zryfish
21
pkg/simple/client/ldap/interface.go
Normal file
21
pkg/simple/client/ldap/interface.go
Normal file
@@ -0,0 +1,21 @@
|
||||
package ldap
|
||||
|
||||
import "kubesphere.io/kubesphere/pkg/api/iam"
|
||||
|
||||
// Interface defines CRUD behaviors of manipulating users
|
||||
type Interface interface {
|
||||
// Create create a new user in ldap
|
||||
Create(user *iam.User) error
|
||||
|
||||
// Update updates a user information, return error if user not exists
|
||||
Update(user *iam.User) error
|
||||
|
||||
// Delete deletes a user from ldap, return nil if user not exists
|
||||
Delete(name string) error
|
||||
|
||||
// Get gets a user by its username from ldap, return ErrUserNotExists if user not exists
|
||||
Get(name string) (*iam.User, error)
|
||||
|
||||
// Verify checks if (name, password) is valid, return ErrInvalidCredentials if not
|
||||
Verify(name string, password string) error
|
||||
}
|
||||
@@ -27,23 +27,6 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
type Interface interface {
|
||||
// Create create a new user in ldap
|
||||
Create(user *iam.User) error
|
||||
|
||||
// Update updates a user information, return error if user not exists
|
||||
Update(user *iam.User) error
|
||||
|
||||
// Delete deletes a user from ldap, return nil if user not exists
|
||||
Delete(name string) error
|
||||
|
||||
// Get gets a user by its username from ldap
|
||||
Get(name string) (*iam.User, error)
|
||||
|
||||
//
|
||||
Verify(name string, password string) error
|
||||
}
|
||||
|
||||
const (
|
||||
ldapAttributeObjectClass = "objectClass"
|
||||
ldapAttributeCommonName = "cn"
|
||||
|
||||
57
pkg/simple/client/ldap/simple_ldap.go
Normal file
57
pkg/simple/client/ldap/simple_ldap.go
Normal file
@@ -0,0 +1,57 @@
|
||||
package ldap
|
||||
|
||||
import "kubesphere.io/kubesphere/pkg/api/iam"
|
||||
|
||||
// simpleLdap is a implementation of ldap.Interface, you should never use this in production env!
|
||||
type simpleLdap struct {
|
||||
store map[string]*iam.User
|
||||
}
|
||||
|
||||
func NewSimpleLdap() Interface {
|
||||
return &simpleLdap{
|
||||
store: map[string]*iam.User{},
|
||||
}
|
||||
}
|
||||
|
||||
func (s simpleLdap) Create(user *iam.User) error {
|
||||
s.store[user.Username] = user
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s simpleLdap) Update(user *iam.User) error {
|
||||
_, err := s.Get(user.Username)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
s.store[user.Username] = user
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s simpleLdap) Delete(name string) error {
|
||||
_, err := s.Get(name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
delete(s.store, name)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s simpleLdap) Get(name string) (*iam.User, error) {
|
||||
if user, ok := s.store[name]; !ok {
|
||||
return nil, ErrUserNotExists
|
||||
} else {
|
||||
return user, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (s simpleLdap) Verify(name string, password string) error {
|
||||
if user, err := s.Get(name); err != nil {
|
||||
return err
|
||||
} else {
|
||||
if user.Password != password {
|
||||
return ErrInvalidCredentials
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
98
pkg/simple/client/ldap/simple_ldap_test.go
Normal file
98
pkg/simple/client/ldap/simple_ldap_test.go
Normal file
@@ -0,0 +1,98 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"kubesphere.io/kubesphere/pkg/api/iam"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestSimpleLdap(t *testing.T) {
|
||||
ldapClient := NewSimpleLdap()
|
||||
|
||||
foo := &iam.User{
|
||||
Username: "jerry",
|
||||
Email: "jerry@kubesphere.io",
|
||||
Lang: "en",
|
||||
Description: "Jerry is kind and gentle.",
|
||||
CreateTime: time.Now(),
|
||||
Groups: []string{},
|
||||
Password: "P@88w0rd",
|
||||
}
|
||||
|
||||
t.Run("should create user", func(t *testing.T) {
|
||||
err := ldapClient.Create(foo)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// check if user really created
|
||||
user, err := ldapClient.Get(foo.Username)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if diff := cmp.Diff(user, foo); len(diff) != 0 {
|
||||
t.Fatalf("%T differ (-got, +want): %s", user, diff)
|
||||
}
|
||||
|
||||
_ = ldapClient.Delete(foo.Username)
|
||||
})
|
||||
|
||||
t.Run("should update user", func(t *testing.T) {
|
||||
err := ldapClient.Create(foo)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
foo.Description = "Jerry needs some drinks."
|
||||
err = ldapClient.Update(foo)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// check if user really created
|
||||
user, err := ldapClient.Get(foo.Username)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if diff := cmp.Diff(user, foo); len(diff) != 0 {
|
||||
t.Fatalf("%T differ (-got, +want): %s", user, diff)
|
||||
}
|
||||
|
||||
_ = ldapClient.Delete(foo.Username)
|
||||
})
|
||||
|
||||
t.Run("should delete user", func(t *testing.T) {
|
||||
err := ldapClient.Create(foo)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
err = ldapClient.Delete(foo.Username)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = ldapClient.Get(foo.Username)
|
||||
if err == nil || err != ErrUserNotExists {
|
||||
t.Fatalf("expected ErrUserNotExists error, got %v", err)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("should verify username and password", func(t *testing.T) {
|
||||
err := ldapClient.Create(foo)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
err = ldapClient.Verify(foo.Username, foo.Password)
|
||||
if err != nil {
|
||||
t.Fatalf("should pass but got an error %v", err)
|
||||
}
|
||||
|
||||
err = ldapClient.Verify(foo.Username, "gibberish")
|
||||
if err == nil || err != ErrInvalidCredentials {
|
||||
t.Fatalf("expected error ErrInvalidCrenentials but got %v", err)
|
||||
}
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user