|
| 1 | +import { expect } from 'chai'; |
| 2 | +import { beforeEach, describe, it } from 'mocha'; |
| 3 | +import proxyquire from 'proxyquire'; |
| 4 | +import sinon from 'sinon'; |
| 5 | + |
| 6 | +const loggerStub = { debug: sinon.stub(), error: sinon.stub(), info: sinon.stub(), warn: sinon.stub() }; |
| 7 | + |
| 8 | +const { LDAPConnection } = proxyquire.noCallThru().load('./Connection', { |
| 9 | + '../../../app/settings/server': { settings: { get: sinon.stub() } }, |
| 10 | + './getLDAPConditionalSetting': { getLDAPConditionalSetting: sinon.stub().returns('') }, |
| 11 | + './Logger': { |
| 12 | + logger: loggerStub, |
| 13 | + connLogger: loggerStub, |
| 14 | + bindLogger: loggerStub, |
| 15 | + searchLogger: loggerStub, |
| 16 | + authLogger: loggerStub, |
| 17 | + mapLogger: loggerStub, |
| 18 | + }, |
| 19 | +}); |
| 20 | + |
| 21 | +describe('LDAPConnection', () => { |
| 22 | + describe('synchronous errors from client.search (e.g. invalid filters)', () => { |
| 23 | + const parseError = new Error('invalid attribute name'); |
| 24 | + let connection: any; |
| 25 | + |
| 26 | + beforeEach(() => { |
| 27 | + connection = new LDAPConnection(); |
| 28 | + connection.options.userSearchField = 'uid'; |
| 29 | + connection.client = { search: sinon.stub().throws(parseError) }; |
| 30 | + }); |
| 31 | + |
| 32 | + it('should reject doCustomSearch with the error', async () => { |
| 33 | + const error = await connection |
| 34 | + .doCustomSearch('dc=test', { filter: '(&(=*))' }, () => undefined) |
| 35 | + .then( |
| 36 | + () => undefined, |
| 37 | + (e: unknown) => e, |
| 38 | + ); |
| 39 | + expect(error).to.equal(parseError); |
| 40 | + }); |
| 41 | + |
| 42 | + it('should route the error to endCallback on paged searchAllUsers instead of leaking the throw', async () => { |
| 43 | + const endCallback = sinon.stub(); |
| 44 | + await connection.searchAllUsers({ endCallback }); |
| 45 | + // eslint-disable-next-line @typescript-eslint/no-unused-expressions |
| 46 | + expect(endCallback.calledOnceWithExactly(parseError)).to.be.true; |
| 47 | + }); |
| 48 | + |
| 49 | + it('should route the error to endCallback on non-paged searchAllUsers instead of leaking the throw', async () => { |
| 50 | + connection.options.searchPageSize = 0; |
| 51 | + const endCallback = sinon.stub(); |
| 52 | + await connection.searchAllUsers({ endCallback }); |
| 53 | + // eslint-disable-next-line @typescript-eslint/no-unused-expressions |
| 54 | + expect(endCallback.calledOnceWithExactly(parseError)).to.be.true; |
| 55 | + }); |
| 56 | + }); |
| 57 | + |
| 58 | + describe('getUserFilter', () => { |
| 59 | + let connection: any; |
| 60 | + |
| 61 | + beforeEach(() => { |
| 62 | + connection = new LDAPConnection(); |
| 63 | + }); |
| 64 | + |
| 65 | + it('should compose the filter for a single search field', () => { |
| 66 | + connection.options.userSearchField = 'uid'; |
| 67 | + expect(connection.getUserFilter('john')).to.equal('(&(uid=john))'); |
| 68 | + }); |
| 69 | + |
| 70 | + it('should compose an OR filter for multiple search fields', () => { |
| 71 | + connection.options.userSearchField = 'uid,sAMAccountName'; |
| 72 | + expect(connection.getUserFilter('john')).to.equal('(&(|(uid=john)(sAMAccountName=john)))'); |
| 73 | + }); |
| 74 | + |
| 75 | + it('should trim whitespace and ignore empty segments (e.g. trailing commas)', () => { |
| 76 | + connection.options.userSearchField = ' uid , sAMAccountName ,'; |
| 77 | + expect(connection.getUserFilter('john')).to.equal('(&(|(uid=john)(sAMAccountName=john)))'); |
| 78 | + }); |
| 79 | + |
| 80 | + it('should include the user search filter when configured', () => { |
| 81 | + connection.options.userSearchField = 'uid'; |
| 82 | + connection.options.userSearchFilter = '(objectclass=user)'; |
| 83 | + expect(connection.getUserFilter('*')).to.equal('(&(objectclass=user)(uid=*))'); |
| 84 | + }); |
| 85 | + |
| 86 | + it('should throw a configuration error when the search field is empty', () => { |
| 87 | + connection.options.userSearchField = ''; |
| 88 | + expect(() => connection.getUserFilter('*')).to.throw('LDAP User Search Field is not configured'); |
| 89 | + }); |
| 90 | + |
| 91 | + it('should throw a configuration error when the search field only has empty segments', () => { |
| 92 | + connection.options.userSearchField = ' , ,'; |
| 93 | + expect(() => connection.getUserFilter('*')).to.throw('LDAP User Search Field is not configured'); |
| 94 | + }); |
| 95 | + |
| 96 | + it('should reject searchAllUsers with the configuration error instead of composing an invalid filter', async () => { |
| 97 | + connection.options.userSearchField = ''; |
| 98 | + connection.client = { search: sinon.stub() }; |
| 99 | + const endCallback = sinon.stub(); |
| 100 | + const error = await connection.searchAllUsers({ endCallback }).then( |
| 101 | + () => undefined, |
| 102 | + (e: unknown) => e, |
| 103 | + ); |
| 104 | + expect(error).to.be.an('error').with.property('message', 'LDAP User Search Field is not configured'); |
| 105 | + // eslint-disable-next-line @typescript-eslint/no-unused-expressions |
| 106 | + expect(connection.client.search.called).to.be.false; |
| 107 | + }); |
| 108 | + }); |
| 109 | +}); |
0 commit comments