joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add LDAP auth module (#6226)

Browse Source
This commit is contained in:
Julian Dax
2019-11-25 17:03:38 +01:00
committed by Diamond Lewis
parent cf26434b31
commit 4435154cf9
6 changed files with 452 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
spec/LdapAuth.spec.js Normal file
View File

@@ -0,0 +1,138 @@
const ldap = require('../lib/Adapters/Auth/ldap');
const mockLdapServer = require('./MockLdapServer');
const port = 12345;
it('Should fail with missing options', done => {
ldap
.validateAuthData({ id: 'testuser', password: 'testpw' })
.then(done.fail)
.catch(err => {
jequal(err.message, 'LDAP auth configuration missing');
done();
});
});
it('Should return a resolved promise when validating the app id', done => {
ldap
.validateAppId()
.then(done)
.catch(done.fail);
});
it('Should succeed with right credentials', done => {
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
const options = {
suffix: 'o=example',
url: `ldap://localhost:${port}`,
dn: 'uid={{id}}, o=example',
};
ldap
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
.then(done)
.catch(done.fail)
.finally(() => server.close());
});
});
it('Should fail with wrong credentials', done => {
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
const options = {
suffix: 'o=example',
url: `ldap://localhost:${port}`,
dn: 'uid={{id}}, o=example',
};
ldap
.validateAuthData({ id: 'testuser', password: 'wrong!' }, options)
.then(done.fail)
.catch(err => {
jequal(err.message, 'LDAP: Wrong username or password');
done();
})
.finally(() => server.close());
});
});
it('Should succeed if user is in given group', done => {
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
const options = {
suffix: 'o=example',
url: `ldap://localhost:${port}`,
dn: 'uid={{id}}, o=example',
groupCn: 'powerusers',
groupFilter:
'(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
};
ldap
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
.then(done)
.catch(done.fail)
.finally(() => server.close());
});
});
it('Should fail if user is not in given group', done => {
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
const options = {
suffix: 'o=example',
url: `ldap://localhost:${port}`,
dn: 'uid={{id}}, o=example',
groupCn: 'groupTheUserIsNotIn',
groupFilter:
'(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
};
ldap
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
.then(done.fail)
.catch(err => {
jequal(err.message, 'LDAP: User not in group');
done();
})
.finally(() => server.close());
});
});
it('Should fail if the LDAP server does not allow searching inside the provided suffix', done => {
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
const options = {
suffix: 'o=invalid',
url: `ldap://localhost:${port}`,
dn: 'uid={{id}}, o=example',
groupCn: 'powerusers',
groupFilter:
'(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
};
ldap
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
.then(done.fail)
.catch(err => {
jequal(err.message, 'LDAP group search failed');
done();
})
.finally(() => server.close());
});
});
it('Should fail if the LDAP server encounters an error while searching', done => {
mockLdapServer(port, 'uid=testuser, o=example', true).then(server => {
const options = {
suffix: 'o=example',
url: `ldap://localhost:${port}`,
dn: 'uid={{id}}, o=example',
groupCn: 'powerusers',
groupFilter:
'(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
};
ldap
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
.then(done.fail)
.catch(err => {
jequal(err.message, 'LDAP group search failed');
done();
})
.finally(() => server.close());
});
});