From bba1d7c8aa1a2de8645ada6764e2ef4821d49d92 Mon Sep 17 00:00:00 2001
From: Robert <rw@roko.li>
Date: Tue, 26 Oct 2021 11:11:24 +0200
Subject: [PATCH] test: Add ldap tests

---
 userausfall/ldap.py  | 78 ++++++++++++++++++++++++--------------------
 userausfall/tests.py | 27 +++++++++++++++
 2 files changed, 69 insertions(+), 36 deletions(-)
 create mode 100644 userausfall/tests.py

diff --git a/userausfall/ldap.py b/userausfall/ldap.py
index 7e2e0b9..e5cc5be 100644
--- a/userausfall/ldap.py
+++ b/userausfall/ldap.py
@@ -1,44 +1,50 @@
 from django.conf import settings
-from ldap3 import Connection, Server, SYNC
+from ldap3 import Connection, MOCK_SYNC, SAFE_SYNC, Server
 
 
-def create_account(username, raw_password):
-    connection = _get_connection()
-    is_success = connection.add(
-        f"cn={username},dc=local",
-        ["simpleSecurityObject", "organizationalRole"],
-        {"userPassword": raw_password},
-    )
-    return is_success
+class LDAPManager:
+    def __init__(self):
+        if not getattr(settings, "USERAUSFALL_LDAP_IS_TEST", False):
+            self.connection = self._get_connection()
+        else:
+            self.connection = self._get_test_connection()
 
+    def create_account(self, username, raw_password):
+        is_success = self.connection.add(
+            f"cn={username},dc=local",
+            ["simpleSecurityObject", "organizationalRole"],
+            {"userPassword": raw_password},
+        )
+        return is_success
 
-def account_exists(username):
-    connection = _get_connection()
-    exists = connection.search(f"cn={username},dc=local", "(objectclass=simpleSecurityObject)")
-    return exists
+    def has_account(self, username):
+        exists = self.connection.search(f"cn={username},dc=local", "(objectclass=simpleSecurityObject)")
+        return exists
 
+    def is_valid_account_data(self, username, raw_password):
+        is_valid = self.connection.search(
+            f"cn={username},dc=local",
+            "(objectclass=simpleSecurityObject)",
+            attributes=["userPassword"],
+        )
+        if is_valid:
+            is_valid = self.connection.entries[0]["userPassword"].value == raw_password
+        return is_valid
 
-def is_valid_account_data(username, raw_password):
-    connection = _get_connection()
-    is_valid = connection.search(
-        f"cn={username},dc=local",
-        "(objectclass=simpleSecurityObject)",
-        attributes=["userPassword"],
-    )
-    if is_valid:
-        is_valid = connection.entries[0]["userPassword"].value == raw_password
-    return is_valid
+    def _get_connection(self):
+        server = Server("localhost")
+        connection = Connection(
+            server,
+            settings.USERAUSFALL_LDAP["ADMIN_USER_DN"],
+            settings.USERAUSFALL_LDAP["ADMIN_USER_PASSWORD"],
+            client_strategy=SAFE_SYNC,
+            auto_bind=True,
+        )
+        return connection
 
-
-def _get_connection():
-    server = Server("localhost")
-    # The SAFE_SYNC client strategy doesn't seem to be present in Buster version of ldap3. We might want to use it as
-    # soon as it is available (multithreading).
-    connection = Connection(
-        server,
-        settings.USERAUSFALL_LDAP["ADMIN_USER_DN"],
-        settings.USERAUSFALL_LDAP["ADMIN_USER_PASSWORD"],
-        client_strategy=SYNC,
-        auto_bind=True,
-    )
-    return connection
+    def _get_test_connection(self):
+        server = Server("testserver")
+        connection = Connection(server, user="cn=admin,dc=local", password="admin_secret", client_strategy=MOCK_SYNC)
+        connection.strategy.add_entry("cn=admin,dc=local", {"userPassword": "admin_secret"})
+        connection.bind()
+        return connection
diff --git a/userausfall/tests.py b/userausfall/tests.py
new file mode 100644
index 0000000..269c892
--- /dev/null
+++ b/userausfall/tests.py
@@ -0,0 +1,27 @@
+from django.test import override_settings, TestCase
+
+from userausfall.ldap import LDAPManager
+
+
+@override_settings(USERAUSFALL_LDAP_IS_TEST=True)
+class LDAPTestCase(TestCase):
+    def setUp(self) -> None:
+        self.username = "test"
+        self.password = "test12345"
+        self.ldap = LDAPManager()
+
+    def test_create_has_account(self):
+        exists = self.ldap.has_account(self.username)
+        self.assertFalse(exists)
+        is_created = self.ldap.create_account(self.username, self.password)
+        self.assertTrue(is_created)
+        exists = self.ldap.has_account(self.username)
+        self.assertTrue(exists)
+
+    def test_create_account_data(self):
+        is_valid = self.ldap.is_valid_account_data(self.username, self.password)
+        self.assertFalse(is_valid)
+        is_created = self.ldap.create_account(self.username, self.password)
+        self.assertTrue(is_created)
+        is_valid = self.ldap.is_valid_account_data(self.username, self.password)
+        self.assertTrue(is_valid)