--- /dev/null
+<?php
+/**
+ * @author Andreas Fischer <bantu@owncloud.com>
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests;
+
+use OCA\User_LDAP\Access;
+use OCA\User_LDAP\Connection;
+
+/**
+ * Class AccessTest
+ *
+ * @group DB
+ *
+ * @package OCA\User_LDAP\Tests
+ */
+class AccessTest extends \Test\TestCase {
+ private function getConnectorAndLdapMock() {
+ static $conMethods;
+ static $accMethods;
+ static $umMethods;
+
+ if(is_null($conMethods) || is_null($accMethods)) {
+ $conMethods = get_class_methods('\OCA\User_LDAP\Connection');
+ $accMethods = get_class_methods('\OCA\User_LDAP\Access');
+ $umMethods = get_class_methods('\OCA\User_LDAP\User\Manager');
+ }
+ $lw = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
+ $connector = $this->getMock('\OCA\User_LDAP\Connection',
+ $conMethods,
+ array($lw, null, null));
+ $um = $this->getMock('\OCA\User_LDAP\User\Manager',
+ $umMethods, array(
+ $this->getMock('\OCP\IConfig'),
+ $this->getMock('\OCA\User_LDAP\FilesystemHelper'),
+ $this->getMock('\OCA\User_LDAP\LogWrapper'),
+ $this->getMock('\OCP\IAvatarManager'),
+ $this->getMock('\OCP\Image'),
+ $this->getMock('\OCP\IDBConnection'),
+ $this->getMock('\OCP\IUserManager')));
+
+ return array($lw, $connector, $um);
+ }
+
+ public function testEscapeFilterPartValidChars() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $input = 'okay';
+ $this->assertTrue($input === $access->escapeFilterPart($input));
+ }
+
+ public function testEscapeFilterPartEscapeWildcard() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $input = '*';
+ $expected = '\\\\*';
+ $this->assertTrue($expected === $access->escapeFilterPart($input));
+ }
+
+ public function testEscapeFilterPartEscapeWildcard2() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $input = 'foo*bar';
+ $expected = 'foo\\\\*bar';
+ $this->assertTrue($expected === $access->escapeFilterPart($input));
+ }
+
+ /** @dataProvider convertSID2StrSuccessData */
+ public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $sidBinary = implode('', $sidArray);
+ $this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
+ }
+
+ public function convertSID2StrSuccessData() {
+ return array(
+ array(
+ array(
+ "\x01",
+ "\x04",
+ "\x00\x00\x00\x00\x00\x05",
+ "\x15\x00\x00\x00",
+ "\xa6\x81\xe5\x0e",
+ "\x4d\x6c\x6c\x2b",
+ "\xca\x32\x05\x5f",
+ ),
+ 'S-1-5-21-249921958-728525901-1594176202',
+ ),
+ array(
+ array(
+ "\x01",
+ "\x02",
+ "\xFF\xFF\xFF\xFF\xFF\xFF",
+ "\xFF\xFF\xFF\xFF",
+ "\xFF\xFF\xFF\xFF",
+ ),
+ 'S-1-281474976710655-4294967295-4294967295',
+ ),
+ );
+ }
+
+ public function testConvertSID2StrInputError() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $sidIllegal = 'foobar';
+ $sidExpected = '';
+
+ $this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal));
+ }
+
+ public function testGetDomainDNFromDNSuccess() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
+ $domainDN = 'dc=my,dc=server,dc=com';
+
+ $lw->expects($this->once())
+ ->method('explodeDN')
+ ->with($inputDN, 0)
+ ->will($this->returnValue(explode(',', $inputDN)));
+
+ $this->assertSame($domainDN, $access->getDomainDNFromDN($inputDN));
+ }
+
+ public function testGetDomainDNFromDNError() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $inputDN = 'foobar';
+ $expected = '';
+
+ $lw->expects($this->once())
+ ->method('explodeDN')
+ ->with($inputDN, 0)
+ ->will($this->returnValue(false));
+
+ $this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
+ }
+
+ private function getResemblesDNInputData() {
+ return $cases = array(
+ array(
+ 'input' => 'foo=bar,bar=foo,dc=foobar',
+ 'interResult' => array(
+ 'count' => 3,
+ 0 => 'foo=bar',
+ 1 => 'bar=foo',
+ 2 => 'dc=foobar'
+ ),
+ 'expectedResult' => true
+ ),
+ array(
+ 'input' => 'foobarbarfoodcfoobar',
+ 'interResult' => false,
+ 'expectedResult' => false
+ )
+ );
+ }
+
+ public function testStringResemblesDN() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $cases = $this->getResemblesDNInputData();
+
+ $lw->expects($this->exactly(2))
+ ->method('explodeDN')
+ ->will($this->returnCallback(function ($dn) use ($cases) {
+ foreach($cases as $case) {
+ if($dn === $case['input']) {
+ return $case['interResult'];
+ }
+ }
+ }));
+
+ foreach($cases as $case) {
+ $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
+ }
+ }
+
+ public function testStringResemblesDNLDAPmod() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $lw = new \OCA\User_LDAP\LDAP();
+ $access = new Access($con, $lw, $um);
+
+ if(!function_exists('ldap_explode_dn')) {
+ $this->markTestSkipped('LDAP Module not available');
+ }
+
+ $cases = $this->getResemblesDNInputData();
+
+ foreach($cases as $case) {
+ $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
+ }
+ }
+
+ public function testCacheUserHome() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $con->expects($this->once())
+ ->method('writeToCache');
+
+ $access->cacheUserHome('foobar', '/foobars/path');
+ }
+
+ public function testBatchApplyUserAttributes() {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+ $access = new Access($con, $lw, $um);
+ $mapperMock = $this->getMockBuilder('\OCA\User_LDAP\Mapping\UserMapping')
+ ->disableOriginalConstructor()
+ ->getMock();
+
+ $mapperMock->expects($this->any())
+ ->method('getNameByDN')
+ ->will($this->returnValue('a_username'));
+
+ $userMock = $this->getMockBuilder('\OCA\User_LDAP\User\User')
+ ->disableOriginalConstructor()
+ ->getMock();
+
+ $access->connection->expects($this->any())
+ ->method('__get')
+ ->will($this->returnValue('displayName'));
+
+ $access->setUserMapper($mapperMock);
+
+ $displayNameAttribute = strtolower($access->connection->ldapUserDisplayName);
+ $data = array(
+ array(
+ 'dn' => 'foobar',
+ $displayNameAttribute => 'barfoo'
+ ),
+ array(
+ 'dn' => 'foo',
+ $displayNameAttribute => 'bar'
+ ),
+ array(
+ 'dn' => 'raboof',
+ $displayNameAttribute => 'oofrab'
+ )
+ );
+
+ $userMock->expects($this->exactly(count($data)))
+ ->method('processAttributes');
+
+ $um->expects($this->exactly(count($data)))
+ ->method('get')
+ ->will($this->returnValue($userMock));
+
+ $access->batchApplyUserAttributes($data);
+ }
+
+ public function dNAttributeProvider() {
+ // corresponds to Access::resemblesDN()
+ return array(
+ 'dn' => array('dn'),
+ 'uniqueMember' => array('uniquemember'),
+ 'member' => array('member'),
+ 'memberOf' => array('memberof')
+ );
+ }
+
+ /**
+ * @dataProvider dNAttributeProvider
+ */
+ public function testSanitizeDN($attribute) {
+ list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+
+
+ $dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
+
+ $lw->expects($this->any())
+ ->method('isResource')
+ ->will($this->returnValue(true));
+
+ $lw->expects($this->any())
+ ->method('getAttributes')
+ ->will($this->returnValue(array(
+ $attribute => array('count' => 1, $dnFromServer)
+ )));
+
+ $access = new Access($con, $lw, $um);
+ $values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
+ $this->assertSame($values[0], strtolower($dnFromServer));
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests;
+
+class ConfigurationTest extends \Test\TestCase {
+
+ public function configurationDataProvider() {
+ $inputWithDN = array(
+ 'cn=someUsers,dc=example,dc=org',
+ ' ',
+ ' cn=moreUsers,dc=example,dc=org '
+ );
+ $expectWithDN = array(
+ 'cn=someUsers,dc=example,dc=org',
+ 'cn=moreUsers,dc=example,dc=org'
+ );
+
+ $inputNames = array(
+ ' uid ',
+ 'cn ',
+ ' ',
+ '',
+ ' whats my name',
+ ' '
+ );
+ $expectedNames = array('uid', 'cn', 'whats my name');
+
+ $inputString = ' alea iacta est ';
+ $expectedString = 'alea iacta est';
+
+ $inputHomeFolder = array(
+ ' homeDirectory ',
+ ' attr:homeDirectory ',
+ ' '
+ );
+
+ $expectedHomeFolder = array(
+ 'attr:homeDirectory', 'attr:homeDirectory', ''
+ );
+
+ $password = ' such a passw0rd ';
+
+ return array(
+ 'set general base' => array('ldapBase', $inputWithDN, $expectWithDN),
+ 'set user base' => array('ldapBaseUsers', $inputWithDN, $expectWithDN),
+ 'set group base' => array('ldapBaseGroups', $inputWithDN, $expectWithDN),
+
+ 'set search attributes users' => array('ldapAttributesForUserSearch', $inputNames, $expectedNames),
+ 'set search attributes groups' => array('ldapAttributesForGroupSearch', $inputNames, $expectedNames),
+
+ 'set user filter objectclasses' => array('ldapUserFilterObjectclass', $inputNames, $expectedNames),
+ 'set user filter groups' => array('ldapUserFilterGroups', $inputNames, $expectedNames),
+ 'set group filter objectclasses' => array('ldapGroupFilterObjectclass', $inputNames, $expectedNames),
+ 'set group filter groups' => array('ldapGroupFilterGroups', $inputNames, $expectedNames),
+ 'set login filter attributes' => array('ldapLoginFilterAttributes', $inputNames, $expectedNames),
+
+ 'set agent password' => array('ldapAgentPassword', $password, $password),
+
+ 'set home folder, variant 1' => array('homeFolderNamingRule', $inputHomeFolder[0], $expectedHomeFolder[0]),
+ 'set home folder, variant 2' => array('homeFolderNamingRule', $inputHomeFolder[1], $expectedHomeFolder[1]),
+ 'set home folder, empty' => array('homeFolderNamingRule', $inputHomeFolder[2], $expectedHomeFolder[2]),
+
+ // default behaviour, one case is enough, special needs must be tested
+ // individually
+ 'set string value' => array('ldapHost', $inputString, $expectedString),
+ );
+ }
+
+ /**
+ * @dataProvider configurationDataProvider
+ */
+ public function testSetValue($key, $input, $expected) {
+ $configuration = new \OCA\User_LDAP\Configuration('t01', false);
+
+ $settingsInput = array(
+ 'ldapBaseUsers' => array(
+ 'cn=someUsers,dc=example,dc=org',
+ ' ',
+ ' cn=moreUsers,dc=example,dc=org '
+ )
+ );
+
+ $configuration->setConfiguration([$key => $input]);
+ $this->assertSame($configuration->$key, $expected);
+ }
+
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests;
+use OCA\User_LDAP\Connection;
+
+/**
+ * Class Test_Connection
+ *
+ * @group DB
+ *
+ * @package OCA\User_LDAP\Tests
+ */
+class ConnectionTest extends \Test\TestCase {
+ /** @var \OCA\User_LDAP\ILDAPWrapper */
+ protected $ldap;
+
+ /** @var Connection */
+ protected $connection;
+
+ public function setUp() {
+ parent::setUp();
+
+ $this->ldap = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
+ // we use a mock here to replace the cache mechanism, due to missing DI in LDAP backend.
+ $this->connection = $this->getMockBuilder('OCA\User_LDAP\Connection')
+ ->setMethods(['getFromCache', 'writeToCache'])
+ ->setConstructorArgs([$this->ldap, '', null])
+ ->getMock();
+
+ $this->ldap->expects($this->any())
+ ->method('areLDAPFunctionsAvailable')
+ ->will($this->returnValue(true));
+ }
+
+ public function testOriginalAgentUnchangedOnClone() {
+ //background: upon login a bind is done with the user credentials
+ //which is valid for the whole LDAP resource. It needs to be reset
+ //to the agent's credentials
+ $lw = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
+
+ $connection = new Connection($lw, '', null);
+ $agent = array(
+ 'ldapAgentName' => 'agent',
+ 'ldapAgentPassword' => '123456',
+ );
+ $connection->setConfiguration($agent);
+
+ $testConnection = clone $connection;
+ $user = array(
+ 'ldapAgentName' => 'user',
+ 'ldapAgentPassword' => 'password',
+ );
+ $testConnection->setConfiguration($user);
+
+ $agentName = $connection->ldapAgentName;
+ $agentPawd = $connection->ldapAgentPassword;
+
+ $this->assertSame($agentName, $agent['ldapAgentName']);
+ $this->assertSame($agentPawd, $agent['ldapAgentPassword']);
+ }
+
+ public function testUseBackupServer() {
+ $mainHost = 'ldap://nixda.ldap';
+ $backupHost = 'ldap://fallback.ldap';
+ $config = [
+ 'ldapConfigurationActive' => true,
+ 'ldapHost' => $mainHost,
+ 'ldapPort' => 389,
+ 'ldapBackupHost' => $backupHost,
+ 'ldapBackupPort' => 389,
+ 'ldapAgentName' => 'uid=agent',
+ 'ldapAgentPassword' => 'SuchASecret'
+ ];
+
+ $this->connection->setIgnoreValidation(true);
+ $this->connection->setConfiguration($config);
+
+ $this->ldap->expects($this->any())
+ ->method('isResource')
+ ->will($this->returnValue(true));
+
+ $this->ldap->expects($this->any())
+ ->method('setOption')
+ ->will($this->returnValue(true));
+
+ $this->ldap->expects($this->exactly(3))
+ ->method('connect')
+ ->will($this->returnValue('ldapResource'));
+
+ // Not called often enough? Then, the fallback to the backup server is broken.
+ $this->connection->expects($this->exactly(4))
+ ->method('getFromCache')
+ ->with('overrideMainServer')
+ ->will($this->onConsecutiveCalls(false, false, true, true));
+
+ $this->connection->expects($this->once())
+ ->method('writeToCache')
+ ->with('overrideMainServer', true);
+
+ $isThrown = false;
+ $this->ldap->expects($this->exactly(3))
+ ->method('bind')
+ ->will($this->returnCallback(function () use (&$isThrown) {
+ if(!$isThrown) {
+ $isThrown = true;
+ throw new \OC\ServerNotAvailableException();
+ }
+ return true;
+ }));
+
+ $this->connection->init();
+ $this->connection->resetConnectionResource();
+ // with the second init() we test whether caching works
+ $this->connection->init();
+ }
+
+}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Frédéric Fortier <frederic.fortier@oronospolytechnique.com>
- * @author Joas Schilling <nickvergessen@owncloud.com>
- * @author Lukas Reschke <lukas@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests;
-
-use OCA\User_LDAP\Group_LDAP as GroupLDAP;
-use OCA\User_LDAP\Access;
-use OCA\User_LDAP\Connection;
-
-/**
- * Class GroupLDAPTest
- *
- * @group DB
- *
- * @package OCA\user_ldap\tests
- */
-class GroupLDAPTest extends \Test\TestCase {
- private function getAccessMock() {
- static $conMethods;
- static $accMethods;
-
- if(is_null($conMethods) || is_null($accMethods)) {
- $conMethods = get_class_methods('\OCA\User_LDAP\Connection');
- $accMethods = get_class_methods('\OCA\User_LDAP\Access');
- }
- $lw = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
- $connector = $this->getMock('\OCA\User_LDAP\Connection',
- $conMethods,
- array($lw, null, null));
- $um = $this->getMockBuilder('\OCA\User_LDAP\User\Manager')
- ->disableOriginalConstructor()
- ->getMock();
- $access = $this->getMock('\OCA\User_LDAP\Access',
- $accMethods,
- array($connector, $lw, $um));
-
- $access->expects($this->any())
- ->method('getConnection')
- ->will($this->returnValue($connector));
-
- return $access;
- }
-
- private function enableGroups($access) {
- $access->connection->expects($this->any())
- ->method('__get')
- ->will($this->returnCallback(function($name) {
- if($name === 'ldapDynamicGroupMemberURL') {
- return '';
- }
- return 1;
- }));
- }
-
- public function testCountEmptySearchString() {
- $access = $this->getAccessMock();
-
- $this->enableGroups($access);
-
- $access->expects($this->any())
- ->method('groupname2dn')
- ->will($this->returnValue('cn=group,dc=foo,dc=bar'));
-
- $access->expects($this->any())
- ->method('readAttribute')
- ->will($this->returnValue(array('u11', 'u22', 'u33', 'u34')));
-
- // for primary groups
- $access->expects($this->once())
- ->method('countUsers')
- ->will($this->returnValue(2));
-
- $groupBackend = new GroupLDAP($access);
- $users = $groupBackend->countUsersInGroup('group');
-
- $this->assertSame(6, $users);
- }
-
- public function testCountWithSearchString() {
- $access = $this->getAccessMock();
-
- $this->enableGroups($access);
-
- $access->expects($this->any())
- ->method('groupname2dn')
- ->will($this->returnValue('cn=group,dc=foo,dc=bar'));
-
- $access->expects($this->any())
- ->method('fetchListOfUsers')
- ->will($this->returnValue(array()));
-
- $access->expects($this->any())
- ->method('readAttribute')
- ->will($this->returnCallback(function($name) {
- //the search operation will call readAttribute, thus we need
- //to anaylze the "dn". All other times we just need to return
- //something that is neither null or false, but once an array
- //with the users in the group – so we do so all other times for
- //simplicicity.
- if(strpos($name, 'u') === 0) {
- return strpos($name, '3');
- }
- return array('u11', 'u22', 'u33', 'u34');
- }));
-
- $access->expects($this->any())
- ->method('dn2username')
- ->will($this->returnCallback(function() {
- return 'foobar' . \OCP\Util::generateRandomBytes(7);
- }));
-
- $groupBackend = new GroupLDAP($access);
- $users = $groupBackend->countUsersInGroup('group', '3');
-
- $this->assertSame(2, $users);
- }
-
- public function testPrimaryGroupID2NameSuccess() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
-
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
-
- $access->expects($this->once())
- ->method('searchGroups')
- ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
-
- $access->expects($this->once())
- ->method('dn2groupname')
- ->with('cn=foo,dc=barfoo,dc=bar')
- ->will($this->returnValue('MyGroup'));
-
- $groupBackend = new GroupLDAP($access);
-
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
-
- $this->assertSame('MyGroup', $group);
- }
-
- public function testPrimaryGroupID2NameNoSID() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
-
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->will($this->returnValue(false));
-
- $access->expects($this->never())
- ->method('searchGroups');
-
- $access->expects($this->never())
- ->method('dn2groupname');
-
- $groupBackend = new GroupLDAP($access);
-
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
-
- $this->assertSame(false, $group);
- }
-
- public function testPrimaryGroupID2NameNoGroup() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
-
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
-
- $access->expects($this->once())
- ->method('searchGroups')
- ->will($this->returnValue(array()));
-
- $access->expects($this->never())
- ->method('dn2groupname');
-
- $groupBackend = new GroupLDAP($access);
-
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
-
- $this->assertSame(false, $group);
- }
-
- public function testPrimaryGroupID2NameNoName() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
-
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
-
- $access->expects($this->once())
- ->method('searchGroups')
- ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
-
- $access->expects($this->once())
- ->method('dn2groupname')
- ->will($this->returnValue(false));
-
- $groupBackend = new GroupLDAP($access);
-
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
-
- $this->assertSame(false, $group);
- }
-
- public function testGetEntryGroupIDValue() {
- //tests getEntryGroupID via getGroupPrimaryGroupID
- //which is basically identical to getUserPrimaryGroupIDs
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
- $attr = 'primaryGroupToken';
-
- $access->expects($this->once())
- ->method('readAttribute')
- ->with($dn, $attr)
- ->will($this->returnValue(array('3117')));
-
- $groupBackend = new GroupLDAP($access);
-
- $gid = $groupBackend->getGroupPrimaryGroupID($dn);
-
- $this->assertSame('3117', $gid);
- }
-
- public function testGetEntryGroupIDNoValue() {
- //tests getEntryGroupID via getGroupPrimaryGroupID
- //which is basically identical to getUserPrimaryGroupIDs
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
- $attr = 'primaryGroupToken';
-
- $access->expects($this->once())
- ->method('readAttribute')
- ->with($dn, $attr)
- ->will($this->returnValue(false));
-
- $groupBackend = new GroupLDAP($access);
-
- $gid = $groupBackend->getGroupPrimaryGroupID($dn);
-
- $this->assertSame(false, $gid);
- }
-
- /**
- * tests whether Group Backend behaves correctly when cache with uid and gid
- * is hit
- */
- public function testInGroupHitsUidGidCache() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $uid = 'someUser';
- $gid = 'someGroup';
- $cacheKey = 'inGroup'.$uid.':'.$gid;
-
- $access->connection->expects($this->once())
- ->method('getFromCache')
- ->with($cacheKey)
- ->will($this->returnValue(true));
-
- $access->expects($this->never())
- ->method('username2dn');
-
- $groupBackend = new GroupLDAP($access);
- $groupBackend->inGroup($uid, $gid);
- }
-
- public function testGetGroupsWithOffset() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $access->expects($this->once())
- ->method('ownCloudGroupNames')
- ->will($this->returnValue(array('group1', 'group2')));
-
- $groupBackend = new GroupLDAP($access);
- $groups = $groupBackend->getGroups('', 2, 2);
-
- $this->assertSame(2, count($groups));
- }
-
- /**
- * tests that a user listing is complete, if all it's members have the group
- * as their primary.
- */
- public function testUsersInGroupPrimaryMembersOnly() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->will($this->returnValue(null));
-
- $access->expects($this->any())
- ->method('readAttribute')
- ->will($this->returnCallback(function($dn, $attr) {
- if($attr === 'primaryGroupToken') {
- return array(1337);
- }
- return array();
- }));
-
- $access->expects($this->any())
- ->method('groupname2dn')
- ->will($this->returnValue('cn=foobar,dc=foo,dc=bar'));
-
- $access->expects($this->once())
- ->method('ownCloudUserNames')
- ->will($this->returnValue(array('lisa', 'bart', 'kira', 'brad')));
-
- $groupBackend = new GroupLDAP($access);
- $users = $groupBackend->usersInGroup('foobar');
-
- $this->assertSame(4, count($users));
- }
-
- /**
- * tests that a user counting is complete, if all it's members have the group
- * as their primary.
- */
- public function testCountUsersInGroupPrimaryMembersOnly() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->will($this->returnValue(null));
-
- $access->expects($this->any())
- ->method('readAttribute')
- ->will($this->returnCallback(function($dn, $attr) {
- if($attr === 'primaryGroupToken') {
- return array(1337);
- }
- return array();
- }));
-
- $access->expects($this->any())
- ->method('groupname2dn')
- ->will($this->returnValue('cn=foobar,dc=foo,dc=bar'));
-
- $access->expects($this->once())
- ->method('countUsers')
- ->will($this->returnValue(4));
-
- $groupBackend = new GroupLDAP($access);
- $users = $groupBackend->countUsersInGroup('foobar');
-
- $this->assertSame(4, $users);
- }
-
- public function testGetUserGroupsMemberOf() {
- $access = $this->getAccessMock();
- $this->enableGroups($access);
-
- $dn = 'cn=userX,dc=foobar';
-
- $access->connection->hasPrimaryGroups = false;
-
- $access->expects($this->any())
- ->method('username2dn')
- ->will($this->returnValue($dn));
-
- $access->expects($this->exactly(3))
- ->method('readAttribute')
- ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], []));
-
- $access->expects($this->exactly(2))
- ->method('dn2groupname')
- ->will($this->returnArgument(0));
-
- $access->expects($this->exactly(3))
- ->method('groupsMatchFilter')
- ->will($this->returnArgument(0));
-
- $groupBackend = new GroupLDAP($access);
- $groups = $groupBackend->getUserGroups('userX');
-
- $this->assertSame(2, count($groups));
- }
-
- public function testGetUserGroupsMemberOfDisabled() {
- $access = $this->getAccessMock();
-
- $access->connection->expects($this->any())
- ->method('__get')
- ->will($this->returnCallback(function($name) {
- if($name === 'useMemberOfToDetectMembership') {
- return 0;
- } else if($name === 'ldapDynamicGroupMemberURL') {
- return '';
- }
- return 1;
- }));
-
- $dn = 'cn=userX,dc=foobar';
-
- $access->connection->hasPrimaryGroups = false;
-
- $access->expects($this->once())
- ->method('username2dn')
- ->will($this->returnValue($dn));
-
- $access->expects($this->never())
- ->method('readAttribute')
- ->with($dn, 'memberOf');
-
- $access->expects($this->once())
- ->method('ownCloudGroupNames')
- ->will($this->returnValue([]));
-
- $groupBackend = new GroupLDAP($access);
- $groupBackend->getUserGroups('userX');
- }
-
-}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Frédéric Fortier <frederic.fortier@oronospolytechnique.com>
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ * @author Lukas Reschke <lukas@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests;
+
+use OCA\User_LDAP\Group_LDAP as GroupLDAP;
+use OCA\User_LDAP\Access;
+use OCA\User_LDAP\Connection;
+
+/**
+ * Class GroupLDAPTest
+ *
+ * @group DB
+ *
+ * @package OCA\User_LDAP\Tests
+ */
+class Group_LDAPTest extends \Test\TestCase {
+ private function getAccessMock() {
+ static $conMethods;
+ static $accMethods;
+
+ if(is_null($conMethods) || is_null($accMethods)) {
+ $conMethods = get_class_methods('\OCA\User_LDAP\Connection');
+ $accMethods = get_class_methods('\OCA\User_LDAP\Access');
+ }
+ $lw = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
+ $connector = $this->getMock('\OCA\User_LDAP\Connection',
+ $conMethods,
+ array($lw, null, null));
+ $um = $this->getMockBuilder('\OCA\User_LDAP\User\Manager')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $access = $this->getMock('\OCA\User_LDAP\Access',
+ $accMethods,
+ array($connector, $lw, $um));
+
+ $access->expects($this->any())
+ ->method('getConnection')
+ ->will($this->returnValue($connector));
+
+ return $access;
+ }
+
+ private function enableGroups($access) {
+ $access->connection->expects($this->any())
+ ->method('__get')
+ ->will($this->returnCallback(function($name) {
+ if($name === 'ldapDynamicGroupMemberURL') {
+ return '';
+ }
+ return 1;
+ }));
+ }
+
+ public function testCountEmptySearchString() {
+ $access = $this->getAccessMock();
+
+ $this->enableGroups($access);
+
+ $access->expects($this->any())
+ ->method('groupname2dn')
+ ->will($this->returnValue('cn=group,dc=foo,dc=bar'));
+
+ $access->expects($this->any())
+ ->method('readAttribute')
+ ->will($this->returnValue(array('u11', 'u22', 'u33', 'u34')));
+
+ // for primary groups
+ $access->expects($this->once())
+ ->method('countUsers')
+ ->will($this->returnValue(2));
+
+ $groupBackend = new GroupLDAP($access);
+ $users = $groupBackend->countUsersInGroup('group');
+
+ $this->assertSame(6, $users);
+ }
+
+ public function testCountWithSearchString() {
+ $access = $this->getAccessMock();
+
+ $this->enableGroups($access);
+
+ $access->expects($this->any())
+ ->method('groupname2dn')
+ ->will($this->returnValue('cn=group,dc=foo,dc=bar'));
+
+ $access->expects($this->any())
+ ->method('fetchListOfUsers')
+ ->will($this->returnValue(array()));
+
+ $access->expects($this->any())
+ ->method('readAttribute')
+ ->will($this->returnCallback(function($name) {
+ //the search operation will call readAttribute, thus we need
+ //to anaylze the "dn". All other times we just need to return
+ //something that is neither null or false, but once an array
+ //with the users in the group – so we do so all other times for
+ //simplicicity.
+ if(strpos($name, 'u') === 0) {
+ return strpos($name, '3');
+ }
+ return array('u11', 'u22', 'u33', 'u34');
+ }));
+
+ $access->expects($this->any())
+ ->method('dn2username')
+ ->will($this->returnCallback(function() {
+ return 'foobar' . \OCP\Util::generateRandomBytes(7);
+ }));
+
+ $groupBackend = new GroupLDAP($access);
+ $users = $groupBackend->countUsersInGroup('group', '3');
+
+ $this->assertSame(2, $users);
+ }
+
+ public function testPrimaryGroupID2NameSuccess() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
+
+ $access->expects($this->once())
+ ->method('getSID')
+ ->with($userDN)
+ ->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
+
+ $access->expects($this->once())
+ ->method('searchGroups')
+ ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
+
+ $access->expects($this->once())
+ ->method('dn2groupname')
+ ->with('cn=foo,dc=barfoo,dc=bar')
+ ->will($this->returnValue('MyGroup'));
+
+ $groupBackend = new GroupLDAP($access);
+
+ $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
+
+ $this->assertSame('MyGroup', $group);
+ }
+
+ public function testPrimaryGroupID2NameNoSID() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
+
+ $access->expects($this->once())
+ ->method('getSID')
+ ->with($userDN)
+ ->will($this->returnValue(false));
+
+ $access->expects($this->never())
+ ->method('searchGroups');
+
+ $access->expects($this->never())
+ ->method('dn2groupname');
+
+ $groupBackend = new GroupLDAP($access);
+
+ $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
+
+ $this->assertSame(false, $group);
+ }
+
+ public function testPrimaryGroupID2NameNoGroup() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
+
+ $access->expects($this->once())
+ ->method('getSID')
+ ->with($userDN)
+ ->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
+
+ $access->expects($this->once())
+ ->method('searchGroups')
+ ->will($this->returnValue(array()));
+
+ $access->expects($this->never())
+ ->method('dn2groupname');
+
+ $groupBackend = new GroupLDAP($access);
+
+ $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
+
+ $this->assertSame(false, $group);
+ }
+
+ public function testPrimaryGroupID2NameNoName() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
+
+ $access->expects($this->once())
+ ->method('getSID')
+ ->with($userDN)
+ ->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
+
+ $access->expects($this->once())
+ ->method('searchGroups')
+ ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
+
+ $access->expects($this->once())
+ ->method('dn2groupname')
+ ->will($this->returnValue(false));
+
+ $groupBackend = new GroupLDAP($access);
+
+ $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
+
+ $this->assertSame(false, $group);
+ }
+
+ public function testGetEntryGroupIDValue() {
+ //tests getEntryGroupID via getGroupPrimaryGroupID
+ //which is basically identical to getUserPrimaryGroupIDs
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
+ $attr = 'primaryGroupToken';
+
+ $access->expects($this->once())
+ ->method('readAttribute')
+ ->with($dn, $attr)
+ ->will($this->returnValue(array('3117')));
+
+ $groupBackend = new GroupLDAP($access);
+
+ $gid = $groupBackend->getGroupPrimaryGroupID($dn);
+
+ $this->assertSame('3117', $gid);
+ }
+
+ public function testGetEntryGroupIDNoValue() {
+ //tests getEntryGroupID via getGroupPrimaryGroupID
+ //which is basically identical to getUserPrimaryGroupIDs
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
+ $attr = 'primaryGroupToken';
+
+ $access->expects($this->once())
+ ->method('readAttribute')
+ ->with($dn, $attr)
+ ->will($this->returnValue(false));
+
+ $groupBackend = new GroupLDAP($access);
+
+ $gid = $groupBackend->getGroupPrimaryGroupID($dn);
+
+ $this->assertSame(false, $gid);
+ }
+
+ /**
+ * tests whether Group Backend behaves correctly when cache with uid and gid
+ * is hit
+ */
+ public function testInGroupHitsUidGidCache() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $uid = 'someUser';
+ $gid = 'someGroup';
+ $cacheKey = 'inGroup'.$uid.':'.$gid;
+
+ $access->connection->expects($this->once())
+ ->method('getFromCache')
+ ->with($cacheKey)
+ ->will($this->returnValue(true));
+
+ $access->expects($this->never())
+ ->method('username2dn');
+
+ $groupBackend = new GroupLDAP($access);
+ $groupBackend->inGroup($uid, $gid);
+ }
+
+ public function testGetGroupsWithOffset() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $access->expects($this->once())
+ ->method('ownCloudGroupNames')
+ ->will($this->returnValue(array('group1', 'group2')));
+
+ $groupBackend = new GroupLDAP($access);
+ $groups = $groupBackend->getGroups('', 2, 2);
+
+ $this->assertSame(2, count($groups));
+ }
+
+ /**
+ * tests that a user listing is complete, if all it's members have the group
+ * as their primary.
+ */
+ public function testUsersInGroupPrimaryMembersOnly() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $access->connection->expects($this->any())
+ ->method('getFromCache')
+ ->will($this->returnValue(null));
+
+ $access->expects($this->any())
+ ->method('readAttribute')
+ ->will($this->returnCallback(function($dn, $attr) {
+ if($attr === 'primaryGroupToken') {
+ return array(1337);
+ }
+ return array();
+ }));
+
+ $access->expects($this->any())
+ ->method('groupname2dn')
+ ->will($this->returnValue('cn=foobar,dc=foo,dc=bar'));
+
+ $access->expects($this->once())
+ ->method('ownCloudUserNames')
+ ->will($this->returnValue(array('lisa', 'bart', 'kira', 'brad')));
+
+ $groupBackend = new GroupLDAP($access);
+ $users = $groupBackend->usersInGroup('foobar');
+
+ $this->assertSame(4, count($users));
+ }
+
+ /**
+ * tests that a user counting is complete, if all it's members have the group
+ * as their primary.
