Re-introduce additional filters for authorisation and user status
authFilter, userNotBlockedFilter
Change-Id: I04fed94a5b1e9de7f00c8d5dd3351e3c6a24b075
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java b/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java
index 48d5c88..c926579 100644
--- a/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java
@@ -16,8 +16,7 @@
import java.security.GeneralSecurityException;
-import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_RNAUTH;
-import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_ROK;
+import static de.ids_mannheim.korap.authentication.LdapAuth3.*;
import static org.junit.Assert.assertEquals;
public class LdapAuth3Test {
@@ -59,26 +58,31 @@
}
@Test
- public void testLoginWithUsername() throws LDAPException {
- assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "topsecret", TEST_LDAP_CONF));
+ public void loginWithExtraProfileNameWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser123", "password", TEST_LDAP_CONF));
}
@Test
- public void testLoginWithUid() throws LDAPException {
+ public void loginWithUidWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAP_CONF));
+ }
+
+ @Test
+ public void loginWithUidAndBase64PasswordWorks() throws LDAPException {
final byte[] passwordBytes = StaticUtils.getBytes("password");
String pw = Base64.encode(passwordBytes);
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", pw, TEST_LDAP_CONF));
}
@Test
- public void testLoginWithEmail() throws LDAPException {
+ public void loginWithEmailWorks() throws LDAPException {
final byte[] passwordBytes = StaticUtils.getBytes("password");
String pw = Base64.encode(passwordBytes);
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser@example.com", pw, TEST_LDAP_CONF));
}
@Test
- public void testAllLoginPwCombinations() throws LDAPException {
+ public void allLoginPasswordCombinationsWork() throws LDAPException {
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("uid", "userPassword", TEST_LDAP_CONF));
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("uid", "extraPassword", TEST_LDAP_CONF));
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("mail@example.org", "userPassword", TEST_LDAP_CONF));
@@ -88,68 +92,80 @@
}
@Test
- public void testFailingLoginWithWrongEmail() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("notestuser@example.com", "topsecret", TEST_LDAP_CONF));
+ public void loginWithWrongEmailFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("notestuser@example.com", "topsecret", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithEmailAndWrongPassword() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser@example.com", "wrongpw", TEST_LDAP_CONF));
+ public void loginWithEmailAndWrongPasswordFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser@example.com", "wrongpw", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithUsernameAndWrongPassword() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "wrongpw", TEST_LDAP_CONF));
+ public void loginWithUsernameAndWrongPasswordFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "wrongpw", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithoutC2Attr() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("doe", "topsecret", TEST_LDAP_CONF));
+ public void loginOfNotRegisteredUserFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RNOTREG, LdapAuth3.login("not_registered_user", "topsecret", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithoutBadStatus() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("berserker", "topsecret", TEST_LDAP_CONF));
+ public void blockedUserIsRefused() throws LDAPException {
+ assertEquals(LDAP_AUTH_RLOCKED, LdapAuth3.login("nameOfBlockedUser", "topsecret", TEST_LDAP_CONF));
}
@Test
- public void testSecureLoginWithUsername() throws LDAPException {
- assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "topsecret", TEST_LDAPS_CONF));
+ public void loginWithUsernameOverSSLWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_CONF));
