2019-04-24 21:52:08 +00:00
package validator
import (
2022-10-21 08:41:33 +00:00
"crypto/tls"
2022-04-04 07:46:55 +00:00
"net/url"
2019-04-24 21:52:08 +00:00
"testing"
2021-08-05 04:30:00 +00:00
"time"
2019-04-24 21:52:08 +00:00
"github.com/stretchr/testify/assert"
2019-12-06 08:15:54 +00:00
"github.com/stretchr/testify/require"
2019-04-24 21:52:08 +00:00
"github.com/stretchr/testify/suite"
2020-04-05 12:37:21 +00:00
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2019-04-24 21:52:08 +00:00
)
2021-03-22 09:04:09 +00:00
func TestShouldRaiseErrorWhenBothBackendsProvided ( t * testing . T ) {
validator := schema . NewStructValidator ( )
2022-10-17 10:51:59 +00:00
backendConfig := schema . AuthenticationBackend { }
2021-03-22 09:04:09 +00:00
2022-10-17 10:51:59 +00:00
backendConfig . LDAP = & schema . LDAPAuthenticationBackend { }
backendConfig . File = & schema . FileAuthenticationBackend {
2021-03-22 09:04:09 +00:00
Path : "/tmp" ,
}
ValidateAuthenticationBackend ( & backendConfig , validator )
2022-10-17 10:51:59 +00:00
require . Len ( t , validator . Errors ( ) , 7 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "authentication_backend: please ensure only one of the 'file' or 'ldap' backend is configured" )
2022-10-17 10:51:59 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 1 ] , "authentication_backend: ldap: option 'url' is required" )
assert . EqualError ( t , validator . Errors ( ) [ 2 ] , "authentication_backend: ldap: option 'user' is required" )
assert . EqualError ( t , validator . Errors ( ) [ 3 ] , "authentication_backend: ldap: option 'password' is required" )
assert . EqualError ( t , validator . Errors ( ) [ 4 ] , "authentication_backend: ldap: option 'base_dn' is required" )
assert . EqualError ( t , validator . Errors ( ) [ 5 ] , "authentication_backend: ldap: option 'users_filter' is required" )
assert . EqualError ( t , validator . Errors ( ) [ 6 ] , "authentication_backend: ldap: option 'groups_filter' is required" )
2021-03-22 09:04:09 +00:00
}
func TestShouldRaiseErrorWhenNoBackendProvided ( t * testing . T ) {
2019-04-24 21:52:08 +00:00
validator := schema . NewStructValidator ( )
2022-10-17 10:51:59 +00:00
backendConfig := schema . AuthenticationBackend { }
2019-04-24 21:52:08 +00:00
ValidateAuthenticationBackend ( & backendConfig , validator )
2020-11-27 09:59:22 +00:00
require . Len ( t , validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , validator . Errors ( ) [ 0 ] , "authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured" )
2019-04-24 21:52:08 +00:00
}
type FileBasedAuthenticationBackend struct {
suite . Suite
2022-10-17 10:51:59 +00:00
config schema . AuthenticationBackend
2022-02-28 03:15:01 +00:00
validator * schema . StructValidator
2019-04-24 21:52:08 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) SetupTest ( ) {
2022-10-17 10:51:59 +00:00
password := schema . DefaultPasswordConfig
2019-04-24 21:52:08 +00:00
suite . validator = schema . NewStructValidator ( )
2022-10-17 10:51:59 +00:00
suite . config = schema . AuthenticationBackend { }
suite . config . File = & schema . FileAuthenticationBackend { Path : "/a/path" , Password : password }
2019-04-24 21:52:08 +00:00
}
2022-10-17 10:51:59 +00:00
2019-04-24 21:52:08 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldValidateCompleteConfiguration ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2019-04-24 21:52:08 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenNoPathProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . File . Path = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: option 'path' is required" )
2019-04-24 21:52:08 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultConfigurationWhenBlank ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . KeyLength )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( 0 , suite . config . File . Password . Parallelism )
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . KeyLength , suite . config . File . Password . KeyLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Iterations , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . SaltLength , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Algorithm , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Memory , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Parallelism , suite . config . File . Password . Parallelism )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldMigrateLegacyConfigurationSHA512 ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
2020-03-06 01:38:02 +00:00
2022-10-17 10:51:59 +00:00
suite . config . File . Password = schema . Password {
Algorithm : digestSHA512 ,
Iterations : 1000000 ,
SaltLength : 8 ,
}
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal ( hashSHA2Crypt , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( digestSHA512 , suite . config . File . Password . SHA2Crypt . Variant )
suite . Assert ( ) . Equal ( 1000000 , suite . config . File . Password . SHA2Crypt . Iterations )
suite . Assert ( ) . Equal ( 8 , suite . config . File . Password . SHA2Crypt . SaltLength )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldMigrateLegacyConfigurationSHA512ButNotOverride ( ) {
suite . config . File . Password = schema . Password { }
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
2022-10-17 10:51:59 +00:00
suite . config . File . Password = schema . Password {
Algorithm : digestSHA512 ,
Iterations : 1000000 ,
SaltLength : 8 ,
