mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57403 Commits
379 Branches
Tree: eb502c02ff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'eb502c02ff'
${ noResults }
nextcloud/apps/user_ldap/tests/AccessTest.php

AccessTest.php 21KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>

  5.  *

  6.  * @author Andreas Fischer <bantu@owncloud.com>

  7.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  8.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  9.  * @author Joas Schilling <coding@schilljs.com>

  10.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  11.  * @author Lukas Reschke <lukas@statuscode.ch>

  12.  * @author Morris Jobke <hey@morrisjobke.de>

  13.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  14.  * @author Roger Szabo <roger.szabo@web.de>

  15.  * @author root <root@localhost.localdomain>

  16.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  17.  * @author Victor Dubiniuk <dubiniuk@owncloud.com>

  18.  *

  19.  * @license AGPL-3.0

  20.  *

  21.  * This code is free software: you can redistribute it and/or modify

  22.  * it under the terms of the GNU Affero General Public License, version 3,

  23.  * as published by the Free Software Foundation.

  24.  *

  25.  * This program is distributed in the hope that it will be useful,

  26.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  27.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  28.  * GNU Affero General Public License for more details.

  29.  *

  30.  * You should have received a copy of the GNU Affero General Public License, version 3,

  31.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  32.  *

  33.  */

  34. 

  35. namespace OCA\User_LDAP\Tests;

  36. 

  37. use OCA\User_LDAP\Access;

  38. use OCA\User_LDAP\Connection;

  39. use OCA\User_LDAP\Exceptions\ConstraintViolationException;

  40. use OCA\User_LDAP\FilesystemHelper;

  41. use OCA\User_LDAP\Helper;

  42. use OCA\User_LDAP\ILDAPWrapper;

  43. use OCA\User_LDAP\LDAP;

  44. use OCA\User_LDAP\LogWrapper;

  45. use OCA\User_LDAP\Mapping\GroupMapping;

  46. use OCA\User_LDAP\Mapping\UserMapping;

  47. use OCA\User_LDAP\User\Manager;

  48. use OCA\User_LDAP\User\OfflineUser;

  49. use OCA\User_LDAP\User\User;

  50. use OCP\IAvatarManager;

  51. use OCP\IConfig;

  52. use OCP\Image;

  53. use OCP\IUserManager;

  54. use OCP\Notification\IManager as INotificationManager;

  55. use OCP\Share\IManager;

  56. use Test\TestCase;

  57. 

  58. /**

  59.  * Class AccessTest

  60.  *

  61.  * @group DB

  62.  *

  63.  * @package OCA\User_LDAP\Tests

  64.  */

  65. class AccessTest extends TestCase {

  66. 	/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject */

  67. 	protected $userMapper;

  68. 	/** @var IManager|\PHPUnit\Framework\MockObject\MockObject */

  69. 	protected $shareManager;

  70. 	/** @var GroupMapping|\PHPUnit\Framework\MockObject\MockObject */

  71. 	protected $groupMapper;

  72. 	/** @var Connection|\PHPUnit\Framework\MockObject\MockObject */

  73. 	private $connection;

  74. 	/** @var LDAP|\PHPUnit\Framework\MockObject\MockObject */

  75. 	private $ldap;

  76. 	/** @var Manager|\PHPUnit\Framework\MockObject\MockObject */

  77. 	private $userManager;

  78. 	/** @var Helper|\PHPUnit\Framework\MockObject\MockObject */

  79. 	private $helper;

  80. 	/** @var  IConfig|\PHPUnit\Framework\MockObject\MockObject */

  81. 	private $config;

  82. 	/** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */

  83. 	private $ncUserManager;

  84. 	/** @var Access */

  85. 	private $access;

  86. 

  87. 	protected function setUp(): void {

  88. 		$this->connection = $this->createMock(Connection::class);

  89. 		$this->ldap = $this->createMock(LDAP::class);

  90. 		$this->userManager = $this->createMock(Manager::class);

  91. 		$this->helper = $this->createMock(Helper::class);

  92. 		$this->config = $this->createMock(IConfig::class);

  93. 		$this->userMapper = $this->createMock(UserMapping::class);

  94. 		$this->groupMapper = $this->createMock(GroupMapping::class);

  95. 		$this->ncUserManager = $this->createMock(IUserManager::class);

  96. 		$this->shareManager = $this->createMock(IManager::class);

  97. 

