resolved a couple of testing related todos
This commit is contained in:
parent
7a58086040
commit
2c4dc2951d
@ -491,12 +491,8 @@ func downstreamSubjectFromUpstreamLDAP(ldapUpstream provider.UpstreamLDAPIdentit
|
|||||||
}
|
}
|
||||||
|
|
||||||
func userDNFromAuthenticatedResponse(authenticatedResponse *authenticator.Response) string {
|
func userDNFromAuthenticatedResponse(authenticatedResponse *authenticator.Response) string {
|
||||||
// These errors shouldn't happen, but do some error checking anyway so it doesn't panic
|
// This error shouldn't happen, but do some error checking anyway so it doesn't panic
|
||||||
extra := authenticatedResponse.User.GetExtra()
|
dnSlice := authenticatedResponse.User.GetExtra()["userDN"]
|
||||||
if len(extra) == 0 {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
dnSlice := extra["userDN"]
|
|
||||||
if len(dnSlice) != 1 {
|
if len(dnSlice) != 1 {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
@ -177,20 +177,21 @@ func (p *Provider) PerformRefresh(ctx context.Context, userDN string, expectedUs
|
|||||||
|
|
||||||
conn, err := p.dial(ctx)
|
conn, err := p.dial(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
p.traceAuthFailure(t, err)
|
p.traceRefreshFailure(t, err)
|
||||||
return fmt.Errorf(`error dialing host "%s": %w`, p.c.Host, err)
|
return fmt.Errorf(`error dialing host "%s": %w`, p.c.Host, err)
|
||||||
}
|
}
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
|
|
||||||
err = conn.Bind(p.c.BindUsername, p.c.BindPassword)
|
err = conn.Bind(p.c.BindUsername, p.c.BindPassword)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
p.traceAuthFailure(t, err)
|
p.traceRefreshFailure(t, err)
|
||||||
return fmt.Errorf(`error binding as "%s" before user search: %w`, p.c.BindUsername, err)
|
return fmt.Errorf(`error binding as "%s" before user search: %w`, p.c.BindUsername, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
searchResult, err := conn.Search(search)
|
searchResult, err := conn.Search(search)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
p.traceRefreshFailure(t, err)
|
||||||
return fmt.Errorf(`error searching for user "%s": %w`, userDN, err)
|
return fmt.Errorf(`error searching for user "%s": %w`, userDN, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -765,6 +766,12 @@ func (p *Provider) traceSearchBaseDiscoveryFailure(t *trace.Trace, err error) {
|
|||||||
trace.Field{Key: "reason", Value: err.Error()})
|
trace.Field{Key: "reason", Value: err.Error()})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *Provider) traceRefreshFailure(t *trace.Trace, err error) {
|
||||||
|
t.Step("refresh failed",
|
||||||
|
trace.Field{Key: "reason", Value: err.Error()},
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
func MicrosoftUUIDFromBinary(attributeName string) func(entry *ldap.Entry) (string, error) {
|
func MicrosoftUUIDFromBinary(attributeName string) func(entry *ldap.Entry) (string, error) {
|
||||||
// validation has already been done so we can just get the attribute...
|
// validation has already been done so we can just get the attribute...
|
||||||
return func(entry *ldap.Entry) (string, error) {
|
return func(entry *ldap.Entry) (string, error) {
|
||||||
|
@ -1238,7 +1238,6 @@ func TestUpstreamRefresh(t *testing.T) {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: testUserSearchUIDAttribute,
|
Name: testUserSearchUIDAttribute,
|
||||||
Values: []string{testUserSearchResultUIDAttributeValue},
|
|
||||||
ByteValues: [][]byte{[]byte(testUserSearchResultUIDAttributeValue)},
|
ByteValues: [][]byte{[]byte(testUserSearchResultUIDAttributeValue)},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -1350,7 +1349,6 @@ func TestUpstreamRefresh(t *testing.T) {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: testUserSearchUIDAttribute,
|
Name: testUserSearchUIDAttribute,
|
||||||
Values: []string{"wrong-uid"},
|
|
||||||
ByteValues: [][]byte{[]byte("wrong-uid")},
|
ByteValues: [][]byte{[]byte("wrong-uid")},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -1398,7 +1396,7 @@ func TestUpstreamRefresh(t *testing.T) {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: testUserSearchUIDAttribute,
|
Name: testUserSearchUIDAttribute,
|
||||||
Values: []string{testUserSearchResultUIDAttributeValue},
|
ByteValues: [][]byte{[]byte(testUserSearchResultUIDAttributeValue)},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -1408,6 +1406,110 @@ func TestUpstreamRefresh(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantErr: "searching for user with original DN \"some-upstream-user-dn\" resulted in search result without DN",
