add gitea tests

This commit is contained in:
Emmanuel Garette 2022-07-16 22:16:24 +02:00
parent 1f6fddc729
commit 57c108aea0
15 changed files with 547 additions and 101 deletions

View file

@ -0,0 +1,44 @@
import socket
from shutil import copyfile, move
from os import remove
from os.path import isfile
class MookDns:
# Monkey patch to force IPv4 resolution
def __init__(self, ip):
self.ip = ip
def __enter__(self):
self.old_getaddrinfo = socket.getaddrinfo
def new_getaddrinfo(*args, **kwargs):
ret = self.old_getaddrinfo(*args, **kwargs)
dns = list(ret[0])
dns[-1] = (self.ip, dns[-1][1])
return [dns]
socket.getaddrinfo = new_getaddrinfo
return self
def __exit__(self, exc_type, exc, tb):
socket.getaddrinfo = self.old_getaddrinfo
class MookDnsSystem:
# Monkey patch to force IPv4 resolution
def __init__(self, dns, ip):
self.dns = dns
self.ip = ip
def __enter__(self):
if not isfile('/etc/hosts.risotto'):
copyfile('/etc/hosts', '/etc/hosts.risotto')
with open('/etc/hosts.risotto', 'r') as risotto:
with open('/etc/hosts', 'w') as hosts:
for line in risotto.readlines():
if self.dns not in line:
hosts.write(line)
hosts.write(f'{self.ip} {self.dns}')
def __exit__(self, exc_type, exc, tb):
remove('/etc/hosts')
move('/etc/hosts.risotto', '/etc/hosts')

View file

@ -4,7 +4,7 @@
address: %%ip_eth0 address: %%ip_eth0
dns: %%domain_name_eth0 dns: %%domain_name_eth0
username: %%username username: %%username
password: %%get_password(server_name=%%ldap_server_address, username=%%username, description="ldap user", type="cleartext", hide=%%hide_secret, temporary=True) password: %%get_password(server_name='test', username=%%username, description="test", type="cleartext", hide=%%hide_secret, temporary=True)
username_family: %%username_family username_family: %%username_family
password_family: %%get_password(server_name=%%ldap_server_address, username=%%username_family, description="ldap family user", type="cleartext", hide=%%hide_secret, temporary=True) password_family: %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
name_family: %%name_family name_family: %%name_family

