refactor: work on ldap tests

api/doc/auth/post-token-callback-req/schema.js

@@ -2,6 +2,7 @@ export default {
   $id: 'https://github.com/data-fair/simple-directory/auth/post-token-callback-req',
   title: 'Post token callback req',
   'x-exports': ['validate', 'types'],
+  'x-ajv': { coerceTypes: true },
   type: 'object',
   required: ['query'],
   properties: {
@@ -12,7 +13,8 @@ export default {
         id_token: { type: 'string' },
         id_token_org: { type: 'string' },
         id_token_dep: { type: 'string' },
-        redirect: { type: 'string' }
+        redirect: { type: 'string' },
+        org_storage: { type: 'boolean' }
       }
     }
   }

api/src/auth/router.ts

@@ -333,7 +333,7 @@ router.get('/token_callback', async (req, res, next) => {
     if (!org) return redirectError('orgaUnknown')
   }
   let storage = storages.globalStorage
-  if (req.query.org_storage === 'true' && org) {
+  if (query.org_storage && org) {
     storage = await storages.createOrgStorage(org) ?? storage
   }
   const user = decoded.id === '_superadmin' ? superadmin : await storage.getUser(decoded.id)
@@ -377,9 +377,8 @@ router.get('/token_callback', async (req, res, next) => {
 // TODO: deprecate this whole route, replaced by simpler /keepalive
 router.post('/exchange', async (req, res, next) => {
   const logContext: EventLogContext = { req }
-  const { query } = (await import('#doc/auth/post-exchange-req/index.ts')).returnValid(req, { name: 'req' })
 
-  const idToken = ((req.cookies && req.cookies.id_token) || (req.headers && req.headers.authorization && req.headers.authorization.split(' ').pop()) || query.id_token) as string | undefined
+  const idToken = ((req.cookies && req.cookies.id_token) || (req.headers && req.headers.authorization && req.headers.authorization.split(' ').pop()) || req.query.id_token) as string | undefined
   if (!idToken) {
     return res.status(401).send('No id_token cookie provided')
   }

api/src/storages/index.ts

@@ -56,9 +56,7 @@ class StorageManager {
   }
 
   async createOrgStorage (org: Organization): Promise<SdStorage | undefined> {
-    console.log('ORG STORAGE ?')
     if (!org.orgStorage?.active || !config.perOrgStorageTypes.includes(org.orgStorage.type)) return
-    console.log('YES')
     return this.createStorage(org.orgStorage.type, { ...defaultConfig.storage[org.orgStorage.type], ...org.orgStorage.config }, org)
   }
 }

api/src/storages/ldap.ts

@@ -89,7 +89,7 @@ function buildMappingFn (
   }
 }
 
-class LdapStorage implements SdStorage {
+export class LdapStorage implements SdStorage {
   readonly?: boolean | undefined
 
   private ldapParams: LdapParams

api/types/organization/schema.js

@@ -1,3 +1,8 @@
+import jsonSchema from '@data-fair/lib-utils/json-schema.js'
+const ldapParamsSchema = import('../ldap-params/schema.js')
+
+const partialLdapParamsSchema = { ...ldapParamsSchema, required: ['url', 'baseDN'] }
+
 export default {
   $id: 'https://github.com/data-fair/simple-directory/organization',
   'x-exports': ['types'],
@@ -119,7 +124,7 @@ export default {
           enum: ['ldap']
         },
         readonly: { type: 'boolean' },
-        config: { $ref: 'https://github.com/data-fair/simple-directory/ldap-params' }
+        config: partialLdapParamsSchema
       }
     },
     partners: {

dev/resources/organizations.json

@@ -93,6 +93,7 @@
       "active": true,
       "config": {
         "url": "ldap://localhost:389",
+        "baseDN": "dc=example,dc=org",
         "searchUserDN": "cn=admin,dc=example,dc=org",
         "searchUserPassword": "admin",
         "users": {

package.json

@@ -36,7 +36,7 @@
   "homepage": "https://github.com/koumoul-dev/simple-directory#readme",
   "devDependencies": {
     "@commitlint/config-conventional": "^19.2.2",
-    "@data-fair/lib-node": "^1.1.1",
+    "@data-fair/lib-node": "^1.2.0",
     "@types/accept-language-parser": "^1.5.6",
     "@types/capitalize": "^2.0.2",
     "@types/config": "^3.3.3",

test-it/04-storage-ldap.ts

@@ -22,15 +22,13 @@ describe('storage ldap', () => {
     await storage._createOrganization({ id: 'myorg', name: 'My Org' })
     await storage._createUser({
       id: 'alban1',
-      name: 'Alban Mouton',
       firstName: 'Alban',
       lastName: 'Mouton',
       email: '[email protected]',
       organizations: [{ id: 'myorg', role: 'admin', name: 'my org' }]
     })
     await storage._createUser({
       id: 'test1',
-      name: 'Test User',
       firstName: 'Test',
       lastName: 'User',
       email: '[email protected]',
@@ -63,7 +61,7 @@ describe('storage ldap', () => {
 
     const members = await storage.findMembers('myorg', { skip: 0, size: 10 })
     assert.equal(members.count, 2)
-    assert.equal(members.results[0].name, 'Alban Mouton')
+    assert.equal(members.results[0].name, 'alban1')
     assert.equal(members.results[0].role, 'overwritten')
 
     const members2 = await storage.findMembers('myorg', { q: 'notauser', skip: 0, size: 10 })

test-it/05-storage-ldap-per-org.ts

@@ -53,7 +53,7 @@ describe('ldap storage per organization in file storage mode', () => {
     assert.equal(res.data.count, 1)
     assert.equal(res.data.results[0].email, '[email protected]')
     assert.equal(res.data.results[0].orgStorage, true)
-    assert.equal(res.data.results[0].id, 'ldap_test-ldap_Alban Mouton')
+    assert.equal(res.data.results[0].id, 'ldap_test-ldap_alban')
 