SHA2Crypt : schema . SHA2CryptPassword {
Variant : digestSHA256 ,
Iterations : 50000 ,
SaltLength : 12 ,
} ,
}
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal ( hashSHA2Crypt , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( digestSHA256 , suite . config . File . Password . SHA2Crypt . Variant )
suite . Assert ( ) . Equal ( 50000 , suite . config . File . Password . SHA2Crypt . Iterations )
suite . Assert ( ) . Equal ( 12 , suite . config . File . Password . SHA2Crypt . SaltLength )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldMigrateLegacyConfigurationSHA512Alt ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password = schema . Password {
Algorithm : digestSHA512 ,
Iterations : 1000000 ,
SaltLength : 64 ,
}
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal ( hashSHA2Crypt , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( digestSHA512 , suite . config . File . Password . SHA2Crypt . Variant )
suite . Assert ( ) . Equal ( 1000000 , suite . config . File . Password . SHA2Crypt . Iterations )
suite . Assert ( ) . Equal ( 16 , suite . config . File . Password . SHA2Crypt . SaltLength )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldMigrateLegacyConfigurationArgon2 ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password = schema . Password {
Algorithm : "argon2id" ,
Iterations : 4 ,
Memory : 1024 ,
Parallelism : 4 ,
KeyLength : 64 ,
SaltLength : 64 ,
}
2020-03-06 01:38:02 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-03-06 01:38:02 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-08-03 09:55:21 +00:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . Equal ( "argon2" , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( "argon2id" , suite . config . File . Password . Argon2 . Variant )
suite . Assert ( ) . Equal ( 4 , suite . config . File . Password . Argon2 . Iterations )
suite . Assert ( ) . Equal ( 1048576 , suite . config . File . Password . Argon2 . Memory )
suite . Assert ( ) . Equal ( 4 , suite . config . File . Password . Argon2 . Parallelism )
suite . Assert ( ) . Equal ( 64 , suite . config . File . Password . Argon2 . KeyLength )
suite . Assert ( ) . Equal ( 64 , suite . config . File . Password . Argon2 . SaltLength )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldMigrateLegacyConfigurationArgon2ButNotOverride ( ) {
suite . config . File . Password = schema . Password { }
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
2022-10-17 10:51:59 +00:00
suite . config . File . Password = schema . Password {
Algorithm : "argon2id" ,
Iterations : 4 ,
Memory : 1024 ,
Parallelism : 4 ,
KeyLength : 64 ,
SaltLength : 64 ,
Argon2 : schema . Argon2Password {
Variant : "argon2d" ,
Iterations : 1 ,
Memory : 2048 ,
Parallelism : 1 ,
KeyLength : 32 ,
SaltLength : 32 ,
} ,
}
2020-03-06 01:38:02 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-03-06 01:38:02 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-08-03 09:55:21 +00:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . Equal ( "argon2" , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( "argon2d" , suite . config . File . Password . Argon2 . Variant )
suite . Assert ( ) . Equal ( 1 , suite . config . File . Password . Argon2 . Iterations )
suite . Assert ( ) . Equal ( 2048 , suite . config . File . Password . Argon2 . Memory )
suite . Assert ( ) . Equal ( 1 , suite . config . File . Password . Argon2 . Parallelism )
suite . Assert ( ) . Equal ( 32 , suite . config . File . Password . Argon2 . KeyLength )
suite . Assert ( ) . Equal ( 32 , suite . config . File . Password . Argon2 . SaltLength )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldMigrateLegacyConfigurationWhenOnlySHA512Set ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = digestSHA512
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal ( hashSHA2Crypt , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( digestSHA512 , suite . config . File . Password . SHA2Crypt . Variant )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . SHA2Crypt . Iterations , suite . config . File . Password . SHA2Crypt . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . SHA2Crypt . SaltLength , suite . config . File . Password . SHA2Crypt . SaltLength )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorOnInvalidArgon2Variant ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = "argon2"
suite . config . File . Password . Argon2 . Variant = testInvalid
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: argon2: option 'variant' is configured as 'invalid' but must be one of the following values: 'argon2id', 'id', 'argon2i', 'i', 'argon2d', 'd'" )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorOnInvalidSHA2CryptVariant ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = hashSHA2Crypt
suite . config . File . Password . SHA2Crypt . Variant = testInvalid
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: sha2crypt: option 'variant' is configured as 'invalid' but must be one of the following values: 'sha256', 'sha512'" )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorOnInvalidSHA2CryptSaltLength ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = hashSHA2Crypt
suite . config . File . Password . SHA2Crypt . SaltLength = 40
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: sha2crypt: option 'salt_length' is configured as '40' but must be less than or equal to '16'" )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorOnInvalidPBKDF2Variant ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = "pbkdf2"
