From fcdf165dfe2f3579c6361371c3e829a4fc1b43c5 Mon Sep 17 00:00:00 2001
From: risson <18313093+rissson@users.noreply.github.com>
Date: Sat, 8 Jul 2023 21:16:43 +0200
Subject: [PATCH] outposts/ldap: add test for attribute filtering (#6189)

add failing test case

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 tests/e2e/test_provider_ldap.py | 73 +++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/tests/e2e/test_provider_ldap.py b/tests/e2e/test_provider_ldap.py
index 2045f1d0b..efabfd3b8 100644
--- a/tests/e2e/test_provider_ldap.py
+++ b/tests/e2e/test_provider_ldap.py
@@ -344,3 +344,76 @@ class TestProviderLDAP(SeleniumTestCase):
         self.assertIsNotNone(server.schema)
         self.assertTrue(server.schema.is_valid())
         self.assertIsNotNone(server.schema.object_classes["goauthentik.io/ldap/user"])
+
+    @retry()
+    @apply_blueprint(
+        "default/flow-default-authentication-flow.yaml",
+        "default/flow-default-invalidation-flow.yaml",
+    )
+    @reconcile_app("authentik_outposts")
+    def test_ldap_search_attrs_filter(self):
+        """Test search with attributes filtering"""
+        # Remove akadmin to ensure list is correct
+        # Remove user before starting container so it's not cached
+        User.objects.filter(username="akadmin").delete()
+
+        outpost = self._prepare()
+        server = Server("ldap://localhost:3389", get_info=ALL)
+        _connection = Connection(
+            server,
+            raise_exceptions=True,
+            user=f"cn={self.user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
+            password=self.user.username,
+        )
+        _connection.bind()
+        self.assertTrue(
+            Event.objects.filter(
+                action=EventAction.LOGIN,
+                user={
+                    "pk": self.user.pk,
+                    "email": self.user.email,
+                    "username": self.user.username,
+                },
+            )
+        )
+
+        embedded_account = Outpost.objects.filter(managed=MANAGED_OUTPOST).first().user
+
+        _connection.search(
+            "ou=Users,DC=ldaP,dc=goauthentik,dc=io",
+            "(objectClass=user)",
+            search_scope=SUBTREE,
+            attributes=["cn"],
+        )
+        response: dict = _connection.response
+        # Remove raw_attributes to make checking easier
+        for obj in response:
+            del obj["raw_attributes"]
+            del obj["raw_dn"]
+        o_user = outpost.user
+        self.assertCountEqual(
+            response,
+            [
+                {
+                    "dn": f"cn={o_user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
+                    "attributes": {
+                        "cn": o_user.username,
+                    },
+                    "type": "searchResEntry",
+                },
+                {
+                    "dn": f"cn={embedded_account.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
+                    "attributes": {
+                        "cn": embedded_account.username,
+                    },
+                    "type": "searchResEntry",
+                },
+                {
+                    "dn": f"cn={self.user.username},ou=users,dc=ldap,dc=goauthentik,dc=io",
+                    "attributes": {
+                        "cn": self.user.username,
+                    },
+                    "type": "searchResEntry",
+                },
+            ],
+        )