2019-07-25 01:21:37 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2014-05-14 12:11:14 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 05:08:32 -04:00
|
|
|
RSpec.describe Gitlab::Auth::Ldap::Adapter do
|
2016-09-02 06:52:13 -04:00
|
|
|
include LdapHelpers
|
|
|
|
|
|
|
|
let(:ldap) { double(:ldap) }
|
|
|
|
let(:adapter) { ldap_adapter('ldapmain', ldap) }
|
|
|
|
|
|
|
|
describe '#users' do
|
|
|
|
before do
|
|
|
|
stub_ldap_config(base: 'dc=example,dc=com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'searches with the proper options when searching by uid' do
|
|
|
|
# Requires this expectation style to match the filter
|
|
|
|
expect(adapter).to receive(:ldap_search) do |arg|
|
|
|
|
expect(arg[:filter].to_s).to eq('(uid=johndoe)')
|
|
|
|
expect(arg[:base]).to eq('dc=example,dc=com')
|
2017-11-08 16:32:12 -05:00
|
|
|
expect(arg[:attributes]).to match(ldap_attributes)
|
2016-09-02 06:52:13 -04:00
|
|
|
end.and_return({})
|
|
|
|
|
|
|
|
adapter.users('uid', 'johndoe')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'searches with the proper options when searching by dn' do
|
|
|
|
expect(adapter).to receive(:ldap_search).with(
|
|
|
|
base: 'uid=johndoe,ou=users,dc=example,dc=com',
|
|
|
|
scope: Net::LDAP::SearchScope_BaseObject,
|
2017-11-08 16:32:12 -05:00
|
|
|
attributes: ldap_attributes,
|
2016-09-02 06:52:13 -04:00
|
|
|
filter: nil
|
|
|
|
).and_return({})
|
|
|
|
|
|
|
|
adapter.users('dn', 'uid=johndoe,ou=users,dc=example,dc=com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'searches with the proper options when searching with a limit' do
|
|
|
|
expect(adapter)
|
|
|
|
.to receive(:ldap_search).with(hash_including(size: 100)).and_return({})
|
|
|
|
|
|
|
|
adapter.users('uid', 'johndoe', 100)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns an LDAP::Person if search returns a result' do
|
|
|
|
entry = ldap_user_entry('johndoe')
|
|
|
|
allow(adapter).to receive(:ldap_search).and_return([entry])
|
|
|
|
|
|
|
|
results = adapter.users('uid', 'johndoe')
|
|
|
|
|
|
|
|
expect(results.size).to eq(1)
|
|
|
|
expect(results.first.uid).to eq('johndoe')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns empty array if search entry does not respond to uid' do
|
|
|
|
entry = Net::LDAP::Entry.new
|
|
|
|
entry['dn'] = user_dn('johndoe')
|
|
|
|
allow(adapter).to receive(:ldap_search).and_return([entry])
|
|
|
|
|
|
|
|
results = adapter.users('uid', 'johndoe')
|
|
|
|
|
|
|
|
expect(results).to be_empty
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'uses the right uid attribute when non-default' do
|
|
|
|
stub_ldap_config(uid: 'sAMAccountName')
|
|
|
|
expect(adapter).to receive(:ldap_search).with(
|
2017-11-08 16:32:12 -05:00
|
|
|
hash_including(attributes: ldap_attributes)
|
2016-09-02 06:52:13 -04:00
|
|
|
).and_return({})
|
|
|
|
|
|
|
|
adapter.users('sAMAccountName', 'johndoe')
|
|
|
|
end
|
|
|
|
end
|
2014-05-14 12:11:14 -04:00
|
|
|
|
2015-05-21 17:49:06 -04:00
|
|
|
describe '#dn_matches_filter?' do
|
2014-05-14 12:11:14 -04:00
|
|
|
subject { adapter.dn_matches_filter?(:dn, :filter) }
|
|
|
|
|
2016-08-30 07:21:33 -04:00
|
|
|
context "when the search result is non-empty" do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
allow(adapter).to receive(:ldap_search).and_return([:foo])
|
|
|
|
end
|
2016-08-30 07:21:33 -04:00
|
|
|
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the search result is empty" do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
allow(adapter).to receive(:ldap_search).and_return([])
|
|
|
|
end
|
2016-08-30 07:21:33 -04:00
|
|
|
|
|
|
|
it { is_expected.to be_falsey }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#ldap_search' do
|
|
|
|
subject { adapter.ldap_search(base: :dn, filter: :filter) }
|
|
|
|
|
2014-05-14 12:11:14 -04:00
|
|
|
context "when the search is successful" do
|
|
|
|
context "and the result is non-empty" do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
allow(ldap).to receive(:search).and_return([:foo])
|
|
|
|
end
|
2014-05-14 12:11:14 -04:00
|
|
|
|
2016-08-30 07:21:33 -04:00
|
|
|
it { is_expected.to eq [:foo] }
|
2014-05-14 12:11:14 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context "and the result is empty" do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
allow(ldap).to receive(:search).and_return([])
|
|
|
|
end
|
2014-05-14 12:11:14 -04:00
|
|
|
|
2016-08-30 07:21:33 -04:00
|
|
|
it { is_expected.to eq [] }
|
2014-05-14 12:11:14 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the search encounters an error" do
|
2015-05-21 17:49:06 -04:00
|
|
|
before do
|
|
|
|
allow(ldap).to receive_messages(
|
|
|
|
search: nil,
|
|
|
|
get_operation_result: double(code: 1, message: 'some error')
|
|
|
|
)
|
|
|
|
end
|
2014-05-14 12:11:14 -04:00
|
|
|
|
2016-08-30 07:21:33 -04:00
|
|
|
it { is_expected.to eq [] }
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the search raises an LDAP exception" do
|
|
|
|
before do
|
2018-04-04 05:07:28 -04:00
|
|
|
allow(adapter).to receive(:renew_connection_adapter).and_return(ldap)
|
2016-08-30 07:21:33 -04:00
|
|
|
allow(ldap).to receive(:search) { raise Net::LDAP::Error, "some error" }
|
2020-09-11 08:08:50 -04:00
|
|
|
allow(Gitlab::AppLogger).to receive(:warn)
|
2016-08-30 07:21:33 -04:00
|
|
|
end
|
|
|
|
|
2018-04-04 05:07:28 -04:00
|
|
|
context 'retries the operation' do
|
|
|
|
before do
|
|
|
|
stub_const("#{described_class}::MAX_SEARCH_RETRIES", 3)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'as many times as MAX_SEARCH_RETRIES' do
|
|
|
|
expect(ldap).to receive(:search).exactly(3).times
|
2020-03-12 11:09:39 -04:00
|
|
|
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
|
2018-04-04 05:07:28 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when no more retries' do
|
|
|
|
before do
|
|
|
|
stub_const("#{described_class}::MAX_SEARCH_RETRIES", 1)
|
|
|
|
end
|
2016-08-30 07:21:33 -04:00
|
|
|
|
2018-04-04 05:07:28 -04:00
|
|
|
it 'raises the exception' do
|
2020-03-12 11:09:39 -04:00
|
|
|
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
|
2018-04-04 05:07:28 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'logs the error' do
|
2020-03-12 11:09:39 -04:00
|
|
|
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
|
2020-09-11 08:08:50 -04:00
|
|
|
expect(Gitlab::AppLogger).to have_received(:warn).with(
|
2018-04-04 05:07:28 -04:00
|
|
|
"LDAP search raised exception Net::LDAP::Error: some error")
|
|
|
|
end
|
|
|
|
end
|
2016-08-30 07:21:33 -04:00
|
|
|
end
|
2014-05-14 12:11:14 -04:00
|
|
|
end
|
|
|
|
end
|
2017-11-08 16:32:12 -05:00
|
|
|
|
|
|
|
def ldap_attributes
|
2020-03-12 11:09:39 -04:00
|
|
|
Gitlab::Auth::Ldap::Person.ldap_attributes(Gitlab::Auth::Ldap::Config.new('ldapmain'))
|
2017-11-08 16:32:12 -05:00
|
|
|
end
|
2014-05-14 12:11:14 -04:00
|
|
|
end
|