This repository has been archived by the owner on Sep 2, 2021. It is now read-only.
forked from korylprince/go-ad-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_test.go
178 lines (148 loc) · 5.61 KB
/
auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
package auth
import (
"sort"
"strings"
"testing"
)
func TestAuthenticate(t *testing.T) {
if testConfig.Server == "" {
t.Skip("ADTEST_SERVER not set")
return
}
if testConfig.BaseDN == "" {
t.Skip("ADTEST_BASEDN not set")
return
}
config := &Config{Server: testConfig.Server, Port: testConfig.Port, Security: testConfig.BindSecurity, BaseDN: testConfig.BaseDN}
status, err := Authenticate(config, "go-ad-auth", "invalid password")
if err != nil {
t.Fatal("Invalid credentials: Expected err to be nil but got:", err)
}
if status {
t.Error("Invalid credentials: Expected authenticate status to be false")
}
badConfig := &Config{Server: testConfig.Server, Port: testConfig.Port, Security: testConfig.BindSecurity, BaseDN: "Bad BaseDN"}
if _, err = Authenticate(badConfig, "go-ad-auth", "invalid password"); !strings.Contains(err.Error(), "invalid BaseDN") {
t.Error("Invalid configuration: Expected invalid BaseDN error but got:", err)
}
badConfig = &Config{Server: "127.0.0.1", Port: 1, Security: testConfig.BindSecurity, BaseDN: testConfig.BaseDN}
if _, err = Authenticate(badConfig, "go-ad-auth", "invalid password"); !strings.Contains(err.Error(), "Connection error") {
t.Error("Connect error: Expected connection error but got:", err)
}
if testConfig.BindUPN == "" || testConfig.BindPass == "" {
t.Skip("ADTEST_BIND_UPN or ADTEST_BIND_PASS not set")
return
}
status, err = Authenticate(config, testConfig.BindUPN, testConfig.BindPass)
if err != nil {
t.Fatal("Valid UPN: Expected err to be nil but got:", err)
}
if !status {
t.Error("Valid UPN: Expected authenticate status to be true")
}
var username string
if splits := strings.Split(testConfig.BindUPN, "@"); len(splits) == 2 {
username = splits[0]
} else {
t.Fatalf("Expected BIND_UPN (%s) to be splittable", testConfig.BindUPN)
}
status, err = Authenticate(config, username, testConfig.BindPass)
if err != nil {
t.Fatal("Valid username: Expected err to be nil but got:", err)
}
if !status {
t.Error("Valid username: Expected authenticate status to be true")
}
}
func TestAuthenticateExtended(t *testing.T) {
if testConfig.Server == "" {
t.Skip("ADTEST_SERVER not set")
return
}
if testConfig.BaseDN == "" {
t.Skip("ADTEST_BASEDN not set")
return
}
config := &Config{Server: testConfig.Server, Port: testConfig.Port, Security: testConfig.BindSecurity, BaseDN: testConfig.BaseDN}
status, _, _, err := AuthenticateExtended(config, "go-ad-auth", "invalid password", nil, nil)
if err != nil {
t.Fatal("Invalid credentials: Expected err to be nil but got:", err)
}
if status {
t.Error("Invalid credentials: Expected authenticate status to be false")
}
badConfig := &Config{Server: testConfig.Server, Port: testConfig.Port, Security: testConfig.BindSecurity, BaseDN: "Bad BaseDN"}
if _, _, _, err = AuthenticateExtended(badConfig, "go-ad-auth", "invalid password", nil, nil); !strings.Contains(err.Error(), "invalid BaseDN") {
t.Error("Invalid configuration: Expected invalid BaseDN error but got:", err)
}
badConfig = &Config{Server: "127.0.0.1", Port: 1, Security: testConfig.BindSecurity, BaseDN: testConfig.BaseDN}
if _, _, _, err = AuthenticateExtended(badConfig, "go-ad-auth", "invalid password", nil, nil); !strings.Contains(err.Error(), "Connection error") {
t.Error("Connect error: Expected connection error but got:", err)
}
if testConfig.BindUPN == "" || testConfig.BindPass == "" {
t.Skip("ADTEST_BIND_UPN or ADTEST_BIND_PASS not set")
return
}
status, _, _, err = AuthenticateExtended(config, testConfig.BindUPN, testConfig.BindPass, nil, nil)
if err != nil {
t.Fatal("Valid UPN: Expected err to be nil but got:", err)
}
if !status {
t.Error("Valid UPN: Expected authenticate status to be true")
}
var username string
if splits := strings.Split(testConfig.BindUPN, "@"); len(splits) == 2 {
username = splits[0]
} else {
t.Fatalf("Expected BIND_UPN (%s) to be splittable", testConfig.BindUPN)
}
status, _, _, err = AuthenticateExtended(config, username, testConfig.BindPass, nil, nil)
if err != nil {
t.Fatal("Valid username: Expected err to be nil but got:", err)
}
if !status {
t.Error("Valid username: Expected authenticate status to be true")
}
status, entry, _, err := AuthenticateExtended(config, testConfig.BindUPN, testConfig.BindPass, []string{"memberOf"}, nil)
if err != nil {
t.Fatal("memberOf attrs: Expected err to be nil but got:", err)
}
if !status {
t.Error("memberOf attrs: Expected authenticate status to be true")
}
//use dn for even groups and cn for odd groups
dnGroups := entry.GetAttributeValues("memberOf")
var checkGroups []string
for i, group := range dnGroups {
if i%2 == 0 {
checkGroups = append(checkGroups, group)
} else {
cn := dnToCN(group)
if cn != "" {
checkGroups = append(checkGroups, cn)
}
}
}
status, entry, userGroups, err := AuthenticateExtended(config, testConfig.BindUPN, testConfig.BindPass, nil, checkGroups)
if err != nil {
t.Fatal("memberOf attrs: Expected err to be nil but got:", err)
}
if !status {
t.Error("memberOf attrs: Expected authenticate status to be true")
}
sort.Strings(checkGroups)
sort.Strings(userGroups)
if len(checkGroups) != len(userGroups) {
t.Fatalf("Expected returned group count (%d) to be equal to searched group count (%d)", len(userGroups), len(checkGroups))
}
for i := range checkGroups {
if checkGroups[i] != userGroups[i] {
t.Fatalf("Expected returned group (%s) to be equal to searched group (%s):", userGroups[i], checkGroups[i])
}
}
for _, attr := range entry.Attributes {
if attr.Name == "memberOf" {
t.Error("memberOf check: Expected memberOf to not be present")
}
}
}