bitwarden · eliykat · Sep 30, 2024 · Sep 30, 2024 · Sep 30, 2024 · Sep 30, 2024
@@ -0,0 +1,92 @@
+name: Integration Testing
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+  pull_request:
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+
+jobs:
+  check-test-secrets:
+    name: Check for test secrets
+    runs-on: ubuntu-22.04
+    outputs:
+      available: ${{ steps.check-test-secrets.outputs.available }}
+    permissions:
+      contents: read
+
+    steps:
+      - name: Check
+        id: check-test-secrets
+        run: |
+          if [ "${{ secrets.CODECOV_TOKEN }}" != '' ]; then
+            echo "available=true" >> $GITHUB_OUTPUT;
+          else
+            echo "available=false" >> $GITHUB_OUTPUT;
+          fi
+
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-22.04
+    needs: check-test-secrets
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Set up Node
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      - name: Start OpenLDAP docker container
+        run: docker compose --project-directory utils/integration-tests --profile server up -d
+
+      - name: Run integration tests
+        run: |
+          npm run test:integration --coverage
+
+      - name: Report test results
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+        if: ${{ needs.check-test-secrets.outputs.available == 'true' && !cancelled() }}
+        with:
+          name: Test Results
+          path: "junit.xml"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+        if: ${{ needs.check-test-secrets.outputs.available == 'true' }}
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@1b5b448b98e58ba90d1a1a1d9fcb72ca2263be46 # v1.0.0
+        if: ${{ needs.check-test-secrets.outputs.available == 'true' }}
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -64,9 +64,11 @@
     "publish:win": "npm run build:dist && npm run clean:dist && electron-builder --win --x64 --ia32 -p always -c.win.certificateSubjectName=\"8bit Solutions LLC\"",
     "prettier": "prettier --write .",
     "prepare": "husky install",
-    "test": "jest",
-    "test:watch": "jest --watch",
-    "test:watch:all": "jest --watchAll",
+    "test": "jest --testPathIgnorePatterns=.integration.spec.ts",
+    "test:watch": "jest --watch --testPathIgnorePatterns=.integration.spec.ts",
+    "test:watch:all": "jest --watchAll --testPathIgnorePatterns=.integration.spec.ts",
+    "test:integration": "jest .integration.spec.ts",
+    "test:integration:watch": "jest .integration.spec.ts --watch",
     "test:types": "npx tsc --noEmit"
   },
   "devDependencies": {

@@ -1,3 +1,5 @@
+import { Jsonify } from "type-fest";
+
 import { Entry } from "./entry";
 import { UserEntry } from "./userEntry";
 
@@ -14,4 +16,38 @@
 
     return this.name;
   }
+
+  toJSON() {
+    return {
+      name: this.name,
+      referenceId: this.referenceId,
+      externalId: this.externalId,
+      userMemberExternalIds:
+        this.userMemberExternalIds == null ? null : [...this.userMemberExternalIds],
+      groupMemberReferenceIds:
+        this.groupMemberReferenceIds == null ? null : [...this.groupMemberReferenceIds],
+      users: this.users?.map((u) => u.toJSON()),
+    };
+  }
+
+  static fromJSON(data: Jsonify<GroupEntry>) {
+    const result = new GroupEntry();
+    result.referenceId = data.referenceId;
+    result.externalId = data.externalId;
+    result.name = data.name;
+
+    if (data.userMemberExternalIds != null) {
+      result.userMemberExternalIds = new Set(data.userMemberExternalIds);
+    }
+
+    if (data.groupMemberReferenceIds != null) {
+      result.groupMemberReferenceIds = new Set(data.groupMemberReferenceIds);
+    }
+
+    if (data.users != null) {
+      result.users = data.users.map((u) => UserEntry.fromJSON(u));
+    }
+
+    return result;
+  }
 }
@@ -1,3 +1,5 @@
+import { Jsonify } from "type-fest";
+
 import { Entry } from "./entry";
 