  98. 		$this->access = new Access(

  99. 			$this->connection,

  100. 			$this->ldap,

  101. 			$this->userManager,

  102. 			$this->helper,

  103. 			$this->config,

  104. 			$this->ncUserManager

  105. 		);

  106. 		$this->access->setUserMapper($this->userMapper);

  107. 		$this->access->setGroupMapper($this->groupMapper);

  108. 	}

  109. 

  110. 	private function getConnectorAndLdapMock() {

  111. 		$lw = $this->createMock(ILDAPWrapper::class);

  112. 		$connector = $this->getMockBuilder(Connection::class)

  113. 			->setConstructorArgs([$lw, null, null])

  114. 			->getMock();

  115. 		$um = $this->getMockBuilder(Manager::class)

  116. 			->setConstructorArgs([

  117. 				$this->createMock(IConfig::class),

  118. 				$this->createMock(FilesystemHelper::class),

  119. 				$this->createMock(LogWrapper::class),

  120. 				$this->createMock(IAvatarManager::class),

  121. 				$this->createMock(Image::class),

  122. 				$this->createMock(IUserManager::class),

  123. 				$this->createMock(INotificationManager::class),

  124. 				$this->shareManager])

  125. 			->getMock();

  126. 		$helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection());

  127. 

  128. 		return [$lw, $connector, $um, $helper];

  129. 	}

  130. 

  131. 	public function testEscapeFilterPartValidChars() {

  132. 		$input = 'okay';

  133. 		$this->assertTrue($input === $this->access->escapeFilterPart($input));

  134. 	}

  135. 

  136. 	public function testEscapeFilterPartEscapeWildcard() {

  137. 		$input = '*';

  138. 		$expected = '\\\\*';

  139. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));

  140. 	}

  141. 

  142. 	public function testEscapeFilterPartEscapeWildcard2() {

  143. 		$input = 'foo*bar';

  144. 		$expected = 'foo\\\\*bar';

  145. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));

  146. 	}

  147. 

  148. 	/**

  149. 	 * @dataProvider convertSID2StrSuccessData

  150. 	 * @param array $sidArray

  151. 	 * @param $sidExpected

  152. 	 */

  153. 	public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {

  154. 		$sidBinary = implode('', $sidArray);

  155. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary));

  156. 	}

  157. 

  158. 	public function convertSID2StrSuccessData() {

  159. 		return [

  160. 			[

  161. 				[

  162. 					"\x01",

  163. 					"\x04",

  164. 					"\x00\x00\x00\x00\x00\x05",

  165. 					"\x15\x00\x00\x00",

  166. 					"\xa6\x81\xe5\x0e",

  167. 					"\x4d\x6c\x6c\x2b",

  168. 					"\xca\x32\x05\x5f",

  169. 				],

  170. 				'S-1-5-21-249921958-728525901-1594176202',

  171. 			],

  172. 			[

  173. 				[

  174. 					"\x01",

  175. 					"\x02",

  176. 					"\xFF\xFF\xFF\xFF\xFF\xFF",

  177. 					"\xFF\xFF\xFF\xFF",

  178. 					"\xFF\xFF\xFF\xFF",

  179. 				],

  180. 				'S-1-281474976710655-4294967295-4294967295',

  181. 			],

  182. 		];

  183. 	}

  184. 

  185. 	public function testConvertSID2StrInputError() {

  186. 		$sidIllegal = 'foobar';

  187. 		$sidExpected = '';

  188. 

  189. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal));

  190. 	}

  191. 

  192. 	public function testGetDomainDNFromDNSuccess() {

  193. 		$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';

  194. 		$domainDN = 'dc=my,dc=server,dc=com';

  195. 

  196. 		$this->ldap->expects($this->once())

  197. 			->method('explodeDN')

  198. 			->with($inputDN, 0)

  199. 			->willReturn(explode(',', $inputDN));

  200. 

  201. 		$this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN));

  202. 	}

  203. 

