Add tests for prosody with LDAP authentication (#53)

This commit updates the docker-compose.yml file to use example.com domain instead of localhost.

It also adds a new Prosody instance using LDAP authentication with glauth as the backend. The commit also includes a new file config.cfg for the glauth server configuration.

tests/docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3.9'
+version: "3.9"
 
 services:
   prosody:
@@ -11,10 +11,10 @@ services:
       - "5269:5269"
       - "5281:5281"
     environment:
-      DOMAIN: localhost
+      DOMAIN: example.com
-      E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
+      E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
       LOG_LEVEL: debug
-      PROSODY_ADMINS: "admin@localhost, admin2@localhost"
+      PROSODY_ADMINS: "admin@example.com, admin2@example.com"
     volumes:
       - ./certs:/usr/local/etc/prosody/certs
 
@@ -28,10 +28,10 @@ services:
       - "5269:5269"
       - "5281:5281"
     environment:
-      DOMAIN: localhost
+      DOMAIN: example.com
-      E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
+      E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
       LOG_LEVEL: debug
-      PROSODY_ADMINS: "admin@localhost, admin2@localhost"
+      PROSODY_ADMINS: "admin@example.com, admin2@example.com"
       #DB_DRIVER: "MySQL"
       DB_DRIVER: "PostgreSQL"
       DB_DATABASE: "prosody"
@@ -45,9 +45,38 @@ services:
       - postgres
 
   postgres:
-    image: postgres:13-alpine
+    image: postgres:15-alpine
     restart: unless-stopped
     environment:
       POSTGRES_DB: prosody
       POSTGRES_USER: prosody
       POSTGRES_PASSWORD: prosody
+
+  prosody_ldap:
+    image: prosody
+    restart: unless-stopped
+    ports:
+      - "5000:5000"
+      - "5222:5222"
+      - "5223:5223"
+      - "5269:5269"
+      - "5281:5281"
+    environment:
+      DOMAIN: example.com
+      E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
+      LOG_LEVEL: debug
+      PROSODY_ADMINS: "admin@example.com, admin2@example.com"
+      AUTHENTICATION: "ldap"
+      LDAP_BASE: "dc=example,dc=com"
+      LDAP_SERVER: "glauth"
+      LDAP_ROOTDN: "cn=svc,dc=example,dc=com"
+      LDAP_PASSWORD: "12345678"
+    volumes:
+      - ./certs:/usr/local/etc/prosody/certs
+    depends_on:
+      - glauth
+
+  glauth:
+    image: glauth/glauth
+    volumes:
+      - "./glauth/config.cfg:/app/config/config.cfg"

tests/glauth/config.cfg

@@ -0,0 +1,52 @@
+[ldap]
+  enabled = true
+  listen = "0.0.0.0:389"
+
+[ldaps]
+  enabled = false
+
+[backend]
+  datastore = "config"
+  baseDN = "dc=example,dc=com"
+
+[[groups]]
+  name = "svc"
+  gidnumber = 5500
+
+[[groups]]
+  name = "people"
+  gidnumber = 5501
+
+[[users]]
+  name = "svc"
+  uidnumber = 5000
+  primarygroup = 5500
+  passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
+
+[[users.capabilities]]
+  action = "search"
+  object = "*"
+
+[[users]]
+  name = "admin"
+  uidnumber = 5001
+  primarygroup = 5501
+  passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
+
+[[users]]
+  name = "user1"
+  uidnumber = 5002
+  primarygroup = 5501
+  passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
+
+[[users]]
+  name = "user2"
+  uidnumber = 5003
+  primarygroup = 5501
+  passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
+
+[[users]]
+  name = "user3"
+  uidnumber = 5004
+  primarygroup = 5501
+  passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"

tests/test.bash

@@ -5,7 +5,7 @@ set -e
 # generate certs for testing
 
 generateCert() {
-    DOMAIN="$1"
+    local DOMAIN="$1"
     if [[ ! -d certs/"$DOMAIN" ]] ; then
         mkdir -p certs/"$DOMAIN"
         cd certs/"$DOMAIN"
@@ -19,7 +19,7 @@ registerTestUser() {
     local userName="$1"
     local containerName="$2"
     echo "Registering TestUser '$userName' in container '$containerName'"
-    sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678"
+    sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678"
 }
 
 registerTestUsers() {
@@ -48,18 +48,18 @@ runTests() {
     && ./bats/bats-core/bin/bats tests-"$containerName".bats
 }
 
-generateCert "localhost"
+generateCert "example.com"
-generateCert "conference.localhost"
+generateCert "conference.example.com"
-generateCert "proxy.localhost"
+generateCert "proxy.example.com"
-generateCert "pubsub.localhost"
+generateCert "pubsub.example.com"
-generateCert "upload.localhost"
+generateCert "upload.example.com"
 
