From 2e6e992a678d2504e1f00e6c6dabf3e7c090d2e3 Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Thu, 22 May 2014 19:38:52 -0400 Subject: [PATCH] Documentation --- src/test/java/com/gitblit/tests/LdapAuthenticationTest.java | 149 ++++++++++++++++++++++++++++++++++++++++--------- 1 files changed, 121 insertions(+), 28 deletions(-) diff --git a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java index 4c78643..21063d5 100644 --- a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java +++ b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java @@ -16,20 +16,27 @@ */ package com.gitblit.tests; +import java.io.File; import java.io.FileInputStream; import java.util.HashMap; import java.util.Map; +import org.apache.commons.io.FileUtils; import org.junit.Before; import org.junit.BeforeClass; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.TemporaryFolder; import com.gitblit.Constants.AccountType; import com.gitblit.IStoredSettings; +import com.gitblit.Keys; import com.gitblit.auth.LdapAuthProvider; +import com.gitblit.manager.AuthenticationManager; import com.gitblit.manager.IUserManager; import com.gitblit.manager.RuntimeManager; import com.gitblit.manager.UserManager; +import com.gitblit.models.TeamModel; import com.gitblit.models.UserModel; import com.gitblit.tests.mock.MemorySettings; import com.unboundid.ldap.listener.InMemoryDirectoryServer; @@ -47,16 +54,24 @@ * */ public class LdapAuthenticationTest extends GitblitUnitTest { + @Rule + public TemporaryFolder folder = new TemporaryFolder(); private static final String RESOURCE_DIR = "src/test/resources/ldap/"; - private LdapAuthProvider ldap; + private File usersConf; + + private LdapAuthProvider ldap; static int ldapPort = 1389; private static InMemoryDirectoryServer ds; private IUserManager userManager; + + private AuthenticationManager auth; + + private MemorySettings settings; @BeforeClass public static void createInMemoryLdapServer() throws Exception { @@ -66,42 +81,52 @@ config.setSchema(null); ds = new InMemoryDirectoryServer(config); - ds.importFromLDIF(true, new LDIFReader(new FileInputStream(RESOURCE_DIR + "sampledata.ldif"))); ds.startListening(); } @Before - public void newLdapAuthentication() { - ldap = newLdapAuthentication(getSettings()); + public void init() throws Exception { + ds.clear(); + ds.importFromLDIF(true, new LDIFReader(new FileInputStream(RESOURCE_DIR + "sampledata.ldif"))); + usersConf = folder.newFile("users.conf"); + FileUtils.copyFile(new File(RESOURCE_DIR + "users.conf"), usersConf); + settings = getSettings(); + ldap = newLdapAuthentication(settings); + auth = newAuthenticationManager(settings); } - public LdapAuthProvider newLdapAuthentication(IStoredSettings settings) { + private LdapAuthProvider newLdapAuthentication(IStoredSettings settings) { RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start(); userManager = new UserManager(runtime).start(); LdapAuthProvider ldap = new LdapAuthProvider(); ldap.setup(runtime, userManager); return ldap; } + + private AuthenticationManager newAuthenticationManager(IStoredSettings settings) { + RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start(); + AuthenticationManager auth = new AuthenticationManager(runtime, userManager); + auth.addAuthenticationProvider(newLdapAuthentication(settings)); + return auth; + } private MemorySettings getSettings() { Map<String, Object> backingMap = new HashMap<String, Object>(); - backingMap.put("realm.userService", RESOURCE_DIR + "users.conf"); - backingMap.put("realm.ldap.server", "ldap://localhost:" + ldapPort); - backingMap.put("realm.ldap.domain", ""); - backingMap.put("realm.ldap.username", "cn=Directory Manager"); - backingMap.put("realm.ldap.password", "password"); - backingMap.put("realm.ldap.backingUserService", "users.conf"); - backingMap.put("realm.ldap.maintainTeams", "true"); - backingMap.put("realm.ldap.accountBase", "OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain"); - backingMap.put("realm.ldap.accountPattern", "(&(objectClass=person)(sAMAccountName=${username}))"); - backingMap.put("realm.ldap.groupBase", "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain"); - backingMap.put("realm.ldap.groupPattern", "(&(objectClass=group)(member=${dn}))"); - backingMap.put("realm.ldap.admins", "UserThree @Git_Admins \"@Git Admins\""); - backingMap.put("realm.ldap.displayName", "displayName"); - backingMap.put("realm.ldap.email", "email"); - backingMap.put("realm.ldap.synchronizeUsers.enable", "true"); - backingMap.put("realm.ldap.uid", "sAMAccountName"); - backingMap.put("realm.ldap.ldapCachePeriod", "0 