+ */
+ public function testCountUsersInGroupPrimaryMembersOnly() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $access->connection->expects($this->any())
+ ->method('getFromCache')
+ ->will($this->returnValue(null));
+
+ $access->expects($this->any())
+ ->method('readAttribute')
+ ->will($this->returnCallback(function($dn, $attr) {
+ if($attr === 'primaryGroupToken') {
+ return array(1337);
+ }
+ return array();
+ }));
+
+ $access->expects($this->any())
+ ->method('groupname2dn')
+ ->will($this->returnValue('cn=foobar,dc=foo,dc=bar'));
+
+ $access->expects($this->once())
+ ->method('countUsers')
+ ->will($this->returnValue(4));
+
+ $groupBackend = new GroupLDAP($access);
+ $users = $groupBackend->countUsersInGroup('foobar');
+
+ $this->assertSame(4, $users);
+ }
+
+ public function testGetUserGroupsMemberOf() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $dn = 'cn=userX,dc=foobar';
+
+ $access->connection->hasPrimaryGroups = false;
+
+ $access->expects($this->any())
+ ->method('username2dn')
+ ->will($this->returnValue($dn));
+
+ $access->expects($this->exactly(3))
+ ->method('readAttribute')
+ ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], []));
+
+ $access->expects($this->exactly(2))
+ ->method('dn2groupname')
+ ->will($this->returnArgument(0));
+
+ $access->expects($this->exactly(3))
+ ->method('groupsMatchFilter')
+ ->will($this->returnArgument(0));
+
+ $groupBackend = new GroupLDAP($access);
+ $groups = $groupBackend->getUserGroups('userX');
+
+ $this->assertSame(2, count($groups));
+ }
+
+ public function testGetUserGroupsMemberOfDisabled() {
+ $access = $this->getAccessMock();
+
+ $access->connection->expects($this->any())
+ ->method('__get')
+ ->will($this->returnCallback(function($name) {
+ if($name === 'useMemberOfToDetectMembership') {
+ return 0;
+ } else if($name === 'ldapDynamicGroupMemberURL') {
+ return '';
+ }
+ return 1;
+ }));
+
+ $dn = 'cn=userX,dc=foobar';
+
+ $access->connection->hasPrimaryGroups = false;
+
+ $access->expects($this->once())
+ ->method('username2dn')
+ ->will($this->returnValue($dn));
+
+ $access->expects($this->never())
+ ->method('readAttribute')
+ ->with($dn, 'memberOf');
+
+ $access->expects($this->once())
+ ->method('ownCloudGroupNames')
+ ->will($this->returnValue([]));
+
+ $groupBackend = new GroupLDAP($access);
+ $groupBackend->getUserGroups('userX');
+ }
+
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration;
+
+use OCA\User_LDAP\Access;
+use OCA\User_LDAP\Connection;
+use OCA\User_LDAP\LDAP;
+use OCA\User_LDAP\User\Manager;
+
+abstract class AbstractIntegrationTest {
+ /** @var LDAP */
+ protected $ldap;
+
+ /** @var Connection */
+ protected $connection;
+
+ /** @var Access */
+ protected $access;
+
+ /** @var Manager */
+ protected $userManager;
+
+ /** @var string */
+ protected $base;
+
+ /** @var string[] */
+ protected $server;
+
+ public function __construct($host, $port, $bind, $pwd, $base) {
+ $this->base = $base;
+ $this->server = [
+ 'host' => $host,
+ 'port' => $port,
+ 'dn' => $bind,
+ 'pwd' => $pwd
+ ];
+ }
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ $this->initLDAPWrapper();
+ $this->initConnection();
+ $this->initUserManager();
+ $this->initAccess();
+
+ }
+
+ /**
+ * initializes the test LDAP wrapper
+ */
+ protected function initLDAPWrapper() {
+ $this->ldap = new LDAP();
+ }
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ $this->connection = new Connection($this->ldap, '', null);
+ $this->connection->setConfiguration([
+ 'ldapHost' => $this->server['host'],
+ 'ldapPort' => $this->server['port'],
+ 'ldapBase' => $this->base,
+ 'ldapAgentName' => $this->server['dn'],
+ 'ldapAgentPassword' => $this->server['pwd'],
+ 'ldapUserFilter' => 'objectclass=inetOrgPerson',
+ 'ldapUserDisplayName' => 'cn',
+ 'ldapGroupDisplayName' => 'cn',
+ 'ldapLoginFilter' => '(|(uid=%uid)(samaccountname=%uid))',
+ 'ldapCacheTTL' => 0,
+ 'ldapConfigurationActive' => 1,
+ ]);
+ }
+
+ /**
+ * initializes an LDAP user manager instance
+ * @return Manager
+ */
+ protected function initUserManager() {
+ $this->userManager = new FakeManager();
+ }
+
+ /**
+ * initializes the Access test instance
+ */
+ protected function initAccess() {
+ $this->access = new Access($this->connection, $this->ldap, $this->userManager);
+ }
+
+ /**
+ * runs the test cases while outputting progress and result information
+ *
+ * If a test failed, the script is exited with return code 1.
+ */
+ public function run() {
+ $methods = get_class_methods($this);
+ $atLeastOneCaseRan = false;
+ foreach($methods as $method) {
+ if(strpos($method, 'case') === 0) {
+ print("running $method " . PHP_EOL);
+ if(!$this->$method()) {
+ print(PHP_EOL . '>>> !!! Test ' . $method . ' FAILED !!! <<<' . PHP_EOL . PHP_EOL);
+ exit(1);
+ }
+ $atLeastOneCaseRan = true;
+ }
+ }
+ if($atLeastOneCaseRan) {
+ print('Tests succeeded' . PHP_EOL);
+ } else {
+ print('No Test was available.' . PHP_EOL);
+ exit(1);
+ }
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration;
+
+
+use OC\ServerNotAvailableException;
+use OCA\User_LDAP\LDAP;
+
+/**
+ * Class ExceptionOnLostConnection
+ *
+ * integration test, ensures that an exception is thrown, when the connection is lost.
+ *
+ * LDAP must be available via toxiproxy.
+ *
+ * This test must be run manually.
+ *
+ */
+class ExceptionOnLostConnection {
+ /** @var string */
+ private $toxiProxyHost;
+
+ /** @var string */
+ private $toxiProxyName;
+
+ /** @var string */
+ private $ldapBase;
+
+ /** @var string|null */
+ private $ldapBindDN;
+
+ /** @var string|null */
+ private $ldapBindPwd;
+
+ /** @var string */
+ private $ldapHost;
+
+ /** @var \OCA\User_LDAP\LDAP */
+ private $ldap;
+
+ /** @var bool */
+ private $originalProxyState;
+
+ /**
+ * @param string $proxyHost host of toxiproxy as url, like http://localhost:8474
+ * @param string $proxyName name of the LDAP proxy service as configured in toxiProxy
+ * @param string $ldapBase any valid LDAP base DN
+ * @param null $bindDN optional, bind DN if anonymous bind is not possible
+ * @param null $bindPwd optional
+ */
+ public function __construct($proxyHost, $proxyName, $ldapBase, $bindDN = null, $bindPwd = null) {
+ $this->toxiProxyHost = $proxyHost;
+ $this->toxiProxyName = $proxyName;
+ $this->ldapBase = $ldapBase;
+ $this->ldapBindDN = $bindDN;
+ $this->ldapBindPwd = $bindPwd;
+
+ $this->setUp();
+ }
+
+ /**
+ * destructor
+ */
+ public function __destruct() {
+ $this->cleanUp();
+ }
+
+ /**
+ * prepares everything for the test run. Includes loading ownCloud and
+ * the LDAP backend, as well as getting information about toxiproxy.
+ * Also creates an instance of the LDAP class, the testee
+ *
+ * @throws Exception
+ */
+ public function setUp() {
+ require_once __DIR__ . '/../../../../lib/base.php';
+ \OC_App::loadApps('user_ldap');
+
+ $ch = $this->getCurl();
+ $proxyInfoJson = curl_exec($ch);
+ $this->checkCurlResult($ch, $proxyInfoJson);
+ $proxyInfo = json_decode($proxyInfoJson, true);
+ $this->originalProxyState = $proxyInfo['enabled'];
+ $this->ldapHost = 'ldap://' . $proxyInfo['listen']; // contains port as well
+
+ $this->ldap = new LDAP();
+ }
+
+ /**
+ * restores original state of the LDAP proxy, if necessary
+ */
+ public function cleanUp() {
+ if($this->originalProxyState === true) {
+ $this->setProxyState(true);
+ }
+ }
+
+ /**
+ * runs the test and prints the result. Exit code is 0 if successful, 1 on
+ * fail
+ */
+ public function run() {
+ if($this->originalProxyState === false) {
+ $this->setProxyState(true);
+ }
+ //host contains port, 2nd parameter will be ignored
+ $cr = $this->ldap->connect($this->ldapHost, 0);
+ $this->ldap->bind($cr, $this->ldapBindDN, $this->ldapBindPwd);
+ $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', array('dn'), true, 5);
+
+ // disable LDAP, will cause lost connection
+ $this->setProxyState(false);
+ try {
+ $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', array('dn'), true, 5);
+ } catch (ServerNotAvailableException $e) {
+ print("Test PASSED" . PHP_EOL);
+ exit(0);
+ }
+ print("Test FAILED" . PHP_EOL);
+ exit(1);
+ }
+
+ /**
+ * tests whether a curl operation ran successfully. If not, an exception
+ * is thrown
+ *
+ * @param resource $ch
+ * @param mixed $result
+ * @throws Exception
+ */
+ private function checkCurlResult($ch, $result) {
+ if($result === false) {
+ $error = curl_error($ch);
+ curl_close($ch);
+ throw new \Exception($error);
+ }
+ }
+
+ /**
+ * enables or disabled the LDAP proxy service in toxiproxy
+ *
+ * @param bool $isEnabled whether is should be enabled or disables
+ * @throws Exception
+ */
+ private function setProxyState($isEnabled) {
+ if(!is_bool($isEnabled)) {
+ throw new \InvalidArgumentException('Bool expected');
+ }
+ $postData = json_encode(['enabled' => $isEnabled]);
+ $ch = $this->getCurl();
+ curl_setopt($ch, CURLOPT_POST, true);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
+ curl_setopt($ch, CURLOPT_HTTPHEADER, array(
+ 'Content-Type: application/json',
+ 'Content-Length: ' . strlen($postData))
+ );
+ $recvd = curl_exec($ch);
+ $this->checkCurlResult($ch, $recvd);
+ }
+
+ /**
+ * initializes a curl handler towards the toxiproxy LDAP proxy service
+ * @return resource
+ */
+ private function getCurl() {
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $this->toxiProxyHost . '/proxies/' . $this->toxiProxyName);
+ curl_setopt($ch, CURLOPT_HEADER, false);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ return $ch;
+ }
+}
+
+$test = new ExceptionOnLostConnection('http://localhost:8474', 'ldap', 'dc=owncloud,dc=bzoc');
+$test->run();
+
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration;
+
+/**
+ * Class FakeManager
+ *
+ * this is a mock of \OCA\User_LDAP\User\Manager which is a dependency of
+ * Access, that pulls plenty more things in. Because it is not needed in the
+ * scope of these tests, we replace it with a mock.
+ */
+class FakeManager extends \OCA\User_LDAP\User\Manager {
+ public function __construct() {
+ $this->ocConfig = \OC::$server->getConfig();
+ $this->image = new \OCP\Image();
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
+ require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
+ require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
+ parent::init();
+ }
+
+ /**
+ * tests whether the group filter works with one specific group, while the
+ * input is the same.
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
+
+ $dns = ['cn=RedGroup,ou=Groups,' . $this->base];
+ $result = $this->access->groupsMatchFilter($dns);
+ return ($dns === $result);
+ }
+
+ /**
+ * Tests whether a filter for limited groups is effective when more existing
+ * groups were passed for validation.
+ *
+ * @return bool
+ */
+ protected function case2() {
+ $this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
+
+ $dns = [
+ 'cn=RedGroup,ou=Groups,' . $this->base,
+ 'cn=BlueGroup,ou=Groups,' . $this->base,
+ 'cn=PurpleGroup,ou=Groups,' . $this->base
+ ];
+ $result = $this->access->groupsMatchFilter($dns);
+
+ $status =
+ count($result) === 2
+ && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
+ && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
+
+ return $status;
+ }
+
+ /**
+ * Tests whether a filter for limited groups is effective when more existing
+ * groups were passed for validation.
+ *
+ * @return bool
+ */
+ protected function case3() {
+ $this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
+
+ $dns = [
+ 'cn=RedGroup,ou=Groups,' . $this->base,
+ 'cn=PurpleGroup,ou=Groups,' . $this->base,
+ 'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
+ ];
+ $result = $this->access->groupsMatchFilter($dns);
+
+ $status =
+ count($result) === 2
+ && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
+ && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
+
+ return $status;
+ }
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ parent::initConnection();
+ $this->connection->setConfiguration([
+ 'ldapBaseGroups' => 'ou=Groups,' . $this->base,
+ 'ldapUserFilter' => 'objectclass=inetOrgPerson',
+ 'ldapUserDisplayName' => 'displayName',
+ 'ldapGroupDisplayName' => 'cn',
+ 'ldapLoginFilter' => 'uid=%uid',
+ ]);
+ }
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\User_LDAP;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestBackupServer extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /** @var User_LDAP */
+ protected $backend;
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ parent::initConnection();
+ $originalHost = $this->connection->ldapHost;
+ $originalPort = $this->connection->ldapPort;
+ $this->connection->setConfiguration([
+ 'ldapHost' => 'qwertz.uiop',
+ 'ldapPort' => '32123',
+ 'ldap_backup_host' => $originalHost,
+ 'ldap_backup_port' => $originalPort,
+ ]);
+ }
+
+ /**
+ * tests that a backup connection is being used when the main LDAP server
+ * is offline
+ *
+ * Beware: after starting docker, the LDAP host might not be ready yet, thus
+ * causing a false positive. Retry in that case… or increase the sleep time
+ * in run-test.sh
+ *
+ * @return bool
+ */
+ protected function case1() {
+ try {
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * ensures that an exception is thrown if LDAP main server and LDAP backup
+ * server are not available
+ *
+ * @return bool
+ */
+ protected function case2() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ try {
+ $this->connection->setConfiguration([
+ 'ldap_backup_host' => 'qwertz.uiop',
+ 'ldap_backup_port' => '32123',
+ ]);
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * ensures that an exception is thrown if main LDAP server is down and a
+ * backup server is not given
+ *
+ * @return bool
+ */
+ protected function case3() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ try {
+ $this->connection->setConfiguration([
+ 'ldap_backup_host' => '',
+ 'ldap_backup_port' => '',
+ ]);
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return true;
+ }
+ return false;
+ }
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationBackupServer($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestBatchApplyUserAttributes extends AbstractIntegrationTest {
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
+ require(__DIR__ . '/../setup-scripts/createUsersWithoutDisplayName.php');
+ parent::init();
+
+ $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+ $this->mapping->clear();
+ $this->access->setUserMapper($this->mapping);
+ }
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ parent::initConnection();
+ $this->connection->setConfiguration([
+ 'ldapUserDisplayName' => 'displayname',
+ ]);
+ }
+
+ /**
+ * indirectly tests whether batchApplyUserAttributes does it job properly,
+ * when a user without display name is included in the result set from LDAP.
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $result = $this->access->fetchListOfUsers('objectclass=person', 'dn');
+ // on the original issue, PHP would emit a fatal error
+ // – cannot catch it here, but will render the test as unsuccessful
+ return is_array($result) && !empty($result);
+ }
+
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationTestBatchApplyUserAttributes($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\User_LDAP;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestConnect extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /** @var User_LDAP */
+ protected $backend;
+
+ /** @var string */
+ protected $host;
+
+ /** @var int */
+ protected $port;
+
+ public function __construct($host, $port, $bind, $pwd, $base) {
+ // make sure host is a simple host name
+ if(strpos($host, '://') !== false) {
+ $host = substr_replace($host, '', 0, strpos($host, '://') + 3);
+ }
+ if(strpos($host, ':') !== false) {
+ $host = substr_replace($host, '', strpos($host, ':'));
+ }
+ $this->host = $host;
+ $this->port = $port;
+ parent::__construct($host, $port, $bind, $pwd, $base);
+ }
+
+ /**
+ * test that a faulty host will does not connect successfully
+ *
+ * @return bool
+ */
+ protected function case1() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ $this->connection->setConfiguration([
+ 'ldapHost' => 'qwertz.uiop',
+ ]);
+ try {
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * tests that a connect succeeds when only a hostname is provided
+ *
+ * @return bool
+ */
+ protected function case2() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ $this->connection->setConfiguration([
+ 'ldapHost' => $this->host,
+ ]);
+ try {
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * tests that a connect succeeds when an LDAP URL is provided
+ *
+ * @return bool
+ */
+ protected function case3() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ $this->connection->setConfiguration([
+ 'ldapHost' => 'ldap://' . $this->host,
+ ]);
+ try {
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * tests that a connect succeeds when an LDAP URL with port is provided
+ *
+ * @return bool
+ */
+ protected function case4() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ $this->connection->setConfiguration([
+ 'ldapHost' => 'ldap://' . $this->host . ':' . $this->port,
+ ]);
+ try {
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * tests that a connect succeeds when a hostname with port is provided
+ *
+ * @return bool
+ */
+ protected function case5() {
+ // reset possible LDAP connection
+ $this->initConnection();
+ $this->connection->setConfiguration([
+ 'ldapHost' => $this->host . ':' . $this->port,
+ ]);
+ try {
+ $this->connection->getConnectionResource();
+ } catch (\OC\ServerNotAvailableException $e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * repeat case1, only to make sure that not a connection was reused by
+ * accident.
+ *
+ * @return bool
+ */
+ protected function case6() {
+ return $this->case1();
+ }
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationConnect($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestCountUsersByLoginName extends AbstractIntegrationTest {
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
+ parent::init();
+ }
+
+ /**
+ * tests countUsersByLoginName where it is expected that the login name does
+ * not match any LDAP user
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $result = $this->access->countUsersByLoginName('nothere');
+ return $result === 0;
+ }
+
+ /**
+ * tests countUsersByLoginName where it is expected that the login name does
+ * match one LDAP user
+ *
+ * @return bool
+ */
+ protected function case2() {
+ $result = $this->access->countUsersByLoginName('alice');
+ return $result === 1;
+ }
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\User_LDAP;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestFetchUsersByLoginName extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /** @var User_LDAP */
+ protected $backend;
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
+ parent::init();
+
+ $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+ $this->mapping->clear();
+ $this->access->setUserMapper($this->mapping);
+ $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
+ }
+
+ /**
+ * tests fetchUserByLoginName where it is expected that the login name does
+ * not match any LDAP user
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $result = $this->access->fetchUsersByLoginName('nothere');
+ return $result === [];
+ }
+
+ /**
+ * tests fetchUserByLoginName where it is expected that the login name does
+ * match one LDAP user
+ *
+ * @return bool
+ */
+ protected function case2() {
+ $result = $this->access->fetchUsersByLoginName('alice');
+ return count($result) === 1;
+ }
+
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\User_LDAP;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestPaging extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /** @var User_LDAP */
+ protected $backend;
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
+ parent::init();
+
+ $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
+ }
+
+ /**
+ * tests that paging works properly against a simple example (reading all
+ * of few users in smallest steps)
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $limit = 1;
+ $offset = 0;
+
+ $filter = 'objectclass=inetorgperson';
+ $attributes = ['cn', 'dn'];
+ $users = [];
+ do {
+ $result = $this->access->searchUsers($filter, $attributes, $limit, $offset);
+ foreach($result as $user) {
+ $users[] = $user['cn'];
+ }
+ $offset += $limit;
+ } while ($this->access->hasMoreResults());
+
+ if(count($users) === 2) {
+ return true;
+ }
+
+ return false;
+ }
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationTestPaging($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib;
+
+use OCA\User_LDAP\User\Manager as LDAPUserManager;
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\User_LDAP;
+
+require_once __DIR__ . '/../../../../../lib/base.php';
+
+class IntegrationTestUserHome extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /** @var User_LDAP */
+ protected $backend;
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
+ parent::init();
+
+ $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+ $this->mapping->clear();
+ $this->access->setUserMapper($this->mapping);
+ $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
+ }
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ parent::initConnection();
+ $this->connection->setConfiguration([
+ 'homeFolderNamingRule' => 'homeDirectory',
+ ]);
+ }
+
+ /**
+ * initializes an LDAP user manager instance
+ * @return LDAPUserManager
+ */
+ protected function initUserManager() {
+ $this->userManager = new LDAPUserManager(
+ \OC::$server->getConfig(),
+ new \OCA\User_LDAP\FilesystemHelper(),
+ new \OCA\User_LDAP\LogWrapper(),
+ \OC::$server->getAvatarManager(),
+ new \OCP\Image(),
+ \OC::$server->getDatabaseConnection(),
+ \OC::$server->getUserManager()
+ );
+ }
+
+ /**
+ * homeDirectory on LDAP is empty. Return values of getHome should be
+ * identical to user name, following ownCloud default.
