diff options
Diffstat (limited to 'apps/user_ldap/tests/AccessTest.php')
| -rw-r--r-- | apps/user_ldap/tests/AccessTest.php | 289 |
1 files changed, 126 insertions, 163 deletions
diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php index c2902a67766..54be29d0f86 100644 --- a/apps/user_ldap/tests/AccessTest.php +++ b/apps/user_ldap/tests/AccessTest.php @@ -1,41 +1,17 @@ <?php + +declare(strict_types=1); /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch> - * - * @author Andreas Fischer <bantu@owncloud.com> - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Jörn Friedrich Dreyer <jfd@butonic.de> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Roger Szabo <roger.szabo@web.de> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\User_LDAP\Tests; +use OC\ServerNotAvailableException; use OCA\User_LDAP\Access; use OCA\User_LDAP\Connection; use OCA\User_LDAP\Exceptions\ConstraintViolationException; -use OCA\User_LDAP\FilesystemHelper; use OCA\User_LDAP\Helper; use OCA\User_LDAP\ILDAPWrapper; use OCA\User_LDAP\LDAP; @@ -44,12 +20,17 @@ use OCA\User_LDAP\Mapping\UserMapping; use OCA\User_LDAP\User\Manager; use OCA\User_LDAP\User\OfflineUser; use OCA\User_LDAP\User\User; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\HintException; +use OCP\IAppConfig; use OCP\IAvatarManager; use OCP\IConfig; use OCP\Image; use OCP\IUserManager; use OCP\Notification\IManager as INotificationManager; +use OCP\Server; use OCP\Share\IManager; +use PHPUnit\Framework\MockObject\MockObject; use Psr\Log\LoggerInterface; use Test\TestCase; @@ -61,32 +42,25 @@ use Test\TestCase; * @package OCA\User_LDAP\Tests */ class AccessTest extends TestCase { - /** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject */ - protected $userMapper; - /** @var IManager|\PHPUnit\Framework\MockObject\MockObject */ - protected $shareManager; - /** @var GroupMapping|\PHPUnit\Framework\MockObject\MockObject */ - protected $groupMapper; - /** @var Connection|\PHPUnit\Framework\MockObject\MockObject */ - private $connection; - /** @var LDAP|\PHPUnit\Framework\MockObject\MockObject */ - private $ldap; - /** @var Manager|\PHPUnit\Framework\MockObject\MockObject */ - private $userManager; - /** @var Helper|\PHPUnit\Framework\MockObject\MockObject */ - private $helper; - /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject */ - private $config; - /** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */ - private $ncUserManager; - /** @var LoggerInterface|MockObject */ - private $logger; - /** @var Access */ - private $access; + protected UserMapping&MockObject $userMapper; + protected IManager&MockObject $shareManager; + protected GroupMapping&MockObject $groupMapper; + private Connection&MockObject $connection; + private LDAP&MockObject $ldap; + private Manager&MockObject $userManager; + private Helper&MockObject $helper; + private IConfig&MockObject $config; + private IUserManager&MockObject $ncUserManager; + private LoggerInterface&MockObject $logger; + private IAppConfig&MockObject $appConfig; + private IEventDispatcher&MockObject $dispatcher; + private Access $access; protected function setUp(): void { - $this->connection = $this->createMock(Connection::class); $this->ldap = $this->createMock(LDAP::class); + $this->connection = $this->getMockBuilder(Connection::class) + ->setConstructorArgs([$this->ldap]) + ->getMock(); $this->userManager = $this->createMock(Manager::class); $this->helper = $this->createMock(Helper::class); $this->config = $this->createMock(IConfig::class); @@ -95,29 +69,39 @@ class AccessTest extends TestCase { $this->ncUserManager = $this->createMock(IUserManager::class); $this->shareManager = $this->createMock(IManager::class); $this->logger = $this->createMock(LoggerInterface::class); + $this->appConfig = $this->createMock(IAppConfig::class); + $this->dispatcher = $this->createMock(IEventDispatcher::class); $this->access = new Access( - $this->connection, $this->ldap, + $this->connection, $this->userManager, $this->helper, $this->config, $this->ncUserManager, - $this->logger + $this->logger, + $this->appConfig, + $this->dispatcher, ); + $this->dispatcher->expects($this->any())->method('dispatchTyped'); $this->access->setUserMapper($this->userMapper); $this->access->setGroupMapper($this->groupMapper); } private function getConnectorAndLdapMock() { + /** @var ILDAPWrapper&MockObject */ $lw = $this->createMock(ILDAPWrapper::class); + /** @var Connection&MockObject */ $connector = $this->getMockBuilder(Connection::class) ->setConstructorArgs([$lw, '', null]) ->getMock(); + $connector->expects($this->any()) + ->method('getConnectionResource') + ->willReturn(ldap_connect('ldap://example.com')); + /** @var Manager&MockObject */ $um = $this->getMockBuilder(Manager::class) ->setConstructorArgs([ $this->createMock(IConfig::class), - $this->createMock(FilesystemHelper::class), $this->createMock(LoggerInterface::class), $this->createMock(IAvatarManager::class), $this->createMock(Image::class), @@ -125,39 +109,39 @@ class AccessTest extends TestCase { $this->createMock(INotificationManager::class), $this->shareManager]) ->getMock(); - $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); + $helper = Server::get(Helper::class); return [$lw, $connector, $um, $helper]; } - public function testEscapeFilterPartValidChars() { + public function testEscapeFilterPartValidChars(): void { $input = 'okay'; - $this->assertTrue($input === $this->access->escapeFilterPart($input)); + $this->assertSame($input, $this->access->escapeFilterPart($input)); } - public function testEscapeFilterPartEscapeWildcard() { + public function testEscapeFilterPartEscapeWildcard(): void { $input = '*'; - $expected = '\\\\*'; - $this->assertTrue($expected === $this->access->escapeFilterPart($input)); + $expected = '\\2a'; + $this->assertSame($expected, $this->access->escapeFilterPart($input)); } - public function testEscapeFilterPartEscapeWildcard2() { + public function testEscapeFilterPartEscapeWildcard2(): void { $input = 'foo*bar'; - $expected = 'foo\\\\*bar'; - $this->assertTrue($expected === $this->access->escapeFilterPart($input)); + $expected = 'foo\\2abar'; + $this->assertSame($expected, $this->access->escapeFilterPart($input)); } /** - * @dataProvider convertSID2StrSuccessData * @param array $sidArray * @param $sidExpected */ - public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) { + #[\PHPUnit\Framework\Attributes\DataProvider('convertSID2StrSuccessData')] + public function testConvertSID2StrSuccess(array $sidArray, $sidExpected): void { $sidBinary = implode('', $sidArray); $this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary)); } - public function convertSID2StrSuccessData() { + public static function convertSID2StrSuccessData(): array { return [ [ [ @@ -184,14 +168,14 @@ class AccessTest extends TestCase { ]; } - public function testConvertSID2StrInputError() { + public function testConvertSID2StrInputError(): void { $sidIllegal = 'foobar'; $sidExpected = ''; $this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal)); } - public function testGetDomainDNFromDNSuccess() { + public function testGetDomainDNFromDNSuccess(): void { $inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com'; $domainDN = 'dc=my,dc=server,dc=com'; @@ -203,7 +187,7 @@ class AccessTest extends TestCase { $this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN)); } - public function testGetDomainDNFromDNError() { + public function testGetDomainDNFromDNError(): void { $inputDN = 'foobar'; $expected = ''; @@ -215,83 +199,82 @@ class AccessTest extends TestCase { $this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN)); } - public function dnInputDataProvider() { - return [[ + public static function dnInputDataProvider(): array { + return [ [ - 'input' => 'foo=bar,bar=foo,dc=foobar', - 'interResult' => [ + 'foo=bar,bar=foo,dc=foobar', + [ 'count' => 3, 0 => 'foo=bar', 1 => 'bar=foo', 2 => 'dc=foobar' ], - 'expectedResult' => true + true ], [ - 'input' => 'foobarbarfoodcfoobar', - 'interResult' => false, - 'expectedResult' => false + 'foobarbarfoodcfoobar', + false, + false ] - ]]; + ]; } - /** - * @dataProvider dnInputDataProvider - * @param array $case - */ - public function testStringResemblesDN($case) { + #[\PHPUnit\Framework\Attributes\DataProvider('dnInputDataProvider')] + public function testStringResemblesDN(string $input, array|bool $interResult, bool $expectedResult): void { [$lw, $con, $um, $helper] = $this->getConnectorAndLdapMock(); - /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */ + /** @var IConfig&MockObject $config */ $config = $this->createMock(IConfig::class); - $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger); + $access = new Access($lw, $con, $um, $helper, $config, $this->ncUserManager, $this->logger, $this->appConfig, $this->dispatcher); $lw->expects($this->exactly(1)) ->method('explodeDN') - ->willReturnCallback(function ($dn) use ($case) { - if ($dn === $case['input']) { - return $case['interResult']; + ->willReturnCallback(function ($dn) use ($input, $interResult) { + if ($dn === $input) { + return $interResult; } return null; }); - $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input'])); + $this->assertSame($expectedResult, $access->stringResemblesDN($input)); } - /** - * @dataProvider dnInputDataProvider - * @param $case - */ - public function testStringResemblesDNLDAPmod($case) { + #[\PHPUnit\Framework\Attributes\DataProvider('dnInputDataProvider')] + public function testStringResemblesDNLDAPmod(string $input, array|bool $interResult, bool $expectedResult): void { [, $con, $um, $helper] = $this->getConnectorAndLdapMock(); - /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */ + /** @var IConfig&MockObject $config */ $config = $this->createMock(IConfig::class); $lw = new LDAP(); - $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger); + $access = new Access($lw, $con, $um, $helper, $config, $this->ncUserManager, $this->logger, $this->appConfig, $this->dispatcher); if (!function_exists('ldap_explode_dn')) { $this->markTestSkipped('LDAP Module not available'); } - $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input'])); + $this->assertSame($expectedResult, $access->stringResemblesDN($input)); } - public function