diff options
author | blizzz <blizzz@arthur-schiwon.de> | 2018-08-14 14:14:22 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-14 14:14:22 +0200 |
commit | d05c815796152f0d76c459e893f154b3b78005aa (patch) | |
tree | a756ff4423b24f8fdcfaa3f90a0138734c6865ca /build | |
parent | ff50ef4b2192800ca7542929e408e67eceae1cef (diff) | |
parent | 24ef41454c59ebd17b2fceb336c2a690a854377b (diff) | |
download | nextcloud-server-d05c815796152f0d76c459e893f154b3b78005aa.tar.gz nextcloud-server-d05c815796152f0d76c459e893f154b3b78005aa.zip |
Merge pull request #8855 from nextcloud/feature/noid/ldap-integration-autotests
behat integration tests for LDAP
Diffstat (limited to 'build')
-rw-r--r-- | build/integration/features/bootstrap/BasicStructure.php | 7 | ||||
-rw-r--r-- | build/integration/features/bootstrap/LDAPContext.php | 114 | ||||
-rw-r--r-- | build/integration/features/provisioning-v1.feature | 1 | ||||
-rw-r--r-- | build/integration/ldap_features/ldap-openldap.feature | 104 | ||||
-rw-r--r-- | build/integration/ldap_features/openldap-uid-username.feature | 88 | ||||
-rwxr-xr-x | build/integration/run.sh | 5 |
6 files changed, 318 insertions, 1 deletions
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php index 32e02bad2a3..f6c93aa5174 100644 --- a/build/integration/features/bootstrap/BasicStructure.php +++ b/build/integration/features/bootstrap/BasicStructure.php @@ -497,4 +497,11 @@ trait BasicStructure { $file->isDir() ? rmdir($file) : unlink($file); } } + + /** + * @Given /^cookies are reset$/ + */ + public function cookiesAreReset() { + $this->cookieJar = new CookieJar(); + } } diff --git a/build/integration/features/bootstrap/LDAPContext.php b/build/integration/features/bootstrap/LDAPContext.php index e2b30011515..ee7acab6f5f 100644 --- a/build/integration/features/bootstrap/LDAPContext.php +++ b/build/integration/features/bootstrap/LDAPContext.php @@ -32,6 +32,14 @@ class LDAPContext implements Context { protected $apiUrl; + /** @AfterScenario */ + public function teardown() { + if($this->configID === null) { + return; + } + $this->sendingTo('DELETE', $this->apiUrl . '/' . $this->configID); + } + /** * @Given /^the response should contain a tag "([^"]*)"$/ */ @@ -82,4 +90,110 @@ class LDAPContext implements Context { public function settingTheLDAPConfigurationTo(TableNode $configData) { $this->sendingToWith('PUT', $this->apiUrl . '/' . $this->configID, $configData); } + + /** + * @Given /^having a valid LDAP configuration$/ + */ + public function havingAValidLDAPConfiguration() { + $this->asAn('admin'); + $this->creatingAnLDAPConfigurationAt('/apps/user_ldap/api/v1/config'); + $data = new TableNode([ + ['configData[ldapHost]', 'openldap'], + ['configData[ldapPort]', '389'], + ['configData[ldapBase]', 'dc=nextcloud,dc=ci'], + ['configData[ldapAgentName]', 'cn=admin,dc=nextcloud,dc=ci'], + ['configData[ldapAgentPassword]', 'admin'], + ['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'], + ['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'], + ['configData[ldapUserDisplayName]', 'displayname'], + ['configData[ldapGroupDisplayName]', 'cn'], + ['configData[ldapEmailAttribute]', 'mail'], + ['configData[ldapConfigurationActive]', '1'], + ]); + $this->settingTheLDAPConfigurationTo($data); + $this->asAn(''); + } + + /** + * @Given /^looking up details for the first result matches expectations$/ + * @param TableNode $expectations + */ + public function lookingUpDetailsForTheFirstResult(TableNode $expectations) { + $userResultElements = simplexml_load_string($this->response->getBody())->data[0]->users[0]->element; + $userResults = json_decode(json_encode($userResultElements), 1); + $userId = array_shift($userResults); + + $this->sendingTo('GET', '/cloud/users/' . $userId); + $this->theRecordFieldsShouldMatch($expectations); + } + + /** + * @Given /^modify LDAP configuration$/ + */ + public function modifyLDAPConfiguration(TableNode $table) { + $originalAsAn = $this->currentUser; + $this->asAn('admin'); + $configData = $table->getRows(); + foreach($configData as &$row) { + $row[0] = 'configData[' . $row[0] . ']'; + } + $this->settingTheLDAPConfigurationTo(new TableNode($configData)); + $this->asAn($originalAsAn); + } + + /** + * @Given /^the "([^"]*)" result should match$/ + */ + public function theGroupResultShouldMatch(string $type, TableNode $expectations) { + $listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element; + $extractedIDsArray = json_decode(json_encode($listReturnedElements), 1); + foreach($expectations->getRows() as $expectation) { + if((int)$expectation[1] === 1) { + Assert::assertContains($expectation[0], $extractedIDsArray); + } else { + Assert::assertNotContains($expectation[0], $extractedIDsArray); + } + } + } + + /** + * @Given /^Expect ServerException on failed web login as "([^"]*)"$/ + */ + public function expectServerExceptionOnFailedWebLoginAs($login) { + try { + $this->loggingInUsingWebAs($login); + } catch (\GuzzleHttp\Exception\ServerException $e) { + Assert::assertEquals(500, $e->getResponse()->getStatusCode()); + return; + } + Assert::assertTrue(false, 'expected Exception not received'); + } + + /** + * @Given /^the "([^"]*)" result should contain "([^"]*)" of$/ + */ + public function theResultShouldContainOf($type, $expectedCount, TableNode $expectations) { + $listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element; + $extractedIDsArray = json_decode(json_encode($listReturnedElements), 1); + $uidsFound = 0; + foreach($expectations->getRows() as $expectation) { + if(in_array($expectation[0], $extractedIDsArray)) { + $uidsFound++; + } + } + Assert::assertSame((int)$expectedCount, $uidsFound); + } + + /** + * @Given /^the record's fields should match$/ + */ + public function theRecordFieldsShouldMatch(TableNode $expectations) { + foreach($expectations->getRowsHash() as $k => $v) { + $value = (string)simplexml_load_string($this->response->getBody())->data[0]->$k; + Assert::assertEquals($v, $value, "got $value"); + } + + $backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend; + Assert::assertEquals('LDAP', $backend); + } } diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature index 8e65f4c1a0e..10b4c1bc005 100644 --- a/build/integration/features/provisioning-v1.feature +++ b/build/integration/features/provisioning-v1.feature @@ -342,6 +342,7 @@ Feature: provisioning | theming | | twofactor_backupcodes | | updatenotification | + | user_ldap | | workflowengine | | files_external | | oauth2 | diff --git a/build/integration/ldap_features/ldap-openldap.feature b/build/integration/ldap_features/ldap-openldap.feature new file mode 100644 index 00000000000..4c507e74595 --- /dev/null +++ b/build/integration/ldap_features/ldap-openldap.feature @@ -0,0 +1,104 @@ +Feature: LDAP + Background: + Given using api version "2" + And having a valid LDAP configuration + + Scenario: Test valid configuration by logging in + Given Logging in using web as "alice" + And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken + Then the HTTP status code should be "200" + + Scenario: Test valid configuration with port in the hostname by logging in + Given modify LDAP configuration + | ldapHost | openldap:389 | + And cookies are reset + And Logging in using web as "alice" + And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken + Then the HTTP status code should be "200" + + Scenario: Test valid configuration with LDAP protocol by logging in + Given modify LDAP configuration + | ldapHost | ldap://openldap | + And cookies are reset + And Logging in using web as "alice" + And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken + Then the HTTP status code should be "200" + + Scenario: Test valid configuration with LDAP protoccol and port by logging in + Given modify LDAP configuration + | ldapHost | ldap://openldap:389 | + And cookies are reset + And Logging in using web as "alice" + And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken + Then the HTTP status code should be "200" + + Scenario: Look for a known LDAP user + Given As an "admin" + And sending "GET" to "/cloud/users?search=alice" + Then the OCS status code should be "200" + And looking up details for the first result matches expectations + | email | alice@nextcloud.ci | + | displayname | Alice | + + Scenario: Test group filter with one specific group + Given modify LDAP configuration + | ldapGroupFilter | cn=RedGroup | + | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | + And As an "admin" + And sending "GET" to "/cloud/groups" + Then the OCS status code should be "200" + And the "groups" result should match + | RedGroup | 1 | + | GreenGroup | 0 | + | BlueGroup | 0 | + | PurpleGroup | 0 | + + Scenario: Test group filter with two specific groups + Given modify LDAP configuration + | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) | + | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | + And As an "admin" + And sending "GET" to "/cloud/groups" + Then the OCS status code should be "200" + And the "groups" result should match + | RedGroup | 1 | + | GreenGroup | 1 | + | BlueGroup | 0 | + | PurpleGroup | 0 | + + Scenario: Test group filter ruling out a group from a different base + Given modify LDAP configuration + | ldapGroupFilter | (objectClass=groupOfNames) | + | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | + And As