|
| 1 | +require_relative '../test_helper' |
| 2 | + |
| 3 | +# NOTE: Since this strategy is targeted at detecting ActiveDirectory |
| 4 | +# capabilities, and we don't have AD setup in CI, we stub out actual queries |
| 5 | +# and test against what AD *would* respond with. |
| 6 | + |
| 7 | +class GitHubLdapDetectMembershipValidatorsTest < GitHub::Ldap::Test |
| 8 | + def setup |
| 9 | + @ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com))) |
| 10 | + @domain = @ldap.domain("dc=github,dc=com") |
| 11 | + @entry = @domain.user?('user1') |
| 12 | + @validator = GitHub::Ldap::MembershipValidators::Detect |
| 13 | + end |
| 14 | + |
| 15 | + def make_validator(groups) |
| 16 | + groups = @domain.groups(groups) |
| 17 | + @validator.new(@ldap, groups) |
| 18 | + end |
| 19 | + |
| 20 | + def test_defers_to_configured_strategy |
| 21 | + @ldap.configure_membership_validation_strategy(:classic) |
| 22 | + validator = make_validator(%w(group)) |
| 23 | + |
| 24 | + assert_kind_of GitHub::Ldap::MembershipValidators::Classic, validator.strategy |
| 25 | + end |
| 26 | + |
| 27 | + def test_detects_active_directory |
| 28 | + caps = Net::LDAP::Entry.new |
| 29 | + caps[:supportedcapabilities] = |
| 30 | + [GitHub::Ldap::MembershipValidators::Detect::ACTIVE_DIRECTORY_V61_R2_OID] |
| 31 | + |
| 32 | + validator = make_validator(%w(group)) |
| 33 | + @ldap.stub :capabilities, caps do |
| 34 | + assert_kind_of GitHub::Ldap::MembershipValidators::ActiveDirectory, |
| 35 | + validator.strategy |
| 36 | + end |
| 37 | + end |
| 38 | + |
| 39 | + def test_falls_back_to_recursive |
| 40 | + caps = Net::LDAP::Entry.new |
| 41 | + caps[:supportedcapabilities] = [] |
| 42 | + |
| 43 | + validator = make_validator(%w(group)) |
| 44 | + @ldap.stub :capabilities, caps do |
| 45 | + assert_kind_of GitHub::Ldap::MembershipValidators::Recursive, |
| 46 | + validator.strategy |
| 47 | + end |
| 48 | + end |
| 49 | +end |
0 commit comments