}
@Test
- public void testSecureLoginWithTrustStoreAndUsername() throws LDAPException {
- assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "topsecret", TEST_LDAPS_TS_CONF));
+ public void loginOnTrustedServerWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_TS_CONF));
}
@Test
- public void testFailingSecureLoginWithTrustStoreAndUsernameAndWrongPW() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "topsecrets", TEST_LDAPS_TS_CONF));
+ public void loginOnTrustedServerWithWrongPassswordFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "topsecrets", TEST_LDAPS_TS_CONF));
}
@Test
- public void testPasswordWithAsterisk() throws LDAPException {
+ public void passwordWithAsteriskWorks() throws LDAPException {
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("test", "top*ecret", TEST_LDAPS_CONF));
}
@Test
- public void testFailingEscapedPW() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "top*", TEST_LDAPS_TS_CONF));
+ public void passwordWithGlobOperatorFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "passw*", TEST_LDAPS_TS_CONF));
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_TS_CONF));
}
@Test
- public void testFailingIllegalPW() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "*", TEST_LDAPS_TS_CONF));
+ public void passwordWithExistenceOperatorFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "*", TEST_LDAPS_TS_CONF));
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_TS_CONF));
}
@Test
- public void testGettingMailForUid() throws LDAPException {
+ public void gettingMailAttributeForUid() throws LDAPException {
assertEquals("testuser@example.com", LdapAuth3.getEmail("testuser", TEST_LDAP_CONF));
assertEquals("peter@example.org", LdapAuth3.getEmail("testuser2", TEST_LDAPS_CONF));
assertEquals(null, LdapAuth3.getEmail("non-exsting", TEST_LDAPS_CONF));
}
@Test
+ public void gettingMailAttributeForNotRegisteredUserWorks() throws LDAPException {
+ assertEquals("not_registered_user@example.com", LdapAuth3.getEmail("not_registered_user", TEST_LDAP_CONF));
+ }
+
+ @Test
+ public void gettingMailAttributeForBlockedUserWorks() throws LDAPException {
+ assertEquals("nameOfBlockedUser@example.com", LdapAuth3.getEmail("nameOfBlockedUser", TEST_LDAP_CONF));
+ }
+
+ @Test
public void canLoadLdapConfig() {
LDAPConfig ldapConfig = new LDAPConfig(TEST_LDAPS_CONF);
assertEquals(3269, ldapConfig.port);
diff --git a/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java b/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java
index 196451e..9e9700e 100644
--- a/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java
@@ -14,8 +14,8 @@
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
-import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_RNAUTH;
import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_ROK;
+import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_RUNKNOWN;
import static org.junit.Assert.assertEquals;
public class EmbeddedLdapServerTest {
@@ -49,7 +49,7 @@
@Test
public void asteriskPasswordsFail() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("user1", "*", TEST_EMBEDDED_LDAP_CONF));
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("user1", "*", TEST_EMBEDDED_LDAP_CONF));
}
@Test
@@ -66,12 +66,12 @@
@Test
public void loginWithUnEncodedPBKDF2PasswordFails() throws LDAPException, NoSuchAlgorithmException, InvalidKeySpecException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("user5", "password5", TEST_EMBEDDED_LDAP_CONF));
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("user5", "password5", TEST_EMBEDDED_LDAP_CONF));
}
@Test
public void unauthorizedUsersAreNotAllowed() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("yuser", "password", TEST_EMBEDDED_LDAP_CONF));
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("yuser", "password", TEST_EMBEDDED_LDAP_CONF));
}
@Test
diff --git a/full/src/test/resources/test-ldap-users.ldif b/full/src/test/resources/test-ldap-users.ldif
