aboutsummaryrefslogtreecommitdiffstats
path: root/build
diff options
context:
space:
mode:
authorblizzz <blizzz@arthur-schiwon.de>2018-08-14 14:14:22 +0200
committerGitHub <noreply@github.com>2018-08-14 14:14:22 +0200
commitd05c815796152f0d76c459e893f154b3b78005aa (patch)
treea756ff4423b24f8fdcfaa3f90a0138734c6865ca /build
parentff50ef4b2192800ca7542929e408e67eceae1cef (diff)
parent24ef41454c59ebd17b2fceb336c2a690a854377b (diff)
downloadnextcloud-server-d05c815796152f0d76c459e893f154b3b78005aa.tar.gz
nextcloud-server-d05c815796152f0d76c459e893f154b3b78005aa.zip
Merge pull request #8855 from nextcloud/feature/noid/ldap-integration-autotests
behat integration tests for LDAP
Diffstat (limited to 'build')
-rw-r--r--build/integration/features/bootstrap/BasicStructure.php7
-rw-r--r--build/integration/features/bootstrap/LDAPContext.php114
-rw-r--r--build/integration/features/provisioning-v1.feature1
-rw-r--r--build/integration/ldap_features/ldap-openldap.feature104
-rw-r--r--build/integration/ldap_features/openldap-uid-username.feature88
-rwxr-xr-xbuild/integration/run.sh5
6 files changed, 318 insertions, 1 deletions
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index 32e02bad2a3..f6c93aa5174 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -497,4 +497,11 @@ trait BasicStructure {
$file->isDir() ? rmdir($file) : unlink($file);
}
}
+
+ /**
+ * @Given /^cookies are reset$/
+ */
+ public function cookiesAreReset() {
+ $this->cookieJar = new CookieJar();
+ }
}
diff --git a/build/integration/features/bootstrap/LDAPContext.php b/build/integration/features/bootstrap/LDAPContext.php
index e2b30011515..ee7acab6f5f 100644
--- a/build/integration/features/bootstrap/LDAPContext.php
+++ b/build/integration/features/bootstrap/LDAPContext.php
@@ -32,6 +32,14 @@ class LDAPContext implements Context {
protected $apiUrl;
+ /** @AfterScenario */
+ public function teardown() {
+ if($this->configID === null) {
+ return;
+ }
+ $this->sendingTo('DELETE', $this->apiUrl . '/' . $this->configID);
+ }
+
/**
* @Given /^the response should contain a tag "([^"]*)"$/
*/
@@ -82,4 +90,110 @@ class LDAPContext implements Context {
public function settingTheLDAPConfigurationTo(TableNode $configData) {
$this->sendingToWith('PUT', $this->apiUrl . '/' . $this->configID, $configData);
}
+
+ /**
+ * @Given /^having a valid LDAP configuration$/
+ */
+ public function havingAValidLDAPConfiguration() {
+ $this->asAn('admin');
+ $this->creatingAnLDAPConfigurationAt('/apps/user_ldap/api/v1/config');
+ $data = new TableNode([
+ ['configData[ldapHost]', 'openldap'],
+ ['configData[ldapPort]', '389'],
+ ['configData[ldapBase]', 'dc=nextcloud,dc=ci'],
+ ['configData[ldapAgentName]', 'cn=admin,dc=nextcloud,dc=ci'],
+ ['configData[ldapAgentPassword]', 'admin'],
+ ['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
+ ['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
+ ['configData[ldapUserDisplayName]', 'displayname'],
+ ['configData[ldapGroupDisplayName]', 'cn'],
+ ['configData[ldapEmailAttribute]', 'mail'],
+ ['configData[ldapConfigurationActive]', '1'],
+ ]);
+ $this->settingTheLDAPConfigurationTo($data);
+ $this->asAn('');
+ }
+
+ /**
+ * @Given /^looking up details for the first result matches expectations$/
+ * @param TableNode $expectations
+ */
+ public function lookingUpDetailsForTheFirstResult(TableNode $expectations) {
+ $userResultElements = simplexml_load_string($this->response->getBody())->data[0]->users[0]->element;
+ $userResults = json_decode(json_encode($userResultElements), 1);
+ $userId = array_shift($userResults);
+
+ $this->sendingTo('GET', '/cloud/users/' . $userId);
+ $this->theRecordFieldsShouldMatch($expectations);
+ }
+
+ /**
+ * @Given /^modify LDAP configuration$/
+ */
+ public function modifyLDAPConfiguration(TableNode $table) {
+ $originalAsAn = $this->currentUser;
+ $this->asAn('admin');
+ $configData = $table->getRows();
+ foreach($configData as &$row) {
+ $row[0] = 'configData[' . $row[0] . ']';
+ }
+ $this->settingTheLDAPConfigurationTo(new TableNode($configData));
+ $this->asAn($originalAsAn);
+ }
+
+ /**
+ * @Given /^the "([^"]*)" result should match$/
+ */
+ public function theGroupResultShouldMatch(string $type, TableNode $expectations) {
+ $listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
+ $extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
+ foreach($expectations->getRows() as $expectation) {
+ if((int)$expectation[1] === 1) {
+ Assert::assertContains($expectation[0], $extractedIDsArray);