+ *
+ * @return bool
+ */
+ protected function case1() {
+ \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false);
+ $userManager = \OC::$server->getUserManager();
+ $userManager->clearBackends();
+ $userManager->registerBackend($this->backend);
+ $users = $userManager->search('', 5, 0);
+
+ foreach($users as $user) {
+ $home = $user->getHome();
+ $uid = $user->getUID();
+ $posFound = strpos($home, '/' . $uid);
+ $posExpected = strlen($home) - (strlen($uid) + 1);
+ if($posFound === false || $posFound !== $posExpected) {
+ print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * homeDirectory on LDAP is empty. Having the attributes set is enforced.
+ *
+ * @return bool
+ */
+ protected function case2() {
+ \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
+ $userManager = \oc::$server->getUserManager();
+ // clearing backends is critical, otherwise the userManager will have
+ // the user objects cached and the value from case1 returned
+ $userManager->clearBackends();
+ $userManager->registerBackend($this->backend);
+ $users = $userManager->search('', 5, 0);
+
+ try {
+ foreach ($users as $user) {
+ $user->getHome();
+ print('User home was retrieved without throwing an Exception!' . PHP_EOL);
+ return false;
+ }
+ } catch (\Exception $e) {
+ if(strpos($e->getMessage(), 'Home dir attribute') === 0) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * homeDirectory on LDAP is set to "attr:" which is effectively empty.
+ * Return values of getHome should be ownCloud default.
+ *
+ * @return bool
+ */
+ protected function case3() {
+ \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
+ $this->connection->setConfiguration([
+ 'homeFolderNamingRule' => 'attr:',
+ ]);
+ $userManager = \oc::$server->getUserManager();
+ $userManager->clearBackends();
+ $userManager->registerBackend($this->backend);
+ $users = $userManager->search('', 5, 0);
+
+ try {
+ foreach ($users as $user) {
+ $home = $user->getHome();
+ $uid = $user->getUID();
+ $posFound = strpos($home, '/' . $uid);
+ $posExpected = strlen($home) - (strlen($uid) + 1);
+ if ($posFound === false || $posFound !== $posExpected) {
+ print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
+ return false;
+ }
+ }
+ } catch (\Exception $e) {
+ print("Unexpected Exception: " . $e->getMessage() . PHP_EOL);
+ return false;
+ }
+
+ return true;
+ }
+}
+
+require_once(__DIR__ . '/../setup-scripts/config.php');
+$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib\User;
+
+use OCA\User_LDAP\User\User;
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+
+require_once __DIR__ . '/../../../../../../lib/base.php';
+
+class IntegrationTestUserAvatar extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php');
+ parent::init();
+ $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+ $this->mapping->clear();
+ $this->access->setUserMapper($this->mapping);
+ $userBackend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
+ \OC_User::useBackend($userBackend);
+ }
+
+ /**
+ * A method that does the common steps of test cases 1 and 2. The evaluation
+ * is not happening here.
+ *
+ * @param string $dn
+ * @param string $username
+ * @param string $image
+ */
+ private function execFetchTest($dn, $username, $image) {
+ $this->setJpegPhotoAttribute($dn, $image);
+
+ // assigns our self-picked oc username to the dn
+ $this->mapping->map($dn, $username, 'fakeUUID-' . $username);
+
+ // initialize home folder and make sure that the user will update
+ // also remove an possibly existing avatar
+ \OC_Util::tearDownFS();
+ \OC_Util::setupFS($username);
+ \OC::$server->getUserFolder($username);
+ \OC::$server->getConfig()->deleteUserValue($username, 'user_ldap', User::USER_PREFKEY_LASTREFRESH);
+ if(\OC::$server->getAvatarManager()->getAvatar($username)->exists()) {
+ \OC::$server->getAvatarManager()->getAvatar($username)->remove();
+ }
+
+ // finally attempt to get the avatar set
+ $user = $this->userManager->get($dn);
+ $user->updateAvatar();
+ }
+
+ /**
+ * tests whether an avatar can be retrieved from LDAP and stored correctly
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $image = file_get_contents(__DIR__ . '/../../data/avatar-valid.jpg');
+ $dn = 'uid=alice,ou=Users,' . $this->base;
+ $username = 'alice1337';
+
+ $this->execFetchTest($dn, $username, $image);
+
+ return \OC::$server->getAvatarManager()->getAvatar($username)->exists();
+ }
+
+ /**
+ * tests whether an image received from LDAP which is of an invalid file
+ * type is dealt with properly (i.e. not set and not dying).
+ *
+ * @return bool
+ */
+ protected function case2() {
+ // gif by Pmspinner from https://commons.wikimedia.org/wiki/File:Avatar2469_3.gif
+ $image = file_get_contents(__DIR__ . '/../../data/avatar-invalid.gif');
+ $dn = 'uid=boris,ou=Users,' . $this->base;
+ $username = 'boris7844';
+
+ $this->execFetchTest($dn, $username, $image);
+
+ return !\OC::$server->getAvatarManager()->getAvatar($username)->exists();
+ }
+
+ /**
+ * This writes an image to the 'jpegPhoto' attribute on LDAP.
+ *
+ * @param string $dn
+ * @param string $image An image read via file_get_contents
+ * @throws \OC\ServerNotAvailableException
+ */
+ private function setJpegPhotoAttribute($dn, $image) {
+ $changeSet = ['jpegphoto' => $image];
+ ldap_mod_add($this->connection->getConnectionResource(), $dn, $changeSet);
+ }
+
+ protected function initUserManager() {
+ $this->userManager = new \OCA\User_LDAP\User\Manager(
+ \OC::$server->getConfig(),
+ new \OCA\User_LDAP\FilesystemHelper(),
+ new \OCA\User_LDAP\LogWrapper(),
+ \OC::$server->getAvatarManager(),
+ new \OCP\Image(),
+ \OC::$server->getDatabaseConnection(),
+ \OC::$server->getUserManager()
+ );
+ }
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ parent::initConnection();
+ $this->connection->setConfiguration([
+ 'ldapUserFilter' => 'objectclass=inetOrgPerson',
+ 'ldapUserDisplayName' => 'displayName',
+ 'ldapGroupDisplayName' => 'cn',
+ 'ldapLoginFilter' => 'uid=%uid',
+ ]);
+ }
+}
+
+require_once(__DIR__ . '/../../setup-scripts/config.php');
+$test = new IntegrationTestUserAvatar($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Integration\Lib\User;
+
+use OCA\User_LDAP\Mapping\UserMapping;
+use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
+
+require_once __DIR__ . '/../../../../../../lib/base.php';
+
+class IntegrationTestUserDisplayName extends AbstractIntegrationTest {
+ /** @var UserMapping */
+ protected $mapping;
+
+ /**
+ * prepares the LDAP environment and sets up a test configuration for
+ * the LDAP backend.
+ */
+ public function init() {
+ require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php');
+ parent::init();
+ $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+ $this->mapping->clear();
+ $this->access->setUserMapper($this->mapping);
+ $userBackend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
+ \OC_User::useBackend($userBackend);
+ }
+
+ /**
+ * adds a map entry for the user, so we know the username
+ *
+ * @param $dn
+ * @param $username
+ */
+ private function prepareUser($dn, $username) {
+ // assigns our self-picked oc username to the dn
+ $this->mapping->map($dn, $username, 'fakeUUID-' . $username);
+ }
+
+ /**
+ * tests whether a display name consisting of two parts is created correctly
+ *
+ * @return bool
+ */
+ protected function case1() {
+ $username = 'alice1337';
+ $dn = 'uid=alice,ou=Users,' . $this->base;
+ $this->prepareUser($dn, $username);
+ $displayName = \OC::$server->getUserManager()->get($username)->getDisplayName();
+
+ return strpos($displayName, '(Alice@example.com)') !== false;
+ }
+
+ /**
+ * tests whether a display name consisting of one part is created correctly
+ *
+ * @return bool
+ */
+ protected function case2() {
+ $this->connection->setConfiguration([
+ 'ldapUserDisplayName2' => '',
+ ]);
+ $username = 'boris23421';
+ $dn = 'uid=boris,ou=Users,' . $this->base;
+ $this->prepareUser($dn, $username);
+ $displayName = \OC::$server->getUserManager()->get($username)->getDisplayName();
+
+ return strpos($displayName, '(Boris@example.com)') === false;
+ }
+
+ /**
+ * sets up the LDAP configuration to be used for the test
+ */
+ protected function initConnection() {
+ parent::initConnection();
+ $this->connection->setConfiguration([
+ 'ldapUserDisplayName' => 'displayName',
+ 'ldapUserDisplayName2' => 'mail',
+ ]);
+ }
+}
+
+require_once(__DIR__ . '/../../setup-scripts/config.php');
+$test = new IntegrationTestUserDisplayName($host, $port, $adn, $apwd, $bdn);
+$test->init();
+$test->run();
--- /dev/null
+# Requirements #
+
+Have (as in do copy if not already done) the following files from https://github.com/owncloud/administration/tree/master/ldap-testing copied into the directory "setup-scripts":
+
+ * start.sh
+ * stop.sh
+ * config.php
+
+Configure config.php according to your needs, also have a look into the LDAP and network settings in start.sh and stop.sh.
+
+# Usage #
+
+The basic command to run a test is:
+
+```# ./run-test.sh [phpscript]```
+
+Yes, run it as root from within this directory.
+
+Example:
+
+```
+$ sudo ./run-test.sh lib/IntegrationTestAccessGroupsMatchFilter.php
+71cbe88a4993e67066714d71c1cecc5ef26a54911a208103cb6294f90459e574
+c74dc0155db4efa7a0515d419528a8727bbc7596601cf25b0df05e348bd74895
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+c74dc0155db4 osixia/phpldapadmin:0.5.1 "/sbin/my_init" 1 seconds ago Up Less than a second 80/tcp, 0.0.0.0:8443->443/tcp docker-phpldapadmin
+71cbe88a4993 nickstenning/slapd:latest "/sbin/my_init" 1 seconds ago Up Less than a second 127.0.0.1:7770->389/tcp docker-slapd
+
+LDAP server now available under 127.0.0.1:7770 (internal IP is 172.17.0.78)
+phpldapadmin now available under https://127.0.0.1:8443
+
+created user : Alice Ealic
+created group : RedGroup
+created group : BlueGroup
+created group : GreenGroup
+created group : PurpleGroup
+running case1
+running case2
+Tests succeeded
+Stopping and resetting containers
+docker-slapd
+docker-phpldapadmin
+docker-slapd
+docker-phpldapadmin
+```
+
+# How it works #
+
+1. start.sh is executed which brings up a fresh and clean OpenLDAP in Docker.
+2. The provided test script is executed. It also outputs results.
+3. stop.sh is executed to shut down OpenLDAP
+
+# Beware #
+
+This is quick solution for basically one test case. With expension this mechanism should be improved as well.
+
+It does not run automatically, unless you do it. No integration with any testing framework.
+
+exceptionOnLostConnection.php is not part of this mechanism. Read its source and run it isolated. While you're at it, port it :þ
+
--- /dev/null
+#!/bin/sh
+
+if [ $1 ] ; then
+ TESTSCRIPT=$1
+else
+ echo "No test file given" exit
+fi
+
+if [ ! -e "$TESTSCRIPT" ] ; then
+ echo "Test file does not exist"
+ exit
+fi
+
+
+# sleep is necessary, otherwise the LDAP server cannot be connected to, yet.
+setup-scripts/start.sh && sleep 5 && php -f "$TESTSCRIPT"
+setup-scripts/stop.sh
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+if(php_sapi_name() !== 'cli') {
+ print('Only via CLI, please.');
+ exit(1);
+}
+
+include __DIR__ . '/config.php';
+
+$cr = ldap_connect($host, $port);
+ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+$ok = ldap_bind($cr, $adn, $apwd);
+
+if (!$ok) {
+ die(ldap_error($cr));
+}
+
+$ouName = 'Groups';
+$ouDN = 'ou=' . $ouName . ',' . $bdn;
+
+//creates an OU
+if (true) {
+ $entry = [];
+ $entry['objectclass'][] = 'top';
+ $entry['objectclass'][] = 'organizationalunit';
+ $entry['ou'] = $ouName;
+ $b = ldap_add($cr, $ouDN, $entry);
+ if (!$b) {
+ die(ldap_error($cr));
+ }
+}
+
+$groups = ['RedGroup', 'BlueGroup', 'GreenGroup', 'PurpleGroup'];
+// groupOfNames requires groups to have at least one member
+// the member used is created by createExplicitUsers.php script
+$omniMember = 'uid=alice,ou=Users,' . $bdn;
+
+foreach ($groups as $cn) {
+ $newDN = 'cn=' . $cn . ',' . $ouDN;
+
+ $entry = [];
+ $entry['cn'] = $cn;
+ $entry['objectclass'][] = 'groupOfNames';
+ $entry['member'][] = $omniMember;
+
+ $ok = ldap_add($cr, $newDN, $entry);
+ if ($ok) {
+ echo('created group ' . ': ' . $entry['cn'] . PHP_EOL);
+ } else {
+ die(ldap_error($cr));
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+if(php_sapi_name() !== 'cli') {
+ print('Only via CLI, please.');
+ exit(1);
+}
+
+include __DIR__ . '/config.php';
+
+$cr = ldap_connect($host, $port);
+ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+$ok = ldap_bind($cr, $adn, $apwd);
+
+if (!$ok) {
+ die(ldap_error($cr));
+}
+
+$ouName = 'SpecialGroups';
+$ouDN = 'ou=' . $ouName . ',' . $bdn;
+
+//creates an OU
+if (true) {
+ $entry = [];
+ $entry['objectclass'][] = 'top';
+ $entry['objectclass'][] = 'organizationalunit';
+ $entry['ou'] = $ouName;
+ $b = ldap_add($cr, $ouDN, $entry);
+ if (!$b) {
+ die(ldap_error($cr));
+ }
+}
+
+$groups = ['SquareGroup', 'CircleGroup', 'TriangleGroup', 'SquaredCircleGroup'];
+// groupOfNames requires groups to have at least one member
+// the member used is created by createExplicitUsers.php script
+$omniMember = 'uid=alice,ou=Users,' . $bdn;
+
+foreach ($groups as $cn) {
+ $newDN = 'cn=' . $cn . ',' . $ouDN;
+
+ $entry = [];
+ $entry['cn'] = $cn;
+ $entry['objectclass'][] = 'groupOfNames';
+ $entry['member'][] = $omniMember;
+
+ $ok = ldap_add($cr, $newDN, $entry);
+ if ($ok) {
+ echo('created group ' . ': ' . $entry['cn'] . PHP_EOL);
+ } else {
+ die(ldap_error($cr));
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+if(php_sapi_name() !== 'cli') {
+ print('Only via CLI, please.');
+ exit(1);
+}
+
+include __DIR__ . '/config.php';
+
+$cr = ldap_connect($host, $port);
+ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+$ok = ldap_bind($cr, $adn, $apwd);
+
+if (!$ok) {
+ die(ldap_error($cr));
+}
+
+$ouName = 'Users';
+$ouDN = 'ou=' . $ouName . ',' . $bdn;
+
+//creates on OU
+if (true) {
+ $entry = [];
+ $entry['objectclass'][] = 'top';
+ $entry['objectclass'][] = 'organizationalunit';
+ $entry['ou'] = $ouName;
+ $b = ldap_add($cr, $ouDN, $entry);
+ if (!$b) {
+ die(ldap_error($cr));
+ }
+}
+
+$users = ['alice', 'boris'];
+
+foreach ($users as $uid) {
+ $newDN = 'uid=' . $uid . ',' . $ouDN;
+ $fn = ucfirst($uid);
+ $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK.
