mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 989 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60759 Commits
426 Branches
Tree: 9a37ca9b48
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9a37ca9b48'
${ noResults }
nextcloud/apps/user_ldap/tests/AccessTest.php

AccessTest.php 22KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>

  5.  *

  6.  * @author Andreas Fischer <bantu@owncloud.com>

  7.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  8.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  9.  * @author Joas Schilling <coding@schilljs.com>

  10.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  11.  * @author Lukas Reschke <lukas@statuscode.ch>

  12.  * @author Morris Jobke <hey@morrisjobke.de>

  13.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  14.  * @author Roger Szabo <roger.szabo@web.de>

  15.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  16.  * @author Victor Dubiniuk <dubiniuk@owncloud.com>

  17.  *

  18.  * @license AGPL-3.0

  19.  *

  20.  * This code is free software: you can redistribute it and/or modify

  21.  * it under the terms of the GNU Affero General Public License, version 3,

  22.  * as published by the Free Software Foundation.

  23.  *

  24.  * This program is distributed in the hope that it will be useful,

  25.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  26.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  27.  * GNU Affero General Public License for more details.

  28.  *

  29.  * You should have received a copy of the GNU Affero General Public License, version 3,

  30.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  31.  *

  32.  */

  33. namespace OCA\User_LDAP\Tests;

  34. 

  35. use OCA\User_LDAP\Access;

  36. use OCA\User_LDAP\Connection;

  37. use OCA\User_LDAP\Exceptions\ConstraintViolationException;

  38. use OCA\User_LDAP\FilesystemHelper;

  39. use OCA\User_LDAP\Helper;

  40. use OCA\User_LDAP\ILDAPWrapper;

  41. use OCA\User_LDAP\LDAP;

  42. use OCA\User_LDAP\Mapping\GroupMapping;

  43. use OCA\User_LDAP\Mapping\UserMapping;

  44. use OCA\User_LDAP\User\Manager;

  45. use OCA\User_LDAP\User\OfflineUser;

  46. use OCA\User_LDAP\User\User;

  47. use OCP\IAvatarManager;

  48. use OCP\IConfig;

  49. use OCP\Image;

  50. use OCP\IUserManager;

  51. use OCP\Notification\IManager as INotificationManager;

  52. use OCP\Share\IManager;

  53. use Psr\Log\LoggerInterface;

  54. use Test\TestCase;

  55. 

  56. /**

  57.  * Class AccessTest

  58.  *

  59.  * @group DB

  60.  *

  61.  * @package OCA\User_LDAP\Tests

  62.  */

  63. class AccessTest extends TestCase {

  64. 	/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject */

  65. 	protected $userMapper;

  66. 	/** @var IManager|\PHPUnit\Framework\MockObject\MockObject */

  67. 	protected $shareManager;

  68. 	/** @var GroupMapping|\PHPUnit\Framework\MockObject\MockObject */

  69. 	protected $groupMapper;

  70. 	/** @var Connection|\PHPUnit\Framework\MockObject\MockObject */

  71. 	private $connection;

  72. 	/** @var LDAP|\PHPUnit\Framework\MockObject\MockObject */

  73. 	private $ldap;

  74. 	/** @var Manager|\PHPUnit\Framework\MockObject\MockObject */

  75. 	private $userManager;

  76. 	/** @var Helper|\PHPUnit\Framework\MockObject\MockObject */

  77. 	private $helper;

  78. 	/** @var  IConfig|\PHPUnit\Framework\MockObject\MockObject */

  79. 	private $config;

  80. 	/** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */

  81. 	private $ncUserManager;

  82. 	/** @var LoggerInterface|MockObject */

  83. 	private $logger;

  84. 	/** @var Access */

  85. 	private $access;

  86. 

  87. 	protected function setUp(): void {

  88. 		$this->connection = $this->createMock(Connection::class);

  89. 		$this->ldap = $this->createMock(LDAP::class);

  90. 		$this->userManager = $this->createMock(Manager::class);

  91. 		$this->helper = $this->createMock(Helper::class);

  92. 		$this->config = $this->createMock(IConfig::class);

  93. 		$this->userMapper = $this->createMock(UserMapping::class);

  94. 		$this->groupMapper = $this->createMock(GroupMapping::class);

  95. 		$this->ncUserManager = $this->createMock(IUserManager::class);

  96. 		$this->shareManager = $this->createMock(IManager::class);

  97. 		$this->logger = $this->createMock(LoggerInterface::class);

  98. 

