fix(tests): Ensure ldap server can be reached in integration tests on GitHub Actions and other improvments

* Run integration tests for every pull request * Also print docker logs of service containers (ldap, redis) * Ensure consistent `datadir` for test assertions * Test openldap features separatly * Only the LDAP tests rely on `/dev/shm` while `federated.feature` rely on real directory access Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
author: Ferdinand Thiessen <opensource@fthiessen.de> 2023-10-29 18:51:33 +0100
committer: Joas Schilling <coding@schilljs.com> 2024-01-26 13:53:34 +0100
commit: 52cc18efc0baa916b23350fe5fbb0b0081af5def (patch)
tree: c7f2760679e0b14189396af7ce3c44f574065857 /build/integration/openldap_numerical_features
parent: b64d03279586c0b26ca73818e9d5110176d8ae7b (diff)
download: nextcloud-server-52cc18efc0baa916b23350fe5fbb0b0081af5def.tar.gz
nextcloud-server-52cc18efc0baa916b23350fe5fbb0b0081af5def.zip
1 files changed, 96 insertions, 0 deletions
diff --git a/build/integration/openldap_numerical_features/openldap-numerical-id.feature b/build/integration/openldap_numerical_features/openldap-numerical-id.feature
new file mode 100644
index 00000000000..75eb6827192
--- /dev/null
+++ b/build/integration/openldap_numerical_features/openldap-numerical-id.feature
@@ -0,0 +1,96 @@
+Feature: LDAP
+  Background:
+    Given using api version "2"
+    And having a valid LDAP configuration
+    And modify LDAP configuration
+      | ldapExpertUsernameAttr | employeeNumber |
+      | ldapLoginFilter        | (&(objectclass=inetorgperson)(employeeNumber=%uid)) |
+
+# Those tests are dedicated to ensure Nc is working when it is provided with
+# users having numerical IDs
+
+Scenario: Look for a expected LDAP users
+  Given As an "admin"
+  And sending "GET" to "/cloud/users"
+  Then the OCS status code should be "200"
+  And the "users" result should match
+    | 92379 | 1 |
+    | 50194 | 1 |
+
+Scenario: check default home of an LDAP user
+  Given As an "admin"
+  And sending "GET" to "/cloud/users/92379"
+  Then the OCS status code should be "200"
+  And the record's fields should match
+    | storageLocation | /dev/shm/nc_int/92379 |
+
+Scenario: Test by logging in
+  Given cookies are reset
+  And Logging in using web as "92379"
+  And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+  Then the HTTP status code should be "200"
+
+Scenario: Test LDAP group retrieval with numeric group ids and nesting
+  # Nesting does not play a role here really
+  Given modify LDAP configuration
+    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+    | ldapGroupFilter               | (objectclass=groupOfNames) |
+    | ldapGroupMemberAssocAttr      | member |
+    | ldapNestedGroups              | 1 |
+    | useMemberOfToDetectMembership | 1 |
+  And As an "admin"
+  And sending "GET" to "/cloud/groups"
+  Then the OCS status code should be "200"
+  And the "groups" result should match
+    | 2000 | 1 |
+    | 3000 | 1 |
+    | 3001 | 1 |
+    | 3002 | 1 |
+
+Scenario: Test LDAP group membership with intermediate groups not matching filter, numeric group ids
+  Given modify LDAP configuration
+    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+    | ldapGroupFilter               | (&(cn=2000)(objectclass=groupOfNames)) |
+    | ldapNestedGroups              | 1 |
+    | useMemberOfToDetectMembership | 1 |
+    | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
+    | ldapGroupMemberAssocAttr      | member |
+  And As an "admin"
+  # for population
+  And sending "GET" to "/cloud/groups"
+  And sending "GET" to "/cloud/groups/2000/users"
+  Then the OCS status code should be "200"
+  And the "users" result should match
+    | 92379 | 0 |
+    | 54172 | 1 |
+    | 50194 | 1 |
+    | 59376 | 1 |
+    | 59463 | 1 |
+
+Scenario: Test LDAP admin group mapping, empowered user
+  Given modify LDAP configuration
+    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+    | ldapGroupFilter               | (objectclass=groupOfNames) |
+    | ldapGroupMemberAssocAttr      | member |
+    | ldapAdminGroup                | 3001   |
+    | useMemberOfToDetectMembership | 1 |
+  And cookies are reset
+  # alice, part of the promoted group
+  And Logging in using web as "92379"
+  And sending "GET" to "/cloud/groups"
+  And sending "GET" to "/cloud/groups/2000/users"
+  And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
+  Then the HTTP status code should be "200"
+
+Scenario: Test LDAP admin group mapping, regular user (no access)
+    Given modify LDAP configuration
+      | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+      | ldapGroupFilter               | (objectclass=groupOfNames) |
+      | ldapGroupMemberAssocAttr      | member |
+      | ldapAdminGroup                | 3001   |
+      | useMemberOfToDetectMembership | 1 |
+    And cookies are reset
+    # gustaf, not part of the promoted group
+    And Logging in using web as "59376"
+    And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
+    Then the HTTP status code should be "403"
author	Ferdinand Thiessen <opensource@fthiessen.de>	2023-10-29 18:51:33 +0100
committer	Joas Schilling <coding@schilljs.com>	2024-01-26 13:53:34 +0100
commit	52cc18efc0baa916b23350fe5fbb0b0081af5def (patch)
tree	c7f2760679e0b14189396af7ce3c44f574065857 /build/integration/openldap_numerical_features
parent	b64d03279586c0b26ca73818e9d5110176d8ae7b (diff)
download	nextcloud-server-52cc18efc0baa916b23350fe5fbb0b0081af5def.tar.gz nextcloud-server-52cc18efc0baa916b23350fe5fbb0b0081af5def.zip