Back to index

moin  1.9.0~rc2
test_ldap_login.py
Go to the documentation of this file.
00001 # -*- coding: utf-8 -*-
00002 """
00003     MoinMoin - MoinMoin.auth.ldap Tests
00004 
00005     @copyright: 2008 MoinMoin:ThomasWaldmann
00006     @license: GNU GPL, see COPYING for details.
00007 """
00008 
00009 import py.test
00010 py.test.skip("Broken due to test Config refactoring")
00011 
00012 from MoinMoin._tests.ldap_testbase import LDAPTstBase, LdapEnvironment, check_environ, SLAPD_EXECUTABLE
00013 from MoinMoin._tests.ldap_testdata import *
00014 from MoinMoin._tests import nuke_user, wikiconfig
00015 from MoinMoin.auth import handle_login
00016 
00017 # first check if we have python 2.4, python-ldap and slapd:
00018 msg = check_environ()
00019 if msg:
00020     py.test.skip(msg)
00021 del msg
00022 
00023 import ldap
00024 
00025 class TestLDAPServer(LDAPTstBase):
00026     basedn = BASEDN
00027     rootdn = ROOTDN
00028     rootpw = ROOTPW
00029     slapd_config = SLAPD_CONFIG
00030     ldif_content = LDIF_CONTENT
00031 
00032     def testLDAP(self):
00033         """ Just try accessing the LDAP server and see if usera and userb are in LDAP. """
00034         server_uri = self.ldap_env.slapd.url
00035         base_dn = self.ldap_env.basedn
00036         lo = ldap.initialize(server_uri)
00037         ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) # ldap v2 is outdated
00038         lo.simple_bind_s('', '')
00039         lusers = lo.search_st(base_dn, ldap.SCOPE_SUBTREE, '(uid=*)')
00040         uids = [ldap_dict['uid'][0] for dn, ldap_dict in lusers]
00041         assert 'usera' in uids
00042         assert 'userb' in uids
00043 
00044 class TestMoinLDAPLogin(LDAPTstBase):
00045     basedn = BASEDN
00046     rootdn = ROOTDN
00047     rootpw = ROOTPW
00048     slapd_config = SLAPD_CONFIG
00049     ldif_content = LDIF_CONTENT
00050 
00051     class Config(wikiconfig.Config):
00052         from MoinMoin.auth.ldap_login import LDAPAuth
00053         server_uri = self.ldap_env.slapd.url # XXX no self
00054         base_dn = self.ldap_env.basedn
00055         ldap_auth1 = LDAPAuth(server_uri=server_uri, base_dn=base_dn, autocreate=True)
00056         auth = [ldap_auth1, ]
00057 
00058     def testMoinLDAPLogin(self):
00059         """ Just try accessing the LDAP server and see if usera and userb are in LDAP. """
00060 
00061         handle_auth = self.request.handle_auth
00062 
00063         # tests that must not authenticate:
00064         u = handle_login(self.request, None, username='', password='')
00065         assert u is None
00066         u = handle_login(self.request, None, username='usera', password='')
00067         assert u is None
00068         u = handle_login(self.request, None, username='usera', password='userawrong')
00069         assert u is None
00070         u = handle_login(self.request, None, username='userawrong', password='usera')
00071         assert u is None
00072 
00073         # tests that must authenticate:
00074         u1 = handle_login(self.request, None, username='usera', password='usera')
00075         assert u1 is not None
00076         assert u1.valid
00077 
00078         u2 = handle_login(self.request, None, username='userb', password='userb')
00079         assert u2 is not None
00080         assert u2.valid
00081 
00082         # check if usera and userb have different ids:
00083         assert u1.id != u2.id
00084 
00085 
00086 class TestBugDefaultPasswd(LDAPTstBase):
00087     basedn = BASEDN
00088     rootdn = ROOTDN
00089     rootpw = ROOTPW
00090     slapd_config = SLAPD_CONFIG
00091     ldif_content = LDIF_CONTENT
00092 
00093     class Config(wikiconfig.Config):
00094         from MoinMoin.auth.ldap_login import LDAPAuth
00095         from MoinMoin.auth import MoinAuth
00096         server_uri = self.ldap_env.slapd.url # XXX no self
00097         base_dn = self.ldap_env.basedn
00098         ldap_auth = LDAPAuth(server_uri=server_uri, base_dn=base_dn, autocreate=True)
00099         moin_auth = MoinAuth()
00100         auth = [ldap_auth, moin_auth]
00101 
00102     def teardown_class(self):
00103         """ Stop slapd, remove LDAP server environment """
00104         #self.ldap_env.stop_slapd()  # it is already stopped
00105         self.ldap_env.destroy_env()
00106 
00107     def testBugDefaultPasswd(self):
00108         """ Login via LDAP (this creates user profile and up to 1.7.0rc1 it put
00109             a default password there), then try logging in via moin login using
00110             that default password or an empty password.