  99. 		$this->access = new Access(

  100. 			$this->connection,

  101. 			$this->ldap,

  102. 			$this->userManager,

  103. 			$this->helper,

  104. 			$this->config,

  105. 			$this->ncUserManager,

  106. 			$this->logger

  107. 		);

  108. 		$this->access->setUserMapper($this->userMapper);

  109. 		$this->access->setGroupMapper($this->groupMapper);

  110. 	}

  111. 

  112. 	private function getConnectorAndLdapMock() {

  113. 		$lw = $this->createMock(ILDAPWrapper::class);

  114. 		$connector = $this->getMockBuilder(Connection::class)

  115. 			->setConstructorArgs([$lw, null, null])

  116. 			->getMock();

  117. 		$um = $this->getMockBuilder(Manager::class)

  118. 			->setConstructorArgs([

  119. 				$this->createMock(IConfig::class),

  120. 				$this->createMock(FilesystemHelper::class),

  121. 				$this->createMock(LoggerInterface::class),

  122. 				$this->createMock(IAvatarManager::class),

  123. 				$this->createMock(Image::class),

  124. 				$this->createMock(IUserManager::class),

  125. 				$this->createMock(INotificationManager::class),

  126. 				$this->shareManager])

  127. 			->getMock();

  128. 		$helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection());

  129. 

  130. 		return [$lw, $connector, $um, $helper];

  131. 	}

  132. 

  133. 	public function testEscapeFilterPartValidChars() {

  134. 		$input = 'okay';

  135. 		$this->assertTrue($input === $this->access->escapeFilterPart($input));

  136. 	}

  137. 

  138. 	public function testEscapeFilterPartEscapeWildcard() {

  139. 		$input = '*';

  140. 		$expected = '\\\\*';

  141. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));

  142. 	}

  143. 

  144. 	public function testEscapeFilterPartEscapeWildcard2() {

  145. 		$input = 'foo*bar';

  146. 		$expected = 'foo\\\\*bar';

  147. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));

  148. 	}

  149. 

  150. 	/**

  151. 	 * @dataProvider convertSID2StrSuccessData

  152. 	 * @param array $sidArray

  153. 	 * @param $sidExpected

  154. 	 */

  155. 	public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {

  156. 		$sidBinary = implode('', $sidArray);

  157. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary));

  158. 	}

  159. 

  160. 	public function convertSID2StrSuccessData() {

  161. 		return [

  162. 			[

  163. 				[

  164. 					"\x01",

  165. 					"\x04",

  166. 					"\x00\x00\x00\x00\x00\x05",

  167. 					"\x15\x00\x00\x00",

  168. 					"\xa6\x81\xe5\x0e",

  169. 					"\x4d\x6c\x6c\x2b",

  170. 					"\xca\x32\x05\x5f",

  171. 				],

  172. 				'S-1-5-21-249921958-728525901-1594176202',

  173. 			],

  174. 			[

  175. 				[

  176. 					"\x01",

  177. 					"\x02",

  178. 					"\xFF\xFF\xFF\xFF\xFF\xFF",

  179. 					"\xFF\xFF\xFF\xFF",

  180. 					"\xFF\xFF\xFF\xFF",

  181. 				],

  182. 				'S-1-281474976710655-4294967295-4294967295',

  183. 			],

  184. 		];

  185. 	}

  186. 

  187. 	public function testConvertSID2StrInputError() {

  188. 		$sidIllegal = 'foobar';

  189. 		$sidExpected = '';

  190. 

  191. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal));

  192. 	}

  193. 

  194. 	public function testGetDomainDNFromDNSuccess() {

  195. 		$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';

  196. 		$domainDN = 'dc=my,dc=server,dc=com';

  197. 

  198. 		$this->ldap->expects($this->once())

  199. 			->method('explodeDN')

  200. 			->with($inputDN, 0)

  201. 			->willReturn(explode(',', $inputDN));

  202. 

  203. 		$this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN));

  204. 	}

  205. 

  206. 	public function testGetDomainDNFromDNError() {

  207. 		$inputDN = 'foobar';

  208. 		$expected = '';

  209. 

  210. 		$this->ldap->expects($this->once())

  211. 			->method('explodeDN')

  212. 			->with($inputDN, 0)

  213. 			->willReturn(false);

  214. 

