mirror of
https://github.com/SaraSmiseth/prosody.git
synced 2025-01-18 05:00:36 +00:00
Add tests for prosody with LDAP authentication (#53)
This commit updates the docker-compose.yml file to use example.com domain instead of localhost. It also adds a new Prosody instance using LDAP authentication with glauth as the backend. The commit also includes a new file config.cfg for the glauth server configuration.
This commit is contained in:
parent
81e9c1abd9
commit
e6415fa513
6 changed files with 146 additions and 43 deletions
|
@ -1,4 +1,4 @@
|
|||
version: '3.9'
|
||||
version: "3.9"
|
||||
|
||||
services:
|
||||
prosody:
|
||||
|
@ -11,10 +11,10 @@ services:
|
|||
- "5269:5269"
|
||||
- "5281:5281"
|
||||
environment:
|
||||
DOMAIN: localhost
|
||||
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
|
||||
DOMAIN: example.com
|
||||
E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
|
||||
LOG_LEVEL: debug
|
||||
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
|
||||
PROSODY_ADMINS: "admin@example.com, admin2@example.com"
|
||||
volumes:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
|
||||
|
@ -28,10 +28,10 @@ services:
|
|||
- "5269:5269"
|
||||
- "5281:5281"
|
||||
environment:
|
||||
DOMAIN: localhost
|
||||
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
|
||||
DOMAIN: example.com
|
||||
E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
|
||||
LOG_LEVEL: debug
|
||||
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
|
||||
PROSODY_ADMINS: "admin@example.com, admin2@example.com"
|
||||
#DB_DRIVER: "MySQL"
|
||||
DB_DRIVER: "PostgreSQL"
|
||||
DB_DATABASE: "prosody"
|
||||
|
@ -45,9 +45,38 @@ services:
|
|||
- postgres
|
||||
|
||||
postgres:
|
||||
image: postgres:13-alpine
|
||||
image: postgres:15-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: prosody
|
||||
POSTGRES_USER: prosody
|
||||
POSTGRES_PASSWORD: prosody
|
||||
|
||||
prosody_ldap:
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
- "5222:5222"
|
||||
- "5223:5223"
|
||||
- "5269:5269"
|
||||
- "5281:5281"
|
||||
environment:
|
||||
DOMAIN: example.com
|
||||
E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
|
||||
LOG_LEVEL: debug
|
||||
PROSODY_ADMINS: "admin@example.com, admin2@example.com"
|
||||
AUTHENTICATION: "ldap"
|
||||
LDAP_BASE: "dc=example,dc=com"
|
||||
LDAP_SERVER: "glauth"
|
||||
LDAP_ROOTDN: "cn=svc,dc=example,dc=com"
|
||||
LDAP_PASSWORD: "12345678"
|
||||
volumes:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
depends_on:
|
||||
- glauth
|
||||
|
||||
glauth:
|
||||
image: glauth/glauth
|
||||
volumes:
|
||||
- "./glauth/config.cfg:/app/config/config.cfg"
|
||||
|
|
52
tests/glauth/config.cfg
Normal file
52
tests/glauth/config.cfg
Normal file
|
@ -0,0 +1,52 @@
|
|||
[ldap]
|
||||
enabled = true
|
||||
listen = "0.0.0.0:389"
|
||||
|
||||
[ldaps]
|
||||
enabled = false
|
||||
|
||||
[backend]
|
||||
datastore = "config"
|
||||
baseDN = "dc=example,dc=com"
|
||||
|
||||
[[groups]]
|
||||
name = "svc"
|
||||
gidnumber = 5500
|
||||
|
||||
[[groups]]
|
||||
name = "people"
|
||||
gidnumber = 5501
|
||||
|
||||
[[users]]
|
||||
name = "svc"
|
||||
uidnumber = 5000
|
||||
primarygroup = 5500
|
||||
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
|
||||
|
||||
[[users.capabilities]]
|
||||
action = "search"
|
||||
object = "*"
|
||||
|
||||
[[users]]
|
||||
name = "admin"
|
||||
uidnumber = 5001
|
||||
primarygroup = 5501
|
||||
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
|
||||
|
||||
[[users]]
|
||||
name = "user1"
|
||||
uidnumber = 5002
|
||||
primarygroup = 5501
|
||||
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
|
||||
|
||||
[[users]]
|
||||
name = "user2"
|
||||
uidnumber = 5003
|
||||
primarygroup = 5501
|
||||
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
|
||||
|
||||
[[users]]
|
||||
name = "user3"
|
||||
uidnumber = 5004
|
||||
primarygroup = 5501
|
||||
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
|
|
@ -5,7 +5,7 @@ set -e
|
|||
