ruby-activeldap 0.7.4 → 0.8.0

data/test/test_object_class.rb

@@ -0,0 +1,32 @@
+require 'al-test-utils'
+
+class TestObjectClass < Test::Unit::TestCase
+  include AlTestUtils
+
+  priority :must
+
+  priority :normal
+  def test_unknown_object_class
+    make_temporary_group do |group|
+      assert_raises(ActiveLdap::ObjectClassError) do
+        group.add_class("unknownObjectClass")
+      end
+    end
+  end
+
+  def test_remove_required_class
+    make_temporary_group do |group|
+      assert_raises(ActiveLdap::RequiredObjectClassMissed) do
+        group.remove_class("posixGroup")
+      end
+    end
+  end
+
+  def test_invalid_object_class_value
+    make_temporary_group do |group|
+      assert_raises(TypeError) {group.add_class(:posixAccount)}
+    end
+  end
+
+  priority :normal
+end

data/test/test_reflection.rb

@@ -0,0 +1,173 @@
+require 'al-test-utils'
+
+class TestReflection < Test::Unit::TestCase
+  include AlTestUtils
+
+  priority :must
+
+  priority :normal
+  def test_base_class
+    assert_equal(ActiveLdap::Base, ActiveLdap::Base.base_class)
+    assert_equal(@user_class, @user_class.base_class)
+    sub_user_class = Class.new(@user_class)
+    assert_equal(@user_class, sub_user_class.base_class)
+  end
+
+  def test_respond_to?
+    make_temporary_user do |user, password|
+      attributes = user.must + user.may
+      _wrap_assertion do
+        attributes.each do |name|
+          assert(user.respond_to?(name), name)
+          assert(user.respond_to?("#{name}="), "#{name}=")
+          assert(user.respond_to?("#{name}?"), "#{name}?")
+          assert(user.respond_to?("#{name}_before_type_cast"),
+                 "#{name}_before_type_cast")
+        end
+      end
+
+      user.replace_class(user.class.required_classes)
+      new_attributes = collect_attributes(user.class.required_classes)
+
+      _wrap_assertion do
+        assert_not_equal([], new_attributes)
+        new_attributes.each do |name|
+          assert(user.respond_to?(name), name)
+          assert(user.respond_to?("#{name}="), "#{name}=")
+          assert(user.respond_to?("#{name}?"), "#{name}?")
+          assert(user.respond_to?("#{name}_before_type_cast"),
+                 "#{name}_before_type_cast")
+        end
+
+        remained_attributes = (attributes - new_attributes)
+        assert_not_equal([], remained_attributes)
+        remained_attributes.each do |name|
+          assert(!user.respond_to?(name), name)
+          assert(!user.respond_to?("#{name}="), "#{name}=")
+          assert(!user.respond_to?("#{name}?"), "#{name}?")
+          assert(!user.respond_to?("#{name}_before_type_cast"),
+                 "#{name}_before_type_cast")
+        end
+      end
+    end
+  end
+
+  def test_methods
+    make_temporary_user do |user, password|
+      assert_equal(user.methods.uniq.size, user.methods.size)
+      assert_equal(user.methods(false).uniq.size, user.methods(false).size)
+    end
+
+    make_temporary_user do |user, password|
+      attributes = user.must + user.may - ["objectClass"]
+      assert_equal([], attributes - user.methods)
+      assert_equal([], attributes - user.methods(false))
+
+      assert_methods_with_only_required_classes(user, attributes)
+    end
+
+    make_temporary_user do |user, password|
+      user.remove_class("inetOrgPerson")
+      attributes = user.must + user.may - ["objectClass"]
+      assert_equal([], attributes - user.methods)
+      assert_equal([], attributes - user.methods(false))
+
+      assert_methods_with_only_required_classes(user, attributes)
+    end
+
+    make_temporary_user do |user, password|
+      attributes = user.must + user.may - ["objectClass"]
+      attributes = attributes.collect {|x| x.downcase}
+      assert_not_equal([], attributes - user.methods)
+      assert_not_equal([], attributes - user.methods(false))
+
+      normalize_attributes_list = Proc.new do |*attributes_list|
+        attributes_list.collect do |attrs|
+          attrs.collect {|x| x.downcase}
+        end
+      end
+      assert_methods_with_only_required_classes(user, attributes,
+                                                &normalize_attributes_list)
+    end
+
+    make_temporary_user do |user, password|
