add gitea tests

This commit is contained in:
Emmanuel Garette 2022-07-16 22:16:24 +02:00
parent 1f6fddc729
commit 57c108aea0
15 changed files with 547 additions and 101 deletions

View file

@ -0,0 +1,44 @@
import socket
from shutil import copyfile, move
from os import remove
from os.path import isfile
class MookDns:
# Monkey patch to force IPv4 resolution
def __init__(self, ip):
self.ip = ip
def __enter__(self):
self.old_getaddrinfo = socket.getaddrinfo
def new_getaddrinfo(*args, **kwargs):
ret = self.old_getaddrinfo(*args, **kwargs)
dns = list(ret[0])
dns[-1] = (self.ip, dns[-1][1])
return [dns]
socket.getaddrinfo = new_getaddrinfo
return self
def __exit__(self, exc_type, exc, tb):
socket.getaddrinfo = self.old_getaddrinfo
class MookDnsSystem:
# Monkey patch to force IPv4 resolution
def __init__(self, dns, ip):
self.dns = dns
self.ip = ip
def __enter__(self):
if not isfile('/etc/hosts.risotto'):
copyfile('/etc/hosts', '/etc/hosts.risotto')
with open('/etc/hosts.risotto', 'r') as risotto:
with open('/etc/hosts', 'w') as hosts:
for line in risotto.readlines():
if self.dns not in line:
hosts.write(line)
hosts.write(f'{self.ip} {self.dns}')
def __exit__(self, exc_type, exc, tb):
remove('/etc/hosts')
move('/etc/hosts.risotto', '/etc/hosts')

View file

@ -4,7 +4,7 @@
address: %%ip_eth0
dns: %%domain_name_eth0
username: %%username
password: %%get_password(server_name=%%ldap_server_address, username=%%username, description="ldap user", type="cleartext", hide=%%hide_secret, temporary=True)
password: %%get_password(server_name='test', username=%%username, description="test", type="cleartext", hide=%%hide_secret, temporary=True)
username_family: %%username_family
password_family: %%get_password(server_name=%%ldap_server_address, username=%%username_family, description="ldap family user", type="cleartext", hide=%%hide_secret, temporary=True)
password_family: %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
name_family: %%name_family

View file

@ -10,8 +10,8 @@ from smtplib import SMTP, SMTPNotSupportedError, SMTPAuthenticationError
conf_file = f'{environ["MACHINE_TEST_DIR"]}/imap.yml'
with open(conf_file) as yaml:
data = load(yaml, Loader=SafeLoader)
parameters = (('user', data['username'], data['password']),
('family', data['username_family'], data['password_family'] + "2"),
parameters = (('user', data['username'], [data['password']]),
('family', data['username_family'], [data['password_family'], data['password_family'] + "2"]),
)
@ -19,8 +19,8 @@ def get_msg(username, msg='MESSAGE'):
return f'From: {username}\r\nTo: {username}\r\n\r\nSubject: TEST\r\n{msg}\r\n'
@pytest.mark.parametrize('typ, username, password', parameters)
def test_imap_wrong_password(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_wrong_password(typ, username, passwords):
imap = IMAP4_SSL(data['address'])
try:
imap.LOGIN(username, 'b')
@ -30,17 +30,33 @@ def test_imap_wrong_password(typ, username, password):
raise Exception('wrong login !')
@pytest.mark.parametrize('typ, username, password', parameters)
def test_imap_migration(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_migration(typ, username, passwords):
msg = get_msg(username, 'MIGRATION')
if 'FIRST_RUN' in environ:
smtp = SMTP(data['address'], '587')
smtp.starttls()
error = None
for password in passwords:
try:
smtp.login(username, password)
break
except SMTPAuthenticationError as err:
error = err
else:
raise error from error
smtp.sendmail(username, username, msg)
smtp.quit()
imap = IMAP4_SSL(data['address'])
error = None
for password in passwords:
try:
imap.LOGIN(username, password)
break
except Exception as err:
error = err
else:
raise error from error
imap.SELECT(readonly=True)
typ, req = imap.SEARCH(None, 'ALL')
assert typ == 'OK'
@ -53,49 +69,67 @@ def test_imap_migration(typ, username, password):
imap.LOGOUT()
@pytest.mark.parametrize('typ, username, password', parameters)
def test_smtp_no_tls(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_no_tls(typ, username, passwords):
smtp = SMTP(data['address'], '587')
try:
smtp.login(username, password)
raise Exception('no tls!')
except SMTPNotSupportedError:
pass
with pytest.raises(SMTPNotSupportedError):
smtp.login(username, passwords[0])
@pytest.mark.parametrize('typ, username, password', parameters)
def test_smtp_wrong_passwd(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_wrong_passwd(typ, username, passwords):
smtp = SMTP(data['address'], '587')
smtp.starttls()
try:
with pytest.raises(SMTPAuthenticationError):
smtp.login(username, 'a')
raise Exception('wrong password!')
except SMTPAuthenticationError:
pass
smtp.quit()
@pytest.mark.parametrize('typ, username, password', parameters)
def test_smtp_login(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_login(typ, username, passwords):
smtp = SMTP(data['address'], '587')
smtp.starttls()
error = None
for password in passwords:
try:
smtp.login(username, password)
break
except SMTPAuthenticationError as err:
error = err
else:
raise error from error
smtp.quit()
@pytest.mark.parametrize('typ, username, password', parameters)
def test_smtp_sendmail(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_smtp_sendmail(typ, username, passwords):
smtp = SMTP(data['address'], '587')
smtp.starttls()
error = None
for password in passwords:
try:
smtp.login(username, password)
break
except SMTPAuthenticationError as err:
error = err
else:
raise error from error
smtp.sendmail(username, username, get_msg(username))
smtp.quit()
@pytest.mark.parametrize('typ, username, password', parameters)
def test_imap_read_mail(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_read_mail(typ, username, passwords):
imap = IMAP4_SSL(data['address'])
error = None
for password in passwords:
try:
imap.LOGIN(username, password)
break
except Exception as err:
error = err
else:
raise error from error
imap.SELECT(readonly=True)
typ, req = imap.SEARCH(None, 'ALL')
assert typ == 'OK'
@ -111,10 +145,18 @@ def test_imap_read_mail(typ, username, password):
imap.LOGOUT()
@pytest.mark.parametrize('typ, username, password', parameters)
def test_imap_delete_mail(typ, username, password):
@pytest.mark.parametrize('typ, username, passwords', parameters)
def test_imap_delete_mail(typ, username, passwords):
imap = IMAP4_SSL(data['address'])
error = None
for password in passwords:
try:
imap.LOGIN(username, password)
break
except Exception as err:
error = err
else:
raise error from error
imap.SELECT()
typ, req = imap.SEARCH(None, 'ALL')
msg_no = req[0].split()

View file

@ -3,5 +3,8 @@ Créer un utilisateur
su - gitea -s /bin/bash -c "gitea admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/gitea/app.ini"
DEBUG
=====
sed -i 's/info/debug/g' /etc/gitea/app.ini
systemctl restart gitea

View file

@ -6,6 +6,7 @@
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
<file>/etc/gitea/app.ini</file>
<file>/tests/gitea.yml</file>
</service>
</services>
<variables>

View file

@ -16,7 +16,7 @@ User=gitea
Group=gitea
WorkingDirectory=/srv/gitea/lib/
ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
ExecStartPost=-/usr/bin/timeout 90 bash -c 'while ! /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; do echo "TRY TO CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini; sleep 2; done; echo "CONFIGURATION DONE"'
ExecStartPre=-/bin/bash -c 'if /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; then echo "UPDATE";id=$(/usr/bin/gitea --config /etc/gitea/app.ini admin auth list |tail -n 1|awk "{ print \$1}");/usr/bin/gitea admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;else echo "CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;fi;sleep 2; echo "CONFIGURATION DONE"'
Restart=always
Environment=USER=gitea HOME=/srv/gitea/home GITEA_WORK_DIR=/srv/gitea/lib

View file

@ -0,0 +1,9 @@
%set %%username="rougail_test@silique.fr"
ip: %%ip_eth0
revprox_ip: %%revprox_client_server_ip
base_url: https://%%revprox_client_external_domainname%%revprox_client_location[0]
auth_url: %%oauth2_client_external[0]
auth_server: %%oauth2_server_domainname
username: %%username
password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
gitea_title: "%%gitea_title"

View file

@ -0,0 +1,226 @@
from yaml import load, SafeLoader
from os import environ, makedirs
from os.path import expandvars, isfile, isdir, dirname, join
from re import search
from dulwich.porcelain import init, clone, add, commit, push
from tempfile import TemporaryDirectory
from subprocess import run
from revprox import Authentication
from mookdns import MookDnsSystem
PORT = '3000'
GITEA_USERNAME = 'gitea'
KEY_FILE = expandvars("$HOME/tests/risotto")
AUTHENTICATION = None
DATA = None
def get_data():
global DATA
if not DATA:
conf_file = f'{environ["MACHINE_TEST_DIR"]}/gitea.yml'
with open(conf_file) as yaml:
DATA = load(yaml, Loader=SafeLoader)
return DATA
def get_authentication(data):
global AUTHENTICATION
if not AUTHENTICATION:
AUTHENTICATION = Authentication(data['auth_url'],
data['auth_server'],
data['revprox_ip'],
data['username'],
data['password'],
f'<title>{data["username"]} - Dashboard - {data["gitea_title"]}</title>',
)
return AUTHENTICATION
def get_info(authentication,
url,
with_uid=False,
with_data_id=False,
found_string=None
):
# <input type="hidden" name="_csrf" value="YQbVgdYHX_3VQ-KuZ5cKtr9RzXE6MTY1NzgxMzUzNTA0OTYwODQ0NQ">
pattern_csrf = r'name="_csrf" value="([a-zA-Z0-9\-\_=]+)"'
ret = authentication.get(url)
csrf = search(pattern_csrf, ret)[1]
ret_data = []
if with_uid:
pattern_uid = r'input type="hidden" id="uid" name="uid" value="(\d)+"'
uid = search(pattern_uid, ret)
if uid is None:
ret_data.append(uid)
else:
ret_data.append(uid[1])
if with_data_id:
pattern_uid = r'/user/settings/keys/delete?type=ssh" data-id="(\d)+"'
uid = search(pattern_uid, ret)
if uid is None:
ret_data.append(uid)
else:
ret_data.append(uid[1])
if found_string:
ret_data.append(found_string in ret)
ret_data.append(csrf)
if len(ret_data) == 1:
return ret_data[0]
return ret_data
def add_ssh_key(authentication, data):
# Send key to gitea
url = f'{data["base_url"]}user/settings/keys'
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
if is_already_key:
return
# Gen SSH key if needed
if not isfile(KEY_FILE):
key_dir = dirname(KEY_FILE)
if not isdir(key_dir):
makedirs(key_dir)
cmd = ['/usr/bin/ssh-keygen', '-N', '', '-f', KEY_FILE]
run(cmd)
with open(f'{KEY_FILE}.pub') as fh:
key = fh.read()
authentication.post(url, {'_csrf': csrf, 'title': 'test_key_risotto', 'content': key, 'type': 'ssh'})
def delete_ssh_key(authentication, data):
url = f'{data["base_url"]}user/settings/keys'
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
if is_already_key:
uid, csrf = get_info(authentication, url, with_data_id=True)
url = f'{data["base_url"]}user/settings/keys/delete?type=ssh'
authentication.post(url, {'_csrf': csrf, 'id': uid})
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
def test_gitea():
data = get_data()
get_authentication(data)
def test_gitea_repos():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
url = f'{data["base_url"]}repo/create'
uid, csrf = get_info(authentication, url, with_uid=True)
authentication.post(url, {'_csrf': csrf, 'uid': uid, 'repo_name': 'test_persistent'})
url = f'{data["base_url"]}api/v1/repos/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&mode='
json = authentication.get(url, json=True)
assert json['ok']
assert len(json['data']) == 1
username = data['username'].split('@', 1)[0]
assert json['data'][0]['full_name'] == f'{username}/test_persistent'
def test_gitea_create_repo():
data = get_data()
authentication = get_authentication(data)
url = f'{data["base_url"]}repo/create'
uid, csrf = get_info(authentication, url, with_uid=True)
authentication.post(url, {'_csrf': csrf, 'uid': uid, 'repo_name': 'test', 'default_branch': 'main'})
url = f'{data["base_url"]}api/v1/repos/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&mode='
json = authentication.get(url, json=True)
assert json['ok']
assert len(json['data']) == 2
username = data['username'].split('@', 1)[0]
assert {dat['full_name'] for dat in json['data']} == set([f'{username}/test_persistent', f'{username}/test'])
def test_repo():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test.git'
with MookDnsSystem(dns, data['ip']):
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
def test_clone_http():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
http_url = f'{data["base_url"]}{username}/test.git'
with MookDnsSystem(dns, data['revprox_ip']):
repo = clone(http_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
def test_gitea_delete_repo():
repo_name = 'test'
data = get_data()
authentication = get_authentication(data)
username = data['username'].split('@', 1)[0]
url = f'{data["base_url"]}{username}/{repo_name}/settings'
csrf = get_info(authentication, url)
authentication.post(url, {'_csrf': csrf, 'action': 'delete', 'repo_name': repo_name})
url = f'{data["base_url"]}api/v1/repos/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&mode='
json = authentication.get(url, json=True)
assert json['ok']
assert len(json['data']) == 1
username = data['username'].split('@', 1)[0]
assert json['data'][0]['full_name'] == f'{username}/test_persistent'
def test_repo_persistent():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test_persistent.git'
with MookDnsSystem(dns, data['ip']):
if 'FIRST_RUN' in environ:
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
else:
repo = clone(ssh_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'

View file

@ -167,6 +167,7 @@ commentStartToken = §
"portalDisplayResetPassword": 0,
"portalMainLogo": "risotto/logo.png",
"showLanguages": 0,
"requireToken": "$env->{REMOTE_ADDR} ne '%%gateway_eth0'",
"whatToTrace" : "_whatToTrace",
%set %%remotes = {}
%for %%index, %%app in %%enumerate(%%oauth2.remotes)

View file

@ -16,6 +16,11 @@ def req(url, ip, verify=True):
dns[-1] = (ip, dns[-1][1])
return [dns]
socket.getaddrinfo = new_getaddrinfo
if not verify:
with warnings.catch_warnings():
warnings.simplefilter("ignore")
ret = get(url, verify=verify)
else:
ret = get(url, verify=verify)
ret_code = ret.status_code
content = ret.content
@ -29,8 +34,6 @@ def test_revprox():
data = load(yaml, Loader=SafeLoader)
# test unknown domain
url = 'google.fr'
with warnings.catch_warnings():
warnings.simplefilter("ignore")
ret_code, content = req(f'https://{url}', data['address'], verify=False)
assert ret_code == 200, f'https://{url} do not returns code 200 but {ret_code}'
assert "<title>Test Page for the HTTP Server on Fedora</title>" in content, f'https://{url} returns default fedora page'

View file

@ -27,4 +27,8 @@ grep ldapAgentPassword /etc/nextcloud/nextcloud.init
Search information with standard user:
ldapsearch -D cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info -w "1vCE09NRW2kxHIpf1PkehOS9bSLZual82saHSBj9RPM" -b cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info
ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -w "1vCE09NRW2kxHIpf1PkehOS9bSLZual82saHSBj9RPM" -b cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info
# Delete User
ldapdelete -D cn=gnunux@gnunux.info,ou=users,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd cn=rougail_test@gnunux.info,ou=in,o=gnunux,o=info

View file

@ -1,13 +1,16 @@
%set %%username = "rougail_test@silique.fr"
%set %%username_family = "rougail_test@gnunux.info"
%set %%familydn = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name='gnunux')
%set %%name_family = 'gnunux'
%set %%familydn = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%name_family)
%set %%userdn = 'cn=' + %%username + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn)
%set %%userfamilydn = 'cn=' + %%username_family + ',' + %%familydn
address: %%ip_eth0
admin_dn: %%ldapclient_user
admin_password: %%ldapclient_user_password
user_dn: cn=%%username,%%ldap_user_dn
user_password: %%get_password(server_name=%%ldap_server_address, username=%%username, description="ldap user", type="cleartext", hide=%%hide_secret, temporary=True)
user_family_dn: cn=%%username_family,%%familydn
user_family_password: %%get_password(server_name=%%ldap_server_address, username=%%username_family, description="ldap family user", type="cleartext", hide=%%hide_secret, temporary=True)
user_dn: %%userdn
user_password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
user_family_dn: %%userfamilydn
user_family_password: %%get_password(server_name='test', username=%%username_family, description="test", type="cleartext", hide=%%hide_secret, temporary=True)
base_account_dn: %%ldap_account_dn
base_user_dn: %%ldap_user_dn
base_family_dn: %%familydn
@ -18,6 +21,8 @@ remote%%idx: cn=%%name,%%ldapclient_base_dn
remote_password%%idx: %%get_password(server_name=%%domain_name_eth0, username=%%name, description="remote account", type="cleartext", hide=%%hide_secret, temporary=True)
%end for
users:
%%username: %%userdn
%%username_family: %%userfamilydn
%for %%user in %%accounts.users.ldap_user_mail
%%user: cn=%%user,%%ldap_user_dn
%end for
@ -29,11 +34,15 @@ users:
%end for
groups:
users:
- %%userdn
%for %%user in %%accounts.users.ldap_user_mail
- cn=%%user,%%ldap_user_dn
%end for
%for %%family in %%accounts.families
%%family:
%if %%family == %%name_family
- %%userfamilydn
%end if
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
- cn=%%user,%%families
%end for

View file

@ -1,4 +1,6 @@
%set name_family = 'gnunux'
%set %%username="rougail_test@silique.fr"
%set %%username_family="rougail_test@gnunux.info"
%set %%name_family="gnunux"
# BaseDN
%set groups = {}
dn: %%ldapclient_base_dn
@ -44,30 +46,17 @@ ou: users
objectClass: top
objectClass: organizationalUnit
%set %%userdn = 'cn=' + %%username + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn)
%set %%userfamilydn = 'cn=' + %%username_family + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%name_family)
%set %%acc = [(%%userdn, %%username, %%get_password(server_name='test', username=%%username, description="test", type="cleartext", hide=%%hide_secret, temporary=True), 'Rougail', 'Test', 'rougail_test', [], 'users'),
(%%userfamilydn, %%username_family, %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True), 'Rougail', 'Test', 'rougail_test_gnunux', [], %%name_family),
]
%set %%groups['users'] = [%%userdn]
%set %%groups[%%name_family] = [%%userfamilydn]
%for %%user in %%accounts.users.ldap_user_mail
%set %%userdn = "cn=" + %%user + "," + %%users
%%groups.setdefault('users', []).append(%%userdn)
dn: %%userdn
cn: %%user
mail: %%user
sn: %%user.ldap_user_sn
givenName: %%user.ldap_user_gn
uid: %%user.ldap_user_uid
userPassword:: %%ssha_encode(%%user.ldap_user_password)
homeDirectory: /srv/home/users/%%user
mailLocalAddress: %%user
%if %%user.ldap_user_aliases
%for %%alias in %%user.ldap_user_aliases
mailLocalAddress: %%alias
%end for
%end if
uidNumber: 0
gidNumber: 0
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: inetLocalMailRecipient
%%acc.append((%%userdn, %%user, %%user.ldap_user_password, %%user.ldap_user_sn, %%user.ldap_user_gn, %%user.ldap_user_uid, %%user.ldap_user_aliases, 'users'))%slurp
%%groups.setdefault('users', []).append(%%userdn)%slurp
%end for
## Families
dn: %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name='-')
@ -84,18 +73,50 @@ objectClass: organizationalUnit
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
%set %%userdn = "cn=" + %%user + "," + %%families
%%groups.setdefault(%%family, []).append(%%userdn)
%%groups.setdefault(%%family, []).append(%%userdn)%slurp
%%acc.append((%%userdn, %%user, %%user['ldap_user_password_' + %%family], %%user['ldap_user_sn_' + %%family], %%user['ldap_user_gn_' + %%family], %%user['ldap_user_uid_' + %%family], %%user['ldap_user_aliases_' + %%family], %%family))%slurp
#pouet
#dn: %%userdn
#cn: %%user
#mail: %%user
#sn:
#givenName:
#uid:
#userPassword:: %%ssha_encode()
#homeDirectory: /srv/home/families/%%family/%%user
#mailLocalAddress: %%user
# %if %%user['ldap_user_aliases_' + %%family]
# %for %%alias in
#mailLocalAddress: %%alias
# %end for
# %end if
#uidNumber: 0
#gidNumber: 0
#objectClass: top
#objectClass: inetOrgPerson
#objectClass: posixAccount
#objectClass: inetLocalMailRecipient
#
# %end for
#%end for
%end for
%end for
%for %%userdn, %%user, %%password, %%sn, %%gn, %%uid, %%aliases, %%family in %%acc
dn: %%userdn
cn: %%user
mail: %%user
sn: %%user['ldap_user_sn_' + %%family]
givenName: %%user['ldap_user_gn_' + %%family]
uid: %%user['ldap_user_uid_' + %%family]
userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family])
sn: %%sn
givenName: %%gn
uid: %%uid
userPassword:: %%ssha_encode(%%password)
%if %%family == 'users'
homeDirectory: /srv/home/users/%%user
%else
homeDirectory: /srv/home/families/%%family/%%user
%end if
mailLocalAddress: %%user
%if %%user['ldap_user_aliases_' + %%family]
%for %%alias in %%user['ldap_user_aliases_' + %%family]
%if %%aliases
%for %%alias in %%aliases
mailLocalAddress: %%alias
%end for
%end if
@ -106,7 +127,6 @@ objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: inetLocalMailRecipient
%end for
%end for
## Groups
%set %%groupdn = %%ldap_group_dn