     // TODO: add auth test with user password
   })

test-it/06-storage-ldap-single-org.ts

@@ -42,7 +42,7 @@ describe('ldap single org', () => {
 
     const members = await storage.findMembers('test-single-org', { skip: 0, size: 10 })
     assert.equal(members.count, 1)
-    assert.equal(members.results[0].name, 'alban')
+    assert.equal(members.results[0].name, 'alban1')
     assert.equal(members.results[0].role, 'admin')
 
     const member2 = await storage.findMembers('test-single-org', { q: 'notauser', skip: 0, size: 10 })

test-it/07-storage-ldap-api.ts

@@ -21,16 +21,9 @@ describe('ldap storage API', () => {
       firstName: 'Alban',
       lastName: 'Mouton',
       email: '[email protected]',
-      organizations: [{ id: 'myorg', role: 'admin', name: 'my org' }],
+      organizations: [{ id: 'myorg', role: 'user', name: 'my org' }],
       password: 'passwd'
     })
-    await storage._createUser({
-      id: 'alban2',
-      firstName: 'Alban',
-      lastName: '',
-      email: '[email protected]',
-      organizations: [{ id: 'myorg', role: 'user', name: 'my org' }]
-    })
   })
 
   after(stopApiServer)
@@ -49,6 +42,6 @@ describe('ldap storage API', () => {
     const res = await ax.get('/api/auth/me')
     assert.equal(res.status, 200)
     assert.equal(res.data.id, 'alban')
-    console.log('ME', res.data)
+    assert.equal(res.data.organizations?.[0].id, 'myorg')
   })
 })

test-it/08-storage-ldap-single-org-mongo.ts

@@ -1,24 +1,64 @@
 import { strict as assert } from 'node:assert'
 import { it, describe, before, beforeEach, after } from 'node:test'
-import { clean, startApiServer, stopApiServer, createUser } from './utils/index.ts'
+import { axiosAuth, clean, startApiServer, stopApiServer, createUser } from './utils/index.ts'
+import type { LdapStorage } from '../api/src/storages/ldap.ts'
 
 process.env.STORAGE_TYPE = 'mongo'
 process.env.NODE_CONFIG_DIR = 'api/config/'
 const config = (await import('../api/src/config.ts')).default
 const ldapConfig = JSON.parse(JSON.stringify(config.storage.ldap))
-ldapConfig.organizations.staticSingleOrg = { id: 'test-single-org', name: 'Test single org' }
-ldapConfig.members.role.values = { admin: ['administrator'], user: [] }
 
-describe.only('ldap storage per organization in mongodb storage mode', () => {
+const orgLdapConfig = {
+  url: 'ldap://localhost:389',
+  baseDN: 'dc=example,dc=org',
+  searchUserDN: 'cn=admin,dc=example,dc=org',
+  searchUserPassword: 'admin',
+  users: {
+    objectClass: 'inetOrgPerson',
+    dnKey: 'cn',
+    mapping: {
+      id: 'cn',
+      name: 'cn',
+      email: 'mail',
+      firstName: 'givenName',
+      lastName: 'sn'
+    },
+    extraFilters: ['sn=Mouton']
+  }
+}
+
+describe('ldap storage per organization in mongodb storage mode', () => {
   before(startApiServer)
   beforeEach(async () => await clean({ ldapConfig }))
   after(stopApiServer)
 
-  it.only('create a user and organization and configure orgStorage with ldap config', async () => {
-    const { ax, user } = await createUser('test1@test.com')
+  it('create a user and organization and configure orgStorage with ldap config', async () => {
+    const { ax: axAdmin, user } = await createUser('admin@test.com', true)
     assert.ok(user.id)
-    const org = (await ax.post('/api/organizations', { name: 'Org 1' })).data
-    console.log(org)
+    const org = (await axAdmin.post('/api/organizations', { name: 'Org 1' })).data
     assert.ok(org.id)
+    const patchedOrg = (await axAdmin.patch(`/api/organizations/${org.id}`, {
+      orgStorage: {
+        type: 'ldap',
+        active: true,
+        config: orgLdapConfig
+      }
+    })).data
+
+    const storage = (await (await import('../api/src/storages/index.ts')).default.createOrgStorage(patchedOrg)) as LdapStorage
+    await storage._createUser({
+      id: 'alban',
+      firstName: 'Alban',
+      lastName: 'Mouton',
+      email: '[email protected]',
+      organizations: [{ id: org.id, role: 'user', name: 'Org 1' }],
+      password: 'passwd'
+    })
+
+    const ax = await axiosAuth({ email: '[email protected]', org: org.id, orgStorage: true })
+    const res = await ax.get('/api/auth/me')
+    assert.equal(res.status, 200)
+    assert.ok(res.data.id.endsWith('_alban'))
+    assert.equal(res.data.organizations?.[0].id, org.id)
   })
 })