  204. 	public function testGetDomainDNFromDNError() {

  205. 		$inputDN = 'foobar';

  206. 		$expected = '';

  207. 

  208. 		$this->ldap->expects($this->once())

  209. 			->method('explodeDN')

  210. 			->with($inputDN, 0)

  211. 			->willReturn(false);

  212. 

  213. 		$this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN));

  214. 	}

  215. 

  216. 	public function dnInputDataProvider() {

  217. 		return  [[

  218. 			[

  219. 				'input' => 'foo=bar,bar=foo,dc=foobar',

  220. 				'interResult' => [

  221. 					'count' => 3,

  222. 					0 => 'foo=bar',

  223. 					1 => 'bar=foo',

  224. 					2 => 'dc=foobar'

  225. 				],

  226. 				'expectedResult' => true

  227. 			],

  228. 			[

  229. 				'input' => 'foobarbarfoodcfoobar',

  230. 				'interResult' => false,

  231. 				'expectedResult' => false

  232. 			]

  233. 		]];

  234. 	}

  235. 

  236. 	/**

  237. 	 * @dataProvider dnInputDataProvider

  238. 	 * @param array $case

  239. 	 */

  240. 	public function testStringResemblesDN($case) {

  241. 		[$lw, $con, $um, $helper] = $this->getConnectorAndLdapMock();

  242. 		/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */

  243. 		$config = $this->createMock(IConfig::class);

  244. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);

  245. 

  246. 		$lw->expects($this->exactly(1))

  247. 			->method('explodeDN')

  248. 			->willReturnCallback(function ($dn) use ($case) {

  249. 				if ($dn === $case['input']) {

  250. 					return $case['interResult'];

  251. 				}

  252. 				return null;

  253. 			});

  254. 

  255. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));

  256. 	}

  257. 

  258. 	/**

  259. 	 * @dataProvider dnInputDataProvider

  260. 	 * @param $case

  261. 	 */

  262. 	public function testStringResemblesDNLDAPmod($case) {

  263. 		[, $con, $um, $helper] = $this->getConnectorAndLdapMock();

  264. 		/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */

  265. 		$config = $this->createMock(IConfig::class);

  266. 		$lw = new LDAP();

  267. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);

  268. 

  269. 		if (!function_exists('ldap_explode_dn')) {

  270. 			$this->markTestSkipped('LDAP Module not available');

  271. 		}

  272. 

  273. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));

  274. 	}

  275. 

  276. 	public function testCacheUserHome() {

  277. 		$this->connection->expects($this->once())

  278. 			->method('writeToCache');

  279. 

  280. 		$this->access->cacheUserHome('foobar', '/foobars/path');

  281. 	}

  282. 

  283. 	public function testBatchApplyUserAttributes() {

  284. 		$this->ldap->expects($this->any())

  285. 			->method('isResource')

  286. 			->willReturn(true);

  287. 

  288. 		$this->ldap->expects($this->any())

  289. 			->method('getAttributes')

  290. 			->willReturn(['displayname' => ['bar', 'count' => 1]]);

  291. 

  292. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  293. 		$mapperMock = $this->createMock(UserMapping::class);

  294. 		$mapperMock->expects($this->any())

  295. 			->method('getNameByDN')

  296. 			->willReturn(false);

  297. 		$mapperMock->expects($this->any())

  298. 			->method('map')

  299. 			->willReturn(true);

  300. 

  301. 		$userMock = $this->createMock(User::class);

  302. 

  303. 		// also returns for userUuidAttribute

  304. 		$this->access->connection->expects($this->any())

  305. 			->method('__get')

  306. 			->willReturn('displayName');

  307. 

  308. 		$this->access->setUserMapper($mapperMock);

  309. 

  310. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);

  311. 		$data = [

  312. 			[

  313. 				'dn' => ['foobar'],

  314. 				$displayNameAttribute => 'barfoo'

  315. 			],

  316. 			[

  317. 				'dn' => ['foo'],

  318. 				$displayNameAttribute => 'bar'

  319. 			],

  320. 			[

  321. 				'dn' => ['raboof'],

  322. 				$displayNameAttribute => 'oofrab'

  323. 			]

  324. 		];

  325. 

