diff --git a/tests/unit/test_backend.py b/tests/unit/test_backend.py index c19288c..763450f 100644 --- a/tests/unit/test_backend.py +++ b/tests/unit/test_backend.py @@ -87,19 +87,21 @@ ] -class LDAPBackendTest(unittest.TestCase): +class LDAPBackendTest: def test_instantaite_no_group_dns_provided(self): # User is member of two of the groups, but none of them are required required_group_dns = [] expected_msg = 'One or more user groups must be specified' - self.assertRaisesRegexp(ValueError, expected_msg, ldap_backend.LDAPAuthenticationBackend, - LDAP_BIND_DN, - LDAP_BIND_PASSWORD, - LDAP_BASE_OU, - required_group_dns, - LDAP_HOST, - id_attr=LDAP_ID_ATTR) + with pytest.raises(ValueError, match=expected_msg): + ldap_backend.LDAPAuthenticationBackend( + LDAP_BIND_DN, + LDAP_BIND_PASSWORD, + LDAP_BASE_OU, + required_group_dns, + LDAP_HOST, + id_attr=LDAP_ID_ATTR, + ) @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES) @mock.patch.object( @@ -119,7 +121,7 @@ def test_authenticate(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -139,7 +141,7 @@ def test_authenticate_with_multiple_ldap_hosts(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -158,7 +160,7 @@ def test_authenticate_without_password(self, required_group_dns): id_attr=LDAP_ID_ATTR ) - with self.assertRaises(ValueError): + with pytest.raises(ValueError): backend.authenticate(LDAP_USER_UID, '') @mock.patch.object( @@ -176,7 +178,7 @@ def test_authenticate_failure_bad_bind_cred(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -196,7 +198,7 @@ def test_authenticate_failure_bad_user_password(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -218,7 +220,7 @@ def test_authenticate_failure_non_group_member_no_groups(self, required_group_dn ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated backend = ldap_backend.LDAPAuthenticationBackend( LDAP_BIND_DN, @@ -231,7 +233,7 @@ def test_authenticate_failure_non_group_member_no_groups(self, required_group_dn ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -254,7 +256,7 @@ def test_authenticatefailure_non_group_member_non_required_group(self, required_ ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated backend = ldap_backend.LDAPAuthenticationBackend( LDAP_BIND_DN, @@ -267,7 +269,7 @@ def test_authenticatefailure_non_group_member_non_required_group(self, required_ ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -296,7 +298,7 @@ def test_authenticate_and_behavior_failure_non_group_member_of_all_required_grou ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -323,7 +325,7 @@ def test_authenticate_and_behavior_failure_non_group_member_of_all_required_grou ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -355,7 +357,7 @@ def test_authenticate_and_behavior_failure_non_group_member_of_all_required_grou ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -387,7 +389,7 @@ def test_authenticate_and_is_default_behavior_non_group_member_of_all_required_g ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -412,7 +414,7 @@ def test_authenticate_or_behavior_success_member_of_single_group_1(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -440,7 +442,7 @@ def test_authenticate_or_behavior_success_member_of_single_group_2(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -468,7 +470,7 @@ def test_authenticate_or_behavior_success_member_of_single_group_2b(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -498,7 +500,7 @@ def test_authenticate_or_behavior_success_member_of_multiple_groups_1(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -525,7 +527,7 @@ def test_authenticate_or_behavior_success_member_of_multiple_groups_2(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -552,7 +554,7 @@ def test_authenticate_or_behavior_success_member_of_multiple_groups_3(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -580,7 +582,7 @@ def test_authenticate_or_behavior_success_member_of_multiple_groups_3b(self): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -602,7 +604,7 @@ def test_ssl_authenticate(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -624,7 +626,7 @@ def test_ssl_authenticate_failure(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -647,7 +649,7 @@ def test_ssl_authenticate_validate_cert(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'start_tls_s', @@ -671,7 +673,7 @@ def test_tls_authenticate(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'start_tls_s', @@ -695,7 +697,7 @@ def test_tls_authenticate_failure(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertFalse(authenticated) + assert not authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'start_tls_s', @@ -720,7 +722,7 @@ def test_tls_authenticate_validate_cert(self, required_group_dns): ) authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_PASSWD) - self.assertTrue(authenticated) + assert authenticated @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -757,11 +759,11 @@ def test_special_characters_in_username_are_escaped(self, required_group_dns): # First search_s call (find user by uid) filter_call_value = call_args_1[2] - self.assertEqual(filter_call_value, 'uid=%s' % (expected_username)) + assert filter_call_value == f"uid={expected_username}" # Second search_s call (group membership test) filter_call_value = call_args_2[2] - self.assertTrue('(memberUid=%s)' % (expected_username) in filter_call_value) + assert f"(memberUid={expected_username})" in filter_call_value ldap.ldapobject.SimpleLDAPObject.search_s = mock.MagicMock( side_effect=[LDAP_USER_SEARCH_RESULT, []]) @@ -784,10 +786,10 @@ def test_get_user(self, required_group_dns): ) user_info = backend.get_user(username=LDAP_USER_UID) - self.assertEqual(user_info['cn'], ['Tomaz Muraus']) - self.assertEqual(user_info['displayName'], ['Tomaz Muraus']) - self.assertEqual(user_info['givenName'], ['Tomaz']) - self.assertEqual(user_info['primaryGroupID'], ['513']) + assert user_info['cn'] == ['Tomaz Muraus']) + assert user_info['displayName'] == ['Tomaz Muraus']) + assert user_info['givenName'] == ['Tomaz']) + assert user_info['primaryGroupID'] == ['513']) @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -807,7 +809,7 @@ def test_get_user_multiple_results(self, required_group_dns): ) user_info = backend.get_user(username=LDAP_USER_UID) - self.assertIsNone(user_info) + assert user_info is None @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -832,7 +834,7 @@ def test_get_user_groups(self, required_group_dns): ] groups = backend.get_user_groups(username=LDAP_USER_UID) - self.assertEqual(groups, expected) + assert groups == expected @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -860,18 +862,18 @@ def test_authenticate_and_get_user_groups_caching_disabled(self): cache_user_groups_response=False ) - self.assertEqual(ldap.ldapobject.SimpleLDAPObject.search_s.call_count, 0) + assert ldap.ldapobject.SimpleLDAPObject.search_s.call_count == 0 authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) + assert authenticated # 1 for user dn search, 1 for groups search - self.assertEqual(ldap.ldapobject.SimpleLDAPObject.search_s.call_count, 2) + assert ldap.ldapobject.SimpleLDAPObject.search_s.call_count == 2 user_groups = backend.get_user_groups(username=LDAP_USER_UID) - self.assertEqual(user_groups, ['cn=group1,dc=stackstorm,dc=net']) - self.assertEqual(ldap.ldapobject.SimpleLDAPObject.search_s.call_count, 4) - self.assertTrue(backend._user_groups_cache is None) + assert user_groups == ['cn=group1,dc=stackstorm,dc=net'] + assert ldap.ldapobject.SimpleLDAPObject.search_s.call_count == 4 + assert backend._user_groups_cache is None @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -899,16 +901,16 @@ def test_authenticate_and_get_user_groups_caching_enabled(self): cache_user_groups_response=True ) - self.assertEqual(ldap.ldapobject.SimpleLDAPObject.search_s.call_count, 0) + assert ldap.ldapobject.SimpleLDAPObject.search_s.call_count == 0 authenticated = backend.authenticate(LDAP_USER_UID, LDAP_USER_BAD_PASSWD) - self.assertTrue(authenticated) - self.assertEqual(ldap.ldapobject.SimpleLDAPObject.search_s.call_count, 2) + assert authenticated + assert ldap.ldapobject.SimpleLDAPObject.search_s.call_count == 2 user_groups = backend.get_user_groups(username=LDAP_USER_UID) - self.assertEqual(user_groups, ['cn=group1,dc=stackstorm,dc=net']) - self.assertEqual(ldap.ldapobject.SimpleLDAPObject.search_s.call_count, 2) - self.assertTrue(LDAP_USER_UID in backend._user_groups_cache) + assert user_groups == ['cn=group1,dc=stackstorm,dc=net'] + assert ldap.ldapobject.SimpleLDAPObject.search_s.call_count == 2 + assert LDAP_USER_UID in backend._user_groups_cache @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -1035,14 +1037,18 @@ def test_get_groups_caching_no_cross_username_cache_polution(self): cache_user_groups_response=True ) user_groups = backend.get_user_groups(username=LDAP_USER_UID) - self.assertEqual(user_groups, ['cn=group3,dc=stackstorm,dc=net']) - self.assertEqual(backend._user_groups_cache[LDAP_USER_UID], - ['cn=group3,dc=stackstorm,dc=net']) + assert user_groups == ['cn=group3,dc=stackstorm,dc=net'] + assert ( + backend._user_groups_cache[LDAP_USER_UID] + == ['cn=group3,dc=stackstorm,dc=net'] + ) user_groups = backend.get_user_groups(username=LDAP_USER_UID_2) - self.assertEqual(user_groups, ['cn=group4,dc=stackstorm,dc=net']) - self.assertEqual(backend._user_groups_cache[LDAP_USER_UID_2], - ['cn=group4,dc=stackstorm,dc=net']) + assert user_groups == ['cn=group4,dc=stackstorm,dc=net'] + assert ( + backend._user_groups_cache[LDAP_USER_UID_2] + == ['cn=group4,dc=stackstorm,dc=net'] + ) @mock.patch.object( ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s', @@ -1072,21 +1078,25 @@ def test_get_groups_caching_cache_ttl(self): cache_user_groups_cache_ttl=1 ) user_groups = backend.get_user_groups(username=LDAP_USER_UID) - self.assertEqual(user_groups, ['cn=group3,dc=stackstorm,dc=net']) - self.assertTrue(LDAP_USER_UID in backend._user_groups_cache) - self.assertEqual(backend._user_groups_cache[LDAP_USER_UID], - ['cn=group3,dc=stackstorm,dc=net']) + assert user_groups == ['cn=group3,dc=stackstorm,dc=net'] + assert LDAP_USER_UID in backend._user_groups_cache + assert ( + backend._user_groups_cache[LDAP_USER_UID] + == ['cn=group3,dc=stackstorm,dc=net'] + ) # After 1 second, cache entry should expire and it should result in another search_s call # which returns group4 time.sleep(1.5) user_groups = backend.get_user_groups(username=LDAP_USER_UID) - self.assertEqual(user_groups, ['cn=group4,dc=stackstorm,dc=net']) - self.assertTrue(LDAP_USER_UID in backend._user_groups_cache) - self.assertEqual(backend._user_groups_cache[LDAP_USER_UID], - ['cn=group4,dc=stackstorm,dc=net']) + assert user_groups == ['cn=group4,dc=stackstorm,dc=net'] + assert LDAP_USER_UID in backend._user_groups_cache + assert ( + backend._user_groups_cache[LDAP_USER_UID] + == ['cn=group4,dc=stackstorm,dc=net'] + ) # Cache should now be empty time.sleep(1.5) - self.assertFalse(LDAP_USER_UID in backend._user_groups_cache) + assert LDAP_USER_UID not in backend._user_groups_cache