+      attributes = user.must + user.may - ["objectClass"]
+      attributes = attributes.collect do |x|
+        Inflector.underscore(x)
+      end
+      assert_equal([], attributes - user.methods)
+      assert_equal([], attributes - user.methods(false))
+
+      normalize_attributes_list = Proc.new do |*attributes_list|
+        attributes_list.collect do |attrs|
+          attrs.collect {|x| Inflector.underscore(x)}
+        end
+      end
+      assert_methods_with_only_required_classes(user, attributes,
+                                                &normalize_attributes_list)
+    end
+
+    make_temporary_user do |user, password|
+      user.remove_class("inetOrgPerson")
+      attributes = user.must + user.may - ["objectClass"]
+      attributes = attributes.collect do |x|
+        Inflector.underscore(x)
+      end
+      assert_equal([], attributes - user.methods)
+      assert_equal([], attributes - user.methods(false))
+
+      normalize_attributes_list = Proc.new do |*attributes_list|
+        attributes_list.collect do |attrs|
+          attrs.collect {|x| Inflector.underscore(x)}
+        end
+      end
+      assert_methods_with_only_required_classes(user, attributes,
+                                                &normalize_attributes_list)
+    end
+  end
+
+  def test_attribute_names
+    make_temporary_user do |user, password|
+      attributes = collect_attributes(user.classes)
+      assert_equal([], attributes.uniq - user.attribute_names)
+      assert_equal([], user.attribute_names - attributes.uniq)
+    end
+  end
+
+  def assert_methods_with_only_required_classes(object, attributes)
+    old_classes = (object.classes - object.class.required_classes).uniq
+    old_attributes = collect_attributes(old_classes, false).uniq.sort
+    required_attributes = collect_attributes(object.class.required_classes,
+                                             false).uniq.sort
+    if block_given?
+      old_attributes, required_attributes =
+        yield(old_attributes, required_attributes)
+    end
+
+    object.replace_class(object.class.required_classes)
+
+    assert_equal([],
+                 old_attributes -
+                   (attributes - object.methods - required_attributes) -
+                    required_attributes)
+    assert_equal([],
+                 old_attributes -
+                   (attributes - object.methods(false) - required_attributes) -
+                   required_attributes)
+  end
+
+  def collect_attributes(object_classes, with_aliases=true)
+    attributes = []
+    object_classes.each do |object_class|
+      attrs = ActiveLdap::Base.schema.class_attributes(object_class)
+      if with_aliases
+        (attrs[:must] + attrs[:may]).each do |name|
+          attributes.concat(ActiveLdap::Base.schema.attribute_aliases(name))
+        end
+      else
+        attributes.concat(attrs[:must] + attrs[:may])
+      end
+    end
+    attributes
+  end
+end

data/test/test_schema.rb

@@ -0,0 +1,166 @@
+require 'al-test-utils'
+
+class TestSchema < Test::Unit::TestCase
+  def test_name_as_key
+    top_schema = "( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' " +
+                 "ABSTRACT MUST objectClass )"
+    expect = {
+      :name => ["top"],
+      :desc => ['top of the superclass chain'],
+      :abstract => ["TRUE"],
+      :must => ["objectClass"]
+    }
+    assert_schema(expect, "2.5.6.0", top_schema)
+    assert_schema(expect, "top", top_schema)
+  end
+
+  def test_name_as_key_for_multiple_name
+    uid_schema = "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) " +
+                 "DESC 'RFC1274: user identifier' EQUALITY caseIgnoreMatch " +
+                 "SUBSTR caseIgnoreSubstringsMatch " +
+                 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )"
+
+    expect = {
+      :name => ["uid", "userid"],
+      :desc => ['RFC1274: user identifier'],
+      :equality => ["caseIgnoreMatch"],
+      :substr => ["caseIgnoreSubstringsMatch"],
+      :syntax => ["1.3.6.1.4.1.1466.115.121.1.15{256}"],
+    }
+    assert_schema(expect, "0.9.2342.19200300.100.1.1", uid_schema)
+    assert_schema(expect, "uid", uid_schema)
+    assert_schema(expect, "userid", uid_schema)
+  end
+
+  def test_dollar
