outposts/ldap: add test for attribute filtering (#6189)
add failing test case Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
ae7ea4dd11
commit
fcdf165dfe
|
@ -344,3 +344,76 @@ class TestProviderLDAP(SeleniumTestCase):
|
|||
self.assertIsNotNone(server.schema)
|
||||
self.assertTrue(server.schema.is_valid())
|
||||
self.assertIsNotNone(server.schema.object_classes["goauthentik.io/ldap/user"])
|
||||
|
||||
@retry()
|
||||
@apply_blueprint(
|
||||
"default/flow-default-authentication-flow.yaml",
|
||||
"default/flow-default-invalidation-flow.yaml",
|
||||
)
|
||||
@reconcile_app("authentik_outposts")
|
||||
def test_ldap_search_attrs_filter(self):
|
||||
"""Test search with attributes filtering"""
|
||||
# Remove akadmin to ensure list is correct
|
||||
# Remove user before starting container so it's not cached
|
||||
User.objects.filter(username="akadmin").delete()
|
||||
|
||||
outpost = self._prepare()
|
||||
server = Server("ldap://localhost:3389", get_info=ALL)
|
||||
_connection = Connection(
|
||||
server,
|
||||
raise_exceptions=True,
|
||||
user=f"cn={self.user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
password=self.user.username,
|
||||
)
|
||||
_connection.bind()
|
||||
self.assertTrue(
|
||||
Event.objects.filter(
|
||||
action=EventAction.LOGIN,
|
||||
user={
|
||||
"pk": self.user.pk,
|
||||
"email": self.user.email,
|
||||
"username": self.user.username,
|
||||
},
|
||||
)
|
||||
)
|
||||
|
||||
embedded_account = Outpost.objects.filter(managed=MANAGED_OUTPOST).first().user
|
||||
|
||||
_connection.search(
|
||||
"ou=Users,DC=ldaP,dc=goauthentik,dc=io",
|
||||
"(objectClass=user)",
|
||||
search_scope=SUBTREE,
|
||||
attributes=["cn"],
|
||||
)
|
||||
response: dict = _connection.response
|
||||
# Remove raw_attributes to make checking easier
|
||||
for obj in response:
|
||||
del obj["raw_attributes"]
|
||||
del obj["raw_dn"]
|
||||
o_user = outpost.user
|
||||
self.assertCountEqual(
|
||||
response,
|
||||
[
|
||||
{
|
||||
"dn": f"cn={o_user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
"attributes": {
|
||||
"cn": o_user.username,
|
||||
},
|
||||
"type": "searchResEntry",
|
||||
},
|
||||
{
|
||||
"dn": f"cn={embedded_account.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
"attributes": {
|
||||
"cn": embedded_account.username,
|
||||
},
|
||||
"type": "searchResEntry",
|
||||
},
|
||||
{
|
||||
"dn": f"cn={self.user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
|
||||
"attributes": {
|
||||
"cn": self.user.username,
|
||||
},
|
||||
"type": "searchResEntry",
|
||||
},
|
||||
],
|
||||
)
|
||||
|
|
Reference in New Issue