 # Run tests for first container with postgres
 # Start postgres first and wait for 10 seconds before starting prosody.
-sudo docker-compose down \
+sudo docker-compose down
-&& sudo docker-compose up -d postgres \
+sudo docker-compose up -d postgres
-&& sleep 10 \
+sleep 10
-&& sudo docker-compose up -d prosody_postgres
+sudo docker-compose up -d prosody_postgres
 
 registerTestUsers prosody_postgres
 runTests prosody_postgres
@@ -70,3 +70,8 @@ sudo docker-compose up -d prosody
 registerTestUsers prosody
 runTests prosody
 sudo docker-compose down
+
+# Run tests for prosody with ldap
+sudo docker-compose up -d prosody_ldap
+runTests prosody_ldap
+sudo docker-compose down

tests/test_prosody.py

@@ -15,6 +15,7 @@ def client(client_username, password):
             password,
             no_verify=True
         ),
+        override_peer=[("localhost", 5222, aioxmpp.connector.STARTTLSConnector())],
     )
     return client
 
@@ -39,9 +40,9 @@ def client_with_message_dispatcher(client):
     return client
 
 @pytest.mark.asyncio
-@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")])
+@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")])
 async def test_send_message_from_admin_to_user1(client):
-    recipient_jid = aioxmpp.JID.fromstr("user1@localhost")
+    recipient_jid = aioxmpp.JID.fromstr("user1@example.com")
     async with client.connected() as stream:
         msg = aioxmpp.Message(
             to=recipient_jid,
@@ -53,9 +54,9 @@ async def test_send_message_from_admin_to_user1(client):
         await client.send(msg)
 
 @pytest.mark.asyncio
-@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")])
+@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")])
 async def test_send_message_from_admin_to_user2(client):
-    recipient_jid = aioxmpp.JID.fromstr("user2@localhost")
+    recipient_jid = aioxmpp.JID.fromstr("user2@example.com")
     async with client.connected() as stream:
         msg = aioxmpp.Message(
             to=recipient_jid,
@@ -66,9 +67,9 @@ async def test_send_message_from_admin_to_user2(client):
         await client.send(msg)
 
 @pytest.mark.asyncio
-@pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")])
+@pytest.mark.parametrize("client_username, password", [("user1@example.com", "12345678")])
 async def test_send_message_from_user1_to_user2(client):
-    recipient_jid = aioxmpp.JID.fromstr("user2@localhost")
+    recipient_jid = aioxmpp.JID.fromstr("user2@example.com")
     async with client.connected() as stream:
         msg = aioxmpp.Message(
             to=recipient_jid,
@@ -79,9 +80,9 @@ async def test_send_message_from_user1_to_user2(client):
         await client.send(msg)
 
 @pytest.mark.asyncio
-@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")])
+@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")])
 async def test_send_message_from_user2_to_user3(client):
-    recipient_jid = aioxmpp.JID.fromstr("user3@localhost")
+    recipient_jid = aioxmpp.JID.fromstr("user3@example.com")
     async with client.connected() as stream:
         msg = aioxmpp.Message(
             to=recipient_jid,
@@ -92,9 +93,9 @@ async def test_send_message_from_user2_to_user3(client):
         await client.send(msg)
 
 @pytest.mark.asyncio
-@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")])
+@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")])
 async def test_send_message_from_user2_to_nonexisting(client):
-    recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost")
+    recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com")
     async with client.connected() as stream:
         msg = aioxmpp.Message(
             to=recipient_jid,
@@ -105,10 +106,10 @@ async def test_send_message_from_user2_to_nonexisting(client):
         await client.send(msg)
 
 @pytest.mark.asyncio
-@pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")])
+@pytest.mark.parametrize("client_username, password", [("user2@example.com", "wrong password")])
 async def test_can_not_log_in_with_wrong_password(client):
     with pytest.raises(aiosasl.AuthenticationFailure):
-        recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost")
+        recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com")
         async with client.connected() as stream:
             msg = aioxmpp.Message(
                 to=recipient_jid,

tests/tests-prosody_ldap.bats

@@ -0,0 +1,16 @@
+# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
+
+load 'bats/bats-support/load'
+load 'bats/bats-assert/load'
+
+@test "Should use sqlite" {
+  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
+  assert_success
+  assert_output
+}
+
+@test "Should use ldap" {
+  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\""
+  assert_success
+  assert_output
+}

tests/tests.bats

@@ -9,32 +9,32 @@ load 'bats/bats-assert/load'
   assert_output "5"
 }
 
-@test "Should select certificate for localhost" {
+@test "Should select certificate for example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" localhost:tls\" | wc -l"
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
-@test "Should select certificate for conference.localhost" {
+@test "Should select certificate for conference.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.localhost:tls\" | wc -l"
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
-@test "Should select certificate for proxy.localhost" {
+@test "Should select certificate for proxy.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.localhost:tls\" | wc -l"
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
-@test "Should select certificate for pubsub.localhost" {
+@test "Should select certificate for pubsub.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.localhost:tls\" | wc -l"
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
-@test "Should select certificate for upload.localhost" {
+@test "Should select certificate for upload.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.localhost:tls\" | wc -l"
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
@@ -76,13 +76,13 @@ load 'bats/bats-assert/load'
 }
 
 @test "Should load module cloud_notify" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\""
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\""
   assert_success
   assert_output
 }
 
 @test "Should show upload URL" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.localhost:5281\/upload> - Ensure this can be reached by users\""
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
   assert_success
   assert_output
 }