suite . config . File . Password . PBKDF2 . Variant = testInvalid
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: pbkdf2: option 'variant' is configured as 'invalid' but must be one of the following values: 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'" )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorOnInvalidBCryptVariant ( ) {
suite . config . File . Password = schema . Password { }
suite . Assert ( ) . Equal ( "" , suite . config . File . Password . Algorithm )
suite . config . File . Password . Algorithm = "bcrypt"
suite . config . File . Password . BCrypt . Variant = testInvalid
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: bcrypt: option 'variant' is configured as 'invalid' but must be one of the following values: 'standard', 'sha256'" )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenSHA2CryptOptionsTooLow ( ) {
suite . config . File . Password . SHA2Crypt . Iterations = - 1
suite . config . File . Password . SHA2Crypt . SaltLength = - 1
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2022-10-17 10:51:59 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 2 )
2021-01-04 10:28:55 +00:00
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: sha2crypt: option 'iterations' is configured as '-1' but must be greater than or equal to '1000'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: sha2crypt: option 'salt_length' is configured as '-1' but must be greater than or equal to '1'" )
2020-03-06 01:38:02 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenSHA2CryptOptionsTooHigh ( ) {
suite . config . File . Password . SHA2Crypt . Iterations = 999999999999
suite . config . File . Password . SHA2Crypt . SaltLength = 99
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 2 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: sha2crypt: option 'iterations' is configured as '999999999999' but must be less than or equal to '999999999'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: sha2crypt: option 'salt_length' is configured as '99' but must be less than or equal to '16'" )
2019-04-24 21:52:08 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenPBKDF2OptionsTooLow ( ) {
suite . config . File . Password . PBKDF2 . Iterations = - 1
suite . config . File . Password . PBKDF2 . SaltLength = - 1
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 2 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: pbkdf2: option 'iterations' is configured as '-1' but must be greater than or equal to '100000'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: pbkdf2: option 'salt_length' is configured as '-1' but must be greater than or equal to '8'" )
2019-04-24 21:52:08 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenPBKDF2OptionsTooHigh ( ) {
suite . config . File . Password . PBKDF2 . Iterations = 2147483649
suite . config . File . Password . PBKDF2 . SaltLength = 2147483650
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 2 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: pbkdf2: option 'iterations' is configured as '2147483649' but must be less than or equal to '2147483647'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: pbkdf2: option 'salt_length' is configured as '2147483650' but must be less than or equal to '2147483647'" )
2019-04-24 21:52:08 +00:00
}
2022-10-17 10:51:59 +00:00
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenBCryptOptionsTooLow ( ) {
suite . config . File . Password . BCrypt . Cost = - 1
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: bcrypt: option 'cost' is configured as '-1' but must be greater than or equal to '10'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenBCryptOptionsTooHigh ( ) {
suite . config . File . Password . BCrypt . Cost = 900
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: bcrypt: option 'cost' is configured as '900' but must be less than or equal to '31'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenSCryptOptionsTooLow ( ) {
suite . config . File . Password . SCrypt . Iterations = - 1
suite . config . File . Password . SCrypt . BlockSize = - 21
suite . config . File . Password . SCrypt . Parallelism = - 11
suite . config . File . Password . SCrypt . KeyLength = - 77
suite . config . File . Password . SCrypt . SaltLength = 7
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 5 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: scrypt: option 'iterations' is configured as '-1' but must be greater than or equal to '1'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: scrypt: option 'block_size' is configured as '-21' but must be greater than or equal to '1'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "authentication_backend: file: password: scrypt: option 'parallelism' is configured as '-11' but must be greater than or equal to '1'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 3 ] , "authentication_backend: file: password: scrypt: option 'key_length' is configured as '-77' but must be greater than or equal to '1'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 4 ] , "authentication_backend: file: password: scrypt: option 'salt_length' is configured as '7' but must be greater than or equal to '8'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenSCryptOptionsTooHigh ( ) {
2022-12-04 22:37:08 +00:00
suite . config . File . Password . SCrypt . Iterations = 59
