Search in sources :

Example 1 with LdapConnector

use of org.graylog2.security.ldap.LdapConnector in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testSyncFromLdapEntryExistingUser.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntryExistingUser() {
    final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
    final LdapEntry userEntry = new LdapEntry();
    final LdapSettings ldapSettings = mock(LdapSettings.class);
    when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
    when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
    when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
    final HashMap<String, Object> fields = Maps.newHashMap();
    fields.put("permissions", Collections.singletonList("test:permission:1234"));
    when(userService.load(anyString())).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), fields));
    final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
    assertThat(ldapUser).isNotNull();
    assertThat(ldapUser.getPermissions()).contains("test:permission:1234");
    assertThat(ldapUser.isExternalUser()).isTrue();
    assertThat(ldapUser.getName()).isEqualTo("user");
    assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
    assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
    assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
    assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
    assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used : User(org.graylog2.plugin.database.users.User) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings) UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet) Test(org.junit.Test)

Example 2 with LdapConnector

use of org.graylog2.security.ldap.LdapConnector in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testSyncFromLdapEntry.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntry() {
    final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
    final LdapEntry userEntry = new LdapEntry();
    final LdapSettings ldapSettings = mock(LdapSettings.class);
    when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
    when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
    when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
    when(userService.create()).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), Maps.newHashMap()));
    final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
    assertThat(ldapUser).isNotNull();
    assertThat(ldapUser.isExternalUser()).isTrue();
    assertThat(ldapUser.getName()).isEqualTo("user");
    assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
    assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
    assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
    assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
    assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used : User(org.graylog2.plugin.database.users.User) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings) UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet) Test(org.junit.Test)

Example 3 with LdapConnector

use of org.graylog2.security.ldap.LdapConnector in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method setUp.

@Before
public void setUp() throws Exception {
    server = getLdapServer();
    final LdapConnectionConfig ldapConfig = new LdapConnectionConfig();
    ldapConfig.setLdapHost("localHost");
    ldapConfig.setLdapPort(server.getPort());
    ldapConfig.setName(ADMIN_DN);
    ldapConfig.setCredentials(ADMIN_PASSWORD);
    configuration = mock(Configuration.class);
    when(configuration.getPasswordSecret()).thenReturn(PASSWORD_SECRET);
    ldapConnector = new LdapConnector(10000);
    ldapSettingsService = mock(LdapSettingsService.class);
    userService = mock(UserService.class);
    ldapSettings = new LdapSettingsImpl(configuration, mock(RoleService.class));
    ldapSettings.setEnabled(true);
    ldapSettings.setUri(URI.create("ldap://localhost:" + server.getPort()));
    ldapSettings.setUseStartTls(false);
    ldapSettings.setSystemUsername(ADMIN_DN);
    ldapSettings.setSystemPassword(ADMIN_PASSWORD);
    ldapSettings.setSearchBase("ou=users,dc=example,dc=com");
    ldapSettings.setSearchPattern("(&(objectClass=posixAccount)(uid={0}))");
    ldapSettings.setDisplayNameAttribute("cn");
    ldapSettings.setActiveDirectory(false);
    ldapSettings.setGroupSearchBase("ou=groups,dc=example,dc=com");
    ldapSettings.setGroupIdAttribute("cn");
    ldapSettings.setGroupSearchPattern("(|(objectClass=groupOfNames)(objectClass=posixGroup))");
}
Also used : LdapSettingsService(org.graylog2.security.ldap.LdapSettingsService) Configuration(org.graylog2.Configuration) UserService(org.graylog2.shared.users.UserService) LdapSettingsImpl(org.graylog2.security.ldap.LdapSettingsImpl) LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig) LdapConnector(org.graylog2.security.ldap.LdapConnector) Before(org.junit.Before)

Example 4 with LdapConnector

use of org.graylog2.security.ldap.LdapConnector in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testDoGetAuthenticationInfoDeniesEmptyPassword.

@Test
public void testDoGetAuthenticationInfoDeniesEmptyPassword() throws Exception {
    final LdapUserAuthenticator authenticator = new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC);
    when(ldapSettingsService.load()).thenReturn(ldapSettings);
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", (char[]) null))).isNull();
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", new char[0]))).isNull();
}
Also used : RoleService(org.graylog2.users.RoleService) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)3 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)2 User (org.graylog2.plugin.database.users.User)2 Permissions (org.graylog2.shared.security.Permissions)2 LdapEntry (org.graylog2.shared.security.ldap.LdapEntry)2 LdapSettings (org.graylog2.shared.security.ldap.LdapSettings)2 UserImpl (org.graylog2.users.UserImpl)2 LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)1 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1 Configuration (org.graylog2.Configuration)1 LdapConnector (org.graylog2.security.ldap.LdapConnector)1 LdapSettingsImpl (org.graylog2.security.ldap.LdapSettingsImpl)1 LdapSettingsService (org.graylog2.security.ldap.LdapSettingsService)1 UserService (org.graylog2.shared.users.UserService)1 RoleService (org.graylog2.users.RoleService)1 Before (org.junit.Before)1 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1