  326. 		$userMock->expects($this->exactly(count($data)))

  327. 			->method('processAttributes');

  328. 

  329. 		$this->userManager->expects($this->exactly(count($data) * 2))

  330. 			->method('get')

  331. 			->willReturn($userMock);

  332. 

  333. 		$this->access->batchApplyUserAttributes($data);

  334. 	}

  335. 

  336. 	public function testBatchApplyUserAttributesSkipped() {

  337. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  338. 		$mapperMock = $this->createMock(UserMapping::class);

  339. 		$mapperMock->expects($this->any())

  340. 			->method('getNameByDN')

  341. 			->willReturn('a_username');

  342. 

  343. 		$userMock = $this->createMock(User::class);

  344. 

  345. 		$this->access->connection->expects($this->any())

  346. 			->method('__get')

  347. 			->willReturn('displayName');

  348. 

  349. 		$this->access->setUserMapper($mapperMock);

  350. 

  351. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);

  352. 		$data = [

  353. 			[

  354. 				'dn' => ['foobar'],

  355. 				$displayNameAttribute => 'barfoo'

  356. 			],

  357. 			[

  358. 				'dn' => ['foo'],

  359. 				$displayNameAttribute => 'bar'

  360. 			],

  361. 			[

  362. 				'dn' => ['raboof'],

  363. 				$displayNameAttribute => 'oofrab'

  364. 			]

  365. 		];

  366. 

  367. 		$userMock->expects($this->never())

  368. 			->method('processAttributes');

  369. 

  370. 		$this->userManager->expects($this->any())

  371. 			->method('get')

  372. 			->willReturn($this->createMock(User::class));

  373. 

  374. 		$this->access->batchApplyUserAttributes($data);

  375. 	}

  376. 

  377. 	public function testBatchApplyUserAttributesDontSkip() {

  378. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  379. 		$mapperMock = $this->createMock(UserMapping::class);

  380. 		$mapperMock->expects($this->any())

  381. 			->method('getNameByDN')

  382. 			->willReturn('a_username');

  383. 

  384. 		$userMock = $this->createMock(User::class);

  385. 

  386. 		$this->access->connection->expects($this->any())

  387. 			->method('__get')

  388. 			->willReturn('displayName');

  389. 

  390. 		$this->access->setUserMapper($mapperMock);

  391. 

  392. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);

  393. 		$data = [

  394. 			[

  395. 				'dn' => ['foobar'],

  396. 				$displayNameAttribute => 'barfoo'

  397. 			],

  398. 			[

  399. 				'dn' => ['foo'],

  400. 				$displayNameAttribute => 'bar'

  401. 			],

  402. 			[

  403. 				'dn' => ['raboof'],

  404. 				$displayNameAttribute => 'oofrab'

  405. 			]

  406. 		];

  407. 

  408. 		$userMock->expects($this->exactly(count($data)))

  409. 			->method('processAttributes');

  410. 

  411. 		$this->userManager->expects($this->exactly(count($data) * 2))

  412. 			->method('get')

  413. 			->willReturn($userMock);

  414. 

  415. 		$this->access->batchApplyUserAttributes($data);

  416. 	}

  417. 

  418. 	public function dNAttributeProvider() {

  419. 		// corresponds to Access::resemblesDN()

  420. 		return [

  421. 			'dn' => ['dn'],

  422. 			'uniqueMember' => ['uniquemember'],

  423. 			'member' => ['member'],

  424. 			'memberOf' => ['memberof']

  425. 		];

  426. 	}

  427. 

  428. 	/**

  429. 	 * @dataProvider dNAttributeProvider

  430. 	 * @param $attribute

  431. 	 */

  432. 	public function testSanitizeDN($attribute) {

  433. 		[$lw, $con, $um, $helper] = $this->getConnectorAndLdapMock();

  434. 		/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */

  435. 		$config = $this->createMock(IConfig::class);

  436. 

  437. 		$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';

  438. 