index af687a8..b35a919 100644
--- a/full/src/test/resources/test-ldap-users.ldif
+++ b/full/src/test/resources/test-ldap-users.ldif
@@ -15,11 +15,9 @@
mail: testuser@example.com
userPassword: cGFzc3dvcmQ=
displayName: Dr. Peter Testuser
-extra: TRUE
-extraProfile: testuser
-extraPassword: topsecret
-extraNews: TRUE
-title: Herr
+registered: TRUE
+extraProfile: testuser123
+extraPassword: password
uid: testuser
dn: uid=test,ou=people,dc=example,dc=com
@@ -29,41 +27,28 @@
mail: test@example.com
userPassword: top*ecret
displayName: Dr. Peter Test
-extra: TRUE
-idsStatus: 1
+registered: TRUE
+userStatus: 1
extraProfile: test
extraPassword: top*ecret
uid: test
-dn: uid=doe,ou=people,dc=example,dc=com
-cn: John Doe
-sn: doe
-givenName: John
-mail: doe@example.com
+dn: uid=not_registered_user,ou=people,dc=example,dc=com
+mail: not_registered_user@example.com
userPassword: cGFzc3dvcmQ=
-displayName: Dr. John Doe
-idsStatus: 0
-extra: FALSE
-extraProfile: doe
+userStatus: 0
+registered: FALSE
+extraProfile: not_registered_user
extraPassword: topsecret
-extraNews: TRUE
-title: Herr
-uid: doe
+uid: not_registered_user
-dn: uid=berserk,ou=people,dc=example,dc=com
-cn: Bernd Berserker
-sn: berserker
-givenName: Joe
-mail: berserker@example.com
+dn: uid=nameOfBlockedUser,ou=people,dc=example,dc=com
+mail: nameOfBlockedUser@example.com
userPassword: cGFzc3dvcmQ=
-displayName: berserk
-idsStatus: 2
-extra: TRUE
-extraProfile: doe
+userStatus: 2
+registered: TRUE
extraPassword: topsecret
-extraNews: TRUE
-title: Herr
-uid: berserk
+uid: nameOfBlockedUser
dn: uid=testuser2,ou=people,dc=example,dc=com
cn: Peter Testuser
@@ -72,8 +57,8 @@
mail: peter@example.org
userPassword: cGFzc3dvcmQ=
displayName: Dr. Peter Testuser
-idsStatus: 0
-extra: TRUE
+userStatus: 0
+registered: TRUE
extraProfile: testuser2
extraPassword: topsecret
extraNews: TRUE
@@ -83,7 +68,7 @@
dn: uid=uid,ou=people,dc=example,dc=com
mail: mail@example.org
userPassword: userPassword
-extra: TRUE
+registered: TRUE
extraProfile: extraProfile
extraPassword: extraPassword
uid: uid
diff --git a/full/src/test/resources/test-ldap.conf b/full/src/test/resources/test-ldap.conf
index 1bccb3b..614275c 100644
--- a/full/src/test/resources/test-ldap.conf
+++ b/full/src/test/resources/test-ldap.conf
@@ -3,4 +3,6 @@
searchBase=dc=example,dc=com
sLoginDN=cn=admin,dc=example,dc=com
pwd=adminpassword
-searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password}))(extra=TRUE)(|(idsStatus=0)(idsStatus=1)(!(idsStatus=*))))
+searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password})))
+authFilter=(registered=TRUE)
+userNotBlockedFilter=(|(userStatus=0)(userStatus=1)(!(userStatus=*)))
diff --git a/full/src/test/resources/test-ldaps-with-truststore.conf b/full/src/test/resources/test-ldaps-with-truststore.conf
index 788de73..22d0899 100644
--- a/full/src/test/resources/test-ldaps-with-truststore.conf
+++ b/full/src/test/resources/test-ldaps-with-truststore.conf
@@ -5,4 +5,6 @@
searchBase=dc=example,dc=com
sLoginDN=cn=admin,dc=example,dc=com
pwd=adminpassword
-searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password}))(extra=TRUE)(|(idsStatus=0)(idsStatus=1)(!(idsStatus=*))))
+searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password})))
+authFilter=(registered=TRUE)
+userNotBlockedFilter=(|(userStatus=0)(userStatus=1)(!(userStatus=*)))
diff --git a/full/src/test/resources/test-ldaps.conf b/full/src/test/resources/test-ldaps.conf
index 9b414be..dfbed4f 100644
--- a/full/src/test/resources/test-ldaps.conf
+++ b/full/src/test/resources/test-ldaps.conf
@@ -5,4 +5,6 @@
searchBase=dc=example,dc=com
sLoginDN=cn=admin,dc=example,dc=com
pwd=adminpassword
-searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password}))(extra=TRUE)(|(idsStatus=0)(idsStatus=1)(!(idsStatus=*))))
+searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password})))
+authFilter=(registered=TRUE)
+userNotBlockedFilter=(|(userStatus=0)(userStatus=1)(!(userStatus=*)))