1
0
Fork 0
selfhostblocks/test/blocks/ldap.nix

83 lines
2.8 KiB
Nix
Raw Normal View History

2023-12-01 07:08:38 +01:00
{ pkgs, lib, ... }:
2024-03-20 06:50:41 +01:00
let
pkgs' = pkgs;
in
2023-12-01 07:08:38 +01:00
{
2024-03-20 06:50:41 +01:00
auth = pkgs.testers.runNixOSTest {
2023-12-01 07:08:38 +01:00
name = "ldap-auth";
nodes.server = { config, pkgs, ... }: {
imports = [
2024-03-20 06:50:41 +01:00
(pkgs'.path + "/nixos/modules/profiles/headless.nix")
(pkgs'.path + "/nixos/modules/profiles/qemu-guest.nix")
2023-12-01 07:08:38 +01:00
{
options = {
shb.ssl.enable = lib.mkEnableOption "ssl";
};
}
../../modules/blocks/ldap.nix
];
shb.ldap = {
enable = true;
dcdomain = "dc=example,dc=com";
subdomain = "ldap";
domain = "example.com";
ldapUserPassword.result.path = pkgs.writeText "user_password" "securepw";
jwtSecret.result.path = pkgs.writeText "jwt_secret" "securejwtsecret";
2023-12-01 07:08:38 +01:00
debug = true;
};
networking.firewall.allowedTCPPorts = [ 80 ]; # nginx port
};
nodes.client = {};
# Inspired from https://github.com/lldap/lldap/blob/33f50d13a2e2d24a3e6bb05a148246bc98090df0/example_configs/lldap-ha-auth.sh
testScript = { nodes, ... }: ''
import json
start_all()
server.wait_for_unit("lldap.service")
server.wait_for_open_port(${toString nodes.server.services.lldap.settings.http_port})
2023-12-01 07:08:38 +01:00
with subtest("fail without authenticating"):
client.fail(
"curl -f -s -X GET"
+ """ -H "Content-type: application/json" """
+ """ -H "Host: ldap.example.com" """
+ " http://server/api/graphql"
)
with subtest("fail authenticating with wrong credentials"):
client.fail(
"curl -f -s -X POST"
+ """ -H "Content-type: application/json" """
+ """ -H "Host: ldap.example.com" """
+ " http://server/auth/simple/login"
+ """ -d '{"username": "admin", "password": "wrong"}'"""
)
with subtest("succeed with correct authentication"):
token = json.loads(client.succeed(
"curl -f -s -X POST "
+ """ -H "Content-type: application/json" """
+ """ -H "Host: ldap.example.com" """
+ " http://server/auth/simple/login "
+ """ -d '{"username": "admin", "password": "securepw"}' """
))['token']
data = json.loads(client.succeed(
"curl -f -s -X POST "
+ """ -H "Content-type: application/json" """
+ """ -H "Host: ldap.example.com" """
+ """ -H "Authorization: Bearer {token}" """.format(token=token)
+ " http://server/api/graphql "
+ """ -d '{"variables": {"id": "admin"}, "query":"query($id:String!){user(userId:$id){displayName groups{displayName}}}"}' """
))['data']
assert data['user']['displayName'] == "Administrator"
assert data['user']['groups'][0]['displayName'] == "lldap_admin"
'';
};
}