From 353a2d1b134714e0f902e4563152220ba3bf31bb Mon Sep 17 00:00:00 2001 From: Andrew Ruthven Date: Mon, 19 Dec 2022 23:04:09 +1300 Subject: [PATCH] Add testing for LDAP with memcache --- .gitlab-ci.yml | 63 +++++++- testing/apache-site.conf.example | 2 +- testing/regression-conf.php.example | 22 +++ .../tests/ldap/0000-clear-memcached.result | 1 + testing/tests/ldap/0000-clear-memcached.test | 3 + .../ldap/0000-confirm-no-ldap1-user.result | 1 + .../ldap/0000-confirm-no-ldap1-user.test | 6 + testing/tests/ldap/0001-test-ldap.result | 67 +++++++++ testing/tests/ldap/0001-test-ldap.test | 64 ++++++++ .../0002-NoCachedCredentials-ldap1.result | 2 + .../ldap/0002-NoCachedCredentials-ldap1.test | 4 + testing/tests/ldap/0003-test-ldap.result | 67 +++++++++ testing/tests/ldap/0003-test-ldap.test | 1 + .../ldap/0004-CachedCredentials-ldap1.result | 1 + .../ldap/0004-CachedCredentials-ldap1.test | 5 + .../tests/ldap/0005-test-invalid-user.result | 7 + .../tests/ldap/0005-test-invalid-user.test | 64 ++++++++ .../0006-NoCachedCredentials-ldap2.result | 2 + .../ldap/0006-NoCachedCredentials-ldap2.test | 4 + .../tests/ldap/0007-test-invalid-user.result | 7 + .../tests/ldap/0007-test-invalid-user.test | 66 +++++++++ .../0008-CachedCredentialsFailed-ldap2.result | 1 + .../0008-CachedCredentialsFailed-ldap2.test | 5 + testing/tests/ldap/Create-Database.result | 14 ++ testing/tests/ldap/Dump-Database.result | 0 testing/tests/ldap/Load-Sample-Data.result | 15 ++ .../tests/ldap/Really-Upgrade-Database.result | 7 + testing/tests/ldap/Restore-Database.result | 140 ++++++++++++++++++ testing/tests/ldap/Upgrade-Database.result | 5 + testing/tests/ldap/sample-data.sql | 126 ++++++++++++++++ 30 files changed, 770 insertions(+), 2 deletions(-) create mode 100644 testing/tests/ldap/0000-clear-memcached.result create mode 100644 testing/tests/ldap/0000-clear-memcached.test create mode 100644 testing/tests/ldap/0000-confirm-no-ldap1-user.result create mode 100644 testing/tests/ldap/0000-confirm-no-ldap1-user.test create mode 100644 testing/tests/ldap/0001-test-ldap.result create mode 100644 testing/tests/ldap/0001-test-ldap.test create mode 100644 testing/tests/ldap/0002-NoCachedCredentials-ldap1.result create mode 100644 testing/tests/ldap/0002-NoCachedCredentials-ldap1.test create mode 100644 testing/tests/ldap/0003-test-ldap.result create mode 120000 testing/tests/ldap/0003-test-ldap.test create mode 100644 testing/tests/ldap/0004-CachedCredentials-ldap1.result create mode 100644 testing/tests/ldap/0004-CachedCredentials-ldap1.test create mode 100644 testing/tests/ldap/0005-test-invalid-user.result create mode 100644 testing/tests/ldap/0005-test-invalid-user.test create mode 100644 testing/tests/ldap/0006-NoCachedCredentials-ldap2.result create mode 100644 testing/tests/ldap/0006-NoCachedCredentials-ldap2.test create mode 100644 testing/tests/ldap/0007-test-invalid-user.result create mode 100644 testing/tests/ldap/0007-test-invalid-user.test create mode 100644 testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.result create mode 100644 testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.test create mode 100644 testing/tests/ldap/Create-Database.result create mode 100644 testing/tests/ldap/Dump-Database.result create mode 100644 testing/tests/ldap/Load-Sample-Data.result create mode 100644 testing/tests/ldap/Really-Upgrade-Database.result create mode 100644 testing/tests/ldap/Restore-Database.result create mode 100644 testing/tests/ldap/Upgrade-Database.result create mode 100644 testing/tests/ldap/sample-data.sql diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b09f8fe1..844c1289 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,6 +2,7 @@ stages: - build - test - testall + - testldap build: stage: build @@ -260,7 +261,7 @@ test_memcache: - echo "en_NZ.UTF-8 UTF-8" >> /etc/locale.gen - locale-gen - echo "LANG=en_NZ.UTF-8" > /etc/default/locale - - apt-get -y install libdbd-pg-perl libyaml-perl php php-cli php-pgsql php-xml php-memcached postgresql-client postgresql libapache2-mod-php curl xmlstarlet memcached + - apt-get -y install libdbd-pg-perl libyaml-perl php php-cli php-pgsql php-xml php-memcached postgresql-client postgresql libapache2-mod-php curl xmlstarlet memcached netcat-openbsd - phpenmod memcached - curl 'https://gitlab.com/davical-project/awl/-/archive/master/awl-master.tar.gz' | tar zxf - - mv awl-master /usr/share/awl/ @@ -299,3 +300,63 @@ test_memcache: - xz apache2_log/test_memcache/* - mkdir -p davical_log - cp -r /var/log/davical davical_log/test_memcache + +# Only test if the memcache test passes +test_memcache_and_ldap: + stage: testldap + image: debian:unstable + artifacts: + paths: + - testing/report.xml + - apache2_log/* + - davical_log/* + reports: + junit: testing/report.xml + when: + always + script: + - apt-get -y update + - bash -c 'mkdir -p /usr/share/man/man{0..10}' + - apt-get -y install locales + - echo "en_NZ.UTF-8 UTF-8" >> /etc/locale.gen + - locale-gen + - echo "LANG=en_NZ.UTF-8" > /etc/default/locale + - apt-get -y install libdbd-pg-perl libyaml-perl php php-cli php-pgsql php-xml php-memcached php-ldap postgresql-client postgresql libapache2-mod-php curl xmlstarlet memcached libnet-ldap-server-test-perl netcat-openbsd + - phpenmod memcached + - phpenmod ldap + - curl 'https://gitlab.com/davical-project/awl/-/archive/master/awl-master.tar.gz' | tar zxf - + - mv awl-master /usr/share/awl/ + - chown -R www-data /usr/share/awl/ + - dpkg --ignore-depends=libawl-php -i *.deb + - echo '127.0.1.1 regression mycaldav mycaldav_ldap myempty' >> /etc/hosts + - rm /etc/apache2/ports.conf /etc/apache2/sites-enabled/000-default.conf && touch /etc/apache2/ports.conf + - cp testing/apache-site.conf.example /etc/apache2/sites-enabled/davical-regression.conf + - sed -i 's/\/path\/to/\/usr\/share/g' /etc/apache2/sites-enabled/davical-regression.conf + - mkdir /usr/share/davical/testing/ + - cp testing/*.php /usr/share/davical/testing/ + - rm /etc/davical/config.php + - cat testing/regression-conf.php.example | sed 's.//$c->dbg.$c->dbg.' | sed -E 's.//(memcache|ldap) ..g' > /etc/davical/regression-conf.php + - ln -s /etc/davical/regression-conf.php /etc/davical/mycaldav_ldap-conf.php + - mkdir -p /var/log/davical + - chown www-data /var/log/davical + - sed -i '/peer/d' /etc/postgresql/16/main/pg_hba.conf + - echo 'local all all trust' >> /etc/postgresql/16/main/pg_hba.conf + - pg_ctlcluster 16 main start + - su postgres -c 'createuser davical_dba --createdb --createrole --superuser' + - su postgres -c 'createuser davical_app --superuser' + - su postgres -c 'createuser testrunner --superuser' + - pg_ctlcluster 16 main restart + - a2enmod rewrite + - a2enmod headers + - apache2ctl start + - /etc/init.d/memcached start + - useradd testrunner + # testrunner needs to be able to read /var/log/apache2/regression-error.log for the ldap tests. + - adduser testrunner adm + - cd testing && su testrunner -c 'IS_CI=yes ALLSUITES="ldap" ./run_regressions.sh all x' + after_script: + - mkdir -p apache2_log + - cp -r /var/log/apache2 apache2_log/test_memcache_and_ldap + - xz apache2_log/test_memcache_and_ldap/* + - mkdir -p davical_log + - cp -r /var/log/davical davical_log/test_memcache_and_ldap diff --git a/testing/apache-site.conf.example b/testing/apache-site.conf.example index cbacae2c..48eb8849 100644 --- a/testing/apache-site.conf.example +++ b/testing/apache-site.conf.example @@ -1,7 +1,7 @@ Listen 127.0.1.1:80 ServerName regression - ServerAlias myempty mycaldav + ServerAlias myempty mycaldav mycaldav_ldap DocumentRoot /path/to/davical/htdocs CustomLog ${APACHE_LOG_DIR}/regression-access.log combined ErrorLog ${APACHE_LOG_DIR}/regression-error.log diff --git a/testing/regression-conf.php.example b/testing/regression-conf.php.example index befa551c..27223c30 100644 --- a/testing/regression-conf.php.example +++ b/testing/regression-conf.php.example @@ -23,4 +23,26 @@ // if testing memcache //memcache $c->memcache_servers[] = '127.0.0.1,11211'; //memcache $c->auth_cache = true; + + // if testing LDAP + //ldap $c->authenticate_hook['call'] = 'LDAP_check'; + //ldap $c->authenticate_hook['config'] = array( + //ldap 'host' => 'localhost', + //ldap 'port' => '21394', + //ldap 'baseDNUsers' => 'dc=example,dc=com', + //ldap 'mapping_field' => array("username" => "uid", + //ldap "modified" => "modifyTimestamp", + //ldap "fullname" => "cn" , + //ldap "email" =>"mail" + //ldap ), + //ldap 'group_mapping_field' => array("username" => "cn", + //ldap "modified" => "modifyTimestamp", + //ldap "fullname" => "cn" , + //ldap "members" =>"memberUid" + //ldap ), + //ldap 'format_updated' => array('Y' => array(0,4), 'm' => array(4,2), 'd' => array(6,2), 'H' => array(8,2), 'M' => array(10,2), 'S' => array(12,2)) + //ldap ); + + //ldap include('drivers_ldap.php'); + ?> diff --git a/testing/tests/ldap/0000-clear-memcached.result b/testing/tests/ldap/0000-clear-memcached.result new file mode 100644 index 00000000..e178f823 --- /dev/null +++ b/testing/tests/ldap/0000-clear-memcached.result @@ -0,0 +1 @@ +OK diff --git a/testing/tests/ldap/0000-clear-memcached.test b/testing/tests/ldap/0000-clear-memcached.test new file mode 100644 index 00000000..dd88e094 --- /dev/null +++ b/testing/tests/ldap/0000-clear-memcached.test @@ -0,0 +1,3 @@ +# Ensure that memcached has nothing cached. + +SCRIPT=echo flush_all | nc -N 127.0.0.1 11211 diff --git a/testing/tests/ldap/0000-confirm-no-ldap1-user.result b/testing/tests/ldap/0000-confirm-no-ldap1-user.result new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/testing/tests/ldap/0000-confirm-no-ldap1-user.result @@ -0,0 +1 @@ + diff --git a/testing/tests/ldap/0000-confirm-no-ldap1-user.test b/testing/tests/ldap/0000-confirm-no-ldap1-user.test new file mode 100644 index 00000000..8bd8893f --- /dev/null +++ b/testing/tests/ldap/0000-confirm-no-ldap1-user.test @@ -0,0 +1,6 @@ +# Check that no usr record exists +QUERY +SELECT active ,email, fullname, last_used, password, username, user_no +FROM usr +WHERE username = 'ldap1'; +ENDQUERY diff --git a/testing/tests/ldap/0001-test-ldap.result b/testing/tests/ldap/0001-test-ldap.result new file mode 100644 index 00000000..2fedb1a2 --- /dev/null +++ b/testing/tests/ldap/0001-test-ldap.result @@ -0,0 +1,67 @@ +HTTP/1.1 207 Multi-Status +Date: Dow, 01 Jan 2000 00:00:00 GMT +DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule +DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy +ETag: "ed58709591152964fd4a584af5b55d79" +Content-Length: 942 +Content-Type: text/xml; charset="utf-8" + + + + + /caldav.php/ + + + + + + + HTTP/1.1 200 OK + + + + /caldav.php/resource1/ + + + + + + + + HTTP/1.1 200 OK + + + + /caldav.php/resource2/ + + + + + + + + HTTP/1.1 200 OK + + + + /caldav.php/ldap1/ + + + + + + + + HTTP/1.1 200 OK + + + + + active: >1< + email: >ldap1@example.com< + fullname: >ldap1< + last_used: >NULL< + password: >NULL< + user_no: >1001< + username: >ldap1< + diff --git a/testing/tests/ldap/0001-test-ldap.test b/testing/tests/ldap/0001-test-ldap.test new file mode 100644 index 00000000..b6ee3d2b --- /dev/null +++ b/testing/tests/ldap/0001-test-ldap.test @@ -0,0 +1,64 @@ +BEGINPERL +if ($debug) { $ENV{'LDAP_DEBUG'} = 1 }; + +use Net::LDAP::Server::Test; +use Net::LDAP; +use IO::Socket::INET; + +#my $port = find_idle_port(); + +#my $ldap_port = RT::Test->find_idle_port; +my $ldap_port = 21394; +my $ldap_socket = IO::Socket::INET->new( + Listen => 5, + Proto => 'tcp', + Reuse => 1, + LocalPort => $ldap_port, +); + +# Keep it around after this block exits. +$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 ); + +my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!"; +$ldap->bind(); +my $username = "ldap1"; +my $base = "dc=example,dc=com"; +my $dn = "uid=$username,$base"; +my $entry = { + cn => $username, + mail => "$username\@example.com", + uid => $username, + objectClass => 'User', + userPassword => 'ldap1', +}; +$ldap->add( $base ); +$ldap->add( $dn, attr => [%$entry] ); + +# We need to keep the client around, otherwise the test server will exit. +$evaled{'ldap_client'} = $ldap; +#sleep 100; +ENDPERL + +TYPE=PROPFIND +URL=http://regression_ldap.host/caldav.php/ +HEADER=Content-Type: text/xml +HEADER=Depth: 1 +AUTH=ldap1:ldap1 +HEAD + +BEGINDATA + + + + + + +ENDDATA + +# Check that a usr record has been created. +QUERY +SELECT active, email, fullname, last_used, password, username, user_no +FROM usr +WHERE username = 'ldap1'; +ENDQUERY + diff --git a/testing/tests/ldap/0002-NoCachedCredentials-ldap1.result b/testing/tests/ldap/0002-NoCachedCredentials-ldap1.result new file mode 100644 index 00000000..ae4e4709 --- /dev/null +++ b/testing/tests/ldap/0002-NoCachedCredentials-ldap1.result @@ -0,0 +1,2 @@ +No cached credentials found - no salt +No cached credentials found diff --git a/testing/tests/ldap/0002-NoCachedCredentials-ldap1.test b/testing/tests/ldap/0002-NoCachedCredentials-ldap1.test new file mode 100644 index 00000000..bee35669 --- /dev/null +++ b/testing/tests/ldap/0002-NoCachedCredentials-ldap1.test @@ -0,0 +1,4 @@ +# Make sure there are no cached credentials present. +SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: No salt stored for ldap1" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "No cached credentials found" - no salt; else echo "Cached credentials, salt present, failed"; fi +SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap1 are good" /var/log/apache2/regression-error.log | wc -l) -eq 0 ] ; then echo "No cached credentials found"; else echo "Cached credentials, failed"; fi + diff --git a/testing/tests/ldap/0003-test-ldap.result b/testing/tests/ldap/0003-test-ldap.result new file mode 100644 index 00000000..2fedb1a2 --- /dev/null +++ b/testing/tests/ldap/0003-test-ldap.result @@ -0,0 +1,67 @@ +HTTP/1.1 207 Multi-Status +Date: Dow, 01 Jan 2000 00:00:00 GMT +DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule +DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy +ETag: "ed58709591152964fd4a584af5b55d79" +Content-Length: 942 +Content-Type: text/xml; charset="utf-8" + + + + + /caldav.php/ + + + + + + + HTTP/1.1 200 OK + + + + /caldav.php/resource1/ + + + + + + + + HTTP/1.1 200 OK + + + + /caldav.php/resource2/ + + + + + + + + HTTP/1.1 200 OK + + + + /caldav.php/ldap1/ + + + + + + + + HTTP/1.1 200 OK + + + + + active: >1< + email: >ldap1@example.com< + fullname: >ldap1< + last_used: >NULL< + password: >NULL< + user_no: >1001< + username: >ldap1< + diff --git a/testing/tests/ldap/0003-test-ldap.test b/testing/tests/ldap/0003-test-ldap.test new file mode 120000 index 00000000..40b0ea5b --- /dev/null +++ b/testing/tests/ldap/0003-test-ldap.test @@ -0,0 +1 @@ +0001-test-ldap.test \ No newline at end of file diff --git a/testing/tests/ldap/0004-CachedCredentials-ldap1.result b/testing/tests/ldap/0004-CachedCredentials-ldap1.result new file mode 100644 index 00000000..3e377816 --- /dev/null +++ b/testing/tests/ldap/0004-CachedCredentials-ldap1.result @@ -0,0 +1 @@ +Cached credentials found diff --git a/testing/tests/ldap/0004-CachedCredentials-ldap1.test b/testing/tests/ldap/0004-CachedCredentials-ldap1.test new file mode 100644 index 00000000..f9549fd0 --- /dev/null +++ b/testing/tests/ldap/0004-CachedCredentials-ldap1.test @@ -0,0 +1,5 @@ +# Check to see if the log line for cached credentials being valid is +# present. That is only issued if we're successfully fetch valid credentials +# from our cache. +SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap1 are good" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "Cached credentials found"; else echo "Cached credentials failed"; fi + diff --git a/testing/tests/ldap/0005-test-invalid-user.result b/testing/tests/ldap/0005-test-invalid-user.result new