  439. 		$lw->expects($this->any())

  440. 			->method('isResource')

  441. 			->willReturn(true);

  442. 		$lw->expects($this->any())

  443. 			->method('getAttributes')

  444. 			->willReturn([

  445. 				$attribute => ['count' => 1, $dnFromServer]

  446. 			]);

  447. 

  448. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);

  449. 		$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);

  450. 		$this->assertSame($values[0], strtolower($dnFromServer));

  451. 	}

  452. 

  453. 

  454. 	public function testSetPasswordWithDisabledChanges() {

  455. 		$this->expectException(\Exception::class);

  456. 		$this->expectExceptionMessage('LDAP password changes are disabled');

  457. 

  458. 		$this->connection

  459. 			->method('__get')

  460. 			->willReturn(false);

  461. 

  462. 		/** @noinspection PhpUnhandledExceptionInspection */

  463. 		$this->access->setPassword('CN=foo', 'MyPassword');

  464. 	}

  465. 

  466. 	public function testSetPasswordWithLdapNotAvailable() {

  467. 		$this->connection

  468. 			->method('__get')

  469. 			->willReturn(true);

  470. 		$connection = $this->createMock(LDAP::class);

  471. 		$this->connection

  472. 			->expects($this->once())

  473. 			->method('getConnectionResource')

  474. 			->willReturn($connection);

  475. 		$this->ldap

  476. 			->expects($this->once())

  477. 			->method('isResource')

  478. 			->with($connection)

  479. 			->willReturn(false);

  480. 

  481. 		/** @noinspection PhpUnhandledExceptionInspection */

  482. 		$this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword'));

  483. 	}

  484. 

  485. 

  486. 	public function testSetPasswordWithRejectedChange() {

  487. 		$this->expectException(\OC\HintException::class);

  488. 		$this->expectExceptionMessage('Password change rejected.');

  489. 

  490. 		$this->connection

  491. 			->method('__get')

  492. 			->willReturn(true);

  493. 		$connection = $this->createMock(LDAP::class);

  494. 		$this->connection

  495. 			->expects($this->once())

  496. 			->method('getConnectionResource')

  497. 			->willReturn($connection);

  498. 		$this->ldap

  499. 			->expects($this->once())

  500. 			->method('isResource')

  501. 			->with($connection)

  502. 			->willReturn(true);

  503. 		$this->ldap

  504. 			->expects($this->once())

  505. 			->method('modReplace')

  506. 			->with($connection, 'CN=foo', 'MyPassword')

  507. 			->willThrowException(new ConstraintViolationException());

  508. 

  509. 		/** @noinspection PhpUnhandledExceptionInspection */

  510. 		$this->access->setPassword('CN=foo', 'MyPassword');

  511. 	}

  512. 

  513. 	public function testSetPassword() {

  514. 		$this->connection

  515. 			->method('__get')

  516. 			->willReturn(true);

  517. 		$connection = $this->createMock(LDAP::class);

  518. 		$this->connection

  519. 			->expects($this->once())

  520. 			->method('getConnectionResource')

  521. 			->willReturn($connection);

  522. 		$this->ldap

  523. 			->expects($this->once())

  524. 			->method('isResource')

  525. 			->with($connection)

  526. 			->willReturn(true);

  527. 		$this->ldap

  528. 			->expects($this->once())

  529. 			->method('modReplace')

  530. 			->with($connection, 'CN=foo', 'MyPassword')

  531. 			->willReturn(true);

  532. 

  533. 		/** @noinspection PhpUnhandledExceptionInspection */

  534. 		$this->assertTrue($this->access->setPassword('CN=foo', 'MyPassword'));

  535. 	}

  536. 

  537. 	protected function prepareMocksForSearchTests(

  538. 		$base,

  539. 		$fakeConnection,

  540. 		$fakeSearchResultResource,

  541. 		$fakeLdapEntries

  542. 	) {

  543. 		$this->connection

  544. 			->expects($this->any())

  545. 			->method('getConnectionResource')

  546. 			->willReturn($fakeConnection);

  547. 		$this->connection->expects($this->any())

  548. 			->method('__get')

  549. 			->willReturnCallback(function ($key) use ($base) {

  550. 				if (stripos($key, 'base') !== false) {

  551. 					return [$base];

  552. 				}

  553. 				return null;

  554. 			});

  555. 