View file

@ -10,8 +10,8 @@ from smtplib import SMTP, SMTPNotSupportedError, SMTPAuthenticationError
conf_file = f'{environ["MACHINE_TEST_DIR"]}/imap.yml' conf_file = f'{environ["MACHINE_TEST_DIR"]}/imap.yml'
with open(conf_file) as yaml: with open(conf_file) as yaml:
data = load(yaml, Loader=SafeLoader) data = load(yaml, Loader=SafeLoader)
parameters = (('user', data['username'], data['password']), parameters = (('user', data['username'], [data['password']]),
('family', data['username_family'], data['password_family'] + "2"), ('family', data['username_family'], [data['password_family'], data['password_family'] + "2"]),
) )
@ -19,8 +19,8 @@ def get_msg(username, msg='MESSAGE'):
return f'From: {username}\r\nTo: {username}\r\n\r\nSubject: TEST\r\n{msg}\r\n' return f'From: {username}\r\nTo: {username}\r\n\r\nSubject: TEST\r\n{msg}\r\n'
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_wrong_password(typ, username, password): def test_imap_wrong_password(typ, username, passwords):
imap = IMAP4_SSL(data['address']) imap = IMAP4_SSL(data['address'])
try: try:
imap.LOGIN(username, 'b') imap.LOGIN(username, 'b')
@ -30,17 +30,33 @@ def test_imap_wrong_password(typ, username, password):
raise Exception('wrong login !') raise Exception('wrong login !')
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_migration(typ, username, password): def test_imap_migration(typ, username, passwords):
msg = get_msg(username, 'MIGRATION') msg = get_msg(username, 'MIGRATION')
if 'FIRST_RUN' in environ: if 'FIRST_RUN' in environ:
smtp = SMTP(data['address'], '587') smtp = SMTP(data['address'], '587')
smtp.starttls() smtp.starttls()
error = None
for password in passwords:
try:
smtp.login(username, password) smtp.login(username, password)
break
except SMTPAuthenticationError as err:
error = err
else:
raise error from error
smtp.sendmail(username, username, msg) smtp.sendmail(username, username, msg)
smtp.quit() smtp.quit()
imap = IMAP4_SSL(data['address']) imap = IMAP4_SSL(data['address'])
error = None
for password in passwords:
try:
imap.LOGIN(username, password) imap.LOGIN(username, password)
break
except Exception as err:
error = err
else:
raise error from error
imap.SELECT(readonly=True) imap.SELECT(readonly=True)
typ, req = imap.SEARCH(None, 'ALL') typ, req = imap.SEARCH(None, 'ALL')
assert typ == 'OK' assert typ == 'OK'
@ -53,49 +69,67 @@ def test_imap_migration(typ, username, password):
imap.LOGOUT() imap.LOGOUT()
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_no_tls(typ, username, password): def test_smtp_no_tls(typ, username, passwords):
smtp = SMTP(data['address'], '587') smtp = SMTP(data['address'], '587')
try: with pytest.raises(SMTPNotSupportedError):
smtp.login(username, password) smtp.login(username, passwords[0])
raise Exception('no tls!')
except SMTPNotSupportedError:
pass
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_wrong_passwd(typ, username, password): def test_smtp_wrong_passwd(typ, username, passwords):
smtp = SMTP(data['address'], '587') smtp = SMTP(data['address'], '587')
smtp.starttls() smtp.starttls()
try: with pytest.raises(SMTPAuthenticationError):
smtp.login(username, 'a') smtp.login(username, 'a')
raise Exception('wrong password!')
except SMTPAuthenticationError:
pass
smtp.quit() smtp.quit()
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_login(typ, username, password): def test_smtp_login(typ, username, passwords):
smtp = SMTP(data['address'], '587') smtp = SMTP(data['address'], '587')
smtp.starttls() smtp.starttls()
error = None
for password in passwords:
try:
smtp.login(username, password) smtp.login(username, password)
break
except SMTPAuthenticationError as err:
error = err
else:
raise error from error
smtp.quit() smtp.quit()
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_sendmail(typ, username, password): def test_smtp_sendmail(typ, username, passwords):
smtp = SMTP(data['address'], '587') smtp = SMTP(data['address'], '587')
smtp.starttls() smtp.starttls()
error = None
for password in passwords:
try:
smtp.login(username, password) smtp.login(username, password)
break
except SMTPAuthenticationError as err:
error = err
else:
raise error from error
smtp.sendmail(username, username, get_msg(username)) smtp.sendmail(username, username, get_msg(username))
smtp.quit() smtp.quit()
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_read_mail(typ, username, password): def test_imap_read_mail(typ, username, passwords):
imap = IMAP4_SSL(data['address']) imap = IMAP4_SSL(data['address'])
error = None
for password in passwords:
try:
imap.LOGIN(username, password) imap.LOGIN(username, password)
break
except Exception as err:
error = err
else:
raise error from error
imap.SELECT(readonly=True) imap.SELECT(readonly=True)
typ, req = imap.SEARCH(None, 'ALL') typ, req = imap.SEARCH(None, 'ALL')
assert typ == 'OK' assert typ == 'OK'
@ -111,10 +145,18 @@ def test_imap_read_mail(typ, username, password):
imap.LOGOUT() imap.LOGOUT()
@pytest.mark.parametrize('typ, username, password', parameters) @pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_delete_mail(typ, username, password): def test_imap_delete_mail(typ, username, passwords):
imap = IMAP4_SSL(data['address']) imap = IMAP4_SSL(data['address'])
error = None
for password in passwords:
try:
imap.LOGIN(username, password) imap.LOGIN(username, password)
break
except Exception as err:
error = err
else:
raise error from error
imap.SELECT() imap.SELECT()
typ, req = imap.SEARCH(None, 'ALL') typ, req = imap.SEARCH(None, 'ALL')
msg_no = req[0].split() msg_no = req[0].split()

View file

@ -3,5 +3,8 @@ Créer un utilisateur
su - gitea -s /bin/bash -c "gitea admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/gitea/app.ini" su - gitea -s /bin/bash -c "gitea admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/gitea/app.ini"
DEBUG
=====
sed -i 's/info/debug/g' /etc/gitea/app.ini
systemctl restart gitea

View file

@ -6,6 +6,7 @@
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file> <file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file> <file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
<file>/etc/gitea/app.ini</file> <file>/etc/gitea/app.ini</file>
<file>/tests/gitea.yml</file>
</service> </service>
</services> </services>
<variables> <variables>

View file

@ -16,7 +16,7 @@ User=gitea
Group=gitea Group=gitea
WorkingDirectory=/srv/gitea/lib/ WorkingDirectory=/srv/gitea/lib/
ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
ExecStartPost=-/usr/bin/timeout 90 bash -c 'while ! /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; do echo "TRY TO CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini; sleep 2; done; echo "CONFIGURATION DONE"' ExecStartPre=-/bin/bash -c 'if /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; then echo "UPDATE";id=$(/usr/bin/gitea --config /etc/gitea/app.ini admin auth list |tail -n 1|awk "{ print \$1}");/usr/bin/gitea admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;else echo "CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;fi;sleep 2; echo "CONFIGURATION DONE"'
Restart=always Restart=always
Environment=USER=gitea HOME=/srv/gitea/home GITEA_WORK_DIR=/srv/gitea/lib Environment=USER=gitea HOME=/srv/gitea/home GITEA_WORK_DIR=/srv/gitea/lib

View file

@ -0,0 +1,9 @@
%set %%username="rougail_test@silique.fr"
ip: %%ip_eth0
revprox_ip: %%revprox_client_server_ip
base_url: https://%%revprox_client_external_domainname%%revprox_client_location[0]
auth_url: %%oauth2_client_external[0]
auth_server: %%oauth2_server_domainname
username: %%username
password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
gitea_title: "%%gitea_title"

