LDAP add test for roles and multiple users

[?]
Sep 9, 2020, 8:47 PM
B22SQY652WAIPNO46LOIWOP7LDBSU5HKXCTL5PQVAETICNOLWNWAC

Dependencies

  • [2] A4NSGFS3 LDAP: add VM test to flake.nix
  • [3] RWNXH3H2 lastModified -> lastModifiedDate

Change contents

  • edit in flake.nix at line 384
    [2.1017]
    [2.1017]
    dn: ou=groups,dc=example
    ou: groups
    description: All groups
    objectClass: top
    objectClass: organizationalUnit
    dn: cn=hydra_admin,ou=groups,dc=example
    cn: hydra_admin
    description: Hydra Admin user group
    objectClass: groupOfNames
    member: cn=admin,ou=users,dc=example
  • edit in flake.nix at line 403
    [2.1294]
    [2.1294]
    dn: cn=admin,ou=users,dc=example
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    sn: admin
    cn: admin
    mail: admin@example
    userPassword: password
  • replacement in flake.nix at line 436
    [2.2445][2.2445:2635]()
    use_roles: 0
    role_basedn: "ou=groups,ou=OxObjects,dc=yourcompany,dc=com"
    role_filter: "(&(objectClass=posixGroup)(memberUid=%s))"
    [2.2445]
    [2.2635]
    use_roles: 1
    role_basedn: "ou=groups,dc=example"
    role_filter: "(&(objectClass=groupOfNames)(member=%s))"
  • replacement in flake.nix at line 440
    [2.2671][2.2671:2707]()
    role_field: uid
    [2.2671]
    [2.2707]
    role_field: cn
  • edit in flake.nix at line 448
    [2.2934]
    [2.2934]
    import json
  • replacement in flake.nix at line 453
    [2.3088][2.3088:3119]()
    machine.succeed(
    [2.3088]
    [2.3119]
    response = machine.succeed(
  • edit in flake.nix at line 456
    [2.3300]
    [2.3300]
    response_json = json.loads(response)
    assert "user" == response_json["username"]
    assert "user@example" == response_json["emailaddress"]
    assert len(response_json["userroles"]) == 0
    # logging on with wrong credentials shouldn't work
  • edit in flake.nix at line 465
    [2.3500]
    [2.3500]
    )
    # the admin user should get the admin role from his group membership in `hydra_admin`
    response = machine.succeed(
    "curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=admin&password=password'"
  • edit in flake.nix at line 471
    [2.3516]
    [2.3516]
    response_json = json.loads(response)
    assert "admin" == response_json["username"]
    assert "admin@example" == response_json["emailaddress"]
    assert "admin" in response_json["userroles"]