224 lines
4.7 KiB
Go
224 lines
4.7 KiB
Go
package functional
|
|
|
|
import (
|
|
"fmt"
|
|
"html/template"
|
|
"net/url"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/coreos/dex/connector"
|
|
"github.com/coreos/dex/db"
|
|
"github.com/coreos/dex/repo"
|
|
"github.com/coreos/go-oidc/oidc"
|
|
"gopkg.in/ldap.v2"
|
|
)
|
|
|
|
var (
|
|
ldapHost string
|
|
ldapPort uint16
|
|
ldapBindDN string
|
|
ldapBindPw string
|
|
)
|
|
|
|
func init() {
|
|
ldapuri := os.Getenv("DEX_TEST_LDAP_URI")
|
|
if ldapuri == "" {
|
|
fmt.Println("Unable to proceed with empty env var " +
|
|
"DEX_TEST_LDAP_URI")
|
|
os.Exit(1)
|
|
}
|
|
u, err := url.Parse(ldapuri)
|
|
if err != nil {
|
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI")
|
|
os.Exit(1)
|
|
}
|
|
if strings.Index(u.RawQuery, "?") < 0 {
|
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI")
|
|
os.Exit(1)
|
|
}
|
|
extentions := make(map[string]string)
|
|
kvs := strings.Split(strings.TrimLeft(u.RawQuery, "?"), ",")
|
|
for i := range kvs {
|
|
fmt.Println(kvs[i])
|
|
kv := strings.Split(kvs[i], "=")
|
|
if len(kv) < 2 {
|
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI")
|
|
os.Exit(1)
|
|
}
|
|
extentions[kv[0]] = kv[1]
|
|
}
|
|
hostport := strings.Split(u.Host, ":")
|
|
port := 389
|
|
if len(hostport) > 1 {
|
|
port, _ = strconv.Atoi(hostport[1])
|
|
}
|
|
|
|
ldapHost = hostport[0]
|
|
ldapPort = uint16(port)
|
|
|
|
if len(extentions["bindname"]) > 0 {
|
|
ldapBindDN, err = url.QueryUnescape(extentions["bindname"])
|
|
if err != nil {
|
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI")
|
|
os.Exit(1)
|
|
}
|
|
}
|
|
if len(extentions["X-BINDPW"]) > 0 {
|
|
ldapBindPw = extentions["X-BINDPW"]
|
|
}
|
|
}
|
|
|
|
func TestLDAPConnect(t *testing.T) {
|
|
fmt.Println("ldapHost: ", ldapHost)
|
|
fmt.Println("ldapPort: ", ldapPort)
|
|
fmt.Println("ldapBindDN: ", ldapBindDN)
|
|
fmt.Println("ldapBindPw: ", ldapBindPw)
|
|
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapHost, ldapPort))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = l.Bind(ldapBindDN, ldapBindPw)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
l.Close()
|
|
}
|
|
|
|
func TestConnectorLDAPConnectFail(t *testing.T) {
|
|
var tx repo.Transaction
|
|
var lf oidc.LoginFunc
|
|
var ns url.URL
|
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName)
|
|
|
|
ccr := db.NewConnectorConfigRepo(db.NewMemDB())
|
|
err := ccr.Set(
|
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{
|
|
ID: "ldap",
|
|
ServerHost: ldapHost,
|
|
ServerPort: ldapPort + 1,
|
|
}},
|
|
)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cc, err := ccr.GetConnectorByID(tx, "ldap")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
c, err := cc.Connector(ns, lf, templates)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = c.Healthy()
|
|
if err == nil {
|
|
t.Fatal(fmt.Errorf("LDAPConnector.Healty() supposed to fail, but succeeded!"))
|
|
}
|
|
}
|
|
|
|
func TestConnectorLDAPConnectSuccess(t *testing.T) {
|
|
var tx repo.Transaction
|
|
var lf oidc.LoginFunc
|
|
var ns url.URL
|
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName)
|
|
|
|
ccr := db.NewConnectorConfigRepo(db.NewMemDB())
|
|
err := ccr.Set(
|
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{
|
|
ID: "ldap",
|
|
ServerHost: ldapHost,
|
|
ServerPort: ldapPort,
|
|
}},
|
|
)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cc, err := ccr.GetConnectorByID(tx, "ldap")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
c, err := cc.Connector(ns, lf, templates)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = c.Healthy()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestConnectorLDAPcaFilecertFileConnectTLS(t *testing.T) {
|
|
var tx repo.Transaction
|
|
var lf oidc.LoginFunc
|
|
var ns url.URL
|
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName)
|
|
|
|
ccr := db.NewConnectorConfigRepo(db.NewMemDB())
|
|
err := ccr.Set(
|
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{
|
|
ID: "ldap",
|
|
ServerHost: ldapHost,
|
|
ServerPort: ldapPort,
|
|
UseTLS: true,
|
|
CertFile: "/tmp/ldap.crt",
|
|
KeyFile: "/tmp/ldap.key",
|
|
CaFile: "/tmp/openldap-ca.pem",
|
|
}},
|
|
)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cc, err := ccr.GetConnectorByID(tx, "ldap")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
c, err := cc.Connector(ns, lf, templates)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = c.Healthy()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestConnectorLDAPcaFilecertFileConnectSSL(t *testing.T) {
|
|
var tx repo.Transaction
|
|
var lf oidc.LoginFunc
|
|
var ns url.URL
|
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName)
|
|
|
|
ccr := db.NewConnectorConfigRepo(db.NewMemDB())
|
|
err := ccr.Set(
|
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{
|
|
ID: "ldap",
|
|
ServerHost: ldapHost,
|
|
ServerPort: ldapPort + 247, // 636
|
|
UseSSL: true,
|
|
CertFile: "/tmp/ldap.crt",
|
|
KeyFile: "/tmp/ldap.key",
|
|
CaFile: "/tmp/openldap-ca.pem",
|
|
}},
|
|
)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
cc, err := ccr.GetConnectorByID(tx, "ldap")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
c, err := cc.Connector(ns, lf, templates)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = c.Healthy()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|