00111         """
00112 
00113         nuke_user(self.request, u'usera')
00114 
00115         # do a LDAPAuth login (as a side effect, this autocreates the user profile):
00116         u1 = handle_login(self.request, None, username='usera', password='usera')
00117         assert u1 is not None
00118         assert u1.valid
00119 
00120         # now we kill the LDAP server:
00121         #self.ldap_env.slapd.stop()
00122 
00123         # now try a MoinAuth login:
00124         # try the default password that worked in 1.7 up to rc1:
00125         u2 = handle_login(self.request, None, username='usera', password='{SHA}NotStored')
00126         assert u2 is None
00127 
00128         # try using no password:
00129         u2 = handle_login(self.request, None, username='usera', password='')
00130         assert u2 is None
00131 
00132         # try using wrong password:
00133         u2 = handle_login(self.request, None, username='usera', password='wrong')
00134         assert u2 is None
00135 
00136 
00137 class TestTwoLdapServers:
00138     basedn = BASEDN
00139     rootdn = ROOTDN
00140     rootpw = ROOTPW
00141     slapd_config = SLAPD_CONFIG
00142     ldif_content = LDIF_CONTENT
00143 
00144     def setup_class(self):
00145         """ Create LDAP servers environment, start slapds """
00146         self.ldap_envs = []
00147         for instance in range(2):
00148             ldap_env = LdapEnvironment(self.basedn, self.rootdn, self.rootpw, instance=instance)
00149             ldap_env.create_env(slapd_config=self.slapd_config)
00150             started = ldap_env.start_slapd()
00151             if not started:
00152                 py.test.skip("Failed to start %s process, please see your syslog / log files"
00153                              " (and check if stopping apparmor helps, in case you use it)." % SLAPD_EXECUTABLE)
00154             ldap_env.load_directory(ldif_content=self.ldif_content)
00155             self.ldap_envs.append(ldap_env)
00156 
00157     def teardown_class(self):
00158         """ Stop slapd, remove LDAP server environment """
00159         for ldap_env in self.ldap_envs:
00160             ldap_env.stop_slapd()
00161             ldap_env.destroy_env()
00162 
00163     def testLDAP(self):
00164         """ Just try accessing the LDAP servers and see if usera and userb are in LDAP. """
00165         for ldap_env in self.ldap_envs:
00166             server_uri = ldap_env.slapd.url
00167             base_dn = ldap_env.basedn
00168             lo = ldap.initialize(server_uri)
00169             ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) # ldap v2 is outdated
00170             lo.simple_bind_s('', '')
00171             lusers = lo.search_st(base_dn, ldap.SCOPE_SUBTREE, '(uid=*)')
00172             uids = [ldap_dict['uid'][0] for dn, ldap_dict in lusers]
00173             assert 'usera' in uids
00174             assert 'userb' in uids
00175 
00176 
00177 class TestLdapFailover:
00178     basedn = BASEDN
00179     rootdn = ROOTDN
00180     rootpw = ROOTPW
00181     slapd_config = SLAPD_CONFIG
00182     ldif_content = LDIF_CONTENT
00183 
00184     class Config(wikiconfig.Config):
00185         from MoinMoin.auth.ldap_login import LDAPAuth
00186         authlist = []
00187         for ldap_env in self.ldap_envs: # XXX no self
00188             server_uri = ldap_env.slapd.url
00189             base_dn = ldap_env.basedn
00190             ldap_auth = LDAPAuth(server_uri=server_uri, base_dn=base_dn,
00191                                  autocreate=True,
00192                                  timeout=1) # short timeout, faster testing
00193             authlist.append(ldap_auth)
00194         auth = authlist
00195 
00196     def setup_class(self):
00197         """ Create LDAP servers environment, start slapds """
00198         self.ldap_envs = []
00199         for instance in range(2):
00200             ldap_env = LdapEnvironment(self.basedn, self.rootdn, self.rootpw, instance=instance)
00201             ldap_env.create_env(slapd_config=self.slapd_config)
00202             started = ldap_env.start_slapd()
00203             if not started:
00204                 py.test.skip("Failed to start %s process, please see your syslog / log files"
00205                              " (and check if stopping apparmor helps, in case you use it)." % SLAPD_EXECUTABLE)
00206             ldap_env.load_directory(ldif_content=self.ldif_content)
00207             self.ldap_envs.append(ldap_env)
00208 
00209     def teardown_class(self):
00210         """ Stop slapd, remove LDAP server environment """
00211         for ldap_env in self.ldap_envs:
00212             try:
00213                 ldap_env.stop_slapd()
00214             except:
00215                 pass # one will fail, because it is already stopped
00216             ldap_env.destroy_env()
00217 
00218     def testMoinLDAPFailOver(self):
00219         """ Try if it does a failover to a secondary LDAP, if the primary fails. """
00220         handle_auth = self.request.handle_auth
00221 
00222         # authenticate user (with primary slapd):
00223         u1 = handle_login(self.request, None, username='usera', password='usera')
00224         assert u1 is not None
00225         assert u1.valid
00226 
00227         # now we kill our primary LDAP server:
00228         self.ldap_envs[0].slapd.stop()
00229 
00230         # try if we can still authenticate (with the second slapd):
00231         u2 = handle_login(self.request, None, username='usera', password='usera')
00232         assert u2 is not None
00233         assert u2.valid
00234 
00235 
00236