# $Id$
#
#


$:.unshift "lib"

require 'test/unit'

require 'net/ldap'
require 'stringio'


class TestLdapClient < Test::Unit::TestCase

  # TODO: these tests crash and burn if the associated
  # LDAP testserver isn't up and running.
  # We rely on being able to read a file with test data
  # in LDIF format.
  # TODO, WARNING: for the moment, this data is in a file
  # whose name and location are HARDCODED into the
  # instance method load_test_data.

  def setup
    @host = "127.0.0.1"
    @port = 3890
    @auth = {
      :method => :simple,
      :username => "cn=bigshot,dc=bayshorenetworks,dc=com",
      :password => "opensesame"
    }

    @ldif = load_test_data
  end



  # Get some test data which will be used to validate
  # the responses from the test LDAP server we will
  # connect to.
  # TODO, Bogus: we are HARDCODING the location of the file for now.
  #
  def load_test_data
    ary = File.readlines( "tests/testdata.ldif" )
    hash = {}
    while line = ary.shift and line.chomp!
      if line =~ /^dn:[\s]*/i
        dn = $'
        hash[dn] = {}
        while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
          hash[dn][$1.downcase.intern] ||= []
          hash[dn][$1.downcase.intern] << $'
        end
      end
    end
    hash
  end



  # Binding tests.
  # Need tests for all kinds of network failures and incorrect auth.
  # TODO: Implement a class-level timeout for operations like bind.
  # Search has a timeout defined at the protocol level, other ops do not.
  # TODO, use constants for the LDAP result codes, rather than hardcoding them.
  def test_bind
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    assert_equal( true, ldap.bind )
    assert_equal( 0, ldap.get_operation_result.code )
    assert_equal( "Success", ldap.get_operation_result.message )

    bad_username = @auth.merge( {:username => "cn=badguy,dc=imposters,dc=com"} )
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_username
    assert_equal( false, ldap.bind )
    assert_equal( 48, ldap.get_operation_result.code )
    assert_equal( "Inappropriate Authentication", ldap.get_operation_result.message )

    bad_password = @auth.merge( {:password => "cornhusk"} )
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_password
    assert_equal( false, ldap.bind )
    assert_equal( 49, ldap.get_operation_result.code )
    assert_equal( "Invalid Credentials", ldap.get_operation_result.message )
  end



  def test_search
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    search = {:base => "dc=smalldomain,dc=com"}
    assert_equal( false, ldap.search( search ))
    assert_equal( 32, ldap.get_operation_result.code )
    
    search = {:base => "dc=bayshorenetworks,dc=com"}
    assert_equal( true, ldap.search( search ))
    assert_equal( 0, ldap.get_operation_result.code )
    
    ldap.search( search ) {|res|
      assert_equal( res, @ldif )
    }
  end
    



  # This is a helper routine for test_search_attributes.
  def internal_test_search_attributes attrs_to_search
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    assert( ldap.bind )

    search = {
      :base => "dc=bayshorenetworks,dc=com",
      :attributes => attrs_to_search
    }

    ldif = @ldif
    ldif.each {|dn,entry|
      entry.delete_if {|attr,value|
        ! attrs_to_search.include?(attr)
      }
    }
  
    assert_equal( true, ldap.search( search ))
    ldap.search( search ) {|res|
      res_keys = res.keys.sort
      ldif_keys = ldif.keys.sort
      assert( res_keys, ldif_keys )
      res.keys.each {|rk|
        assert( res[rk], ldif[rk] )
      }
    }
  end


  def test_search_attributes
    internal_test_search_attributes [:mail]
    internal_test_search_attributes [:cn]
    internal_test_search_attributes [:ou]
    internal_test_search_attributes [:hasaccessprivilege]
    internal_test_search_attributes ["mail"]
    internal_test_search_attributes ["cn"]
    internal_test_search_attributes ["ou"]
    internal_test_search_attributes ["hasaccessrole"]

    internal_test_search_attributes [:mail, :cn, :ou, :hasaccessrole]
    internal_test_search_attributes [:mail, "cn", :ou, "hasaccessrole"]
  end


  def test_search_filters
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    search = {
      :base => "dc=bayshorenetworks,dc=com",
      :filter => Net::LDAP::Filter.eq( "sn", "Fosse" )
    }

    ldap.search( search ) {|res|
      p res
    }
  end



  def test_open
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    ldap.open {|ldap|
      10.times {
        rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )
        assert_equal( true, rc )
      }
    }
  end


  def test_ldap_open
    Net::LDAP.open( :host => @host, :port => @port, :auth => @auth ) {|ldap|
      10.times {
        rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )
        assert_equal( true, rc )
      }
    }
  end





end