|
2 | 2 | from mock import patch, MagicMock, Mock |
3 | 3 | from django.test import RequestFactory |
4 | 4 |
|
5 | | -import pytest |
6 | | - |
7 | | -import nav.web.auth.ldap |
8 | 5 | from nav.web import auth |
9 | 6 | from nav.web.auth import remote_user |
10 | 7 | from nav.web.auth.utils import ACCOUNT_ID_VAR |
@@ -176,173 +173,3 @@ def test_remote_user_set(self): |
176 | 173 | assert ( |
177 | 174 | request.session.get(ACCOUNT_ID_VAR, None) == REMOTE_USER_ACCOUNT.id |
178 | 175 | ) |
179 | | - |
180 | | - |
181 | | -class TestLdapUser(object): |
182 | | - @patch.dict( |
183 | | - "nav.web.auth.ldap._config._sections", |
184 | | - { |
185 | | - 'ldap': { |
186 | | - '__name__': 'ldap', |
187 | | - 'basedn': 'empty', |
188 | | - 'manager': 'empty', |
189 | | - 'manager_password': 'empty', |
190 | | - 'uid_attr': 'sAMAccountName', |
191 | | - 'encoding': 'utf-8', |
192 | | - }, |
193 | | - }, |
194 | | - ) |
195 | | - def test_search_result_with_referrals_should_be_considered_empty(self): |
196 | | - """LP#1207737""" |
197 | | - conn = Mock( |
198 | | - **{ |
199 | | - 'search_s.return_value': [ |
200 | | - (None, "restaurant"), |
201 | | - (None, "at the end of the universe"), |
202 | | - ] |
203 | | - } |
204 | | - ) |
205 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", conn) |
206 | | - with pytest.raises(nav.web.auth.ldap.UserNotFound): |
207 | | - u.search_dn() |
208 | | - |
209 | | - @patch.dict( |
210 | | - "nav.web.auth.ldap._config._sections", |
211 | | - { |
212 | | - 'ldap': { |
213 | | - '__name__': 'ldap', |
214 | | - 'basedn': 'empty', |
215 | | - 'lookupmethod': 'direct', |
216 | | - 'uid_attr': 'uid', |
217 | | - 'encoding': 'utf-8', |
218 | | - 'suffix': '', |
219 | | - } |
220 | | - }, |
221 | | - ) |
222 | | - def test_non_ascii_password_should_work(self): |
223 | | - """LP#1213818""" |
224 | | - conn = Mock( |
225 | | - **{ |
226 | | - 'simple_bind_s.side_effect': lambda x, y: ( |
227 | | - str(x), |
228 | | - str(y), |
229 | | - ), |
230 | | - } |
231 | | - ) |
232 | | - u = nav.web.auth.ldap.LDAPUser(u"zaphod", conn) |
233 | | - u.bind(u"æøå") |
234 | | - |
235 | | - @patch.dict( |
236 | | - "nav.web.auth.ldap._config._sections", |
237 | | - { |
238 | | - 'ldap': { |
239 | | - '__name__': 'ldap', |
240 | | - 'basedn': 'cn=users,dc=example,dc=org', |
241 | | - 'lookupmethod': 'direct', |
242 | | - 'uid_attr': 'uid', |
243 | | - 'encoding': 'utf-8', |
244 | | - 'group_search': '(member=%%s)', |
245 | | - }, |
246 | | - }, |
247 | | - ) |
248 | | - def test_is_group_member_for_non_ascii_user_should_not_raise(self): |
249 | | - """LP#1301794""" |
250 | | - |
251 | | - def fake_search(base, scope, filtr): |
252 | | - str(base) |
253 | | - str(filtr) |
254 | | - return [] |
255 | | - |
256 | | - conn = Mock( |
257 | | - **{ |
258 | | - 'search_s.side_effect': fake_search, |
259 | | - } |
260 | | - ) |
261 | | - u = nav.web.auth.ldap.LDAPUser(u"Ægir", conn) |
262 | | - u.is_group_member('cn=noc-operators,cn=groups,dc=example,dc=com') |
263 | | - |
264 | | - |
265 | | -@patch.dict( |
266 | | - "nav.web.auth.ldap._config._sections", |
267 | | - { |
268 | | - 'ldap': { |
269 | | - '__name__': 'ldap', |
270 | | - 'basedn': 'cn=users,dc=example,dc=org', |
271 | | - 'lookupmethod': 'direct', |
272 | | - 'uid_attr': 'uid', |
273 | | - 'encoding': 'utf-8', |
274 | | - 'require_entitlement': 'president', |
275 | | - 'admin_entitlement': 'boss', |
276 | | - 'entitlement_attribute': 'eduPersonEntitlement', |
277 | | - }, |
278 | | - }, |
279 | | -) |
280 | | -class TestLdapEntitlements(object): |
281 | | - def test_required_entitlement_should_be_verified(self, user_zaphod): |
282 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod) |
283 | | - assert u.has_entitlement('president') |
284 | | - |
285 | | - def test_missing_entitlement_should_not_be_verified(self, user_marvin): |
286 | | - u = nav.web.auth.ldap.LDAPUser("marvin", user_marvin) |
287 | | - assert not u.has_entitlement('president') |
288 | | - |
289 | | - def test_admin_entitlement_should_be_verified(self, user_zaphod): |
290 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod) |
291 | | - assert u.is_admin() |
292 | | - |
293 | | - def test_missing_admin_entitlement_should_be_verified(self, user_marvin): |
294 | | - u = nav.web.auth.ldap.LDAPUser("marvin", user_marvin) |
295 | | - assert not u.is_admin() |
296 | | - |
297 | | - |
298 | | -@patch.dict( |
299 | | - "nav.web.auth.ldap._config._sections", |
300 | | - { |
301 | | - 'ldap': { |
302 | | - '__name__': 'ldap', |
303 | | - 'basedn': 'cn=users,dc=example,dc=org', |
304 | | - 'lookupmethod': 'direct', |
305 | | - 'uid_attr': 'uid', |
306 | | - 'encoding': 'utf-8', |
307 | | - 'require_entitlement': 'president', |
308 | | - 'admin_entitlement': '', |
309 | | - 'entitlement_attribute': 'eduPersonEntitlement', |
310 | | - }, |
311 | | - }, |
312 | | -) |
313 | | -def test_no_admin_entitlement_option_should_make_no_admin_decision(user_zaphod): |
314 | | - u = nav.web.auth.ldap.LDAPUser("zaphod", user_zaphod) |
315 | | - assert u.is_admin() is None |
316 | | - |
317 | | - |
318 | | -# |
319 | | -# Pytest fixtures |
320 | | -# |
321 | | - |
322 | | - |
323 | | -@pytest.fixture |
324 | | -def user_zaphod(): |
325 | | - return Mock( |
326 | | - **{ |
327 | | - 'search_s.return_value': [ |
328 | | - ( |
329 | | - u'uid=zaphod,cn=users,dc=example,dc=org', |
330 | | - {u'eduPersonEntitlement': [b'president', b'boss']}, |
331 | | - ) |
332 | | - ] |
333 | | - } |
334 | | - ) |
335 | | - |
336 | | - |
337 | | -@pytest.fixture |
338 | | -def user_marvin(): |
339 | | - return Mock( |
340 | | - **{ |
341 | | - 'search_s.return_value': [ |
342 | | - ( |
343 | | - u'uid=marvin,cn=users,dc=example,dc=org', |
344 | | - {u'eduPersonEntitlement': [b'paranoid']}, |
345 | | - ) |
346 | | - ] |
347 | | - } |
348 | | - ) |
0 commit comments