156 lines
4.0 KiB
Ruby
156 lines
4.0 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Gitlab::LDAP::Config, lib: true do
|
|
include LdapHelpers
|
|
|
|
let(:config) { Gitlab::LDAP::Config.new('ldapmain') }
|
|
|
|
describe '#initalize' do
|
|
it 'requires a provider' do
|
|
expect{ Gitlab::LDAP::Config.new }.to raise_error ArgumentError
|
|
end
|
|
|
|
it 'works' do
|
|
expect(config).to be_a described_class
|
|
end
|
|
|
|
it 'raises an error if a unknown provider is used' do
|
|
expect{ Gitlab::LDAP::Config.new 'unknown' }.to raise_error(RuntimeError)
|
|
end
|
|
end
|
|
|
|
describe '#adapter_options' do
|
|
it 'constructs basic options' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'host' => 'ldap.example.com',
|
|
'port' => 386,
|
|
'encryption' => 'plain'
|
|
}
|
|
)
|
|
|
|
expect(config.adapter_options).to eq(
|
|
host: 'ldap.example.com',
|
|
port: 386,
|
|
encryption: nil
|
|
)
|
|
end
|
|
|
|
it 'includes authentication options when auth is configured' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'host' => 'ldap.example.com',
|
|
'port' => 686,
|
|
'encryption' => 'ssl',
|
|
'bind_dn' => 'uid=admin,dc=example,dc=com',
|
|
'password' => 'super_secret'
|
|
}
|
|
)
|
|
|
|
expect(config.adapter_options).to eq(
|
|
host: 'ldap.example.com',
|
|
port: 686,
|
|
encryption: :simple_tls,
|
|
auth: {
|
|
method: :simple,
|
|
username: 'uid=admin,dc=example,dc=com',
|
|
password: 'super_secret'
|
|
}
|
|
)
|
|
end
|
|
end
|
|
|
|
describe '#omniauth_options' do
|
|
it 'constructs basic options' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'host' => 'ldap.example.com',
|
|
'port' => 386,
|
|
'base' => 'ou=users,dc=example,dc=com',
|
|
'encryption' => 'plain',
|
|
'uid' => 'uid'
|
|
}
|
|
)
|
|
|
|
expect(config.omniauth_options).to include(
|
|
host: 'ldap.example.com',
|
|
port: 386,
|
|
base: 'ou=users,dc=example,dc=com',
|
|
encryption: 'plain',
|
|
filter: '(uid=%{username})'
|
|
)
|
|
expect(config.omniauth_options.keys).not_to include(:bind_dn, :password)
|
|
end
|
|
|
|
it 'includes authentication options when auth is configured' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'uid' => 'sAMAccountName',
|
|
'user_filter' => '(memberOf=cn=group1,ou=groups,dc=example,dc=com)',
|
|
'bind_dn' => 'uid=admin,dc=example,dc=com',
|
|
'password' => 'super_secret'
|
|
}
|
|
)
|
|
|
|
expect(config.omniauth_options).to include(
|
|
filter: '(&(sAMAccountName=%{username})(memberOf=cn=group1,ou=groups,dc=example,dc=com))',
|
|
bind_dn: 'uid=admin,dc=example,dc=com',
|
|
password: 'super_secret'
|
|
)
|
|
end
|
|
end
|
|
|
|
describe '#has_auth?' do
|
|
it 'is true when password is set' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'bind_dn' => 'uid=admin,dc=example,dc=com',
|
|
'password' => 'super_secret'
|
|
}
|
|
)
|
|
|
|
expect(config.has_auth?).to be_truthy
|
|
end
|
|
|
|
it 'is true when bind_dn is set and password is empty' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'bind_dn' => 'uid=admin,dc=example,dc=com',
|
|
'password' => ''
|
|
}
|
|
)
|
|
|
|
expect(config.has_auth?).to be_truthy
|
|
end
|
|
|
|
it 'is false when password and bind_dn are not set' do
|
|
stub_ldap_config(options: { 'bind_dn' => nil, 'password' => nil })
|
|
|
|
expect(config.has_auth?).to be_falsey
|
|
end
|
|
end
|
|
|
|
describe '#attributes' do
|
|
it 'uses default attributes when no custom attributes are configured' do
|
|
expect(config.attributes).to eq(config.default_attributes)
|
|
end
|
|
|
|
it 'merges the configuration attributes with default attributes' do
|
|
stub_ldap_config(
|
|
options: {
|
|
'attributes' => {
|
|
'username' => %w(sAMAccountName),
|
|
'email' => %w(userPrincipalName)
|
|
}
|
|
}
|
|
)
|
|
|
|
expect(config.attributes).to include({
|
|
'username' => %w(sAMAccountName),
|
|
'email' => %w(userPrincipalName),
|
|
'name' => 'cn'
|
|
})
|
|
end
|
|
end
|
|
end
|