From dec65e2d4dfcd71246d2ba93c3d9ef18dd03b3d0 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 4 Jul 2018 10:58:23 +0200 Subject: [PATCH 1/7] tests: convert ldap test ot use only unicode in settings (#23698) --- tests/test_ldap.py | 85 ++++++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 37 deletions(-) diff --git a/tests/test_ldap.py b/tests/test_ldap.py index 5a22dba5..4611164e 100644 --- a/tests/test_ldap.py +++ b/tests/test_ldap.py @@ -10,6 +10,7 @@ from ldaptools.slapd import Slapd, has_slapd from django.contrib.auth import get_user_model from django.core.exceptions import ImproperlyConfigured from django.core import mail +from django.utils.encoding import force_text from authentic2.a2_rbac.utils import get_default_ou from django_rbac.utils import get_ou_model @@ -23,7 +24,7 @@ pytestmark = pytest.mark.skipunless(has_slapd(), reason='slapd is not installed' USERNAME = u'etienne.michu' UID = 'etienne.michu' CN = 'Étienne Michu' -DN = 'cn=%s,o=orga' % escape_dn_chars(CN) +DN = 'cn=%s,o=ôrga' % escape_dn_chars(CN) PASS = 'passé' EMAIL = 'etienne.michu@example.net' @@ -31,7 +32,12 @@ EMAIL = 'etienne.michu@example.net' @pytest.fixture def slapd(request): slapd = Slapd() - slapd.add_ldif('''dn: {dn} + slapd.add_db('o=ôrga') + slapd.add_ldif('''dn: o=ôrga +objectClass: organization +o: ôrga + +dn: {dn} objectClass: inetOrgPerson userPassword: {password} uid: {uid} @@ -40,13 +46,13 @@ sn: Michu gn: Étienne mail: etienne.michu@example.net -dn: cn=group1,o=orga +dn: cn=group1,o=ôrga objectClass: groupOfNames member: {dn} '''.format(dn=DN, uid=UID, password=PASS)) for i in range(100): - slapd.add_ldif('''dn: uid=michu{i},o=orga + slapd.add_ldif('''dn: uid=michu{i},o=ôrga objectClass: inetOrgPerson userPassword: {password} uid: michu{i} @@ -56,7 +62,7 @@ gn: Étienne mail: etienne.michu@example.net '''.format(i=i, password=PASS)) - group_ldif = '''dn: cn=group2,o=orga + group_ldif = '''dn: cn=group2,o=ôrga gidNumber: 10 objectClass: posixGroup memberUid: {uid} @@ -81,7 +87,7 @@ def test_connection(slapd): def test_simple(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, }] result = client.post('/login/', {'login-password-submit': '1', @@ -108,9 +114,9 @@ def test_simple(slapd, settings, client): def test_simple_with_binddn(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'binddn': DN, + 'binddn': force_text(DN), 'bindpw': PASS, - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, }] result = client.post('/login/', {'login-password-submit': '1', @@ -136,7 +142,7 @@ def test_simple_with_binddn(slapd, settings, client): def test_double_login(slapd, simple_user, settings, app): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'is_superuser': True, 'is_staff': True, @@ -149,7 +155,7 @@ def test_double_login(slapd, simple_user, settings, app): def test_keep_password_in_session(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'keep_password_in_session': True, }] @@ -178,7 +184,7 @@ def test_custom_ou(slapd, settings, client): ou = OU.objects.create(name='test', slug='test') settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'ou_slug': 'test', }] @@ -201,7 +207,7 @@ def test_custom_ou(slapd, settings, client): def test_wrong_ou(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'ou_slug': 'test', }] @@ -232,11 +238,11 @@ def test_group_mapping(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'create_group': True, 'group_mapping': [ - ('cn=group1,o=orga', ['Group1']), + [u'cn=group1,o=ôrga', ['Group1']], ], }] assert Group.objects.filter(name='Group1').count() == 0 @@ -254,11 +260,11 @@ def test_posix_group_mapping(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'create_group': True, 'group_mapping': [ - ('cn=group2,o=orga', ['Group2']), + [u'cn=group2,o=ôrga', ['Group2']], ], 