MINUTES"); + backingMap.put(Keys.realm.userService, usersConf.getAbsolutePath()); + backingMap.put(Keys.realm.ldap.server, "ldap://localhost:" + ldapPort); +// backingMap.put(Keys.realm.ldap.domain, ""); + backingMap.put(Keys.realm.ldap.username, "cn=Directory Manager"); + backingMap.put(Keys.realm.ldap.password, "password"); +// backingMap.put(Keys.realm.ldap.backingUserService, "users.conf"); + backingMap.put(Keys.realm.ldap.maintainTeams, "true"); + backingMap.put(Keys.realm.ldap.accountBase, "OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain"); + backingMap.put(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))"); + backingMap.put(Keys.realm.ldap.groupBase, "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain"); + backingMap.put(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))"); + backingMap.put(Keys.realm.ldap.admins, "UserThree @Git_Admins \"@Git Admins\""); + backingMap.put(Keys.realm.ldap.displayName, "displayName"); + backingMap.put(Keys.realm.ldap.email, "email"); + backingMap.put(Keys.realm.ldap.uid, "sAMAccountName"); MemorySettings ms = new MemorySettings(backingMap); return ms; @@ -174,19 +199,77 @@ } @Test - public void checkIfSevenUsersLoadedFromLdap() throws Exception { + public void checkIfUsersConfContainsAllUsersFromSampleDataLdif() throws Exception { SearchResult searchResult = ds.search("OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain", SearchScope.SUB, "objectClass=person"); assertEquals("Number of ldap users in gitblit user model", searchResult.getEntryCount(), countLdapUsersInUserManager()); } @Test - public void addingUserInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception { + public void addingUserInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception { ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "adduser.ldif")); - for(String user : userManager.getAllUsernames()) { - System.out.println(user); - } - ldap.synchronizeWithLdapService(); + ldap.sync(); assertEquals("Number of ldap users in gitblit user model", 5, countLdapUsersInUserManager()); + } + + @Test + public void addingUserInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception { + settings.put(Keys.realm.ldap.synchronize, "true"); + ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "adduser.ldif")); + ldap.sync(); + assertEquals("Number of ldap users in gitblit user model", 6, countLdapUsersInUserManager()); + } + + @Test + public void addingGroupsInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception { + ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif")); + ldap.sync(); + assertEquals("Number of ldap groups in gitblit team model", 0, countLdapTeamsInUserManager()); + } + + @Test + public void addingGroupsInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception { + settings.put(Keys.realm.ldap.synchronize, "true"); + ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif")); + ldap.sync(); + assertEquals("Number of ldap groups in gitblit team model", 1, countLdapTeamsInUserManager()); + } + + @Test + public void testAuthenticationManager() { + UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray()); + assertNotNull(userOneModel); + assertNotNull(userOneModel.getTeam("git_admins")); + assertNotNull(userOneModel.getTeam("git_users")); + assertTrue(userOneModel.canAdmin); + + UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray()); + assertNull(userOneModelFailedAuth); + + UserModel userTwoModel = auth.authenticate("UserTwo", "userTwoPassword".toCharArray()); + assertNotNull(userTwoModel); + assertNotNull(userTwoModel.getTeam("git_users")); + assertNull(userTwoModel.getTeam("git_admins")); + assertNotNull(userTwoModel.getTeam("git admins")); + assertTrue(userTwoModel.canAdmin); + + UserModel userThreeModel = auth.authenticate("UserThree", "userThreePassword".toCharArray()); + assertNotNull(userThreeModel); + assertNotNull(userThreeModel.getTeam("git_users")); + assertNull(userThreeModel.getTeam("git_admins")); + assertTrue(userThreeModel.canAdmin); + } + + @Test + public void testBindWithUser() { + settings.put(Keys.realm.ldap.bindpattern, "CN=${username},OU=US,OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain"); + settings.put(Keys.realm.ldap.username, ""); + settings.put(Keys.realm.ldap.password, ""); + + UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray()); + assertNotNull(userOneModel); + + UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray()); + assertNull(userOneModelFailedAuth); } private int countLdapUsersInUserManager() { @@ -199,4 +282,14 @@ return ldapAccountCount; } + private int countLdapTeamsInUserManager() { + int ldapAccountCount = 0; + for (TeamModel teamModel : userManager.getAllTeams()) { + if (AccountType.LDAP.equals(teamModel.accountType)) { + ldapAccountCount++; + } + } + return ldapAccountCount; + } + } -- Gitblit v1.9.1