Testing ldap connection should not process or bind the credentials (#31081)
Closes #30821 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor
GitHub
parent
cbf7f208fb
commit
ead1b4a851
2 changed files with 10 additions and 2 deletions
|
|
@ -67,7 +67,7 @@ public class LDAPServerCapabilitiesManager {
|
||||||
|
|
||||||
public static LDAPConfig buildLDAPConfig(TestLdapConnectionRepresentation config, RealmModel realm) {
|
public static LDAPConfig buildLDAPConfig(TestLdapConnectionRepresentation config, RealmModel realm) {
|
||||||
String bindCredential = config.getBindCredential();
|
String bindCredential = config.getBindCredential();
|
||||||
if (config.getComponentId() != null && !LDAPConstants.AUTH_TYPE.equals(LDAPConstants.AUTH_TYPE_NONE)
|
if (config.getComponentId() != null && !LDAPConstants.AUTH_TYPE_NONE.equals(config.getAuthType())
|
||||||
&& ComponentRepresentation.SECRET_VALUE.equals(bindCredential)) {
|
&& ComponentRepresentation.SECRET_VALUE.equals(bindCredential)) {
|
||||||
// check the connection URL and the bind DN are the same to allow using the same configured password
|
// check the connection URL and the bind DN are the same to allow using the same configured password
|
||||||
ComponentModel component = realm.getComponent(config.getComponentId());
|
ComponentModel component = realm.getComponent(config.getComponentId());
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
||||||
public static LDAPRule ldapRule = new LDAPRule();
|
public static LDAPRule ldapRule = new LDAPRule();
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLdapConnections1() {
|
public void testLdapConnections() {
|
||||||
// Unknown action
|
// Unknown action
|
||||||
Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation("unknown", "ldap://localhost:10389", "foo", "bar", "false", null));
|
Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation("unknown", "ldap://localhost:10389", "foo", "bar", "false", null));
|
||||||
assertStatus(response, 400);
|
assertStatus(response, 400);
|
||||||
|
|
@ -61,6 +61,14 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
||||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
|
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
|
||||||
assertStatus(response, 204);
|
assertStatus(response, 204);
|
||||||
|
|
||||||
|
// Connection success with invalid credentials
|
||||||
|
String ldapModelId = testingClient.testing().ldap(REALM_NAME).createLDAPProvider(ldapRule.getConfig(), false);
|
||||||
|
getCleanup().addCleanup(() -> {
|
||||||
|
adminClient.realm(REALM_NAME).components().removeComponent(ldapModelId);;
|
||||||
|
});
|
||||||
|
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", "invalid-db", ComponentRepresentation.SECRET_VALUE, "false", null, "false", LDAPConstants.AUTH_TYPE_SIMPLE, ldapModelId));
|
||||||
|
assertStatus(response, 204);
|
||||||
|
|
||||||
// Bad authentication
|
// Bad authentication
|
||||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false", "10000"));
|
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false", "10000"));
|
||||||
assertStatus(response, 400);
|
assertStatus(response, 400);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue