Files @ 3dd7f39302f8
Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/tests/test_client.py

branko
MAR-29: Implemented tests for php_website role:

- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('client1')


def test_connectivity(Command, Sudo):
    """
    Tests connectivity to the XMPP server (ports that should be reachable).
    """

    with Sudo():

        for server in ["parameters-mandatory",
                       "parameters-optional"]:
            # c2s plaintext, c2s TLS, file proxy, s2s.
            for port in [5222, 5223, 5000, 5269]:

                ping = Command('hping3 -S -p %d -c 1 %s' % (port, server))
                assert ping.rc == 0


def test_tls(Command):
    """
    Tests if TLS works as expected.
    """

    send = Command("echo 'Hello' | sendxmpp -t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
    assert send.rc == 0

    send = Command("echo 'Hello' | sendxmpp -e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
    assert send.rc == 0

    send = Command("echo 'Hello' | sendxmpp -t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
    assert send.rc == 0

    send = Command("echo 'Hello' | sendxmpp -e -u jane.doe -p janepassword -j domain2:5223 jane.doe@domain2")
    assert send.rc == 0


def test_authentication_requires_tls(Command):
    """
    Tests if authentication must be done over TLS.
    """

    command = Command("echo 'Hello' | sendxmpp -u bogus -p bogus -j domain1:5222 john.doe@domain1 -d")
    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr

    command = Command("echo 'Hello' | sendxmpp -u bogus -p bogus -j domain2:5222 jane.doe@domain2 -d")
    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr


def test_authentication(Command):
    """
    Tests if authentication works correctly.
    """

    send = Command("echo 'Hello' | sendxmpp -t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
    assert send.rc == 0

    send = Command("echo 'Hello' | sendxmpp -e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
    assert send.rc == 0

    send = Command("echo 'Hello' | sendxmpp -t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
    assert send.rc == 0

    send = Command("echo 'Hello' | sendxmpp -e -u mick.doe -p mickpassword -j domain3:5223 mick.doe@domain3")
    assert send.rc == 0


def test_unauthorized_users_rejected(Command):
    """
    Tests if unauthorized users (present in LDAP, but not member of correct
    group) are rejected from accessing the XMPP server.
    """

    send = Command("echo 'Hello' | sendxmpp -t -u noxmpp -p noxmpppassword -j domain1:5222 john.doe@domain1")
    assert send.rc != 0
    assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr