mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
kanidm/kanidm_client/tests/proto_v1_test.rs

385 lines
12 KiB
Rust
Raw Normal View History

Clean all codebase warnings
2019-07-29 09:09:09 +02:00
#![deny(warnings)]
#[macro_use]
extern crate log;
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
extern crate actix;
use actix::prelude::*;
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
extern crate kanidm;
extern crate kanidm_client;
extern crate kanidm_proto;
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
extern crate serde_json;
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
use kanidm_client::KanidmClient;
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
use kanidm::config::{Configuration, IntegrationTestConfig};
use kanidm::core::create_server_core;
6 schema list (#112) This adds rest endpoints for schema, group, account listing and individual item getting, client lib to call these end points, and tests for all of these.
2019-10-05 02:40:43 +02:00
use kanidm_proto::v1::{Entry, Filter, Modify, ModifyList};
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
Improvements to integration test
2018-11-26 07:13:22 +01:00
extern crate reqwest;
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
extern crate futures;
Implement memberof with direct/indirect tracking and testcases. (#48) * Implement memberof with direct/indirect tracking and testcases.
2019-05-08 02:39:46 +02:00
// use futures::future;
// use futures::future::Future;
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
use std::sync::atomic::{AtomicUsize, Ordering};
Improvements to integration test
2018-11-26 07:13:22 +01:00
use std::sync::mpsc;
use std::thread;
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
extern crate env_logger;
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
extern crate tokio;
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
static PORT_ALLOC: AtomicUsize = AtomicUsize::new(8080);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
static ADMIN_TEST_PASSWORD: &'static str = "integration test admin password";
Add tooling for accounts to self-set their password (#107) Partially Implements #6 - add ability for accounts to self set password. This is good for now, as I get closer to a trial radius deployment, but I think I'm finding the rest api probably needs a better plan at this point, as well as probably the way we do the proto and the communication needs some more thoughts too.
2019-09-27 01:59:23 +02:00
static ADMIN_TEST_PASSWORD_CHANGE: &'static str = "integration test admin new🎉";
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
initial
2018-09-29 09:54:16 +02:00
// Test external behaviorus of the service.
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
fn run_test(test_fn: fn(KanidmClient) -> ()) {
// ::std::env::set_var("RUST_LOG", "actix_web=debug,kanidm=debug");
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
let _ = env_logger::builder().is_test(true).try_init();
let (tx, rx) = mpsc::channel();
let port = PORT_ALLOC.fetch_add(1, Ordering::SeqCst);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
let int_config = Box::new(IntegrationTestConfig {
admin_password: ADMIN_TEST_PASSWORD.to_string(),
});
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
let mut config = Configuration::new();
config.address = format!("127.0.0.1:{}", port);
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
config.secure_cookies = false;
config.integration_test_config = Some(int_config);
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Setup the config ...
thread::spawn(move || {
// Spawn a thread for the test runner, this should have a unique
// port....
System::run(move || {
create_server_core(config);
// This appears to be bind random ...
// let srv = srv.bind("127.0.0.1:0").unwrap();
let _ = tx.send(System::current());
});
});
let sys = rx.recv().unwrap();
System::set_current(sys.clone());
Improvements to integration test
2018-11-26 07:13:22 +01:00
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Do we need any fixtures?
// Yes probably, but they'll need to be futures as well ...
// later we could accept fixture as it's own future for re-use
initial
2018-09-29 09:54:16 +02:00
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Setup the client, and the address we selected.
let addr = format!("http://127.0.0.1:{}", port);
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
let rsclient = KanidmClient::new(addr.as_str(), None);
Improvements to integration test
2018-11-26 07:13:22 +01:00
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
test_fn(rsclient);
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// We DO NOT need teardown, as sqlite is in mem
// let the tables hit the floor
let _ = sys.stop();
initial
2018-09-29 09:54:16 +02:00
}
#[test]
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
fn test_server_create() {
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
run_test(|rsclient: KanidmClient| {
Add support for working server integration test!
2018-11-27 11:48:21 +01:00
let e: Entry = serde_json::from_str(
r#"{
"attrs": {
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
"class": ["person", "account"],
Add support for working server integration test!
2018-11-27 11:48:21 +01:00
"name": ["testperson"],
"displayname": ["testperson"]
}
}"#,
)
.unwrap();
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
// Not logged in - should fail!
let res = rsclient.create(vec![e.clone()]);
assert!(res.is_err());
Improvements to integration test
2018-11-26 07:13:22 +01:00
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
let a_res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(a_res.is_ok());
Improvements to integration test
2018-11-26 07:13:22 +01:00
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
let res = rsclient.create(vec![e]);
assert!(res.is_ok());
Improvements to integration test
2018-11-26 07:13:22 +01:00
});
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
}
6 schema list (#112) This adds rest endpoints for schema, group, account listing and individual item getting, client lib to call these end points, and tests for all of these.
2019-10-05 02:40:43 +02:00
#[test]
fn test_server_modify() {
run_test(|rsclient: KanidmClient| {
// Build a self mod.
let f = Filter::SelfUUID;
let m = ModifyList::new_list(vec![
Modify::Purged("displayname".to_string()),
Modify::Present("displayname".to_string(), "test".to_string()),
]);
// Not logged in - should fail!
let res = rsclient.modify(f.clone(), m.clone());
assert!(res.is_err());
let a_res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(a_res.is_ok());
let res = rsclient.modify(f.clone(), m.clone());
println!("{:?}", res);
assert!(res.is_ok());
});
}
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
#[test]
fn test_server_whoami_anonymous() {
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
run_test(|rsclient: KanidmClient| {
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// First show we are un-authenticated.
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
let pre_res = rsclient.whoami();
// This means it was okay whoami, but no uat attached.
assert!(pre_res.unwrap().is_none());
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Now login as anonymous
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
let res = rsclient.auth_anonymous();
assert!(res.is_ok());
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
// Now do a whoami.
Add stricter assertions to whoami test
2019-09-11 04:21:15 +02:00
let (_e, uat) = match rsclient.whoami().unwrap() {
Some((e, uat)) => (e, uat),
None => panic!(),
};
debug!("{}", uat);
assert!(uat.name == "anonymous");
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
});
}
#[test]
fn test_server_whoami_admin_simple_password() {
Complete the rename of the project from rsidm to kanidm
2019-09-14 15:44:08 +02:00
run_test(|rsclient: KanidmClient| {
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
// First show we are un-authenticated.
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
let pre_res = rsclient.whoami();
// This means it was okay whoami, but no uat attached.
assert!(pre_res.unwrap().is_none());
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
Add a lot of client support, clean up warnings, and clean up output for clients
2019-09-09 12:32:49 +02:00
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// Now do a whoami.
Add stricter assertions to whoami test
2019-09-11 04:21:15 +02:00
let (_e, uat) = match rsclient.whoami().unwrap() {
Some((e, uat)) => (e, uat),
None => panic!(),
};
debug!("{}", uat);
assert!(uat.name == "admin");
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
});
}
Begin datastructure and work on the core server
2018-10-03 13:21:21 +02:00
#[test]
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
fn test_server_search() {
run_test(|rsclient: KanidmClient| {
// First show we are un-authenticated.
let pre_res = rsclient.whoami();
// This means it was okay whoami, but no uat attached.
assert!(pre_res.unwrap().is_none());
Begin adding query server tests
2018-11-07 08:27:11 +01:00
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
Begin adding query server tests
2018-11-07 08:27:11 +01:00
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
let rset = rsclient
6 create modify tool (#113) Implements #6 - create, modify and delete. These are the raw/lowlevel db commands which are really useful for administrators. They aren't intended for normal day to day use though. This also adds a basic getting started, fixes a missing privilege, adds support for reseting another accounts password, and for server side password generation. It's likely I'm going to reformat some of the current REST api though to use our higher level internal types.
2019-10-07 00:41:30 +02:00
.search(Filter::Eq("name".to_string(), "admin".to_string()))
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
.unwrap();
println!("{:?}", rset);
let e = rset.first().unwrap();
// Check it's admin.
println!("{:?}", e);
let name = e.attrs.get("name").unwrap();
assert!(name == &vec!["admin".to_string()]);
initial
2018-09-29 09:54:16 +02:00
});
}
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
Add tooling for accounts to self-set their password (#107) Partially Implements #6 - add ability for accounts to self set password. This is good for now, as I get closer to a trial radius deployment, but I think I'm finding the rest api probably needs a better plan at this point, as well as probably the way we do the proto and the communication needs some more thoughts too.
2019-09-27 01:59:23 +02:00
#[test]
fn test_server_admin_change_simple_password() {
run_test(|mut rsclient: KanidmClient| {
// First show we are un-authenticated.
let pre_res = rsclient.whoami();
// This means it was okay whoami, but no uat attached.
assert!(pre_res.unwrap().is_none());
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
// Now change the password.
let _ = rsclient
.idm_account_set_password(ADMIN_TEST_PASSWORD_CHANGE.to_string())
.unwrap();
// Now "reset" the client.
let _ = rsclient.logout();
// Old password fails
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_err());
// New password works!
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD_CHANGE);
assert!(res.is_ok());
});
}
6 create modify tool (#113) Implements #6 - create, modify and delete. These are the raw/lowlevel db commands which are really useful for administrators. They aren't intended for normal day to day use though. This also adds a basic getting started, fixes a missing privilege, adds support for reseting another accounts password, and for server side password generation. It's likely I'm going to reformat some of the current REST api though to use our higher level internal types.