View file

@ -0,0 +1,226 @@
from yaml import load, SafeLoader
from os import environ, makedirs
from os.path import expandvars, isfile, isdir, dirname, join
from re import search
from dulwich.porcelain import init, clone, add, commit, push
from tempfile import TemporaryDirectory
from subprocess import run
from revprox import Authentication
from mookdns import MookDnsSystem
PORT = '3000'
GITEA_USERNAME = 'gitea'
KEY_FILE = expandvars("$HOME/tests/risotto")
AUTHENTICATION = None
DATA = None
def get_data():
global DATA
if not DATA:
conf_file = f'{environ["MACHINE_TEST_DIR"]}/gitea.yml'
with open(conf_file) as yaml:
DATA = load(yaml, Loader=SafeLoader)
return DATA
def get_authentication(data):
global AUTHENTICATION
if not AUTHENTICATION:
AUTHENTICATION = Authentication(data['auth_url'],
data['auth_server'],
data['revprox_ip'],
data['username'],
data['password'],
f'<title>{data["username"]} - Dashboard - {data["gitea_title"]}</title>',
)
return AUTHENTICATION
def get_info(authentication,
url,
with_uid=False,
with_data_id=False,
found_string=None
):
# <input type="hidden" name="_csrf" value="YQbVgdYHX_3VQ-KuZ5cKtr9RzXE6MTY1NzgxMzUzNTA0OTYwODQ0NQ">
pattern_csrf = r'name="_csrf" value="([a-zA-Z0-9\-\_=]+)"'
ret = authentication.get(url)
csrf = search(pattern_csrf, ret)[1]
ret_data = []
if with_uid:
pattern_uid = r'input type="hidden" id="uid" name="uid" value="(\d)+"'
uid = search(pattern_uid, ret)
if uid is None:
ret_data.append(uid)
else:
ret_data.append(uid[1])
if with_data_id:
pattern_uid = r'/user/settings/keys/delete?type=ssh" data-id="(\d)+"'
uid = search(pattern_uid, ret)
if uid is None:
ret_data.append(uid)
else:
ret_data.append(uid[1])
if found_string:
ret_data.append(found_string in ret)
ret_data.append(csrf)
if len(ret_data) == 1:
return ret_data[0]
return ret_data
def add_ssh_key(authentication, data):
# Send key to gitea
url = f'{data["base_url"]}user/settings/keys'
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
if is_already_key:
return
# Gen SSH key if needed
if not isfile(KEY_FILE):
key_dir = dirname(KEY_FILE)
if not isdir(key_dir):
makedirs(key_dir)
cmd = ['/usr/bin/ssh-keygen', '-N', '', '-f', KEY_FILE]
run(cmd)
with open(f'{KEY_FILE}.pub') as fh:
key = fh.read()
authentication.post(url, {'_csrf': csrf, 'title': 'test_key_risotto', 'content': key, 'type': 'ssh'})
def delete_ssh_key(authentication, data):
url = f'{data["base_url"]}user/settings/keys'
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
if is_already_key:
uid, csrf = get_info(authentication, url, with_data_id=True)
url = f'{data["base_url"]}user/settings/keys/delete?type=ssh'
authentication.post(url, {'_csrf': csrf, 'id': uid})
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
def test_gitea():
data = get_data()
get_authentication(data)
def test_gitea_repos():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
url = f'{data["base_url"]}repo/create'
uid, csrf = get_info(authentication, url, with_uid=True)
authentication.post(url, {'_csrf': csrf, 'uid': uid, 'repo_name': 'test_persistent'})
url = f'{data["base_url"]}api/v1/repos/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&mode='
json = authentication.get(url, json=True)
assert json['ok']
assert len(json['data']) == 1
username = data['username'].split('@', 1)[0]
assert json['data'][0]['full_name'] == f'{username}/test_persistent'
def test_gitea_create_repo():
data = get_data()
authentication = get_authentication(data)
url = f'{data["base_url"]}repo/create'
uid, csrf = get_info(authentication, url, with_uid=True)
authentication.post(url, {'_csrf': csrf, 'uid': uid, 'repo_name': 'test', 'default_branch': 'main'})
url = f'{data["base_url"]}api/v1/repos/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&mode='
json = authentication.get(url, json=True)
assert json['ok']
assert len(json['data']) == 2
username = data['username'].split('@', 1)[0]
assert {dat['full_name'] for dat in json['data']} == set([f'{username}/test_persistent', f'{username}/test'])
def test_repo():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test.git'
with MookDnsSystem(dns, data['ip']):
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
def test_clone_http():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
http_url = f'{data["base_url"]}{username}/test.git'
with MookDnsSystem(dns, data['revprox_ip']):
repo = clone(http_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
def test_gitea_delete_repo():
repo_name = 'test'
data = get_data()
authentication = get_authentication(data)
username = data['username'].split('@', 1)[0]
url = f'{data["base_url"]}{username}/{repo_name}/settings'
csrf = get_info(authentication, url)
authentication.post(url, {'_csrf': csrf, 'action': 'delete', 'repo_name': repo_name})
url = f'{data["base_url"]}api/v1/repos/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&mode='
json = authentication.get(url, json=True)
assert json['ok']
assert len(json['data']) == 1
username = data['username'].split('@', 1)[0]
assert json['data'][0]['full_name'] == f'{username}/test_persistent'
def test_repo_persistent():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test_persistent.git'
with MookDnsSystem(dns, data['ip']):
if 'FIRST_RUN' in environ:
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
else:
repo = clone(ssh_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'

