net-ldap 0.16.3 → 0.17.0

data/test/integration/test_add.rb

@@ -1,26 +0,0 @@
-require_relative '../test_helper'
-
-class TestAddIntegration < LDAPIntegrationTestCase
-  def setup
-    super
-    @dn = "uid=added-user1,ou=People,dc=example,dc=org"
-  end
-
-  def test_add
-    attrs = {
-      objectclass: %w(top inetOrgPerson organizationalPerson person),
-      uid:  "added-user1",
-      cn:   "added-user1",
-      sn:   "added-user1",
-      mail: "added-user1@rubyldap.com",
-    }
-
-    assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
-
-    assert result = @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject).first
-  end
-
-  def teardown
-    @ldap.delete dn: @dn
-  end
-end

data/test/integration/test_ber.rb

@@ -1,30 +0,0 @@
-require_relative '../test_helper'
-
-class TestBERIntegration < LDAPIntegrationTestCase
-  # Test whether the TRUE boolean value is encoded correctly by performing a
-  # search operation.
-  def test_true_ber_encoding
-    # request these attrs to simplify test; use symbols to match Entry#attribute_names
-    attrs = [:dn, :uid, :cn, :mail]
-
-    assert types_entry = @ldap.search(
-      base: "dc=example,dc=org",
-      filter: "(uid=user1)",
-      size: 1,
-      attributes: attrs,
-      attributes_only: true,
-    ).first
-
-    # matches attributes we requested
-    assert_equal attrs, types_entry.attribute_names
-
-    # assert values are empty
-    types_entry.each do |name, values|
-      next if name == :dn
-      assert values.empty?
-    end
-
-    assert_includes Net::LDAP::ResultCodesSearchSuccess,
-                    @ldap.get_operation_result.code, "should be a successful search operation"
-  end
-end

