mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-01-13 22:48:31 -05:00
162 lines
5.8 KiB
TypeScript
162 lines
5.8 KiB
TypeScript
|
import ActiveDirectory from 'activedirectory2';
|
||
|
import { HTTP_STATUS } from '@verdaccio/commons-api';
|
||
|
|
||
|
import ActiveDirectoryPlugin, { NotAuthMessage } from '../src/active-directory';
|
||
|
|
||
|
// eslint-disable-next-line jest/no-mocks-import
|
||
|
import logger from './__mocks__/Logger';
|
||
|
|
||
|
describe('Active Directory Plugin', () => {
|
||
|
let adPlugin;
|
||
|
let adPluginSingleGroup;
|
||
|
let adPluginMultiGroups;
|
||
|
|
||
|
const config = {
|
||
|
url: 'ldap://localhost',
|
||
|
baseDN: 'dc=local,dc=host',
|
||
|
domainSuffix: 'local.host',
|
||
|
};
|
||
|
|
||
|
const configSingleGroup = {
|
||
|
...config,
|
||
|
groupName: 'singleGroup',
|
||
|
};
|
||
|
|
||
|
const configMultiGroups = {
|
||
|
...config,
|
||
|
groupName: ['group1', 'group2', 'group3'],
|
||
|
};
|
||
|
|
||
|
beforeAll(() => {
|
||
|
adPlugin = new ActiveDirectoryPlugin(config, { logger });
|
||
|
adPluginSingleGroup = new ActiveDirectoryPlugin(configSingleGroup, { logger });
|
||
|
adPluginMultiGroups = new ActiveDirectoryPlugin(configMultiGroups, { logger });
|
||
|
});
|
||
|
|
||
|
beforeEach(() => {
|
||
|
jest.resetModules();
|
||
|
});
|
||
|
|
||
|
test('get error when connection fails', (done) => {
|
||
|
const errorMessage = 'Unknown error';
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(errorMessage, undefined));
|
||
|
|
||
|
adPlugin.authenticate('', '', (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(logger.warn).toHaveBeenCalled();
|
||
|
expect(error.code).toBe(HTTP_STATUS.INTERNAL_ERROR);
|
||
|
expect(error.message).toBe(errorMessage);
|
||
|
expect(authUser).toBeUndefined();
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
test('get error when not authenticated satisfactory', (done) => {
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(null, false));
|
||
|
|
||
|
adPlugin.authenticate('', '', (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(logger.warn).toHaveBeenCalledWith(NotAuthMessage);
|
||
|
expect(error.code).toBe(HTTP_STATUS.UNAUTHORIZED);
|
||
|
expect(error.message).toBe(NotAuthMessage);
|
||
|
expect(authUser).toBeUndefined();
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
test('connect satisfactory without groups', (done) => {
|
||
|
const user = 'user';
|
||
|
const password = 'password';
|
||
|
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(null, true));
|
||
|
|
||
|
adPlugin.authenticate(user, password, (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(logger.info).toHaveBeenCalled();
|
||
|
expect(error).toBeNull();
|
||
|
expect(authUser).toStrictEqual([user]);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
test('get error when getting groups for user', (done) => {
|
||
|
const errorMessage = 'Unknown error retrieving groups';
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(null, true));
|
||
|
ActiveDirectory.prototype.getGroupMembershipForUser = jest.fn((_, cb) =>
|
||
|
cb((errorMessage as unknown) as object, null)
|
||
|
) as jest.Mock;
|
||
|
|
||
|
adPluginSingleGroup.authenticate('', '', (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(ActiveDirectory.prototype.getGroupMembershipForUser).toHaveBeenCalled();
|
||
|
expect(logger.warn).toHaveBeenCalled();
|
||
|
expect(error.code).toBe(HTTP_STATUS.INTERNAL_ERROR);
|
||
|
expect(error.message).toBe(errorMessage);
|
||
|
expect(authUser).toBeUndefined();
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
test('get error when user groups do not match', (done) => {
|
||
|
const user = 'user';
|
||
|
const password = 'password';
|
||
|
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(null, true));
|
||
|
ActiveDirectory.prototype.getGroupMembershipForUser = jest.fn((_, cb) =>
|
||
|
cb(null, [{ cn: 'notMatchGroup' }])
|
||
|
) as jest.Mock;
|
||
|
|
||
|
adPluginSingleGroup.authenticate(user, password, (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(ActiveDirectory.prototype.getGroupMembershipForUser).toHaveBeenCalled();
|
||
|
expect(logger.warn).toHaveBeenCalled();
|
||
|
expect(error.code).toBe(HTTP_STATUS.FORBIDDEN);
|
||
|
expect(error.message).toBe(
|
||
|
`AD - User ${user} is not member of group(s): ${configSingleGroup.groupName}`
|
||
|
);
|
||
|
expect(authUser).toBeUndefined();
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
test('connect satisfactory when connection has only one group defined', (done) => {
|
||
|
const { groupName } = configSingleGroup;
|
||
|
const user = 'user';
|
||
|
const password = 'password';
|
||
|
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(null, true));
|
||
|
ActiveDirectory.prototype.getGroupMembershipForUser = jest.fn((_, cb) =>
|
||
|
cb(null, [{ cn: groupName }])
|
||
|
) as jest.Mock;
|
||
|
|
||
|
adPluginSingleGroup.authenticate(user, password, (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(ActiveDirectory.prototype.getGroupMembershipForUser).toHaveBeenCalled();
|
||
|
expect(logger.info).toHaveBeenCalled();
|
||
|
expect(error).toBeNull();
|
||
|
expect(authUser).toStrictEqual([groupName, user]);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
test('connect satisfactory when connection has multiple groups defined', (done) => {
|
||
|
const [, group2, group3] = configMultiGroups.groupName;
|
||
|
const user = 'user';
|
||
|
const password = 'password';
|
||
|
|
||
|
ActiveDirectory.prototype.authenticate = jest.fn((_1, _2, cb) => cb(null, true));
|
||
|
ActiveDirectory.prototype.getGroupMembershipForUser = jest.fn((_, cb) =>
|
||
|
cb(null, [{ cn: group2 }, { dn: group3 }])
|
||
|
) as jest.Mock;
|
||
|
|
||
|
adPluginMultiGroups.authenticate(user, password, (error, authUser) => {
|
||
|
expect(ActiveDirectory.prototype.authenticate).toHaveBeenCalled();
|
||
|
expect(ActiveDirectory.prototype.getGroupMembershipForUser).toHaveBeenCalled();
|
||
|
expect(logger.info).toHaveBeenCalled();
|
||
|
expect(error).toBeNull();
|
||
|
expect(authUser).toStrictEqual([group2, group3, user]);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|