|
2 | 2 | from mock import patch, MagicMock, Mock |
3 | 3 | from django.test import RequestFactory |
4 | 4 |
|
5 | | -import pytest |
6 | | - |
7 | | -import nav.web.auth.ldap |
8 | 5 | from nav.web import auth |
9 | 6 | from nav.web.auth import remote_user |
10 | 7 | from nav.web.auth.utils import ACCOUNT_ID_VAR |
@@ -168,173 +165,3 @@ def test_remote_user_set(self, fake_session): |
168 | 165 | assert ( |
169 | 166 | request.session.get(ACCOUNT_ID_VAR, None) == REMOTE_USER_ACCOUNT.id |
170 | 167 | ) |
171 | | - |
172 | | - |
173 | | -class TestLdapUser(object): |
174 | | - @patch.dict( |
175 | | - "nav.web.auth.ldap._config._sections", |
176 | | - { |
177 | | - 'ldap': { |
178 | | - '__name__': 'ldap', |
179 | | - 'basedn': 'empty', |
180 | | - 'manager': 'empty', |
181 | | - 'manager_password': 'empty', |
182 | | - 'uid_attr': 'sAMAccountName', |
183 | | - 'encoding': 'utf-8', |
184 | | - }, |
185 | | - }, |
186 | | - ) |
187 | | - def test_search_result_with_referrals_should_be_considered_empty(self): |
188 | | - """LP#1207737""" |
189 | | - conn = Mock( |
190 | | - **{ |
191 | | - 'search_s.return_value': [ |
192 | | - (None, "restaurant"), |
193 | | - (None, "at the end of the universe"), |
194 | | - ] |
195 | | - } |
196 | | - ) |
197 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", conn) |
198 | | - with pytest.raises(nav.web.auth.ldap.UserNotFound): |
199 | | - u.search_dn() |
200 | | - |
201 | | - @patch.dict( |
202 | | - "nav.web.auth.ldap._config._sections", |
203 | | - { |
204 | | - 'ldap': { |
205 | | - '__name__': 'ldap', |
206 | | - 'basedn': 'empty', |
207 | | - 'lookupmethod': 'direct', |
208 | | - 'uid_attr': 'uid', |
209 | | - 'encoding': 'utf-8', |
210 | | - 'suffix': '', |
211 | | - } |
212 | | - }, |
213 | | - ) |
214 | | - def test_non_ascii_password_should_work(self): |
215 | | - """LP#1213818""" |
216 | | - conn = Mock( |
217 | | - **{ |
218 | | - 'simple_bind_s.side_effect': lambda x, y: ( |
219 | | - str(x), |
220 | | - str(y), |
221 | | - ), |
222 | | - } |
223 | | - ) |
224 | | - u = nav.web.auth.ldap.LDAPUser(u"zaphod", conn) |
225 | | - u.bind(u"æøå") |
226 | | - |
227 | | - @patch.dict( |
228 | | - "nav.web.auth.ldap._config._sections", |
229 | | - { |
230 | | - 'ldap': { |
231 | | - '__name__': 'ldap', |
232 | | - 'basedn': 'cn=users,dc=example,dc=org', |
233 | | - 'lookupmethod': 'direct', |
234 | | - 'uid_attr': 'uid', |
235 | | - 'encoding': 'utf-8', |
236 | | - 'group_search': '(member=%%s)', |
237 | | - }, |
238 | | - }, |
239 | | - ) |
240 | | - def test_is_group_member_for_non_ascii_user_should_not_raise(self): |
241 | | - """LP#1301794""" |
242 | | - |
243 | | - def fake_search(base, scope, filtr): |
244 | | - str(base) |
245 | | - str(filtr) |
246 | | - return [] |
247 | | - |
248 | | - conn = Mock( |
249 | | - **{ |
250 | | - 'search_s.side_effect': fake_search, |
251 | | - } |
252 | | - ) |
253 | | - u = nav.web.auth.ldap.LDAPUser(u"Ægir", conn) |
254 | | - u.is_group_member('cn=noc-operators,cn=groups,dc=example,dc=com') |
255 | | - |
256 | | - |
257 | | -@patch.dict( |
258 | | - "nav.web.auth.ldap._config._sections", |
259 | | - { |
260 | | - 'ldap': { |
261 | | - '__name__': 'ldap', |
262 | | - 'basedn': 'cn=users,dc=example,dc=org', |
263 | | - 'lookupmethod': 'direct', |
264 | | - 'uid_attr': 'uid', |
265 | | - 'encoding': 'utf-8', |
266 | | - 'require_entitlement': 'president', |
267 | | - 'admin_entitlement': 'boss', |
268 | | - 'entitlement_attribute': 'eduPersonEntitlement', |
269 | | - }, |
270 | | - }, |
271 | | -) |
272 | | -class TestLdapEntitlements(object): |
273 | | - def test_required_entitlement_should_be_verified(self, user_zaphod): |
274 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod) |
275 | | - assert u.has_entitlement('president') |
276 | | - |
277 | | - def test_missing_entitlement_should_not_be_verified(self, user_marvin): |
278 | | - u = nav.web.auth.ldap.LDAPUser("marvin", user_marvin) |
279 | | - assert not u.has_entitlement('president') |
280 | | - |
281 | | - def test_admin_entitlement_should_be_verified(self, user_zaphod): |
282 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod) |
283 | | - assert u.is_admin() |
284 | | - |
285 | | - def test_missing_admin_entitlement_should_be_verified(self, user_marvin): |
286 | | - u = nav.web.auth.ldap.LDAPUser("marvin", user_marvin) |
287 | | - assert not u.is_admin() |
288 | | - |
289 | | - |
290 | | -@patch.dict( |
291 | | - "nav.web.auth.ldap._config._sections", |
292 | | - { |
293 | | - 'ldap': { |
294 | | - '__name__': 'ldap', |
295 | | - 'basedn': 'cn=users,dc=example,dc=org', |
296 | | - 'lookupmethod': 'direct', |
297 | | - 'uid_attr': 'uid', |
298 | | - 'encoding': 'utf-8', |
299 | | - 'require_entitlement': 'president', |
300 | | - 'admin_entitlement': '', |
301 | | - 'entitlement_attribute': 'eduPersonEntitlement', |
302 | | - }, |
303 | | - }, |
304 | | -) |
305 | | -def test_no_admin_entitlement_option_should_make_no_admin_decision(user_zaphod): |
306 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod) |
307 | | - assert u.is_admin() is None |
308 | | - |
309 | | - |
310 | | -# |
311 | | -# Pytest fixtures |
312 | | -# |
313 | | - |
314 | | - |
315 | | -@pytest.fixture |
316 | | -def user_zaphod(): |
317 | | - return Mock( |
318 | | - **{ |
319 | | - 'search_s.return_value': [ |
320 | | - ( |
321 | | - u'uid=zaphod,cn=users,dc=example,dc=org', |
322 | | - {u'eduPersonEntitlement': [b'president', b'boss']}, |
323 | | - ) |
324 | | - ] |
325 | | - } |
326 | | - ) |
327 | | - |
328 | | - |
329 | | -@pytest.fixture |
330 | | -def user_marvin(): |
331 | | - return Mock( |
332 | | - **{ |
333 | | - 'search_s.return_value': [ |
334 | | - ( |
335 | | - u'uid=marvin,cn=users,dc=example,dc=org', |
336 | | - {u'eduPersonEntitlement': [b'paranoid']}, |
337 | | - ) |
338 | | - ] |
339 | | - } |
340 | | - ) |
0 commit comments