diff options
3 files changed, 74 insertions, 127 deletions
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php deleted file mode 100644 index 87c2e408424..00000000000 --- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php +++ /dev/null @@ -1,127 +0,0 @@ -<?php -/** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Joas Schilling <coding@schilljs.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -namespace OCA\User_LDAP\Tests\Integration\Lib; - -use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; - -require_once __DIR__ . '/../Bootstrap.php'; - -class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest { - - /** - * prepares the LDAP environment and sets up a test configuration for - * the LDAP backend. - */ - public function init() { - require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); - require(__DIR__ . '/../setup-scripts/createExplicitGroups.php'); - require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php'); - parent::init(); - } - - /** - * tests whether the group filter works with one specific group, while the - * input is the same. - * - * @return bool - */ - protected function case1() { - $this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']); - - $dns = ['cn=RedGroup,ou=Groups,' . $this->base]; - $result = $this->access->groupsMatchFilter($dns); - return ($dns === $result); - } - - /** - * Tests whether a filter for limited groups is effective when more existing - * groups were passed for validation. - * - * @return bool - */ - protected function case2() { - $this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']); - - $dns = [ - 'cn=RedGroup,ou=Groups,' . $this->base, - 'cn=BlueGroup,ou=Groups,' . $this->base, - 'cn=PurpleGroup,ou=Groups,' . $this->base - ]; - $result = $this->access->groupsMatchFilter($dns); - - $status = - count($result) === 2 - && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result) - && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result); - - return $status; - } - - /** - * Tests whether a filter for limited groups is effective when more existing - * groups were passed for validation. - * - * @return bool - */ - protected function case3() { - $this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']); - - $dns = [ - 'cn=RedGroup,ou=Groups,' . $this->base, - 'cn=PurpleGroup,ou=Groups,' . $this->base, - 'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base - ]; - $result = $this->access->groupsMatchFilter($dns); - - $status = - count($result) === 2 - && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result) - && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result); - - return $status; - } - - /** - * sets up the LDAP configuration to be used for the test - */ - protected function initConnection() { - parent::initConnection(); - $this->connection->setConfiguration([ - 'ldapBaseGroups' => 'ou=Groups,' . $this->base, - 'ldapUserFilter' => 'objectclass=inetOrgPerson', - 'ldapUserDisplayName' => 'displayName', - 'ldapGroupDisplayName' => 'cn', - 'ldapLoginFilter' => 'uid=%uid', - ]); - } -} - -/** @var string $host */ -/** @var int $port */ -/** @var string $adn */ -/** @var string $apwd */ -/** @var string $bdn */ -$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn); -$test->init(); -$test->run(); diff --git a/build/integration/features/bootstrap/LDAPContext.php b/build/integration/features/bootstrap/LDAPContext.php index b1ccd59ab7b..4b9810aeff7 100644 --- a/build/integration/features/bootstrap/LDAPContext.php +++ b/build/integration/features/bootstrap/LDAPContext.php @@ -98,6 +98,7 @@ class LDAPContext implements Context { ['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'], ['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'], ['configData[ldapUserDisplayName]', 'displayname'], + ['configData[ldapGroupDisplayName]', 'cn'], ['configData[ldapEmailAttribute]', 'mail'], ['configData[ldapConfigurationActive]', '1'], ]); @@ -124,4 +125,34 @@ class LDAPContext implements Context { $backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend; PHPUnit_Framework_Assert::assertEquals('LDAP', $backend); } + + /** + * @Given /^modify LDAP configuration$/ + */ + public function modifyLDAPConfiguration(TableNode $table) { + $originalAsAn = $this->currentUser; + $this->asAn('admin'); + $configData = $table->getRows(); + foreach($configData as &$row) { + $row[0] = 'configData[' . $row[0] . ']'; + } + $this->settingTheLDAPConfigurationTo(new TableNode($configData)); + $this->asAn($originalAsAn); + } + + /** + * @Given /^the group result should$/ + */ + public function theGroupResultShould(TableNode $expectations) { + $listReturnedGroups = simplexml_load_string($this->response->getBody())->data[0]->groups[0]->element; + $extractedGroupsArray = json_decode(json_encode($listReturnedGroups), 1); + + foreach($expectations->getRows() as $groupExpectation) { + if((int)$groupExpectation[1] === 1) { + PHPUnit_Framework_Assert::assertContains($groupExpectation[0], $extractedGroupsArray); + } else { + PHPUnit_Framework_Assert::assertNotContains($groupExpectation[0], $extractedGroupsArray); + } + } + } } diff --git a/build/integration/ldap_features/ldap-openldap.feature b/build/integration/ldap_features/ldap-openldap.feature index c63fdf1f9c5..a2b16950bb1 100644 --- a/build/integration/ldap_features/ldap-openldap.feature +++ b/build/integration/ldap_features/ldap-openldap.feature @@ -15,3 +15,46 @@ Feature: LDAP And looking up details for the first result matches expectations | email | alice@nextcloud.ci | | displayname | Alice | + + Scenario: Test group filter with one specific group + Given having a valid LDAP configuration + And modify LDAP configuration + | ldapGroupFilter | cn=RedGroup | + | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | + And As an "admin" + And sending "GET" to "/cloud/groups" + Then the OCS status code should be "200" + And the group result should + | RedGroup | 1 | + | GreenGroup | 0 | + | BlueGroup | 0 | + | PurpleGroup | 0 | + + Scenario: Test group filter with two specific groups + Given having a valid LDAP configuration + And modify LDAP configuration + | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) | + | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | + And As an "admin" + And sending "GET" to "/cloud/groups" + Then the OCS status code should be "200" + And the group result should + | RedGroup | 1 | + | GreenGroup | 1 | + | BlueGroup | 0 | + | PurpleGroup | 0 | + + Scenario: Test group filter ruling out a group from a different base + Given having a valid LDAP configuration + And modify LDAP configuration + | ldapGroupFilter | (objectClass=groupOfNames) | + | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | + And As an "admin" + And sending "GET" to "/cloud/groups" + Then the OCS status code should be "200" + And the group result should + | RedGroup | 1 | + | GreenGroup | 1 | + | BlueGroup | 1 | + | PurpleGroup | 1 | + | SquareGroup | 0 | |