Remove useless tests from Ldap qa

- refactor assert messaging - remove useless tests - provide additional credentials
Mirantis · Apr 13, 2018 · 2509510 · 2509510
1 parent 2b38c05
commit 2509510
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 30 deletions.
diff --git a/kqueen/auth/ldap.py b/kqueen/auth/ldap.py
@@ -32,8 +32,9 @@ def __init__(self, *args, **kwargs):
             self.connection.simple_bind_s(self.admin_dn, self.password)
             self.connection.protocol_version = ldap.VERSION3
         else:
-            logger.error('Failed to bind connection for Kqueen Read-only user')
-            self.connection.unbind()
+            msg = 'Failed to bind connection for Kqueen Read-only user'
+            logger.error(msg)
+            raise ImproperlyConfigured(msg)
 
     def _get_matched_dn(self, cn):
         """This function reads username as cn and returns all matched full-dn's
@@ -72,12 +73,11 @@ def verify(self, user, password):
         """
 
         if user.metadata.get('ldap_dn', None):
-            logger.debug('Full dn already stored in user metadata: {}'.format(user.metadata))
+            logger.debug('Full dn is already stored in user metadata: {}'.format(user.metadata))
             if self._bind(user.metadata['ldap_dn'], password):
                 logger.info('LDAP Verification through metadata: {} passed successfully'.format(user.metadata))
                 return user, None
         else:
-            logger.info('There is no dn in user metadata: {}, searching in LDAP...'.format(user.metadata))
             matched_dn = self._get_matched_dn(user.username)
             full_dn = None
 
@@ -91,6 +91,11 @@ def verify(self, user, password):
                 logger.info('Valid full-DN found: {}. It will be stored in user metadata: {}'.format(full_dn, user.metadata))
                 logger.info('LDAP Verification passed successfully')
                 return user, None
+            else:
+                msg = 'Failed to validate full-DN. Check CN name and defined password of invited user'
+                logger.error(msg)
+                return None, msg
+
         msg = 'LDAP Verification failed'
         logger.info(msg)
         return None, msg
@@ -104,34 +109,34 @@ def _bind(self, dn, password):
             if bind:
                 msg = 'User {} successfully bind connection LDAP'.format(dn)
                 logger.debug(msg)
-                return True, msg
+                return True
         except ldap.INVALID_CREDENTIALS:
 
             msg = "Invalid LDAP credentials for {}".format(dn)
             logger.exception(msg)
-            return False, msg
+            return False
 
         except ldap.INVALID_DN_SYNTAX:
 
             msg = 'Invalid DN syntax in configuration: {}'.format(dn)
             logger.exception(msg)
-            return False, msg
+            return False
 
         except ldap.LDAPError:
 
             msg = 'Failed to bind LDAP server'
             logger.exception(msg)
-            return False, msg
+            return False
 
         except Exception:
 
             msg = 'Unknown error occurred during LDAP server bind'
             logger.exception(msg)
-            return False, msg
+            return False
 
         finally:
             self.connection.unbind()
 
         msg = 'All LDAP authentication methods failed'
         logger.error(msg)
-        return False, msg
+        return False
diff --git a/kqueen/auth/test_ldap.py b/kqueen/auth/test_ldap.py
@@ -1,5 +1,6 @@
 from .ldap import LDAPAuth
 from kqueen.models import User
+from kqueen.exceptions import ImproperlyConfigured
 
 import pytest
 
@@ -8,18 +9,20 @@ class TestAuthMethod:
     @pytest.fixture(autouse=True)
     def setup(self, user):
         self.user = user
-        self.user.username = 'admin@example.org'
+        self.user.username = 'admin'
+        self.user.metadata = {}
         self.user.password = ''
         self.user.save()
 
-        self.auth_class = LDAPAuth(uri='ldap://127.0.0.1:389')
+        self.auth_class = LDAPAuth(uri='ldap://127.0.0.1', admin_dn='cn=admin,dc=example,dc=org', password='heslo123')
 
-    def test_raise_on_missing_uri(self):
-        with pytest.raises(Exception, msg='Parameter uri is required'):
+    def test_raise_on_missing_creds(self):
+        with pytest.raises(Exception, msg='Failed to configure LDAP, please provide valid LDAP credentials'):
             LDAPAuth()
 
     def test_login_pass(self):
         password = 'heslo123'
+
         user, error = self.auth_class.verify(self.user, password)
 
         assert isinstance(user, User)
@@ -30,20 +33,8 @@ def test_login_bad_pass(self):
         user, error = self.auth_class.verify(self.user, password)
 
         assert not user
-        assert error == "Invalid LDAP credentials"
+        assert error == 'Failed to validate full-DN. Check CN name and defined password of invited user'
 
     def test_bad_server(self):
-        password = 'heslo123'
-        auth_class = LDAPAuth(uri="ldap://127.0.0.1:55555")
-
-        user, error = auth_class.verify(self.user, password)
-        assert not user
-        assert error == "LDAP auth failed, check log for error"
-
-    @pytest.mark.parametrize('email, dn', [
-        ('admin@example.org', 'cn=admin,dc=example,dc=org'),
-        ('name.surname@mail.example.net', 'cn=name.surname,dc=mail,dc=example,dc=net'),
-        ('user', 'cn=user'),
-    ])
-    def test_email_to_dn(self, email, dn):
-        assert self.auth_class._email_to_dn(email) == dn
+        with pytest.raises(ImproperlyConfigured, msg='Failed to bind connection for Kqueen Read-only user'):
+            LDAPAuth(uri='ldap://127.0.0.1:55555', admin_dn='cn=admin,dc=example,dc=org', password='heslo123')
diff --git a/kqueen/config/test.py b/kqueen/config/test.py
@@ -34,7 +34,7 @@ class Config(BaseConfig):
     AUTH_MODULES = 'local,ldap'
 
     # Ldap config
-    LDAP_URI = 'ldap://ldap'
+    LDAP_URI = 'ldap://127.0.0.1'
     # Creds for Kqueen Read-only user
     LDAP_DN = 'cn=admin,dc=example,dc=org'
     LDAP_PASSWORD = 'heslo123'