c958c46fa7
* Add LDAPS-support to LDAP-Authcontroller * Add Testcase that failed with valid certificate but wrong credendtials to LDAP-Authcontroller * change scope of 'error' and remove 'case undefined', because it's not needed anymore
214 lines
6.5 KiB
JavaScript
214 lines
6.5 KiB
JavaScript
const ldap = require('../lib/Adapters/Auth/ldap');
|
|
const mockLdapServer = require('./MockLdapServer');
|
|
const fs = require('fs');
|
|
const port = 12345;
|
|
const sslport = 12346;
|
|
|
|
it('Should fail with missing options', done => {
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'testpw' })
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAP auth configuration missing');
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('Should return a resolved promise when validating the app id', done => {
|
|
ldap.validateAppId().then(done).catch(done.fail);
|
|
});
|
|
|
|
it('Should succeed with right credentials', done => {
|
|
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldap://localhost:${port}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
};
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done)
|
|
.catch(done.fail)
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should succeed with right credentials when LDAPS is used and certifcate is not checked', done => {
|
|
mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldaps://localhost:${sslport}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
tlsOptions: { rejectUnauthorized: false }
|
|
};
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done)
|
|
.catch(done.fail)
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should succeed when LDAPS is used and the presented certificate is the expected certificate', done => {
|
|
mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldaps://localhost:${sslport}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
tlsOptions: {
|
|
ca: fs.readFileSync(__dirname + '/support/cert/cert.pem'),
|
|
rejectUnauthorized: true
|
|
}
|
|
};
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done)
|
|
.catch(done.fail)
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should fail when LDAPS is used and the presented certificate is not the expected certificate', done => {
|
|
mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldaps://localhost:${sslport}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
tlsOptions: {
|
|
ca: fs.readFileSync(__dirname + '/support/cert/anothercert.pem'),
|
|
rejectUnauthorized: true
|
|
}
|
|
};
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAPS: Certificate mismatch');
|
|
done();
|
|
})
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should fail when LDAPS is used certifcate matches but credentials are wrong', done => {
|
|
mockLdapServer(sslport, 'uid=testuser, o=example', false, true).then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldaps://localhost:${sslport}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
tlsOptions: {
|
|
ca: fs.readFileSync(__dirname + '/support/cert/cert.pem'),
|
|
rejectUnauthorized: true
|
|
}
|
|
};
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'wrong!' }, options)
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAP: Wrong username or password');
|
|
done();
|
|
})
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
|
|
it('Should fail with wrong credentials', done => {
|
|
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldap://localhost:${port}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
};
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'wrong!' }, options)
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAP: Wrong username or password');
|
|
done();
|
|
})
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should succeed if user is in given group', done => {
|
|
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldap://localhost:${port}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
groupCn: 'powerusers',
|
|
groupFilter: '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
|
|
};
|
|
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done)
|
|
.catch(done.fail)
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should fail if user is not in given group', done => {
|
|
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldap://localhost:${port}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
groupCn: 'groupTheUserIsNotIn',
|
|
groupFilter: '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
|
|
};
|
|
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAP: User not in group');
|
|
done();
|
|
})
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should fail if the LDAP server does not allow searching inside the provided suffix', done => {
|
|
mockLdapServer(port, 'uid=testuser, o=example').then(server => {
|
|
const options = {
|
|
suffix: 'o=invalid',
|
|
url: `ldap://localhost:${port}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
groupCn: 'powerusers',
|
|
groupFilter: '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
|
|
};
|
|
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAP group search failed');
|
|
done();
|
|
})
|
|
.finally(() => server.close());
|
|
});
|
|
});
|
|
|
|
it('Should fail if the LDAP server encounters an error while searching', done => {
|
|
mockLdapServer(port, 'uid=testuser, o=example', true).then(server => {
|
|
const options = {
|
|
suffix: 'o=example',
|
|
url: `ldap://localhost:${port}`,
|
|
dn: 'uid={{id}}, o=example',
|
|
groupCn: 'powerusers',
|
|
groupFilter: '(&(uniqueMember=uid={{id}}, o=example)(objectClass=groupOfUniqueNames))',
|
|
};
|
|
|
|
ldap
|
|
.validateAuthData({ id: 'testuser', password: 'secret' }, options)
|
|
.then(done.fail)
|
|
.catch(err => {
|
|
jequal(err.message, 'LDAP group search failed');
|
|
done();
|
|
})
|
|
.finally(() => server.close());
|
|
});
|
|
});
|