From 37c3db7be6dd6fc5ee085979cc5f5dda09d978c3 Mon Sep 17 00:00:00 2001
From: Lauris BH <lauris@nix.lv>
Date: Thu, 5 Mar 2020 08:30:33 +0200
Subject: Add restricted user filter to LDAP authentication (#10600)

* Add restricted user filter to LDAP authentification

* Fix unit test cases
---
 integrations/auth_ldap_test.go | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'integrations')

diff --git a/integrations/auth_ldap_test.go b/integrations/auth_ldap_test.go
index 80286c09e6..6c6147f20e 100644
--- a/integrations/auth_ldap_test.go
+++ b/integrations/auth_ldap_test.go
@@ -18,13 +18,14 @@ import (
 )
 
 type ldapUser struct {
-	UserName    string
-	Password    string
-	FullName    string
-	Email       string
-	OtherEmails []string
-	IsAdmin     bool
-	SSHKeys     []string
+	UserName     string
+	Password     string
+	FullName     string
+	Email        string
+	OtherEmails  []string
+	IsAdmin      bool
+	IsRestricted bool
+	SSHKeys      []string
 }
 
 var gitLDAPUsers = []ldapUser{
@@ -55,10 +56,11 @@ var gitLDAPUsers = []ldapUser{
 		Email:    "fry@planetexpress.com",
 	},
 	{
-		UserName: "leela",
-		Password: "leela",
-		FullName: "Leela Turanga",
-		Email:    "leela@planetexpress.com",
+		UserName:     "leela",
+		Password:     "leela",
+		FullName:     "Leela Turanga",
+		Email:        "leela@planetexpress.com",
+		IsRestricted: true,
 	},
 	{
 		UserName: "bender",
@@ -109,6 +111,7 @@ func addAuthSourceLDAP(t *testing.T, sshKeyAttribute string) {
 		"user_base":                "ou=people,dc=planetexpress,dc=com",
 		"filter":                   "(&(objectClass=inetOrgPerson)(memberOf=cn=git,ou=people,dc=planetexpress,dc=com)(uid=%s))",
 		"admin_filter":             "(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)",
+		"restricted_filter":        "(uid=leela)",
 		"attribute_username":       "uid",
 		"attribute_name":           "givenName",
 		"attribute_surname":        "sn",
@@ -173,6 +176,11 @@ func TestLDAPUserSync(t *testing.T) {
 		} else {
 			assert.True(t, tds.Find("td:nth-child(5) i").HasClass("fa-square-o"))
 		}
+		if u.IsRestricted {
+			assert.True(t, tds.Find("td:nth-child(6) i").HasClass("fa-check-square-o"))
+		} else {
+			assert.True(t, tds.Find("td:nth-child(6) i").HasClass("fa-square-o"))
+		}
 	}
 
 	// Check if no users exist
-- 
cgit v1.2.3