Ldap authenticator (bluesky#207)

* ENH: add LDAPAuthenticator * STY: black * Make ldap3 an optional dependency. * Remove global imports. * Refactor imports. * Satisfy isort. * Make LDAP authenticator non-blocking. Ported from bluesky/bluesky-httpserver#38 by @dmgav * Fix missing await. Co-authored-by: Dan Allan <dallan@bnl.gov>
matthewcarbone · Sep 1, 2022 · 3f4a7c8 · 3f4a7c8
1 parent 001b257
commit 3f4a7c8
Show file tree

Hide file tree

Showing 6 changed files with 542 additions and 0 deletions.
diff --git a/continuous_integration/docker-configs/ldap-docker-compose.yml b/continuous_integration/docker-configs/ldap-docker-compose.yml
@@ -0,0 +1,19 @@
+version: '2'
+
+services:
+  openldap:
+    image: docker.io/bitnami/openldap:2.6
+    ports:
+      - '1389:1389'
+      - '1636:1636'
+    environment:
+      - LDAP_ADMIN_USERNAME=admin
+      - LDAP_ADMIN_PASSWORD=adminpassword
+      - LDAP_USERS=user01,user02
+      - LDAP_PASSWORDS=password1,password2
+    volumes:
+      - 'openldap_data:/bitnami/openldap'
+
+volumes:
+  openldap_data:
+    driver: local
diff --git a/continuous_integration/scripts/install.sh b/continuous_integration/scripts/install.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 set -vxeuo pipefail
 
+# Start LDAP (in docker)
+source start_LDAP.sh
+
 # These packages are installed in the base environment but may be older
 # versions. Explicitly upgrade them because they often create
 # installation problems if out of date.

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -3,6 +3,7 @@
 codecov
 coverage
 flake8
+ldap3
 pre-commit
 pytest
 pytest-asyncio

diff --git a/start_LDAP.sh b/start_LDAP.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+# Start LDAP server in docker container
+sudo docker pull bitnami/openldap:latest
+sudo docker-compose -f continuous_integration/docker-configs/ldap-docker-compose.yml up -d
+sudo docker ps
diff --git a/tiled/_tests/test_authenticators.py b/tiled/_tests/test_authenticators.py
@@ -0,0 +1,30 @@
+import asyncio
+
+import pytest
+
+from ..authenticators import LDAPAuthenticator
+
+
+@pytest.mark.parametrize("use_tls,use_ssl", [(False, False)])
+def test_LDAPAuthenticator_01(use_tls, use_ssl):
+    """
+    Basic test for ``LDAPAuthenticator``.
+
+    TODO: The test could be extended with enabled TLS or SSL, but it requires configuration
+    of the LDAP server.
+    """
+    authenticator = LDAPAuthenticator(
+        "localhost",
+        1389,
+        bind_dn_template="cn={username},ou=users,dc=example,dc=org",
+        use_tls=use_tls,
+        use_ssl=use_ssl,
+    )
+
+    async def testing():
+        assert await authenticator.authenticate("user01", "password1") == "user01"
+        assert await authenticator.authenticate("user02", "password2") == "user02"
+        assert await authenticator.authenticate("user02a", "password2") is None
+        assert await authenticator.authenticate("user02", "password2a") is None
+
+    asyncio.run(testing())