dex/connector/connector_ldap_test.go

package connector

import (
	"html/template"
	"net/url"
	"testing"

	"github.com/coreos/go-oidc/oidc"
)

var (
	ns        url.URL
	lf        oidc.LoginFunc
	templates *template.Template
)

func init() {
	templates = template.New(LDAPLoginPageTemplateName)
}

func TestLDAPConnectorConfigValidTLS(t *testing.T) {
	cc := LDAPConnectorConfig{
		ID:     "ldap",
		Host:   "example.com:636",
		UseTLS: true,
		UseSSL: false,
	}

	_, err := cc.Connector(ns, lf, templates)
	if err != nil {
		t.Fatal(err)
	}
}

func TestLDAPConnectorConfigInvalidSSLandTLS(t *testing.T) {
	cc := LDAPConnectorConfig{
		ID:     "ldap",
		Host:   "example.com:636",
		UseTLS: true,
		UseSSL: true,
	}

	_, err := cc.Connector(ns, lf, templates)
	if err == nil {
		t.Fatal("Expected LDAPConnector initialization to fail when both TLS and SSL enabled.")
	}
}

func TestLDAPConnectorConfigValidSearchScope(t *testing.T) {
	cc := LDAPConnectorConfig{
		ID:          "ldap",
		Host:        "example.com:636",
		SearchScope: "one",
	}

	_, err := cc.Connector(ns, lf, templates)
	if err != nil {
		t.Fatal(err)
	}
}

func TestLDAPConnectorConfigInvalidSearchScope(t *testing.T) {
	cc := LDAPConnectorConfig{
		ID:          "ldap",
		Host:        "example.com:636",
		SearchScope: "three",
	}

	_, err := cc.Connector(ns, lf, templates)
	if err == nil {
		t.Fatal("Expected LDAPConnector initialization to fail when invalid value provided for SearchScope.")
	}
}

func TestLDAPConnectorConfigInvalidCertFileNoKeyFile(t *testing.T) {
	cc := LDAPConnectorConfig{
		ID:       "ldap",
		Host:     "example.com:636",
		CertFile: "/tmp/ldap.crt",
	}

	_, err := cc.Connector(ns, lf, templates)
	if err == nil {
		t.Fatal("Expected LDAPConnector initialization to fail when CertFile specified without KeyFile.")
	}
}

func TestLDAPConnectorConfigValidCertFileAndKeyFile(t *testing.T) {
	cc := LDAPConnectorConfig{
		ID:       "ldap",
		Host:     "example.com:636",
		CertFile: "/tmp/ldap.crt",
		KeyFile:  "/tmp/ldap.key",
	}

	_, err := cc.Connector(ns, lf, templates)
	if err != nil {
		t.Fatal(err)
	}
}
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`package connector`

			`import (`
			`"html/template"`
			`"net/url"`
			`"testing"`

			`"github.com/coreos/go-oidc/oidc"`
			`)`

			`var (`
			`ns url.URL`
			`lf oidc.LoginFunc`
			`templates *template.Template`
			`)`

			`func init() {`
			`templates = template.New(LDAPLoginPageTemplateName)`
			`}`

			`func TestLDAPConnectorConfigValidTLS(t *testing.T) {`
			`cc := LDAPConnectorConfig{`
			`ID: "ldap",`
clean up LDAP connector * Remove some unlikely to be used fields to help configurability. * Combined "serverHost" and "serverPort" into "host" * Remove "timeout" (just default to 30 seconds). * Remove "maxIdleConn" will add it back if users feel the need to control the number of cached connections. * Remove "trustedEmailProvider" (just always trust). * Remove "skipCertVerification" you can't make this connector ingore TLS errors. * Fix configs that don't search before bind (previously broken). * Add more examples to Documentation * Refactor LDAPPool Acquire() and Put() into a Do() function which always does the flow correctly. * Added more comments and renamed some functions. * Moved methods on LDAPIdentityProvider to the LDAPConnector 2016-06-22 05:11:04 +05:30			`Host: "example.com:636",`
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`UseTLS: true,`
			`UseSSL: false,`
			`}`

			`_, err := cc.Connector(ns, lf, templates)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`}`

			`func TestLDAPConnectorConfigInvalidSSLandTLS(t *testing.T) {`
			`cc := LDAPConnectorConfig{`
			`ID: "ldap",`
clean up LDAP connector * Remove some unlikely to be used fields to help configurability. * Combined "serverHost" and "serverPort" into "host" * Remove "timeout" (just default to 30 seconds). * Remove "maxIdleConn" will add it back if users feel the need to control the number of cached connections. * Remove "trustedEmailProvider" (just always trust). * Remove "skipCertVerification" you can't make this connector ingore TLS errors. * Fix configs that don't search before bind (previously broken). * Add more examples to Documentation * Refactor LDAPPool Acquire() and Put() into a Do() function which always does the flow correctly. * Added more comments and renamed some functions. * Moved methods on LDAPIdentityProvider to the LDAPConnector 2016-06-22 05:11:04 +05:30			`Host: "example.com:636",`
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`UseTLS: true,`
			`UseSSL: true,`
			`}`

