tidy up the TLS tests

Tom Maher · Tom Maher · commit 440ce7f01126 · 2016-08-22T22:36:29.000-07:00
diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb
@@ -2,21 +2,23 @@
 
 class TestBindIntegration < LDAPIntegrationTestCase
   def test_bind_success
-    assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 
   def test_bind_timeout
     @ldap.port = 8389
     error = assert_raise Net::LDAP::Error do
-      @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1")
+      @ldap.bind BIND_CREDS
     end
     msgs = ['Operation timed out - user specified timeout',
             'Connection timed out - user specified timeout']
     assert_send([msgs, :include?, error.message])
   end
 
   def test_bind_anonymous_fail
-    refute @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: ""), @ldap.get_operation_result.inspect
+    refute @ldap.bind(BIND_CREDS.merge(password: '')),
+           @ldap.get_operation_result.inspect
 
     result = @ldap.get_operation_result
     assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
@@ -27,37 +29,40 @@ def test_bind_anonymous_fail
   end
 
   def test_bind_fail
-    refute @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "not my password"), @ldap.get_operation_result.inspect
+    refute @ldap.bind(BIND_CREDS.merge(password: "not my password")),
+           @ldap.get_operation_result.inspect
   end
 
   def test_bind_tls_with_cafile
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:ca_file => CA_FILE)
-    @ldap.encryption(method: :start_tls, tls_options: tls_options)
-    assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
+    )
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 
   def test_bind_tls_with_verify_none
     @ldap.host = '127.0.0.1'
     @ldap.port = 9389
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :verify_mode => OpenSSL::SSL::VERIFY_NONE,
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
     )
-    @ldap.encryption(method: :start_tls, tls_options: tls_options)
-    assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 
   def test_bind_tls_with_bad_hostname
     @ldap.host = '127.0.0.1'
     @ldap.port = 9389
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-      :ca_file     => CA_FILE,
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
+                                  ca_file:     CA_FILE),
     )
-    @ldap.encryption(method: :start_tls, tls_options: tls_options)
     error = assert_raise Net::LDAP::Error do
-      @ldap.bind(method: :simple,
-                 username: "uid=user1,ou=People,dc=rubyldap,dc=com",
-                 password: "passworD1")
+      @ldap.bind BIND_CREDS
     end
     assert_equal(
       "hostname \"#{@ldap.host}\" does not match the server certificate",
@@ -68,72 +73,71 @@ def test_bind_tls_with_bad_hostname
   def test_bind_tls_with_valid_hostname
     @ldap.host = 'localhost'
     @ldap.port = 9389
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-      :ca_file     => CA_FILE,
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
+                                  ca_file:     CA_FILE),
     )
-    @ldap.encryption(method: :start_tls, tls_options: tls_options)
-    assert @ldap.bind(method: :simple,
-                      username: "uid=user1,ou=People,dc=rubyldap,dc=com",
-                      password: "passworD1")
-    @ldap.get_operation_result.inspect
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 
   # The following depend on /etc/hosts hacking.
   # We can do that on CI, but it's less than cool on people's dev boxes
   def test_bind_tls_with_multiple_hosts
     omit_unless ENV['TRAVIS'] == 'true'
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-      :ca_file     => CA_FILE,
+
+    @ldap.host = nil
+    @ldap.hosts = [['ldap01.example.com', 389], ['ldap02.example.com', 389]]
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
+                                  ca_file:     CA_FILE),
     )
-    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
-    assert @ldap_multi.bind(method: :simple,
-                            username: "uid=user1,ou=People,dc=rubyldap,dc=com",
-                            password: "passworD1")
-    @ldap_multi.get_operation_result.inspect
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 
   def test_bind_tls_with_multiple_bogus_hosts
     omit_unless ENV['TRAVIS'] == 'true'
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-      :ca_file     => CA_FILE,
+
+    @ldap.host = nil
+    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
+                                  ca_file:     CA_FILE),
     )
-    @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
-    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
     error = assert_raise Net::LDAP::Error do
-      @ldap_multi.bind(method: :simple,
-                       username: "uid=user1,ou=People,dc=rubyldap,dc=com",
-                       password: "passworD1")
+      @ldap.bind BIND_CREDS
     end
     assert_equal("TODO - fix this",
                  error.message)
   end
 
   def test_bind_tls_with_multiple_bogus_hosts_no_verification
     omit_unless ENV['TRAVIS'] == 'true'
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :verify_mode => OpenSSL::SSL::VERIFY_NONE,
+
+    @ldap.host = nil
+    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap.encryption(
+      method:      :start_tls,
+      tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
     )
-    @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
-    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
-    assert @ldap_multi.bind(method: :simple,
-                            username: "uid=user1,ou=People,dc=rubyldap,dc=com",
-                            password: "passworD1")
-    @ldap_multi.get_operation_result.inspect
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 
   def test_bind_tls_with_multiple_bogus_hosts_ca_check_only
     omit_unless ENV['TRAVIS'] == 'true'
-    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
-      :ca_file     => CA_FILE,
+
+    @ldap.host = nil
+    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap.encryption(
+      method: :start_tls,
+      tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
     )
-    @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
-    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
-    assert @ldap_multi.bind(method: :simple,
-                            username: "uid=user1,ou=People,dc=rubyldap,dc=com",
-                            password: "passworD1")
-    @ldap_multi.get_operation_result.inspect
+    assert @ldap.bind(BIND_CREDS),
+           @ldap.get_operation_result.inspect
   end
 end
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -18,6 +18,14 @@
     end
   end
 
+BIND_CREDS = {
+  method:   :simple,
+  username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+  password: "passworD1",
+}.freeze
+
+TLS_OPTS = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge({}).freeze
+
 if RUBY_VERSION < "2.0"
   class String
     def b
@@ -62,13 +70,5 @@ def setup
       search_domains: %w(dc=rubyldap,dc=com),
       uid:            'uid',
       instrumentation_service: @service
-
-    @ldap_multi = Net::LDAP.new \
-      hosts:          [['ldap01.example.com', 389], ['ldap02.example.com', 389]],
-      admin_user:     'uid=admin,dc=rubyldap,dc=com',
-      admin_password: 'passworD1',
-      search_domains: %w(dc=rubyldap,dc=com),
-      uid:            'uid',
-      instrumentation_service: @service
   end
 end
