danyi1212 · danyi1212 · Jun 5, 2021 · Jun 5, 2021 · Jun 5, 2021 · Jun 5, 2021
diff --git a/.github/workflows/django.yml b/.github/workflows/django.yml
@@ -0,0 +1,132 @@
+name: Django Testing CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main, release-* ]
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-ldap-server:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: testproj/ldap_server
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  test:
+    runs-on: ubuntu-latest
+    needs: build-ldap-server
+    services:
+      ldap:
+        image: ghcr.io/danyi1212/django-windowsauth:${{ github.head_ref }}
+        ports:
+          - 389:389
+          - 636:636
+        options: --name ldap-server
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version:
+          - "3.7"
+          - "3.8"
+          - "3.9"
+          - "3.10"
+        django-version:
+          - "2.2"  # LTS
+          - "3.0"
+          - "3.1"
+          - "3.2"  # LTS
+          # - "4.0"
+        exclude:
+          # Python 3.9 is compatible with django 3.0+
+          - { python-version: "3.9", django-version: "2.2" }
+          # Python 3.10 is compatible with Django 3.2+
+          - { python-version: "3.10", django-version: "2.2" }
+          - { python-version: "3.10", django-version: "3.0" }
+          - { python-version: "3.10", django-version: "3.1" }
+          # Django 4 is compatible with Python 3.8+
+          # - { python-version: "3.7", django-version: "4.0" }
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Ping LDAP Server
+        uses: docker://docker
+        with:
+          args: docker exec ldap-server ldapsearch -D 'cn=admin,dc=example,dc=org' -w Adm1n! -b 'dc=example,dc=org'
+
+      - name: Upgrade pip version
+        run: python -m pip install -U pip
+
+      - name: Install Dependencies
+        working-directory: ./testproj
+        run: pip install -r requirements-github.txt
+
+      - name: Install django ${{ matrix.django-version }}
+        run: python -m pip install "Django~=${{ matrix.django-version }}"
+
+      - name: Python and Django versions
+        run: |
+          echo "Python ${{ matrix.python-version }} -> Django ${{ matrix.django-version }}"
+          python --version
+          echo "Django: `django-admin --version`"
+
+      - name: Create logs directory
+        working-directory: ./testproj
+        run: mkdir logs
+
+      - name: Run Tests
+        working-directory: ./testproj
+        run: python manage.py test
+
+  pylint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+      - name: Install dependencies
+        working-directory: ./testproj
+        run: |
+          python -m pip install --upgrade pip
+          pip install pylint pylint-django django djangorestframework -r requirements-github.txt
+      - name: Analysing drf_messages with pylint
+        run: |
+          pylint windows_auth --load-plugins pylint_django --load-plugins pylint_django.checkers.migrations
+      - name: Analysing test project with pylint
+        run: |
+          pylint testproj/* --load-plugins pylint_django --load-plugins pylint_django.checkers.migrations --django-settings-module=testproj.settings
diff --git a/.idea/django-windowsauth.iml b/.idea/django-windowsauth.iml
diff --git a/.idea/runConfigurations/ldap_server_Dockerfile__Compose_Deployment.xml b/.idea/runConfigurations/ldap_server_Dockerfile__Compose_Deployment.xml
diff --git a/testproj/demo/tests.py b/testproj/demo/tests.py
@@ -3,83 +3,100 @@
 from django.test import TestCase, override_settings, RequestFactory
 from django.urls import reverse
 
+from windows_auth.conf import wauth_settings
+from windows_auth.ldap import get_ldap_manager
 from windows_auth.middleware import SimulateWindowsAuthMiddleware
-from windows_auth.models import LDAPUser
 from windows_auth.settings import LDAPSettings
 
 
 class ModelTestCase(TestCase):
+    pass
 
-    def test_create_user(self):
-        user = LDAPUser.objects.create_user("EXAMPLE\\Administrator")
-        self.assertEqual(user.ldap.domain, "EXAMPLE")
+    # def test_create_user(self):
+    #     user = LDAPUser.objects.create_user("EXAMPLE\\Administrator")
+    #     self.assertEqual(user.ldap.domain, "EXAMPLE")
 
 
 class SettingsTestCase(TestCase):
 
-    def test_flag_settings(self):
-        settings = LDAPSettings(
-            SERVER="example.local",
-            SEARCH_BASE="DC=example,DC=local",
-            USERNAME="EXAMPLE\\django_sync",
-            PASSWORD="Aa123456!",
-            SUPERUSER_GROUPS=None,
-            STAFF_GROUPS=["List"],
-            ACTIVE_GROUPS=["Explicit"],
+    def test_flag_propagation(self):
+        ldap_settings = LDAPSettings(
+            SERVER="",
+            SEARCH_BASE="",
+            USERNAME="",
+            PASSWORD="",
+            SUPERUSER_GROUPS=["Super"],
+            STAFF_GROUPS=["Staff", "Duplicate"],
+            ACTIVE_GROUPS=["Active", "Duplicate"],
             FLAG_MAP={
-                "extra": "Hello world!",
+                "extra": "Extra",
             },
         )
-        # check propagation
-        self.assertEqual(settings.get_flag_map(), {
-            "is_superuser": [],
-            "is_staff": ["List"],
-            "is_active": ["Explicit", "List"],
-            "extra": ["Hello world!"],
-        })
-        # check without propagation
-        settings.PROPAGATE_GROUPS = False
-        self.assertEqual(settings.get_flag_map(), {
-            "is_superuser": [],
-            "is_staff": ["List"],
-            "is_active": ["Explicit"],
-            "extra": ["Hello world!"],
-        })
-        # check unique
-        settings.PROPAGATE_GROUPS = True
-        settings.ACTIVE_GROUPS = ["Explicit", "List"]
-        self.assertEqual(settings.get_flag_map(), {
-            "is_superuser": [],
-            "is_staff": ["List"],
-            "is_active": ["Explicit", "List"],
-            "extra": ["Hello world!"],
-        })
+        flag_map = ldap_settings.get_flag_map()
+        self.assertEqual(set(flag_map.get("is_superuser")), {"Super"})
+        self.assertEqual(set(flag_map.get("is_staff")), {"Staff", "Super", "Duplicate"})
+        self.assertEqual(set(flag_map.get("is_active")), {"Active", "Duplicate", "Staff", "Super"})
+        self.assertEqual(set(flag_map.get("extra")), {"Extra"})
+
+    def test_flag_propagation_disabled(self):
+        ldap_settings = LDAPSettings(
+            SERVER="",
+            SEARCH_BASE="",
+            USERNAME="",
+            PASSWORD="",
+            SUPERUSER_GROUPS=["Super"],
+            STAFF_GROUPS=["Staff"],
+            ACTIVE_GROUPS=["Active"],
+            FLAG_MAP={
+                "extra": "Extra",
+            },
+            PROPAGATE_GROUPS=False,
+        )
+        self.assertEqual(
+            ldap_settings.get_flag_map(),
+            dict(
+                is_superuser=["Super"],
+                is_staff=["Staff"],
+                is_active=["Active"],
+                extra=["Extra"],
+            )
+        )
 
 
 class MiddlewareTestCase(TestCase):
+    middleware_class = SimulateWindowsAuthMiddleware
 
     def setUp(self):
         self.factory = RequestFactory()
 
-    def pass_middleware(self, request):
+    @property
+    def middleware(self):
         get_response = mock.MagicMock()
-        middleware = SimulateWindowsAuthMiddleware(get_response)
-        return middleware(request)
+        return self.middleware_class(get_response)
 