# generate certs for testing
|
||||
|
||||
generateCert() {
|
||||
DOMAIN="$1"
|
||||
local DOMAIN="$1"
|
||||
if [[ ! -d certs/"$DOMAIN" ]] ; then
|
||||
mkdir -p certs/"$DOMAIN"
|
||||
cd certs/"$DOMAIN"
|
||||
|
@ -19,7 +19,7 @@ registerTestUser() {
|
|||
local userName="$1"
|
||||
local containerName="$2"
|
||||
echo "Registering TestUser '$userName' in container '$containerName'"
|
||||
sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678"
|
||||
sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678"
|
||||
}
|
||||
|
||||
registerTestUsers() {
|
||||
|
@ -48,18 +48,18 @@ runTests() {
|
|||
&& ./bats/bats-core/bin/bats tests-"$containerName".bats
|
||||
}
|
||||
|
||||
generateCert "localhost"
|
||||
generateCert "conference.localhost"
|
||||
generateCert "proxy.localhost"
|
||||
generateCert "pubsub.localhost"
|
||||
generateCert "upload.localhost"
|
||||
generateCert "example.com"
|
||||
generateCert "conference.example.com"
|
||||
generateCert "proxy.example.com"
|
||||
generateCert "pubsub.example.com"
|
||||
generateCert "upload.example.com"
|
||||
|
||||
# Run tests for first container with postgres
|
||||
# Start postgres first and wait for 10 seconds before starting prosody.
|
||||
sudo docker-compose down \
|
||||
&& sudo docker-compose up -d postgres \
|
||||
&& sleep 10 \
|
||||
&& sudo docker-compose up -d prosody_postgres
|
||||
sudo docker-compose down
|
||||
sudo docker-compose up -d postgres
|
||||
sleep 10
|
||||
sudo docker-compose up -d prosody_postgres
|
||||
|
||||
registerTestUsers prosody_postgres
|
||||
runTests prosody_postgres
|
||||
|
@ -70,3 +70,8 @@ sudo docker-compose up -d prosody
|
|||
registerTestUsers prosody
|
||||
runTests prosody
|
||||
sudo docker-compose down
|
||||
|
||||
# Run tests for prosody with ldap
|
||||
sudo docker-compose up -d prosody_ldap
|
||||
runTests prosody_ldap
|
||||
sudo docker-compose down
|
||||
|
|
|
@ -15,6 +15,7 @@ def client(client_username, password):
|
|||
password,
|
||||
no_verify=True
|
||||
),
|
||||
override_peer=[("localhost", 5222, aioxmpp.connector.STARTTLSConnector())],
|
||||
)
|
||||
return client
|
||||
|
||||
|
@ -39,9 +40,9 @@ def client_with_message_dispatcher(client):
|
|||
return client
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")])
|
||||
@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")])
|
||||
async def test_send_message_from_admin_to_user1(client):
|
||||
recipient_jid = aioxmpp.JID.fromstr("user1@localhost")
|
||||
recipient_jid = aioxmpp.JID.fromstr("user1@example.com")
|
||||
async with client.connected() as stream:
|
||||
msg = aioxmpp.Message(
|
||||
to=recipient_jid,
|
||||
|
@ -53,9 +54,9 @@ async def test_send_message_from_admin_to_user1(client):
|
|||
await client.send(msg)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")])
|
||||
@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")])
|
||||
async def test_send_message_from_admin_to_user2(client):
|
||||
recipient_jid = aioxmpp.JID.fromstr("user2@localhost")
|
||||
recipient_jid = aioxmpp.JID.fromstr("user2@example.com")
|
||||
async with client.connected() as stream:
|
||||
msg = aioxmpp.Message(
|
||||
to=recipient_jid,
|
||||
|
@ -66,9 +67,9 @@ async def test_send_message_from_admin_to_user2(client):
|
|||
await client.send(msg)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")])
|
||||
@pytest.mark.parametrize("client_username, password", [("user1@example.com", "12345678")])
|
||||
async def test_send_message_from_user1_to_user2(client):
|
||||
recipient_jid = aioxmpp.JID.fromstr("user2@localhost")
|
||||
recipient_jid = aioxmpp.JID.fromstr("user2@example.com")
|
||||
async with client.connected() as stream:
|
||||
msg = aioxmpp.Message(
|
||||
to=recipient_jid,
|
||||
|
@ -79,9 +80,9 @@ async def test_send_message_from_user1_to_user2(client):
|
|||
await client.send(msg)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")])
|
||||
@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")])
|
||||
async def test_send_message_from_user2_to_user3(client):
|
||||
recipient_jid = aioxmpp.JID.fromstr("user3@localhost")
|
||||
recipient_jid = aioxmpp.JID.fromstr("user3@example.com")
|
||||
async with client.connected() as stream:
|
||||
msg = aioxmpp.Message(
|
||||
to=recipient_jid,
|
||||
|
@ -92,9 +93,9 @@ async def test_send_message_from_user2_to_user3(client):
|
|||
await client.send(msg)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")])
|
||||
@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")])
|
||||
async def test_send_message_from_user2_to_nonexisting(client):
|
||||
recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost")
|
||||
recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com")
|
||||
async with client.connected() as stream:
|
||||
msg = aioxmpp.Message(
|
||||
to=recipient_jid,
|
||||
|
@ -105,10 +106,10 @@ async def test_send_message_from_user2_to_nonexisting(client):
|
|||
await client.send(msg)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")])
|
||||
@pytest.mark.parametrize("client_username, password", [("user2@example.com", "wrong password")])
|
||||
async def test_can_not_log_in_with_wrong_password(client):
|
||||
with pytest.raises(aiosasl.AuthenticationFailure):
|
||||
recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost")
|
||||
recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com")
|
||||
async with client.connected() as stream:
|
||||
msg = aioxmpp.Message(
|
||||
to=recipient_jid,
|
||||
|
|
16
tests/tests-prosody_ldap.bats
Normal file
16
tests/tests-prosody_ldap.bats
Normal file
|
@ -0,0 +1,16 @@
|
|||
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
|
||||
|
||||
load 'bats/bats-support/load'
|
||||
load 'bats/bats-assert/load'
|
||||
|
||||
@test "Should use sqlite" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should use ldap" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
|
@ -9,32 +9,32 @@ load 'bats/bats-assert/load'
|
|||
assert_output "5"
|
||||
}
|
||||
|
||||
@test "Should select certificate for localhost" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" localhost:tls\" | wc -l"
|
||||
@test "Should select certificate for example.com" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l"
|
||||
assert_success
|
||||
assert_output "1"
|
||||
}
|
||||
|
||||
@test "Should select certificate for conference.localhost" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.localhost:tls\" | wc -l"
|
||||
@test "Should select certificate for conference.example.com" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l"
|
||||
assert_success
|
||||
assert_output "1"
|
||||
}
|
||||
|
||||
@test "Should select certificate for proxy.localhost" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.localhost:tls\" | wc -l"
|
||||
@test "Should select certificate for proxy.example.com" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l"
|
||||
assert_success
|
||||
assert_output "1"
|
||||
}
|
||||
|
||||
@test "Should select certificate for pubsub.localhost" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.localhost:tls\" | wc -l"
|
||||
@test "Should select certificate for pubsub.example.com" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l"
|
||||
assert_success
|
||||
assert_output "1"
|
||||
}
|
||||
|
||||
@test "Should select certificate for upload.localhost" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.localhost:tls\" | wc -l"
|
||||
@test "Should select certificate for upload.example.com" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l"
|
||||
assert_success
|
||||
assert_output "1"
|
||||
}
|
||||
|
@ -76,13 +76,13 @@ load 'bats/bats-assert/load'
|
|||
}
|
||||
|
||||
@test "Should load module cloud_notify" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\""
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should show upload URL" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.localhost:5281\/upload> - Ensure this can be reached by users\""
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue