view MoinMoin/auth/_tests/test_ldap_login.py @ 2109:38b5c2746f83

raise minimum requirement to python 2.7 now that debian wheezy is stable (and thus even debian stable has python 2.7 - almost 3 years after the python 2.7 release), it is time to move on. there are some nice features in 2.7 - we can use them now: http://docs.python.org/2.7/whatsnew/2.7.html there is also no risk any more that language or library features creep in unnoticed that are incompatible with the minimum requirement. we also save some time as we don't have to test on / care for 2.6 any more. about this changeset: most should be self-explanatory, except this: MoinMoin/constants/keys.py - we could not use unicode key constants yet due to a bug in pre-2.6.5 python that did not allow unicode keys in kwargs. The change in MoinMoin/storage/middleware/indexing.py is also related to that, we just had to make sure keys are str, not unicode as that dict later was exploded into a function call like f(**doc). notes for developers: if you developed on 2.6 until now, you need to create a fresh new virtualenv using python 2.7.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 04 May 2013 16:08:33 +0200
parents 791bdedb0c20
children ee404f81afe9
line wrap: on
line source
# Copyright: 2008 MoinMoin:ThomasWaldmann
# Copyright: 2010 MoinMoin:ReimarBauer
# License: GNU GPL v2 (or any later version), see LICENSE.txt for details.

"""
    MoinMoin - MoinMoin.auth.ldap Tests
"""


import pytest


from MoinMoin._tests.ldap_testbase import LDAPTstBase, LdapEnvironment, check_environ, SLAPD_EXECUTABLE
from MoinMoin._tests.ldap_testdata import *
from MoinMoin._tests import wikiconfig
from MoinMoin.auth import handle_login

msg = check_environ()
if msg:
    pytest.skip(msg)
del msg

import ldap


class TestLDAPServer(LDAPTstBase):
    basedn = BASEDN
    rootdn = ROOTDN
    rootpw = ROOTPW
    slapd_config = SLAPD_CONFIG
    ldif_content = LDIF_CONTENT

    def testLDAP(self):
        """ Just try accessing the LDAP server and see if usera and userb are in LDAP. """
        server_uri = self.ldap_env.slapd.url
        base_dn = self.ldap_env.basedn
        lo = ldap.initialize(server_uri)
        ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)  # ldap v2 is outdated
        lo.simple_bind_s('', '')
        lusers = lo.search_st(base_dn, ldap.SCOPE_SUBTREE, '(uid=*)')
        uids = [ldap_dict['uid'][0] for dn, ldap_dict in lusers]
        assert 'usera' in uids
        assert 'userb' in uids


class TestMoinLDAPLogin(LDAPTstBase):
    basedn = BASEDN
    rootdn = ROOTDN
    rootpw = ROOTPW
    slapd_config = SLAPD_CONFIG
    ldif_content = LDIF_CONTENT

    class Config(wikiconfig.Config):
        from MoinMoin.auth.ldap_login import LDAPAuth
        #ToDo get these vars from the test environment
        server_uri = 'ldap://127.0.0.1:3890'
        base_dn = 'ou=testing,dc=example,dc=org'

        ldap_auth1 = LDAPAuth(server_uri=server_uri, base_dn=base_dn, autocreate=True)
        auth = [ldap_auth1, ]

    def testMoinLDAPLogin(self):
        """ Just try accessing the LDAP server and see if usera and userb are in LDAP. """

        # tests that must not authenticate:
        u = handle_login(None, username='', password='')
        assert u is None
        u = handle_login(None, username='usera', password='')
        assert u is None
        u = handle_login(None, username='usera', password='userawrong')
        assert u is None
        u = handle_login(None, username='userawrong', password='usera')
        assert u is None

        # tests that must authenticate:
        u1 = handle_login(None, username='usera', password='usera')
        assert u1 is not None
        assert u1.valid

        u2 = handle_login(None, username='userb', password='userb')
        assert u2 is not None
        assert u2.valid

        # check if usera and userb have different ids:
        assert u1.id != u2.id


class TestBugDefaultPasswd(LDAPTstBase):
    basedn = BASEDN
    rootdn = ROOTDN
    rootpw = ROOTPW
    slapd_config = SLAPD_CONFIG
    ldif_content = LDIF_CONTENT

    class Config(wikiconfig.Config):
        from MoinMoin.auth.ldap_login import LDAPAuth
        from MoinMoin.auth import MoinAuth
        #ToDo get these vars from the test environment
        server_uri = 'ldap://127.0.0.1:3890'
        base_dn = 'ou=testing,dc=example,dc=org'
        ldap_auth = LDAPAuth(server_uri=server_uri, base_dn=base_dn, autocreate=True)
        moin_auth = MoinAuth()
        auth = [ldap_auth, moin_auth]

    def teardown_class(self):
        """ Stop slapd, remove LDAP server environment """
        self.ldap_env.stop_slapd()
        self.ldap_env.destroy_env()

    def testBugDefaultPasswd(self):
        """ Login via LDAP (this creates user profile and up to 1.7.0rc1 it put
            a default password there), then try logging in via moin login using
            that default password or an empty password.
        """
        # do a LDAPAuth login (as a side effect, this autocreates the user profile):
        u1 = handle_login(None, username='usera', password='usera')
        assert u1 is not None
        assert u1.valid