2022-10-17 10:51:59 +00:00
suite . config . File . Password . SCrypt . BlockSize = 360287970189639672
2022-12-04 22:37:08 +00:00
suite . config . File . Password . SCrypt . Parallelism = 1073741825
2022-10-17 10:51:59 +00:00
suite . config . File . Password . SCrypt . KeyLength = 1374389534409
suite . config . File . Password . SCrypt . SaltLength = 2147483647
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2022-12-04 22:37:08 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 5 )
2022-10-17 10:51:59 +00:00
2022-12-04 22:37:08 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: scrypt: option 'iterations' is configured as '59' but must be less than or equal to '58'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: scrypt: option 'block_size' is configured as '360287970189639672' but must be less than or equal to '36028797018963967'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "authentication_backend: file: password: scrypt: option 'parallelism' is configured as '1073741825' but must be less than or equal to '1073741823'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 3 ] , "authentication_backend: file: password: scrypt: option 'key_length' is configured as '1374389534409' but must be less than or equal to '137438953440'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 4 ] , "authentication_backend: file: password: scrypt: option 'salt_length' is configured as '2147483647' but must be less than or equal to '1024'" )
2022-10-17 10:51:59 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenArgon2OptionsTooLow ( ) {
suite . config . File . Password . Argon2 . Iterations = - 1
suite . config . File . Password . Argon2 . Memory = - 1
suite . config . File . Password . Argon2 . Parallelism = - 1
suite . config . File . Password . Argon2 . KeyLength = 1
suite . config . File . Password . Argon2 . SaltLength = - 1
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 5 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: argon2: option 'iterations' is configured as '-1' but must be greater than or equal to '1'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: argon2: option 'parallelism' is configured as '-1' but must be greater than or equal to '1'" )
2022-12-04 22:37:08 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "authentication_backend: file: password: argon2: option 'memory' is configured as '-1' but must be greater than or equal to '8'" )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 3 ] , "authentication_backend: file: password: argon2: option 'key_length' is configured as '1' but must be greater than or equal to '4'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 4 ] , "authentication_backend: file: password: argon2: option 'salt_length' is configured as '-1' but must be greater than or equal to '1'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenArgon2OptionsTooHigh ( ) {
suite . config . File . Password . Argon2 . Iterations = 9999999999
2022-12-04 22:37:08 +00:00
suite . config . File . Password . Argon2 . Memory = 4294967296
2022-10-17 10:51:59 +00:00
suite . config . File . Password . Argon2 . Parallelism = 16777216
suite . config . File . Password . Argon2 . KeyLength = 9999999998
suite . config . File . Password . Argon2 . SaltLength = 9999999997
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 5 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: argon2: option 'iterations' is configured as '9999999999' but must be less than or equal to '2147483647'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: file: password: argon2: option 'parallelism' is configured as '16777216' but must be less than or equal to '16777215'" )
2022-12-04 22:37:08 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "authentication_backend: file: password: argon2: option 'memory' is configured as '4294967296' but must be less than or equal to '4294967295'" )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 3 ] , "authentication_backend: file: password: argon2: option 'key_length' is configured as '9999999998' but must be less than or equal to '2147483647'" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 4 ] , "authentication_backend: file: password: argon2: option 'salt_length' is configured as '9999999997' but must be less than or equal to '2147483647'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenArgon2MemoryTooLow ( ) {
suite . config . File . Password . Argon2 . Memory = 4
suite . config . File . Password . Argon2 . Parallelism = 4
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-12-04 22:37:08 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: argon2: option 'memory' is configured as '4' but must be greater than or equal to '8'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenArgon2MemoryTooLowMultiplier ( ) {
suite . config . File . Password . Argon2 . Memory = 8
suite . config . File . Password . Argon2 . Parallelism = 4
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: argon2: option 'memory' is configured as '8' but must be greater than or equal to '32' or '4' (the value of 'parallelism) multiplied by '8'" )
2022-10-17 10:51:59 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenBadAlgorithmDefined ( ) {
suite . config . File . Password . Algorithm = "bogus"
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: file: password: option 'algorithm' is configured as 'bogus' but must be one of the following values: 'sha2crypt', 'pbkdf2', 'scrypt', 'bcrypt', 'argon2'" )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldSetDefaultValues ( ) {
