summaryrefslogtreecommitdiffstats
path: root/integrations/auth_ldap_test.go
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-07-20 13:30:22 +0200
committerGitHub <noreply@github.com>2021-07-20 13:30:22 +0200
commit263577842563a8a692212f897bec685751c78f23 (patch)
tree4449cf03ab89ff9aa844daabc96cc946b2b99ea2 /integrations/auth_ldap_test.go
parentAdd fluid to ui container class to remove margin (#16396) (diff)
downloadforgejo-263577842563a8a692212f897bec685751c78f23.tar.xz
forgejo-263577842563a8a692212f897bec685751c78f23.zip
Add basic edit ldap auth test & actually fix #16252 (#16465)
One of the reasons why #16447 was needed and why #16268 was needed in the first place was because it appears that editing ldap configuration doesn't get tested. This PR therefore adds a basic test that will run the edit pipeline. In doing so it's now clear that #16447 and #16268 aren't actually solving #16252. It turns out that what actually happens is that is that the bytes are actually double encoded. This PR now changes the json unmarshal wrapper to handle this double encode. Fix #16252 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'integrations/auth_ldap_test.go')
-rw-r--r--integrations/auth_ldap_test.go54
1 files changed, 54 insertions, 0 deletions
diff --git a/integrations/auth_ldap_test.go b/integrations/auth_ldap_test.go
index 4d82c092e7..59f5195123 100644
--- a/integrations/auth_ldap_test.go
+++ b/integrations/auth_ldap_test.go
@@ -144,6 +144,60 @@ func TestLDAPUserSignin(t *testing.T) {
assert.Equal(t, u.Email, htmlDoc.Find(`label[for="email"]`).Siblings().First().Text())
}
+func TestLDAPAuthChange(t *testing.T) {
+ defer prepareTestEnv(t)()
+ addAuthSourceLDAP(t, "")
+
+ session := loginUser(t, "user1")
+ req := NewRequest(t, "GET", "/admin/auths")
+ resp := session.MakeRequest(t, req, http.StatusOK)
+ doc := NewHTMLParser(t, resp.Body)
+ href, exists := doc.Find("table.table td a").Attr("href")
+ if !exists {
+ assert.True(t, exists, "No authentication source found")
+ return
+ }
+
+ req = NewRequest(t, "GET", href)
+ resp = session.MakeRequest(t, req, http.StatusOK)
+ doc = NewHTMLParser(t, resp.Body)
+ csrf := doc.GetCSRF()
+ host, _ := doc.Find(`input[name="host"]`).Attr("value")
+ assert.Equal(t, host, getLDAPServerHost())
+ binddn, _ := doc.Find(`input[name="bind_dn"]`).Attr("value")
+ assert.Equal(t, binddn, "uid=gitea,ou=service,dc=planetexpress,dc=com")
+
+ req = NewRequestWithValues(t, "POST", href, map[string]string{
+ "_csrf": csrf,
+ "type": "2",
+ "name": "ldap",
+ "host": getLDAPServerHost(),
+ "port": "389",
+ "bind_dn": "uid=gitea,ou=service,dc=planetexpress,dc=com",
+ "bind_password": "password",
+ "user_base": "ou=people,dc=planetexpress,dc=com",
+ "filter": "(&(objectClass=inetOrgPerson)(memberOf=cn=git,ou=people,dc=planetexpress,dc=com)(uid=%s))",
+ "admin_filter": "(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)",
+ "restricted_filter": "(uid=leela)",
+ "attribute_username": "uid",
+ "attribute_name": "givenName",
+ "attribute_surname": "sn",
+ "attribute_mail": "mail",
+ "attribute_ssh_public_key": "",
+ "is_sync_enabled": "on",
+ "is_active": "on",
+ })
+ session.MakeRequest(t, req, http.StatusFound)
+
+ req = NewRequest(t, "GET", href)
+ resp = session.MakeRequest(t, req, http.StatusOK)
+ doc = NewHTMLParser(t, resp.Body)
+ host, _ = doc.Find(`input[name="host"]`).Attr("value")
+ assert.Equal(t, host, getLDAPServerHost())
+ binddn, _ = doc.Find(`input[name="bind_dn"]`).Attr("value")
+ assert.Equal(t, binddn, "uid=gitea,ou=service,dc=planetexpress,dc=com")
+}
+
func TestLDAPUserSync(t *testing.T) {
if skipLDAPTests() {
t.Skip()