View file

@ -1,4 +1,6 @@
%set groups = {}
%set %%username="rougail_test@silique.fr"
%set %%username_family="rougail_test@gnunux.info"
%set %%name_family="gnunux"
# Remote
%set %%acc = []
%for %%idx in %%range(3)
@ -17,30 +19,29 @@ userPassword:: %%ssha_encode(%%password)
%end for
# Users
%set %%userdn = 'cn=' + %%username + ',' + %%ldapclient_base_dn
%set %%userfamilydn = 'cn=' + %%username_family + ',' + %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%name_family)
%set %%acc = [(%%userdn, %%username, ['alias_' + %%username]),
(%%userfamilydn, %%username_family, ['alias_' + %%username_family]),
]
%set groups = {'users': [%%userdn],
%%name_family: [%%userfamilydn],
}
%set %%users = %%ldap_user_dn
%for %%user in %%accounts.users.ldap_user_mail
%set %%userdn = 'cn=' + %%user + ',' + %%users
%%groups.setdefault('users', []).append(%%userdn)%slurp
dn: %%userdn
changetype: modify
#add: objectClass
#objectClass: inetLocalMailRecipient
#-
replace: mailLocalAddress
mailLocalAddress: %%user
%if %%user.ldap_user_aliases
%for %%alias in %%user.ldap_user_aliases
mailLocalAddress: %%alias
%end for
%end if
%%groups['users'].append(%%userdn)%slurp
%%acc.append((%%userdn, %%user, %%user.ldap_user_aliases))%slurp
%end for
# Families
%for %%family in %%accounts.families
%set %%families = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, %%family)
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
%set %%userdn = 'cn=' + %%user + ',' + %%families
%%groups.setdefault(%%family, []).append(%%userdn)%slurp
%%acc.append((%%userdn, %%user, %%user['ldap_user_aliases_' + %%family]))%slurp
%end for
%end for
%for %%userdn, %%user, %%aliases in %%acc
dn: %%userdn
changetype: modify
#add: objectClass
@ -48,13 +49,12 @@ changetype: modify
#-
replace: mailLocalAddress
mailLocalAddress: %%user
%if %%user['ldap_user_aliases_' + %%family]
%for %%alias in %%user['ldap_user_aliases_' + %%family]
%if %%aliases
%for %%alias in %%aliases
mailLocalAddress: %%alias
%end for
%end if
%end for
%end for
# Groups
%set %%groupdn = %%ldap_group_dn

View file

@ -0,0 +1,84 @@
from requests import get, post, session
from mookdns import MookDns
class Authentication:
def __init__(self,
auth_url,
portal_server,
ip,
username,
password,
title,
):
self.ip = ip
with session() as req:
with MookDns(self.ip):
self.is_lemonldap(req,
auth_url,
)
self.auth_lemonldap(req,
portal_server,
username,
password,
title,
)
self.cookies = dict(req.cookies)
# @staticmethod
def is_lemonldap(self,
req,
url,
):
ret = req.get(url)
code = ret.status_code
content = ret.content
assert code == 200
assert b'<title trspan="authPortal">Authentication portal</title>' in content
def auth_lemonldap(self,
req,
portal_server,
username,
password,
title,
):
# authentification
json = {'user': username,
'password': password,
}
headers = {"Content-Type": "application/x-www-form-urlencoded",
"Accept": "application/json",
}
portal_url = f'https://{portal_server}/oauth2/'
ret = req.post(portal_url, data=json, headers=headers)
json = ret.json()
assert json['error']
assert json['result'] == 1
assert json['id'] == ret.cookies.get('lemonldap')
# authorization code
# curl -X POST -d user=dwho -d password=dwho -H 'Accept: application/json' 'https://oidctest.wsweet.org/oauth2/'
# curl -s -D - -o /dev/null -b lemonldap=0640f95827111f00ba7ad5863ba819fe46cfbcecdb18ce525836369fb4c8350b 'https://oidctest.wsweet.org/oauth2/authorize?response_type=code&client_id=private&scope=openid+profile+email&redirect_uri=http://localhost' | grep '^location'
authorize_url = f'{portal_url}authorize'
ret = req.get(authorize_url)
assert ret.status_code == 200
assert title in ret.content.decode()
def get(self,
url,
json=False,
):
with MookDns(self.ip):
ret = get(url, cookies=self.cookies)
assert ret.status_code == 200, f'return code is {ret.status_code}'
if json:
return ret.json()
return ret.content.decode()
def post(self,
url,
data,
):
with MookDns(self.ip):
ret = post(url, cookies=self.cookies, data=data)
assert ret.status_code == 200, f'return code is {ret.status_code}'