+
+ $entry = [];
+ $entry['cn'] = $fn . ' ' . $sn;
+ $entry['objectclass'][] = 'inetOrgPerson';
+ $entry['objectclass'][] = 'person';
+ $entry['sn'] = $sn;
+ $entry['userPassword'] = $uid;
+ $entry['displayName'] = $sn . ', ' . $fn;
+ $entry['mail'] = $fn . '@example.com';
+
+ $ok = ldap_add($cr, $newDN, $entry);
+ if ($ok) {
+ echo('created user ' . ': ' . $entry['cn'] . PHP_EOL);
+ } else {
+ die(ldap_error($cr));
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+if(php_sapi_name() !== 'cli') {
+ print('Only via CLI, please.');
+ exit(1);
+}
+
+include __DIR__ . '/config.php';
+
+$cr = ldap_connect($host, $port);
+ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+$ok = ldap_bind($cr, $adn, $apwd);
+
+if (!$ok) {
+ die(ldap_error($cr));
+}
+
+$ouName = 'Users';
+$ouDN = 'ou=' . $ouName . ',' . $bdn;
+
+$users = ['robot'];
+
+foreach ($users as $uid) {
+ $newDN = 'uid=' . $uid . ',' . $ouDN;
+ $fn = ucfirst($uid);
+ $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK.
+
+ $entry = [];
+ $entry['cn'] = ucfirst($uid);
+ $entry['objectclass'][] = 'inetOrgPerson';
+ $entry['objectclass'][] = 'person';
+ $entry['sn'] = $sn;
+ $entry['userPassword'] = $uid;
+
+ $ok = ldap_add($cr, $newDN, $entry);
+ if ($ok) {
+ echo('created user ' . ': ' . $entry['cn'] . PHP_EOL);
+ } else {
+ die(ldap_error($cr));
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Jobs;
+
+class CleanUpTest extends \Test\TestCase {
+ public function getMocks() {
+ $mocks = array();
+ $mocks['userBackend'] =
+ $this->getMockBuilder('\OCA\User_LDAP\User_Proxy')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $mocks['deletedUsersIndex'] =
+ $this->getMockBuilder('\OCA\User_LDAP\User\DeletedUsersIndex')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $mocks['ocConfig'] = $this->getMock('\OCP\IConfig');
+ $mocks['db'] = $this->getMock('\OCP\IDBConnection');
+ $mocks['helper'] = $this->getMock('\OCA\User_LDAP\Helper');
+
+ return $mocks;
+ }
+
+ /**
+ * clean up job must not run when there are disabled configurations
+ */
+ public function test_runNotAllowedByDisabledConfigurations() {
+ $args = $this->getMocks();
+ $args['helper']->expects($this->once())
+ ->method('haveDisabledConfigurations')
+ ->will($this->returnValue(true) );
+
+ $args['ocConfig']->expects($this->never())
+ ->method('getSystemValue');
+
+ $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
+ $bgJob->setArguments($args);
+
+ $result = $bgJob->isCleanUpAllowed();
+ $this->assertSame(false, $result);
+ }
+
+ /**
+ * clean up job must not run when LDAP Helper is broken i.e.
+ * returning unexpected results
+ */
+ public function test_runNotAllowedByBrokenHelper() {
+ $args = $this->getMocks();
+ $args['helper']->expects($this->once())
+ ->method('haveDisabledConfigurations')
+ ->will($this->throwException(new \Exception()));
+
+ $args['ocConfig']->expects($this->never())
+ ->method('getSystemValue');
+
+ $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
+ $bgJob->setArguments($args);
+
+ $result = $bgJob->isCleanUpAllowed();
+ $this->assertSame(false, $result);
+ }
+
+ /**
+ * clean up job must not run when it is not enabled
+ */
+ public function test_runNotAllowedBySysConfig() {
+ $args = $this->getMocks();
+ $args['helper']->expects($this->once())
+ ->method('haveDisabledConfigurations')
+ ->will($this->returnValue(false));
+
+ $args['ocConfig']->expects($this->once())
+ ->method('getSystemValue')
+ ->will($this->returnValue(false));
+
+ $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
+ $bgJob->setArguments($args);
+
+ $result = $bgJob->isCleanUpAllowed();
+ $this->assertSame(false, $result);
+ }
+
+ /**
+ * clean up job is allowed to run
+ */
+ public function test_runIsAllowed() {
+ $args = $this->getMocks();
+ $args['helper']->expects($this->once())
+ ->method('haveDisabledConfigurations')
+ ->will($this->returnValue(false));
+
+ $args['ocConfig']->expects($this->once())
+ ->method('getSystemValue')
+ ->will($this->returnValue(true));
+
+ $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
+ $bgJob->setArguments($args);
+
+ $result = $bgJob->isCleanUpAllowed();
+ $this->assertSame(true, $result);
+ }
+
+ /**
+ * check whether offset will be reset when it needs to
+ */
+ public function test_OffsetResetIsNecessary() {
+ $args = $this->getMocks();
+
+ $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
+ $bgJob->setArguments($args);
+
+ $result = $bgJob->isOffsetResetNecessary($bgJob->getChunkSize() - 1);
+ $this->assertSame(true, $result);
+ }
+
+ /**
+ * make sure offset is not reset when it is not due
+ */
+ public function test_OffsetResetIsNotNecessary() {
+ $args = $this->getMocks();
+
+ $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
+ $bgJob->setArguments($args);
+
+ $result = $bgJob->isOffsetResetNecessary($bgJob->getChunkSize());
+ $this->assertSame(false, $result);
+ }
+
+}
+
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Mapping;
+
+abstract class AbstractMappingTest extends \Test\TestCase {
+ abstract public function getMapper(\OCP\IDBConnection $dbMock);
+
+ /**
+ * kiss test on isColNameValid
+ */
+ public function testIsColNameValid() {
+ $dbMock = $this->getMock('\OCP\IDBConnection');
+ $mapper = $this->getMapper($dbMock);
+
+ $this->assertTrue($mapper->isColNameValid('ldap_dn'));
+ $this->assertFalse($mapper->isColNameValid('foobar'));
+ }
+
+ /**
+ * returns an array of test entries with dn, name and uuid as keys
+ * @return array
+ */
+ protected function getTestData() {
+ $data = array(
+ array(
+ 'dn' => 'uid=foobar,dc=example,dc=org',
+ 'name' => 'Foobar',
+ 'uuid' => '1111-AAAA-1234-CDEF',
+ ),
+ array(
+ 'dn' => 'uid=barfoo,dc=example,dc=org',
+ 'name' => 'Barfoo',
+ 'uuid' => '2222-BBBB-1234-CDEF',
+ ),
+ array(
+ 'dn' => 'uid=barabara,dc=example,dc=org',
+ 'name' => 'BaraBara',
+ 'uuid' => '3333-CCCC-1234-CDEF',
+ )
+ );
+
+ return $data;
+ }
+
+ /**
+ * calls map() on the given mapper and asserts result for true
+ * @param \OCA\User_LDAP\Mapping\AbstractMapping $mapper
+ * @param array $data
+ */
+ protected function mapEntries($mapper, $data) {
+ foreach($data as $entry) {
+ $done = $mapper->map($entry['dn'], $entry['name'], $entry['uuid']);
+ $this->assertTrue($done);
+ }
+ }
+
+ /**
+ * initalizes environment for a test run and returns an array with
+ * test objects. Preparing environment means that all mappings are cleared
+ * first and then filled with test entries.
+ * @return array 0 = \OCA\User_LDAP\Mapping\AbstractMapping, 1 = array of
+ * users or groups
+ */
+ private function initTest() {
+ $dbc = \OC::$server->getDatabaseConnection();
+ $mapper = $this->getMapper($dbc);
+ $data = $this->getTestData();
+ // make sure DB is pristine, then fill it with test entries
+ $mapper->clear();
+ $this->mapEntries($mapper, $data);
+
+ return array($mapper, $data);
+ }
+
+ /**
+ * tests map() method with input that should result in not-mapping.
+ * Hint: successful mapping is tested inherently with mapEntries().
+ */
+ public function testMap() {
+ list($mapper, $data) = $this->initTest();
+
+ // test that mapping will not happen when it shall not
+ $paramKeys = array('', 'dn', 'name', 'uuid');
+ foreach($paramKeys as $key) {
+ $failEntry = $data[0];
+ if(!empty($key)) {
+ $failEntry[$key] = 'do-not-get-mapped';
+ }
+ $isMapped = $mapper->map($failEntry['dn'], $failEntry['name'], $failEntry['uuid']);
+ $this->assertFalse($isMapped);
+ }
+ }
+
+ /**
+ * tests unmap() for both successful and unsuccessful removing of
+ * mapping entries
+ */
+ public function testUnmap() {
+ list($mapper, $data) = $this->initTest();
+
+ foreach($data as $entry) {
+ $result = $mapper->unmap($entry['name']);
+ $this->assertTrue($result);
+ }
+
+ $result = $mapper->unmap('notAnEntry');
+ $this->assertFalse($result);
+ }
+
+ /**
+ * tests getDNByName(), getNameByDN() and getNameByUUID() for successful
+ * and unsuccessful requests.
+ */
+ public function testGetMethods() {
+ list($mapper, $data) = $this->initTest();
+
+ foreach($data as $entry) {
+ $fdn = $mapper->getDNByName($entry['name']);
+ $this->assertSame($fdn, $entry['dn']);
+ }
+ $fdn = $mapper->getDNByName('nosuchname');
+ $this->assertFalse($fdn);
+
+ foreach($data as $entry) {
+ $name = $mapper->getNameByDN($entry['dn']);
+ $this->assertSame($name, $entry['name']);
+ }
+ $name = $mapper->getNameByDN('nosuchdn');
+ $this->assertFalse($name);
+
+ foreach($data as $entry) {
+ $name = $mapper->getNameByUUID($entry['uuid']);
+ $this->assertSame($name, $entry['name']);
+ }
+ $name = $mapper->getNameByUUID('nosuchuuid');
+ $this->assertFalse($name);
+ }
+
+ /**
+ * tests getNamesBySearch() for successful and unsuccessful requests.
+ */
+ public function testSearch() {
+ list($mapper,) = $this->initTest();
+
+ $names = $mapper->getNamesBySearch('%oo%');
+ $this->assertTrue(is_array($names));
+ $this->assertSame(2, count($names));
+ $this->assertTrue(in_array('Foobar', $names));
+ $this->assertTrue(in_array('Barfoo', $names));
+ $names = $mapper->getNamesBySearch('nada');
+ $this->assertTrue(is_array($names));
+ $this->assertSame(0, count($names));
+ }
+
+ /**
+ * tests setDNbyUUID() for successful and unsuccessful update.
+ */
+ public function testSetMethod() {
+ list($mapper, $data) = $this->initTest();
+
+ $newDN = 'uid=modified,dc=example,dc=org';
+ $done = $mapper->setDNbyUUID($newDN, $data[0]['uuid']);
+ $this->assertTrue($done);
+ $fdn = $mapper->getDNByName($data[0]['name']);
+ $this->assertSame($fdn, $newDN);
+
+ $newDN = 'uid=notme,dc=example,dc=org';
+ $done = $mapper->setDNbyUUID($newDN, 'iamnothere');
+ $this->assertFalse($done);
+ $name = $mapper->getNameByDN($newDN);
+ $this->assertFalse($name);
+
+ }
+
+ /**
+ * tests clear() for successful update.
+ */
+ public function testClear() {
+ list($mapper, $data) = $this->initTest();
+
+ $done = $mapper->clear();
+ $this->assertTrue($done);
+ foreach($data as $entry) {
+ $name = $mapper->getNameByUUID($entry['uuid']);
+ $this->assertFalse($name);
+ }
+ }
+
+ /**
+ * tests getList() method
+ */
+ public function testList() {
+ list($mapper, $data) = $this->initTest();
+
+ // get all entries without specifying offset or limit
+ $results = $mapper->getList();
+ $this->assertSame(3, count($results));
+
+ // get all-1 entries by specifying offset, and an high limit
+ // specifying only offset without limit will not work by underlying lib
+ $results = $mapper->getList(1, 999);
+ $this->assertSame(count($data) - 1, count($results));
+
+ // get first 2 entries by limit, but not offset
+ $results = $mapper->getList(null, 2);
+ $this->assertSame(2, count($results));
+
+ // get 2nd entry by specifying both offset and limit
+ $results = $mapper->getList(1, 1);
+ $this->assertSame(1, count($results));
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Mapping;
+
+use OCA\User_LDAP\Mapping\GroupMapping;
+
+/**
+ * Class GroupMappingTest
+ *
+ * @group DB
+ *
+ * @package OCA\User_LDAP\Tests\Mapping
+ */
+class GroupMappingTest extends AbstractMappingTest {
+ public function getMapper(\OCP\IDBConnection $dbMock) {
+ return new GroupMapping($dbMock);
+ }
+}
--- /dev/null
+<?php
+/**
+ * @author Arthur Schiwon <blizzz@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\User_LDAP\Tests\Mapping;
+
+use OCA\User_LDAP\Mapping\UserMapping;
+
+/**
+ * Class UserMappingTest
+ *
+ * @group DB
+ *
+ * @package OCA\User_LDAP\Tests\Mapping
+ */
+class UserMappingTest extends AbstractMappingTest {
+ public function getMapper(\OCP\IDBConnection $dbMock) {
+ return new UserMapping($dbMock);
+ }
+}
*
* @group DB
*
- * @package OCA\user_ldap\tests
+ * @package OCA\User_LDAP\Tests\User
*/
class ManagerTest extends \Test\TestCase {
use OCP\IUserManager;
/**
- * Class Test_User_User
+ * Class UserTest
*
* @group DB
*
- * @package OCA\user_ldap\tests
+ * @package OCA\User_LDAP\Tests\User
*/
class UserTest extends \Test\TestCase {
*
*/
-namespace OCA\User_LDAP\tests;
+namespace OCA\User_LDAP\Tests;
use \OCA\User_LDAP\Wizard;
-// use \OCA\User_LDAP\User_LDAP as UserLDAP;
-// use \OCA\User_LDAP\Access;
-// use \OCA\User_LDAP\Configuration;
-// use \OCA\User_LDAP\ILDAPWrapper;
-
/**
* Class Test_Wizard
*
* @group DB
*
- * @package OCA\User_LDAP\tests
+ * @package OCA\User_LDAP\Tests
*/
class WizardTest extends \Test\TestCase {
protected function setUp() {
+++ /dev/null
-<?php
-/**
- * @author Andreas Fischer <bantu@owncloud.com>
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Joas Schilling <nickvergessen@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests;
-
-use OCA\User_LDAP\Access;
-use OCA\User_LDAP\Connection;
-
-/**
- * Class Test_Access
- *
- * @group DB
- *
- * @package OCA\user_ldap\tests
- */
-class Test_Access extends \Test\TestCase {
- private function getConnectorAndLdapMock() {
- static $conMethods;
- static $accMethods;
- static $umMethods;
-
- if(is_null($conMethods) || is_null($accMethods)) {
- $conMethods = get_class_methods('\OCA\User_LDAP\Connection');
- $accMethods = get_class_methods('\OCA\User_LDAP\Access');
- $umMethods = get_class_methods('\OCA\User_LDAP\User\Manager');
- }
- $lw = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
- $connector = $this->getMock('\OCA\User_LDAP\Connection',
- $conMethods,
- array($lw, null, null));
- $um = $this->getMock('\OCA\User_LDAP\User\Manager',
- $umMethods, array(
- $this->getMock('\OCP\IConfig'),
- $this->getMock('\OCA\User_LDAP\FilesystemHelper'),
- $this->getMock('\OCA\User_LDAP\LogWrapper'),
- $this->getMock('\OCP\IAvatarManager'),
- $this->getMock('\OCP\Image'),
- $this->getMock('\OCP\IDBConnection'),
- $this->getMock('\OCP\IUserManager')));
-
- return array($lw, $connector, $um);
- }
-
- public function testEscapeFilterPartValidChars() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $input = 'okay';
- $this->assertTrue($input === $access->escapeFilterPart($input));
- }
-
- public function testEscapeFilterPartEscapeWildcard() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $input = '*';
- $expected = '\\\\*';
- $this->assertTrue($expected === $access->escapeFilterPart($input));
- }
-
- public function testEscapeFilterPartEscapeWildcard2() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $input = 'foo*bar';
- $expected = 'foo\\\\*bar';
- $this->assertTrue($expected === $access->escapeFilterPart($input));
- }
-
- /** @dataProvider convertSID2StrSuccessData */
- public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $sidBinary = implode('', $sidArray);
- $this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
- }
-
- public function convertSID2StrSuccessData() {
- return array(
- array(
- array(
- "\x01",
- "\x04",
- "\x00\x00\x00\x00\x00\x05",
- "\x15\x00\x00\x00",
- "\xa6\x81\xe5\x0e",
- "\x4d\x6c\x6c\x2b",
- "\xca\x32\x05\x5f",
- ),
- 'S-1-5-21-249921958-728525901-1594176202',
- ),
- array(
- array(
- "\x01",
- "\x02",
- "\xFF\xFF\xFF\xFF\xFF\xFF",
- "\xFF\xFF\xFF\xFF",
- "\xFF\xFF\xFF\xFF",
- ),
- 'S-1-281474976710655-4294967295-4294967295',
- ),
- );
- }
-
- public function testConvertSID2StrInputError() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $sidIllegal = 'foobar';
- $sidExpected = '';
-
- $this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal));
- }
-
- public function testGetDomainDNFromDNSuccess() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
- $domainDN = 'dc=my,dc=server,dc=com';
-
- $lw->expects($this->once())
- ->method('explodeDN')
- ->with($inputDN, 0)
- ->will($this->returnValue(explode(',', $inputDN)));
-
- $this->assertSame($domainDN, $access->getDomainDNFromDN($inputDN));
- }
-
- public function testGetDomainDNFromDNError() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $inputDN = 'foobar';
- $expected = '';
-
- $lw->expects($this->once())
- ->method('explodeDN')
- ->with($inputDN, 0)
- ->will($this->returnValue(false));
-
- $this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
- }
-
- private function getResemblesDNInputData() {
- return $cases = array(
- array(
- 'input' => 'foo=bar,bar=foo,dc=foobar',
- 'interResult' => array(
- 'count' => 3,
- 0 => 'foo=bar',
- 1 => 'bar=foo',
- 2 => 'dc=foobar'
- ),
- 'expectedResult' => true
- ),
- array(
- 'input' => 'foobarbarfoodcfoobar',
- 'interResult' => false,
- 'expectedResult' => false
- )
- );
- }
-
- public function testStringResemblesDN() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $cases = $this->getResemblesDNInputData();
-
- $lw->expects($this->exactly(2))
- ->method('explodeDN')
- ->will($this->returnCallback(function ($dn) use ($cases) {