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', }] @@ -278,10 +284,10 @@ def test_group_to_role_mapping(slapd, settings, client): Role.objects.get_or_create(name='Role1') settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'group_to_role_mapping': [ - ('cn=group1,o=orga', ['Role1']), + ['cn=group1,o=ôrga', ['Role1']], ], }] response = client.post('/login/', {'login-password-submit': '1', @@ -298,10 +304,10 @@ def test_posix_group_to_role_mapping(slapd, settings, client): Role.objects.get_or_create(name='Role2') settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'group_to_role_mapping': [ - ('cn=group2,o=orga', ['Role2']), + ['cn=group2,o=ôrga', ['Role2']], ], 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', }] @@ -318,9 +324,9 @@ def test_group_su(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': 'o=ôrga', 'use_tls': False, - 'groupsu': ['cn=group1,o=orga'], + 'groupsu': [u'cn=group1,o=ôrga'], }] response = client.post('/login/', {'login-password-submit': '1', 'username': USERNAME, @@ -337,9 +343,9 @@ def test_group_staff(slapd, settings, client): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, - 'groupstaff': ['cn=group1,o=orga'], + 'groupstaff': [u'cn=group1,o=ôrga'], }] response = client.post('/login/', {'login-password-submit': '1', 'username': 'etienne.michu', @@ -358,11 +364,11 @@ def test_get_users(slapd, settings): User = get_user_model() settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'create_group': True, 'group_mapping': [ - ('cn=group2,o=orga', ['Group2']), + [u'cn=group2,o=ôrga', ['Group2']], ], 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', }] @@ -408,11 +414,11 @@ def test_set_mandatory_roles(slapd, settings): User = get_user_model() settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'create_group': True, 'group_mapping': [ - ('cn=group2,o=orga', ['Group2']), + [u'cn=group2,o=ôrga', ['Group2']], ], 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', 'set_mandatory_roles': ['tech', 'admin'], @@ -427,11 +433,11 @@ def test_nocreate_mandatory_roles(slapd, settings): User = get_user_model() settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'create_group': True, 'group_mapping': [ - ('cn=group2,o=orga', ['Group2']), + [u'cn=group2,o=ôrga', ['Group2']], ], 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', 'set_mandatory_roles': ['tech', 'admin'], @@ -445,11 +451,16 @@ def test_nocreate_mandatory_roles(slapd, settings): def slapd_strict_acl(slapd): # forbid modifications by user themselves conn = slapd.get_connection_external() + result = conn.search_s( + 'cn=config', + ldap.SCOPE_SUBTREE, + 'olcSuffix=o=ôrga') + dn = result[0][0] conn.modify_s( - 'olcDatabase={1}mdb,cn=config', + dn, [ (ldap.MOD_REPLACE, 'olcAccess', [ - '{0}to * by dn.subtree="o=orga" none by * manage' + '{0}to * by dn.subtree="o=ôrga" none by * manage' ]) ]) return slapd @@ -459,11 +470,11 @@ def test_no_connect_with_user_credentials(slapd_strict_acl, db, settings, app): slapd = slapd_strict_acl settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'basedn': 'o=orga', + 'basedn': u'o=ôrga', 'use_tls': False, 'create_group': True, 'group_mapping': [ - ('cn=group2,o=orga', ['Group2']), + ['cn=group2,o=ôrga', ['Group2']], ], 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', 'set_mandatory_roles': ['tech', 'admin'], @@ -486,9 +497,9 @@ def test_no_connect_with_user_credentials(slapd_strict_acl, db, settings, app): def test_reset_password_ldap_user(slapd, settings, app, db): settings.LDAP_AUTH_SETTINGS = [{ 'url': [slapd.ldap_url], - 'binddn': slapd.root_bind_dn, - 'bindpw': slapd.root_bind_password, - 'basedn': 'o=orga', + 'binddn': force_text(slapd.root_bind_dn), + 'bindpw': force_text(slapd.root_bind_password), + 'basedn': u'o=ôrga', 'use_tls': False, }] User = get_user_model() -- 2.18.0