suite . config . File . Password . Algorithm = ""
suite . config . File . Password . Iterations = 0
suite . config . File . Password . SaltLength = 0
suite . config . File . Password . Memory = 0
suite . config . File . Password . Parallelism = 0
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Algorithm , suite . config . File . Password . Algorithm )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Iterations , suite . config . File . Password . Iterations )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . SaltLength , suite . config . File . Password . SaltLength )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Memory , suite . config . File . Password . Memory )
suite . Assert ( ) . Equal ( schema . DefaultPasswordConfig . Parallelism , suite . config . File . Password . Parallelism )
2022-04-04 07:46:55 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldRaiseErrorWhenResetURLIsInvalid ( ) {
suite . config . PasswordReset . CustomURL = url . URL { Scheme : "ldap" , Host : "google.com" }
2022-06-28 03:15:50 +00:00
suite . config . PasswordReset . Disable = true
2022-04-04 07:46:55 +00:00
2022-06-28 03:15:50 +00:00
suite . Assert ( ) . True ( suite . config . PasswordReset . Disable )
2022-04-04 07:46:55 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: password_reset: option 'custom_url' is configured to 'ldap://google.com' which has the scheme 'ldap' but the scheme must be either 'http' or 'https'" )
2022-06-28 03:15:50 +00:00
suite . Assert ( ) . True ( suite . config . PasswordReset . Disable )
2022-04-04 07:46:55 +00:00
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldNotRaiseErrorWhenResetURLIsValid ( ) {
suite . config . PasswordReset . CustomURL = url . URL { Scheme : "https" , Host : "google.com" }
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
}
func ( suite * FileBasedAuthenticationBackend ) TestShouldConfigureDisableResetPasswordWhenCustomURL ( ) {
suite . config . PasswordReset . CustomURL = url . URL { Scheme : "https" , Host : "google.com" }
2022-06-28 03:15:50 +00:00
suite . config . PasswordReset . Disable = true
2022-04-04 07:46:55 +00:00
2022-06-28 03:15:50 +00:00
suite . Assert ( ) . True ( suite . config . PasswordReset . Disable )
2022-04-04 07:46:55 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2022-06-28 03:15:50 +00:00
suite . Assert ( ) . False ( suite . config . PasswordReset . Disable )
2019-04-24 21:52:08 +00:00
}
2022-10-17 10:51:59 +00:00
func TestFileBasedAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( FileBasedAuthenticationBackend ) )
}
type LDAPAuthenticationBackendSuite struct {
suite . Suite
config schema . AuthenticationBackend
validator * schema . StructValidator
}
func ( suite * LDAPAuthenticationBackendSuite ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
suite . config = schema . AuthenticationBackend { }
suite . config . LDAP = & schema . LDAPAuthenticationBackend { }
suite . config . LDAP . Implementation = schema . LDAPImplementationCustom
suite . config . LDAP . URL = testLDAPURL
suite . config . LDAP . User = testLDAPUser
suite . config . LDAP . Password = testLDAPPassword
suite . config . LDAP . BaseDN = testLDAPBaseDN
suite . config . LDAP . UsernameAttribute = "uid"
suite . config . LDAP . UsersFilter = "({username_attribute}={input})"
suite . config . LDAP . GroupsFilter = "(cn={input})"
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldValidateCompleteConfiguration ( ) {
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldValidateDefaultImplementationAndUsernameAttribute ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Implementation = ""
suite . config . LDAP . UsernameAttribute = ""
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-03-05 04:18:31 +00:00
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( schema . LDAPImplementationCustom , suite . config . LDAP . Implementation )
2021-03-05 04:18:31 +00:00
2022-10-17 10:51:59 +00:00
suite . Assert ( ) . Equal ( suite . config . LDAP . UsernameAttribute , schema . DefaultLDAPAuthenticationBackendConfigurationImplementationCustom . UsernameAttribute )
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-03-05 04:18:31 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenImplementationIsInvalidMSAD ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Implementation = "masd"
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-12-21 10:07:00 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'implementation' is configured as 'masd' but must be one of the following values: 'custom', 'activedirectory', 'freeipa'" )
2020-11-27 09:59:22 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenURLNotProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . URL = ""
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'url' is required" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenUserNotProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . User = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'user' is required" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenPasswordNotProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Password = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'password' is required" )
2019-04-24 21:52:08 +00:00
}
2022-10-21 08:41:33 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotRaiseErrorWhenPasswordNotProvidedWithPermitUnauthenticatedBind ( ) {
