oscarleiva
/
energylink


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
							package ldap

import (
	"testing"

	. "github.com/smartystreets/goconvey/convey"
	"gopkg.in/ldap.v3"

	"github.com/grafana/grafana/pkg/infra/log"
	"github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/services/user"
)

func TestLDAPLogin(t *testing.T) {
	Convey("Login()", t, func() {
		serverScenario("When user is log in and updated", func(sc *scenarioContext) {
			// arrange
			mockConnection := &MockConnection{}

			server := &Server{
				Config: &ServerConfig{
					Host:       "",
					RootCACert: "",
					Groups: []*GroupToOrgRole{
						{GroupDN: "*", OrgRole: "Admin"},
					},
					Attr: AttributeMap{
						Username: "username",
						Surname:  "surname",
						Email:    "email",
						Name:     "name",
						MemberOf: "memberof",
					},
					SearchBaseDNs: []string{"BaseDNHere"},
				},
				Connection: mockConnection,
				log:        log.New("test-logger"),
			}

			entry := ldap.Entry{
				DN: "dn", Attributes: []*ldap.EntryAttribute{
					{Name: "username", Values: []string{"roelgerrits"}},
					{Name: "surname", Values: []string{"Gerrits"}},
					{Name: "email", Values: []string{"roel@test.com"}},
					{Name: "name", Values: []string{"Roel"}},
					{Name: "memberof", Values: []string{"admins"}},
				}}
			result := ldap.SearchResult{Entries: []*ldap.Entry{&entry}}
			mockConnection.setSearchResult(&result)

			query := &models.LoginUserQuery{
				Username: "roelgerrits",
			}

			sc.userQueryReturns(&models.User{
				Id:    1,
				Email: "roel@test.net",
				Name:  "Roel Gerrits",
				Login: "roelgerrits",
			})
			sc.userOrgsQueryReturns([]*models.UserOrgDTO{})

			// act
			extUser, _ := server.Login(query)
			userInfo, err := user.Upsert(&user.UpsertArgs{
				SignupAllowed: true,
				ExternalUser:  extUser,
			})

			// assert

			// Check absence of the error
			So(err, ShouldBeNil)

			// User should be searched in ldap
			So(mockConnection.SearchCalled, ShouldBeTrue)

			// Info should be updated (email differs)
			So(userInfo.Email, ShouldEqual, "roel@test.com")

			// User should have admin privileges
			So(sc.addOrgUserCmd.Role, ShouldEqual, "Admin")
		})

		serverScenario("When login with invalid credentials", func(scenario *scenarioContext) {
			connection := &MockConnection{}
			entry := ldap.Entry{}
			result := ldap.SearchResult{Entries: []*ldap.Entry{&entry}}
			connection.setSearchResult(&result)

			connection.bindProvider = func(username, password string) error {
				return &ldap.Error{
					ResultCode: 49,
				}
			}
			server := &Server{
				Config: &ServerConfig{
					Attr: AttributeMap{
						Username: "username",
						Name:     "name",
						MemberOf: "memberof",
					},
					SearchBaseDNs: []string{"BaseDNHere"},
				},
				Connection: connection,
				log:        log.New("test-logger"),
			}

			_, err := server.Login(scenario.loginUserQuery)

			Convey("it should return invalid credentials error", func() {
				So(err, ShouldEqual, ErrInvalidCredentials)
			})
		})

		serverScenario("When login with valid credentials", func(scenario *scenarioContext) {
			connection := &MockConnection{}
			entry := ldap.Entry{
				DN: "dn", Attributes: []*ldap.EntryAttribute{
					{Name: "username", Values: []string{"markelog"}},
					{Name: "surname", Values: []string{"Gaidarenko"}},
					{Name: "email", Values: []string{"markelog@gmail.com"}},
					{Name: "name", Values: []string{"Oleg"}},
					{Name: "memberof", Values: []string{"admins"}},
				},
			}
			result := ldap.SearchResult{Entries: []*ldap.Entry{&entry}}
			connection.setSearchResult(&result)

			connection.bindProvider = func(username, password string) error {
				return nil
			}
			server := &Server{
				Config: &ServerConfig{
					Attr: AttributeMap{
						Username: "username",
						Name:     "name",
						MemberOf: "memberof",
					},
					SearchBaseDNs: []string{"BaseDNHere"},
				},
				Connection: connection,
				log:        log.New("test-logger"),
			}

			resp, err := server.Login(scenario.loginUserQuery)