  215. 		$this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN));

  216. 	}

  217. 

  218. 	public function dnInputDataProvider() {

  219. 		return  [[

  220. 			[

  221. 				'input' => 'foo=bar,bar=foo,dc=foobar',

  222. 				'interResult' => [

  223. 					'count' => 3,

  224. 					0 => 'foo=bar',

  225. 					1 => 'bar=foo',

  226. 					2 => 'dc=foobar'

  227. 				],

  228. 				'expectedResult' => true

  229. 			],

  230. 			[

  231. 				'input' => 'foobarbarfoodcfoobar',

  232. 				'interResult' => false,

  233. 				'expectedResult' => false

  234. 			]

  235. 		]];

  236. 	}

  237. 

  238. 	/**

  239. 	 * @dataProvider dnInputDataProvider

  240. 	 * @param array $case

  241. 	 */

  242. 	public function testStringResemblesDN($case) {

  243. 		[$lw, $con, $um, $helper] = $this->getConnectorAndLdapMock();

  244. 		/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */

  245. 		$config = $this->createMock(IConfig::class);

  246. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger);

  247. 

  248. 		$lw->expects($this->exactly(1))

  249. 			->method('explodeDN')

  250. 			->willReturnCallback(function ($dn) use ($case) {

  251. 				if ($dn === $case['input']) {

  252. 					return $case['interResult'];

  253. 				}

  254. 				return null;

  255. 			});

  256. 

  257. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));

  258. 	}

  259. 

  260. 	/**

  261. 	 * @dataProvider dnInputDataProvider

  262. 	 * @param $case

  263. 	 */

  264. 	public function testStringResemblesDNLDAPmod($case) {

  265. 		[, $con, $um, $helper] = $this->getConnectorAndLdapMock();

  266. 		/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */

  267. 		$config = $this->createMock(IConfig::class);

  268. 		$lw = new LDAP();

  269. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger);

  270. 

  271. 		if (!function_exists('ldap_explode_dn')) {

  272. 			$this->markTestSkipped('LDAP Module not available');

  273. 		}

  274. 

  275. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));

  276. 	}

  277. 

  278. 	public function testCacheUserHome() {

  279. 		$this->connection->expects($this->once())

  280. 			->method('writeToCache');

  281. 

  282. 		$this->access->cacheUserHome('foobar', '/foobars/path');

  283. 	}

  284. 

  285. 	public function testBatchApplyUserAttributes() {

  286. 		$this->ldap->expects($this->any())

  287. 			->method('isResource')

  288. 			->willReturn(true);

  289. 

  290. 		$this->ldap->expects($this->any())

  291. 			->method('getAttributes')

  292. 			->willReturn(['displayname' => ['bar', 'count' => 1]]);

  293. 

  294. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  295. 		$mapperMock = $this->createMock(UserMapping::class);

  296. 		$mapperMock->expects($this->any())

  297. 			->method('getNameByDN')

  298. 			->willReturn(false);

  299. 		$mapperMock->expects($this->any())

  300. 			->method('map')

  301. 			->willReturn(true);

  302. 

  303. 		$userMock = $this->createMock(User::class);

  304. 

  305. 		// also returns for userUuidAttribute

  306. 		$this->access->connection->expects($this->any())

  307. 			->method('__get')

  308. 			->willReturn('displayName');

  309. 

  310. 		$this->access->setUserMapper($mapperMock);

  311. 

  312. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);

  313. 		$data = [

  314. 			[

  315. 				'dn' => ['foobar'],

  316. 				$displayNameAttribute => 'barfoo'

  317. 			],

  318. 			[

  319. 				'dn' => ['foo'],

  320. 				$displayNameAttribute => 'bar'

  321. 			],

  322. 			[

  323. 				'dn' => ['raboof'],

  324. 				$displayNameAttribute => 'oofrab'

  325. 			]

  326. 		];

  327. 

  328. 		$userMock->expects($this->exactly(count($data)))

  329. 			->method('processAttributes');

  330. 

  331. 		$this->userManager->expects($this->exactly(count($data) * 2))

  332. 			->method('get')

  333. 			->willReturn($userMock);

  334. 

  335. 		$this->access->batchApplyUserAttributes($data);

  336. 	}

  337. 

  338. 	public function testBatchApplyUserAttributesSkipped() {

  339. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  340. 		$mapperMock = $this->createMock(UserMapping::class);

  341. 		$mapperMock->expects($this->any())

  342. 			->method('getNameByDN')

  343. 			->willReturn('a_username');

  344. 

  345. 		$userMock = $this->createMock(User::class);

  346. 

  347. 		$this->access->connection->expects($this->any())

  348. 			->method('__get')

  349. 			->willReturn('displayName');

  350. 

  351. 		$this->access->setUserMapper($mapperMock);

  352. 

  353. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);

  354. 		$data = [

  355. 			[

  356. 				'dn' => ['foobar'],

  357. 				$displayNameAttribute => 'barfoo'

  358. 			],

  359. 			[

  360. 				'dn' => ['foo'],

  361. 				$displayNameAttribute => 'bar'

  362. 			],

  363. 			[

  364. 				'dn' => ['raboof'],

  365. 				$displayNameAttribute => 'oofrab'

  366. 			]

  367. 		];

  368. 

  369. 		$userMock->expects($this->never())

  370. 			->method('processAttributes');

  371. 

  372. 		$this->userManager->expects($this->any())

  373. 			->method('get')

  374. 			->willReturn($this->createMock(User::class));

  375. 

  376. 		$this->access->batchApplyUserAttributes($data);

  377. 	}

  378. 

  379. 	public function testBatchApplyUserAttributesDontSkip() {

  380. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  381. 		$mapperMock = $this->createMock(UserMapping::class);

  382. 		$mapperMock->expects($this->any())

  383. 			->method('getNameByDN')

  384. 			->willReturn('a_username');

  385. 

  386. 		$userMock = $this->createMock(User::class);

  387. 

  388. 		$this->access->connection->expects($this->any())

  389. 			->method('__get')

  390. 			->willReturn('displayName');

  391. 

  392. 		$this->access->setUserMapper($mapperMock);

  393. 

  394. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);

  395. 		$data = [

  396. 			[

  397. 				'dn' => ['foobar'],

  398. 				$displayNameAttribute => 'barfoo'

  399. 			],

  400. 			[

  401. 				'dn' => ['foo'],

  402. 				$displayNameAttribute => 'bar'

  403. 			],

  404. 			[

  405. 				'dn' => ['raboof'],

  406. 				$displayNameAttribute => 'oofrab'

  407. 			]

  408. 		];

  409. 

  410. 		$userMock->expects($this->exactly(count($data)))

  411. 			->method('processAttributes');

  412. 

  413. 		$this->userManager->expects($this->exactly(count($data) * 2))

  414. 			->method('get')

  415. 			->willReturn($userMock);

  416. 

  417. 		$this->access->batchApplyUserAttributes($data);

  418. 	}

  419. 

  420. 	public function dNAttributeProvider() {

  421. 		// corresponds to Access::resemblesDN()

  422. 		return [

  423. 			'dn' => ['dn'],

  424. 			'uniqueMember' => ['uniquemember'],

  425. 			'member' => ['member'],

  426. 			'memberOf' => ['memberof']

  427. 		];

  428. 	}

  429. 

  430. 	/**

  431. 	 * @dataProvider dNAttributeProvider

  432. 	 * @param $attribute

  433. 	 */

  434. 	public function testSanitizeDN($attribute) {

  435. 		[$lw, $con, $um, $helper] = $this->getConnectorAndLdapMock();

  436. 		/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */

  437. 		$config = $this->createMock(IConfig::class);

  438. 

  439. 		$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';

  440. 

  441. 		$lw->expects($this->any())

  442. 			->method('isResource')

  443. 			->willReturn(true);

  444. 		$lw->expects($this->any())

  445. 			->method('getAttributes')

  446. 			->willReturn([

  447. 				$attribute => ['count' => 1, $dnFromServer]

  448. 			]);

  449. 

  450. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger);

  451. 		$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);

  452. 		$this->assertSame($values[0], strtolower($dnFromServer));

  453. 	}

  454. 

  455. 

  456. 	public function testSetPasswordWithDisabledChanges() {

  457. 		$this->expectException(\Exception::class);

  458. 		$this->expectExceptionMessage('LDAP password changes are disabled');

  459. 

  460. 		$this->connection

  461. 			->method('__get')

  462. 			->willReturn(false);

  463. 

