package localdb
import (
- "context"
"encoding/json"
"net"
"net/http"
- "git.arvados.org/arvados.git/lib/config"
"git.arvados.org/arvados.git/lib/controller/railsproxy"
"git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
- "git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
"github.com/bradleypeabody/godap"
- "github.com/jmoiron/sqlx"
check "gopkg.in/check.v1"
)
var _ = check.Suite(&LDAPSuite{})
type LDAPSuite struct {
- cluster *arvados.Cluster
- ctrl *ldapLoginController
- ldap *godap.LDAPServer // fake ldap server that accepts auth goodusername/goodpassword
- db *sqlx.DB
-
- // transaction context
- ctx context.Context
- rollback func() error
-}
-
-func (s *LDAPSuite) TearDownSuite(c *check.C) {
- // Undo any changes/additions to the user database so they
- // don't affect subsequent tests.
- arvadostest.ResetEnv()
- c.Check(arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil), check.IsNil)
+ localdbSuite
+ ldap *godap.LDAPServer // fake ldap server that accepts auth goodusername/goodpassword
}
-func (s *LDAPSuite) SetUpSuite(c *check.C) {
- cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
- c.Assert(err, check.IsNil)
- s.cluster, err = cfg.GetCluster("")
- c.Assert(err, check.IsNil)
+func (s *LDAPSuite) SetUpTest(c *check.C) {
+ s.localdbSuite.SetUpTest(c)
ln, err := net.Listen("tcp", "127.0.0.1:0")
c.Assert(err, check.IsNil)
s.cluster.Login.LDAP.Enable = true
err = json.Unmarshal([]byte(`"ldap://`+ln.Addr().String()+`"`), &s.cluster.Login.LDAP.URL)
+ c.Assert(err, check.IsNil)
s.cluster.Login.LDAP.StartTLS = false
s.cluster.Login.LDAP.SearchBindUser = "cn=goodusername,dc=example,dc=com"
s.cluster.Login.LDAP.SearchBindPassword = "goodpassword"
s.cluster.Login.LDAP.SearchBase = "dc=example,dc=com"
- c.Assert(err, check.IsNil)
- s.ctrl = &ldapLoginController{
- Cluster: s.cluster,
- RailsProxy: railsproxy.NewConn(s.cluster),
- }
- s.db = arvadostest.DB(c, s.cluster)
-}
-
-func (s *LDAPSuite) SetUpTest(c *check.C) {
- tx, err := s.db.Beginx()
- c.Assert(err, check.IsNil)
- s.ctx = ctrlctx.NewWithTransaction(context.Background(), tx)
- s.rollback = tx.Rollback
-}
-
-func (s *LDAPSuite) TearDownTest(c *check.C) {
- if s.rollback != nil {
- s.rollback()
+ s.localdb.loginController = &ldapLoginController{
+ Cluster: s.cluster,
+ Parent: s.localdb,
}
}
func (s *LDAPSuite) TestLoginSuccess(c *check.C) {
- conn := NewConn(s.cluster)
- conn.loginController = s.ctrl
- resp, err := conn.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
+ resp, err := s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
Username: "goodusername",
Password: "goodpassword",
})
c.Check(resp.UUID, check.Matches, `zzzzz-gj3su-.*`)
c.Check(resp.Scopes, check.DeepEquals, []string{"all"})
- ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: []string{"v2/" + resp.UUID + "/" + resp.APIToken}})
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, "v2/"+resp.UUID+"/"+resp.APIToken)
user, err := railsproxy.NewConn(s.cluster).UserGetCurrent(ctx, arvados.GetOptions{})
c.Check(err, check.IsNil)
c.Check(user.Email, check.Equals, "goodusername@example.com")
func (s *LDAPSuite) TestLoginFailure(c *check.C) {
// search returns no results
s.cluster.Login.LDAP.SearchBase = "dc=example,dc=invalid"
- resp, err := s.ctrl.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
+ resp, err := s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
Username: "goodusername",
Password: "goodpassword",
})
// search returns result, but auth fails
s.cluster.Login.LDAP.SearchBase = "dc=example,dc=com"
- resp, err = s.ctrl.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
+ resp, err = s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
Username: "badusername",
Password: "badpassword",
})