			So(err, ShouldBeNil)
			So(resp.Login, ShouldEqual, "markelog")
		})

		serverScenario("When user not found in LDAP, but exist in Grafana", func(scenario *scenarioContext) {
			connection := &MockConnection{}
			result := ldap.SearchResult{Entries: []*ldap.Entry{}}
			connection.setSearchResult(&result)

			externalUser := &models.ExternalUserInfo{UserId: 42, IsDisabled: false}
			scenario.getExternalUserInfoByLoginQueryReturns(externalUser)

			connection.bindProvider = func(username, password string) error {
				return nil
			}
			server := &Server{
				Config: &ServerConfig{
					SearchBaseDNs: []string{"BaseDNHere"},
				},
				Connection: connection,
				log:        log.New("test-logger"),
			}

			_, err := server.Login(scenario.loginUserQuery)

			Convey("it should disable user", func() {
				So(scenario.disableExternalUserCalled, ShouldBeTrue)
				So(scenario.disableUserCmd.IsDisabled, ShouldBeTrue)
				So(scenario.disableUserCmd.UserId, ShouldEqual, 42)
			})

			Convey("it should return invalid credentials error", func() {
				So(err, ShouldEqual, ErrInvalidCredentials)
			})
		})

		serverScenario("When user not found in LDAP, and disabled in Grafana already", func(scenario *scenarioContext) {
			connection := &MockConnection{}
			result := ldap.SearchResult{Entries: []*ldap.Entry{}}
			connection.setSearchResult(&result)

			externalUser := &models.ExternalUserInfo{UserId: 42, IsDisabled: true}
			scenario.getExternalUserInfoByLoginQueryReturns(externalUser)

			connection.bindProvider = func(username, password string) error {
				return nil
			}
			server := &Server{
				Config: &ServerConfig{
					SearchBaseDNs: []string{"BaseDNHere"},
				},
				Connection: connection,
				log:        log.New("test-logger"),
			}

			_, err := server.Login(scenario.loginUserQuery)

			Convey("it should't call disable function", func() {
				So(scenario.disableExternalUserCalled, ShouldBeFalse)
			})

			Convey("it should return invalid credentials error", func() {
				So(err, ShouldEqual, ErrInvalidCredentials)
			})
		})

		serverScenario("When user found in LDAP, and disabled in Grafana", func(scenario *scenarioContext) {
			connection := &MockConnection{}
			entry := ldap.Entry{}
			result := ldap.SearchResult{Entries: []*ldap.Entry{&entry}}
			connection.setSearchResult(&result)
			scenario.userQueryReturns(&models.User{Id: 42, IsDisabled: true})

			connection.bindProvider = func(username, password string) error {
				return nil
			}
			server := &Server{
				Config: &ServerConfig{
					SearchBaseDNs: []string{"BaseDNHere"},
				},
				Connection: connection,
				log:        log.New("test-logger"),
			}

			extUser, _ := server.Login(scenario.loginUserQuery)
			_, err := user.Upsert(&user.UpsertArgs{
				SignupAllowed: true,
				ExternalUser:  extUser,
			})

			Convey("it should re-enable user", func() {
				So(scenario.disableExternalUserCalled, ShouldBeTrue)
				So(scenario.disableUserCmd.IsDisabled, ShouldBeFalse)
				So(scenario.disableUserCmd.UserId, ShouldEqual, 42)
			})

			Convey("it should not return error", func() {
				So(err, ShouldBeNil)
			})
		})
	})
}