Integration test updated for multi LDAP (#243)

* Add test for multiple LDAP servers

Author: Christoffer-Cortes

.travis.yml

@@ -34,7 +34,7 @@ before_install:
   - |
     if [[ $TRAVIS_JOB_NAME = integrationTests ]]; then
       source src/main/docker/env.bash
-      docker-compose -f src/main/docker/docker-compose.yml up -d eiffel-er mongodb rabbitmq jenkins mail-server ldap ldap-seed
+      docker-compose -f src/main/docker/docker-compose.yml up -d eiffel-er mongodb rabbitmq jenkins mail-server ldap ldap-seed ldap2 ldap2-seed
     fi
 
 

src/integrationtest/resources/features/auth.feature

@@ -84,4 +84,55 @@ Feature: Authentication test
     When a 'GET' request is prepared for REST API '/auth/checkStatus'
     And username "gauss" and password "invalid_password" is used as credentials
     And request is sent
-    Then response code 401 is received
+    Then response code 401 is received
+
+  @AuthUniqueUsersInDifferentLDAPServers
+  Scenario: Login using unique users from two different LDAP servers
+    # Action: First user logging in on first LDAP
+    When a 'GET' request is prepared for REST API '/auth/login'
+    And username "gauss" and password "password" is used as credentials
+    Then request is saved to request list at index 0
+    When request is performed from request list at index 0
+    Then response code 200 is received
+    And response body '{"user":"gauss"}' is received
+
+    # Action: First user logging out
+    When '/auth/logout' endpoint is set in request list at index 0
+    And request is performed from request list at index 0
+    Then response code 204 is received
+
+    # Action: Second user logging in on second LDAP
+    When a 'GET' request is prepared for REST API '/auth/login'
+    And username "einstein" and password "e=mc2" is used as credentials
+    Then request is saved to request list at index 0
+    When request is performed from request list at index 0
+    Then response code 200 is received
+    And response body '{"user":"einstein"}' is received
+
+    # Action: Second user logging out
+    When '/auth/logout' endpoint is set in request list at index 0
+    And request is performed from request list at index 0
+    Then response code 204 is received
+
+  @AuthIdenticalUsernamesInDifferentLDAPServers
+  Scenario: Login using identical usernames with different passwords from two different LDAP servers
+    # Action: User logging in on first LDAP
+    When a 'GET' request is prepared for REST API '/auth/login'
+    And username "newton" and password "password" is used as credentials
+    Then request is saved to request list at index 0
+    When request is performed from request list at index 0
+    Then response code 200 is received
+    And response body '{"user":"newton"}' is received
+
+    # Action: User logging out
+    When '/auth/logout' endpoint is set in request list at index 0
+    And request is performed from request list at index 0
+    Then response code 204 is received
+
+    # Action: User logging in on second LDAP
+    When a 'GET' request is prepared for REST API '/auth/login'
+    And username "newton" and password "password2" is used as credentials
+    Then request is saved to request list at index 0
+    When request is performed from request list at index 0
+    Then response code 200 is received
+    And response body '{"user":"newton"}' is received

src/integrationtest/resources/integration-test.properties

@@ -116,17 +116,27 @@ spring.mail.password:
 spring.mail.properties.mail.smtp.auth: false
 spring.mail.properties.mail.smtp.starttls.enable: false
 
-# end point for downstream and upstream search in
-# event repository
-er.url:
+# end point for downstream and upstream search in event repository
 #er.url: http://localhost:8080/eventrepository/search/
-# settings for ldap server if ldap authentication is needed
-ldap.enabled: true
-ldap.url: ldap://localhost:389/dc=example,dc=org
-ldap.base.dn:
-ldap.username: cn=admin,dc=example,dc=org
+er.url:
+
+# Settings for ldap server if ldap authentication is needed.
 # For security reasons and to avoid authorization problems this
-# password should be encoded. It will be decoded in EndpointSecurity.java.
-# Password needs to be encoded with base64.
-ldap.password: YWRtaW4=
-ldap.user.filter: uid={0}
+# password should be encoded in base64. It will be decoded in EndpointSecurity.java.
+ldap.enabled: true
+ldap.server.list: [\
+    {\
+        "url": "ldap://localhost:3891/dc=example,dc=org",\
+        "base.dn": "",\
+        "username": "cn=admin,dc=example,dc=org",\
+        "password": "YWRtaW4=",\
+        "user.filter": "uid={0}"\
+    },\
+    {\
+        "url": "ldap://localhost:3892/dc=example,dc=org",\
+        "base.dn": "",\
+        "username": "cn=admin,dc=example,dc=org",\
+        "password": "YWRtaW4=",\
+        "user.filter": "uid={0}"\
+    }\
+]\