        # now we kill the LDAP server:
        #self.ldap_env.slapd.stop()

        # now try a MoinAuth login:
        # try the default password that worked in 1.7 up to rc1:
        u2 = handle_login(None, username='usera', password='{SHA}NotStored')
        assert u2 is None

        # try using no password:
        u2 = handle_login(None, username='usera', password='')
        assert u2 is None

        # try using wrong password:
        u2 = handle_login(None, username='usera', password='wrong')
        assert u2 is None


class TestTwoLdapServers(object):
    basedn = BASEDN
    rootdn = ROOTDN
    rootpw = ROOTPW
    slapd_config = SLAPD_CONFIG
    ldif_content = LDIF_CONTENT

    def setup_class(self):
        """ Create LDAP servers environment, start slapds """
        self.ldap_envs = []
        for instance in range(2):
            ldap_env = LdapEnvironment(self.basedn, self.rootdn, self.rootpw, instance=instance)
            ldap_env.create_env(slapd_config=self.slapd_config)
            started = ldap_env.start_slapd()
            if not started:
                pytest.skip("Failed to start {0} process, please see your syslog / log files"
                            " (and check if stopping apparmor helps, in case you use it).".format(SLAPD_EXECUTABLE))
            ldap_env.load_directory(ldif_content=self.ldif_content)
            self.ldap_envs.append(ldap_env)

    def teardown_class(self):
        """ Stop slapd, remove LDAP server environment """
        for ldap_env in self.ldap_envs:
            ldap_env.stop_slapd()
            ldap_env.destroy_env()

    def testLDAP(self):
        """ Just try accessing the LDAP servers and see if usera and userb are in LDAP. """
        for ldap_env in self.ldap_envs:
            server_uri = ldap_env.slapd.url
            base_dn = ldap_env.basedn
            lo = ldap.initialize(server_uri)
            ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)  # ldap v2 is outdated
            lo.simple_bind_s('', '')
            lusers = lo.search_st(base_dn, ldap.SCOPE_SUBTREE, '(uid=*)')
            uids = [ldap_dict['uid'][0] for dn, ldap_dict in lusers]
            assert 'usera' in uids
            assert 'userb' in uids


class TestLdapFailover(object):
    basedn = BASEDN
    rootdn = ROOTDN
    rootpw = ROOTPW
    slapd_config = SLAPD_CONFIG
    ldif_content = LDIF_CONTENT

    def setup_class(self):
        """ Create LDAP servers environment, start slapds """
        self.ldap_envs = []
        for instance in range(2):
            ldap_env = LdapEnvironment(self.basedn, self.rootdn, self.rootpw, instance=instance)
            ldap_env.create_env(slapd_config=self.slapd_config)
            started = ldap_env.start_slapd()
            if not started:
                pytest.skip("Failed to start {0} process, please see your syslog / log files"
                            " (and check if stopping apparmor helps, in case you use it).".format(SLAPD_EXECUTABLE))
            ldap_env.load_directory(ldif_content=self.ldif_content)
            self.ldap_envs.append(ldap_env)

    class Config(wikiconfig.Config):
        from MoinMoin.auth.ldap_login import LDAPAuth
        #ToDo get these vars from the test environment
        server_uri = 'ldap://127.0.0.1:3891'
        base_dn = 'ou=testing,dc=example,dc=org'
        ldap_auth1 = LDAPAuth(server_uri=server_uri, base_dn=base_dn,
                              name="ldap1", autocreate=True,
                              timeout=1)
        # short timeout, faster testing
        server_uri = 'ldap://127.0.0.1:3892'
        ldap_auth2 = LDAPAuth(server_uri=server_uri, base_dn=base_dn,
                              name="ldap2", autocreate=True,
                              timeout=1)

        auth = [ldap_auth1, ldap_auth2]

    def teardown_class(self):
        """ Stop slapd, remove LDAP server environment """
        for ldap_env in self.ldap_envs:
            try:
                ldap_env.stop_slapd()
            except:
                pass  # one will fail, because it is already stopped
            ldap_env.destroy_env()

    def testMoinLDAPFailOver(self):
        """ Try if it does a failover to a secondary LDAP, if the primary fails. """

        # authenticate user (with primary slapd):
        u1 = handle_login(None, username='usera', password='usera')
        assert u1 is not None
        assert u1.valid

        # now we kill our primary LDAP server:
        self.ldap_envs[0].slapd.stop()

        # try if we can still authenticate (with the second slapd):
        u2 = handle_login(None, username='usera', password='usera')
        assert u2 is not None
        assert u2.valid