Improve the test suite and add a test case

williamdes · williamdes · commit 546eacc5938d · 2022-07-24T01:37:30.000+02:00
diff --git a/docker/tests/data/email6.ldiff b/docker/tests/data/email6.ldiff
@@ -0,0 +1,17 @@
+dn: mail=elon@caldin.eu,o=caldin.eu,ou=people,dc=example,dc=org
+cn: Elon Caldin
+givenname: elon
+mail: elon@caldin.eu
+mailalias: elon.caldin@caldin.eu
+mailalias: musk@caldin.de
+mailenabled: TRUE
+mailgidnumber: 5000
+mailhomedirectory: /var/mail/caldin.eu/elon/
+mailstoragedirectory: maildir:/var/mail/caldin.eu/elon/
+mailuidnumber: 5000
+objectclass: inetOrgPerson
+objectclass: top
+objectclass: PostfixBookMailAccount
+sn: Caldin
+uid: elon
+userpassword: {SSHA}GA1/ggm6DAJ2AyJzJqAZsLS7YbsKklVm
diff --git a/docker/tests/run.sh b/docker/tests/run.sh
@@ -4,35 +4,36 @@
 # @author William Desportes <williamdes@wdes.fr>
 ##
 
-set -eux
+seedFile() {
+    ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < "/tests/data/$1.ldiff"
+}
 
-ldapwhoami -H ldap://openldap -D cn=admin,dc=example,dc=org -w "admin"
-ldapwhoami -H ldap://openldap -D cn=config -w "config"
-ldapwhoami -H ldap://openldap -D cn=monitor -w "monitor"
-
-echo 'Seeding org'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/org.ldiff
+seedEmail() {
+    echo "Seeding email: $1"
+    seedFile "$1"
+}
 
-echo 'Seeding email 1'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/email1.ldiff
+seedOrg() {
+    echo "Seeding org: $1"
+    seedFile "$1"
+}
 
-echo 'Seeding email 2'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/email2.ldiff
+set -eu
 
-echo 'Seeding org for email 3'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/org-email3.ldiff
-
-echo 'Seeding email 3'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/email3.ldiff
-
-echo 'Seeding email 4'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/email4.ldiff
+ldapwhoami -H ldap://openldap -D cn=admin,dc=example,dc=org -w "admin"
+ldapwhoami -H ldap://openldap -D cn=config -w "config"
+ldapwhoami -H ldap://openldap -D cn=monitor -w "monitor"
 
-echo 'Seeding org for email 5'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/org-email5.ldiff
+seedOrg org
+seedOrg org-email3
+seedOrg org-email5
 
-echo 'Seeding email 5'
-ldapadd -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin < /tests/data/email5.ldiff
+seedEmail email1
+seedEmail email2
+seedEmail email3
+seedEmail email4
+seedEmail email5
+seedEmail email6
 
 echo 'Print results'
 ldapsearch -LLL -H ldap://openldap -D "cn=admin,dc=example,dc=org" -w admin -b "ou=people,dc=example,dc=org" '*'
@@ -46,6 +47,26 @@ ldapsearch -LLL -x -H ldap://openldap -b "" -s base supportedSASLMechanisms
 
 echo 'Login as email 1'
 ldapwhoami -H ldap://openldap -D "cn=John Pondu,ou=people,dc=example,dc=org" -w 'JohnPassWord!645987zefdm'
+echo 'Login as email 1 bad password'
+ldapwhoami -H ldap://openldap -D "cn=Pondu John,ou=people,dc=example,dc=org" -w 'JohnPassWord!s645987zefdm' && ret=$? || ret=$?
+if [ $ret -ne 49 ]; then
+    echo "Login should not work as the CN is wrong ($ret)"
+    exit 1
+fi
+
+echo 'Login as email 1 no password'
+ldapwhoami -H ldap://openldap -D "cn=John Pondu,ou=people,dc=example,dc=org" && ret=$? || ret=$?
+if [ $ret -ne 53 ]; then
+    echo "Login should not work as the password is missing ($ret)"
+    exit 1
+fi
+
+echo 'Login as email 1 bad password'
+ldapwhoami -H ldap://openldap -D "cn=John Pondu,ou=people,dc=example,dc=org" -w 'JohnPassWord!s645987zefdm' && ret=$? || ret=$?
+if [ $ret -ne 49 ]; then
+    echo "Login should not work as the password is wrong ($ret)"
+    exit 1
+fi
 
 echo 'Login as email 2'
 ldapwhoami -H ldap://openldap -D "cn=Cyrielle Pondu,ou=people,dc=example,dc=org" -w 'PassCyrielle!ILoveDogs'
@@ -63,4 +84,22 @@ echo -e "\tUsing simple auth"
 ldapwhoami -H ldap://openldap -D "mail=edwin@warz.eu,o=warz.eu,ou=people,dc=example,dc=org" -w 'oHHGf7YyJSihb6ifSwNWZPtEGzijjp8'
 
 echo 'Login as email 5'
+echo -e "\tUsing simple auth"
 ldapwhoami -H ldap://openldap -D "mail=elana@caldin.eu,o=caldin.eu,ou=people,dc=example,dc=org" -w 'bandedetsylish'
+echo -e "\tUsing SASL auth"
+ldapwhoami -Q -H ldap://openldap -U elana@caldin.eu -w 'bandedetsylish' && ret=$? || ret=$?
+if [ $ret -ne 49 ]; then
+    echo "Login can not work because the password is not usable for SASL and SRP secret is not set ($ret)"
+    exit 1
+fi
+
+echo 'Login as email 6'
+echo -e "\tUsing SASL auth"
+ldapwhoami -Q -H ldap://openldap -U elon@caldin.eu -w 'HVxmD6ejZ9nUX6MSnQUvqKui5YYG56P' && ret=$? || ret=$?
+if [ $ret -ne 49 ]; then
+    echo "Login should not work for clear text passwords in the DB ($ret)"
+    exit 1
+fi
+
+echo -e "\tUsing simple auth"
+ldapwhoami -H ldap://openldap -D "mail=elon@caldin.eu,o=caldin.eu,ou=people,dc=example,dc=org" -w 'HVxmD6ejZ9nUX6MSnQUvqKui5YYG56P'
