Make sure LDAP filter is constructed correctly
This fixes an issue where, when querying Keystone via the v3 API, you would get back an invalid LDAP filter, because None was coerced to the string "None" and inserted into the middle of the query. Change-Id: I9d45a4dca265b69e261f134118bb30c8cd128166 Closes-Bug: 1454309
This commit is contained in:
parent
edb3887b72
commit
2c6db4a3bb
|
@ -1673,7 +1673,7 @@ class BaseLdap(object):
|
|||
'entries': not_deleted_nodes[:3],
|
||||
'dots': '...' if len(not_deleted_nodes) > 3 else ''})
|
||||
|
||||
def filter_query(self, hints, query=None):
|
||||
def filter_query(self, hints, query=''):
|
||||
"""Applies filtering to a query.
|
||||
|
||||
:param hints: contains the list of filters, which may be None,
|
||||
|
|
|
@ -21,6 +21,7 @@ import mock
|
|||
from oslo_config import cfg
|
||||
from testtools import matchers
|
||||
|
||||
from keystone.common import driver_hints
|
||||
from keystone.common import ldap as ks_ldap
|
||||
from keystone.common.ldap import core as common_ldap_core
|
||||
from keystone.tests import unit as tests
|
||||
|
@ -496,3 +497,56 @@ class CommonLdapTestCase(tests.BaseTestCase):
|
|||
py_result = ks_ldap.convert_ldap_result(result)
|
||||
# The user name should still be a string value.
|
||||
self.assertEqual(user_name, py_result[0][1]['user_name'][0])
|
||||
|
||||
|
||||
class LDAPFilterQueryCompositionTest(tests.TestCase):
|
||||
"""These test cases test LDAP filter generation."""
|
||||
|
||||
def setUp(self):
|
||||
super(LDAPFilterQueryCompositionTest, self).setUp()
|
||||
|
||||
self.base_ldap = ks_ldap.BaseLdap(self.config_fixture.conf)
|
||||
|
||||
# The tests need an attribute mapping to use.
|
||||
self.attribute_name = uuid.uuid4().hex
|
||||
self.filter_attribute_name = uuid.uuid4().hex
|
||||
self.base_ldap.attribute_mapping = {
|
||||
self.attribute_name: self.filter_attribute_name
|
||||
}
|
||||
|
||||
def test_return_query_with_no_hints(self):
|
||||
hints = driver_hints.Hints()
|
||||
# NOTE: doesn't have to be a real query, we just need to make sure the
|
||||
# same string is returned if there are no hints.
|
||||
query = uuid.uuid4().hex
|
||||
self.assertEqual(query,
|
||||
self.base_ldap.filter_query(hints=hints, query=query))
|
||||
|
||||
# make sure the default query is an empty string
|
||||
self.assertEqual('', self.base_ldap.filter_query(hints=hints))
|
||||
|
||||
def test_filter_with_empty_query_and_hints_set(self):
|
||||
hints = driver_hints.Hints()
|
||||
username = uuid.uuid4().hex
|
||||
hints.add_filter(name=self.attribute_name,
|
||||
value=username,
|
||||
comparator='equals',
|
||||
case_sensitive=False)
|
||||
expected_ldap_filter = '(&(%s=%s))' % (
|
||||
self.filter_attribute_name, username)
|
||||
self.assertEqual(expected_ldap_filter,
|
||||
self.base_ldap.filter_query(hints=hints))
|
||||
|
||||
def test_filter_with_both_query_and_hints_set(self):
|
||||
hints = driver_hints.Hints()
|
||||
# NOTE: doesn't have to be a real query, we just need to make sure the
|
||||
# filter string is concatenated correctly
|
||||
query = uuid.uuid4().hex
|
||||
username = uuid.uuid4().hex
|
||||
expected_result = '(&%(query)s(%(user_name_attr)s=%(username)s))' % (
|
||||
{'query': query,
|
||||
'user_name_attr': self.filter_attribute_name,
|
||||
'username': username})
|
||||
hints.add_filter(self.attribute_name, username)
|
||||
self.assertEqual(expected_result,
|
||||
self.base_ldap.filter_query(hints=hints, query=query))
|
||||
|
|
Loading…
Reference in New Issue