  464. 		/** @noinspection PhpUnhandledExceptionInspection */

  465. 		$this->access->setPassword('CN=foo', 'MyPassword');

  466. 	}

  467. 

  468. 	public function testSetPasswordWithLdapNotAvailable() {

  469. 		$this->connection

  470. 			->method('__get')

  471. 			->willReturn(true);

  472. 		$connection = $this->createMock(LDAP::class);

  473. 		$this->connection

  474. 			->expects($this->once())

  475. 			->method('getConnectionResource')

  476. 			->willReturn($connection);

  477. 		$this->ldap

  478. 			->expects($this->once())

  479. 			->method('isResource')

  480. 			->with($connection)

  481. 			->willReturn(false);

  482. 

  483. 		/** @noinspection PhpUnhandledExceptionInspection */

  484. 		$this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword'));

  485. 	}

  486. 

  487. 

  488. 	public function testSetPasswordWithRejectedChange() {

  489. 		$this->expectException(\OCP\HintException::class);

  490. 		$this->expectExceptionMessage('Password change rejected.');

  491. 

  492. 		$this->connection

  493. 			->method('__get')

  494. 			->willReturn(true);

  495. 		$connection = $this->createMock(LDAP::class);

  496. 		$this->connection

  497. 			->expects($this->once())

  498. 			->method('getConnectionResource')

  499. 			->willReturn($connection);

  500. 		$this->ldap

  501. 			->expects($this->once())

  502. 			->method('isResource')

  503. 			->with($connection)

  504. 			->willReturn(true);

  505. 		$this->ldap

  506. 			->expects($this->once())

  507. 			->method('modReplace')

  508. 			->with($connection, 'CN=foo', 'MyPassword')

  509. 			->willThrowException(new ConstraintViolationException());

  510. 

  511. 		/** @noinspection PhpUnhandledExceptionInspection */

  512. 		$this->access->setPassword('CN=foo', 'MyPassword');

  513. 	}

  514. 

  515. 	public function testSetPassword() {

  516. 		$this->connection

  517. 			->method('__get')

  518. 			->willReturn(true);

  519. 		$connection = $this->createMock(LDAP::class);

  520. 		$this->connection

  521. 			->expects($this->once())

  522. 			->method('getConnectionResource')

  523. 			->willReturn($connection);

  524. 		$this->ldap

  525. 			->expects($this->once())

  526. 			->method('isResource')

  527. 			->with($connection)

  528. 			->willReturn(true);

  529. 		$this->ldap

  530. 			->expects($this->once())

  531. 			->method('modReplace')

  532. 			->with($connection, 'CN=foo', 'MyPassword')

  533. 			->willReturn(true);

  534. 

  535. 		/** @noinspection PhpUnhandledExceptionInspection */

  536. 		$this->assertTrue($this->access->setPassword('CN=foo', 'MyPassword'));

  537. 	}

  538. 

  539. 	protected function prepareMocksForSearchTests(

  540. 		$base,

  541. 		$fakeConnection,

  542. 		$fakeSearchResultResource,

  543. 		$fakeLdapEntries

  544. 	) {

  545. 		$this->connection

  546. 			->expects($this->any())

  547. 			->method('getConnectionResource')

  548. 			->willReturn($fakeConnection);

  549. 		$this->connection->expects($this->any())

  550. 			->method('__get')

  551. 			->willReturnCallback(function ($key) use ($base) {

  552. 				if (stripos($key, 'base') !== false) {

  553. 					return [$base];

  554. 				}

  555. 				return null;

  556. 			});

  557. 

  558. 		$this->ldap

  559. 			->expects($this->any())

  560. 			->method('isResource')

  561. 			->willReturnCallback(function ($resource) {

  562. 				return is_resource($resource) || is_object($resource);

  563. 			});

  564. 		$this->ldap

  565. 			->expects($this->any())

  566. 			->method('errno')

  567. 			->willReturn(0);

  568. 		$this->ldap

  569. 			->expects($this->once())

  570. 			->method('search')

  571. 			->willReturn($fakeSearchResultResource);

  572. 		$this->ldap

  573. 			->expects($this->exactly(1))

  574. 			->method('getEntries')

  575. 			->willReturn($fakeLdapEntries);

  576. 

  577. 		$this->helper->expects($this->any())

  578. 			->method('sanitizeDN')

  579. 			->willReturnArgument(0);

  580. 	}

  581. 

  582. 	public function testSearchNoPagedSearch() {

  583. 		// scenario: no pages search, 1 search base

  584. 		$filter = 'objectClass=nextcloudUser';

  585. 		$base = 'ou=zombies,dc=foobar,dc=nextcloud,dc=com';

  586. 

  587. 		$fakeConnection = ldap_connect();

  588. 		$fakeSearchResultResource = ldap_connect();

  589. 		$fakeLdapEntries = [

  590. 			'count' => 2,

  591. 			[

  592. 				'dn' => 'uid=sgarth,' . $base,

  593. 			],

  594. 			[

  595. 				'dn' => 'uid=wwilson,' . $base,

  596. 			]

  597. 		];

  598. 

  599. 		$expected = $fakeLdapEntries;

  600. 		unset($expected['count']);

  601. 

  602. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);

  603. 

  604. 		/** @noinspection PhpUnhandledExceptionInspection */

  605. 		$result = $this->access->search($filter, $base);

  606. 		$this->assertSame($expected, $result);

  607. 	}

  608. 

  609. 	public function testFetchListOfUsers() {

  610. 		$filter = 'objectClass=nextcloudUser';

  611. 		$base = 'ou=zombies,dc=foobar,dc=nextcloud,dc=com';

  612. 		$attrs = ['dn', 'uid'];

  613. 

  614. 		$fakeConnection = ldap_connect();

  615. 		$fakeSearchResultResource = ldap_connect();

  616. 		$fakeLdapEntries = [

  617. 			'count' => 2,

  618. 			[

  619. 				'dn' => 'uid=sgarth,' . $base,

  620. 				'uid' => [ 'sgarth' ],

  621. 			],

  622. 			[

  623. 				'dn' => 'uid=wwilson,' . $base,

  624. 				'uid' => [ 'wwilson' ],

  625. 			]

  626. 		];

  627. 		$expected = $fakeLdapEntries;

  628. 		unset($expected['count']);

  629. 		array_walk($expected, function (&$v) {

  630. 			$v['dn'] = [$v['dn']];	// dn is translated into an array internally for consistency

  631. 		});

  632. 

  633. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);

  634. 

  635. 		$this->connection->expects($this->exactly($fakeLdapEntries['count']))

  636. 			->method('writeToCache')

  637. 			->with($this->stringStartsWith('userExists'), true);

  638. 

  639. 		$this->userMapper->expects($this->exactly($fakeLdapEntries['count']))

  640. 			->method('getNameByDN')

  641. 			->willReturnCallback(function ($fdn) {

  642. 				$parts = ldap_explode_dn($fdn, false);

  643. 				return $parts[0];

  644. 			});

  645. 

  646. 		/** @noinspection PhpUnhandledExceptionInspection */

  647. 		$list = $this->access->fetchListOfUsers($filter, $attrs);

  648. 		$this->assertSame($expected, $list);

  649. 	}

  650. 

  651. 	public function testFetchListOfGroupsKnown() {

  652. 		$filter = 'objectClass=nextcloudGroup';

  653. 		$attributes = ['cn', 'gidNumber', 'dn'];

  654. 		$base = 'ou=SomeGroups,dc=my,dc=directory';

  655. 

  656. 		$fakeConnection = ldap_connect();

  657. 		$fakeSearchResultResource = ldap_connect();

  658. 		$fakeLdapEntries = [

  659. 			'count' => 2,

  660. 			[

  661. 				'dn' => 'cn=Good Team,' . $base,

  662. 				'cn' => ['Good Team'],

  663. 			],

  664. 			[

  665. 				'dn' => 'cn=Another Good Team,' . $base,

  666. 				'cn' => ['Another Good Team'],

  667. 			]

  668. 		];

  669. 

  670. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);

  671. 

  672. 		$this->groupMapper->expects($this->any())

  673. 			->method('getListOfIdsByDn')

  674. 			->willReturn([

  675. 				'cn=Good Team,' . $base => 'Good_Team',

  676. 				'cn=Another Good Team,' . $base => 'Another_Good_Team',

  677. 			]);

  678. 		$this->groupMapper->expects($this->never())

  679. 			->method('getNameByDN');

  680. 

  681. 		$this->connection->expects($this->exactly(2))

  682. 			->method('writeToCache');

  683. 

