From fe345e5746ff6f785ea7bb2aad8b07b4f92a889a Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Mon, 11 Mar 2019 20:49:20 +0100 Subject: [PATCH] tests: improve ldap tests with non ASCII characters in uid (#31273) --- tests/test_ldap.py | 80 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 61 insertions(+), 19 deletions(-) diff --git a/tests/test_ldap.py b/tests/test_ldap.py index de8740345..733965e57 100644 --- a/tests/test_ldap.py +++ b/tests/test_ldap.py @@ -26,9 +26,11 @@ from ldap.dn import escape_dn_chars from ldaptools.slapd import Slapd, has_slapd from django.contrib.auth import get_user_model, authenticate from django.core.exceptions import ImproperlyConfigured +from django.core import management from django.core import mail from django.utils.encoding import force_text from django.utils import timezone +from django.utils.six.moves.urllib import parse as urlparse from authentic2.a2_rbac.utils import get_default_ou from django_rbac.utils import get_ou_model @@ -88,11 +90,11 @@ objectClass: groupOfNames member: {dn} '''.format(dn=DN, uid=UID, password=PASS)) - for i in range(100): - slapd.add_ldif('''dn: uid=michu{i},o=ôrga + for i in range(5): + slapd.add_ldif('''dn: uid=mïchu{i},o=ôrga objectClass: inetOrgPerson userPassword: {password} -uid: michu{i} +uid: mïchu{i} cn: Étienne Michu sn: Michu gn: Étienne @@ -105,8 +107,6 @@ gidNumber: 10 objectClass: posixGroup memberUid: {uid} '''.format(uid=UID) - for i in range(100): - group_ldif += 'memberUid: michu{i}\n'.format(i=i) group_ldif += '\n\n' slapd.add_ldif(group_ldif) return slapd @@ -381,6 +381,7 @@ def test_group_staff(slapd, settings, client, db): def test_get_users(slapd, settings, db): import django.db.models.base from types import MethodType + from django.contrib.auth.models import Group settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], @@ -398,13 +399,16 @@ def test_get_users(slapd, settings, db): django.db.models.query.QuerySet.bulk_create = MethodType(bulk_create, None, django.db.models.query.QuerySet) + assert Group.objects.count() == 0 # Provision all users and their groups assert User.objects.count() == 0 users = list(ldap_backend.LDAPBackend.get_users()) - assert len(users) == 101 - assert User.objects.count() == 101 - assert bulk_create.call_count == 101 - assert save.call_count == 303 + assert len(users) == 6 + assert User.objects.count() == 6 + assert bulk_create.call_count == 1 + assert save.call_count == 18 + assert Group.objects.count() == 1 + assert Group.objects.get().user_set.count() == 1 # Check that if nothing changed no save() is made save.reset_mock() @@ -416,11 +420,11 @@ def test_get_users(slapd, settings, db): # Check that if we delete 1 user, only this user is created save.reset_mock() bulk_create.reset_mock() - User.objects.last().delete() - assert User.objects.count() == 100 + User.objects.filter(username='etienne.michu@ldap').delete() + assert User.objects.count() == 5 users = list(ldap_backend.LDAPBackend.get_users()) - assert len(users) == 101 - assert User.objects.count() == 101 + assert len(users) == 6 + assert User.objects.count() == 6 assert save.call_count == 3 assert bulk_create.call_count == 1 @@ -431,8 +435,8 @@ def test_get_users(slapd, settings, db): save.reset_mock() bulk_create.reset_mock() users = list(ldap_backend.LDAPBackend.get_users()) - assert len(users) == 101 - assert User.objects.count() == 101 + assert len(users) == 6 + assert User.objects.count() == 6 assert save.call_count == 0 assert bulk_create.call_count == 0 @@ -446,9 +450,9 @@ def test_get_users(slapd, settings, db): user = ldap_backend.LDAPUser.objects.get(username='%s@ldap' % UID) user.last_login = timezone.now() user.save() - assert ldap_backend.LDAPUser.objects.count() == 102 + assert ldap_backend.LDAPUser.objects.count() == 7 users = list(ldap_backend.LDAPBackend.get_users()) - assert len(users) == 101 + assert len(users) == 6 assert ldap_backend.LDAPUser.objects.filter(username='%s' % UID.capitalize()).count() == 0 @@ -694,11 +698,11 @@ def test_user_attributes(slapd, settings, client, db): client.post('/login/', { 'login-password-submit': '1', - 'username': 'michu%s' % i, + 'username': u'mïchu%s' % i, 'password': PASS, }, follow=True) - username = u'michu%s@ldap' % i + username = u'mïchu%s@ldap' % i user = User.objects.get(username=username) assert user.attributes.locality == u'locality%s' % i client.session.flush() @@ -774,3 +778,41 @@ def test_ou_selector_default_ou(slapd, settings, app, ou1): response.form.set('ou', str(get_default_ou().pk)) response = response.form.submit(name='login-password-submit').follow() assert '_auth_user_id' in app.session + + +def test_sync_ldap_users(slapd, settings, app, db): + settings.LDAP_AUTH_SETTINGS = [{ + 'url': [slapd.ldap_url], + 'basedn': u'o=ôrga', + 'use_tls': False, + 'user_attributes': [ + { + 'from_ldap': 'l', + 'to_user': 'locality', + }, + ] + }] + + # create a locality attribute + models.Attribute.objects.create( + label='locality', + name='locality', + kind='string', + required=False, + user_visible=True, + user_editable=False, + asked_on_registration=False, + multiple=False) + + assert User.objects.count() == 0 + management.call_command('sync-ldap-users') + assert User.objects.count() == 6 + assert all(user.first_name == u'Étienne' for user in User.objects.all()) + assert all(user.attributes.first_name == u'Étienne' for user in User.objects.all()) + assert all(user.last_name == u'Michu' for user in User.objects.all()) + assert all(user.attributes.last_name == u'Michu' for user in User.objects.all()) + assert all(user.attributes.locality == u'Paris' or user.attributes.locality.startswith('locality') + for user in User.objects.all()) + assert all([user.userexternalid_set.first().external_id + == urlparse.quote(user.username.split('@')[0].encode('utf-8')) + for user in User.objects.all()])