View file

@ -167,6 +167,7 @@ commentStartToken = §
"portalDisplayResetPassword": 0, "portalDisplayResetPassword": 0,
"portalMainLogo": "risotto/logo.png", "portalMainLogo": "risotto/logo.png",
"showLanguages": 0, "showLanguages": 0,
"requireToken": "$env->{REMOTE_ADDR} ne '%%gateway_eth0'",
"whatToTrace" : "_whatToTrace", "whatToTrace" : "_whatToTrace",
%set %%remotes = {} %set %%remotes = {}
%for %%index, %%app in %%enumerate(%%oauth2.remotes) %for %%index, %%app in %%enumerate(%%oauth2.remotes)

View file

@ -16,6 +16,11 @@ def req(url, ip, verify=True):
dns[-1] = (ip, dns[-1][1]) dns[-1] = (ip, dns[-1][1])
return [dns] return [dns]
socket.getaddrinfo = new_getaddrinfo socket.getaddrinfo = new_getaddrinfo
if not verify:
with warnings.catch_warnings():
warnings.simplefilter("ignore")
ret = get(url, verify=verify)
else:
ret = get(url, verify=verify) ret = get(url, verify=verify)
ret_code = ret.status_code ret_code = ret.status_code
content = ret.content content = ret.content
@ -29,8 +34,6 @@ def test_revprox():
data = load(yaml, Loader=SafeLoader) data = load(yaml, Loader=SafeLoader)
# test unknown domain # test unknown domain
url = 'google.fr' url = 'google.fr'
with warnings.catch_warnings():
warnings.simplefilter("ignore")
ret_code, content = req(f'https://{url}', data['address'], verify=False) ret_code, content = req(f'https://{url}', data['address'], verify=False)
assert ret_code == 200, f'https://{url} do not returns code 200 but {ret_code}' assert ret_code == 200, f'https://{url} do not returns code 200 but {ret_code}'
assert "<title>Test Page for the HTTP Server on Fedora</title>" in content, f'https://{url} returns default fedora page' assert "<title>Test Page for the HTTP Server on Fedora</title>" in content, f'https://{url} returns default fedora page'

View file

@ -27,4 +27,8 @@ grep ldapAgentPassword /etc/nextcloud/nextcloud.init
Search information with standard user: Search information with standard user:
ldapsearch -D cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info -w "1vCE09NRW2kxHIpf1PkehOS9bSLZual82saHSBj9RPM" -b cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -w "1vCE09NRW2kxHIpf1PkehOS9bSLZual82saHSBj9RPM" -b cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info
# Delete User
ldapdelete -D cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd cn=rougail_test@gnunux.info,ou=in,o=gnunux,o=info

