Skip to content
Snippets Groups Projects

Support Webauthn

Merged Support Webauthn
webauthn into master
Merged ale requested to merge webauthn into master
Viewing commit cd352f52
Prev Next
Show latest version
3 files
+ 110
76
Compare changes
  • Side-by-side
  • Inline
Files
3
backend/ldap/model_test.go
+ 48
53
@@ -15,35 +15,32 @@ import (
@@ -15,35 +15,32 @@ import (
)
)
const (
const (
testLDAPPort = 42871
testUser1 = "uno@investici.org"
testLDAPAddr = "ldap://127.0.0.1:42871"
testUser2 = "due@investici.org" // has encryption keys
testUser1 = "uno@investici.org"
testUser3 = "tre@investici.org" // has OTP
testUser2 = "due@investici.org" // has encryption keys
testUser4 = "quattro@investici.org" // has mailing lists
testUser3 = "tre@investici.org" // has OTP
testBaseDN = "dc=example,dc=com"
testUser4 = "quattro@investici.org" // has mailing lists
testBaseDN = "dc=example,dc=com"
)
)
func startServerAndGetUser(t testing.TB) (func(), as.Backend, *as.RawUser) {
func startServerAndGetUser(t testing.TB) (*ldaptest.TestLDAPServer, as.Backend, *as.RawUser) {
return startServerAndGetUserWithName(t, testUser1)
return startServerAndGetUserWithName(t, testUser1)
}
}
func startServerAndGetUser2(t testing.TB) (func(), as.Backend, *as.RawUser) {
func startServerAndGetUser2(t testing.TB) (*ldaptest.TestLDAPServer, as.Backend, *as.RawUser) {
return startServerAndGetUserWithName(t, testUser2)
return startServerAndGetUserWithName(t, testUser2)
}
}
func startServerAndGetUser3(t testing.TB) (func(), as.Backend, *as.RawUser) {
func startServerAndGetUser3(t testing.TB) (*ldaptest.TestLDAPServer, as.Backend, *as.RawUser) {
return startServerAndGetUserWithName(t, testUser3)
return startServerAndGetUserWithName(t, testUser3)
}
}
func startServerAndGetUser4(t testing.TB) (func(), as.Backend, *as.RawUser) {
func startServerAndGetUser4(t testing.TB) (*ldaptest.TestLDAPServer, as.Backend, *as.RawUser) {
return startServerAndGetUserWithName(t, testUser4)
return startServerAndGetUserWithName(t, testUser4)
}
}
func startServer(t testing.TB) (func(), as.Backend) {
func startServer(t testing.TB) (*ldaptest.TestLDAPServer, as.Backend) {
stop := ldaptest.StartServer(t, &ldaptest.Config{
srv := ldaptest.StartServer(t, &ldaptest.Config{
Dir: "../../ldaptest",
Dir: "../../ldaptest",
Port: testLDAPPort,
Base: "dc=example,dc=com",
Base: "dc=example,dc=com",
LDIFs: []string{
LDIFs: []string{
"testdata/base.ldif",
"testdata/base.ldif",
@@ -54,16 +51,16 @@ func startServer(t testing.TB) (func(), as.Backend) {
@@ -54,16 +51,16 @@ func startServer(t testing.TB) (func(), as.Backend) {
},
},
})
})
b, err := NewLDAPBackend(testLDAPAddr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
b, err := NewLDAPBackend(srv.Addr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
if err != nil {
if err != nil {
t.Fatal("NewLDAPBackend", err)
t.Fatal("NewLDAPBackend", err)
}
}
return stop, b
return srv, b
}
}
func startServerAndGetUserWithName(t testing.TB, username string) (func(), as.Backend, *as.RawUser) {
func startServerAndGetUserWithName(t testing.TB, username string) (*ldaptest.TestLDAPServer, as.Backend, *as.RawUser) {
stop, b := startServer(t)
srv, b := startServer(t)
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
user, err := tx.GetUser(context.Background(), username)
user, err := tx.GetUser(context.Background(), username)
@@ -74,12 +71,12 @@ func startServerAndGetUserWithName(t testing.TB, username string) (func(), as.Ba
@@ -74,12 +71,12 @@ func startServerAndGetUserWithName(t testing.TB, username string) (func(), as.Ba
t.Fatalf("could not find test user %s", username)
t.Fatalf("could not find test user %s", username)
}
}
return stop, b, user
return srv, b, user
}
}
func TestModel_GetUser_NotFound(t *testing.T) {
