tests: Refactor query_ldap() and add complete test coverage.

2025-11-16 11:52:01 +00:00 · 2019-03-09 07:32:06 +00:00
parent 13eaa49a42
commit 46d6541958
3 changed files with 82 additions and 19 deletions
--- a/zerver/management/commands/query_ldap.py
+++ b/zerver/management/commands/query_ldap.py
@@ -12,4 +12,6 @@ class Command(BaseCommand):
                            help="email of user to query")

    def handle(self, *args: Any, **options: str) -> None:
-        query_ldap(**options)
+        values = query_ldap(**options)
+        for value in values:
+            print(value)
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -3,7 +3,7 @@ from django.conf import settings
 from django.core import mail
 from django.http import HttpResponse
 from django.test import override_settings
-from django_auth_ldap.backend import _LDAPUser
+from django_auth_ldap.backend import LDAPBackend, _LDAPUser
 from django.test.client import RequestFactory
 from django.utils.timezone import now as timezone_now
 from typing import Any, Callable, Dict, List, Optional, Set, Tuple
@@ -54,7 +54,7 @@ from zproject.backends import ZulipDummyBackend, EmailAuthBackend, \
    dev_auth_enabled, password_auth_enabled, github_auth_enabled, \
    require_email_format_usernames, AUTH_BACKEND_NAME_MAP, \
    ZulipLDAPConfigurationError, ZulipLDAPExceptionOutsideDomain, \
-    ZulipLDAPException, sync_user_from_ldap
+    ZulipLDAPException, query_ldap, sync_user_from_ldap

 from zerver.views.auth import (maybe_send_to_registration,
                               _subdomain_token_salt)
@@ -2898,6 +2898,64 @@ class TestZulipLDAPUserPopulator(ZulipLDAPTestCase):
        actual_value = CustomProfileFieldValue.objects.get(user_profile=hamlet, field=no_op_field).value
        self.assertEqual(actual_value, expected_value)

+class TestQueryLDAP(ZulipLDAPTestCase):
+    class _LDAPUser:
+        attrs = {
+            'cn': ['King Hamlet', ],
+            'sn': ['Hamlet', ],
+            'thumbnailPhoto': [open(os.path.join(settings.STATIC_ROOT, "images/team/tim.png"), "rb").read()],
+            'birthDate': ['1990-01-01', ],
+            'twitter': ['@handle', ],
+        }
+
+        def __init__(self, backend: LDAPBackend, username: str) -> None:
+            super().__init__()
+
+    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.EmailAuthBackend',))
+    def test_ldap_not_configured(self) -> None:
+        values = query_ldap(self.example_email('hamlet'))
+        self.assertEqual(values, ['LDAP backend not configured on this server.'])
+
+    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
+    def test_user_not_present(self) -> None:
+        values = query_ldap(self.example_email('hamlet'))
+        self.assertEqual(values, ['No such user found'])
+
+    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
+    def test_normal_query(self) -> None:
+        with self.settings(AUTH_LDAP_USER_ATTR_MAP={'full_name': 'cn',
+                                                    'short_name': 'sn',
+                                                    'avatar': 'thumbnailPhoto',
+                                                    'custom_profile_field__birthday': 'birthDate',
+                                                    'custom_profile_field__phone_number': 'phoneNumber',
+                                                    'custom_profile_field__twitter': 'twitter'}), \
+                mock.patch('zproject.backends._LDAPUser', self._LDAPUser, create=True):
+            values = query_ldap(self.example_email('hamlet'))
+        self.assertEqual(len(values), 6)
+        self.assertIn('full_name: King Hamlet', values)
+        self.assertIn('short_name: Hamlet', values)
+        self.assertIn('avatar: (An avatar image file)', values)
+        self.assertIn('custom_profile_field__birthday: 1990-01-01', values)
+        self.assertIn('custom_profile_field__phone_number: LDAP field not present', values)
+        self.assertIn('custom_profile_field__twitter: @handle', values)
+
+    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
+    def test_query_email_attr(self) -> None:
+        self._LDAPUser.attrs = {
+            'cn': ['King Hamlet', ],
+            'sn': ['Hamlet', ],
+            'email_attr': ['separate_email@zulip.com', ],
+        }
+        with self.settings(AUTH_LDAP_USER_ATTR_MAP={'full_name': 'cn',
+                                                    'short_name': 'sn'},
+                           LDAP_EMAIL_ATTR='email_attr'), \
+                mock.patch('zproject.backends._LDAPUser', self._LDAPUser, create=True):
+            values = query_ldap(self.example_email('hamlet'))
+        self.assertEqual(len(values), 3)
+        self.assertIn('full_name: King Hamlet', values)
+        self.assertIn('short_name: Hamlet', values)
+        self.assertIn('email: separate_email@zulip.com', values)
+
 class TestZulipAuthMixin(ZulipTestCase):
    def test_get_user(self) -> None:
        backend = ZulipAuthMixin()
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -505,22 +505,25 @@ def sync_user_from_ldap(user_profile: UserProfile) -> bool:
    return True

 # Quick tool to test whether you're correctly authenticating to LDAP
-def query_ldap(**options: str) -> None:
-    email = options['email']
-    for backend in get_backends():
-        if isinstance(backend, LDAPBackend):
-            ldap_attrs = _LDAPUser(backend, backend.django_to_ldap_username(email)).attrs
-            if ldap_attrs is None:
-                print("No such user found")
-            else:
-                for django_field, ldap_field in settings.AUTH_LDAP_USER_ATTR_MAP.items():
-                    value = ldap_attrs.get(ldap_field, ["LDAP field not present", ])[0]
-                    if django_field == "avatar":
-                        if isinstance(value, bytes):
-                            value = "(An avatar image file)"
-                    print("%s: %s" % (django_field, value))
-                if settings.LDAP_EMAIL_ATTR is not None:
-                    print("%s: %s" % ('email', ldap_attrs[settings.LDAP_EMAIL_ATTR]))
+def query_ldap(email: str) -> List[str]:
+    values = []
+    backend = next((backend for backend in get_backends() if isinstance(backend, LDAPBackend)), None)
+    if backend is not None:
+        ldap_attrs = _LDAPUser(backend, backend.django_to_ldap_username(email)).attrs
+        if ldap_attrs is None:
+            values.append("No such user found")
+        else:
+            for django_field, ldap_field in settings.AUTH_LDAP_USER_ATTR_MAP.items():
+                value = ldap_attrs.get(ldap_field, ["LDAP field not present", ])[0]
+                if django_field == "avatar":
+                    if isinstance(value, bytes):
+                        value = "(An avatar image file)"
+                values.append("%s: %s" % (django_field, value))
+            if settings.LDAP_EMAIL_ATTR is not None:
+                values.append("%s: %s" % ('email', ldap_attrs[settings.LDAP_EMAIL_ATTR][0]))
+    else:
+        values.append("LDAP backend not configured on this server.")
+    return values

 class DevAuthBackend(ZulipAuthMixin):
    # Allow logging in as any user without a password.