1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
package ldap
import (
"context"
"fmt"
"strings"
"github.com/seaweedfs/seaweedfs/weed/iam/providers"
)
// MockLDAPProvider is a mock implementation for testing
// This is a standalone mock that doesn't depend on production LDAP code
type MockLDAPProvider struct {
name string
initialized bool
TestUsers map[string]*providers.ExternalIdentity
TestCredentials map[string]string // username -> password
}
// NewMockLDAPProvider creates a mock LDAP provider for testing
func NewMockLDAPProvider(name string) *MockLDAPProvider {
return &MockLDAPProvider{
name: name,
initialized: true, // Mock is always initialized
TestUsers: make(map[string]*providers.ExternalIdentity),
TestCredentials: make(map[string]string),
}
}
// Name returns the provider name
func (m *MockLDAPProvider) Name() string {
return m.name
}
// Initialize initializes the mock provider (no-op for testing)
func (m *MockLDAPProvider) Initialize(config interface{}) error {
m.initialized = true
return nil
}
// AddTestUser adds a test user with credentials
func (m *MockLDAPProvider) AddTestUser(username, password string, identity *providers.ExternalIdentity) {
m.TestCredentials[username] = password
m.TestUsers[username] = identity
}
// Authenticate authenticates using test data
func (m *MockLDAPProvider) Authenticate(ctx context.Context, credentials string) (*providers.ExternalIdentity, error) {
if !m.initialized {
return nil, fmt.Errorf("provider not initialized")
}
if credentials == "" {
return nil, fmt.Errorf("credentials cannot be empty")
}
// Parse credentials (username:password format)
parts := strings.SplitN(credentials, ":", 2)
if len(parts) != 2 {
return nil, fmt.Errorf("invalid credentials format (expected username:password)")
}
username, password := parts[0], parts[1]
// Check test credentials
expectedPassword, userExists := m.TestCredentials[username]
if !userExists {
return nil, fmt.Errorf("user not found")
}
if password != expectedPassword {
return nil, fmt.Errorf("invalid credentials")
}
// Return test user identity
if identity, exists := m.TestUsers[username]; exists {
return identity, nil
}
return nil, fmt.Errorf("user identity not found")
}
// GetUserInfo returns test user info
func (m *MockLDAPProvider) GetUserInfo(ctx context.Context, userID string) (*providers.ExternalIdentity, error) {
if !m.initialized {
return nil, fmt.Errorf("provider not initialized")
}
if userID == "" {
return nil, fmt.Errorf("user ID cannot be empty")
}
// Check test users
if identity, exists := m.TestUsers[userID]; exists {
return identity, nil
}
// Return default test user if not found
return &providers.ExternalIdentity{
UserID: userID,
Email: userID + "@test-ldap.com",
DisplayName: "Test LDAP User " + userID,
Groups: []string{"test-group"},
Provider: m.name,
}, nil
}
// ValidateToken validates credentials using test data
func (m *MockLDAPProvider) ValidateToken(ctx context.Context, token string) (*providers.TokenClaims, error) {
if !m.initialized {
return nil, fmt.Errorf("provider not initialized")
}
if token == "" {
return nil, fmt.Errorf("token cannot be empty")
}
// Parse credentials (username:password format)
parts := strings.SplitN(token, ":", 2)
if len(parts) != 2 {
return nil, fmt.Errorf("invalid token format (expected username:password)")
}
username, password := parts[0], parts[1]
// Check test credentials
expectedPassword, userExists := m.TestCredentials[username]
if !userExists {
return nil, fmt.Errorf("user not found")
}
if password != expectedPassword {
return nil, fmt.Errorf("invalid credentials")
}
// Return test claims
identity := m.TestUsers[username]
return &providers.TokenClaims{
Subject: username,
Claims: map[string]interface{}{
"ldap_dn": "CN=" + username + ",DC=test,DC=com",
"email": identity.Email,
"name": identity.DisplayName,
"groups": identity.Groups,
"provider": m.name,
},
}, nil
}
// SetupDefaultTestData configures common test data
func (m *MockLDAPProvider) SetupDefaultTestData() {
// Add default test user
m.AddTestUser("testuser", "testpass", &providers.ExternalIdentity{
UserID: "testuser",
Email: "testuser@ldap-test.com",
DisplayName: "Test LDAP User",
Groups: []string{"developers", "users"},
Provider: m.name,
Attributes: map[string]string{
"department": "Engineering",
"location": "Test City",
},
})
// Add admin test user
m.AddTestUser("admin", "adminpass", &providers.ExternalIdentity{
UserID: "admin",
Email: "admin@ldap-test.com",
DisplayName: "LDAP Administrator",
Groups: []string{"admins", "users"},
Provider: m.name,
Attributes: map[string]string{
"department": "IT",
"role": "administrator",
},
})
// Add readonly user
m.AddTestUser("readonly", "readpass", &providers.ExternalIdentity{
UserID: "readonly",
Email: "readonly@ldap-test.com",
DisplayName: "Read Only User",
Groups: []string{"readonly"},
Provider: m.name,
})
}
|
