add setup test

romnn · Sep 9, 2020 · 2cb9c57 · 2cb9c57
1 parent 8fafe4a
commit 2cb9c57
Show file tree

Hide file tree

Showing 9 changed files with 146 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ Your description goes here...
 ```bash
 go get github.com/romnnn/ldap-manager
 
-go run github.com/romnnn/ldap-manager/cmd/ldap-manager serve --http-port 8090 --grpc-port 9090
+go run github.com/romnnn/ldap-manager/cmd/ldap-manager serve --http-port 8090 --grpc-port 9090 --generate
 ```
 
 You can also download pre built binaries from the [releases page](https://github.com/romnnn/ldap-manager/releases), or use the `docker` image:

diff --git a/accounts.go b/accounts.go
@@ -293,10 +293,22 @@ func (m *LDAPManager) NewAccount(req *pb.NewAccountRequest, algorithm pb.Hashing
 		[]ldap.Control{},
 	))
 	if err != nil {
-		return fmt.Errorf("failed to check for existing user %q: %v", account.GetUsername(), err)
-	}
-	if len(result.Entries) > 0 {
-		return &AccountAlreadyExistsError{Username: account.GetUsername()}
+		if ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) {
+			// there might be no users group, in which case this is fine
+			strict := false
+			noUserGroupErr := m.NewGroup(&pb.NewGroupRequest{Name: m.DefaultUserGroup, Members: []string{req.GetAccount().GetUsername()}}, strict)
+			if !ldap.IsErrorWithCode(noUserGroupErr, ldap.LDAPResultNoSuchObject) {
+				err = nil
+			}
+			// if there is also no users group, there must have been a problem with the setup
+		}
+		if err != nil {
+			return fmt.Errorf("failed to check for existing user %q: %v", account.GetUsername(), err)
+		}
+	} else {
+		if len(result.Entries) > 0 {
+			return &AccountAlreadyExistsError{Username: account.GetUsername()}
+		}
 	}
 
 	loginShell := account.GetLoginShell()

diff --git a/cmd/ldap-manager/base/server.go b/cmd/ldap-manager/base/server.go
@@ -96,8 +96,7 @@ func NewLDAPManagerServer(ctx *cli.Context) *LDAPManagerServer {
 
 // Setup prepares the service
 func (s *LDAPManagerServer) Setup(ctx *cli.Context) error {
-	// TODO: This is called twice with no reason
-	if err := s.Manager.Setup(); err != nil {
+	if err := s.Manager.Setup(false); err != nil {
 		return err
 	}
 	if err := s.Authenticator.SetupKeys(auth.AuthenticatorKeyConfig{}.Parse(ctx)); err != nil {

diff --git a/cmd/ldap-manager/grpc/auth.go b/cmd/ldap-manager/grpc/auth.go
@@ -85,15 +85,15 @@ func (s *LDAPManagerServer) Login(ctx context.Context, in *pb.LoginRequest) (*pb
 		return &pb.Token{}, status.Error(codes.NotFound, "user is invalid")
 	}
 
-	adminMemberStaus, err := s.Manager.IsGroupMember(&pb.IsGroupMemberRequest{
+	adminMemberStatus, err := s.Manager.IsGroupMember(&pb.IsGroupMemberRequest{
 		Username: uid,
 		Group:    s.Manager.DefaultAdminGroup,
 	})
 	if err != nil {
 		log.Error(err)
 		return nil, status.Error(codes.Internal, "error while checking user member status")
 	}
-	isAdmin := adminMemberStaus.GetIsMember()
+	isAdmin := adminMemberStatus.GetIsMember()
 	displayName := user.GetAttributeValue("displayName")
 	token, expireSeconds, err := s.Authenticator.Login(&AuthClaims{
 		UID:         uid,

diff --git a/cmd/ldap-manager/server.go b/cmd/ldap-manager/server.go
@@ -244,6 +244,7 @@ func main() {
 	}
 
 	name := "ldap manager service"
+	log.Infof("%s v%s", name, versioning.BinaryVersion(ldapmanager.Version, ldapbase.Rev))
 
 	app := &cli.App{
 		Name:    name,

diff --git a/ldap_manager.go b/ldap_manager.go
@@ -70,7 +70,7 @@ func (m *LDAPManager) Close() {
 }
 
