You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
186 lines
5.0 KiB
186 lines
5.0 KiB
package ldap
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/iam/providers"
|
|
)
|
|
|
|
// MockLDAPProvider is a mock implementation for testing
|
|
// This is a standalone mock that doesn't depend on production LDAP code
|
|
type MockLDAPProvider struct {
|
|
name string
|
|
initialized bool
|
|
TestUsers map[string]*providers.ExternalIdentity
|
|
TestCredentials map[string]string // username -> password
|
|
}
|
|
|
|
// NewMockLDAPProvider creates a mock LDAP provider for testing
|
|
func NewMockLDAPProvider(name string) *MockLDAPProvider {
|
|
return &MockLDAPProvider{
|
|
name: name,
|
|
initialized: true, // Mock is always initialized
|
|
TestUsers: make(map[string]*providers.ExternalIdentity),
|
|
TestCredentials: make(map[string]string),
|
|
}
|
|
}
|
|
|
|
// Name returns the provider name
|
|
func (m *MockLDAPProvider) Name() string {
|
|
return m.name
|
|
}
|
|
|
|
// Initialize initializes the mock provider (no-op for testing)
|
|
func (m *MockLDAPProvider) Initialize(config interface{}) error {
|
|
m.initialized = true
|
|
return nil
|
|
}
|
|
|
|
// AddTestUser adds a test user with credentials
|
|
func (m *MockLDAPProvider) AddTestUser(username, password string, identity *providers.ExternalIdentity) {
|
|
m.TestCredentials[username] = password
|
|
m.TestUsers[username] = identity
|
|
}
|
|
|
|
// Authenticate authenticates using test data
|
|
func (m *MockLDAPProvider) Authenticate(ctx context.Context, credentials string) (*providers.ExternalIdentity, error) {
|
|
if !m.initialized {
|
|
return nil, fmt.Errorf("provider not initialized")
|
|
}
|
|
|
|
if credentials == "" {
|
|
return nil, fmt.Errorf("credentials cannot be empty")
|
|
}
|
|
|
|
// Parse credentials (username:password format)
|
|
parts := strings.SplitN(credentials, ":", 2)
|
|
if len(parts) != 2 {
|
|
return nil, fmt.Errorf("invalid credentials format (expected username:password)")
|
|
}
|
|
|
|
username, password := parts[0], parts[1]
|
|
|
|
// Check test credentials
|
|
expectedPassword, userExists := m.TestCredentials[username]
|
|
if !userExists {
|
|
return nil, fmt.Errorf("user not found")
|
|
}
|
|
|
|
if password != expectedPassword {
|
|
return nil, fmt.Errorf("invalid credentials")
|
|
}
|
|
|
|
// Return test user identity
|
|
if identity, exists := m.TestUsers[username]; exists {
|
|
return identity, nil
|
|
}
|
|
|
|
return nil, fmt.Errorf("user identity not found")
|
|
}
|
|
|
|
// GetUserInfo returns test user info
|
|
func (m *MockLDAPProvider) GetUserInfo(ctx context.Context, userID string) (*providers.ExternalIdentity, error) {
|
|
if !m.initialized {
|
|
return nil, fmt.Errorf("provider not initialized")
|
|
}
|
|
|
|
if userID == "" {
|
|
return nil, fmt.Errorf("user ID cannot be empty")
|
|
}
|
|
|
|
// Check test users
|
|
if identity, exists := m.TestUsers[userID]; exists {
|
|
return identity, nil
|
|
}
|
|
|
|
// Return default test user if not found
|
|
return &providers.ExternalIdentity{
|
|
UserID: userID,
|
|
Email: userID + "@test-ldap.com",
|
|
DisplayName: "Test LDAP User " + userID,
|
|
Groups: []string{"test-group"},
|
|
Provider: m.name,
|
|
}, nil
|
|
}
|
|
|
|
// ValidateToken validates credentials using test data
|
|
func (m *MockLDAPProvider) ValidateToken(ctx context.Context, token string) (*providers.TokenClaims, error) {
|
|
if !m.initialized {
|
|
return nil, fmt.Errorf("provider not initialized")
|
|
}
|
|
|
|
if token == "" {
|
|
return nil, fmt.Errorf("token cannot be empty")
|
|
}
|
|
|
|
// Parse credentials (username:password format)
|
|
parts := strings.SplitN(token, ":", 2)
|
|
if len(parts) != 2 {
|
|
return nil, fmt.Errorf("invalid token format (expected username:password)")
|
|
}
|
|
|
|
username, password := parts[0], parts[1]
|
|
|
|
// Check test credentials
|
|
expectedPassword, userExists := m.TestCredentials[username]
|
|
if !userExists {
|
|
return nil, fmt.Errorf("user not found")
|
|
}
|
|
|
|
if password != expectedPassword {
|
|
return nil, fmt.Errorf("invalid credentials")
|
|
}
|
|
|
|
// Return test claims
|
|
identity := m.TestUsers[username]
|
|
return &providers.TokenClaims{
|
|
Subject: username,
|
|
Claims: map[string]interface{}{
|
|
"ldap_dn": "CN=" + username + ",DC=test,DC=com",
|
|
"email": identity.Email,
|
|
"name": identity.DisplayName,
|
|
"groups": identity.Groups,
|
|
"provider": m.name,
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
// SetupDefaultTestData configures common test data
|
|
func (m *MockLDAPProvider) SetupDefaultTestData() {
|
|
// Add default test user
|
|
m.AddTestUser("testuser", "testpass", &providers.ExternalIdentity{
|
|
UserID: "testuser",
|
|
Email: "testuser@ldap-test.com",
|
|
DisplayName: "Test LDAP User",
|
|
Groups: []string{"developers", "users"},
|
|
Provider: m.name,
|
|
Attributes: map[string]string{
|
|
"department": "Engineering",
|
|
"location": "Test City",
|
|
},
|
|
})
|
|
|
|
// Add admin test user
|
|
m.AddTestUser("admin", "adminpass", &providers.ExternalIdentity{
|
|
UserID: "admin",
|
|
Email: "admin@ldap-test.com",
|
|
DisplayName: "LDAP Administrator",
|
|
Groups: []string{"admins", "users"},
|
|
Provider: m.name,
|
|
Attributes: map[string]string{
|
|
"department": "IT",
|
|
"role": "administrator",
|
|
},
|
|
})
|
|
|
|
// Add readonly user
|
|
m.AddTestUser("readonly", "readpass", &providers.ExternalIdentity{
|
|
UserID: "readonly",
|
|
Email: "readonly@ldap-test.com",
|
|
DisplayName: "Read Only User",
|
|
Groups: []string{"readonly"},
|
|
Provider: m.name,
|
|
})
|
|
}
|