data/test/integration/test_bind.rb

@@ -1,221 +0,0 @@
-require_relative '../test_helper'
-
-class TestBindIntegration < LDAPIntegrationTestCase
-  INTEGRATION_HOSTNAME = 'ldap.example.org'.freeze
-
-  def test_bind_success
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_timeout
-    @ldap.host = "10.255.255.1" # non-routable IP
-
-    error = assert_raise Net::LDAP::Error do
-      @ldap.bind BIND_CREDS
-    end
-    msgs = ['Operation timed out - user specified timeout',
-            'Connection timed out - user specified timeout']
-    assert_send([msgs, :include?, error.message])
-  end
-
-  def test_bind_anonymous_fail
-    refute @ldap.bind(BIND_CREDS.merge(password: '')),
-           @ldap.get_operation_result.inspect
-
-    result = @ldap.get_operation_result
-    assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
-    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform], result.message
-    assert_equal "unauthenticated bind (DN with no password) disallowed",
-                 result.error_message
-    assert_equal "", result.matched_dn
-  end
-
-  def test_bind_fail
-    refute @ldap.bind(BIND_CREDS.merge(password: "not my password")),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_cafile
-    @ldap.host = INTEGRATION_HOSTNAME
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
-    @ldap.host = INTEGRATION_HOSTNAME
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
-    @ldap.host = '127.0.0.1'
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
-    @ldap.host = '127.0.0.1'
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
-                     ca_file:     CA_FILE },
-    )
-    error = assert_raise Net::LDAP::Error,
-                         Net::LDAP::ConnectionRefusedError do
-      @ldap.bind BIND_CREDS
-    end
-    assert_equal(
-      "hostname \"#{@ldap.host}\" does not match the server certificate",
-      error.message,
-    )
-  end
-
-  def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
-    @ldap.host = '127.0.0.1'
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
-    )
-    error = assert_raise Net::LDAP::Error,
-                         Net::LDAP::ConnectionRefusedError do
-      @ldap.bind BIND_CREDS
-    end
-    assert_equal(
-      "hostname \"#{@ldap.host}\" does not match the server certificate",
-      error.message,
-    )
-  end
-
-  def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails
-    @ldap.host = '127.0.0.1'
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: { ca_file: CA_FILE },
-    )
-    error = assert_raise Net::LDAP::Error,
-                         Net::LDAP::ConnectionRefusedError do
-      @ldap.bind BIND_CREDS
-    end
-    assert_equal(
-      "hostname \"#{@ldap.host}\" does not match the server certificate",
-      error.message,
-    )
-  end
-
-  def test_bind_tls_with_valid_hostname_default_opts_passes
-    @ldap.host = INTEGRATION_HOSTNAME
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
-                                  ca_file:     CA_FILE),
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
-    @ldap.host = INTEGRATION_HOSTNAME
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
-                     ca_file:     CA_FILE },
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_bogus_hostname_system_ca_fails
-    @ldap.host = '127.0.0.1'
-    @ldap.encryption(method: :start_tls, tls_options: {})
-    error = assert_raise Net::LDAP::Error,
-                         Net::LDAP::ConnectionRefusedError do
-      @ldap.bind BIND_CREDS
-    end
-    assert_equal(
-      "hostname \"#{@ldap.host}\" does not match the server certificate",
-      error.message,
-    )
-  end
-
-  def test_bind_tls_with_multiple_hosts
-    @ldap.host = nil
-    @ldap.hosts = [[INTEGRATION_HOSTNAME, 389], [INTEGRATION_HOSTNAME, 389]]
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
-                                  ca_file:     CA_FILE),
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_multiple_bogus_hosts
-    @ldap.host = nil
-    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
-                                  ca_file:     CA_FILE),
-    )
-    error = assert_raise Net::LDAP::Error,
-                         Net::LDAP::ConnectionError do
-      @ldap.bind BIND_CREDS
-    end
-    assert_equal("Unable to connect to any given server: ",
-                 error.message.split("\n").shift)
-  end
-
-  def test_bind_tls_with_multiple_bogus_hosts_no_verification
-    @ldap.host = nil
-    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
-    @ldap.encryption(
-      method:      :start_tls,
-      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-
-  def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
-    @ldap.host = nil
-    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
-    @ldap.encryption(
-      method: :start_tls,
-      tls_options: { ca_file: CA_FILE },
-    )
-    error = assert_raise Net::LDAP::Error,
-                         Net::LDAP::ConnectionError do
-      @ldap.bind BIND_CREDS
-    end
-    assert_equal("Unable to connect to any given server: ",
-                 error.message.split("\n").shift)
-  end
-
-  # This test is CI-only because we can't add the fixture CA
-  # to the system CA store on people's dev boxes.
-  def test_bind_tls_valid_hostname_system_ca_on_travis_passes
-    omit "not sure how to install custom CA cert in travis"
-    omit_unless ENV['TRAVIS'] == 'true'
-
-    @ldap.host = INTEGRATION_HOSTNAME
-    @ldap.encryption(
-      method: :start_tls,
-      tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER },
-    )
-    assert @ldap.bind(BIND_CREDS),
-           @ldap.get_operation_result.inspect
-  end
-end

data/test/integration/test_delete.rb

@@ -1,29 +0,0 @@
-require_relative '../test_helper'
-
-class TestDeleteIntegration < LDAPIntegrationTestCase
-  def setup
-    super
-    @dn = "uid=delete-user1,ou=People,dc=example,dc=org"
-
-    attrs = {
-      objectclass: %w(top inetOrgPerson organizationalPerson person),
-      uid:  "delete-user1",
-      cn:   "delete-user1",
-      sn:   "delete-user1",
-      mail: "delete-user1@rubyldap.com",
-    }
-    unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
-      assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
-    end
-    assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
-  end
-
-  def test_delete
-    assert @ldap.delete(dn: @dn), @ldap.get_operation_result.inspect
-    refute @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
-
-    result = @ldap.get_operation_result
-    assert_equal Net::LDAP::ResultCodeNoSuchObject, result.code
-    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeNoSuchObject], result.message
-  end
-end