func TestModel_GetUser_NotFound(t *testing.T) {
stop, b := startServer(t)
srv, b := startServer(t)
defer stop()
defer srv.Close()
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
user, err := tx.GetUser(context.Background(), "wrong_user")
user, err := tx.GetUser(context.Background(), "wrong_user")
@@ -92,8 +89,8 @@ func TestModel_GetUser_NotFound(t *testing.T) {
@@ -92,8 +89,8 @@ func TestModel_GetUser_NotFound(t *testing.T) {
}
}
func TestModel_GetUser(t *testing.T) {
func TestModel_GetUser(t *testing.T) {
stop, _, user := startServerAndGetUser(t)
srv, _, user := startServerAndGetUser(t)
defer stop()
defer srv.Close()
if user.Name != testUser1 {
if user.Name != testUser1 {
t.Errorf("bad username: expected %s, got %s", testUser1, user.Name)
t.Errorf("bad username: expected %s, got %s", testUser1, user.Name)
@@ -127,8 +124,8 @@ func TestModel_GetUser(t *testing.T) {
@@ -127,8 +124,8 @@ func TestModel_GetUser(t *testing.T) {
}
}
func TestModel_GetUser_HasEncryptionKeys(t *testing.T) {
func TestModel_GetUser_HasEncryptionKeys(t *testing.T) {
stop, _, user := startServerAndGetUser2(t)
srv, _, user := startServerAndGetUser2(t)
defer stop()
defer srv.Close()
if !user.HasEncryptionKeys {
if !user.HasEncryptionKeys {
t.Errorf("user %s does not appear to have encryption keys", user.Name)
t.Errorf("user %s does not appear to have encryption keys", user.Name)
@@ -136,8 +133,8 @@ func TestModel_GetUser_HasEncryptionKeys(t *testing.T) {
@@ -136,8 +133,8 @@ func TestModel_GetUser_HasEncryptionKeys(t *testing.T) {
}
}
func TestModel_GetUser_Has2FA(t *testing.T) {
func TestModel_GetUser_Has2FA(t *testing.T) {
stop, _, user := startServerAndGetUser3(t)
srv, _, user := startServerAndGetUser3(t)
defer stop()
defer srv.Close()
if !user.Has2FA {
if !user.Has2FA {
t.Errorf("user %s does not appear to have 2FA enabled", user.Name)
t.Errorf("user %s does not appear to have 2FA enabled", user.Name)
@@ -145,8 +142,8 @@ func TestModel_GetUser_Has2FA(t *testing.T) {
@@ -145,8 +142,8 @@ func TestModel_GetUser_Has2FA(t *testing.T) {
}
}
func TestModel_GetUser_HasU2FRegistrations(t *testing.T) {
func TestModel_GetUser_HasU2FRegistrations(t *testing.T) {
stop, _, user := startServerAndGetUser4(t)
srv, _, user := startServerAndGetUser4(t)
defer stop()
defer srv.Close()
if n := len(user.U2FRegistrations); n != 2 {
if n := len(user.U2FRegistrations); n != 2 {
t.Errorf("user %s has %d u2f registrations, expected 2", user.Name, n)
t.Errorf("user %s has %d u2f registrations, expected 2", user.Name, n)
@@ -163,8 +160,8 @@ func TestModel_GetUser_HasU2FRegistrations(t *testing.T) {
@@ -163,8 +160,8 @@ func TestModel_GetUser_HasU2FRegistrations(t *testing.T) {
}
}
func TestModel_GetUser_Resources(t *testing.T) {
func TestModel_GetUser_Resources(t *testing.T) {
stop, b, user := startServerAndGetUser(t)
srv, b, user := startServerAndGetUser(t)
defer stop()
defer srv.Close()
// Ensure that the user *has* resources.
// Ensure that the user *has* resources.
if len(user.Resources) < 1 {
if len(user.Resources) < 1 {
@@ -195,8 +192,8 @@ func TestModel_GetUser_Resources(t *testing.T) {
@@ -195,8 +192,8 @@ func TestModel_GetUser_Resources(t *testing.T) {
}
}
func TestModel_GetUser_MailingListsAndNewsletters(t *testing.T) {
func TestModel_GetUser_MailingListsAndNewsletters(t *testing.T) {
stop, _, user := startServerAndGetUser4(t)
srv, _, user := startServerAndGetUser4(t)
defer stop()
defer srv.Close()
// Ensure that the user has the expected number of list resources.
// Ensure that the user has the expected number of list resources.
// The backend should find two lists, one of which has an alias as the owner.
// The backend should find two lists, one of which has an alias as the owner.
