grahamc/hydra2 - Change B22SQY652WAIPNO46LOIWOP7LDBSU5HKXCTL5PQVAETICNOLWNWAC

LDAP add test for roles and multiple users

Created by Andreas Rammhold on September 9, 2020

B22SQY652WAIPNO46LOIWOP7LDBSU5HKXCTL5PQVAETICNOLWNWAC

Dependencies

In channels

main

Change contents

Insertion in flake.nix at line 384 [3.1]

[2.1017]

                  dn: ou=groups,dc=example
                  ou: groups
                  description: All groups
                  objectClass: top
                  objectClass: organizationalUnit
                  dn: cn=hydra_admin,ou=groups,dc=example
                  cn: hydra_admin
                  description: Hydra Admin user group
                  objectClass: groupOfNames
                  member: cn=admin,ou=users,dc=example

Insertion in flake.nix at line 403 [3.1]

[2.1294]


                  dn: cn=admin,ou=users,dc=example
                  objectClass: organizationalPerson
                  objectClass: inetOrgPerson
                  sn: admin
                  cn: admin
                  mail: admin@example
                  userPassword: password

Replacement in flake.nix at line 436 [3.1]

B:BD[2.2445] → [2.2445:2635]

                    use_roles: 0
                    role_basedn: "ou=groups,ou=OxObjects,dc=yourcompany,dc=com"
                    role_filter: "(&(objectClass=posixGroup)(memberUid=%s))"

[2.2445]

[2.2635]

                    use_roles: 1
                    role_basedn: "ou=groups,dc=example"
                    role_filter: "(&(objectClass=groupOfNames)(member=%s))"

Replacement in flake.nix at line 440 [3.1]

B:BD[2.2671] → [2.2671:2707]

                    role_field: uid

[2.2671]

[2.2707]

                    role_field: cn

Insertion in flake.nix at line 448 [3.1]
[2.2934]
[2.2934]
```
              import json
```

Replacement in flake.nix at line 453 [3.1]

B:BD[2.3088] → [2.3088:3119]

              machine.succeed(

[2.3088]

[2.3119]

              response = machine.succeed(

Insertion in flake.nix at line 456 [3.1]

[2.3300]


              response_json = json.loads(response)
              assert "user" == response_json["username"]
              assert "user@example" == response_json["emailaddress"]
              assert len(response_json["userroles"]) == 0
              # logging on with wrong credentials shouldn't work

Insertion in flake.nix at line 465 [3.1]

[2.3500]

              )
              # the admin user should get the admin role from his group membership in `hydra_admin`
              response = machine.succeed(
                  "curl --fail http://localhost:3000/login -H 'Accept: application/json' -H 'Referer: http://localhost:3000' --data 'username=admin&password=password'"

Insertion in flake.nix at line 471 [3.1]

[2.3516]


              response_json = json.loads(response)
              assert "admin" == response_json["username"]
              assert "admin@example" == response_json["emailaddress"]
              assert "admin" in response_json["userroles"]