View file

@ -1,13 +1,16 @@
%set %%username = "rougail_test@silique.fr" %set %%username = "rougail_test@silique.fr"
%set %%username_family = "rougail_test@gnunux.info" %set %%username_family = "rougail_test@gnunux.info"
%set %%familydn = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name='gnunux') %set %%name_family = 'gnunux'
%set %%familydn = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%name_family)
%set %%userdn = 'cn=' + %%username + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn)
%set %%userfamilydn = 'cn=' + %%username_family + ',' + %%familydn
address: %%ip_eth0 address: %%ip_eth0
admin_dn: %%ldapclient_user admin_dn: %%ldapclient_user
admin_password: %%ldapclient_user_password admin_password: %%ldapclient_user_password
user_dn: cn=%%username,%%ldap_user_dn user_dn: %%userdn
user_password: %%get_password(server_name=%%ldap_server_address, username=%%username, description="ldap user", type="cleartext", hide=%%hide_secret, temporary=True) user_password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
user_family_dn: cn=%%username_family,%%familydn user_family_dn: %%userfamilydn
user_family_password: %%get_password(server_name=%%ldap_server_address, username=%%username_family, description="ldap family user", type="cleartext", hide=%%hide_secret, temporary=True) user_family_password: %%get_password(server_name='test', username=%%username_family, description="test", type="cleartext", hide=%%hide_secret, temporary=True)
base_account_dn: %%ldap_account_dn base_account_dn: %%ldap_account_dn
base_user_dn: %%ldap_user_dn base_user_dn: %%ldap_user_dn
base_family_dn: %%familydn base_family_dn: %%familydn
@ -18,6 +21,8 @@ remote%%idx: cn=%%name,%%ldapclient_base_dn
remote_password%%idx: %%get_password(server_name=%%domain_name_eth0, username=%%name, description="remote account", type="cleartext", hide=%%hide_secret, temporary=True) remote_password%%idx: %%get_password(server_name=%%domain_name_eth0, username=%%name, description="remote account", type="cleartext", hide=%%hide_secret, temporary=True)
%end for %end for
users: users:
%%username: %%userdn
%%username_family: %%userfamilydn
%for %%user in %%accounts.users.ldap_user_mail %for %%user in %%accounts.users.ldap_user_mail
%%user: cn=%%user,%%ldap_user_dn %%user: cn=%%user,%%ldap_user_dn
%end for %end for
@ -29,11 +34,15 @@ users:
%end for %end for
groups: groups:
users: users:
- %%userdn
%for %%user in %%accounts.users.ldap_user_mail %for %%user in %%accounts.users.ldap_user_mail
- cn=%%user,%%ldap_user_dn - cn=%%user,%%ldap_user_dn
%end for %end for
%for %%family in %%accounts.families %for %%family in %%accounts.families
%%family: %%family:
%if %%family == %%name_family
- %%userfamilydn
%end if
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family] %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
- cn=%%user,%%families - cn=%%user,%%families
%end for %end for

