You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ra...@apache.org on 2015/09/05 06:02:51 UTC
[11/17] git commit: updated refs/heads/master to 5881035
CLOUDSTACK-8647: unittests for LdapAuthenticatorSpec
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1c836a89
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1c836a89
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1c836a89
Branch: refs/heads/master
Commit: 1c836a8999a28ef8d6161600a3a29586b30cb532
Parents: c2b36cb
Author: Rajani Karuturi <ra...@citrix.com>
Authored: Thu Aug 27 17:24:40 2015 +0530
Committer: Rajani Karuturi <ra...@citrix.com>
Committed: Thu Aug 27 17:34:02 2015 +0530
----------------------------------------------------------------------
.../ldap/LdapAuthenticatorSpec.groovy | 145 ++++++++++++++++++-
1 file changed, 144 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1c836a89/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
index 435f972..ca19e8c 100644
--- a/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
+++ b/plugins/user-authenticators/ldap/test/groovy/org/apache/cloudstack/ldap/LdapAuthenticatorSpec.groovy
@@ -16,12 +16,17 @@
// under the License.
package groovy.org.apache.cloudstack.ldap
+import com.cloud.server.auth.UserAuthenticator
+import com.cloud.user.Account
+import com.cloud.user.AccountManager
+import com.cloud.user.User
+import com.cloud.user.UserAccount
import com.cloud.user.UserAccountVO
import com.cloud.user.dao.UserAccountDao
import com.cloud.utils.Pair
import org.apache.cloudstack.ldap.LdapAuthenticator
-import org.apache.cloudstack.ldap.LdapConfigurationVO
import org.apache.cloudstack.ldap.LdapManager
+import org.apache.cloudstack.ldap.LdapTrustMapVO
import org.apache.cloudstack.ldap.LdapUser
class LdapAuthenticatorSpec extends spock.lang.Specification {
@@ -103,4 +108,142 @@ class LdapAuthenticatorSpec extends spock.lang.Specification {
then: "it doesn't change"
result == "password"
}
+
+ def "test authentication when ldap is disabled"(){
+ LdapManager ldapManager = Mock(LdapManager)
+ UserAccountDao userAccountDao = Mock(UserAccountDao)
+ def ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao)
+ ldapManager.isLdapEnabled() >> false
+
+ when:
+ Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> result = ldapAuthenticator.authenticate("rajanik", "password", 1, null)
+ then:
+ result.first() == false
+ result.second() == null
+
+ }
+
+ // tests when domain is linked to LDAP
+ def "test authentication when domain is linked and user disabled in ldap"(){
+ LdapManager ldapManager = Mock(LdapManager)
+ UserAccountDao userAccountDao = Mock(UserAccountDao)
+ AccountManager accountManager = Mock(AccountManager)
+
+ def ldapAuthenticator = new LdapAuthenticator()
+ ldapAuthenticator._ldapManager = ldapManager
+ ldapAuthenticator._userAccountDao = userAccountDao
+ ldapAuthenticator._accountManager = accountManager
+
+ long domainId = 1;
+ String username = "rajanik"
+ LdapManager.LinkType type = LdapManager.LinkType.GROUP
+ String name = "CN=test,DC=ccp,DC=citrix,DC=com"
+
+ ldapManager.isLdapEnabled() >> true
+ UserAccount userAccount = Mock(UserAccount)
+ userAccountDao.getUserAccount(username, domainId) >> userAccount
+ userAccount.getId() >> 1
+ ldapManager.getDomainLinkedToLdap(domainId) >> new LdapTrustMapVO(domainId, type, name, (short)2)
+ ldapManager.getUser(username, type.toString(), name) >> new LdapUser(username, "email", "firstname", "lastname", "principal", "domain", true)
+ //user should be disabled in cloudstack
+ accountManager.disableUser(1) >> userAccount
+
+ when:
+ Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> result = ldapAuthenticator.authenticate(username, "password", domainId, null)
+ then:
+ result.first() == false
+ result.second() == UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT
+ }
+
+ def "test authentication when domain is linked and first time user can authenticate in ldap"(){
+ LdapManager ldapManager = Mock(LdapManager)
+ UserAccountDao userAccountDao = Mock(UserAccountDao)
+ AccountManager accountManager = Mock(AccountManager)
+
+ def ldapAuthenticator = new LdapAuthenticator()
+ ldapAuthenticator._ldapManager = ldapManager
+ ldapAuthenticator._userAccountDao = userAccountDao
+ ldapAuthenticator._accountManager = accountManager
+
+ long domainId = 1;
+ String username = "rajanik"
+ LdapManager.LinkType type = LdapManager.LinkType.GROUP
+ String name = "CN=test,DC=ccp,DC=citrix,DC=com"
+
+ ldapManager.isLdapEnabled() >> true
+ userAccountDao.getUserAccount(username, domainId) >> null
+ ldapManager.getDomainLinkedToLdap(domainId) >> new LdapTrustMapVO(domainId, type, name, (short)0)
+ ldapManager.getUser(username, type.toString(), name) >> new LdapUser(username, "email", "firstname", "lastname", "principal", "domain", false)
+ ldapManager.canAuthenticate(_,_) >> true
+ //user should be created in cloudstack
+ accountManager.createUserAccount(username, "", "firstname", "lastname", "email", null, username, (short) 2, domainId, username, null, _, _, User.Source.LDAP) >> Mock(UserAccount)
+
+ when:
+ Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> result = ldapAuthenticator.authenticate(username, "password", domainId, null)
+ then:
+ result.first() == true
+ result.second() == null
+ }
+
+ def "test authentication when domain is linked and existing user can authenticate in ldap"(){
+ LdapManager ldapManager = Mock(LdapManager)
+ UserAccountDao userAccountDao = Mock(UserAccountDao)
+ AccountManager accountManager = Mock(AccountManager)
+
+ def ldapAuthenticator = new LdapAuthenticator()
+ ldapAuthenticator._ldapManager = ldapManager
+ ldapAuthenticator._userAccountDao = userAccountDao
+ ldapAuthenticator._accountManager = accountManager
+
+ long domainId = 1;
+ String username = "rajanik"
+ LdapManager.LinkType type = LdapManager.LinkType.GROUP
+ String name = "CN=test,DC=ccp,DC=citrix,DC=com"
+
+ ldapManager.isLdapEnabled() >> true
+ UserAccount userAccount = Mock(UserAccount)
+ userAccountDao.getUserAccount(username, domainId) >> userAccount
+ userAccount.getId() >> 1
+ userAccount.getState() >> Account.State.disabled.toString()
+ ldapManager.getDomainLinkedToLdap(domainId) >> new LdapTrustMapVO(domainId, type, name, (short)2)
+ ldapManager.getUser(username, type.toString(), name) >> new LdapUser(username, "email", "firstname", "lastname", "principal", "domain", false)
+ ldapManager.canAuthenticate(_,_) >> true
+ //user should be enabled in cloudstack if disabled
+ accountManager.enableUser(1) >> userAccount
+
+ when:
+ Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> result = ldapAuthenticator.authenticate(username, "password", domainId, null)
+ then:
+ result.first() == true
+ result.second() == null
+ }
+
+ def "test authentication when domain is linked and user cannot authenticate in ldap"(){
+ LdapManager ldapManager = Mock(LdapManager)
+ UserAccountDao userAccountDao = Mock(UserAccountDao)
+ AccountManager accountManager = Mock(AccountManager)
+
+ def ldapAuthenticator = new LdapAuthenticator()
+ ldapAuthenticator._ldapManager = ldapManager
+ ldapAuthenticator._userAccountDao = userAccountDao
+ ldapAuthenticator._accountManager = accountManager
+
+ long domainId = 1;
+ String username = "rajanik"
+ LdapManager.LinkType type = LdapManager.LinkType.GROUP
+ String name = "CN=test,DC=ccp,DC=citrix,DC=com"
+
+ ldapManager.isLdapEnabled() >> true
+ UserAccount userAccount = Mock(UserAccount)
+ userAccountDao.getUserAccount(username, domainId) >> userAccount
+ ldapManager.getDomainLinkedToLdap(domainId) >> new LdapTrustMapVO(domainId, type, name, (short)2)
+ ldapManager.getUser(username, type.toString(), name) >> new LdapUser(username, "email", "firstname", "lastname", "principal", "domain", false)
+ ldapManager.canAuthenticate(_,_) >> false
+
+ when:
+ Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> result = ldapAuthenticator.authenticate(username, "password", domainId, null)
+ then:
+ result.first() == false
+ result.second() == UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT
+ }
}