src/main/docker/docker-compose.yml

@@ -421,14 +421,12 @@ services:
 
   ldap:
     restart: always
-    image: osixia/openldap
+    image: ${LDAP_IMAGE}
     hostname: "example.org"
     expose:
       - "389"
-      - "636"
     ports:
-      - "389:389"
-      - "636:636"
+      - "${LDAP_FIRST_PORT}:389"
     environment:
         LDAP_TLS: 'false'
         LDAP_ORGANISATION: "Test"
@@ -437,13 +435,35 @@ services:
         LDAP_ADMIN_PASSWORD: "admin"
 
   ldap-seed:
-    image: osixia/openldap
+    image: ${LDAP_IMAGE}
     volumes:
       - ./ldap-seed:/container/service/slapd/assets/test/
     links:
       - ldap
-    command: chmod +x /container/service/slapd/assets/test/addAll.sh
-    entrypoint: sh -c '/container/service/slapd/assets/test/addAll.sh'
+    entrypoint: bash -c 'sleep 5s && ldapadd -h ldap -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/ldap-users-first.ldif'
+
+  ldap2:
+    restart: always
+    image: ${LDAP_IMAGE}
+    hostname: "example.org"
+    expose:
+      - "389"
+    ports:
+      - "${LDAP_SECOND_PORT}:389"
+    environment:
+        LDAP_TLS: 'false'
+        LDAP_ORGANISATION: "Test"
+        LDAP_DOMAIN: "example.org"
+        LDAP_BASE_DN: "dc=example,dc=org"
+        LDAP_ADMIN_PASSWORD: "admin"
+
+  ldap2-seed:
+    image: ${LDAP_IMAGE}
+    volumes:
+      - ./ldap-seed:/container/service/slapd/assets/test/
+    links:
+      - ldap2
+    entrypoint: bash -c 'sleep 5s && ldapadd -h ldap2 -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/ldap-users-second.ldif'
 
 networks:
   eiffel_2.0_1:

src/main/docker/env.bash

@@ -16,6 +16,7 @@ export REMREM_PUBLISH_IMAGE="eiffelericsson/eiffel-remrem-publish:2.0.2"
 export JENKINS_IMAGE="bitnami/jenkins:2.138.3"
 export EI_BACKEND_IMAGE="eiffelericsson/eiffel-intelligence-backend:1.0.2"
 export EI_FRONTEND_IMAGE="eiffelericsson/eiffel-intelligence-frontend:1.0.3"
+export LDAP_IMAGE="osixia/openldap:1.2.4"
 
 export MONGODB_PORT=27017
 export RABBITMQ_AMQP_PORT=5672
@@ -32,7 +33,8 @@ export EI_BACKEND_ARTIFACT_PORT=8070
 export EI_BACKEND_SOURCECHANGE_PORT=8072
 export EI_BACKEND_TESTEXECUTION_PORT=8074
 export EI_FRONTEND_PORT=8081
-
+export LDAP_FIRST_PORT=3891
+export LDAP_SECOND_PORT=3892
 
 export EI_INSTANCES_LIST="[\
 { \"contextPath\": \"\", \"port\": \"8080\", \"name\": \"ei-backend-artifact\", \"host\": \"ei-backend-artifact\", \"https\": false, \"defaultBackend\": true},\

src/main/docker/ldap-seed/addAll.sh

@@ -0,0 +1,19 @@
+dn: uid=gauss,dc=example,dc=org
+objectClass: top
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+uid: gauss
+cn: gauss
+sn: 3
+userPassword: password
+
+dn: uid=newton,dc=example,dc=org
+objectClass: top
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+uid: newton
+cn: newton
+sn: 3
+userPassword: password

src/main/docker/ldap-seed/gauss.ldif

@@ -0,0 +1,19 @@
+dn: uid=einstein,dc=example,dc=org
+objectClass: top
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+uid: einstein
+cn: einstein
+sn: 3
+userPassword: e=mc2
+
+dn: uid=newton,dc=example,dc=org
+objectClass: top
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+uid: newton
+cn: newton
+sn: 3
+userPassword: password2