2017-01-03 11:05:47 -05:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2018-02-23 07:10:39 -05:00
|
|
|
describe Gitlab::Auth::LDAP::Person do
|
2017-01-03 11:05:47 -05:00
|
|
|
include LdapHelpers
|
|
|
|
|
|
|
|
let(:entry) { ldap_user_entry('john.doe') }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_ldap_config(
|
2017-01-05 17:01:04 -05:00
|
|
|
options: {
|
2017-11-08 16:32:12 -05:00
|
|
|
'uid' => 'uid',
|
2017-01-05 17:01:04 -05:00
|
|
|
'attributes' => {
|
2017-11-08 16:32:12 -05:00
|
|
|
'name' => 'cn',
|
|
|
|
'email' => %w(mail email userPrincipalName),
|
|
|
|
'username' => username_attribute
|
2017-01-05 17:01:04 -05:00
|
|
|
}
|
2017-01-03 11:05:47 -05:00
|
|
|
}
|
|
|
|
)
|
|
|
|
end
|
2017-11-08 16:32:12 -05:00
|
|
|
let(:username_attribute) { %w(uid sAMAccountName userid) }
|
2017-01-03 11:05:47 -05:00
|
|
|
|
2017-10-05 06:47:48 -04:00
|
|
|
describe '.normalize_dn' do
|
|
|
|
subject { described_class.normalize_dn(given) }
|
|
|
|
|
|
|
|
it_behaves_like 'normalizes a DN'
|
|
|
|
|
|
|
|
context 'with an exception during normalization' do
|
|
|
|
let(:given) { 'John "Smith,' } # just something that will cause an exception
|
|
|
|
|
|
|
|
it 'returns the given DN unmodified' do
|
|
|
|
expect(subject).to eq(given)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-09-18 02:20:00 -04:00
|
|
|
describe '.normalize_uid' do
|
|
|
|
subject { described_class.normalize_uid(given) }
|
|
|
|
|
2017-10-03 17:38:55 -04:00
|
|
|
it_behaves_like 'normalizes a DN attribute value'
|
2017-09-18 19:40:04 -04:00
|
|
|
|
|
|
|
context 'with an exception during normalization' do
|
2017-10-03 17:38:55 -04:00
|
|
|
let(:given) { 'John "Smith,' } # just something that will cause an exception
|
2017-09-18 19:40:04 -04:00
|
|
|
|
|
|
|
it 'returns the given UID unmodified' do
|
|
|
|
expect(subject).to eq(given)
|
|
|
|
end
|
|
|
|
end
|
2017-09-18 02:20:00 -04:00
|
|
|
end
|
|
|
|
|
2017-11-08 16:32:12 -05:00
|
|
|
describe '.ldap_attributes' do
|
|
|
|
it 'returns a compact and unique array' do
|
|
|
|
stub_ldap_config(
|
|
|
|
options: {
|
|
|
|
'uid' => nil,
|
|
|
|
'attributes' => {
|
|
|
|
'name' => 'cn',
|
|
|
|
'email' => 'mail',
|
|
|
|
'username' => %w(uid mail memberof)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
)
|
2018-02-23 07:10:39 -05:00
|
|
|
config = Gitlab::Auth::LDAP::Config.new('ldapmain')
|
2017-11-08 16:32:12 -05:00
|
|
|
ldap_attributes = described_class.ldap_attributes(config)
|
|
|
|
|
|
|
|
expect(ldap_attributes).to match_array(%w(dn uid cn mail memberof))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-01-03 11:05:47 -05:00
|
|
|
describe '#name' do
|
|
|
|
it 'uses the configured name attribute and handles values as an array' do
|
|
|
|
name = 'John Doe'
|
|
|
|
entry['cn'] = [name]
|
2017-05-01 11:13:33 -04:00
|
|
|
person = described_class.new(entry, 'ldapmain')
|
2017-01-03 11:05:47 -05:00
|
|
|
|
|
|
|
expect(person.name).to eq(name)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#email' do
|
|
|
|
it 'returns the value of mail, if present' do
|
|
|
|
mail = 'john@example.com'
|
|
|
|
entry['mail'] = mail
|
2017-05-01 11:13:33 -04:00
|
|
|
person = described_class.new(entry, 'ldapmain')
|
2017-01-03 11:05:47 -05:00
|
|
|
|
2017-01-05 17:01:04 -05:00
|
|
|
expect(person.email).to eq([mail])
|
2017-01-03 11:05:47 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns the value of userPrincipalName, if mail and email are not present' do
|
|
|
|
user_principal_name = 'john.doe@example.com'
|
|
|
|
entry['userPrincipalName'] = user_principal_name
|
2017-05-01 11:13:33 -04:00
|
|
|
person = described_class.new(entry, 'ldapmain')
|
2017-01-03 11:05:47 -05:00
|
|
|
|
2017-01-05 17:01:04 -05:00
|
|
|
expect(person.email).to eq([user_principal_name])
|
2017-01-03 11:05:47 -05:00
|
|
|
end
|
|
|
|
end
|
2017-09-18 01:28:34 -04:00
|
|
|
|
2017-11-08 16:32:12 -05:00
|
|
|
describe '#username' do
|
|
|
|
context 'with default uid username attribute' do
|
|
|
|
let(:username_attribute) { 'uid' }
|
|
|
|
|
|
|
|
it 'returns the proper username value' do
|
|
|
|
attr_value = 'johndoe'
|
|
|
|
entry[username_attribute] = attr_value
|
|
|
|
person = described_class.new(entry, 'ldapmain')
|
|
|
|
|
|
|
|
expect(person.username).to eq(attr_value)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a different username attribute' do
|
|
|
|
let(:username_attribute) { 'sAMAccountName' }
|
|
|
|
|
|
|
|
it 'returns the proper username value' do
|
|
|
|
attr_value = 'johndoe'
|
|
|
|
entry[username_attribute] = attr_value
|
|
|
|
person = described_class.new(entry, 'ldapmain')
|
|
|
|
|
|
|
|
expect(person.username).to eq(attr_value)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a non-standard username attribute' do
|
|
|
|
let(:username_attribute) { 'mail' }
|
|
|
|
|
|
|
|
it 'returns the proper username value' do
|
|
|
|
attr_value = 'john.doe@example.com'
|
|
|
|
entry[username_attribute] = attr_value
|
|
|
|
person = described_class.new(entry, 'ldapmain')
|
|
|
|
|
|
|
|
expect(person.username).to eq(attr_value)
|
|
|
|
end
|
|
|
|
end
|
2018-02-05 17:35:34 -05:00
|
|
|
|
|
|
|
context 'if lowercase_usernames setting is' do
|
|
|
|
let(:username_attribute) { 'uid' }
|
|
|
|
|
|
|
|
before do
|
|
|
|
entry[username_attribute] = 'JOHN'
|
|
|
|
@person = described_class.new(entry, 'ldapmain')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'enabled the username attribute is lower cased' do
|
|
|
|
stub_ldap_config(lowercase_usernames: true)
|
|
|
|
|
|
|
|
expect(@person.username).to eq 'john'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'disabled the username attribute is not lower cased' do
|
|
|
|
stub_ldap_config(lowercase_usernames: false)
|
|
|
|
|
|
|
|
expect(@person.username).to eq 'JOHN'
|
|
|
|
end
|
|
|
|
end
|
2017-11-08 16:32:12 -05:00
|
|
|
end
|
|
|
|
|
2017-09-18 01:28:34 -04:00
|
|
|
def assert_generic_test(test_description, got, expected)
|
|
|
|
test_failure_message = "Failed test description: '#{test_description}'\n\n expected: #{expected}\n got: #{got}"
|
|
|
|
expect(got).to eq(expected), test_failure_message
|
|
|
|
end
|
2017-01-03 11:05:47 -05:00
|
|
|
end
|