- foreach($cases as $case) {
- if($dn === $case['input']) {
- return $case['interResult'];
- }
- }
- }));
-
- foreach($cases as $case) {
- $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
- }
- }
-
- public function testStringResemblesDNLDAPmod() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $lw = new \OCA\User_LDAP\LDAP();
- $access = new Access($con, $lw, $um);
-
- if(!function_exists('ldap_explode_dn')) {
- $this->markTestSkipped('LDAP Module not available');
- }
-
- $cases = $this->getResemblesDNInputData();
-
- foreach($cases as $case) {
- $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
- }
- }
-
- public function testCacheUserHome() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
-
- $con->expects($this->once())
- ->method('writeToCache');
-
- $access->cacheUserHome('foobar', '/foobars/path');
- }
-
- public function testBatchApplyUserAttributes() {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
- $access = new Access($con, $lw, $um);
- $mapperMock = $this->getMockBuilder('\OCA\User_LDAP\Mapping\UserMapping')
- ->disableOriginalConstructor()
- ->getMock();
-
- $mapperMock->expects($this->any())
- ->method('getNameByDN')
- ->will($this->returnValue('a_username'));
-
- $userMock = $this->getMockBuilder('\OCA\User_LDAP\User\User')
- ->disableOriginalConstructor()
- ->getMock();
-
- $access->connection->expects($this->any())
- ->method('__get')
- ->will($this->returnValue('displayName'));
-
- $access->setUserMapper($mapperMock);
-
- $displayNameAttribute = strtolower($access->connection->ldapUserDisplayName);
- $data = array(
- array(
- 'dn' => 'foobar',
- $displayNameAttribute => 'barfoo'
- ),
- array(
- 'dn' => 'foo',
- $displayNameAttribute => 'bar'
- ),
- array(
- 'dn' => 'raboof',
- $displayNameAttribute => 'oofrab'
- )
- );
-
- $userMock->expects($this->exactly(count($data)))
- ->method('processAttributes');
-
- $um->expects($this->exactly(count($data)))
- ->method('get')
- ->will($this->returnValue($userMock));
-
- $access->batchApplyUserAttributes($data);
- }
-
- public function dNAttributeProvider() {
- // corresponds to Access::resemblesDN()
- return array(
- 'dn' => array('dn'),
- 'uniqueMember' => array('uniquemember'),
- 'member' => array('member'),
- 'memberOf' => array('memberof')
- );
- }
-
- /**
- * @dataProvider dNAttributeProvider
- */
- public function testSanitizeDN($attribute) {
- list($lw, $con, $um) = $this->getConnectorAndLdapMock();
-
-
- $dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
-
- $lw->expects($this->any())
- ->method('isResource')
- ->will($this->returnValue(true));
-
- $lw->expects($this->any())
- ->method('getAttributes')
- ->will($this->returnValue(array(
- $attribute => array('count' => 1, $dnFromServer)
- )));
-
- $access = new Access($con, $lw, $um);
- $values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
- $this->assertSame($values[0], strtolower($dnFromServer));
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests;
-
-class Test_Configuration extends \Test\TestCase {
-
- public function configurationDataProvider() {
- $inputWithDN = array(
- 'cn=someUsers,dc=example,dc=org',
- ' ',
- ' cn=moreUsers,dc=example,dc=org '
- );
- $expectWithDN = array(
- 'cn=someUsers,dc=example,dc=org',
- 'cn=moreUsers,dc=example,dc=org'
- );
-
- $inputNames = array(
- ' uid ',
- 'cn ',
- ' ',
- '',
- ' whats my name',
- ' '
- );
- $expectedNames = array('uid', 'cn', 'whats my name');
-
- $inputString = ' alea iacta est ';
- $expectedString = 'alea iacta est';
-
- $inputHomeFolder = array(
- ' homeDirectory ',
- ' attr:homeDirectory ',
- ' '
- );
-
- $expectedHomeFolder = array(
- 'attr:homeDirectory', 'attr:homeDirectory', ''
- );
-
- $password = ' such a passw0rd ';
-
- return array(
- 'set general base' => array('ldapBase', $inputWithDN, $expectWithDN),
- 'set user base' => array('ldapBaseUsers', $inputWithDN, $expectWithDN),
- 'set group base' => array('ldapBaseGroups', $inputWithDN, $expectWithDN),
-
- 'set search attributes users' => array('ldapAttributesForUserSearch', $inputNames, $expectedNames),
- 'set search attributes groups' => array('ldapAttributesForGroupSearch', $inputNames, $expectedNames),
-
- 'set user filter objectclasses' => array('ldapUserFilterObjectclass', $inputNames, $expectedNames),
- 'set user filter groups' => array('ldapUserFilterGroups', $inputNames, $expectedNames),
- 'set group filter objectclasses' => array('ldapGroupFilterObjectclass', $inputNames, $expectedNames),
- 'set group filter groups' => array('ldapGroupFilterGroups', $inputNames, $expectedNames),
- 'set login filter attributes' => array('ldapLoginFilterAttributes', $inputNames, $expectedNames),
-
- 'set agent password' => array('ldapAgentPassword', $password, $password),
-
- 'set home folder, variant 1' => array('homeFolderNamingRule', $inputHomeFolder[0], $expectedHomeFolder[0]),
- 'set home folder, variant 2' => array('homeFolderNamingRule', $inputHomeFolder[1], $expectedHomeFolder[1]),
- 'set home folder, empty' => array('homeFolderNamingRule', $inputHomeFolder[2], $expectedHomeFolder[2]),
-
- // default behaviour, one case is enough, special needs must be tested
- // individually
- 'set string value' => array('ldapHost', $inputString, $expectedString),
- );
- }
-
- /**
- * @dataProvider configurationDataProvider
- */
- public function testSetValue($key, $input, $expected) {
- $configuration = new \OCA\User_LDAP\Configuration('t01', false);
-
- $settingsInput = array(
- 'ldapBaseUsers' => array(
- 'cn=someUsers,dc=example,dc=org',
- ' ',
- ' cn=moreUsers,dc=example,dc=org '
- )
- );
-
- $configuration->setConfiguration([$key => $input]);
- $this->assertSame($configuration->$key, $expected);
- }
-
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Joas Schilling <nickvergessen@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests;
-use OCA\User_LDAP\Connection;
-
-/**
- * Class Test_Connection
- *
- * @group DB
- *
- * @package OCA\user_ldap\tests
- */
-class Test_Connection extends \Test\TestCase {
- /** @var \OCA\User_LDAP\ILDAPWrapper */
- protected $ldap;
-
- /** @var Connection */
- protected $connection;
-
- public function setUp() {
- parent::setUp();
-
- $this->ldap = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
- // we use a mock here to replace the cache mechanism, due to missing DI in LDAP backend.
- $this->connection = $this->getMockBuilder('OCA\User_LDAP\Connection')
- ->setMethods(['getFromCache', 'writeToCache'])
- ->setConstructorArgs([$this->ldap, '', null])
- ->getMock();
-
- $this->ldap->expects($this->any())
- ->method('areLDAPFunctionsAvailable')
- ->will($this->returnValue(true));
- }
-
- public function testOriginalAgentUnchangedOnClone() {
- //background: upon login a bind is done with the user credentials
- //which is valid for the whole LDAP resource. It needs to be reset
- //to the agent's credentials
- $lw = $this->getMock('\OCA\User_LDAP\ILDAPWrapper');
-
- $connection = new Connection($lw, '', null);
- $agent = array(
- 'ldapAgentName' => 'agent',
- 'ldapAgentPassword' => '123456',
- );
- $connection->setConfiguration($agent);
-
- $testConnection = clone $connection;
- $user = array(
- 'ldapAgentName' => 'user',
- 'ldapAgentPassword' => 'password',
- );
- $testConnection->setConfiguration($user);
-
- $agentName = $connection->ldapAgentName;
- $agentPawd = $connection->ldapAgentPassword;
-
- $this->assertSame($agentName, $agent['ldapAgentName']);
- $this->assertSame($agentPawd, $agent['ldapAgentPassword']);
- }
-
- public function testUseBackupServer() {
- $mainHost = 'ldap://nixda.ldap';
- $backupHost = 'ldap://fallback.ldap';
- $config = [
- 'ldapConfigurationActive' => true,
- 'ldapHost' => $mainHost,
- 'ldapPort' => 389,
- 'ldapBackupHost' => $backupHost,
- 'ldapBackupPort' => 389,
- 'ldapAgentName' => 'uid=agent',
- 'ldapAgentPassword' => 'SuchASecret'
- ];
-
- $this->connection->setIgnoreValidation(true);
- $this->connection->setConfiguration($config);
-
- $this->ldap->expects($this->any())
- ->method('isResource')
- ->will($this->returnValue(true));
-
- $this->ldap->expects($this->any())
- ->method('setOption')
- ->will($this->returnValue(true));
-
- $this->ldap->expects($this->exactly(3))
- ->method('connect')
- ->will($this->returnValue('ldapResource'));
-
- // Not called often enough? Then, the fallback to the backup server is broken.
- $this->connection->expects($this->exactly(4))
- ->method('getFromCache')
- ->with('overrideMainServer')
- ->will($this->onConsecutiveCalls(false, false, true, true));
-
- $this->connection->expects($this->once())
- ->method('writeToCache')
- ->with('overrideMainServer', true);
-
- $isThrown = false;
- $this->ldap->expects($this->exactly(3))
- ->method('bind')
- ->will($this->returnCallback(function () use (&$isThrown) {
- if(!$isThrown) {
- $isThrown = true;
- throw new \OC\ServerNotAvailableException();
- }
- return true;
- }));
-
- $this->connection->init();
- $this->connection->resetConnectionResource();
- // with the second init() we test whether caching works
- $this->connection->init();
- }
-
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration;
-
-use OCA\User_LDAP\Access;
-use OCA\User_LDAP\Connection;
-use OCA\User_LDAP\LDAP;
-use OCA\User_LDAP\User\Manager;
-
-abstract class AbstractIntegrationTest {
- /** @var LDAP */
- protected $ldap;
-
- /** @var Connection */
- protected $connection;
-
- /** @var Access */
- protected $access;
-
- /** @var Manager */
- protected $userManager;
-
- /** @var string */
- protected $base;
-
- /** @var string[] */
- protected $server;
-
- public function __construct($host, $port, $bind, $pwd, $base) {
- $this->base = $base;
- $this->server = [
- 'host' => $host,
- 'port' => $port,
- 'dn' => $bind,
- 'pwd' => $pwd
- ];
- }
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- $this->initLDAPWrapper();
- $this->initConnection();
- $this->initUserManager();
- $this->initAccess();
-
- }
-
- /**
- * initializes the test LDAP wrapper
- */
- protected function initLDAPWrapper() {
- $this->ldap = new LDAP();
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- $this->connection = new Connection($this->ldap, '', null);
- $this->connection->setConfiguration([
- 'ldapHost' => $this->server['host'],
- 'ldapPort' => $this->server['port'],
- 'ldapBase' => $this->base,
- 'ldapAgentName' => $this->server['dn'],
- 'ldapAgentPassword' => $this->server['pwd'],
- 'ldapUserFilter' => 'objectclass=inetOrgPerson',
- 'ldapUserDisplayName' => 'cn',
- 'ldapGroupDisplayName' => 'cn',
- 'ldapLoginFilter' => '(|(uid=%uid)(samaccountname=%uid))',
- 'ldapCacheTTL' => 0,
- 'ldapConfigurationActive' => 1,
- ]);
- }
-
- /**
- * initializes an LDAP user manager instance
- * @return Manager
- */
- protected function initUserManager() {
- $this->userManager = new FakeManager();
- }
-
- /**
- * initializes the Access test instance
- */
- protected function initAccess() {
- $this->access = new Access($this->connection, $this->ldap, $this->userManager);
- }
-
- /**
- * runs the test cases while outputting progress and result information
- *
- * If a test failed, the script is exited with return code 1.
- */
- public function run() {
- $methods = get_class_methods($this);
- $atLeastOneCaseRan = false;
- foreach($methods as $method) {
- if(strpos($method, 'case') === 0) {
- print("running $method " . PHP_EOL);
- if(!$this->$method()) {
- print(PHP_EOL . '>>> !!! Test ' . $method . ' FAILED !!! <<<' . PHP_EOL . PHP_EOL);
- exit(1);
- }
- $atLeastOneCaseRan = true;
- }
- }
- if($atLeastOneCaseRan) {
- print('Tests succeeded' . PHP_EOL);
- } else {
- print('No Test was available.' . PHP_EOL);
- exit(1);
- }
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-use OC\ServerNotAvailableException;
-use OCA\User_LDAP\LDAP;
-
-/**
- * Class ExceptionOnLostConnection
- *
- * integration test, ensures that an exception is thrown, when the connection is lost.
- *
- * LDAP must be available via toxiproxy.
- *
- * This test must be run manually.
- *
- */
-class ExceptionOnLostConnection {
- /** @var string */
- private $toxiProxyHost;
-
- /** @var string */
- private $toxiProxyName;
-
- /** @var string */
- private $ldapBase;
-
- /** @var string|null */
- private $ldapBindDN;
-
- /** @var string|null */
- private $ldapBindPwd;
-
- /** @var string */
- private $ldapHost;
-
- /** @var \OCA\User_LDAP\LDAP */
- private $ldap;
-
- /** @var bool */
- private $originalProxyState;
-
- /**
- * @param string $proxyHost host of toxiproxy as url, like http://localhost:8474
- * @param string $proxyName name of the LDAP proxy service as configured in toxiProxy
- * @param string $ldapBase any valid LDAP base DN
- * @param null $bindDN optional, bind DN if anonymous bind is not possible
- * @param null $bindPwd optional
- */
- public function __construct($proxyHost, $proxyName, $ldapBase, $bindDN = null, $bindPwd = null) {
- $this->toxiProxyHost = $proxyHost;
- $this->toxiProxyName = $proxyName;
- $this->ldapBase = $ldapBase;
- $this->ldapBindDN = $bindDN;
- $this->ldapBindPwd = $bindPwd;
-
- $this->setUp();
- }
-
- /**
- * destructor
- */
- public function __destruct() {
- $this->cleanUp();
- }
-
- /**
- * prepares everything for the test run. Includes loading ownCloud and
- * the LDAP backend, as well as getting information about toxiproxy.
- * Also creates an instance of the LDAP class, the testee
- *
- * @throws Exception
- */
- public function setUp() {
- require_once __DIR__ . '/../../../../lib/base.php';
- \OC_App::loadApps('user_ldap');
-
- $ch = $this->getCurl();
- $proxyInfoJson = curl_exec($ch);
- $this->checkCurlResult($ch, $proxyInfoJson);
- $proxyInfo = json_decode($proxyInfoJson, true);
- $this->originalProxyState = $proxyInfo['enabled'];
- $this->ldapHost = 'ldap://' . $proxyInfo['listen']; // contains port as well
-
- $this->ldap = new LDAP();
- }
-
- /**
- * restores original state of the LDAP proxy, if necessary
- */
- public function cleanUp() {
- if($this->originalProxyState === true) {
- $this->setProxyState(true);
- }
- }
-
- /**
- * runs the test and prints the result. Exit code is 0 if successful, 1 on
- * fail
- */
- public function run() {
- if($this->originalProxyState === false) {
- $this->setProxyState(true);
- }
- //host contains port, 2nd parameter will be ignored
- $cr = $this->ldap->connect($this->ldapHost, 0);
- $this->ldap->bind($cr, $this->ldapBindDN, $this->ldapBindPwd);
- $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', array('dn'), true, 5);
-
- // disable LDAP, will cause lost connection
- $this->setProxyState(false);
- try {
- $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', array('dn'), true, 5);
- } catch (ServerNotAvailableException $e) {
- print("Test PASSED" . PHP_EOL);
- exit(0);
- }
- print("Test FAILED" . PHP_EOL);
- exit(1);
- }
-
- /**
- * tests whether a curl operation ran successfully. If not, an exception
- * is thrown
- *
- * @param resource $ch
- * @param mixed $result
- * @throws Exception
- */
- private function checkCurlResult($ch, $result) {
- if($result === false) {
- $error = curl_error($ch);
- curl_close($ch);
- throw new \Exception($error);
- }
- }
-
- /**
- * enables or disabled the LDAP proxy service in toxiproxy
- *
- * @param bool $isEnabled whether is should be enabled or disables
- * @throws Exception
- */
- private function setProxyState($isEnabled) {
- if(!is_bool($isEnabled)) {
- throw new \InvalidArgumentException('Bool expected');
- }
- $postData = json_encode(['enabled' => $isEnabled]);
- $ch = $this->getCurl();
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array(
- 'Content-Type: application/json',
- 'Content-Length: ' . strlen($postData))
- );
- $recvd = curl_exec($ch);
- $this->checkCurlResult($ch, $recvd);
- }
-
- /**
- * initializes a curl handler towards the toxiproxy LDAP proxy service
- * @return resource
- */
- private function getCurl() {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $this->toxiProxyHost . '/proxies/' . $this->toxiProxyName);
- curl_setopt($ch, CURLOPT_HEADER, false);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- return $ch;
- }
-}
-
-$test = new ExceptionOnLostConnection('http://localhost:8474', 'ldap', 'dc=owncloud,dc=bzoc');
-$test->run();
-
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration;
-
-/**
- * Class FakeManager
- *
- * this is a mock of \OCA\User_LDAP\User\Manager which is a dependency of
- * Access, that pulls plenty more things in. Because it is not needed in the
- * scope of these tests, we replace it with a mock.
