From 2855163948d823ef7e79545dc9ecc86a3ab91a46 Mon Sep 17 00:00:00 2001
From: Simon Pirkelmann <simon.pirkelmann@gmail.com>
Date: Tue, 1 Feb 2022 00:53:14 +0100
Subject: [PATCH] added test for ldap authentication

---
 tests/test_webinterface.py | 61 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 60 insertions(+), 1 deletion(-)

diff --git a/tests/test_webinterface.py b/tests/test_webinterface.py
index 7d6f5d0..1bc319a 100644
--- a/tests/test_webinterface.py
+++ b/tests/test_webinterface.py
@@ -32,7 +32,7 @@ def extract_csrf_token(response):
 
 def headless_login(client, user='gandalf@shire.me', password='shadowfax'):
     # extract csrf token from the login page source
-    response = client.get('/login')
+    response = client.get('/login', follow_redirects=True)
     csrf_token = extract_csrf_token(response)
 
     # send login information
@@ -53,6 +53,65 @@ def test_login_headless(client):
                 for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
 
 
+def test_login_ldap(client, temp_user, mocker):
+    # mock ldap validation for admin user
+    def mock_validate(username, password):
+        auth = username == temp_user['username'] and password == temp_user['password']
+        user_data = {'username': temp_user['username'],
+                     'email': temp_user['email'],
+                     'roles': ['admin'],
+                     'password': temp_user['password']}
+        return auth, user_data
+    mocker.patch('imaginaerraum_door_admin.auth.validate_ldap', mock_validate)
+
+    user = find_user(temp_user['username'])
+    # remove local role so that ldap authentication is the default
+    user.roles.pop(0)
+
+    # log out admin user
+    client.get('/logout')
+
+    # log in temp user using ldap
+    response = headless_login(client, user=temp_user['username'],
+                   password=temp_user['password'])
+    soup = BeautifulSoup(response.data, 'html.parser')
+
+    # make sure login succeeded -> Tür öffnen button will appear
+    assert any(['Tür öffnen' in link.contents[0]
+                for link in soup.findAll('a', attrs={'class': ['btn'],
+                                                     'role': 'button'})])
+
+
+def test_login_ldap_new_user(client, mocker):
+    # mock ldap validation for admin user
+    def mock_validate(username, password):
+        auth = True
+        user_data = {'username': 'Balrog',
+                     'email': 'balrog@moria.me',
+                     'roles': ['admin'],
+                     'password': 'youshallnotpass'}
+        return auth, user_data
+    mocker.patch('imaginaerraum_door_admin.auth.validate_ldap', mock_validate)
+
+    # initially, the Balrog user should not exist
+    user = find_user('Balrog')
+    assert user is None
+
+    # log in temp user using ldap -> this will succeed and create a local user
+    response = headless_login(client, user='Balrog',
+                   password='youshallnotpass')
+    soup = BeautifulSoup(response.data, 'html.parser')
+
+    # make sure user is now created locally
+    user = find_user('Balrog')
+    assert user is not None
+
+    # make sure login succeeded -> Tür öffnen button will appear
+    assert any(['Tür öffnen' in link.contents[0]
+                for link in soup.findAll('a', attrs={'class': ['btn'],
+                                                     'role': 'button'})])
+
+
 @pytest.fixture
 def client_authenticated(client):
     # log in using admin account for testing