@@ -213,8 +210,8 @@ func TestModel_GetUser_MailingListsAndNewsletters(t *testing.T) {
@@ -213,8 +210,8 @@ func TestModel_GetUser_MailingListsAndNewsletters(t *testing.T) {
}
}
func TestModel_SearchUser(t *testing.T) {
func TestModel_SearchUser(t *testing.T) {
stop, b := startServer(t)
srv, b := startServer(t)
defer stop()
defer srv.Close()
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
users, err := tx.SearchUser(context.Background(), "uno", 0)
users, err := tx.SearchUser(context.Background(), "uno", 0)
if err != nil {
if err != nil {
@@ -229,15 +226,14 @@ func TestModel_SearchUser(t *testing.T) {
@@ -229,15 +226,14 @@ func TestModel_SearchUser(t *testing.T) {
}
}
func TestModel_SetResourceStatus(t *testing.T) {
func TestModel_SetResourceStatus(t *testing.T) {
stop := ldaptest.StartServer(t, &ldaptest.Config{
srv := ldaptest.StartServer(t, &ldaptest.Config{
Dir: "../../ldaptest",
Dir: "../../ldaptest",
Port: testLDAPPort,
Base: "dc=example,dc=com",
Base: "dc=example,dc=com",
LDIFs: []string{"testdata/base.ldif", "testdata/test1.ldif"},
LDIFs: []string{"testdata/base.ldif", "testdata/test1.ldif"},
})
})
defer stop()
defer srv.Close()
b, err := NewLDAPBackend(testLDAPAddr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
b, err := NewLDAPBackend(srv.Addr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
if err != nil {
if err != nil {
t.Fatal("NewLDAPBackend", err)
t.Fatal("NewLDAPBackend", err)
}
}
@@ -262,15 +258,14 @@ func TestModel_SetResourceStatus(t *testing.T) {
@@ -262,15 +258,14 @@ func TestModel_SetResourceStatus(t *testing.T) {
}
}
func TestModel_HasAnyResource(t *testing.T) {
func TestModel_HasAnyResource(t *testing.T) {
stop := ldaptest.StartServer(t, &ldaptest.Config{
srv := ldaptest.StartServer(t, &ldaptest.Config{
Dir: "../../ldaptest",
Dir: "../../ldaptest",
Port: testLDAPPort,
Base: "dc=example,dc=com",
Base: "dc=example,dc=com",
LDIFs: []string{"testdata/base.ldif", "testdata/test1.ldif"},
LDIFs: []string{"testdata/base.ldif", "testdata/test1.ldif"},
})
})
defer stop()
defer srv.Close()
b, err := NewLDAPBackend(testLDAPAddr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
b, err := NewLDAPBackend(srv.Addr, "cn=manager,dc=example,dc=com", "password", "dc=example,dc=com")
if err != nil {
if err != nil {
t.Fatal("NewLDAPBackend", err)
t.Fatal("NewLDAPBackend", err)
}
}
@@ -302,8 +297,8 @@ func TestModel_HasAnyResource(t *testing.T) {
@@ -302,8 +297,8 @@ func TestModel_HasAnyResource(t *testing.T) {
}
}
func TestModel_SearchResource(t *testing.T) {
func TestModel_SearchResource(t *testing.T) {
stop, b := startServer(t)
srv, b := startServer(t)
defer stop()
defer srv.Close()
for _, pattern := range []string{"uno@investici.org", "uno*"} {
for _, pattern := range []string{"uno@investici.org", "uno*"} {
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
@@ -321,8 +316,8 @@ func TestModel_SearchResource(t *testing.T) {
@@ -321,8 +316,8 @@ func TestModel_SearchResource(t *testing.T) {
}
}
func TestModel_SetUserPassword(t *testing.T) {
func TestModel_SetUserPassword(t *testing.T) {
stop, b, user := startServerAndGetUser(t)
srv, b, user := startServerAndGetUser(t)
defer stop()
defer srv.Close()
encPass := "encrypted password"
encPass := "encrypted password"
@@ -352,8 +347,8 @@ func TestModel_SetUserPassword(t *testing.T) {
@@ -352,8 +347,8 @@ func TestModel_SetUserPassword(t *testing.T) {
}
}
func TestModel_SetUserEncryptionKeys_Add(t *testing.T) {
func TestModel_SetUserEncryptionKeys_Add(t *testing.T) {
stop, b, user := startServerAndGetUser(t)
srv, b, user := startServerAndGetUser(t)
defer stop()
defer srv.Close()
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
keys := []*ct.EncryptedKey{
keys := []*ct.EncryptedKey{
@@ -371,8 +366,8 @@ func TestModel_SetUserEncryptionKeys_Add(t *testing.T) {
@@ -371,8 +366,8 @@ func TestModel_SetUserEncryptionKeys_Add(t *testing.T) {
}
}
func TestModel_SetUserEncryptionKeys_Replace(t *testing.T) {
func TestModel_SetUserEncryptionKeys_Replace(t *testing.T) {
stop, b, user := startServerAndGetUser2(t)
srv, b, user := startServerAndGetUser2(t)
defer stop()
defer srv.Close()
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
keys := []*ct.EncryptedKey{
keys := []*ct.EncryptedKey{
@@ -390,8 +385,8 @@ func TestModel_SetUserEncryptionKeys_Replace(t *testing.T) {
@@ -390,8 +385,8 @@ func TestModel_SetUserEncryptionKeys_Replace(t *testing.T) {
}
}
func TestModel_NextUID(t *testing.T) {
func TestModel_NextUID(t *testing.T) {
stop, b, user := startServerAndGetUser(t)
srv, b, user := startServerAndGetUser(t)
defer stop()
defer srv.Close()
tx, _ := b.NewTransaction()
tx, _ := b.NewTransaction()
// User UID should not be available.
// User UID should not be available.