file mode 100644 index 00000000..d0f20441 --- /dev/null +++ b/testing/tests/ldap/0005-test-invalid-user.result @@ -0,0 +1,7 @@ +HTTP/1.1 401 Unauthorized +Date: Dow, 01 Jan 2000 00:00:00 GMT +WWW-Authenticate: Basic realm="DAViCal CalDAV Server" +Content-Length: 40 +Content-Type: text/plain; ; charset="utf-8" + +Please log in for access to this system. diff --git a/testing/tests/ldap/0005-test-invalid-user.test b/testing/tests/ldap/0005-test-invalid-user.test new file mode 100644 index 00000000..75bbd17e --- /dev/null +++ b/testing/tests/ldap/0005-test-invalid-user.test @@ -0,0 +1,64 @@ +BEGINPERL +if ($debug) { $ENV{'LDAP_DEBUG'} = 1 }; + +use Net::LDAP::Server::Test; +use Net::LDAP; +use IO::Socket::INET; + +#my $port = find_idle_port(); + +#my $ldap_port = RT::Test->find_idle_port; +my $ldap_port = 21394; +my $ldap_socket = IO::Socket::INET->new( + Listen => 5, + Proto => 'tcp', + Reuse => 1, + LocalPort => $ldap_port, +); + +# Keep it around after this block exits. +$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 ); + +my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!"; +$ldap->bind(); +my $username = "ldap1"; +my $base = "dc=example,dc=com"; +my $dn = "uid=$username,$base"; +my $entry = { + cn => $username, + mail => "$username\@example.com", + uid => $username, + objectClass => 'User', + userPassword => 'ldap1', +}; +$ldap->add( $base ); +$ldap->add( $dn, attr => [%$entry] ); + +# We need to keep the client around, otherwise the test server will exit. +$evaled{'ldap_client'} = $ldap; +#sleep 100; +ENDPERL + +TYPE=PROPFIND +URL=http://regression_ldap.host/caldav.php/ +HEADER=Content-Type: text/xml +HEADER=Depth: 1 +AUTH=ldap2:ldap2 +HEAD + +BEGINDATA + + + + + + +ENDDATA + +# Check that no usr record has been created. +QUERY +SELECT active, email, fullname, last_used, password, username, user_no +FROM usr +WHERE username = 'ldap2'; +ENDQUERY + diff --git a/testing/tests/ldap/0006-NoCachedCredentials-ldap2.result b/testing/tests/ldap/0006-NoCachedCredentials-ldap2.result new file mode 100644 index 00000000..ae4e4709 --- /dev/null +++ b/testing/tests/ldap/0006-NoCachedCredentials-ldap2.result @@ -0,0 +1,2 @@ +No cached credentials found - no salt +No cached credentials found diff --git a/testing/tests/ldap/0006-NoCachedCredentials-ldap2.test b/testing/tests/ldap/0006-NoCachedCredentials-ldap2.test new file mode 100644 index 00000000..9991dda1 --- /dev/null +++ b/testing/tests/ldap/0006-NoCachedCredentials-ldap2.test @@ -0,0 +1,4 @@ +# Make sure there are no cached credentials present. +SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: No salt stored for ldap2" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "No cached credentials found - no salt"; else echo "Cached credentials, present, failed"; fi +SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap2" /var/log/apache2/regression-error.log | wc -l) -eq 0 ] ; then echo "No cached credentials found"; else echo "Cached credentials, failed"; fi + diff --git a/testing/tests/ldap/0007-test-invalid-user.result b/testing/tests/ldap/0007-test-invalid-user.result new file mode 100644 index 00000000..d0f20441 --- /dev/null +++ b/testing/tests/ldap/0007-test-invalid-user.result @@ -0,0 +1,7 @@ +HTTP/1.1 401 Unauthorized +Date: Dow, 01 Jan 2000 00:00:00 GMT +WWW-Authenticate: Basic realm="DAViCal CalDAV Server" +Content-Length: 40 +Content-Type: text/plain; ; charset="utf-8" + +Please log in for access to this system. diff --git a/testing/tests/ldap/0007-test-invalid-user.test b/testing/tests/ldap/0007-test-invalid-user.test new file mode 100644 index 00000000..2193af40 --- /dev/null +++ b/testing/tests/ldap/0007-test-invalid-user.test @@ -0,0 +1,66 @@ +# Test again for an invalid user to check that the failed credentials are +# cached. +BEGINPERL +if ($debug) { $ENV{'LDAP_DEBUG'} = 1 }; + +use Net::LDAP::Server::Test; +use Net::LDAP; +use IO::Socket::INET; + +#my $port = find_idle_port(); + +#my $ldap_port = RT::Test->find_idle_port; +my $ldap_port = 21394; +my $ldap_socket = IO::Socket::INET->new( + Listen => 5, + Proto => 'tcp', + Reuse => 1, + LocalPort => $ldap_port, +); + +# Keep it around after this block exits. +$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 ); + +my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!"; +$ldap->bind(); +my $username = "ldap1"; +my $base = "dc=example,dc=com"; +my $dn = "uid=$username,$base"; +my $entry = { + cn => $username, + mail => "$username\@example.com", + uid => $username, + objectClass => 'User', + userPassword => 'ldap1', +}; +$ldap->add( $base ); +$ldap->add( $dn, attr => [%$entry] ); + +# We need to keep the client around, otherwise the test server will exit. +$evaled{'ldap_client'} = $ldap; +#sleep 100; +ENDPERL + +TYPE=PROPFIND +URL=http://regression_ldap.host/caldav.php/ +HEADER=Content-Type: text/xml +HEADER=Depth: 1 +AUTH=ldap2:ldap2 +HEAD + +BEGINDATA + + + + + + +ENDDATA + +# Check that no usr record has been created. +QUERY +SELECT active, email, fullname, last_used, password, username, user_no +FROM usr +WHERE username = 'ldap2'; +ENDQUERY + diff --git a/testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.result b/testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.result new file mode 100644 index 00000000..c227af85 --- /dev/null +++ b/testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.result @@ -0,0 +1 @@ +Cached credentials found, password incorrect diff --git a/testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.test b/testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.test new file mode 100644 index 00000000..9cd04f25 --- /dev/null +++ b/testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.test @@ -0,0 +1,5 @@ +# Check to see if the log line for cached credentials being invalid is +# present. That is only issued if we've fetch a fail for the credentials +# from our cache. +SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap2 are good and invalid" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "Cached credentials found, password incorrect"; else echo "Cached credentials failed"; fi + diff --git a/testing/tests/ldap/Create-Database.result b/testing/tests/ldap/Create-Database.result new file mode 100644 index 00000000..bf224505 --- /dev/null +++ b/testing/tests/ldap/Create-Database.result @@ -0,0 +1,14 @@ + + +Supported locales updated. +Updated view: dav_principal.sql applied. +CalDAV functions updated. +RRULE functions updated. +Database permissions updated. +NOTE +==== +* The password for the 'admin' user has been set to 'nimda' + +Thanks for trying DAViCal! Check the configuration in /etc/davical/config.php. +For help, look at our website and wiki, or visit #davical on irc.oftc.net. + diff --git a/testing/tests/ldap/Dump-Database.result b/testing/tests/ldap/Dump-Database.result new file mode 100644 index 00000000..e69de29b diff --git a/testing/tests/ldap/Load-Sample-Data.result b/testing/tests/ldap/Load-Sample-Data.result new file mode 100644 index 00000000..b86d6212 --- /dev/null +++ b/testing/tests/ldap/Load-Sample-Data.result @@ -0,0 +1,15 @@ + setval +-------- + 1000 +(1 row) + + setval +-------- + 1000 +(1 row) + + setval +-------- + 10 +(1 row) + diff --git a/testing/tests/ldap/Really-Upgrade-Database.result b/testing/tests/ldap/Really-Upgrade-Database.result new file mode 100644 index 00000000..1a6af925 --- /dev/null +++ b/testing/tests/ldap/Really-Upgrade-Database.result @@ -0,0 +1,7 @@ +The database is version XX currently at revision 1.3.5. +No patches were applied. +Supported locales updated. +Updated view: dav_principal.sql applied. +CalDAV functions updated. +RRULE functions updated. +Database permissions updated. diff --git a/testing/tests/ldap/Restore-Database.result b/testing/tests/ldap/Restore-Database.result new file mode 100644 index 00000000..895371db --- /dev/null +++ b/testing/tests/ldap/Restore-Database.result @@ -0,0 +1,140 @@ + set_config +------------ + public +(1 row) + + setval +-------- + 1013 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 10 +(1 row) + + setval +-------- + 10 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1 +(1 row) + + setval +-------- + 1000 +(1 row) + diff --git a/testing/tests/ldap/Upgrade-Database.result b/testing/tests/ldap/Upgrade-Database.result new file mode 100644 index 00000000..a34c672b --- /dev/null +++ b/testing/tests/ldap/Upgrade-Database.result @@ -0,0 +1,5 @@ +Supported locales updated. +Updated view: dav_principal.sql applied. +CalDAV functions updated. +RRULE functions updated. +Database permissions updated. diff --git a/testing/tests/ldap/sample-data.sql b/testing/tests/ldap/sample-data.sql new file mode 100644 index 00000000..89ed56b6 --- /dev/null +++ b/testing/tests/ldap/sample-data.sql @@ -0,0 +1,126 @@ +-- Some sample data to prime the database... +-- base-data.sql should be processed before this + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 2, TRUE, current_date, current_date, 'andrew', '**x', 'Andrew McMillan', 'andrew@catalyst.net.nz' ); +INSERT INTO role_member (user_no, role_no) VALUES( 2, 1); + + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 10, TRUE, current_date, current_date, 'user1', '**user1', 'User 1', 'user1@example.net' ); +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 11, TRUE, current_date, current_date, 'user2', '**user2', 'User 2', 'user2@example.net' ); +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 12, TRUE, current_date, current_date, 'user3', '**user3', 'User 3', 'user3@example.net' ); +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 13, TRUE, current_date, current_date, 'user4', '**user4', 'User 4', 'user4@example.net' ); +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 14, TRUE, current_date, current_date, 'user5', '**user5', 'User 5', 'user5@example.net' ); +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 15, TRUE, current_date, current_date, 'User Six', '**user6', 'User 6', 'user6@example.net' ); + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 20, TRUE, current_date, current_date, 'manager1', '**manager1', 'Manager 1', 'manager1@example.net' ); + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 30, TRUE, current_date, current_date, 'assistant1', '**assistant1', 'Assistant 1', 'assistant1@example.net' ); + + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 100, TRUE, current_date, current_date, 'resource1', '*salt*unpossible', 'Resource 1', 'resource1@example.net' ); +INSERT INTO role_member (user_no, role_no) VALUES( 100, 4); +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 101, TRUE, current_date, current_date, 'resource2', '*salt*unpossible', 'Resource 2', 'resource2@example.net' ); +INSERT INTO role_member (user_no, role_no) VALUES( 101, 4); + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 200, TRUE, current_date, current_date, 'resmgr1', '*salt*unpossible', 'Resource Managers', 'resource-managers@example.net' ); +INSERT INTO role_member (user_no, role_no) VALUES( 200, 2); + +INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email ) + VALUES( 300, TRUE, current_date, current_date, 'teamclient1', '*salt*unpossible', 'Team for Client1', 'team-client1@example.net' ); +INSERT INTO role_member (user_no, role_no) VALUES( 300, 2); + +SELECT setval('usr_user_no_seq', 1000); +SELECT setval('dav_id_seq', 1000); + +UPDATE usr SET joined = '2009-06-01', updated = '2009-06-02'; + +INSERT INTO collection (user_no, parent_container, dav_name, dav_etag, + dav_displayname, is_calendar, created, modified, + public_events_only, publicly_readable, collection_id, resourcetypes ) + SELECT user_no, '/' || username || '/', '/' || username || '/home/', md5(username), + username || ' home', TRUE, '2009-06-03', '2009-06-04', + FALSE, FALSE, user_no + 150, '' + FROM usr ORDER BY user_no; + +INSERT INTO collection (user_no, parent_container, dav_name, dav_etag, + dav_displayname, is_calendar, is_addressbook, created, modified, + public_events_only, publicly_readable, collection_id, resourcetypes ) + SELECT user_no, '/' || username || '/', '/' || username || '/addresses/', md5(username), + username || ' addresses', FALSE, TRUE, '1957-07-26', '1998-03-16', + FALSE, FALSE, user_no + 450, '' + FROM usr ORDER BY user_no; + + +INSERT INTO principal (type_id, user_no, displayname, default_privileges) + SELECT 1, user_no, fullname, privilege_to_bits(ARRAY['read-free-busy','schedule-send','schedule-deliver']) FROM usr + WHERE NOT EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Group' AND role_member.user_no = usr.user_no) + AND NOT EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Resource' AND role_member.user_no = usr.user_no) + AND NOT EXISTS(SELECT 1 FROM principal WHERE principal.user_no = usr.user_no) ORDER BY user_no; + +INSERT INTO principal (type_id, user_no, displayname, default_privileges) + SELECT 2, user_no, fullname, privilege_to_bits(ARRAY['read','schedule-send','schedule-deliver']) FROM usr + WHERE EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Resource' AND role_member.user_no = usr.user_no) + AND NOT EXISTS(SELECT 1 FROM principal WHERE principal.user_no = usr.user_no) ORDER BY user_no; + +INSERT INTO principal (type_id, user_no, displayname, default_privileges) + SELECT 3, user_no, fullname, privilege_to_bits(ARRAY['read-free-busy','schedule-send','schedule-deliver']) FROM usr + WHERE EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Group' AND role_member.user_no = usr.user_no) + AND NOT EXISTS(SELECT 1 FROM principal WHERE principal.user_no = usr.user_no) ORDER BY user_no; + +-- Set the insert sequence to the next number, with a minimum of 1000 +SELECT setval('relationship_type_rt_id_seq', (SELECT 10 UNION SELECT rt_id FROM relationship_type ORDER BY 1 DESC LIMIT 1) ); + +-- The resources for meetings +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 200, 100, 1 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 200, 101, 1 ); + +-- The people who administer meetings +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 10, 200, 1 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 11, 200, 1 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 200, 1 ); + +-- Between a PA and their Manager +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 20, 2 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 10, 2 ); + + +-- Between a team +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 20, 300, 3 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 10, 300, 3 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 300, 3 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 300, 20, 3 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 300, 10, 3 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 300, 30, 3 ); + +-- Granting explicit free/busy permission +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 11, 10, 4 ); +INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 10, 11, 4 ); + + +UPDATE relationship r SET confers = (SELECT bit_confers FROM relationship_type rt WHERE rt.rt_id=r.rt_id); + +INSERT INTO group_member ( group_id, member_id) + SELECT g.principal_id, m.principal_id + FROM relationship JOIN principal g ON(to_user=g.user_no AND g.type_id = 3) -- Group + JOIN principal m ON(from_user=m.user_no AND m.type_id IN (1,2)) ORDER BY 1, 2; -- Person | Resource + +INSERT INTO grants ( by_principal, to_principal, privileges, is_group ) + SELECT pby.principal_id AS by_principal, pto.principal_id AS to_principal, + confers AS privileges, pto.type_id > 2 AS is_group + FROM relationship r JOIN usr f ON(f.user_no=r.from_user) + JOIN usr t ON(t.user_no=r.to_user) + JOIN principal pby ON(t.user_no=pby.user_no) + JOIN principal pto ON(pto.user_no=f.user_no) + WHERE rt_id < 4 AND pby.type_id < 3 ORDER BY 1, 2;