+    dn_match_schema = "( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES " +
+                      "( creatorsName $ modifiersName $ subschemaSubentry " +
+                      "$ namingContexts $ aliasedObjectName $ " +
+                      "distinguishedName $ seeAlso $ olcDefaultSearchBase $ " +
+                      "olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ " +
+                      "member $ owner $ roleOccupant $ manager $ " +
+                      "documentAuthor $ secretary $ associatedName $ " +
+                      "dITRedirect ) )"
+
+    expect = {
+      :name => ["distinguishedNameMatch"],
+      :applies => %w(creatorsName modifiersName subschemaSubentry
+                     namingContexts aliasedObjectName
+                     distinguishedName seeAlso olcDefaultSearchBase
+                     olcRootDN olcSchemaDN olcSuffix olcUpdateDN
+                     member owner roleOccupant manager
+                     documentAuthor secretary associatedName
+                     dITRedirect),
+    }
+    assert_schema(expect, "2.5.13.1", dn_match_schema)
+    assert_schema(expect, "distinguishedNameMatch", dn_match_schema)
+  end
+
+  def test_dc_object
+    dc_object_schema = "( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC " +
+                       "'RFC2247: domain component object' SUP top " +
+                       "AUXILIARY MUST dc )"
+
+    expect = {
+      :name => ["dcObject"],
+      :desc => ['RFC2247: domain component object'],
+      :auxiliary => ["TRUE"],
+      :must => ["dc"],
+    }
+    assert_schema(expect, "1.3.6.1.4.1.1466.344", dc_object_schema)
+    assert_schema(expect, "dcObject", dc_object_schema)
+  end
+
+  def test_organization
+    organization_schema = "( 2.5.6.4 NAME 'organization' DESC " +
+                          "'RFC2256: an organization' SUP top STRUCTURAL " +
+                          "MUST o MAY ( userPassword $ searchGuide $ " +
+                          "seeAlso $ businessCategory $ x121Address $ " +
+                          "registeredAddress $ destinationIndicator $ " +
+                          "preferredDeliveryMethod $ telexNumber $ " +
+                          "teletexTerminalIdentifier $ telephoneNumber $ " +
+                          "internationaliSDNNumber $ " +
+                          "facsimileTelephoneNumber $ street $ " +
+                          "postOfficeBox $ postalCode $ postalAddress $ " +
+                          "physicalDeliveryOfficeName $ st $ l $ " +
+                          "description ) )"
+
+    expect = {
+      :name => ["organization"],
+      :desc => ['RFC2256: an organization'],
+      :sup => ["top"],
+      :structural => ["TRUE"],
+      :must => ["o"],
+      :may => %w(userPassword searchGuide seeAlso businessCategory
+                 x121Address registeredAddress destinationIndicator
+                 preferredDeliveryMethod telexNumber
+                 teletexTerminalIdentifier telephoneNumber
+                 internationaliSDNNumber
+                 facsimileTelephoneNumber street
+                 postOfficeBox postalCode postalAddress
+                 physicalDeliveryOfficeName st l description),
+    }
+    assert_schema(expect, "2.5.6.4", organization_schema)
+    assert_schema(expect, "organization", organization_schema)
+  end
+
+  def test_posix_account
+    posix_account_schema = "( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC " +
+                           "'Abstraction of an account with POSIX " +
+                           "attributes' SUP top AUXILIARY MUST ( cn $ " +
+                           "uid $ uidNumber $ gidNumber $ homeDirectory " +
+                           ") MAY ( userPassword $ loginShell $ gecos $ " +
+                           "description ) )"
+    expect = {
+      :name => ["posixAccount"],
+      :desc => ['Abstraction of an account with POSIX attributes'],
+      :sup => ["top"],
+      :auxiliary => ["TRUE"],
+      :must => %w(cn uid uidNumber gidNumber homeDirectory),
+      :may => %w(userPassword loginShell gecos description),
+    }
+    assert_schema(expect, "1.3.6.1.1.1.2.0", posix_account_schema)
+    assert_schema(expect, "posixAccount", posix_account_schema)
+  end
+
+  def test_jpeg_photo
