From e6415fa51306dcb182f250c9b968131e6fdeff74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 28 Mar 2023 08:08:01 +0200 Subject: [PATCH] Add tests for prosody with LDAP authentication (#53) This commit updates the docker-compose.yml file to use example.com domain instead of localhost. It also adds a new Prosody instance using LDAP authentication with glauth as the backend. The commit also includes a new file config.cfg for the glauth server configuration. --- tests/docker-compose.yml | 45 ++++++++++++++++++++++++------ tests/glauth/config.cfg | 52 +++++++++++++++++++++++++++++++++++ tests/test.bash | 27 ++++++++++-------- tests/test_prosody.py | 25 +++++++++-------- tests/tests-prosody_ldap.bats | 16 +++++++++++ tests/tests.bats | 24 ++++++++-------- 6 files changed, 146 insertions(+), 43 deletions(-) create mode 100644 tests/glauth/config.cfg create mode 100644 tests/tests-prosody_ldap.bats diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index f854381..d2cc6d2 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.9' +version: "3.9" services: prosody: @@ -11,10 +11,10 @@ services: - "5269:5269" - "5281:5281" environment: - DOMAIN: localhost - E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" LOG_LEVEL: debug - PROSODY_ADMINS: "admin@localhost, admin2@localhost" + PROSODY_ADMINS: "admin@example.com, admin2@example.com" volumes: - ./certs:/usr/local/etc/prosody/certs @@ -28,10 +28,10 @@ services: - "5269:5269" - "5281:5281" environment: - DOMAIN: localhost - E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" LOG_LEVEL: debug - PROSODY_ADMINS: "admin@localhost, admin2@localhost" + PROSODY_ADMINS: "admin@example.com, admin2@example.com" #DB_DRIVER: "MySQL" DB_DRIVER: "PostgreSQL" DB_DATABASE: "prosody" @@ -45,9 +45,38 @@ services: - postgres postgres: - image: postgres:13-alpine + image: postgres:15-alpine restart: unless-stopped environment: POSTGRES_DB: prosody POSTGRES_USER: prosody POSTGRES_PASSWORD: prosody + + prosody_ldap: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@example.com, admin2@example.com" + AUTHENTICATION: "ldap" + LDAP_BASE: "dc=example,dc=com" + LDAP_SERVER: "glauth" + LDAP_ROOTDN: "cn=svc,dc=example,dc=com" + LDAP_PASSWORD: "12345678" + volumes: + - ./certs:/usr/local/etc/prosody/certs + depends_on: + - glauth + + glauth: + image: glauth/glauth + volumes: + - "./glauth/config.cfg:/app/config/config.cfg" diff --git a/tests/glauth/config.cfg b/tests/glauth/config.cfg new file mode 100644 index 0000000..f180ac4 --- /dev/null +++ b/tests/glauth/config.cfg @@ -0,0 +1,52 @@ +[ldap] + enabled = true + listen = "0.0.0.0:389" + +[ldaps] + enabled = false + +[backend] + datastore = "config" + baseDN = "dc=example,dc=com" + +[[groups]] + name = "svc" + gidnumber = 5500 + +[[groups]] + name = "people" + gidnumber = 5501 + +[[users]] + name = "svc" + uidnumber = 5000 + primarygroup = 5500 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users.capabilities]] + action = "search" + object = "*" + +[[users]] + name = "admin" + uidnumber = 5001 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user1" + uidnumber = 5002 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user2" + uidnumber = 5003 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user3" + uidnumber = 5004 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" diff --git a/tests/test.bash b/tests/test.bash index 401189b..1b9d5de 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -5,7 +5,7 @@ set -e # generate certs for testing generateCert() { - DOMAIN="$1" + local DOMAIN="$1" if [[ ! -d certs/"$DOMAIN" ]] ; then mkdir -p certs/"$DOMAIN" cd certs/"$DOMAIN" @@ -19,7 +19,7 @@ registerTestUser() { local userName="$1" local containerName="$2" echo "Registering TestUser '$userName' in container '$containerName'" - sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678" } registerTestUsers() { @@ -48,18 +48,18 @@ runTests() { && ./bats/bats-core/bin/bats tests-"$containerName".bats } -generateCert "localhost" -generateCert "conference.localhost" -generateCert "proxy.localhost" -generateCert "pubsub.localhost" -generateCert "upload.localhost" +generateCert "example.com" +generateCert "conference.example.com" +generateCert "proxy.example.com" +generateCert "pubsub.example.com" +generateCert "upload.example.com" # Run tests for first container with postgres # Start postgres first and wait for 10 seconds before starting prosody. -sudo docker-compose down \ -&& sudo docker-compose up -d postgres \ -&& sleep 10 \ -&& sudo docker-compose up -d prosody_postgres +sudo docker-compose down +sudo docker-compose up -d postgres +sleep 10 +sudo docker-compose up -d prosody_postgres registerTestUsers prosody_postgres runTests prosody_postgres @@ -70,3 +70,8 @@ sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down + +# Run tests for prosody with ldap +sudo docker-compose up -d prosody_ldap +runTests prosody_ldap +sudo docker-compose down diff --git a/tests/test_prosody.py b/tests/test_prosody.py index e6c39bc..b7b13fa 100644 --- a/tests/test_prosody.py +++ b/tests/test_prosody.py @@ -15,6 +15,7 @@ def client(client_username, password): password, no_verify=True ), + override_peer=[("localhost", 5222, aioxmpp.connector.STARTTLSConnector())], ) return client @@ -39,9 +40,9 @@ def client_with_message_dispatcher(client): return client @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) async def test_send_message_from_admin_to_user1(client): - recipient_jid = aioxmpp.JID.fromstr("user1@localhost") + recipient_jid = aioxmpp.JID.fromstr("user1@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -53,9 +54,9 @@ async def test_send_message_from_admin_to_user1(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) async def test_send_message_from_admin_to_user2(client): - recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + recipient_jid = aioxmpp.JID.fromstr("user2@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -66,9 +67,9 @@ async def test_send_message_from_admin_to_user2(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user1@example.com", "12345678")]) async def test_send_message_from_user1_to_user2(client): - recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + recipient_jid = aioxmpp.JID.fromstr("user2@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -79,9 +80,9 @@ async def test_send_message_from_user1_to_user2(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) async def test_send_message_from_user2_to_user3(client): - recipient_jid = aioxmpp.JID.fromstr("user3@localhost") + recipient_jid = aioxmpp.JID.fromstr("user3@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -92,9 +93,9 @@ async def test_send_message_from_user2_to_user3(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) async def test_send_message_from_user2_to_nonexisting(client): - recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -105,10 +106,10 @@ async def test_send_message_from_user2_to_nonexisting(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "wrong password")]) async def test_can_not_log_in_with_wrong_password(client): with pytest.raises(aiosasl.AuthenticationFailure): - recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, diff --git a/tests/tests-prosody_ldap.bats b/tests/tests-prosody_ldap.bats new file mode 100644 index 0000000..7eb0b77 --- /dev/null +++ b/tests/tests-prosody_ldap.bats @@ -0,0 +1,16 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +@test "Should use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_success + assert_output +} + +@test "Should use ldap" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" + assert_success + assert_output +} diff --git a/tests/tests.bats b/tests/tests.bats index bbac09d..7c9f176 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -9,32 +9,32 @@ load 'bats/bats-assert/load' assert_output "5" } -@test "Should select certificate for localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" localhost:tls\" | wc -l" +@test "Should select certificate for example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for conference.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.localhost:tls\" | wc -l" +@test "Should select certificate for conference.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for proxy.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.localhost:tls\" | wc -l" +@test "Should select certificate for proxy.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for pubsub.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.localhost:tls\" | wc -l" +@test "Should select certificate for pubsub.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for upload.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.localhost:tls\" | wc -l" +@test "Should select certificate for upload.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l" assert_success assert_output "1" } @@ -76,13 +76,13 @@ load 'bats/bats-assert/load' } @test "Should load module cloud_notify" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\"" assert_success assert_output } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" assert_success assert_output }