Support self-signed LDAPS connections (#29606).

Patch by Gregor Schmidt. git-svn-id: http://svn.redmine.org/redmine/trunk@17505 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-01 19:05:51 +01:00 · 2018-09-23 13:28:36 +00:00
parent 2ef5ce247a
commit a9eaf563a5
8 changed files with 109 additions and 3 deletions
--- a/test/unit/auth_source_ldap_test.rb
+++ b/test/unit/auth_source_ldap_test.rb
@@ -40,6 +40,8 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
    assert_nil auth_source.attr_mail
    assert_equal false, auth_source.onthefly_register
    assert_equal false, auth_source.tls
+    assert_equal true, auth_source.verify_peer
+    assert_equal :ldap, auth_source.ldap_mode
    assert_nil auth_source.filter
    assert_nil auth_source.timeout
  end
@@ -77,6 +79,42 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
    assert a.valid?
  end

+  test 'ldap_mode setter sets tls and verify_peer' do
+    a = AuthSourceLdap.new
+
+    a.ldap_mode = 'ldaps_verify_peer'
+    assert a.tls
+    assert a.verify_peer
+
+    a.ldap_mode = 'ldaps_verify_none'
+    assert a.tls
+    assert !a.verify_peer
+
+    a.ldap_mode = 'ldap'
+    assert !a.tls
+    assert !a.verify_peer
+  end
+
+  test 'ldap_mode getter reads from tls and verify_peer' do
+    a = AuthSourceLdap.new
+
+    a.tls = true
+    a.verify_peer = true
+    assert_equal :ldaps_verify_peer, a.ldap_mode
+
+    a.tls = true
+    a.verify_peer = false
+    assert_equal :ldaps_verify_none, a.ldap_mode
+
+    a.tls = false
+    a.verify_peer = false
+    assert_equal :ldap, a.ldap_mode
+
+    a.tls = false
+    a.verify_peer = true
+    assert_equal :ldap, a.ldap_mode
+  end
+
  if ldap_configured?
    test '#authenticate with a valid LDAP user should return the user attributes' do
      auth = AuthSourceLdap.find(1)