 export class UserEntry extends Entry {
@@ -12,4 +14,26 @@
 
     return this.email;
   }
+
+  toJSON() {
+    return {
+      referenceId: this.referenceId,
+      externalId: this.externalId,
+      email: this.email,
+      disabled: this.disabled,
+      deleted: this.deleted,
+    };
+  }
+
+  static fromJSON(data: Jsonify<UserEntry>) {
+    const result = new UserEntry();
+    result.referenceId = data.referenceId;
+    result.externalId = data.externalId;
+
+    result.email = data.email;
+    result.disabled = data.disabled;
+    result.deleted = data.deleted;
+
+    return result;
+  }
 }
@@ -0,0 +1,191 @@
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
+import { LogService } from "../../jslib/common/src/abstractions/log.service";
+import { groupFixtures } from "../../utils/integration-tests/group-fixtures";
+import { userFixtures } from "../../utils/integration-tests/user-fixtures";
+import { DirectoryType } from "../enums/directoryType";
+import { LdapConfiguration } from "../models/ldapConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
+
+import { LdapDirectoryService } from "./ldap-directory.service";
+import { StateService } from "./state.service";
+
+// These tests integrate with the OpenLDAP docker image and seed data located in utils/integration-tests.
+// To start the docker container for local testing:
+//   cd utils/integration-tests
+//   docker compose --profile server up -d
+// Once the docker container is running, these tests can be run using:
+//   npm run test:integration:watch
+// The docker compose config also includes a PhpLDAPAdmin container for inspecting the LDAP directory contents.
+
+describe("ldapDirectoryService", () => {
+  let logService: MockProxy<LogService>;
+  let i18nService: MockProxy<I18nService>;
+  let stateService: MockProxy<StateService>;
+
+  let directoryService: LdapDirectoryService;
+
+  beforeEach(() => {
+    logService = mock();
+    i18nService = mock();
+    stateService = mock();
+
+    stateService.getDirectoryType.mockResolvedValue(DirectoryType.Ldap);
+    stateService.getLastUserSync.mockResolvedValue(null); // do not filter results by last modified date
+    i18nService.t.mockImplementation((id) => id); // passthrough implementation for any error  messages
+
+    directoryService = new LdapDirectoryService(logService, i18nService, stateService);
+  });
+
+  it("gets users and groups without TLS", async () => {
+    stateService.getDirectory
+      .calledWith(DirectoryType.Ldap)
+      .mockResolvedValue(getLdapConfiguration());
+    stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
+
+    const result = await directoryService.getEntries(true, true);
+    expect(result).toEqual([groupFixtures, userFixtures]);
+  });
+
+  it("gets users and groups with TLS", async () => {
+    stateService.getDirectory.calledWith(DirectoryType.Ldap).mockResolvedValue(
+      getLdapConfiguration({
+        ssl: true,
+        startTls: true,
+        sslAllowUnauthorized: true, // TODO: this could be more robust if we configured certs correctly
+      }),
+    );
+    stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
+
+    const result = await directoryService.getEntries(true, true);
+    expect(result).toEqual([groupFixtures, userFixtures]);
+  });
+
+  describe("users", () => {
+    it("respects the users path", async () => {
+      stateService.getDirectory
+        .calledWith(DirectoryType.Ldap)
+        .mockResolvedValue(getLdapConfiguration());
+      stateService.getSync.mockResolvedValue(
+        getSyncConfiguration({
+          users: true,
+          userPath: "ou=Human Resources",
+        }),
+      );
+
+      // These users are in the Human Resources ou
+      const hrUsers = userFixtures.filter(
+        (u) =>