+    jpeg_photo_schema = "( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' " +
+                        "DESC 'RFC2798: a JPEG image' SYNTAX " +
+                        "1.3.6.1.4.1.1466.115.121.1.28 )"
+    expect = {
+      :name => ["jpegPhoto"],
+      :desc => ['RFC2798: a JPEG image'],
+      :syntax => ["1.3.6.1.4.1.1466.115.121.1.28"],
+    }
+    assert_schema(expect, "0.9.2342.19200300.100.1.60", jpeg_photo_schema)
+    assert_schema(expect, "jpegPhoto", jpeg_photo_schema)
+
+    jpeg_schema = "( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' " +
+                  "X-NOT-HUMAN-READABLE 'TRUE' )"
+
+    expect = {
+      :desc => ['JPEG'],
+      :x_not_human_readable => ["TRUE"],
+    }
+    assert_schema(expect, "1.3.6.1.4.1.1466.115.121.1.28", jpeg_schema)
+
+    schema = ActiveLdap::Schema.new({"attributeTypes" => [jpeg_photo_schema],
+                                     "ldapSyntaxes" => [jpeg_schema]})
+    assert(schema.binary?("jpegPhoto"))
+  end
+
+  private
+  def assert_schema(expect, name, schema)
+    sub = "objectClass"
+    entry = {sub => [schema]}
+    schema = ActiveLdap::Schema.new(entry)
+    actual = {}
+    normalized_expect = {}
+    expect.each do |key, value|
+      normalized_key = key.to_s.gsub(/_/, "-")
+      normalized_expect[normalized_key] = value
+      actual[normalized_key] = schema.attr(sub, name, normalized_key)
+    end
+    assert_equal(normalized_expect, actual)
+  end
+end

data/test/test_user.rb

@@ -0,0 +1,209 @@
+require 'al-test-utils'
+
+class TestUser < Test::Unit::TestCase
+  include AlTestUtils
+
+  # This adds all required attributes and writes
+  def test_add
+    ensure_delete_user("test-user") do |uid|
+      user = @user_class.new(uid)
+
+      assert(user.new_entry?, "#{uid} must not exist in LDAP prior to testing")
+
+      assert_equal(['posixAccount', 'person'].sort, user.classes.sort,
+                   "Class User's ldap_mapping should specify " +
+                   "['posixAccount', 'person']. This was not returned.")
+
+      user.add_class('posixAccount', 'shadowAccount',
+                     'person', 'inetOrgPerson', 'organizationalPerson')
+
+      cn = 'Test User (Default Language)'
+      user.cn = cn
+      assert_equal(cn, user.cn, 'user.cn should have returned "#{cn}"')
+
+      # test force_array
+      assert_equal([cn], user.cn(true),
+                   'user.cn(true) should have returned "[#{cn}]"')
+
+      cn = {'lang-en-us' => 'Test User (EN-US Language)'}
+      user.cn = cn
+      # Test subtypes
+      assert_equal(cn, user.cn, 'user.cn should match')
+
+      cn = ['Test User (Default Language)',
+            {'lang-en-us' => ['Test User (EN-US Language)', 'Foo']}]
+      user.cn = cn
+      # Test multiple entries with subtypes
+      assert_equal(cn, user.cn,
+                   'This should have returned an array of a ' +
+                   'normal cn and a lang-en-us cn.')
+
+      uid_number = 9000
+      user.uid_number = uid_number
+      # Test to_s on Fixnums
+      assert_equal(uid_number.to_s, user.uid_number)
+
+      gid_number = 9000
+      user.gid_number = gid_number
+      # Test to_s on Fixnums
+      assert_equal(gid_number.to_s, user.gid_number)
+
+      home_directory = '/home/foo'
+      user.home_directory = home_directory
+      # just for sanity's sake
+      assert_equal(home_directory, user.home_directory,
+                   'This should be #{home_directory.dump}.')
+      assert_equal([home_directory], user.home_directory(true),
+                   'This should be [#{home_directory.dump}].')
+
+
+      assert(!user.valid?)
+      assert(user.errors.invalid?(:sn))
+      errors = %w(person organizationalPerson
+                  inetOrgPerson).collect do |object_class|
+        "is required attribute (aliases: surname) by " +
+          "objectClass '#{object_class}'"
+      end
+      assert_equal(errors.sort, user.errors.on(:sn).sort)
+      user.sn = ['User']
+      assert(user.valid?)
+      assert_equal(0, user.errors.size)
+
+      assert_nothing_raised {user.save!}
+
+      user.user_certificate = certificate
+      user.jpeg_photo = jpeg_photo
+
+      assert(ActiveLdap::Base.schema.binary?('jpegPhoto'),
+             'jpegPhoto is binary?')
