tests/unit_tests/test_security.py

from pathlib import Path

from pytest import MonkeyPatch

from mealie.core import security
from mealie.core.config import get_app_settings
from mealie.core.dependencies import validate_file_token
from mealie.db.db_setup import session_context
from tests.utils.factories import random_string


def test_create_file_token():
    file_path = Path(__file__).parent
    file_token = security.create_file_token(file_path)

    assert file_path == validate_file_token(file_token)


def test_ldap_authentication_mocked(monkeypatch: MonkeyPatch):
    import ldap

    user = random_string(10)
    password = random_string(10)
    bind_template = "cn={},dc=example,dc=com"
    base_dn = "(dc=example,dc=com)"
    monkeypatch.setenv("LDAP_AUTH_ENABLED", "true")
    monkeypatch.setenv("LDAP_SERVER_URL", "")  # Not needed due to mocking
    monkeypatch.setenv("LDAP_BIND_TEMPLATE", bind_template)
    monkeypatch.setenv("LDAP_BASE_DN", base_dn)

    class LdapConnMock:
        def simple_bind_s(self, dn, bind_pw):
            assert dn == bind_template.format(user)
            return bind_pw == password

        def search_s(self, dn, scope, filter, attrlist):
            assert attrlist == ["name", "mail"]
            assert filter == f"(&(objectClass=user)(|(cn={user})(sAMAccountName={user})(mail={user})))"
            assert dn == base_dn
            assert scope == ldap.SCOPE_SUBTREE
            return [()]

        def set_option(*args, **kwargs):
            pass

    def ldap_initialize_mock(url):
        assert url == ""
        return LdapConnMock()

    monkeypatch.setattr(ldap, "initialize", ldap_initialize_mock)

    get_app_settings.cache_clear()

    with session_context() as session:
        result = security.authenticate_user(session, user, password)

    assert result is False
Improve Test Coverage (#511) * add recipe scaling notes * test theme rename * fix coverage call to use poetry * remove print * remove async * consolidate test case data * fix mealplan tests * remove redundant else Co-authored-by: hay-kot <hay-kot@pm.me> 2021-06-13 13:09:44 -08:00			`from pathlib import Path`

fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00			`from pytest import MonkeyPatch`

Improve Test Coverage (#511) * add recipe scaling notes * test theme rename * fix coverage call to use poetry * remove print * remove async * consolidate test case data * fix mealplan tests * remove redundant else Co-authored-by: hay-kot <hay-kot@pm.me> 2021-06-13 13:09:44 -08:00			`from mealie.core import security`
fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00			`from mealie.core.config import get_app_settings`
refactor(backend): :recycle: move router dependencies to mealie.core.dependencies module 2021-08-28 15:36:46 -08:00			`from mealie.core.dependencies import validate_file_token`
fix: unclosed sessions (#1734) * resolve session leak * cleanup session management functions 2022-10-17 14:11:40 -08:00			`from mealie.db.db_setup import session_context`
fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00			`from tests.utils.factories import random_string`
Improve Test Coverage (#511) * add recipe scaling notes * test theme rename * fix coverage call to use poetry * remove print * remove async * consolidate test case data * fix mealplan tests * remove redundant else Co-authored-by: hay-kot <hay-kot@pm.me> 2021-06-13 13:09:44 -08:00

			`def test_create_file_token():`
			`file_path = Path(__file__).parent`
			`file_token = security.create_file_token(file_path)`

			`assert file_path == validate_file_token(file_token)`
fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00

			`def test_ldap_authentication_mocked(monkeypatch: MonkeyPatch):`
			`import ldap`

			`user = random_string(10)`
			`password = random_string(10)`
			`bind_template = "cn={},dc=example,dc=com"`
feat: LDAP improvements (#1487) * Use Base DN for LDAP and fetch user attrs Requires that a Base DN be set for LDAP Set `full_name` and `email` based on LDAP attributes when creating user * Add support for secure LDAP Allow insecure LDAP connection (disabled by default) Use CA when connecting to secure LDAP server * Added missing quotes to example * Update security.py * Update security.py formatting * Update security.py Switched to f-String formatting * formatting * Update test_security.py Added at attributes for testing * Update test_security.py Modified tests for base DN * Update test_security.py Set proper base DN for testing * Update test_security.py Corrected testing for LDAP * Update test_security.py Defined base_dn * Authenticated user not in base DN Add check for when user can authenticate but is not in base DN * Update test_security.py LDAP user cannot exist as it is searched before it is created and the list returns False Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com> 2022-09-16 12:33:36 +09:00			`base_dn = "(dc=example,dc=com)"`
fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00			`monkeypatch.setenv("LDAP_AUTH_ENABLED", "true")`
			`monkeypatch.setenv("LDAP_SERVER_URL", "") # Not needed due to mocking`
			`monkeypatch.setenv("LDAP_BIND_TEMPLATE", bind_template)`
feat: LDAP improvements (#1487) * Use Base DN for LDAP and fetch user attrs Requires that a Base DN be set for LDAP Set `full_name` and `email` based on LDAP attributes when creating user * Add support for secure LDAP Allow insecure LDAP connection (disabled by default) Use CA when connecting to secure LDAP server * Added missing quotes to example * Update security.py * Update security.py formatting * Update security.py Switched to f-String formatting * formatting * Update test_security.py Added at attributes for testing * Update test_security.py Modified tests for base DN * Update test_security.py Set proper base DN for testing * Update test_security.py Corrected testing for LDAP * Update test_security.py Defined base_dn * Authenticated user not in base DN Add check for when user can authenticate but is not in base DN * Update test_security.py LDAP user cannot exist as it is searched before it is created and the list returns False Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com> 2022-09-16 12:33:36 +09:00			`monkeypatch.setenv("LDAP_BASE_DN", base_dn)`
fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00
			`class LdapConnMock:`
			`def simple_bind_s(self, dn, bind_pw):`
			`assert dn == bind_template.format(user)`
			`return bind_pw == password`

			`def search_s(self, dn, scope, filter, attrlist):`
feat: LDAP improvements (#1487) * Use Base DN for LDAP and fetch user attrs Requires that a Base DN be set for LDAP Set `full_name` and `email` based on LDAP attributes when creating user * Add support for secure LDAP Allow insecure LDAP connection (disabled by default) Use CA when connecting to secure LDAP server * Added missing quotes to example * Update security.py * Update security.py formatting * Update security.py Switched to f-String formatting * formatting * Update test_security.py Added at attributes for testing * Update test_security.py Modified tests for base DN * Update test_security.py Set proper base DN for testing * Update test_security.py Corrected testing for LDAP * Update test_security.py Defined base_dn * Authenticated user not in base DN Add check for when user can authenticate but is not in base DN * Update test_security.py LDAP user cannot exist as it is searched before it is created and the list returns False Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com> 2022-09-16 12:33:36 +09:00			`assert attrlist == ["name", "mail"]`
			`assert filter == f"(&(objectClass=user)(\|(cn={user})(sAMAccountName={user})(mail={user})))"`
			`assert dn == base_dn`
			`assert scope == ldap.SCOPE_SUBTREE`
fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00			`return [()]`

Dev Improvements (#2058) * added ruff cache to git ignore * moved venv to project and added interpreter path * added dummy method to LDAP test * removed unused setting 2023-01-28 18:49:09 -06:00			`def set_option(args, *kwargs):`
			`pass`

fix(backend): :bug: Grab PRs from dev branch (#826) * fix(backend): :bug: Grab PR #780 * feat(frontend): :sparkles: Grab PR 797 * docs(docs): spelling * feat(backend): :sparkles: Add LDAP Support from #803 * add test deps Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-23 20:41:07 -09:00			`def ldap_initialize_mock(url):`
			`assert url == ""`
			`return LdapConnMock()`

			`monkeypatch.setattr(ldap, "initialize", ldap_initialize_mock)`

			`get_app_settings.cache_clear()`
fix: unclosed sessions (#1734) * resolve session leak * cleanup session management functions 2022-10-17 14:11:40 -08:00
			`with session_context() as session:`
			`result = security.authenticate_user(session, user, password)`

feat: LDAP improvements (#1487) * Use Base DN for LDAP and fetch user attrs Requires that a Base DN be set for LDAP Set `full_name` and `email` based on LDAP attributes when creating user * Add support for secure LDAP Allow insecure LDAP connection (disabled by default) Use CA when connecting to secure LDAP server * Added missing quotes to example * Update security.py * Update security.py formatting * Update security.py Switched to f-String formatting * formatting * Update test_security.py Added at attributes for testing * Update test_security.py Modified tests for base DN * Update test_security.py Set proper base DN for testing * Update test_security.py Corrected testing for LDAP * Update test_security.py Defined base_dn * Authenticated user not in base DN Add check for when user can authenticate but is not in base DN * Update test_security.py LDAP user cannot exist as it is searched before it is created and the list returns False Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com> 2022-09-16 12:33:36 +09:00			`assert result is False`