View file

@ -1,4 +1,6 @@
%set name_family = 'gnunux' %set %%username="rougail_test@silique.fr"
%set %%username_family="rougail_test@gnunux.info"
%set %%name_family="gnunux"
# BaseDN # BaseDN
%set groups = {} %set groups = {}
dn: %%ldapclient_base_dn dn: %%ldapclient_base_dn
@ -44,30 +46,17 @@ ou: users
objectClass: top objectClass: top
objectClass: organizationalUnit objectClass: organizationalUnit
%set %%userdn = 'cn=' + %%username + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn)
%set %%userfamilydn = 'cn=' + %%username_family + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%name_family)
%set %%acc = [(%%userdn, %%username, %%get_password(server_name='test', username=%%username, description="test", type="cleartext", hide=%%hide_secret, temporary=True), 'Rougail', 'Test', 'rougail_test', [], 'users'),
(%%userfamilydn, %%username_family, %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True), 'Rougail', 'Test', 'rougail_test_gnunux', [], %%name_family),
]
%set %%groups['users'] = [%%userdn]
%set %%groups[%%name_family] = [%%userfamilydn]
%for %%user in %%accounts.users.ldap_user_mail %for %%user in %%accounts.users.ldap_user_mail
%set %%userdn = "cn=" + %%user + "," + %%users %set %%userdn = "cn=" + %%user + "," + %%users
%%groups.setdefault('users', []).append(%%userdn) %%acc.append((%%userdn, %%user, %%user.ldap_user_password, %%user.ldap_user_sn, %%user.ldap_user_gn, %%user.ldap_user_uid, %%user.ldap_user_aliases, 'users'))%slurp
dn: %%userdn %%groups.setdefault('users', []).append(%%userdn)%slurp
cn: %%user
mail: %%user
sn: %%user.ldap_user_sn
givenName: %%user.ldap_user_gn
uid: %%user.ldap_user_uid
userPassword:: %%ssha_encode(%%user.ldap_user_password)
homeDirectory: /srv/home/users/%%user
mailLocalAddress: %%user
%if %%user.ldap_user_aliases
%for %%alias in %%user.ldap_user_aliases
mailLocalAddress: %%alias
%end for
%end if
uidNumber: 0
gidNumber: 0
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: inetLocalMailRecipient
%end for %end for
## Families ## Families
dn: %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name='-') dn: %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name='-')
@ -84,18 +73,50 @@ objectClass: organizationalUnit
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family] %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
%set %%userdn = "cn=" + %%user + "," + %%families %set %%userdn = "cn=" + %%user + "," + %%families
%%groups.setdefault(%%family, []).append(%%userdn) %%groups.setdefault(%%family, []).append(%%userdn)%slurp
%%acc.append((%%userdn, %%user, %%user['ldap_user_password_' + %%family], %%user['ldap_user_sn_' + %%family], %%user['ldap_user_gn_' + %%family], %%user['ldap_user_uid_' + %%family], %%user['ldap_user_aliases_' + %%family], %%family))%slurp
#pouet
#dn: %%userdn
#cn: %%user
#mail: %%user
#sn:
#givenName:
#uid:
#userPassword:: %%ssha_encode()
#homeDirectory: /srv/home/families/%%family/%%user
#mailLocalAddress: %%user
# %if %%user['ldap_user_aliases_' + %%family]
# %for %%alias in
#mailLocalAddress: %%alias
# %end for
# %end if
#uidNumber: 0
#gidNumber: 0
#objectClass: top
#objectClass: inetOrgPerson
#objectClass: posixAccount
#objectClass: inetLocalMailRecipient
#
# %end for
#%end for
%end for
%end for
%for %%userdn, %%user, %%password, %%sn, %%gn, %%uid, %%aliases, %%family in %%acc
dn: %%userdn dn: %%userdn
cn: %%user cn: %%user
mail: %%user mail: %%user
sn: %%user['ldap_user_sn_' + %%family] sn: %%sn
givenName: %%user['ldap_user_gn_' + %%family] givenName: %%gn
uid: %%user['ldap_user_uid_' + %%family] uid: %%uid
userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family]) userPassword:: %%ssha_encode(%%password)
%if %%family == 'users'
homeDirectory: /srv/home/users/%%user
%else
homeDirectory: /srv/home/families/%%family/%%user homeDirectory: /srv/home/families/%%family/%%user
%end if
mailLocalAddress: %%user mailLocalAddress: %%user
%if %%user['ldap_user_aliases_' + %%family] %if %%aliases
%for %%alias in %%user['ldap_user_aliases_' + %%family] %for %%alias in %%aliases
mailLocalAddress: %%alias mailLocalAddress: %%alias
%end for %end for
%end if %end if
@ -107,7 +128,6 @@ objectClass: posixAccount
objectClass: inetLocalMailRecipient objectClass: inetLocalMailRecipient
%end for %end for
%end for
## Groups ## Groups
%set %%groupdn = %%ldap_group_dn %set %%groupdn = %%ldap_group_dn
dn: %%groupdn dn: %%groupdn

