diff options
Diffstat (limited to 'weed/iam/ldap/mock_provider.go')
| -rw-r--r-- | weed/iam/ldap/mock_provider.go | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/weed/iam/ldap/mock_provider.go b/weed/iam/ldap/mock_provider.go new file mode 100644 index 000000000..080fd8bec --- /dev/null +++ b/weed/iam/ldap/mock_provider.go @@ -0,0 +1,186 @@ +package ldap + +import ( + "context" + "fmt" + "strings" + + "github.com/seaweedfs/seaweedfs/weed/iam/providers" +) + +// MockLDAPProvider is a mock implementation for testing +// This is a standalone mock that doesn't depend on production LDAP code +type MockLDAPProvider struct { + name string + initialized bool + TestUsers map[string]*providers.ExternalIdentity + TestCredentials map[string]string // username -> password +} + +// NewMockLDAPProvider creates a mock LDAP provider for testing +func NewMockLDAPProvider(name string) *MockLDAPProvider { + return &MockLDAPProvider{ + name: name, + initialized: true, // Mock is always initialized + TestUsers: make(map[string]*providers.ExternalIdentity), + TestCredentials: make(map[string]string), + } +} + +// Name returns the provider name +func (m *MockLDAPProvider) Name() string { + return m.name +} + +// Initialize initializes the mock provider (no-op for testing) +func (m *MockLDAPProvider) Initialize(config interface{}) error { + m.initialized = true + return nil +} + +// AddTestUser adds a test user with credentials +func (m *MockLDAPProvider) AddTestUser(username, password string, identity *providers.ExternalIdentity) { + m.TestCredentials[username] = password + m.TestUsers[username] = identity +} + +// Authenticate authenticates using test data +func (m *MockLDAPProvider) Authenticate(ctx context.Context, credentials string) (*providers.ExternalIdentity, error) { + if !m.initialized { + return nil, fmt.Errorf("provider not initialized") + } + + if credentials == "" { + return nil, fmt.Errorf("credentials cannot be empty") + } + + // Parse credentials (username:password format) + parts := strings.SplitN(credentials, ":", 2) + if len(parts) != 2 { + return nil, fmt.Errorf("invalid credentials format (expected username:password)") + } + + username, password := parts[0], parts[1] + + // Check test credentials + expectedPassword, userExists := m.TestCredentials[username] + if !userExists { + return nil, fmt.Errorf("user not found") + } + + if password != expectedPassword { + return nil, fmt.Errorf("invalid credentials") + } + + // Return test user identity + if identity, exists := m.TestUsers[username]; exists { + return identity, nil + } + + return nil, fmt.Errorf("user identity not found") +} + +// GetUserInfo returns test user info +func (m *MockLDAPProvider) GetUserInfo(ctx context.Context, userID string) (*providers.ExternalIdentity, error) { + if !m.initialized { + return nil, fmt.Errorf("provider not initialized") + } + + if userID == "" { + return nil, fmt.Errorf("user ID cannot be empty") + } + + // Check test users + if identity, exists := m.TestUsers[userID]; exists { + return identity, nil + } + + // Return default test user if not found + return &providers.ExternalIdentity{ + UserID: userID, + Email: userID + "@test-ldap.com", + DisplayName: "Test LDAP User " + userID, + Groups: []string{"test-group"}, + Provider: m.name, + }, nil +} + +// ValidateToken validates credentials using test data +func (m *MockLDAPProvider) ValidateToken(ctx context.Context, token string) (*providers.TokenClaims, error) { + if !m.initialized { + return nil, fmt.Errorf("provider not initialized") + } + + if token == "" { + return nil, fmt.Errorf("token cannot be empty") + } + + // Parse credentials (username:password format) + parts := strings.SplitN(token, ":", 2) + if len(parts) != 2 { + return nil, fmt.Errorf("invalid token format (expected username:password)") + } + + username, password := parts[0], parts[1] + + // Check test credentials + expectedPassword, userExists := m.TestCredentials[username] + if !userExists { + return nil, fmt.Errorf("user not found") + } + + if password != expectedPassword { + return nil, fmt.Errorf("invalid credentials") + } + + // Return test claims + identity := m.TestUsers[username] + return &providers.TokenClaims{ + Subject: username, + Claims: map[string]interface{}{ + "ldap_dn": "CN=" + username + ",DC=test,DC=com", + "email": identity.Email, + "name": identity.DisplayName, + "groups": identity.Groups, + "provider": m.name, + }, + }, nil +} + +// SetupDefaultTestData configures common test data +func (m *MockLDAPProvider) SetupDefaultTestData() { + // Add default test user + m.AddTestUser("testuser", "testpass", &providers.ExternalIdentity{ + UserID: "testuser", + Email: "testuser@ldap-test.com", + DisplayName: "Test LDAP User", + Groups: []string{"developers", "users"}, + Provider: m.name, + Attributes: map[string]string{ + "department": "Engineering", + "location": "Test City", + }, + }) + + // Add admin test user + m.AddTestUser("admin", "adminpass", &providers.ExternalIdentity{ + UserID: "admin", + Email: "admin@ldap-test.com", + DisplayName: "LDAP Administrator", + Groups: []string{"admins", "users"}, + Provider: m.name, + Attributes: map[string]string{ + "department": "IT", + "role": "administrator", + }, + }) + + // Add readonly user + m.AddTestUser("readonly", "readpass", &providers.ExternalIdentity{ + UserID: "readonly", + Email: "readonly@ldap-test.com", + DisplayName: "Read Only User", + Groups: []string{"readonly"}, + Provider: m.name, + }) +} |