From ad67b78cb44825ac90ea29ad993b2db92fe9ed8a Mon Sep 17 00:00:00 2001 From: Dave Sims Date: Mon, 1 Aug 2016 17:44:48 -0500 Subject: [PATCH] Created new ActiveDirectory user search class; moved tests --- lib/github/ldap.rb | 4 ++ .../ldap/user_search/active_directory.rb | 44 ++++++++++++ test/ldap_test.rb | 65 ----------------- test/user_search/active_directory_test.rb | 71 +++++++++++++++++++ 4 files changed, 119 insertions(+), 65 deletions(-) create mode 100644 lib/github/ldap/user_search/active_directory.rb create mode 100644 test/user_search/active_directory_test.rb diff --git a/lib/github/ldap.rb b/lib/github/ldap.rb index b93c437..5071a4f 100644 --- a/lib/github/ldap.rb +++ b/lib/github/ldap.rb @@ -10,6 +10,10 @@ require 'github/ldap/virtual_attributes' require 'github/ldap/instrumentation' require 'github/ldap/member_search' require 'github/ldap/membership_validators' +require 'github/ldap/connection_cache' +require 'github/ldap/referral_chaser' +require 'github/ldap/url' +require 'github/ldap/user_search/active_directory.rb' module GitHub class Ldap diff --git a/lib/github/ldap/user_search/active_directory.rb b/lib/github/ldap/user_search/active_directory.rb new file mode 100644 index 0000000..a32b0c3 --- /dev/null +++ b/lib/github/ldap/user_search/active_directory.rb @@ -0,0 +1,44 @@ +module GitHub + class Ldap + module UserSearch + class ActiveDirectory < Default + + def initialize(ldap) + @ldap = ldap + end + + def search(options) + # when doing a global search for a user's DN, set the search base to blank + options[:base] = "" + global_catalog_search(options).first + end + + def global_catalog_search(options, &block) + Array(global_catalog_connection.search(options, &block)) + end + + # Returns a memoized connection to an Active Directory Global Catalog + # if the server is an Active Directory instance, otherwise returns nil. + # + # See: https://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx + # + def global_catalog_connection + @global_catalog_connection ||= Net::LDAP.new({ + host: ldap.instance_variable_get(:@host), + auth: { + method: :simple, + username: ldap.instance_variable_get(:@admin_user), + password: ldap.instance_variable_get(:@admin_password) + }, + instrumentation_service: ldap.instrumentation_service, + port: 3268, + }) + end + + private + + attr_reader :ldap + end + end + end +end diff --git a/test/ldap_test.rb b/test/ldap_test.rb index 42de9ad..5ab9fc3 100644 --- a/test/ldap_test.rb +++ b/test/ldap_test.rb @@ -118,71 +118,6 @@ module GitHubLdapTestCases def test_capabilities assert_kind_of Net::LDAP::Entry, @ldap.capabilities end - - def test_global_catalog_connection_is_null_if_not_active_directory - @ldap.expects(:active_directory_capability?).returns(false) - assert_nil @ldap.global_catalog_connection - end - - def test_global_catalog_connection_is_null_if_not_active_directory - @ldap.expects(:active_directory_capability?).returns(true) - refute_nil @ldap.global_catalog_connection - end - - def test_global_catalog_returns_empty_array_for_no_results - @ldap.expects(:active_directory_capability?).returns(true) - mock_global_catalog_connection = Object.new - mock_global_catalog_connection.expects(:search).returns(nil) - Net::LDAP.expects(:new).returns(mock_global_catalog_connection) - results = @ldap.global_catalog_search({}) - assert_equal [], results - end - - def test_global_catalog_returns_array_of_results - @ldap.expects(:active_directory_capability?).returns(true) - mock_global_catalog_connection = Object.new - stub_entry = Object.new - mock_global_catalog_connection.expects(:search).returns(stub_entry) - Net::LDAP.expects(:new).returns(mock_global_catalog_connection) - results = @ldap.global_catalog_search({}) - assert_equal [stub_entry], results - end - - def test_global_catalog_default_settings - @ldap.expects(:active_directory_capability?).returns(true) - global_catalog = @ldap.global_catalog_connection - instrumentation_service = global_catalog.instance_variable_get(:@instrumentation_service) - - auth = global_catalog.instance_variable_get(:@auth) - assert_equal :simple, auth[:method] - assert_equal "localhost", global_catalog.host - assert_equal 3268, global_catalog.port - assert_equal "MockInstrumentationService", instrumentation_service.class.name - end - - module GitHubLdapUnauthenticatedTestCases - def test_global_catalog_unauthenticated_default_settings - @ldap.expects(:active_directory_capability?).returns(true) - global_catalog = @ldap.global_catalog_connection - # this is ugly, but currently the only way to test Net::LDAP#auth values - auth = global_catalog.instance_variable_get(:@auth) - - assert_equal nil, auth[:password] - assert_equal nil, auth[:username] - end - end - - module GitHubLdapAuthenticatedTestCases - def test_global_catalog_authenticated_default_settings - @ldap.expects(:active_directory_capability?).returns(true) - global_catalog = @ldap.global_catalog_connection - # this is ugly, but currently the only way to test Net::LDAP#auth values - auth = global_catalog.instance_variable_get(:@auth) - - assert_equal "passworD1", auth[:password] - assert_equal "uid=admin,dc=github,dc=com", auth[:username] - end - end end class GitHubLdapTest < GitHub::Ldap::Test diff --git a/test/user_search/active_directory_test.rb b/test/user_search/active_directory_test.rb new file mode 100644 index 0000000..a38943b --- /dev/null +++ b/test/user_search/active_directory_test.rb @@ -0,0 +1,71 @@ +require_relative '../test_helper' +require 'mocha/mini_test' + +class GitHubLdapActiveDirectoryUserSearchTests < GitHub::Ldap::Test + + def setup + @ldap = GitHub::Ldap.new(options) + @ad_user_search = GitHub::Ldap::UserSearch::ActiveDirectory.new(@ldap) + end + + def test_global_catalog_connection_is_null_if_not_active_directory + @ad_user_search.expects(:active_directory_capability?).returns(false) + assert_nil @ad_user_search.global_catalog_connection + end + + def test_global_catalog_connection_is_null_if_not_active_directory + refute_nil @ad_user_search.global_catalog_connection + end + + def test_global_catalog_returns_empty_array_for_no_results + mock_global_catalog_connection = Object.new + mock_global_catalog_connection.expects(:search).returns(nil) + Net::LDAP.expects(:new).returns(mock_global_catalog_connection) + results = @ad_user_search.global_catalog_search({}) + assert_equal [], results + end + + def test_global_catalog_returns_array_of_results + mock_global_catalog_connection = Object.new + stub_entry = Object.new + mock_global_catalog_connection.expects(:search).returns(stub_entry) + Net::LDAP.expects(:new).returns(mock_global_catalog_connection) + results = @ad_user_search.global_catalog_search({}) + assert_equal [stub_entry], results + end + + def test_global_catalog_default_settings + global_catalog = @ad_user_search.global_catalog_connection + instrumentation_service = global_catalog.instance_variable_get(:@instrumentation_service) + + auth = global_catalog.instance_variable_get(:@auth) + assert_equal :simple, auth[:method] + assert_equal "127.0.0.1", global_catalog.host + assert_equal 3268, global_catalog.port + assert_equal "MockInstrumentationService", instrumentation_service.class.name + end + + module GitHubLdapUnauthenticatedTestCases + def test_global_catalog_unauthenticated_default_settings + @ad_user_search.expects(:active_directory_capability?).returns(true) + global_catalog = @ad_user_search.global_catalog_connection + # this is ugly, but currently the only way to test Net::LDAP#auth values + auth = global_catalog.instance_variable_get(:@auth) + + assert_equal nil, auth[:password] + assert_equal nil, auth[:username] + end + end + + module GitHubLdapAuthenticatedTestCases + def test_global_catalog_authenticated_default_settings + @ad_user_search.expects(:active_directory_capability?).returns(true) + global_catalog = @ad_user_search.global_catalog_connection + # this is ugly, but currently the only way to test Net::LDAP#auth values + auth = global_catalog.instance_variable_get(:@auth) + + assert_equal "passworD1", auth[:password] + assert_equal "uid=admin,dc=github,dc=com", auth[:username] + end + end +end