|
wantErr: "searching for user with original DN \"some-upstream-user-dn\" resulted in search result without DN",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "search result has 0 values for username attribute",
|
||||||
|
providerConfig: providerConfig,
|
||||||
|
setupMocks: func(conn *mockldapconn.MockConn) {
|
||||||
|
conn.EXPECT().Bind(testBindUsername, testBindPassword).Times(1)
|
||||||
|
conn.EXPECT().Search(expectedUserSearch).Return(&ldap.SearchResult{
|
||||||
|
Entries: []*ldap.Entry{
|
||||||
|
{
|
||||||
|
DN: testUserSearchResultDNValue,
|
||||||
|
Attributes: []*ldap.EntryAttribute{
|
||||||
|
{
|
||||||
|
Name: testUserSearchUsernameAttribute,
|
||||||
|
Values: []string{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: testUserSearchUIDAttribute,
|
||||||
|
ByteValues: [][]byte{[]byte(testUserSearchResultUIDAttributeValue)},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}, nil).Times(1)
|
||||||
|
conn.EXPECT().Close().Times(1)
|
||||||
|
},
|
||||||
|
wantErr: "found 0 values for attribute \"some-upstream-username-attribute\" while searching for user \"some-upstream-user-dn\", but expected 1 result",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "search result has more than one value for username attribute",
|
||||||
|
providerConfig: providerConfig,
|
||||||
|
setupMocks: func(conn *mockldapconn.MockConn) {
|
||||||
|
conn.EXPECT().Bind(testBindUsername, testBindPassword).Times(1)
|
||||||
|
conn.EXPECT().Search(expectedUserSearch).Return(&ldap.SearchResult{
|
||||||
|
Entries: []*ldap.Entry{
|
||||||
|
{
|
||||||
|
DN: testUserSearchResultDNValue,
|
||||||
|
Attributes: []*ldap.EntryAttribute{
|
||||||
|
{
|
||||||
|
Name: testUserSearchUsernameAttribute,
|
||||||
|
Values: []string{testUserSearchResultUsernameAttributeValue, "something-else"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: testUserSearchUIDAttribute,
|
||||||
|
ByteValues: [][]byte{[]byte(testUserSearchResultUIDAttributeValue)},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}, nil).Times(1)
|
||||||
|
conn.EXPECT().Close().Times(1)
|
||||||
|
},
|
||||||
|
wantErr: "found 2 values for attribute \"some-upstream-username-attribute\" while searching for user \"some-upstream-user-dn\", but expected 1 result",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "search result has 0 values for uid attribute",
|
||||||
|
providerConfig: providerConfig,
|
||||||
|
setupMocks: func(conn *mockldapconn.MockConn) {
|
||||||
|
conn.EXPECT().Bind(testBindUsername, testBindPassword).Times(1)
|
||||||
|
conn.EXPECT().Search(expectedUserSearch).Return(&ldap.SearchResult{
|
||||||
|
Entries: []*ldap.Entry{
|
||||||
|
{
|
||||||
|
DN: testUserSearchResultDNValue,
|
||||||
|
Attributes: []*ldap.EntryAttribute{
|
||||||
|
{
|
||||||
|
Name: testUserSearchUsernameAttribute,
|
||||||
|
Values: []string{testUserSearchResultUsernameAttributeValue},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: testUserSearchUIDAttribute,
|
||||||
|
ByteValues: [][]byte{},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}, nil).Times(1)
|
||||||
|
conn.EXPECT().Close().Times(1)
|
||||||
|
},
|
||||||
|
wantErr: "found 0 values for attribute \"some-upstream-uid-attribute\" while searching for user \"some-upstream-user-dn\", but expected 1 result",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "search result has 2 values for uid attribute",
|
||||||
|
providerConfig: providerConfig,
|
||||||
|
setupMocks: func(conn *mockldapconn.MockConn) {
|
||||||
|
conn.EXPECT().Bind(testBindUsername, testBindPassword).Times(1)
|
||||||
|
conn.EXPECT().Search(expectedUserSearch).Return(&ldap.SearchResult{
|
||||||
|
Entries: []*ldap.Entry{
|
||||||
|
{
|
||||||
|
DN: testUserSearchResultDNValue,
|
||||||
|
Attributes: []*ldap.EntryAttribute{
|
||||||
|
{
|
||||||
|
Name: testUserSearchUsernameAttribute,
|
||||||
|
Values: []string{testUserSearchResultUsernameAttributeValue},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: testUserSearchUIDAttribute,
|
||||||
|
ByteValues: [][]byte{[]byte(testUserSearchResultUIDAttributeValue), []byte("other-uid-value")},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}, nil).Times(1)
|
||||||
|
conn.EXPECT().Close().Times(1)
|
||||||
|
},
|
||||||
|
wantErr: "found 2 values for attribute \"some-upstream-uid-attribute\" while searching for user \"some-upstream-user-dn\", but expected 1 result",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
|
Loading…
Reference in New Issue
Block a user