package com.gitblit.tests;
import static org.junit.Assume.assumeTrue;
import java.util.ArrayList;
import java.util.Arrays;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import com.gitblit.Keys;
import com.gitblit.ldap.LdapConnection;
import com.unboundid.ldap.sdk.BindResult;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
/*
* Test for the LdapConnection
*
* @author Florian Zschocke
*
*/
@RunWith(Parameterized.class)
public class LdapConnectionTest extends LdapBasedUnitTest {
@Test
public void testEscapeLDAPFilterString() {
// This test is independent from authentication mode, so run only once.
assumeTrue(authMode == AuthMode.ANONYMOUS);
// From: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java
assertEquals("No special characters to escape", "Hi This is a test #çà", LdapConnection.escapeLDAPSearchFilter("Hi This is a test #çà"));
assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # ç à ô", LdapConnection.escapeLDAPSearchFilter("Hi (This) = is * a \\ test # ç à ô"));
assertEquals("Injection", "\\2a\\29\\28userPassword=secret", LdapConnection.escapeLDAPSearchFilter("*)(userPassword=secret"));
}
@Test
public void testConnect() {
// This test is independent from authentication mode, so run only once.
assumeTrue(authMode == AuthMode.ANONYMOUS);
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
} finally {
conn.close();
}
}
@Test
public void testBindAnonymous() {
// This test tests for anonymous bind, so run only in authentication mode ANONYMOUS.
assumeTrue(authMode == AuthMode.ANONYMOUS);
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
BindResult br = conn.bind();
assertNotNull(br);
assertEquals(ResultCode.SUCCESS, br.getResultCode());
assertEquals("", authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
} finally {
conn.close();
}
}
@Test
public void testBindAsAdmin() {
// This test tests for anonymous bind, so run only in authentication mode DS_MANAGER.
assumeTrue(authMode == AuthMode.DS_MANAGER);
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
BindResult br = conn.bind();
assertNotNull(br);
assertEquals(ResultCode.SUCCESS, br.getResultCode());
assertEquals(settings.getString(Keys.realm.ldap.username, "UNSET"), authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
} finally {
conn.close();
}
}
@Test
public void testBindToBindpattern() {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE;
BindResult br = conn.bind(bindPattern, "UserThree", "userThreePassword");
assertNotNull(br);
assertEquals(ResultCode.SUCCESS, br.getResultCode());
assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
br = conn.bind(bindPattern, "UserFour", "userThreePassword");
assertNull(br);
br = conn.bind(bindPattern, "UserTwo", "userTwoPassword");
assertNull(br);
} finally {
conn.close();
}
}
@Test
public void testRebindAsUser() {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
assertFalse(conn.rebindAsUser());
BindResult br = conn.bind();
assertNotNull(br);
assertFalse(conn.rebindAsUser());
String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE;
br = conn.bind(bindPattern, "UserThree", "userThreePassword");
assertNotNull(br);
assertFalse(conn.rebindAsUser());
br = conn.bind();
assertNotNull(br);
assertTrue(conn.rebindAsUser());
assertEquals(ResultCode.SUCCESS, br.getResultCode());
assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN());
} finally {
conn.close();
}
}
@Test
public void testSearchRequest() throws LDAPException {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
BindResult br = conn.bind();
assertNotNull(br);
SearchRequest req;
SearchResult result;
SearchResultEntry entry;
req = new SearchRequest(ACCOUNT_BASE, SearchScope.BASE, "(CN=UserOne)");
result = conn.search(req);
assertNotNull(result);
assertEquals(0, result.getEntryCount());
req = new SearchRequest(ACCOUNT_BASE, SearchScope.ONE, "(CN=UserTwo)");
result = conn.search(req);
assertNotNull(result);
assertEquals(0, result.getEntryCount());
req = new SearchRequest(ACCOUNT_BASE, SearchScope.SUB, "(CN=UserThree)");
result = conn.search(req);
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, entry.getDN());
req = new SearchRequest(ACCOUNT_BASE, SearchScope.SUBORDINATE_SUBTREE, "(CN=UserFour)");
result = conn.search(req);
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserFour,OU=Canada," + ACCOUNT_BASE, entry.getDN());
} finally {
conn.close();
}
}
@Test
public void testSearch() throws LDAPException {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
BindResult br = conn.bind();
assertNotNull(br);
SearchResult result;
SearchResultEntry entry;
result = conn.search(ACCOUNT_BASE, false, "(CN=UserOne)", null);
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN());
result = conn.search(ACCOUNT_BASE, true, "(&(CN=UserOne)(surname=One))", null);
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN());
result = conn.search(ACCOUNT_BASE, true, "(&(CN=UserOne)(surname=Two))", null);
assertNotNull(result);
assertEquals(0, result.getEntryCount());
result = conn.search(ACCOUNT_BASE, true, "(surname=Two)", Arrays.asList("givenName", "surname"));
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserTwo,OU=US," + ACCOUNT_BASE, entry.getDN());
assertEquals(2, entry.getAttributes().size());
assertEquals("User", entry.getAttributeValue("givenName"));
assertEquals("Two", entry.getAttributeValue("surname"));
result = conn.search(ACCOUNT_BASE, true, "(personalTitle=Mr*)", null);
assertNotNull(result);
assertEquals(3, result.getEntryCount());
ArrayList<String> names = new ArrayList<>(3);
names.add(result.getSearchEntries().get(0).getAttributeValue("surname"));
names.add(result.getSearchEntries().get(1).getAttributeValue("surname"));
names.add(result.getSearchEntries().get(2).getAttributeValue("surname"));
assertTrue(names.contains("One"));
assertTrue(names.contains("Two"));
assertTrue(names.contains("Three"));
} finally {
conn.close();
}
}
@Test
public void testSearchUser() throws LDAPException {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
BindResult br = conn.bind();
assertNotNull(br);
SearchResult result;
SearchResultEntry entry;
result = conn.searchUser("UserOne");
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserOne,OU=US," + ACCOUNT_BASE, entry.getDN());
result = conn.searchUser("UserFour", Arrays.asList("givenName", "surname"));
assertNotNull(result);
assertEquals(1, result.getEntryCount());
entry = result.getSearchEntries().get(0);
assertEquals("CN=UserFour,OU=Canada," + ACCOUNT_BASE, entry.getDN());
assertEquals(2, entry.getAttributes().size());
assertEquals("User", entry.getAttributeValue("givenName"));
assertEquals("Four", entry.getAttributeValue("surname"));
} finally {
conn.close();
}
}
}