majic-ansible-roles Files · roles/xmpp_server/molecule/default/tests/test

Files @ 09e9aaa170b3
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/molecule/default/tests/test_client.py

09e9aaa170b3 3.5 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
MAR-239: Dropped support for Debian 11 Bullseye from the wsgi_website role.
import os

import pytest

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('clients')


def test_connectivity(host):
    """
    Tests connectivity to the XMPP server (ports that should be reachable).
    """

    with host.sudo():

        for server in ["parameters-mandatory",
                       "parameters-optional"]:
            # c2s plaintext, c2s TLS, file proxy, s2s.
            for port in [5222, 5223, 5000, 5269]:

                ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server)
                assert ping.rc == 0


@pytest.mark.parametrize("username, password, domain", [
    ["john.doe", "johnpassword", "domain1"],
    ["jane.doe", "janepassword", "domain2"],
])
def test_tls(host, username, password, domain):
    """
    Tests if TLS works as expected.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                    f"{username}@{domain}")
    assert send.rc == 0
    assert "<body>Hello</body>" in send.stderr

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug --tls "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5223 "
                    f"{username}@{domain}")
    assert send.rc == 0
    assert "<body>Hello</body>" in send.stderr


@pytest.mark.parametrize("username, password, domain", [
    ["john.doe", "johnpassword", "domain1"],
    ["jane.doe", "janepassword", "domain2"],
])
def test_authentication_requires_tls(host, username, password, domain):
    """
    Tests if STARTTLS is required.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                    f"{username}@{domain}")

    assert send.rc == 0
    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in send.stderr


@pytest.mark.parametrize("username, password, domain", [
    ["john.doe", "johnpassword", "domain1"],
    ["jane.doe", "janepassword", "domain2"],
    ["mick.doe", "mickpassword", "domain3"],
])
def test_authentication(host, username, password, domain):
    """
    Tests if authentication works correctly.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                    f"{username}@{domain}")
    assert send.rc == 0

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug --tls "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5223 "
                    f"{username}@{domain}")
    assert send.rc == 0


@pytest.mark.parametrize("target_username, target_domain", [
    ["john.doe", "domain1"],
    ["jane.doe", "domain2"],
])
def test_unauthorized_users_rejected(host, target_username, target_domain):
    """
    Tests if unauthorized users (present in LDAP, but not member of correct
    group) are rejected from accessing the XMPP server.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username noxmpp@{target_domain} --password noxmpppassword --jserver {target_domain}:5222 "
                    f"{target_username}@{target_domain}")
    assert send.rc != 0
    assert "Unable to authorize you with the authentication credentials you've sent" in send.stderr