mirror of https://github.com/dexidp/dex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
207 lines
4.5 KiB
207 lines
4.5 KiB
package functional |
|
|
|
import ( |
|
"fmt" |
|
"html/template" |
|
"net/url" |
|
"os" |
|
"strconv" |
|
"strings" |
|
"testing" |
|
|
|
"github.com/coreos/dex/connector" |
|
"github.com/coreos/dex/repo" |
|
"github.com/coreos/go-oidc/oidc" |
|
"gopkg.in/ldap.v2" |
|
) |
|
|
|
var ( |
|
ldapHost string |
|
ldapPort uint16 |
|
ldapBindDN string |
|
ldapBindPw string |
|
) |
|
|
|
func init() { |
|
ldapuri := os.Getenv("DEX_TEST_LDAP_URI") |
|
if ldapuri == "" { |
|
fmt.Println("Unable to proceed with empty env var " + |
|
"DEX_TEST_LDAP_URI") |
|
os.Exit(1) |
|
} |
|
u, err := url.Parse(ldapuri) |
|
if err != nil { |
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI") |
|
os.Exit(1) |
|
} |
|
if strings.Index(u.RawQuery, "?") < 0 { |
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI") |
|
os.Exit(1) |
|
} |
|
extentions := make(map[string]string) |
|
kvs := strings.Split(strings.TrimLeft(u.RawQuery, "?"), ",") |
|
for i := range kvs { |
|
fmt.Println(kvs[i]) |
|
kv := strings.Split(kvs[i], "=") |
|
if len(kv) < 2 { |
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI") |
|
os.Exit(1) |
|
} |
|
extentions[kv[0]] = kv[1] |
|
} |
|
hostport := strings.Split(u.Host, ":") |
|
port := 389 |
|
if len(hostport) > 1 { |
|
port, _ = strconv.Atoi(hostport[1]) |
|
} |
|
|
|
ldapHost = hostport[0] |
|
ldapPort = uint16(port) |
|
|
|
if len(extentions["bindname"]) > 0 { |
|
ldapBindDN, err = url.QueryUnescape(extentions["bindname"]) |
|
if err != nil { |
|
fmt.Println("Unable to parse DEX_TEST_LDAP_URI") |
|
os.Exit(1) |
|
} |
|
} |
|
if len(extentions["X-BINDPW"]) > 0 { |
|
ldapBindPw = extentions["X-BINDPW"] |
|
} |
|
} |
|
|
|
func TestLDAPConnect(t *testing.T) { |
|
fmt.Println("ldapHost: ", ldapHost) |
|
fmt.Println("ldapPort: ", ldapPort) |
|
fmt.Println("ldapBindDN: ", ldapBindDN) |
|
fmt.Println("ldapBindPw: ", ldapBindPw) |
|
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapHost, ldapPort)) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
err = l.Bind(ldapBindDN, ldapBindPw) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
l.Close() |
|
} |
|
|
|
func TestConnectorLDAPConnectFail(t *testing.T) { |
|
var tx repo.Transaction |
|
var lf oidc.LoginFunc |
|
var ns url.URL |
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName) |
|
|
|
ccr := connector.NewConnectorConfigRepoFromConfigs( |
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{ |
|
ID: "ldap", |
|
ServerHost: ldapHost, |
|
ServerPort: ldapPort + 1, |
|
}}, |
|
) |
|
cc, err := ccr.GetConnectorByID(tx, "ldap") |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
c, err := cc.Connector(ns, lf, templates) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
err = c.Healthy() |
|
if err == nil { |
|
t.Fatal(fmt.Errorf("LDAPConnector.Healty() supposed to fail, but succeeded!")) |
|
} |
|
} |
|
|
|
func TestConnectorLDAPConnectSuccess(t *testing.T) { |
|
var tx repo.Transaction |
|
var lf oidc.LoginFunc |
|
var ns url.URL |
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName) |
|
|
|
ccr := connector.NewConnectorConfigRepoFromConfigs( |
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{ |
|
ID: "ldap", |
|
ServerHost: ldapHost, |
|
ServerPort: ldapPort, |
|
}}, |
|
) |
|
cc, err := ccr.GetConnectorByID(tx, "ldap") |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
c, err := cc.Connector(ns, lf, templates) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
err = c.Healthy() |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
} |
|
|
|
func TestConnectorLDAPcaFilecertFileConnectTLS(t *testing.T) { |
|
var tx repo.Transaction |
|
var lf oidc.LoginFunc |
|
var ns url.URL |
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName) |
|
|
|
ccr := connector.NewConnectorConfigRepoFromConfigs( |
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{ |
|
ID: "ldap", |
|
ServerHost: ldapHost, |
|
ServerPort: ldapPort, |
|
UseTLS: true, |
|
CertFile: "/tmp/ldap.crt", |
|
KeyFile: "/tmp/ldap.key", |
|
CaFile: "/tmp/openldap-ca.pem", |
|
}}, |
|
) |
|
cc, err := ccr.GetConnectorByID(tx, "ldap") |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
c, err := cc.Connector(ns, lf, templates) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
err = c.Healthy() |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
} |
|
|
|
func TestConnectorLDAPcaFilecertFileConnectSSL(t *testing.T) { |
|
var tx repo.Transaction |
|
var lf oidc.LoginFunc |
|
var ns url.URL |
|
|
|
templates := template.New(connector.LDAPLoginPageTemplateName) |
|
|
|
ccr := connector.NewConnectorConfigRepoFromConfigs( |
|
[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{ |
|
ID: "ldap", |
|
ServerHost: ldapHost, |
|
ServerPort: ldapPort + 247, // 636 |
|
UseSSL: true, |
|
CertFile: "/tmp/ldap.crt", |
|
KeyFile: "/tmp/ldap.key", |
|
CaFile: "/tmp/openldap-ca.pem", |
|
}}, |
|
) |
|
cc, err := ccr.GetConnectorByID(tx, "ldap") |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
c, err := cc.Connector(ns, lf, templates) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
err = c.Healthy() |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
}
|
|
|