  684. 		$groups = $this->access->fetchListOfGroups($filter, $attributes);

  685. 		$this->assertSame(2, count($groups));

  686. 		$this->assertSame('Good Team', $groups[0]['cn'][0]);

  687. 		$this->assertSame('Another Good Team', $groups[1]['cn'][0]);

  688. 	}

  689. 

  690. 	public function intUsernameProvider() {

  691. 		return [

  692. 			['alice', 'alice'],

  693. 			['b/ob', 'bob'],

  694. 			['charly🐬', 'charly'],

  695. 			['debo rah', 'debo_rah'],

  696. 			['epost@poste.test', 'epost@poste.test'],

  697. 			['fränk', 'frank'],

  698. 			[' UPPÉR Case/[\]^`', 'UPPER_Case'],

  699. 			[' gerda ', 'gerda'],

  700. 			['🕱🐵🐘🐑', null],

  701. 			[

  702. 				'OneNameToRuleThemAllOneNameToFindThemOneNameToBringThemAllAndInTheDarknessBindThem',

  703. 				'81ff71b5dd0f0092e2dc977b194089120093746e273f2ef88c11003762783127'

  704. 			]

  705. 		];

  706. 	}

  707. 

  708. 	public function groupIDCandidateProvider() {

  709. 		return [

  710. 			['alice', 'alice'],

  711. 			['b/ob', 'b/ob'],

  712. 			['charly🐬', 'charly🐬'],

  713. 			['debo rah', 'debo rah'],

  714. 			['epost@poste.test', 'epost@poste.test'],

  715. 			['fränk', 'fränk'],

  716. 			[' gerda ', 'gerda'],

  717. 			['🕱🐵🐘🐑', '🕱🐵🐘🐑'],

  718. 			[

  719. 				'OneNameToRuleThemAllOneNameToFindThemOneNameToBringThemAllAndInTheDarknessBindThem',

  720. 				'81ff71b5dd0f0092e2dc977b194089120093746e273f2ef88c11003762783127'

  721. 			]

  722. 		];

  723. 	}

  724. 

  725. 	/**

  726. 	 * @dataProvider intUsernameProvider

  727. 	 *

  728. 	 * @param $name

  729. 	 * @param $expected

  730. 	 */

  731. 	public function testSanitizeUsername($name, $expected) {

  732. 		if ($expected === null) {

  733. 			$this->expectException(\InvalidArgumentException::class);

  734. 		}

  735. 		$sanitizedName = $this->access->sanitizeUsername($name);

  736. 		$this->assertSame($expected, $sanitizedName);

  737. 	}

  738. 

  739. 	/**

  740. 	 * @dataProvider groupIDCandidateProvider

  741. 	 */

  742. 	public function testSanitizeGroupIDCandidate(string $name, string $expected) {

  743. 		$sanitizedName = $this->access->sanitizeGroupIDCandidate($name);

  744. 		$this->assertSame($expected, $sanitizedName);

  745. 	}

  746. 

  747. 	public function testUserStateUpdate() {

  748. 		$this->connection->expects($this->any())

  749. 			->method('__get')

  750. 			->willReturnMap([

  751. 				[ 'ldapUserDisplayName', 'displayName' ],

  752. 				[ 'ldapUserDisplayName2', null],

  753. 			]);

  754. 

  755. 		$offlineUserMock = $this->createMock(OfflineUser::class);

  756. 		$offlineUserMock->expects($this->once())

  757. 			->method('unmark');

  758. 

  759. 		$regularUserMock = $this->createMock(User::class);

  760. 

  761. 		$this->userManager->expects($this->atLeastOnce())

  762. 			->method('get')

  763. 			->with('detta')

  764. 			->willReturnOnConsecutiveCalls($offlineUserMock, $regularUserMock);

  765. 

  766. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  767. 		$mapperMock = $this->createMock(UserMapping::class);

  768. 		$mapperMock->expects($this->any())

  769. 			->method('getNameByDN')

  770. 			->with('uid=detta,ou=users,dc=hex,dc=ample')

  771. 			->willReturn('detta');

  772. 		$this->access->setUserMapper($mapperMock);

  773. 

  774. 		$records = [

  775. 			[

  776. 				'dn' => ['uid=detta,ou=users,dc=hex,dc=ample'],

  777. 				'displayName' => ['Detta Detkova'],

  778. 			]

  779. 		];

  780. 		$this->access->nextcloudUserNames($records);

  781. 	}

  782. }