an "admin" + And sending "GET" to "/cloud/groups" + Then the OCS status code should be "200" + And the "groups" result should match + | RedGroup | 1 | + | GreenGroup | 1 | + | BlueGroup | 1 | + | PurpleGroup | 1 | + | SquareGroup | 0 | + + Scenario: Test backup server + Given modify LDAP configuration + | ldapBackupHost | openldap | + | ldapBackupPort | 389 | + | ldapHost | foo.bar | + | ldapPort | 2456 | + And Logging in using web as "alice" + Then the HTTP status code should be "200" + + Scenario: Test backup server offline + Given modify LDAP configuration + | ldapBackupHost | off.line | + | ldapBackupPort | 3892 | + | ldapHost | foo.bar | + | ldapPort | 2456 | + Then Expect ServerException on failed web login as "alice" + + Scenario: Test LDAP server offline, no backup server + Given modify LDAP configuration + | ldapHost | foo.bar | + | ldapPort | 2456 | + Then Expect ServerException on failed web login as "alice" diff --git a/build/integration/ldap_features/openldap-uid-username.feature b/build/integration/ldap_features/openldap-uid-username.feature new file mode 100644 index 00000000000..d267870ca26 --- /dev/null +++ b/build/integration/ldap_features/openldap-uid-username.feature @@ -0,0 +1,88 @@ +Feature: LDAP + Background: + Given using api version "2" + And having a valid LDAP configuration + And modify LDAP configuration + | ldapExpertUsernameAttr | uid | + + Scenario: Look for a expected LDAP users + Given As an "admin" + And sending "GET" to "/cloud/users" + Then the OCS status code should be "200" + And the "users" result should match + | alice | 1 | + | elisa | 1 | + | ghost | 0 | + + Scenario: check default home of an LDAP user + Given As an "admin" + And sending "GET" to "/cloud/users/alice" + Then the OCS status code should be "200" + And the record's fields should match + | storageLocation | /dev/shm/nc_int/alice | + + Scenario: check custom relative home of an LDAP user + Given modify LDAP configuration + | homeFolderNamingRule | sn | + And As an "admin" + And sending "GET" to "/cloud/users/alice" + Then the OCS status code should be "200" + And the record's fields should match + | storageLocation | /dev/shm/nc_int/Alfgeirdottir | + + Scenario: check custom absolute home of an LDAP user + Given modify LDAP configuration + | homeFolderNamingRule | roomNumber | + And As an "admin" + And sending "GET" to "/cloud/users/elisa" + Then the OCS status code should be "200" + And the record's fields should match + | storageLocation | /dev/shm/elisa-data | + + Scenario: Fetch all users, invoking pagination + Given modify LDAP configuration + | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci | + | ldapPagingSize | 2 | + And As an "admin" + And sending "GET" to "/cloud/users" + Then the OCS status code should be "200" + And the "users" result should match + | ebba | 1 | + | eindis | 1 | + | fjolnir | 1 | + | gunna | 1 | + | juliana | 1 | + | leo | 1 | + | stigur | 1 | + + Scenario: Fetch all users, invoking pagination + Given modify LDAP configuration + | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci | + | ldapPagingSize | 2 | + And As an "admin" + And sending "GET" to "/cloud/users?limit=10" + Then the OCS status code should be "200" + And the "users" result should match + | ebba | 1 | + | eindis | 1 | + | fjolnir | 1 | + | gunna | 1 | + | juliana | 1 | + | leo | 1 | + | stigur | 1 | + + Scenario: Fetch from second batch of all users, invoking pagination + Given modify LDAP configuration + | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci | + | ldapPagingSize | 2 | + And As an "admin" + And sending "GET" to "/cloud/users?limit=10&offset=2" + Then the OCS status code should be "200" + And the "users" result should contain "5" of + | ebba | + | eindis | + | fjolnir | + | gunna | + | juliana | + | leo | + | stigur | diff --git a/build/integration/run.sh b/build/integration/run.sh index b747bb52c6b..56f4ee7b07d 100755 --- a/build/integration/run.sh +++ b/build/integration/run.sh @@ -22,6 +22,7 @@ else exit 1 fi fi +NC_DATADIR=$($OCC config:system:get datadirectory) composer install @@ -48,6 +49,7 @@ if [ "$INSTALLED" == "true" ]; then #Enable external storage app $OCC app:enable files_external + $OCC app:enable user_ldap mkdir -p work/local_storage OUTPUT_CREATE_STORAGE=`$OCC files_external:create local_storage local null::null -c datadir=$PWD/work/local_storage` @@ -70,10 +72,11 @@ if [ "$INSTALLED" == "true" ]; then #Disable external storage app $OCC app:disable files_external + $OCC app:disable user_ldap fi if [ -z $HIDE_OC_LOGS ]; then - tail "${OC_PATH}/data/nextcloud.log" + tail "${NC_DATADIR}/nextcloud.log" fi echo "runsh: Exit code: $RESULT" |