+          u.referenceId === "cn=Roland Dyke,ou=Human Resources,dc=bitwarden,dc=com" ||
+          u.referenceId === "cn=Charin Goulfine,ou=Human Resources,dc=bitwarden,dc=com" ||
+          u.referenceId === "cn=Angelle Guarino,ou=Human Resources,dc=bitwarden,dc=com",
+      );
+
+      const result = await directoryService.getEntries(true, true);
+      expect(result[1]).toEqual(expect.arrayContaining(hrUsers));
+      expect(result[1].length).toEqual(hrUsers.length);
+    });
+
+    it("filters users", async () => {
+      stateService.getDirectory
+        .calledWith(DirectoryType.Ldap)
+        .mockResolvedValue(getLdapConfiguration());
+      stateService.getSync.mockResolvedValue(
+        getSyncConfiguration({ users: true, userFilter: "(cn=Roland Dyke)" }),
+      );
+
+      const roland = userFixtures.find(
+        (u) => u.referenceId === "cn=Roland Dyke,ou=Human Resources,dc=bitwarden,dc=com",
+      );
+      const result = await directoryService.getEntries(true, true);
+      expect(result).toEqual([undefined, [roland]]);
+    });
+  });
+
+  describe("groups", () => {
+    it("respects the groups path", async () => {
+      stateService.getDirectory
+        .calledWith(DirectoryType.Ldap)
+        .mockResolvedValue(getLdapConfiguration());
+      stateService.getSync.mockResolvedValue(
+        getSyncConfiguration({
+          groups: true,
+          groupPath: "ou=Janitorial",
+        }),
+      );
+
+      // These groups are in the Janitorial ou
+      const janitorialGroups = groupFixtures.filter((g) => g.name === "Cleaners");
+
+      const result = await directoryService.getEntries(true, true);
+      expect(result).toEqual([janitorialGroups, undefined]);
+    });
+
+    it("filters groups", async () => {
+      stateService.getDirectory
+        .calledWith(DirectoryType.Ldap)
+        .mockResolvedValue(getLdapConfiguration());
+      stateService.getSync.mockResolvedValue(
+        getSyncConfiguration({ groups: true, groupFilter: "(cn=Red Team)" }),
+      );
+
+      const redTeam = groupFixtures.find(
+        (u) => u.referenceId === "cn=Red Team,dc=bitwarden,dc=com",
+      );
+      const result = await directoryService.getEntries(true, true);
+      expect(result).toEqual([[redTeam], undefined]);
+    });
+  });
+});
+
+/**
+ * @returns a basic ldap configuration without TLS/SSL enabled. Can be overridden by passing in a partial configuration.
+ */
+const getLdapConfiguration = (config?: Partial<LdapConfiguration>): LdapConfiguration => ({
+  ssl: false,
+  startTls: false,
+  tlsCaPath: null,
+  sslAllowUnauthorized: false,
+  sslCertPath: null,
+  sslKeyPath: null,
+  sslCaPath: null,
+  hostname: "127.0.0.1",
+  port: 1389,
+  domain: null,
+  rootPath: "dc=bitwarden,dc=com",
+  currentUser: false,
+  username: "cn=admin,dc=bitwarden,dc=com",
+  password: "admin",
+  ad: false,
+  pagedSearch: false,
+  ...(config ?? {}),
+});
+
+/**
+ * @returns a basic sync configuration. Can be overridden by passing in a partial configuration.
+ */
+const getSyncConfiguration = (config?: Partial<SyncConfiguration>): SyncConfiguration => ({
+  users: false,
+  groups: false,
+  interval: 5,
+  userFilter: null,
+  groupFilter: null,
+  removeDisabled: false,
+  overwriteExisting: false,
+  largeImport: false,
+  // Ldap properties
+  groupObjectClass: "posixGroup",
+  userObjectClass: "person",
+  groupPath: null,
+  userPath: null,
+  groupNameAttribute: "cn",
+  userEmailAttribute: "mail",
+  memberAttribute: "memberUid",
+  useEmailPrefixSuffix: false,
+  emailPrefixAttribute: "sAMAccountName",
+  emailSuffix: null,
+  creationDateAttribute: "whenCreated",
+  revisionDateAttribute: "whenChanged",
+  ...(config ?? {}),
+});
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=directory-connector