debian-mirror-gitlab/spec/lib/gitlab/auth/ldap/adapter_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

202 lines
5.8 KiB
Ruby
Raw Permalink Normal View History

2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe Gitlab::Auth::Ldap::Adapter do
2016-09-29 09:46:39 +05:30
include LdapHelpers
let(:ldap) { double(:ldap) }
let(:adapter) { ldap_adapter('ldapmain', ldap) }
describe '#users' do
before do
stub_ldap_config(base: 'dc=example,dc=com')
end
it 'searches with the proper options when searching by uid' do
# Requires this expectation style to match the filter
expect(adapter).to receive(:ldap_search) do |arg|
expect(arg[:filter].to_s).to eq('(uid=johndoe)')
expect(arg[:base]).to eq('dc=example,dc=com')
2018-03-17 18:26:18 +05:30
expect(arg[:attributes]).to match(ldap_attributes)
2016-09-29 09:46:39 +05:30
end.and_return({})
adapter.users('uid', 'johndoe')
end
it 'searches with the proper options when searching by dn' do
expect(adapter).to receive(:ldap_search).with(
2022-07-16 23:28:13 +05:30
{
base: 'uid=johndoe,ou=users,dc=example,dc=com',
scope: Net::LDAP::SearchScope_BaseObject,
attributes: ldap_attributes,
filter: nil
}
2016-09-29 09:46:39 +05:30
).and_return({})
adapter.users('dn', 'uid=johndoe,ou=users,dc=example,dc=com')
end
it 'searches with the proper options when searching with a limit' do
expect(adapter)
.to receive(:ldap_search).with(hash_including(size: 100)).and_return({})
adapter.users('uid', 'johndoe', 100)
end
it 'returns an LDAP::Person if search returns a result' do
entry = ldap_user_entry('johndoe')
allow(adapter).to receive(:ldap_search).and_return([entry])
results = adapter.users('uid', 'johndoe')
expect(results.size).to eq(1)
expect(results.first.uid).to eq('johndoe')
end
it 'returns empty array if search entry does not respond to uid' do
entry = Net::LDAP::Entry.new
entry['dn'] = user_dn('johndoe')
allow(adapter).to receive(:ldap_search).and_return([entry])
results = adapter.users('uid', 'johndoe')
expect(results).to be_empty
end
it 'uses the right uid attribute when non-default' do
stub_ldap_config(uid: 'sAMAccountName')
expect(adapter).to receive(:ldap_search).with(
2018-03-17 18:26:18 +05:30
hash_including(attributes: ldap_attributes)
2016-09-29 09:46:39 +05:30
).and_return({})
adapter.users('sAMAccountName', 'johndoe')
end
end
2014-09-02 18:07:02 +05:30
2015-09-11 14:41:01 +05:30
describe '#dn_matches_filter?' do
2014-09-02 18:07:02 +05:30
subject { adapter.dn_matches_filter?(:dn, :filter) }
2016-11-03 12:29:30 +05:30
context "when the search result is non-empty" do
2017-09-10 17:25:29 +05:30
before do
allow(adapter).to receive(:ldap_search).and_return([:foo])
end
2016-11-03 12:29:30 +05:30
it { is_expected.to be_truthy }
end
context "when the search result is empty" do
2017-09-10 17:25:29 +05:30
before do
allow(adapter).to receive(:ldap_search).and_return([])
end
2016-11-03 12:29:30 +05:30
it { is_expected.to be_falsey }
end
end
describe '#ldap_search' do
subject { adapter.ldap_search(base: :dn, filter: :filter) }
2021-09-30 23:02:18 +05:30
shared_examples 'connection retry' do
before do
allow(adapter).to receive(:renew_connection_adapter).and_return(ldap)
allow(Gitlab::AppLogger).to receive(:warn)
end
context 'retries the operation' do
before do
stub_const("#{described_class}::MAX_SEARCH_RETRIES", 3)
end
it 'as many times as MAX_SEARCH_RETRIES' do
expect(ldap).to receive(:search).exactly(3).times
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
end
context 'when no more retries' do
before do
stub_const("#{described_class}::MAX_SEARCH_RETRIES", 1)
end
it 'raises the exception' do
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
end
it 'logs the error' do
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
expect(Gitlab::AppLogger).to have_received(:warn).with(
"LDAP search raised exception Net::LDAP::Error: #{err_message}")
end
end
end
end
2014-09-02 18:07:02 +05:30
context "when the search is successful" do
context "and the result is non-empty" do
2017-09-10 17:25:29 +05:30
before do
allow(ldap).to receive(:search).and_return([:foo])
end
2014-09-02 18:07:02 +05:30
2016-11-03 12:29:30 +05:30
it { is_expected.to eq [:foo] }
2014-09-02 18:07:02 +05:30
end
context "and the result is empty" do
2017-09-10 17:25:29 +05:30
before do
allow(ldap).to receive(:search).and_return([])
end
2014-09-02 18:07:02 +05:30
2016-11-03 12:29:30 +05:30
it { is_expected.to eq [] }
2021-09-30 23:02:18 +05:30
context 'when returned with expected code' do
let(:response_code) { 80 }
let(:response_message) { 'Other' }
let(:err_message) { "Got empty results with response code: #{response_code}, message: #{response_message}" }
before do
stub_ldap_config(retry_empty_result_with_codes: [response_code])
allow(ldap).to receive_messages(
search: nil,
get_operation_result: double(code: response_code, message: response_message)
)
end
it_behaves_like 'connection retry'
end
2014-09-02 18:07:02 +05:30
end
end
context "when the search encounters an error" do
2015-09-11 14:41:01 +05:30
before do
allow(ldap).to receive_messages(
search: nil,
get_operation_result: double(code: 1, message: 'some error')
)
end
2014-09-02 18:07:02 +05:30
2016-11-03 12:29:30 +05:30
it { is_expected.to eq [] }
end
context "when the search raises an LDAP exception" do
before do
2018-05-09 12:01:36 +05:30
allow(adapter).to receive(:renew_connection_adapter).and_return(ldap)
2016-11-03 12:29:30 +05:30
allow(ldap).to receive(:search) { raise Net::LDAP::Error, "some error" }
2020-11-24 15:15:51 +05:30
allow(Gitlab::AppLogger).to receive(:warn)
2016-11-03 12:29:30 +05:30
end
2018-05-09 12:01:36 +05:30
context 'retries the operation' do
2021-09-30 23:02:18 +05:30
let(:err_message) { 'some error' }
2018-05-09 12:01:36 +05:30
2021-09-30 23:02:18 +05:30
before do
allow(ldap).to receive(:search) { raise Net::LDAP::Error, err_message }
2018-05-09 12:01:36 +05:30
end
2021-09-30 23:02:18 +05:30
it_behaves_like 'connection retry'
2016-11-03 12:29:30 +05:30
end
2014-09-02 18:07:02 +05:30
end
end
2018-03-17 18:26:18 +05:30
def ldap_attributes
2020-04-08 14:13:33 +05:30
Gitlab::Auth::Ldap::Person.ldap_attributes(Gitlab::Auth::Ldap::Config.new('ldapmain'))
2018-03-17 18:26:18 +05:30
end
2014-09-02 18:07:02 +05:30
end