suite . config . LDAP . Password = ""
suite . config . LDAP . PermitUnauthenticatedBind = true
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'permit_unauthenticated_bind' can't be enabled when password reset is enabled" )
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenPasswordProvidedWithPermitUnauthenticatedBind ( ) {
suite . config . LDAP . Password = "test"
suite . config . LDAP . PermitUnauthenticatedBind = true
suite . config . PasswordReset . Disable = true
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'permit_unauthenticated_bind' can't be enabled when a password is specified" )
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotRaiseErrorWhenPermitUnauthenticatedBindConfiguredCorrectly ( ) {
suite . config . LDAP . Password = ""
suite . config . LDAP . PermitUnauthenticatedBind = true
suite . config . PasswordReset . Disable = true
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 0 )
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorWhenBaseDNNotProvided ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . BaseDN = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'base_dn' is required" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnEmptyGroupsFilter ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . GroupsFilter = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'groups_filter' is required" )
2020-03-15 12:10:13 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnEmptyUsersFilter ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' is required" )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotRaiseOnEmptyUsernameAttribute ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsernameAttribute = ""
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseOnBadRefreshInterval ( ) {
2022-02-28 03:15:01 +00:00
suite . config . RefreshInterval = "blah"
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: option 'refresh_interval' is configured to 'blah' but it must be either a duration notation or one of 'disable', or 'always': could not parse 'blah' as a duration" )
2020-05-04 19:39:25 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultImplementation ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( schema . LDAPImplementationCustom , suite . config . LDAP . Implementation )
2020-11-27 09:59:22 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseErrorOnBadFilterPlaceholders ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter = "(&({username_attribute}={0})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
suite . config . LDAP . GroupsFilter = "(&({username_attribute}={1})(member={0})(objectClass=group)(objectCategory=group))"
2021-04-16 01:44:37 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-04-16 01:44:37 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-04-16 01:44:37 +00:00
suite . Assert ( ) . True ( suite . validator . HasErrors ( ) )
2022-02-28 03:15:01 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 4 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' has an invalid placeholder: '{0}' has been removed, please use '{input}' instead" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 1 ] , "authentication_backend: ldap: option 'groups_filter' has an invalid placeholder: '{0}' has been removed, please use '{input}' instead" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 2 ] , "authentication_backend: ldap: option 'groups_filter' has an invalid placeholder: '{1}' has been removed, please use '{username}' instead" )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 3 ] , "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{input}' but it is required" )
2021-04-16 01:44:37 +00:00
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultGroupNameAttribute ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "cn" , suite . config . LDAP . GroupNameAttribute )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultMailAttribute ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "mail" , suite . config . LDAP . MailAttribute )
2019-04-24 21:52:08 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultDisplayNameAttribute ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "displayName" , suite . config . LDAP . DisplayNameAttribute )
2020-11-27 09:59:22 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultRefreshInterval ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . Equal ( "5m" , suite . config . RefreshInterval )
2020-05-04 19:39:25 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter = "{username_attribute}={input}"
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' must contain enclosing parenthesis: '{username_attribute}={input}' should probably be '({username_attribute}={input})'" )
2019-12-08 22:21:55 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . GroupsFilter = "cn={input}"
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'groups_filter' must contain enclosing parenthesis: 'cn={input}' should probably be '(cn={input})'" )
2020-03-30 22:36:04 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldRaiseWhenUsersFilterDoesNotContainUsernameAttribute ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter = "(&({mail_attribute}={input})(objectClass=person))"
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{username_attribute}' but it is required" )