+ } else {
+ Assert::assertNotContains($expectation[0], $extractedIDsArray);
+ }
+ }
+ }
+
+ /**
+ * @Given /^Expect ServerException on failed web login as "([^"]*)"$/
+ */
+ public function expectServerExceptionOnFailedWebLoginAs($login) {
+ try {
+ $this->loggingInUsingWebAs($login);
+ } catch (\GuzzleHttp\Exception\ServerException $e) {
+ Assert::assertEquals(500, $e->getResponse()->getStatusCode());
+ return;
+ }
+ Assert::assertTrue(false, 'expected Exception not received');
+ }
+
+ /**
+ * @Given /^the "([^"]*)" result should contain "([^"]*)" of$/
+ */
+ public function theResultShouldContainOf($type, $expectedCount, TableNode $expectations) {
+ $listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
+ $extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
+ $uidsFound = 0;
+ foreach($expectations->getRows() as $expectation) {
+ if(in_array($expectation[0], $extractedIDsArray)) {
+ $uidsFound++;
+ }
+ }
+ Assert::assertSame((int)$expectedCount, $uidsFound);
+ }
+
+ /**
+ * @Given /^the record's fields should match$/
+ */
+ public function theRecordFieldsShouldMatch(TableNode $expectations) {
+ foreach($expectations->getRowsHash() as $k => $v) {
+ $value = (string)simplexml_load_string($this->response->getBody())->data[0]->$k;
+ Assert::assertEquals($v, $value, "got $value");
+ }
+
+ $backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
+ Assert::assertEquals('LDAP', $backend);
+ }
}
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
index 8e65f4c1a0e..10b4c1bc005 100644
--- a/build/integration/features/provisioning-v1.feature
+++ b/build/integration/features/provisioning-v1.feature
@@ -342,6 +342,7 @@ Feature: provisioning
| theming |
| twofactor_backupcodes |
| updatenotification |
+ | user_ldap |
| workflowengine |
| files_external |
| oauth2 |
diff --git a/build/integration/ldap_features/ldap-openldap.feature b/build/integration/ldap_features/ldap-openldap.feature
new file mode 100644
index 00000000000..4c507e74595
--- /dev/null
+++ b/build/integration/ldap_features/ldap-openldap.feature
@@ -0,0 +1,104 @@
+Feature: LDAP
+ Background:
+ Given using api version "2"
+ And having a valid LDAP configuration
+
+ Scenario: Test valid configuration by logging in
+ Given Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Test valid configuration with port in the hostname by logging in
+ Given modify LDAP configuration
+ | ldapHost | openldap:389 |
+ And cookies are reset
+ And Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Test valid configuration with LDAP protocol by logging in
+ Given modify LDAP configuration
+ | ldapHost | ldap://openldap |
+ And cookies are reset
+ And Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Test valid configuration with LDAP protoccol and port by logging in
+ Given modify LDAP configuration
+ | ldapHost | ldap://openldap:389 |
+ And cookies are reset
+ And Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Look for a known LDAP user
+ Given As an "admin"
+ And sending "GET" to "/cloud/users?search=alice"
+ Then the OCS status code should be "200"
+ And looking up details for the first result matches expectations
+ | email | alice@nextcloud.ci |
+ | displayname | Alice |
+
+ Scenario: Test group filter with one specific group
+ Given modify LDAP configuration
+ | ldapGroupFilter | cn=RedGroup |
+ | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
+ And As an "admin"
+ And sending "GET" to "/cloud/groups"
+ Then the OCS status code should be "200"
+ And the "groups" result should match
+ | RedGroup | 1 |
+ | GreenGroup | 0 |
+ | BlueGroup | 0 |
+ | PurpleGroup | 0 |
+
+ Scenario: Test group filter with two specific groups
+ Given modify LDAP configuration
+ | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
+ | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
+ And As an "admin"
+ And sending "GET" to "/cloud/groups"
+ Then the OCS status code should be "200"
+ And the "groups" result should match
+ | RedGroup | 1 |
+ | GreenGroup | 1 |
+ | BlueGroup | 0 |
+ | PurpleGroup | 0 |
+
+ Scenario: Test group filter ruling out a group from a different base
+ Given modify LDAP configuration
+ | ldapGroupFilter | (objectClass=groupOfNames) |
+ | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
+ And As an "admin"
+ And sending "GET" to "/cloud/groups"
+ Then the OCS status code should be "200"
+ And the "groups" result should match
+ | RedGroup | 1 |
+ | GreenGroup | 1 |
+ | BlueGroup | 1 |
+ | PurpleGroup | 1 |
+ | SquareGroup | 0 |
+
+ Scenario: Test backup server
+ Given modify LDAP configuration
+ | ldapBackupHost | openldap |
+ | ldapBackupPort | 389 |
+ | ldapHost | foo.bar |
+ | ldapPort | 2456 |
+ And Logging in using web as "alice"
+ Then the HTTP status code should be "200"
+
+ Scenario: Test backup server offline
+ Given modify LDAP configuration
+ | ldapBackupHost | off.line |
+ | ldapBackupPort | 3892 |
+ | ldapHost | foo.bar |
+ | ldapPort | 2456 |
+ Then Expect ServerException on failed web login as "alice"
+
+ Scenario: Test LDAP server offline, no backup server
+ Given modify LDAP configuration
+ | ldapHost | foo.bar |
+ | ldapPort | 2456 |
+ Then Expect ServerException on failed web login as "alice"
diff --git a/build/integration/ldap_features/openldap-uid-username.feature b/build/integration/ldap_features/openldap-uid-username.feature
new file mode 100644
index 00000000000..d267870ca26
--- /dev/null
+++ b/build/integration/ldap_features/openldap-uid-username.feature
@@ -0,0 +1,88 @@
+Feature: LDAP
+ Background:
+ Given using api version "2"
+ And having a valid LDAP configuration
+ And modify LDAP configuration
+ | ldapExpertUsernameAttr | uid |
+
+ Scenario: Look for a expected LDAP users
+ Given As an "admin"
+ And sending "GET" to "/cloud/users"
+ Then the OCS status code should be "200"
+ And the "users" result should match
+ | alice | 1 |
+ | elisa | 1 |
+ | ghost | 0 |
+
+ Scenario: check default home of an LDAP user
+ Given As an "admin"
+ And sending "GET" to "/cloud/users/alice"
+ Then the OCS status code should be "200"
+ And the record's fields should match
+ | storageLocation | /dev/shm/nc_int/alice |
+
+ Scenario: check custom relative home of an LDAP user
+ Given modify LDAP configuration
+ | homeFolderNamingRule | sn |
+ And As an "admin"
+ And sending "GET" to "/cloud/users/alice"
+ Then the OCS status code should be "200"
+ And the record's fields should match
+ | storageLocation | /dev/shm/nc_int/Alfgeirdottir |
+
+ Scenario: check custom absolute home of an LDAP user
+ Given modify LDAP configuration
+ | homeFolderNamingRule | roomNumber |
+ And As an "admin"
+ And sending "GET" to "/cloud/users/elisa"
+ Then the OCS status code should be "200"
+ And the record's fields should match
+ | storageLocation | /dev/shm/elisa-data |
+
+ Scenario: Fetch all users, invoking pagination
+ Given modify LDAP configuration
+ | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
+ | ldapPagingSize | 2 |
+ And As an "admin"
+ And sending "GET" to "/cloud/users"
+ Then the OCS status code should be "200"
+ And the "users" result should match
+ | ebba | 1 |
+ | eindis | 1 |
+ | fjolnir | 1 |
+ | gunna | 1 |
+ | juliana | 1 |
+ | leo | 1 |
+ | stigur | 1 |
+
+ Scenario: Fetch all users, invoking pagination
+ Given modify LDAP configuration
+ | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
+ | ldapPagingSize | 2 |
+ And As an "admin"
+ And sending "GET" to "/cloud/users?limit=10"
+ Then the OCS status code should be "200"
+ And the "users" result should match
+ | ebba | 1 |
+ | eindis | 1 |
+ | fjolnir | 1 |
+ | gunna | 1 |
+ | juliana | 1 |
+ | leo | 1 |
+ | stigur | 1 |
+
+ Scenario: Fetch from second batch of all users, invoking pagination
+ Given modify LDAP configuration
+ | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
+ | ldapPagingSize | 2 |
+ And As an "admin"
+ And sending "GET" to "/cloud/users?limit=10&offset=2"
+ Then the OCS status code should be "200"
+ And the "users" result should contain "5" of
+ | ebba |
+ | eindis |
+ | fjolnir |
+ | gunna |
+ | juliana |
+ | leo |
+ | stigur |
diff --git a/build/integration/run.sh b/build/integration/run.sh
index b747bb52c6b..56f4ee7b07d 100755
--- a/build/integration/run.sh
+++ b/build/integration/run.sh
@@ -22,6 +22,7 @@ else
exit 1
fi
fi
+NC_DATADIR=$($OCC config:system:get datadirectory)
composer install
@@ -48,6 +49,7 @@ if [ "$INSTALLED" == "true" ]; then
#Enable external storage app
$OCC app:enable files_external
+ $OCC app:enable user_ldap
mkdir -p work/local_storage
OUTPUT_CREATE_STORAGE=`$OCC files_external:create local_storage local null::null -c datadir=$PWD/work/local_storage`
@@ -70,10 +72,11 @@ if [ "$INSTALLED" == "true" ]; then
#Disable external storage app
$OCC app:disable files_external
+ $OCC app:disable user_ldap
fi
if [ -z $HIDE_OC_LOGS ]; then
- tail "${OC_PATH}/data/nextcloud.log"
+ tail "${NC_DATADIR}/nextcloud.log"
fi
echo "runsh: Exit code: $RESULT"