 // Setup ...
-func (m *LDAPManager) Setup() error {
+func (m *LDAPManager) Setup(skipSetupLDAP bool) error {
 	var err error
 	URI := m.OpenLDAPConfig.URI()
 	log.Debugf("connecting to OpenLDAP at %s", URI)
@@ -93,8 +93,10 @@ func (m *LDAPManager) Setup() error {
 	if err := m.BindAdmin(); err != nil {
 		return err
 	}
-	if err := m.SetupLDAP(); err != nil {
-		return err
+	if !skipSetupLDAP {
+		if err := m.SetupLDAP(); err != nil {
+			return err
+		}
 	}
 	return nil
 }
diff --git a/setup.go b/setup.go
@@ -176,6 +176,5 @@ func (m *LDAPManager) SetupLDAP() error {
 	if err := m.setupAdminsGroup(); err != nil {
 		return err
 	}
-	// Unfortunately, we cannot setup the user group here without initial members
 	return nil
 }
diff --git a/setup_test.go b/setup_test.go
@@ -0,0 +1,107 @@
+package ldapmanager
+
+import (
+	"testing"
+
+	pb "github.com/romnnn/ldap-manager/grpc/ldap-manager"
+)
+
+// TestSetup ...
+func TestSetup(t *testing.T) {
+	if skipSetupTests {
+		t.Skip()
+	}
+	test := new(Test).Setup(t)
+	defer test.Teardown()
+
+	// check if the default admin and user groups were created
+	if _, err := test.Manager.GetGroup(&pb.GetGroupRequest{Name: test.Manager.DefaultUserGroup}); err != nil {
+		t.Errorf("setup failed: failed to get default users group %q: %v", test.Manager.DefaultUserGroup, err)
+	}
+	if _, err := test.Manager.GetGroup(&pb.GetGroupRequest{Name: test.Manager.DefaultAdminGroup}); err != nil {
+		t.Errorf("setup failed: failed to get default admin group %q: %v", test.Manager.DefaultAdminGroup, err)
+	}
+
+	// Check if the default admin user was created
+	if _, err := test.Manager.AuthenticateUser(&pb.LoginRequest{Username: test.Manager.DefaultAdminUsername, Password: test.Manager.DefaultAdminPassword}); err != nil {
+		t.Errorf("setup failed: failed to get default admin group %q: %v", test.Manager.DefaultAdminGroup, err)
+	}
+
+	// check if the default admin user is in the admins group
+	adminsMemberStatus, err := test.Manager.IsGroupMember(&pb.IsGroupMemberRequest{
+		Username: test.Manager.DefaultAdminUsername,
+		Group:    test.Manager.DefaultAdminGroup,
+	})
+	if err != nil {
+		t.Errorf("setup failed: failed to check if admin user %q is in group %q: %v", test.Manager.DefaultAdminUsername, test.Manager.DefaultAdminGroup, err)
+	}
+	if isAdmin := adminsMemberStatus.GetIsMember(); !isAdmin {
+		t.Errorf("setup failed: default admin user %q is not an admin (in group %q)", test.Manager.DefaultAdminUsername, test.Manager.DefaultAdminGroup)
+	}
+
+	// check if the default admin user is in the users group as well
+	usersMemberStatus, err := test.Manager.IsGroupMember(&pb.IsGroupMemberRequest{
+		Username: test.Manager.DefaultAdminUsername,
+		Group:    test.Manager.DefaultUserGroup,
+	})
+	if err != nil {
+		t.Errorf("setup failed: failed to check if admin user %q is in group %q: %v", test.Manager.DefaultAdminUsername, test.Manager.DefaultUserGroup, err)
+	}
+	if isUser := usersMemberStatus.GetIsMember(); !isUser {
+		t.Errorf("setup failed: default admin user %q is not a user (in group %q)", test.Manager.DefaultAdminUsername, test.Manager.DefaultUserGroup)
+	}
+}
+
+// TestForceSetup ...
+func TestForceSetup(t *testing.T) {
+	if skipSetupTests {
+		t.Skip()
+	}
+	test := new(Test).SkipSetup(t)
+	defer test.Teardown()
+
+	differentAdminUser := &pb.NewAccountRequest{
+		Account: &pb.Account{
+			Username:  "differentAdmin",
+			Password:  "differentAdmin",
+			FirstName: "changeme",
+			LastName:  "changeme",
+			Email:     "[email protected]",
+		},
+	}
+
+	_ = test.Manager.setupGroupsOU()
+	_ = test.Manager.setupUsersOU()
+	_ = test.Manager.setupLastGID()
+	_ = test.Manager.setupLastUID()
+
+	// create a different admin user
+	if err := test.Manager.NewAccount(differentAdminUser, pb.HashingAlgorithm_DEFAULT); err != nil {
+		t.Fatalf("failed to create different admin account: %v", err)
+	}
+	// create the group
+	strict := false
+	if err := test.Manager.NewGroup(&pb.NewGroupRequest{Name: test.Manager.DefaultAdminGroup, Members: []string{
+		differentAdminUser.GetAccount().GetUsername(),
+	}}, strict); err != nil {
+		t.Fatalf("failed to create admins group: %v", err)
+	}
+
+	if err := test.Manager.SetupLDAP(); err != nil {
+		t.Fatalf("failed to setup ldap manager service: %v", err)
+	}
+
+	// make sure we cannot authenticate with the default admin user because an admin already existed
+	if _, err := test.Manager.AuthenticateUser(&pb.LoginRequest{Username: test.Manager.DefaultAdminUsername, Password: test.Manager.DefaultAdminPassword}); err == nil {
+		t.Errorf("expected error when authenticating as the default admin %q when another admin account already existed", test.Manager.DefaultAdminUsername)
+	}
+
+	// make sure the admin is created when forced
+	test.Manager.ForceCreateAdmin = true
+	if err := test.Manager.SetupLDAP(); err != nil {
+		t.Fatalf("failed to setup ldap manager service: %v", err)
+	}
+	if _, err := test.Manager.AuthenticateUser(&pb.LoginRequest{Username: test.Manager.DefaultAdminUsername, Password: test.Manager.DefaultAdminPassword}); err != nil {
+		t.Errorf("failed to authenticate as the default admin %q after forced creation: %v", test.Manager.DefaultAdminUsername, err)
+	}
+}
diff --git a/test.go b/test.go
@@ -20,6 +20,7 @@ const (
 	skipChangePasswordTests = false
 	skipGroupTests          = false
 	skipGroupMemberTests    = false
+	skipSetupTests          = false
 )
 
 // Test ...
@@ -29,8 +30,7 @@ type Test struct {
 	Manager         *LDAPManager
 }
 
-// Setup ...
-func (test *Test) Setup(t *testing.T) *Test {
+func (test *Test) setup(t *testing.T, skipSetupLDAP bool) *Test {
 	var err error
 	if parallel {
 		t.Parallel()
@@ -62,13 +62,22 @@ func (test *Test) Setup(t *testing.T) *Test {
 
 	// create and setup the LDAP Manager service
 	test.Manager = NewLDAPManager(test.OpenLDAPCConfig)
-	if err := test.Manager.Setup(); err != nil {
+	if err := test.Manager.Setup(skipSetupLDAP); err != nil {
 		t.Fatal(err)
 	}
-
 	return test
 }
 
+// Setup ...
+func (test *Test) Setup(t *testing.T) *Test {
+	return test.setup(t, false)
+}
+
+// SkipSetup ...
+func (test *Test) SkipSetup(t *testing.T) *Test {
+	return test.setup(t, true)
+}
+
 // Teardown ...
 func (test *Test) Teardown() {
 	if test.OpenLDAPC != nil {