- */
-class FakeManager extends \OCA\User_LDAP\User\Manager {
- public function __construct() {
- $this->ocConfig = \OC::$server->getConfig();
- $this->image = new \OCP\Image();
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\Connection;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
- require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
- parent::init();
- }
-
- /**
- * tests whether the group filter works with one specific group, while the
- * input is the same.
- *
- * @return bool
- */
- protected function case1() {
- $this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
-
- $dns = ['cn=RedGroup,ou=Groups,' . $this->base];
- $result = $this->access->groupsMatchFilter($dns);
- return ($dns === $result);
- }
-
- /**
- * Tests whether a filter for limited groups is effective when more existing
- * groups were passed for validation.
- *
- * @return bool
- */
- protected function case2() {
- $this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
-
- $dns = [
- 'cn=RedGroup,ou=Groups,' . $this->base,
- 'cn=BlueGroup,ou=Groups,' . $this->base,
- 'cn=PurpleGroup,ou=Groups,' . $this->base
- ];
- $result = $this->access->groupsMatchFilter($dns);
-
- $status =
- count($result) === 2
- && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
- && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
-
- return $status;
- }
-
- /**
- * Tests whether a filter for limited groups is effective when more existing
- * groups were passed for validation.
- *
- * @return bool
- */
- protected function case3() {
- $this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
-
- $dns = [
- 'cn=RedGroup,ou=Groups,' . $this->base,
- 'cn=PurpleGroup,ou=Groups,' . $this->base,
- 'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
- ];
- $result = $this->access->groupsMatchFilter($dns);
-
- $status =
- count($result) === 2
- && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
- && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
-
- return $status;
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'ldapBaseGroups' => 'ou=Groups,' . $this->base,
- 'ldapUserFilter' => 'objectclass=inetOrgPerson',
- 'ldapUserDisplayName' => 'displayName',
- 'ldapGroupDisplayName' => 'cn',
- 'ldapLoginFilter' => 'uid=%uid',
- ]);
- }
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationBackupServer extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $originalHost = $this->connection->ldapHost;
- $originalPort = $this->connection->ldapPort;
- $this->connection->setConfiguration([
- 'ldapHost' => 'qwertz.uiop',
- 'ldapPort' => '32123',
- 'ldap_backup_host' => $originalHost,
- 'ldap_backup_port' => $originalPort,
- ]);
- }
-
- /**
- * tests that a backup connection is being used when the main LDAP server
- * is offline
- *
- * Beware: after starting docker, the LDAP host might not be ready yet, thus
- * causing a false positive. Retry in that case… or increase the sleep time
- * in run-test.sh
- *
- * @return bool
- */
- protected function case1() {
- try {
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * ensures that an exception is thrown if LDAP main server and LDAP backup
- * server are not available
- *
- * @return bool
- */
- protected function case2() {
- // reset possible LDAP connection
- $this->initConnection();
- try {
- $this->connection->setConfiguration([
- 'ldap_backup_host' => 'qwertz.uiop',
- 'ldap_backup_port' => '32123',
- ]);
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return true;
- }
- return false;
- }
-
- /**
- * ensures that an exception is thrown if main LDAP server is down and a
- * backup server is not given
- *
- * @return bool
- */
- protected function case3() {
- // reset possible LDAP connection
- $this->initConnection();
- try {
- $this->connection->setConfiguration([
- 'ldap_backup_host' => '',
- 'ldap_backup_port' => '',
- ]);
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return true;
- }
- return false;
- }
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationBackupServer($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationTestBatchApplyUserAttributes extends AbstractIntegrationTest {
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- require(__DIR__ . '/../setup-scripts/createUsersWithoutDisplayName.php');
- parent::init();
-
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'ldapUserDisplayName' => 'displayname',
- ]);
- }
-
- /**
- * indirectly tests whether batchApplyUserAttributes does it job properly,
- * when a user without display name is included in the result set from LDAP.
- *
- * @return bool
- */
- protected function case1() {
- $result = $this->access->fetchListOfUsers('objectclass=person', 'dn');
- // on the original issue, PHP would emit a fatal error
- // – cannot catch it here, but will render the test as unsuccessful
- return is_array($result) && !empty($result);
- }
-
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationTestBatchApplyUserAttributes($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\User\Manager as LDAPUserManager;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationConnect extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /** @var string */
- protected $host;
-
- /** @var int */
- protected $port;
-
- public function __construct($host, $port, $bind, $pwd, $base) {
- // make sure host is a simple host name
- if(strpos($host, '://') !== false) {
- $host = substr_replace($host, '', 0, strpos($host, '://') + 3);
- }
- if(strpos($host, ':') !== false) {
- $host = substr_replace($host, '', strpos($host, ':'));
- }
- $this->host = $host;
- $this->port = $port;
- parent::__construct($host, $port, $bind, $pwd, $base);
- }
-
- /**
- * test that a faulty host will does not connect successfully
- *
- * @return bool
- */
- protected function case1() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => 'qwertz.uiop',
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return true;
- }
- return false;
- }
-
- /**
- * tests that a connect succeeds when only a hostname is provided
- *
- * @return bool
- */
- protected function case2() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => $this->host,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * tests that a connect succeeds when an LDAP URL is provided
- *
- * @return bool
- */
- protected function case3() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => 'ldap://' . $this->host,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * tests that a connect succeeds when an LDAP URL with port is provided
- *
- * @return bool
- */
- protected function case4() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => 'ldap://' . $this->host . ':' . $this->port,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * tests that a connect succeeds when a hostname with port is provided
- *
- * @return bool
- */
- protected function case5() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => $this->host . ':' . $this->port,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (\OC\ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * repeat case1, only to make sure that not a connection was reused by
- * accident.
- *
- * @return bool
- */
- protected function case6() {
- return $this->case1();
- }
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationConnect($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\User\Manager as LDAPUserManager;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationTestUserHome extends AbstractIntegrationTest {
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- parent::init();
- }
-
- /**
- * tests countUsersByLoginName where it is expected that the login name does
- * not match any LDAP user
- *
- * @return bool
- */
- protected function case1() {
- $result = $this->access->countUsersByLoginName('nothere');
- return $result === 0;
- }
-
- /**
- * tests countUsersByLoginName where it is expected that the login name does
- * match one LDAP user
- *
- * @return bool
- */
- protected function case2() {
- $result = $this->access->countUsersByLoginName('alice');
- return $result === 1;
- }
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\User\Manager as LDAPUserManager;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationTestUserHome extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- parent::init();
-
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
- }
-
- /**
- * tests fetchUserByLoginName where it is expected that the login name does
- * not match any LDAP user
- *
- * @return bool
- */
- protected function case1() {
- $result = $this->access->fetchUsersByLoginName('nothere');
- return $result === [];
- }
-
- /**
- * tests fetchUserByLoginName where it is expected that the login name does
- * match one LDAP user
- *
- * @return bool
- */
- protected function case2() {
- $result = $this->access->fetchUsersByLoginName('alice');
- return count($result) === 1;
- }
-
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\User\Manager as LDAPUserManager;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationTestPaging extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- parent::init();
-
- $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
- }
-
- /**
- * tests that paging works properly against a simple example (reading all
- * of few users in smallest steps)
- *
- * @return bool
- */
- protected function case1() {
- $limit = 1;
- $offset = 0;
-
- $filter = 'objectclass=inetorgperson';
- $attributes = ['cn', 'dn'];
- $users = [];
- do {
- $result = $this->access->searchUsers($filter, $attributes, $limit, $offset);
- foreach($result as $user) {
- $users[] = $user['cn'];
- }
- $offset += $limit;
- } while ($this->access->hasMoreResults());
-
- if(count($users) === 2) {
- return true;
- }
-
- return false;
- }
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationTestPaging($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\integration\lib;
-
-use OCA\User_LDAP\User\Manager as LDAPUserManager;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../../../../../lib/base.php';
-
-class IntegrationTestUserHome extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- parent::init();
-
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'homeFolderNamingRule' => 'homeDirectory',
- ]);
- }
-
- /**
- * initializes an LDAP user manager instance
- * @return LDAPUserManager
- */
- protected function initUserManager() {
- $this->userManager = new LDAPUserManager(
- \OC::$server->getConfig(),
- new \OCA\User_LDAP\FilesystemHelper(),
- new \OCA\User_LDAP\LogWrapper(),
- \OC::$server->getAvatarManager(),
- new \OCP\Image(),
- \OC::$server->getDatabaseConnection(),
- \OC::$server->getUserManager()
- );
- }
-
- /**
- * homeDirectory on LDAP is empty. Return values of getHome should be
- * identical to user name, following ownCloud default.
- *
- * @return bool
- */
- protected function case1() {
- \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false);
- $userManager = \OC::$server->getUserManager();
- $userManager->clearBackends();
- $userManager->registerBackend($this->backend);
- $users = $userManager->search('', 5, 0);
-
- foreach($users as $user) {
- $home = $user->getHome();
- $uid = $user->getUID();
- $posFound = strpos($home, '/' . $uid);
- $posExpected = strlen($home) - (strlen($uid) + 1);
- if($posFound === false || $posFound !== $posExpected) {
- print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
- return false;
- }
- }
-
- return true;
- }
-
- /**
- * homeDirectory on LDAP is empty. Having the attributes set is enforced.
- *
- * @return bool
- */
- protected function case2() {
- \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
- $userManager = \oc::$server->getUserManager();
- // clearing backends is critical, otherwise the userManager will have
- // the user objects cached and the value from case1 returned
- $userManager->clearBackends();
- $userManager->registerBackend($this->backend);
- $users = $userManager->search('', 5, 0);
-
- try {
- foreach ($users as $user) {
- $user->getHome();
- print('User home was retrieved without throwing an Exception!' . PHP_EOL);
- return false;
- }
- } catch (\Exception $e) {
- if(strpos($e->getMessage(), 'Home dir attribute') === 0) {
- return true;
- }
- }
-
- return false;
- }
-
- /**
- * homeDirectory on LDAP is set to "attr:" which is effectively empty.
- * Return values of getHome should be ownCloud default.
- *
- * @return bool
- */
- protected function case3() {
- \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
- $this->connection->setConfiguration([
- 'homeFolderNamingRule' => 'attr:',
- ]);
- $userManager = \oc::$server->getUserManager();
- $userManager->clearBackends();
- $userManager->registerBackend($this->backend);
- $users = $userManager->search('', 5, 0);
-
- try {
- foreach ($users as $user) {
- $home = $user->getHome();
- $uid = $user->getUID();
- $posFound = strpos($home, '/' . $uid);
- $posExpected = strlen($home) - (strlen($uid) + 1);
- if ($posFound === false || $posFound !== $posExpected) {
- print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
- return false;
- }
- }
- } catch (\Exception $e) {
- print("Unexpected Exception: " . $e->getMessage() . PHP_EOL);
- return false;
- }
-
- return true;
- }
-}
-
-require_once(__DIR__ . '/../setup-scripts/config.php');
-$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-use OCA\User_LDAP\User\User;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../../../../../../lib/base.php';
-
-class IntegrationTestUserAvatar extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php');
- parent::init();
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- $userBackend = new OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
- \OC_User::useBackend($userBackend);
- }
-
- /**
- * A method that does the common steps of test cases 1 and 2. The evaluation
- * is not happening here.
- *
- * @param string $dn
- * @param string $username
- * @param string $image
- */
- private function execFetchTest($dn, $username, $image) {
- $this->setJpegPhotoAttribute($dn, $image);
-
- // assigns our self-picked oc username to the dn
- $this->mapping->map($dn, $username, 'fakeUUID-' . $username);
-
- // initialize home folder and make sure that the user will update
- // also remove an possibly existing avatar
- \OC_Util::tearDownFS();
- \OC_Util::setupFS($username);
- \OC::$server->getUserFolder($username);
- \OC::$server->getConfig()->deleteUserValue($username, 'user_ldap', User::USER_PREFKEY_LASTREFRESH);
- if(\OC::$server->getAvatarManager()->getAvatar($username)->exists()) {
- \OC::$server->getAvatarManager()->getAvatar($username)->remove();
- }
-
- // finally attempt to get the avatar set
- $user = $this->userManager->get($dn);
- $user->updateAvatar();
- }
-
- /**
- * tests whether an avatar can be retrieved from LDAP and stored correctly
- *
- * @return bool
- */
- protected function case1() {
- $image = file_get_contents(__DIR__ . '/../../data/avatar-valid.jpg');
- $dn = 'uid=alice,ou=Users,' . $this->base;
- $username = 'alice1337';
-
- $this->execFetchTest($dn, $username, $image);
-
- return \OC::$server->getAvatarManager()->getAvatar($username)->exists();
- }
-
- /**
- * tests whether an image received from LDAP which is of an invalid file
- * type is dealt with properly (i.e. not set and not dying).
- *
- * @return bool
- */
- protected function case2() {
- // gif by Pmspinner from https://commons.wikimedia.org/wiki/File:Avatar2469_3.gif
- $image = file_get_contents(__DIR__ . '/../../data/avatar-invalid.gif');
- $dn = 'uid=boris,ou=Users,' . $this->base;
- $username = 'boris7844';
-
- $this->execFetchTest($dn, $username, $image);
-
- return !\OC::$server->getAvatarManager()->getAvatar($username)->exists();
- }
-
- /**
- * This writes an image to the 'jpegPhoto' attribute on LDAP.
- *
- * @param string $dn
- * @param string $image An image read via file_get_contents
- * @throws \OC\ServerNotAvailableException
- */
- private function setJpegPhotoAttribute($dn, $image) {
- $changeSet = ['jpegphoto' => $image];
- ldap_mod_add($this->connection->getConnectionResource(), $dn, $changeSet);
- }
-
- protected function initUserManager() {
- $this->userManager = new \OCA\User_LDAP\User\Manager(
- \OC::$server->getConfig(),
- new \OCA\User_LDAP\FilesystemHelper(),
- new \OCA\User_LDAP\LogWrapper(),
- \OC::$server->getAvatarManager(),
- new \OCP\Image(),
- \OC::$server->getDatabaseConnection(),
- \OC::$server->getUserManager()
- );
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'ldapUserFilter' => 'objectclass=inetOrgPerson',
- 'ldapUserDisplayName' => 'displayName',
- 'ldapGroupDisplayName' => 'cn',
- 'ldapLoginFilter' => 'uid=%uid',
- ]);
- }
-}
-
-require_once(__DIR__ . '/../../setup-scripts/config.php');
-$test = new IntegrationTestUserAvatar($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-use OCA\User_LDAP\User\User;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\user_ldap\tests\integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../../../../../../lib/base.php';
-
-class IntegrationTestUserDisplayName extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php');
- parent::init();
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- $userBackend = new OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig());
- \OC_User::useBackend($userBackend);
- }
-
- /**
- * adds a map entry for the user, so we know the username
- *
- * @param $dn
- * @param $username
- */
- private function prepareUser($dn, $username) {
- // assigns our self-picked oc username to the dn
- $this->mapping->map($dn, $username, 'fakeUUID-' . $username);
- }
-
- /**
- * tests whether a display name consisting of two parts is created correctly
- *
- * @return bool
- */
- protected function case1() {
- $username = 'alice1337';
- $dn = 'uid=alice,ou=Users,' . $this->base;
- $this->prepareUser($dn, $username);
- $displayName = \OC::$server->getUserManager()->get($username)->getDisplayName();
-
- return strpos($displayName, '(Alice@example.com)') !== false;
- }
-
- /**
- * tests whether a display name consisting of one part is created correctly
- *
- * @return bool
- */
- protected function case2() {
- $this->connection->setConfiguration([
- 'ldapUserDisplayName2' => '',
- ]);
- $username = 'boris23421';
- $dn = 'uid=boris,ou=Users,' . $this->base;
- $this->prepareUser($dn, $username);
- $displayName = \OC::$server->getUserManager()->get($username)->getDisplayName();
-
- return strpos($displayName, '(Boris@example.com)') === false;
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'ldapUserDisplayName' => 'displayName',
- 'ldapUserDisplayName2' => 'mail',
- ]);
- }
-}
-
-require_once(__DIR__ . '/../../setup-scripts/config.php');
-$test = new IntegrationTestUserDisplayName($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
+++ /dev/null
-# Requirements #
-
-Have (as in do copy if not already done) the following files from https://github.com/owncloud/administration/tree/master/ldap-testing copied into the directory "setup-scripts":
-
- * start.sh
- * stop.sh
- * config.php
-
-Configure config.php according to your needs, also have a look into the LDAP and network settings in start.sh and stop.sh.
-
-# Usage #
-
-The basic command to run a test is:
-
-```# ./run-test.sh [phpscript]```
-
-Yes, run it as root from within this directory.
-
-Example:
-
-```
-$ sudo ./run-test.sh lib/IntegrationTestAccessGroupsMatchFilter.php
-71cbe88a4993e67066714d71c1cecc5ef26a54911a208103cb6294f90459e574
-c74dc0155db4efa7a0515d419528a8727bbc7596601cf25b0df05e348bd74895
-CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-c74dc0155db4 osixia/phpldapadmin:0.5.1 "/sbin/my_init" 1 seconds ago Up Less than a second 80/tcp, 0.0.0.0:8443->443/tcp docker-phpldapadmin
-71cbe88a4993 nickstenning/slapd:latest "/sbin/my_init" 1 seconds ago Up Less than a second 127.0.0.1:7770->389/tcp docker-slapd
-
-LDAP server now available under 127.0.0.1:7770 (internal IP is 172.17.0.78)
-phpldapadmin now available under https://127.0.0.1:8443
-
-created user : Alice Ealic
-created group : RedGroup
-created group : BlueGroup
-created group : GreenGroup
-created group : PurpleGroup
-running case1
-running case2
-Tests succeeded
-Stopping and resetting containers
-docker-slapd
-docker-phpldapadmin
-docker-slapd
-docker-phpldapadmin
-```
-
-# How it works #
-
-1. start.sh is executed which brings up a fresh and clean OpenLDAP in Docker.