View file

@ -1,4 +1,6 @@
%set groups = {} %set %%username="rougail_test@silique.fr"
%set %%username_family="rougail_test@gnunux.info"
%set %%name_family="gnunux"
# Remote # Remote
%set %%acc = [] %set %%acc = []
%for %%idx in %%range(3) %for %%idx in %%range(3)
@ -17,30 +19,29 @@ userPassword:: %%ssha_encode(%%password)
%end for %end for
# Users # Users
%set %%userdn = 'cn=' + %%username + ',' + %%ldapclient_base_dn
%set %%userfamilydn = 'cn=' + %%username_family + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%name_family)
%set %%acc = [(%%userdn, %%username, ['alias_' + %%username]),
(%%userfamilydn, %%username_family, ['alias_' + %%username_family]),
]
%set groups = {'users': [%%userdn],
%%name_family: [%%userfamilydn],
}
%set %%users = %%ldap_user_dn %set %%users = %%ldap_user_dn
%for %%user in %%accounts.users.ldap_user_mail %for %%user in %%accounts.users.ldap_user_mail
%set %%userdn = 'cn=' + %%user + ',' + %%users %set %%userdn = 'cn=' + %%user + ',' + %%users
%%groups.setdefault('users', []).append(%%userdn)%slurp %%groups['users'].append(%%userdn)%slurp
dn: %%userdn %%acc.append((%%userdn, %%user, %%user.ldap_user_aliases))%slurp
changetype: modify
#add: objectClass
#objectClass: inetLocalMailRecipient
#-
replace: mailLocalAddress
mailLocalAddress: %%user
%if %%user.ldap_user_aliases
%for %%alias in %%user.ldap_user_aliases
mailLocalAddress: %%alias
%end for %end for
%end if
%end for
# Families
%for %%family in %%accounts.families %for %%family in %%accounts.families
%set %%families = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, %%family) %set %%families = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, %%family)
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family] %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
%set %%userdn = 'cn=' + %%user + ',' + %%families %set %%userdn = 'cn=' + %%user + ',' + %%families
%%groups.setdefault(%%family, []).append(%%userdn)%slurp %%groups.setdefault(%%family, []).append(%%userdn)%slurp
%%acc.append((%%userdn, %%user, %%user['ldap_user_aliases_' + %%family]))%slurp
%end for
%end for
%for %%userdn, %%user, %%aliases in %%acc
dn: %%userdn dn: %%userdn
changetype: modify changetype: modify
#add: objectClass #add: objectClass
@ -48,14 +49,13 @@ changetype: modify
#- #-
replace: mailLocalAddress replace: mailLocalAddress
mailLocalAddress: %%user mailLocalAddress: %%user
%if %%user['ldap_user_aliases_' + %%family] %if %%aliases
%for %%alias in %%user['ldap_user_aliases_' + %%family] %for %%alias in %%aliases
mailLocalAddress: %%alias mailLocalAddress: %%alias
%end for %end for
%end if %end if
%end for %end for
%end for
# Groups # Groups
%set %%groupdn = %%ldap_group_dn %set %%groupdn = %%ldap_group_dn
%for %%group, %%members in %%groups.items() %for %%group, %%members in %%groups.items()

View file

@ -0,0 +1,84 @@
from requests import get, post, session
from mookdns import MookDns
class Authentication:
def __init__(self,
auth_url,
portal_server,
ip,
username,
password,
title,
):
self.ip = ip
with session() as req:
with MookDns(self.ip):
self.is_lemonldap(req,
auth_url,
)
self.auth_lemonldap(req,
portal_server,
username,
password,
title,
)
self.cookies = dict(req.cookies)
# @staticmethod
def is_lemonldap(self,
req,
url,
):
ret = req.get(url)
code = ret.status_code
content = ret.content
assert code == 200
assert b'<title trspan="authPortal">Authentication portal</title>' in content
def auth_lemonldap(self,
req,
portal_server,
username,
password,
title,
):
# authentification
json = {'user': username,
'password': password,
}
headers = {"Content-Type": "application/x-www-form-urlencoded",
"Accept": "application/json",
}
portal_url = f'https://{portal_server}/oauth2/'
ret = req.post(portal_url, data=json, headers=headers)
json = ret.json()
assert json['error']
assert json['result'] == 1
assert json['id'] == ret.cookies.get('lemonldap')
# authorization code
# curl -X POST -d user=dwho -d password=dwho -H 'Accept: application/json' 'https://oidctest.wsweet.org/oauth2/'
# curl -s -D - -o /dev/null -b lemonldap=0640f95827111f00ba7ad5863ba819fe46cfbcecdb18ce525836369fb4c8350b 'https://oidctest.wsweet.org/oauth2/authorize?response_type=code&client_id=private&scope=openid+profile+email&redirect_uri=http://localhost' | grep '^location'
authorize_url = f'{portal_url}authorize'
ret = req.get(authorize_url)
assert ret.status_code == 200
assert title in ret.content.decode()
def get(self,
url,
json=False,
):
with MookDns(self.ip):
ret = get(url, cookies=self.cookies)
assert ret.status_code == 200, f'return code is {ret.status_code}'
if json:
return ret.json()
return ret.content.decode()
def post(self,
url,
data,
):
with MookDns(self.ip):
ret = post(url, cookies=self.cookies, data=data)
assert ret.status_code == 200, f'return code is {ret.status_code}'