Add simple, stubbed ActiveDirectory membership validator tests

mtodd · mtodd · commit f008a495cb20 · 2014-10-16T15:31:14.000-07:00
diff --git a/test/membership_validators/active_directory_test.rb b/test/membership_validators/active_directory_test.rb
@@ -0,0 +1,77 @@
+require_relative '../test_helper'
+
+# NOTE: Since this strategy is targeted at ActiveDirectory and we don't have
+# AD setup in CI, we stub out actual queries and test against what AD *would*
+# respond with.
+
+class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
+  def setup
+    @ldap      = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
+    @domain    = @ldap.domain("dc=github,dc=com")
+    @entry     = @domain.user?('user1')
+    @validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
+  end
+
+  def make_validator(groups)
+    groups = @domain.groups(groups)
+    @validator.new(@ldap, groups)
+  end
+
+  # Stub search to return the given results.
+  def stub_search(result)
+    @ldap.stub :search, result do
+      yield
+    end
+  end
+
+  def test_validates_user_in_group
+    stub_search [@entry] do
+      validator = make_validator(%w(nested-group1))
+      assert validator.perform(@entry)
+    end
+  end
+
+  def test_validates_user_in_child_group
+    stub_search [@entry] do
+      validator = make_validator(%w(n-depth-nested-group1))
+      assert validator.perform(@entry)
+    end
+  end
+
+  def test_validates_user_in_grandchild_group
+    stub_search [@entry] do
+      validator = make_validator(%w(n-depth-nested-group2))
+      assert validator.perform(@entry)
+    end
+  end
+
+  def test_validates_user_in_great_grandchild_group
+    stub_search [@entry] do
+      validator = make_validator(%w(n-depth-nested-group3))
+      assert validator.perform(@entry)
+    end
+  end
+
+  def test_does_not_validate_user_not_in_group
+    stub_search [] do
+      validator = make_validator(%w(ghe-admins))
+      refute validator.perform(@entry)
+    end
+  end
+
+  def test_does_not_validate_user_not_in_any_group
+    entry = @domain.user?('groupless-user1')
+
+    stub_search [] do
+      validator = make_validator(%w(all-users))
+      refute validator.perform(entry)
+    end
+  end
+
+  def test_validates_user_in_posix_group
+    stub_search [@entry] do
+      validator = make_validator(%w(posix-group1))
+      assert validator.perform(@entry)
+    end
+  end
+end
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -10,6 +10,7 @@
 require 'github/ldap'
 require 'github/ldap/server'
 
+require 'minitest/mock'
 require 'minitest/autorun'
 
 if ENV.fetch('TESTENV', "apacheds") == "apacheds"