2020-11-27 13:30:27 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldHelpDetectNoInputPlaceholder ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter = "(&({username_attribute}={mail_attribute})(objectClass=person))"
2021-01-04 10:28:55 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-02-28 03:15:01 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{input}' but it is required" )
2019-12-06 08:15:54 +00:00
}
2021-04-16 01:44:37 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldSetDefaultTLSMinimumVersion ( ) {
2022-10-21 08:41:33 +00:00
suite . config . LDAP . TLS = & schema . TLSConfig { MinimumVersion : schema . TLSVersion { } }
2021-04-16 01:44:37 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2021-01-04 10:28:55 +00:00
2022-10-21 08:41:33 +00:00
suite . Assert ( ) . Equal ( schema . DefaultLDAPAuthenticationBackendConfigurationImplementationCustom . TLS . MinimumVersion . Value , suite . config . LDAP . TLS . MinimumVersion . MinVersion ( ) )
}
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotAllowSSL30 ( ) {
suite . config . LDAP . TLS = & schema . TLSConfig {
MinimumVersion : schema . TLSVersion { Value : tls . VersionSSL30 } , //nolint:staticcheck
}
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: tls: option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured" )
2020-12-03 05:23:52 +00:00
}
2022-10-21 08:41:33 +00:00
func ( suite * LDAPAuthenticationBackendSuite ) TestShouldNotAllowTLSVerMinGreaterThanVerMax ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . TLS = & schema . TLSConfig {
2022-10-21 08:41:33 +00:00
MinimumVersion : schema . TLSVersion { Value : tls . VersionTLS13 } ,
MaximumVersion : schema . TLSVersion { Value : tls . VersionTLS12 } ,
2021-01-04 10:28:55 +00:00
}
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2021-01-04 10:28:55 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
2021-01-04 10:28:55 +00:00
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
2022-10-21 08:41:33 +00:00
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: tls: option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version TLS1.3 is greater than the maximum version TLS1.2" )
2021-01-04 10:28:55 +00:00
}
2022-12-21 10:07:00 +00:00
func TestLDAPAuthenticationBackend ( t * testing . T ) {
2021-04-16 01:44:37 +00:00
suite . Run ( t , new ( LDAPAuthenticationBackendSuite ) )
2019-04-24 21:52:08 +00:00
}
2020-12-03 05:23:52 +00:00
type ActiveDirectoryAuthenticationBackendSuite struct {
suite . Suite
2022-10-17 10:51:59 +00:00
config schema . AuthenticationBackend
2022-02-28 03:15:01 +00:00
validator * schema . StructValidator
2020-12-03 05:23:52 +00:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
2022-10-17 10:51:59 +00:00
suite . config = schema . AuthenticationBackend { }
suite . config . LDAP = & schema . LDAPAuthenticationBackend { }
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Implementation = schema . LDAPImplementationActiveDirectory
suite . config . LDAP . URL = testLDAPURL
suite . config . LDAP . User = testLDAPUser
suite . config . LDAP . Password = testLDAPPassword
suite . config . LDAP . BaseDN = testLDAPBaseDN
2022-12-21 10:07:00 +00:00
suite . config . LDAP . TLS = schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . TLS
2020-12-03 05:23:52 +00:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldSetActiveDirectoryDefaults ( ) {
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-12-03 05:23:52 +00:00
2022-04-04 07:46:55 +00:00
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
2020-12-03 05:23:52 +00:00
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2022-12-21 10:07:00 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . Timeout ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Timeout )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . UsersFilter ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . UsernameAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsernameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . DisplayNameAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . DisplayNameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . MailAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . MailAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . Equal (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . GroupsFilter ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . GroupsFilter )
2021-08-05 04:30:00 +00:00
suite . Assert ( ) . Equal (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . GroupNameAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . GroupNameAttribute )
2020-12-03 05:23:52 +00:00
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldOnlySetDefaultsIfNotManuallyConfigured ( ) {
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Timeout = time . Second * 2
suite . config . LDAP . UsersFilter = "(&({username_attribute}={input})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
suite . config . LDAP . UsernameAttribute = "cn"
suite . config . LDAP . MailAttribute = "userPrincipalName"
suite . config . LDAP . DisplayNameAttribute = "name"
suite . config . LDAP . GroupsFilter = "(&(member={dn})(objectClass=group)(objectCategory=group))"
suite . config . LDAP . GroupNameAttribute = "distinguishedName"
2020-12-03 05:23:52 +00:00
2022-02-28 03:15:01 +00:00
ValidateAuthenticationBackend ( & suite . config , suite . validator )
2020-12-03 05:23:52 +00:00
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2022-12-21 10:07:00 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . Timeout ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . Timeout )