-    @override_settings(DEBUG=True)
+    @override_settings(DEBUG=True, WAUTH_SIMULATE_USER="test_user")
     def test_auth_simulation(self):
         request = self.factory.get(reverse("demo:index"))
-        self.pass_middleware(request)
-        self.assertTrue(request.META.get("REMOTE_USER"))
+        self.middleware(request)
+        self.assertEqual(request.META.get("REMOTE_USER"), wauth_settings.WAUTH_SIMULATE_USER)
 
-    @override_settings(DEBUG=True)
-    def test_skip_simulation(self):
-        request = self.factory.get(reverse("demo:index"), REMOTE_ADDR="test")
-        self.pass_middleware(request)
-        self.assertEqual(request.META.get("REMOTE_USER"), "test")
+    # @override_settings(DEBUG=True)
+    # def test_skip_simulation(self, username="test_user"):
+    #     """Keep existing REMOTE_USER header"""
+    #     request = self.factory.get(reverse("demo:index"), REMOTE_ADDR=username)
+    #     self.middleware(request)
+    #     self.assertEqual(request.META.get("REMOTE_USER"), username)
 
     @override_settings(DEBUG=False)
     def test_bypass_auth(self):
+        """Bypass user simulation when not in debug"""
         request = self.factory.get(reverse("demo:index"))
-        self.pass_middleware(request)
-        self.assertFalse(request.META.get("REMOTE_USER"))
+        self.middleware(request)
+        self.assertEqual(request.META.get("REMOTE_USER"), None)
+
+
+class ManagerTestCase(TestCase):
+
+    def test_connection(self):
+        manager = get_ldap_manager("EXAMPLE")
+        self.assertTrue(manager.connection.bound)
diff --git a/testproj/ldap_server/Dockerfile b/testproj/ldap_server/Dockerfile
@@ -0,0 +1,8 @@
+FROM osixia/openldap:1.5.0
+LABEL maintainer="Dan Yishai <[email protected]>"
+
+ADD bootstrap /container/service/slapd/assets/config/bootstrap
+ADD environment /container/environment/01-custom
+
+#HEALTHCHECK --interval=30s --timeout=15s --retries=10 --start-period=10s \
+#    CMD ldapsearch -D 'cn=admin,dc=example,dc=org' -w Adm1n! -b 'dc=example,dc=org' || exit 1
diff --git a/testproj/ldap_server/bootstrap/bla.txt b/testproj/ldap_server/bootstrap/bla.txt
diff --git a/testproj/ldap_server/environment/my-env.startup.yaml b/testproj/ldap_server/environment/my-env.startup.yaml
@@ -0,0 +1,46 @@
+# This is the default image startup configuration file
+# this file defines environment variables used during the container **first start** in **startup files**.
+
+# This file is deleted right after startup files are processed for the first time,
+# after that all these values will not be available in the container environment.
+# This helps to keep your container configuration secret.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# Required and used for new ldap server only
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_ADMIN_PASSWORD: Adm1n!
+LDAP_CONFIG_PASSWORD: c0nfig
+
+LDAP_READONLY_USER: true
+LDAP_READONLY_USER_USERNAME: readonly
+LDAP_READONLY_USER_PASSWORD: passwr0rd!
+
+# Tls
+LDAP_TLS: true
+LDAP_TLS_CRT_FILENAME: cert.crt
+LDAP_TLS_KEY_FILENAME: cert.key
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
+LDAP_TLS_CA_CRT_FILENAME: ca.crt
+
+LDAP_TLS_ENFORCE: false
+LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
+LDAP_TLS_VERIFY_CLIENT: never
+
+# Replication
+LDAP_REPLICATION: false
+# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
+# are automatically replaced at run time
+
+# if you want to add replication to an existing ldap
+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
+# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
+LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_HOSTS:
+  - ldap://ldap.example.org # The order must be the same on all ldap servers
+  - ldap://ldap2.example.org
+
+
+# Remove config after setup
+LDAP_REMOVE_CONFIG_AFTER_SETUP: false