LDAP: add tests for initialBind (#17132)

* LDAP: add tests for initialBind

* LDAP: clarify comment for Login()

pkg/services/ldap/ldap.go

@@ -122,13 +122,13 @@ func (server *Server) Close() {
 	server.connection.Close()
 	server.connection.Close()
 }
 }
 
 
-// Login intialBinds the user, search it and then serialize it
+// Log in user by searching and serializing it
 func (server *Server) Login(query *models.LoginUserQuery) (
 func (server *Server) Login(query *models.LoginUserQuery) (
 	*models.ExternalUserInfo, error,
 	*models.ExternalUserInfo, error,
 ) {
 ) {
 
 
 	// Perform initial authentication
 	// Perform initial authentication
-	err := server.intialBind(query.Username, query.Password)
+	err := server.initialBind(query.Username, query.Password)
 	if err != nil {
 	if err != nil {
 		return nil, err
 		return nil, err
 	}
 	}
@@ -159,7 +159,7 @@ func (server *Server) Login(query *models.LoginUserQuery) (
 
 
 // Add adds stuff to LDAP
 // Add adds stuff to LDAP
 func (server *Server) Add(dn string, values map[string][]string) error {
 func (server *Server) Add(dn string, values map[string][]string) error {
-	err := server.intialBind(
+	err := server.initialBind(
 		server.config.BindDN,
 		server.config.BindDN,
 		server.config.BindPassword,
 		server.config.BindPassword,
 	)
 	)
@@ -190,7 +190,7 @@ func (server *Server) Add(dn string, values map[string][]string) error {
 
 
 // Remove removes stuff from LDAP
 // Remove removes stuff from LDAP
 func (server *Server) Remove(dn string) error {
 func (server *Server) Remove(dn string) error {
-	err := server.intialBind(
+	err := server.initialBind(
 		server.config.BindDN,
 		server.config.BindDN,
 		server.config.BindPassword,
 		server.config.BindPassword,
 	)
 	)
@@ -381,7 +381,7 @@ func (server *Server) secondBind(
 	return nil
 	return nil
 }
 }
 
 
-func (server *Server) intialBind(username, userPassword string) error {
+func (server *Server) initialBind(username, userPassword string) error {
 	if server.config.BindPassword != "" || server.config.BindDN == "" {
 	if server.config.BindPassword != "" || server.config.BindDN == "" {
 		userPassword = server.config.BindPassword
 		userPassword = server.config.BindPassword
 		server.requireSecondBind = true
 		server.requireSecondBind = true

pkg/services/ldap/ldap_helpers_test.go

@@ -75,6 +75,71 @@ func TestLDAPHelpers(t *testing.T) {
 		})
 		})
 	})
 	})
 
 
+	Convey("initialBind", t, func() {
+		Convey("Given bind dn and password configured", func() {
+			connection := &mockConnection{}
+			var actualUsername, actualPassword string
+			connection.bindProvider = func(username, password string) error {
+				actualUsername = username
+				actualPassword = password
+				return nil
+			}
+			server := &Server{
+				connection: connection,
+				config: &ServerConfig{
+					BindDN:       "cn=%s,o=users,dc=grafana,dc=org",
+					BindPassword: "bindpwd",
+				},
+			}
+			err := server.initialBind("user", "pwd")
+			So(err, ShouldBeNil)
+			So(server.requireSecondBind, ShouldBeTrue)
+			So(actualUsername, ShouldEqual, "cn=user,o=users,dc=grafana,dc=org")
+			So(actualPassword, ShouldEqual, "bindpwd")
+		})
+
+		Convey("Given bind dn configured", func() {
+			connection := &mockConnection{}
+			var actualUsername, actualPassword string
+			connection.bindProvider = func(username, password string) error {
+				actualUsername = username
+				actualPassword = password
+				return nil
+			}
+			server := &Server{
+				connection: connection,
+				config: &ServerConfig{
+					BindDN: "cn=%s,o=users,dc=grafana,dc=org",
+				},
+			}
+			err := server.initialBind("user", "pwd")
+			So(err, ShouldBeNil)
+			So(server.requireSecondBind, ShouldBeFalse)
+			So(actualUsername, ShouldEqual, "cn=user,o=users,dc=grafana,dc=org")
+			So(actualPassword, ShouldEqual, "pwd")
+		})
+
+		Convey("Given empty bind dn and password", func() {
+			connection := &mockConnection{}
+			unauthenticatedBindWasCalled := false
+			var actualUsername string
+			connection.unauthenticatedBindProvider = func(username string) error {
+				unauthenticatedBindWasCalled = true
+				actualUsername = username
+				return nil
+			}
+			server := &Server{
+				connection: connection,
+				config:     &ServerConfig{},
+			}
+			err := server.initialBind("user", "pwd")
+			So(err, ShouldBeNil)
+			So(server.requireSecondBind, ShouldBeTrue)
+			So(unauthenticatedBindWasCalled, ShouldBeTrue)
+			So(actualUsername, ShouldBeEmpty)
+		})
+	})
+
 	Convey("serverBind()", t, func() {
 	Convey("serverBind()", t, func() {
 		Convey("Given bind dn and password configured", func() {
 		Convey("Given bind dn and password configured", func() {
 			connection := &mockConnection{}
 			connection := &mockConnection{}