = {};
|
|
|
|
config.ldap_users_dn = 'dc=example,dc=com';
|
|
|
|
config.ldap_user = 'admin';
|
|
|
|
|
|
|
|
var ldapjs = {};
|
|
|
|
ldapjs.Change = sinon.spy();
|
|
|
|
|
|
|
|
ldap.update_password(ldap_client, ldapjs, 'user', 'new-password', config)
|
|
|
|
.catch(function() {
|
|
|
|
done();
|
|
|
|
})
|
|
|
|
});
|
2017-03-16 00:25:55 +00:00
|
|
|
|
|
|
|
it('should use the user filter', function(done) {
|
|
|
|
var ldapjs = {};
|
|
|
|
ldapjs.Change = sinon.spy();
|
|
|
|
|
|
|
|
var config = {};
|
|
|
|
config.ldap_user_search_base = 'ou=users,dc=example,dc=com';
|
|
|
|
config.ldap_user_search_filter = 'uid';
|
|
|
|
config.ldap_user = 'admin';
|
|
|
|
|
|
|
|
ldap_client.bind.yields(undefined);
|
|
|
|
ldap_client.modify = sinon.spy(function(dn) {
|
|
|
|
if(dn == 'uid=username,ou=users,dc=example,dc=com') done();
|
|
|
|
});
|
|
|
|
ldap.update_password(ldap_client, ldapjs, 'username', 'newpass', config)
|
|
|
|
});
|
2017-01-27 00:20:03 +00:00
|
|
|
}
|
2017-01-21 16:41:06 +00:00
|
|
|
});
|
|
|
|
|