  556. 		$this->ldap

  557. 			->expects($this->any())

  558. 			->method('isResource')

  559. 			->willReturnCallback(function ($resource) {

  560. 				return is_resource($resource);

  561. 			});

  562. 		$this->ldap

  563. 			->expects($this->any())

  564. 			->method('errno')

  565. 			->willReturn(0);

  566. 		$this->ldap

  567. 			->expects($this->once())

  568. 			->method('search')

  569. 			->willReturn($fakeSearchResultResource);

  570. 		$this->ldap

  571. 			->expects($this->exactly(1))

  572. 			->method('getEntries')

  573. 			->willReturn($fakeLdapEntries);

  574. 

  575. 		$this->helper->expects($this->any())

  576. 			->method('sanitizeDN')

  577. 			->willReturnArgument(0);

  578. 	}

  579. 

  580. 	public function testSearchNoPagedSearch() {

  581. 		// scenario: no pages search, 1 search base

  582. 		$filter = 'objectClass=nextcloudUser';

  583. 		$base = 'ou=zombies,dc=foobar,dc=nextcloud,dc=com';

  584. 

  585. 		$fakeConnection = ldap_connect();

  586. 		$fakeSearchResultResource = ldap_connect();

  587. 		$fakeLdapEntries = [

  588. 			'count' => 2,

  589. 			[

  590. 				'dn' => 'uid=sgarth,' . $base,

  591. 			],

  592. 			[

  593. 				'dn' => 'uid=wwilson,' . $base,

  594. 			]

  595. 		];

  596. 

  597. 		$expected = $fakeLdapEntries;

  598. 		unset($expected['count']);

  599. 

  600. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);

  601. 

  602. 		/** @noinspection PhpUnhandledExceptionInspection */

  603. 		$result = $this->access->search($filter, $base);

  604. 		$this->assertSame($expected, $result);

  605. 	}

  606. 

  607. 	public function testFetchListOfUsers() {

  608. 		$filter = 'objectClass=nextcloudUser';

  609. 		$base = 'ou=zombies,dc=foobar,dc=nextcloud,dc=com';

  610. 		$attrs = ['dn', 'uid'];

  611. 

  612. 		$fakeConnection = ldap_connect();

  613. 		$fakeSearchResultResource = ldap_connect();

  614. 		$fakeLdapEntries = [

  615. 			'count' => 2,

  616. 			[

  617. 				'dn' => 'uid=sgarth,' . $base,

  618. 				'uid' => [ 'sgarth' ],

  619. 			],

  620. 			[

  621. 				'dn' => 'uid=wwilson,' . $base,

  622. 				'uid' => [ 'wwilson' ],

  623. 			]

  624. 		];

  625. 		$expected = $fakeLdapEntries;

  626. 		unset($expected['count']);

  627. 		array_walk($expected, function (&$v) {

  628. 			$v['dn'] = [$v['dn']];	// dn is translated into an array internally for consistency

  629. 		});

  630. 

  631. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);

  632. 

  633. 		$this->connection->expects($this->exactly($fakeLdapEntries['count']))

  634. 			->method('writeToCache')

  635. 			->with($this->stringStartsWith('userExists'), true);

  636. 

  637. 		$this->userMapper->expects($this->exactly($fakeLdapEntries['count']))

  638. 			->method('getNameByDN')

  639. 			->willReturnCallback(function ($fdn) {

  640. 				$parts = ldap_explode_dn($fdn, false);

  641. 				return $parts[0];

  642. 			});

  643. 

  644. 		/** @noinspection PhpUnhandledExceptionInspection */

  645. 		$list = $this->access->fetchListOfUsers($filter, $attrs);

  646. 		$this->assertSame($expected, $list);

  647. 	}

  648. 

  649. 	public function testFetchListOfGroupsKnown() {

  650. 		$filter = 'objectClass=nextcloudGroup';

  651. 		$attributes = ['cn', 'gidNumber', 'dn'];

  652. 		$base = 'ou=SomeGroups,dc=my,dc=directory';

  653. 