+
+      assert(ActiveLdap::Base.schema.binary?('userCertificate'),
+             'userCertificate is binary?')
+      assert_nothing_raised {user.save!}
+    end
+  end
+
+
+  # This tests the reload of a binary_required type
+  def test_binary_required
+    make_temporary_user do |user, password|
+      # validate add
+      user.user_certificate = nil
+      assert_equal({'binary' => nil}, user.user_certificate)
+      assert_nothing_raised() { user.save! }
+      assert_equal({'binary' => nil}, user.user_certificate)
+
+      user.user_certificate = {"binary" => [certificate]}
+      assert_equal({'binary' => certificate},
+                   user.user_certificate,
+                   'This should have been forced to be a binary subtype.')
+      assert_nothing_raised() { user.save! }
+      assert_equal({'binary' => certificate},
+                   user.user_certificate,
+                   'This should have been forced to be a binary subtype.')
+
+      # now test modify
+      user.user_certificate = nil
+      assert_equal({"binary" => nil}, user.user_certificate)
+      assert_nothing_raised() { user.save! }
+      assert_equal({"binary" => nil}, user.user_certificate)
+
+      user.user_certificate = certificate
+      assert_equal({'binary' => certificate},
+                   user.user_certificate,
+                   'This should have been forced to be a binary subtype.')
+      assert_nothing_raised() { user.save! }
+
+      # validate modify
+      user = @user_class.find(user.uid)
+      assert_equal({'binary' => certificate},
+                   user.user_certificate,
+                   'This should have been forced to be a binary subtype.')
+
+      expected_cert = OpenSSL::X509::Certificate.new(certificate)
+      actual_cert = user.user_certificate['binary']
+      actual_cert = OpenSSL::X509::Certificate.new(actual_cert)
+      assert_equal(expected_cert.subject.to_s,
+                   actual_cert.subject.to_s,
+                   'Cert must parse correctly still')
+    end
+  end
+
+  def test_binary_required_nested
+    make_temporary_user do |user, password|
+      user.user_certificate = {"lang-en" => [certificate]}
+      assert_equal({'lang-en' => {'binary' => certificate}},
+                   user.user_certificate)
+      assert_nothing_raised() { user.save! }
+      assert_equal({'lang-en' => {'binary' => certificate}},
+                   user.user_certificate)
+    end
+  end
+
+  # This tests the reload of a binary type (not forced!)
+  def test_binary
+    make_temporary_user do |user, password|
+      # reload and see what happens
+      assert_equal(jpeg_photo, user.jpeg_photo,
+                   "This should have been equal to #{jpeg_photo_path.dump}")
+
+      # now test modify
+      user.jpeg_photo = nil
+      assert_nil(user.jpeg_photo)
+      assert_nothing_raised() { user.save! }
+      assert_nil(user.jpeg_photo)
+
+      user.jpeg_photo = jpeg_photo
+      assert_equal(jpeg_photo, user.jpeg_photo)
+      assert_nothing_raised() { user.save! }
+
+      # now validate modify
+      user = @user_class.find(user.uid)
+      assert_equal(jpeg_photo, user.jpeg_photo)
+    end
+  end
+
+  # This tests the removal of a objectclass
+  def test_remove_object_class
+    make_temporary_user do |user, password|
+      assert_nil(user.shadow_max,
+                 'Should get the default nil value for shadowMax')
+
+      # Remove shadowAccount
+      user.remove_class('shadowAccount')
+      assert(user.valid?)
+      assert_nothing_raised() { user.save! }
+
+      assert_raise(NoMethodError,
+                   'shadowMax should not be defined anymore' ) do
+        user.shadow_max
+      end
+    end
+  end
+
+
+  # Just modify a few random attributes
+  def test_modify_with_subtypes
+    make_temporary_user do |user, password|
+      cn = ['Test User', {'lang-en-us' => ['Test User', 'wad']}]
+      user.cn = cn
+      assert_nothing_raised() { user.save! }
+
+      user = @user_class.find(user.uid)
+      assert_equal(cn, user.cn,
+                   'Making sure a modify with mixed subtypes works')
+    end
+  end
+
+  # This tests some invalid input handling
+  def test_invalid_input
+  end
+
+  # This tests deletion
+  def test_destroy
+    make_temporary_user do |user, password|
+      user.destroy
+      assert(user.new_entry?, 'user should no longer exist')
+    end
+  end
+end