Tests #113
Tests #113
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive test infrastructure for the LDAP gateway project, implementing unit tests, integration tests, and SSSD integration tests. The changes include Jest configuration, test utilities, mock providers, and extensive test coverage for authentication, directory backends, and security features.
Key Changes
- Added Jest test framework configuration for both npm core package and server
- Created test utilities (TestServer, LdapTestClient, dbSeeder, mockLogger)
- Implemented unit tests for utilities, interfaces, and LdapEngine
- Added integration tests for SQL, MongoDB, and Proxmox backends
- Added SSSD integration tests with Docker Compose setup
Reviewed changes
Copilot reviewed 43 out of 44 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| npm/jest.config.js | Jest configuration for core package with coverage thresholds |
| npm/package.json | Added Jest dependencies and test scripts |
| npm/test/unit/utils/*.test.js | Unit tests for ldapUtils, filterUtils, errorUtils |
| npm/test/unit/interfaces/*.test.js | Unit tests for AuthProvider and DirectoryProvider |
| npm/test/unit/LdapEngine.test.js | Unit tests for LDAP engine lifecycle |
| npm/test/fixtures/*.js | Mock providers and shared test data fixtures |
| server/jest.config.js | Jest configuration for server integration tests |
| server/package.json | Added Jest and moved sequelize/sqlite to devDependencies |
| server/test/setup.js | Global test setup for server integration tests |
| server/test/utils/*.js | Test utilities (TestServer, LdapTestClient, dbSeeder, mockLogger) |
| server/test/fixtures/testData.js | Shared test data for integration tests |
| server/test/integration/auth/*.test.js | Auth backend integration tests (SQL, MongoDB, Proxmox) |
| server/test/integration/directory/*.test.js | Directory backend integration tests |
| server/test/integration/engine/*.test.js | Engine-level integration tests |
| server/test/integration/security/*.test.js | TLS policy and security tests |
| server/test/integration-sssd/* | SSSD integration test setup with Docker |
| server/utils/ldapUtils.js | Updated defaults for mail and surname fields |
| server/backends/proxmox.*.js | Added enabled/expire field support |
| server/db/drivers/mongoDb.js | Added connection checks and field normalization |
| npm/src/utils/ldapUtils.js | Support for both mail/email fields and login_shell |
| npm/src/utils/filterUtils.js | Fixed cn= filter handling for groups |
| npm/src/LdapEngine.js | Added cn filtering in mixed search requests |
| .github/workflows/ci.yml | Added MongoDB service and SSSD integration tests |
|
This is big so I'm reviewing it at a very high level here: Starting here, only the boxed test sounds worthwhile IMO, the rest test implementation details which may change. 
I'm not sure any of these tests are worth it, they all seem like implementation details 
Same here, these are all implementation details most of which are enforced by Node and not worth testing anyways 
I actually like most of the following tests, but the boxed 2 I want to change the API contract on. The directory provider MUST provide uid and gid numbers to this function or we should consider it an error. 
Again I don't think these are worth testing, they are mostly implementation details that may be subject to change. 
These seem fine but I would like to see the LDAP filter being used in the test output personally. 
These look good: 
The boxed test here seems oddly specific. What's it really testing for? 
Why are these "mocked"? We should at the very least be doing a REAL test against SQLite but preferably also dockerized mysql and postgresql databases. 
These look fine, I will need to do a deeper dive into the test harness to ensure they're testing things correctly. I also thought we weren't using the expired field at all 
I was running a mongodb in Docker similar to how the PR shows. The directory tests are passing 
But all auth tests failed with the same error |
runleveldev
left a comment
runleveldev
left a comment
There was a problem hiding this comment.
Part 1 review, npm package.
| npm run test:db:mysql # MySQL integration tests | ||
| npm run test:db:postgres # PostgreSQL integration tests | ||
| npm run test:db:mongodb # MongoDB integration tests | ||
| ``` |
There was a problem hiding this comment.
All 6 commands listed above are only valid within the server/ directory. This section of the README should either (a) be moved to server/README.md OR (b) reference the fact that the commands are only valid within the server/ directory (such as via a cd command).
| test('should work with all test fixture users', () => { | ||
| testUsers.forEach(user => { | ||
| const entry = createLdapEntry({ | ||
| username: user.username, | ||
| uid_number: user.uid, | ||
| gid_number: user.gidNumber, | ||
| full_name: user.cn, | ||
| last_name: user.sn, | ||
| mail: user.mail, | ||
| home_directory: user.homeDirectory | ||
| }, baseDN); | ||
|
|
||
| expect(entry.dn).toContain(user.username); | ||
| expect(entry.attributes.uid).toBe(user.username); | ||
| expect(entry.attributes.uidNumber).toBe(user.uid); | ||
| }); | ||
| }); |
There was a problem hiding this comment.
What exactly does this test that the previous tests miss? If nothing, remove it. If this tests something specific, be clear about that in the test description.
| expect(entry.attributes.objectClass).toEqual(['posixGroup']); | ||
| expect(entry.attributes.cn).toBe('developers'); | ||
| expect(entry.attributes.gidNumber).toBe(1002); | ||
| expect(entry.attributes.memberUid).toEqual(['alice', 'bob']); |
There was a problem hiding this comment.
Just putting this comment here to voice my concern that we don't take a strong stance on memberUid vs. member. We really should pick one and support it based on whichever LDAP schema we're trying to support instead of having to test for all possible combinations. If this is the only comment that goes unaddressed I won't block this PR, but I will file a seperate issue to be more clear about which group style we support.
| test('should work with all test fixture groups', () => { | ||
| testGroups.forEach(group => { | ||
| const entry = createLdapGroupEntry({ | ||
| name: group.cn, | ||
| gid_number: group.gidNumber, | ||
| memberUids: group.memberUids | ||
| }, baseDN); | ||
|
|
||
| expect(entry.dn).toContain(group.cn); | ||
| expect(entry.attributes.cn).toBe(group.cn); | ||
| expect(entry.attributes.gidNumber).toBe(group.gidNumber); | ||
| }); | ||
| }); | ||
| }); |
There was a problem hiding this comment.
Again, what is this testing that the other tests don't? Remove it or be clear.
| expect(domain).toBe('company.org'); | ||
| }); | ||
|
|
||
| test('should return localhost for invalid base DN', () => { |
There was a problem hiding this comment.
We should throw an error on invalid DN rather than returning a probably wrong result.
| expect(domain).toBe('localhost'); | ||
| }); | ||
|
|
||
| test('should return localhost for empty base DN', () => { |
There was a problem hiding this comment.
Empty base would mean empty domain to me. Localhost seems like the wrong default. Or we should throw an error that an empty DN was provided.
Test Infrastructure
Test Coverage
Test Organization