			`_, err := cc.Connector(ns, lf, templates)`
			`if err == nil {`
			`t.Fatal("Expected LDAPConnector initialization to fail when both TLS and SSL enabled.")`
			`}`
			`}`

			`func TestLDAPConnectorConfigValidSearchScope(t *testing.T) {`
			`cc := LDAPConnectorConfig{`
			`ID: "ldap",`
clean up LDAP connector * Remove some unlikely to be used fields to help configurability. * Combined "serverHost" and "serverPort" into "host" * Remove "timeout" (just default to 30 seconds). * Remove "maxIdleConn" will add it back if users feel the need to control the number of cached connections. * Remove "trustedEmailProvider" (just always trust). * Remove "skipCertVerification" you can't make this connector ingore TLS errors. * Fix configs that don't search before bind (previously broken). * Add more examples to Documentation * Refactor LDAPPool Acquire() and Put() into a Do() function which always does the flow correctly. * Added more comments and renamed some functions. * Moved methods on LDAPIdentityProvider to the LDAPConnector 2016-06-22 05:11:04 +05:30			`Host: "example.com:636",`
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`SearchScope: "one",`
			`}`

			`_, err := cc.Connector(ns, lf, templates)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`}`

			`func TestLDAPConnectorConfigInvalidSearchScope(t *testing.T) {`
			`cc := LDAPConnectorConfig{`
			`ID: "ldap",`
clean up LDAP connector * Remove some unlikely to be used fields to help configurability. * Combined "serverHost" and "serverPort" into "host" * Remove "timeout" (just default to 30 seconds). * Remove "maxIdleConn" will add it back if users feel the need to control the number of cached connections. * Remove "trustedEmailProvider" (just always trust). * Remove "skipCertVerification" you can't make this connector ingore TLS errors. * Fix configs that don't search before bind (previously broken). * Add more examples to Documentation * Refactor LDAPPool Acquire() and Put() into a Do() function which always does the flow correctly. * Added more comments and renamed some functions. * Moved methods on LDAPIdentityProvider to the LDAPConnector 2016-06-22 05:11:04 +05:30			`Host: "example.com:636",`
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`SearchScope: "three",`
			`}`

			`_, err := cc.Connector(ns, lf, templates)`
			`if err == nil {`
			`t.Fatal("Expected LDAPConnector initialization to fail when invalid value provided for SearchScope.")`
			`}`
			`}`

			`func TestLDAPConnectorConfigInvalidCertFileNoKeyFile(t *testing.T) {`
			`cc := LDAPConnectorConfig{`
			`ID: "ldap",`
clean up LDAP connector * Remove some unlikely to be used fields to help configurability. * Combined "serverHost" and "serverPort" into "host" * Remove "timeout" (just default to 30 seconds). * Remove "maxIdleConn" will add it back if users feel the need to control the number of cached connections. * Remove "trustedEmailProvider" (just always trust). * Remove "skipCertVerification" you can't make this connector ingore TLS errors. * Fix configs that don't search before bind (previously broken). * Add more examples to Documentation * Refactor LDAPPool Acquire() and Put() into a Do() function which always does the flow correctly. * Added more comments and renamed some functions. * Moved methods on LDAPIdentityProvider to the LDAPConnector 2016-06-22 05:11:04 +05:30			`Host: "example.com:636",`
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`CertFile: "/tmp/ldap.crt",`
			`}`

			`_, err := cc.Connector(ns, lf, templates)`
			`if err == nil {`
			`t.Fatal("Expected LDAPConnector initialization to fail when CertFile specified without KeyFile.")`
			`}`
			`}`

			`func TestLDAPConnectorConfigValidCertFileAndKeyFile(t *testing.T) {`
			`cc := LDAPConnectorConfig{`
			`ID: "ldap",`
clean up LDAP connector * Remove some unlikely to be used fields to help configurability. * Combined "serverHost" and "serverPort" into "host" * Remove "timeout" (just default to 30 seconds). * Remove "maxIdleConn" will add it back if users feel the need to control the number of cached connections. * Remove "trustedEmailProvider" (just always trust). * Remove "skipCertVerification" you can't make this connector ingore TLS errors. * Fix configs that don't search before bind (previously broken). * Add more examples to Documentation * Refactor LDAPPool Acquire() and Put() into a Do() function which always does the flow correctly. * Added more comments and renamed some functions. * Moved methods on LDAPIdentityProvider to the LDAPConnector 2016-06-22 05:11:04 +05:30			`Host: "example.com:636",`
connector: add LDAP connector Authentication is performed by binding to the configured LDAP server using the user supplied credentials. Successfull bind equals authenticated user. Optionally the connector can be configured to search before authentication. The entryDN found will be used to bind to the LDAP server. This feature must be enabled to get supplementary information from the directory (ID, Name, Email). This feature can also be used to limit access to the service. Example use case: Allow your users to log in with e-mail address instead of the identification string in your DNs (typically username). To make re-use of HTTP form handling code from the Local connector possible: - Implemented IdentityProvider interface - Moved the re-used functions to login_local.go Fixes #119 2015-11-11 01:08:40 +05:30			`CertFile: "/tmp/ldap.crt",`
			`KeyFile: "/tmp/ldap.key",`
			`}`

			`_, err := cc.Connector(ns, lf, templates)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`}`