2019-10-07 00:41:30 +02:00
// Add a test for reseting another accounts pws via the rest api
#[test]
fn test_server_admin_reset_simple_password() {
run_test(|rsclient: KanidmClient| {
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
// Create a diff account
let e: Entry = serde_json::from_str(
r#"{
"attrs": {
"class": ["person", "account"],
"name": ["testperson"],
"displayname": ["testperson"]
}
}"#,
)
.unwrap();
// Not logged in - should fail!
let res = rsclient.create(vec![e.clone()]);
assert!(res.is_ok());
// By default, admin's can't actually administer accounts, so mod them into
// the account admin group.
let f = Filter::Eq("name".to_string(), "idm_account_write_priv".to_string());
let m = ModifyList::new_list(vec![Modify::Present(
"member".to_string(),
"idm_admins".to_string(),
)]);
let res = rsclient.modify(f.clone(), m.clone());
assert!(res.is_ok());
// Now set it's password.
let res = rsclient.idm_account_primary_credential_set_password("testperson", "password");
assert!(res.is_ok());
// Check it stuck.
let tclient = rsclient.new_session();
assert!(tclient
.auth_simple_password("testperson", "password")
.is_ok());
// Generate a pw instead
let res = rsclient.idm_account_primary_credential_set_generated("testperson");
assert!(res.is_ok());
let gpw = res.unwrap();
let tclient = rsclient.new_session();
assert!(tclient
.auth_simple_password("testperson", gpw.as_str())
.is_ok());
});
}
6 schema list (#112) This adds rest endpoints for schema, group, account listing and individual item getting, client lib to call these end points, and tests for all of these.
2019-10-05 02:40:43 +02:00
// test the rest group endpoint.
#[test]
fn test_server_rest_group_read() {
run_test(|rsclient: KanidmClient| {
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
// List the groups
let g_list = rsclient.idm_group_list().unwrap();
assert!(g_list.len() > 0);
let g = rsclient.idm_group_get("idm_admins").unwrap();
assert!(g.is_some());
println!("{:?}", g);
});
}
#[test]
fn test_server_rest_account_read() {
run_test(|rsclient: KanidmClient| {
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
// List the accounts
let a_list = rsclient.idm_account_list().unwrap();
assert!(a_list.len() > 0);
let a = rsclient.idm_account_get("admin").unwrap();
assert!(a.is_some());
println!("{:?}", a);
});
}
#[test]
fn test_server_rest_schema_read() {
run_test(|rsclient: KanidmClient| {
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
// List the schema
let s_list = rsclient.idm_schema_list().unwrap();
assert!(s_list.len() > 0);
let a_list = rsclient.idm_schema_attributetype_list().unwrap();
assert!(a_list.len() > 0);
let c_list = rsclient.idm_schema_classtype_list().unwrap();
assert!(c_list.len() > 0);
// Get an attr/class
let a = rsclient.idm_schema_attributetype_get("name").unwrap();
assert!(a.is_some());
println!("{:?}", a);
let c = rsclient.idm_schema_classtype_get("account").unwrap();
assert!(c.is_some());
println!("{:?}", c);
});
}
17 radius (#123) Majority of radius integration and tooling complete, including docker files.
2019-10-31 01:48:15 +01:00
// Test resetting a radius cred, and then checking/viewing it.
#[test]
fn test_server_radius_credential_lifecycle() {
run_test(|rsclient: KanidmClient| {
let res = rsclient.auth_simple_password("admin", ADMIN_TEST_PASSWORD);
assert!(res.is_ok());
// Should have no radius secret
let n_sec = rsclient.idm_account_radius_credential_get("admin").unwrap();
assert!(n_sec.is_none());
// Set one
let sec1 = rsclient
.idm_account_radius_credential_regenerate("admin")
.unwrap();
// Should be able to get it.
let r_sec = rsclient.idm_account_radius_credential_get("admin").unwrap();
assert!(sec1 == r_sec.unwrap());
// test getting the token - we can do this as self or the radius server
let r_tok = rsclient.idm_account_radius_token_get("admin").unwrap();
assert!(sec1 == r_tok.secret);
assert!(r_tok.name == "admin".to_string());
// Reset it
let sec2 = rsclient
.idm_account_radius_credential_regenerate("admin")
.unwrap();
// Should be different
println!("s1 {} != s2 {}", sec1, sec2);
assert!(sec1 != sec2);
// Delete it
let res = rsclient.idm_account_radius_credential_delete("admin");
assert!(res.is_ok());
// No secret
let n_sec = rsclient.idm_account_radius_credential_get("admin").unwrap();
assert!(n_sec.is_none());
});
}
// Test the self version of the radius path.
87 default idm entries (#89) This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
2019-09-15 20:05:26 +02:00
// Test hitting all auth-required endpoints and assert they give unauthorized.
Reference in a new issue Copy permalink