data/test/integration/test_open.rb

@@ -1,87 +0,0 @@
-require_relative '../test_helper'
-
-class TestBindIntegration < LDAPIntegrationTestCase
-  def test_binds_without_open
-    events = @service.subscribe "bind.net_ldap_connection"
-
-    @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
-    @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
-
-    assert_equal 2, events.size
-  end
-
-  def test_binds_with_open
-    events = @service.subscribe "bind.net_ldap_connection"
-
-    @ldap.open do
-      @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
-      @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
-    end
-
-    assert_equal 1, events.size
-  end
-
-  # NOTE: query for two or more entries so that the socket must be read
-  # multiple times.
-  # See The Problem: https://github.com/ruby-ldap/ruby-net-ldap/issues/136
-
-  def test_nested_search_without_open
-    entries = []
-    nested_entry = nil
-
-    @ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
-      entries << entry.uid.first
-      nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
-    end
-
-    assert_equal "user3", nested_entry.uid.first
-    assert_equal %w(user1 user2), entries
-  end
-
-  def test_nested_search_with_open
-    entries = []
-    nested_entry = nil
-
-    @ldap.open do
-      @ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
-        entries << entry.uid.first
-        nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
-      end
-    end
-
-    assert_equal "user3", nested_entry.uid.first
-    assert_equal %w(user1 user2), entries
-  end
-
-  def test_nested_add_with_open
-    entries = []
-    nested_entry = nil
-
-    dn = "uid=nested-open-added-user1,ou=People,dc=example,dc=org"
-    attrs = {
-      objectclass: %w(top inetOrgPerson organizationalPerson person),
-      uid:  "nested-open-added-user1",
-      cn:   "nested-open-added-user1",
-      sn:   "nested-open-added-user1",
-      mail: "nested-open-added-user1@rubyldap.com",
-    }
-
-    @ldap.delete dn: dn
-
-    @ldap.open do
-      @ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
-        entries << entry.uid.first
-
-        nested_entry ||= begin
-          assert @ldap.add(dn: dn, attributes: attrs), @ldap.get_operation_result.inspect
-          @ldap.search(base: dn, scope: Net::LDAP::SearchScope_BaseObject).first
-        end
-      end
-    end
-
-    assert_equal %w(user1 user2), entries
-    assert_equal "nested-open-added-user1", nested_entry.uid.first
-  ensure
-    @ldap.delete dn: dn
-  end
-end

data/test/integration/test_password_modify.rb

@@ -1,93 +0,0 @@
-require_relative '../test_helper'
-
-class TestPasswordModifyIntegration < LDAPIntegrationTestCase
-  def setup
-    super
-    @admin_account = { dn: 'cn=admin,dc=example,dc=org', password: 'admin', method: :simple }
-    @ldap.authenticate @admin_account[:dn], @admin_account[:password]
-
-    @dn = 'uid=modify-password-user1,ou=People,dc=example,dc=org'
-
-    attrs = {
-      objectclass: %w(top inetOrgPerson organizationalPerson person),
-      uid: 'modify-password-user1',
-      cn: 'modify-password-user1',
-      sn: 'modify-password-user1',
-      mail: 'modify-password-user1@rubyldap.com',
-      userPassword: 'admin',
-    }
-    unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
-      assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
-    end
-    assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
-
-    @auth = {
-      method: :simple,
-      username: @dn,
-      password: 'admin',
-    }
-  end
-
-  def test_password_modify
-    assert @ldap.password_modify(dn: @dn,
-                                 auth: @auth,
-                                 old_password: 'admin',
-                                 new_password: 'passworD2')
-
-    assert @ldap.get_operation_result.extended_response.nil?,
-           'Should not have generated a new password'
-
-    refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
-           'Old password should no longer be valid'
-
-    assert @ldap.bind(username: @dn, password: 'passworD2', method: :simple),
-           'New password should be valid'
-  end
-
-  def test_password_modify_generate
-    assert @ldap.password_modify(dn: @dn,
-                                 auth: @auth,
-                                 old_password: 'admin')
-
-    generated_password = @ldap.get_operation_result.extended_response[0][0]
-
-    assert generated_password, 'Should have generated a password'
-
-    refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
-           'Old password should no longer be valid'
-
-    assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
-           'New password should be valid'
-  end
-
-  def test_password_modify_generate_no_old_password
-    assert @ldap.password_modify(dn: @dn,
-                                 auth: @auth)
-
-    generated_password = @ldap.get_operation_result.extended_response[0][0]
-
-    assert generated_password, 'Should have generated a password'
-
-    refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
-           'Old password should no longer be valid'
-
-    assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
-           'New password should be valid'
-  end
-
-  def test_password_modify_overwrite_old_password
-    assert @ldap.password_modify(dn: @dn,
-                                 auth: @admin_account,
-                                 new_password: 'passworD3')
-
-    refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
-           'Old password should no longer be valid'
-
-    assert @ldap.bind(username: @dn, password: 'passworD3', method: :simple),
-           'New password should be valid'
-  end
-
-  def teardown
-    @ldap.delete dn: @dn
-  end
-end