  654. 		$fakeConnection = ldap_connect();

  655. 		$fakeSearchResultResource = ldap_connect();

  656. 		$fakeLdapEntries = [

  657. 			'count' => 2,

  658. 			[

  659. 				'dn' => 'cn=Good Team,' . $base,

  660. 				'cn' => ['Good Team'],

  661. 			],

  662. 			[

  663. 				'dn' => 'cn=Another Good Team,' . $base,

  664. 				'cn' => ['Another Good Team'],

  665. 			]

  666. 		];

  667. 

  668. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);

  669. 

  670. 		$this->groupMapper->expects($this->any())

  671. 			->method('getListOfIdsByDn')

  672. 			->willReturn([

  673. 				'cn=Good Team,' . $base => 'Good_Team',

  674. 				'cn=Another Good Team,' . $base => 'Another_Good_Team',

  675. 			]);

  676. 		$this->groupMapper->expects($this->never())

  677. 			->method('getNameByDN');

  678. 

  679. 		$this->connection->expects($this->exactly(2))

  680. 			->method('writeToCache');

  681. 

  682. 		$groups = $this->access->fetchListOfGroups($filter, $attributes);

  683. 		$this->assertSame(2, count($groups));

  684. 		$this->assertSame('Good Team', $groups[0]['cn'][0]);

  685. 		$this->assertSame('Another Good Team', $groups[1]['cn'][0]);

  686. 	}

  687. 

  688. 	public function intUsernameProvider() {

  689. 		// system dependent :-/

  690. 		$translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';

  691. 

  692. 		return [

  693. 			['alice', 'alice'],

  694. 			['b/ob', 'bob'],

  695. 			['charly🐬', 'charly'],

  696. 			['debo rah', 'debo_rah'],

  697. 			['epost@poste.test', 'epost@poste.test'],

  698. 			['fränk', $translitExpected],

  699. 			[' gerda ', 'gerda'],

  700. 			['🕱🐵🐘🐑', null]

  701. 		];

  702. 	}

  703. 

  704. 	/**

  705. 	 * @dataProvider intUsernameProvider

  706. 	 *

  707. 	 * @param $name

  708. 	 * @param $expected

  709. 	 */

  710. 	public function testSanitizeUsername($name, $expected) {

  711. 		if ($name === 'fränk' && PHP_MAJOR_VERSION > 7) {

  712. 			$this->markTestSkipped('Special chars do boom still on CI in php8');

  713. 		}

  714. 		if ($expected === null) {

  715. 			$this->expectException(\InvalidArgumentException::class);

  716. 		}

  717. 		$sanitizedName = $this->access->sanitizeUsername($name);

  718. 		$this->assertSame($expected, $sanitizedName);

  719. 	}

  720. 

  721. 	public function testUserStateUpdate() {

  722. 		$this->connection->expects($this->any())

  723. 			->method('__get')

  724. 			->willReturnMap([

  725. 				[ 'ldapUserDisplayName', 'displayName' ],

  726. 				[ 'ldapUserDisplayName2', null],

  727. 			]);

  728. 

  729. 		$offlineUserMock = $this->createMock(OfflineUser::class);

  730. 		$offlineUserMock->expects($this->once())

  731. 			->method('unmark');

  732. 

  733. 		$regularUserMock = $this->createMock(User::class);

  734. 

  735. 		$this->userManager->expects($this->atLeastOnce())

  736. 			->method('get')

  737. 			->with('detta')

  738. 			->willReturnOnConsecutiveCalls($offlineUserMock, $regularUserMock);

  739. 

  740. 		/** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */

  741. 		$mapperMock = $this->createMock(UserMapping::class);

  742. 		$mapperMock->expects($this->any())

  743. 			->method('getNameByDN')

  744. 			->with('uid=detta,ou=users,dc=hex,dc=ample')

  745. 			->willReturn('detta');

  746. 		$this->access->setUserMapper($mapperMock);

  747. 

  748. 		$records = [

  749. 			[

  750. 				'dn' => ['uid=detta,ou=users,dc=hex,dc=ample'],

  751. 				'displayName' => ['Detta Detkova'],

  752. 			]

  753. 		];

  754. 		$this->access->nextcloudUserNames($records);

  755. 	}

  756. }