2021-08-05 04:30:00 +00:00
suite . Assert ( ) . NotEqual (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . UsersFilter ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsersFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . UsernameAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . UsernameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . DisplayNameAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . DisplayNameAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . MailAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . MailAttribute )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . GroupsFilter ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . GroupsFilter )
2021-01-04 10:28:55 +00:00
suite . Assert ( ) . NotEqual (
2022-10-17 10:51:59 +00:00
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory . GroupNameAttribute ,
2022-02-28 03:15:01 +00:00
suite . config . LDAP . GroupNameAttribute )
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldRaiseErrorOnInvalidURLWithHTTP ( ) {
suite . config . LDAP . URL = "http://dc1:389"
validateLDAPAuthenticationBackendURL ( suite . config . LDAP , suite . validator )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'url' must have either the 'ldap' or 'ldaps' scheme but it is configured as 'http'" )
}
func ( suite * ActiveDirectoryAuthenticationBackendSuite ) TestShouldRaiseErrorOnInvalidURLWithBadCharacters ( ) {
suite . config . LDAP . URL = "ldap://dc1:abc"
validateLDAPAuthenticationBackendURL ( suite . config . LDAP , suite . validator )
suite . Require ( ) . Len ( suite . validator . Errors ( ) , 1 )
suite . Assert ( ) . EqualError ( suite . validator . Errors ( ) [ 0 ] , "authentication_backend: ldap: option 'url' could not be parsed: parse \"ldap://dc1:abc\": invalid port \":abc\" after host" )
2020-12-03 05:23:52 +00:00
}
func TestActiveDirectoryAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( ActiveDirectoryAuthenticationBackendSuite ) )
}
2022-12-21 10:07:00 +00:00
type FreeIPAAuthenticationBackendSuite struct {
suite . Suite
config schema . AuthenticationBackend
validator * schema . StructValidator
}
func ( suite * FreeIPAAuthenticationBackendSuite ) SetupTest ( ) {
suite . validator = schema . NewStructValidator ( )
suite . config = schema . AuthenticationBackend { }
suite . config . LDAP = & schema . LDAPAuthenticationBackend { }
suite . config . LDAP . Implementation = schema . LDAPImplementationFreeIPA
suite . config . LDAP . URL = testLDAPURL
suite . config . LDAP . User = testLDAPUser
suite . config . LDAP . Password = testLDAPPassword
suite . config . LDAP . BaseDN = testLDAPBaseDN
suite . config . LDAP . TLS = schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . TLS
}
func ( suite * FreeIPAAuthenticationBackendSuite ) TestShouldSetDefaults ( ) {
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . Len ( suite . validator . Warnings ( ) , 0 )
suite . Assert ( ) . Len ( suite . validator . Errors ( ) , 0 )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . Timeout ,
suite . config . LDAP . Timeout )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . UsersFilter ,
suite . config . LDAP . UsersFilter )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . UsernameAttribute ,
suite . config . LDAP . UsernameAttribute )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . DisplayNameAttribute ,
suite . config . LDAP . DisplayNameAttribute )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . MailAttribute ,
suite . config . LDAP . MailAttribute )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . GroupsFilter ,
suite . config . LDAP . GroupsFilter )
suite . Assert ( ) . Equal (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . GroupNameAttribute ,
suite . config . LDAP . GroupNameAttribute )
}
func ( suite * FreeIPAAuthenticationBackendSuite ) TestShouldOnlySetDefaultsIfNotManuallyConfigured ( ) {
suite . config . LDAP . Timeout = time . Second * 2
suite . config . LDAP . UsersFilter = "(&({username_attribute}={input})(objectClass=person)(!(nsAccountLock=TRUE)))"
suite . config . LDAP . UsernameAttribute = "dn"
suite . config . LDAP . MailAttribute = "email"
suite . config . LDAP . DisplayNameAttribute = "gecos"
suite . config . LDAP . GroupsFilter = "(&(member={dn})(objectClass=posixgroup))"
suite . config . LDAP . GroupNameAttribute = "groupName"
ValidateAuthenticationBackend ( & suite . config , suite . validator )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . Timeout ,
suite . config . LDAP . Timeout )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . UsersFilter ,
suite . config . LDAP . UsersFilter )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . UsernameAttribute ,
suite . config . LDAP . UsernameAttribute )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . DisplayNameAttribute ,
suite . config . LDAP . DisplayNameAttribute )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . MailAttribute ,
suite . config . LDAP . MailAttribute )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . GroupsFilter ,
suite . config . LDAP . GroupsFilter )
suite . Assert ( ) . NotEqual (
schema . DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA . GroupNameAttribute ,
suite . config . LDAP . GroupNameAttribute )
}
func TestFreeIPAAuthenticationBackend ( t * testing . T ) {
suite . Run ( t , new ( FreeIPAAuthenticationBackendSuite ) )
}