-2. The provided test script is executed. It also outputs results.
-3. stop.sh is executed to shut down OpenLDAP
-
-# Beware #
-
-This is quick solution for basically one test case. With expension this mechanism should be improved as well.
-
-It does not run automatically, unless you do it. No integration with any testing framework.
-
-exceptionOnLostConnection.php is not part of this mechanism. Read its source and run it isolated. While you're at it, port it :þ
-
+++ /dev/null
-#!/bin/sh
-
-if [ $1 ] ; then
- TESTSCRIPT=$1
-else
- echo "No test file given" exit
-fi
-
-if [ ! -e "$TESTSCRIPT" ] ; then
- echo "Test file does not exist"
- exit
-fi
-
-
-# sleep is necessary, otherwise the LDAP server cannot be connected to, yet.
-setup-scripts/start.sh && sleep 5 && php -f "$TESTSCRIPT"
-setup-scripts/stop.sh
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-if(php_sapi_name() !== 'cli') {
- print('Only via CLI, please.');
- exit(1);
-}
-
-include __DIR__ . '/config.php';
-
-$cr = ldap_connect($host, $port);
-ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-$ok = ldap_bind($cr, $adn, $apwd);
-
-if (!$ok) {
- die(ldap_error($cr));
-}
-
-$ouName = 'Groups';
-$ouDN = 'ou=' . $ouName . ',' . $bdn;
-
-//creates an OU
-if (true) {
- $entry = [];
- $entry['objectclass'][] = 'top';
- $entry['objectclass'][] = 'organizationalunit';
- $entry['ou'] = $ouName;
- $b = ldap_add($cr, $ouDN, $entry);
- if (!$b) {
- die(ldap_error($cr));
- }
-}
-
-$groups = ['RedGroup', 'BlueGroup', 'GreenGroup', 'PurpleGroup'];
-// groupOfNames requires groups to have at least one member
-// the member used is created by createExplicitUsers.php script
-$omniMember = 'uid=alice,ou=Users,' . $bdn;
-
-foreach ($groups as $cn) {
- $newDN = 'cn=' . $cn . ',' . $ouDN;
-
- $entry = [];
- $entry['cn'] = $cn;
- $entry['objectclass'][] = 'groupOfNames';
- $entry['member'][] = $omniMember;
-
- $ok = ldap_add($cr, $newDN, $entry);
- if ($ok) {
- echo('created group ' . ': ' . $entry['cn'] . PHP_EOL);
- } else {
- die(ldap_error($cr));
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-if(php_sapi_name() !== 'cli') {
- print('Only via CLI, please.');
- exit(1);
-}
-
-include __DIR__ . '/config.php';
-
-$cr = ldap_connect($host, $port);
-ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-$ok = ldap_bind($cr, $adn, $apwd);
-
-if (!$ok) {
- die(ldap_error($cr));
-}
-
-$ouName = 'SpecialGroups';
-$ouDN = 'ou=' . $ouName . ',' . $bdn;
-
-//creates an OU
-if (true) {
- $entry = [];
- $entry['objectclass'][] = 'top';
- $entry['objectclass'][] = 'organizationalunit';
- $entry['ou'] = $ouName;
- $b = ldap_add($cr, $ouDN, $entry);
- if (!$b) {
- die(ldap_error($cr));
- }
-}
-
-$groups = ['SquareGroup', 'CircleGroup', 'TriangleGroup', 'SquaredCircleGroup'];
-// groupOfNames requires groups to have at least one member
-// the member used is created by createExplicitUsers.php script
-$omniMember = 'uid=alice,ou=Users,' . $bdn;
-
-foreach ($groups as $cn) {
- $newDN = 'cn=' . $cn . ',' . $ouDN;
-
- $entry = [];
- $entry['cn'] = $cn;
- $entry['objectclass'][] = 'groupOfNames';
- $entry['member'][] = $omniMember;
-
- $ok = ldap_add($cr, $newDN, $entry);
- if ($ok) {
- echo('created group ' . ': ' . $entry['cn'] . PHP_EOL);
- } else {
- die(ldap_error($cr));
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-if(php_sapi_name() !== 'cli') {
- print('Only via CLI, please.');
- exit(1);
-}
-
-include __DIR__ . '/config.php';
-
-$cr = ldap_connect($host, $port);
-ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-$ok = ldap_bind($cr, $adn, $apwd);
-
-if (!$ok) {
- die(ldap_error($cr));
-}
-
-$ouName = 'Users';
-$ouDN = 'ou=' . $ouName . ',' . $bdn;
-
-//creates on OU
-if (true) {
- $entry = [];
- $entry['objectclass'][] = 'top';
- $entry['objectclass'][] = 'organizationalunit';
- $entry['ou'] = $ouName;
- $b = ldap_add($cr, $ouDN, $entry);
- if (!$b) {
- die(ldap_error($cr));
- }
-}
-
-$users = ['alice', 'boris'];
-
-foreach ($users as $uid) {
- $newDN = 'uid=' . $uid . ',' . $ouDN;
- $fn = ucfirst($uid);
- $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK.
-
- $entry = [];
- $entry['cn'] = $fn . ' ' . $sn;
- $entry['objectclass'][] = 'inetOrgPerson';
- $entry['objectclass'][] = 'person';
- $entry['sn'] = $sn;
- $entry['userPassword'] = $uid;
- $entry['displayName'] = $sn . ', ' . $fn;
- $entry['mail'] = $fn . '@example.com';
-
- $ok = ldap_add($cr, $newDN, $entry);
- if ($ok) {
- echo('created user ' . ': ' . $entry['cn'] . PHP_EOL);
- } else {
- die(ldap_error($cr));
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-if(php_sapi_name() !== 'cli') {
- print('Only via CLI, please.');
- exit(1);
-}
-
-include __DIR__ . '/config.php';
-
-$cr = ldap_connect($host, $port);
-ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-$ok = ldap_bind($cr, $adn, $apwd);
-
-if (!$ok) {
- die(ldap_error($cr));
-}
-
-$ouName = 'Users';
-$ouDN = 'ou=' . $ouName . ',' . $bdn;
-
-$users = ['robot'];
-
-foreach ($users as $uid) {
- $newDN = 'uid=' . $uid . ',' . $ouDN;
- $fn = ucfirst($uid);
- $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK.
-
- $entry = [];
- $entry['cn'] = ucfirst($uid);
- $entry['objectclass'][] = 'inetOrgPerson';
- $entry['objectclass'][] = 'person';
- $entry['sn'] = $sn;
- $entry['userPassword'] = $uid;
-
- $ok = ldap_add($cr, $newDN, $entry);
- if ($ok) {
- echo('created user ' . ': ' . $entry['cn'] . PHP_EOL);
- } else {
- die(ldap_error($cr));
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests;
-
-class Test_CleanUp extends \PHPUnit_Framework_TestCase {
- public function getMocks() {
- $mocks = array();
- $mocks['userBackend'] =
- $this->getMockBuilder('\OCA\User_LDAP\User_Proxy')
- ->disableOriginalConstructor()
- ->getMock();
- $mocks['deletedUsersIndex'] =
- $this->getMockBuilder('\OCA\User_LDAP\User\DeletedUsersIndex')
- ->disableOriginalConstructor()
- ->getMock();
- $mocks['ocConfig'] = $this->getMock('\OCP\IConfig');
- $mocks['db'] = $this->getMock('\OCP\IDBConnection');
- $mocks['helper'] = $this->getMock('\OCA\User_LDAP\Helper');
-
- return $mocks;
- }
-
- /**
- * clean up job must not run when there are disabled configurations
- */
- public function test_runNotAllowedByDisabledConfigurations() {
- $args = $this->getMocks();
- $args['helper']->expects($this->once())
- ->method('haveDisabledConfigurations')
- ->will($this->returnValue(true) );
-
- $args['ocConfig']->expects($this->never())
- ->method('getSystemValue');
-
- $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
- $bgJob->setArguments($args);
-
- $result = $bgJob->isCleanUpAllowed();
- $this->assertSame(false, $result);
- }
-
- /**
- * clean up job must not run when LDAP Helper is broken i.e.
- * returning unexpected results
- */
- public function test_runNotAllowedByBrokenHelper() {
- $args = $this->getMocks();
- $args['helper']->expects($this->once())
- ->method('haveDisabledConfigurations')
- ->will($this->throwException(new \Exception()));
-
- $args['ocConfig']->expects($this->never())
- ->method('getSystemValue');
-
- $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
- $bgJob->setArguments($args);
-
- $result = $bgJob->isCleanUpAllowed();
- $this->assertSame(false, $result);
- }
-
- /**
- * clean up job must not run when it is not enabled
- */
- public function test_runNotAllowedBySysConfig() {
- $args = $this->getMocks();
- $args['helper']->expects($this->once())
- ->method('haveDisabledConfigurations')
- ->will($this->returnValue(false));
-
- $args['ocConfig']->expects($this->once())
- ->method('getSystemValue')
- ->will($this->returnValue(false));
-
- $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
- $bgJob->setArguments($args);
-
- $result = $bgJob->isCleanUpAllowed();
- $this->assertSame(false, $result);
- }
-
- /**
- * clean up job is allowed to run
- */
- public function test_runIsAllowed() {
- $args = $this->getMocks();
- $args['helper']->expects($this->once())
- ->method('haveDisabledConfigurations')
- ->will($this->returnValue(false));
-
- $args['ocConfig']->expects($this->once())
- ->method('getSystemValue')
- ->will($this->returnValue(true));
-
- $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
- $bgJob->setArguments($args);
-
- $result = $bgJob->isCleanUpAllowed();
- $this->assertSame(true, $result);
- }
-
- /**
- * check whether offset will be reset when it needs to
- */
- public function test_OffsetResetIsNecessary() {
- $args = $this->getMocks();
-
- $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
- $bgJob->setArguments($args);
-
- $result = $bgJob->isOffsetResetNecessary($bgJob->getChunkSize() - 1);
- $this->assertSame(true, $result);
- }
-
- /**
- * make sure offset is not reset when it is not due
- */
- public function test_OffsetResetIsNotNecessary() {
- $args = $this->getMocks();
-
- $bgJob = new \OCA\User_LDAP\Jobs\CleanUp();
- $bgJob->setArguments($args);
-
- $result = $bgJob->isOffsetResetNecessary($bgJob->getChunkSize());
- $this->assertSame(false, $result);
- }
-
-}
-
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\mapping;
-
-abstract class AbstractMappingTest extends \Test\TestCase {
- abstract public function getMapper(\OCP\IDBConnection $dbMock);
-
- /**
- * kiss test on isColNameValid
- */
- public function testIsColNameValid() {
- $dbMock = $this->getMock('\OCP\IDBConnection');
- $mapper = $this->getMapper($dbMock);
-
- $this->assertTrue($mapper->isColNameValid('ldap_dn'));
- $this->assertFalse($mapper->isColNameValid('foobar'));
- }
-
- /**
- * returns an array of test entries with dn, name and uuid as keys
- * @return array
- */
- protected function getTestData() {
- $data = array(
- array(
- 'dn' => 'uid=foobar,dc=example,dc=org',
- 'name' => 'Foobar',
- 'uuid' => '1111-AAAA-1234-CDEF',
- ),
- array(
- 'dn' => 'uid=barfoo,dc=example,dc=org',
- 'name' => 'Barfoo',
- 'uuid' => '2222-BBBB-1234-CDEF',
- ),
- array(
- 'dn' => 'uid=barabara,dc=example,dc=org',
- 'name' => 'BaraBara',
- 'uuid' => '3333-CCCC-1234-CDEF',
- )
- );
-
- return $data;
- }
-
- /**
- * calls map() on the given mapper and asserts result for true
- * @param \OCA\User_LDAP\Mapping\AbstractMapping $mapper
- * @param array $data
- */
- protected function mapEntries($mapper, $data) {
- foreach($data as $entry) {
- $done = $mapper->map($entry['dn'], $entry['name'], $entry['uuid']);
- $this->assertTrue($done);
- }
- }
-
- /**
- * initalizes environment for a test run and returns an array with
- * test objects. Preparing environment means that all mappings are cleared
- * first and then filled with test entries.
- * @return array 0 = \OCA\User_LDAP\Mapping\AbstractMapping, 1 = array of
- * users or groups
- */
- private function initTest() {
- $dbc = \OC::$server->getDatabaseConnection();
- $mapper = $this->getMapper($dbc);
- $data = $this->getTestData();
- // make sure DB is pristine, then fill it with test entries
- $mapper->clear();
- $this->mapEntries($mapper, $data);
-
- return array($mapper, $data);
- }
-
- /**
- * tests map() method with input that should result in not-mapping.
- * Hint: successful mapping is tested inherently with mapEntries().
- */
- public function testMap() {
- list($mapper, $data) = $this->initTest();
-
- // test that mapping will not happen when it shall not
- $paramKeys = array('', 'dn', 'name', 'uuid');
- foreach($paramKeys as $key) {
- $failEntry = $data[0];
- if(!empty($key)) {
- $failEntry[$key] = 'do-not-get-mapped';
- }
- $isMapped = $mapper->map($failEntry['dn'], $failEntry['name'], $failEntry['uuid']);
- $this->assertFalse($isMapped);
- }
- }
-
- /**
- * tests unmap() for both successful and unsuccessful removing of
- * mapping entries
- */
- public function testUnmap() {
- list($mapper, $data) = $this->initTest();
-
- foreach($data as $entry) {
- $result = $mapper->unmap($entry['name']);
- $this->assertTrue($result);
- }
-
- $result = $mapper->unmap('notAnEntry');
- $this->assertFalse($result);
- }
-
- /**
- * tests getDNByName(), getNameByDN() and getNameByUUID() for successful
- * and unsuccessful requests.
- */
- public function testGetMethods() {
- list($mapper, $data) = $this->initTest();
-
- foreach($data as $entry) {
- $fdn = $mapper->getDNByName($entry['name']);
- $this->assertSame($fdn, $entry['dn']);
- }
- $fdn = $mapper->getDNByName('nosuchname');
- $this->assertFalse($fdn);
-
- foreach($data as $entry) {
- $name = $mapper->getNameByDN($entry['dn']);
- $this->assertSame($name, $entry['name']);
- }
- $name = $mapper->getNameByDN('nosuchdn');
- $this->assertFalse($name);
-
- foreach($data as $entry) {
- $name = $mapper->getNameByUUID($entry['uuid']);
- $this->assertSame($name, $entry['name']);
- }
- $name = $mapper->getNameByUUID('nosuchuuid');
- $this->assertFalse($name);
- }
-
- /**
- * tests getNamesBySearch() for successful and unsuccessful requests.
- */
- public function testSearch() {
- list($mapper,) = $this->initTest();
-
- $names = $mapper->getNamesBySearch('%oo%');
- $this->assertTrue(is_array($names));
- $this->assertSame(2, count($names));
- $this->assertTrue(in_array('Foobar', $names));
- $this->assertTrue(in_array('Barfoo', $names));
- $names = $mapper->getNamesBySearch('nada');
- $this->assertTrue(is_array($names));
- $this->assertSame(0, count($names));
- }
-
- /**
- * tests setDNbyUUID() for successful and unsuccessful update.
- */
- public function testSetMethod() {
- list($mapper, $data) = $this->initTest();
-
- $newDN = 'uid=modified,dc=example,dc=org';
- $done = $mapper->setDNbyUUID($newDN, $data[0]['uuid']);
- $this->assertTrue($done);
- $fdn = $mapper->getDNByName($data[0]['name']);
- $this->assertSame($fdn, $newDN);
-
- $newDN = 'uid=notme,dc=example,dc=org';
- $done = $mapper->setDNbyUUID($newDN, 'iamnothere');
- $this->assertFalse($done);
- $name = $mapper->getNameByDN($newDN);
- $this->assertFalse($name);
-
- }
-
- /**
- * tests clear() for successful update.
- */
- public function testClear() {
- list($mapper, $data) = $this->initTest();
-
- $done = $mapper->clear();
- $this->assertTrue($done);
- foreach($data as $entry) {
- $name = $mapper->getNameByUUID($entry['uuid']);
- $this->assertFalse($name);
- }
- }
-
- /**
- * tests getList() method
- */
- public function testList() {
- list($mapper, $data) = $this->initTest();
-
- // get all entries without specifying offset or limit
- $results = $mapper->getList();
- $this->assertSame(3, count($results));
-
- // get all-1 entries by specifying offset, and an high limit
- // specifying only offset without limit will not work by underlying lib
- $results = $mapper->getList(1, 999);
- $this->assertSame(count($data) - 1, count($results));
-
- // get first 2 entries by limit, but not offset
- $results = $mapper->getList(null, 2);
- $this->assertSame(2, count($results));
-
- // get 2nd entry by specifying both offset and limit
- $results = $mapper->getList(1, 1);
- $this->assertSame(1, count($results));
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\mapping;
-
-use OCA\User_LDAP\Mapping\GroupMapping;
-
-/**
- * Class Test_GroupMapping
- *
- * @group DB
- *
- * @package OCA\user_ldap\tests\mapping
- */
-class Test_GroupMapping extends AbstractMappingTest {
- public function getMapper(\OCP\IDBConnection $dbMock) {
- return new GroupMapping($dbMock);
- }
-}
+++ /dev/null
-<?php
-/**
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\user_ldap\tests\mapping;
-
-use OCA\User_LDAP\Mapping\UserMapping;
-
-/**
- * Class Test_UserMapping
- *
- * @group DB
- *
- * @package OCA\user_ldap\tests\mapping
- */
-class Test_UserMapping extends AbstractMappingTest {
- public function getMapper(\OCP\IDBConnection $dbMock) {
- return new UserMapping($dbMock);
- }
-}
projects / nextcloud-server.git / commitdiff
