logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

ldap_authorization_test.exs (4150B)


  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
  5. use Pleroma.Web.ConnCase
  6. alias Pleroma.Repo
  7. alias Pleroma.Web.OAuth.Token
  8. import Pleroma.Factory
  9. import Mock
  10. @skip if !Code.ensure_loaded?(:eldap), do: :skip
  11. setup_all do: clear_config([:ldap, :enabled], true)
  12. setup_all do: clear_config(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator)
  13. @tag @skip
  14. test "authorizes the existing user using LDAP credentials" do
  15. password = "testpassword"
  16. user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
  17. app = insert(:oauth_app, scopes: ["read", "write"])
  18. host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
  19. port = Pleroma.Config.get([:ldap, :port])
  20. with_mocks [
  21. {:eldap, [],
  22. [
  23. open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
  24. simple_bind: fn _connection, _dn, ^password -> :ok end,
  25. close: fn _connection ->
  26. send(self(), :close_connection)
  27. :ok
  28. end
  29. ]}
  30. ] do
  31. conn =
  32. build_conn()
  33. |> post("/oauth/token", %{
  34. "grant_type" => "password",
  35. "username" => user.nickname,
  36. "password" => password,
  37. "client_id" => app.client_id,
  38. "client_secret" => app.client_secret
  39. })
  40. assert %{"access_token" => token} = json_response(conn, 200)
  41. token = Repo.get_by(Token, token: token)
  42. assert token.user_id == user.id
  43. assert_received :close_connection
  44. end
  45. end
  46. @tag @skip
  47. test "creates a new user after successful LDAP authorization" do
  48. password = "testpassword"
  49. user = build(:user)
  50. app = insert(:oauth_app, scopes: ["read", "write"])
  51. host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
  52. port = Pleroma.Config.get([:ldap, :port])
  53. with_mocks [
  54. {:eldap, [],
  55. [
  56. open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
  57. simple_bind: fn _connection, _dn, ^password -> :ok end,
  58. equalityMatch: fn _type, _value -> :ok end,
  59. wholeSubtree: fn -> :ok end,
  60. search: fn _connection, _options ->
  61. {:ok, {:eldap_search_result, [{:eldap_entry, '', []}], []}}
  62. end,
  63. close: fn _connection ->
  64. send(self(), :close_connection)
  65. :ok
  66. end
  67. ]}
  68. ] do
  69. conn =
  70. build_conn()
  71. |> post("/oauth/token", %{
  72. "grant_type" => "password",
  73. "username" => user.nickname,
  74. "password" => password,
  75. "client_id" => app.client_id,
  76. "client_secret" => app.client_secret
  77. })
  78. assert %{"access_token" => token} = json_response(conn, 200)
  79. token = Repo.get_by(Token, token: token) |> Repo.preload(:user)
  80. assert token.user.nickname == user.nickname
  81. assert_received :close_connection
  82. end
  83. end
  84. @tag @skip
  85. test "disallow authorization for wrong LDAP credentials" do
  86. password = "testpassword"
  87. user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
  88. app = insert(:oauth_app, scopes: ["read", "write"])
  89. host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
  90. port = Pleroma.Config.get([:ldap, :port])
  91. with_mocks [
  92. {:eldap, [],
  93. [
  94. open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
  95. simple_bind: fn _connection, _dn, ^password -> {:error, :invalidCredentials} end,
  96. close: fn _connection ->
  97. send(self(), :close_connection)
  98. :ok
  99. end
  100. ]}
  101. ] do
  102. conn =
  103. build_conn()
  104. |> post("/oauth/token", %{
  105. "grant_type" => "password",
  106. "username" => user.nickname,
  107. "password" => password,
  108. "client_id" => app.client_id,
  109. "client_secret" => app.client_secret
  110. })
  111. assert %{"error" => "Invalid credentials"} = json_response(conn, 400)
  112. assert_received :close_connection
  113. end
  114. end
  115. end