testCacheUserHome() { + public function testCacheUserHome(): void { $this->connection->expects($this->once()) ->method('writeToCache'); $this->access->cacheUserHome('foobar', '/foobars/path'); } - public function testBatchApplyUserAttributes() { + public function testBatchApplyUserAttributes(): void { $this->ldap->expects($this->any()) ->method('isResource') ->willReturn(true); + $this->connection + ->expects($this->any()) + ->method('getConnectionResource') + ->willReturn(ldap_connect('ldap://example.com')); + $this->ldap->expects($this->any()) ->method('getAttributes') ->willReturn(['displayname' => ['bar', 'count' => 1]]); - /** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */ + /** @var UserMapping&MockObject $mapperMock */ $mapperMock = $this->createMock(UserMapping::class); $mapperMock->expects($this->any()) ->method('getNameByDN') @@ -335,8 +318,8 @@ class AccessTest extends TestCase { $this->access->batchApplyUserAttributes($data); } - public function testBatchApplyUserAttributesSkipped() { - /** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */ + public function testBatchApplyUserAttributesSkipped(): void { + /** @var UserMapping&MockObject $mapperMock */ $mapperMock = $this->createMock(UserMapping::class); $mapperMock->expects($this->any()) ->method('getNameByDN') @@ -376,8 +359,8 @@ class AccessTest extends TestCase { $this->access->batchApplyUserAttributes($data); } - public function testBatchApplyUserAttributesDontSkip() { - /** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */ + public function testBatchApplyUserAttributesDontSkip(): void { + /** @var UserMapping&MockObject $mapperMock */ $mapperMock = $this->createMock(UserMapping::class); $mapperMock->expects($this->any()) ->method('getNameByDN') @@ -417,7 +400,7 @@ class AccessTest extends TestCase { $this->access->batchApplyUserAttributes($data); } - public function dNAttributeProvider() { + public static function dNAttributeProvider(): array { // corresponds to Access::resemblesDN() return [ 'dn' => ['dn'], @@ -427,13 +410,10 @@ class AccessTest extends TestCase { ]; } - /** - * @dataProvider dNAttributeProvider - * @param $attribute - */ - public function testSanitizeDN($attribute) { + #[\PHPUnit\Framework\Attributes\DataProvider('dNAttributeProvider')] + public function testSanitizeDN(string $attribute): void { [$lw, $con, $um, $helper] = $this->getConnectorAndLdapMock(); - /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */ + /** @var IConfig&MockObject $config */ $config = $this->createMock(IConfig::class); $dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org'; @@ -447,13 +427,13 @@ class AccessTest extends TestCase { $attribute => ['count' => 1, $dnFromServer] ]); - $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger); + $access = new Access($lw, $con, $um, $helper, $config, $this->ncUserManager, $this->logger, $this->appConfig, $this->dispatcher); $values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute); $this->assertSame($values[0], strtolower($dnFromServer)); } - public function testSetPasswordWithDisabledChanges() { + public function testSetPasswordWithDisabledChanges(): void { $this->expectException(\Exception::class); $this->expectExceptionMessage('LDAP password changes are disabled'); @@ -465,45 +445,39 @@ class AccessTest extends TestCase { $this->access->setPassword('CN=foo', 'MyPassword'); } - public function testSetPasswordWithLdapNotAvailable() { + public function testSetPasswordWithLdapNotAvailable(): void { $this->connection ->method('__get') ->willReturn(true); - $connection = $this->createMock(LDAP::class); + $connection = ldap_connect('ldap://example.com'); $this->connection ->expects($this->once()) ->method('getConnectionResource') - ->willReturn($connection); + ->willThrowException(new ServerNotAvailableException('Connection to LDAP server could not be established')); $this->ldap - ->expects($this->once()) - ->method('isResource') - ->with($connection) - ->willReturn(false); + ->expects($this->never()) + ->method('isResource'); - /** @noinspection PhpUnhandledExceptionInspection */ - $this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword')); + $this->expectException(ServerNotAvailableException::class); + $this->expectExceptionMessage('Connection to LDAP server could not be established'); + $this->access->setPassword('CN=foo', 'MyPassword'); } - public function testSetPasswordWithRejectedChange() { - $this->expectException(\OCP\HintException::class); + public function testSetPasswordWithRejectedChange(): void { + $this->expectException(HintException::class); $this->expectExceptionMessage('Password change rejected.'); $this->connection ->method('__get') ->willReturn(true); - $connection = $this->createMock(LDAP::class); + $connection = ldap_connect('ldap://example.com'); $this->connection ->expects($this->any()) ->method('getConnectionResource') ->willReturn($connection); $this->ldap ->expects($this->once()) - ->method('isResource') - ->with($connection) - ->willReturn(true); - $this->ldap - ->expects($this->once()) ->method('modReplace') ->with($connection, 'CN=foo', 'MyPassword') ->willThrowException(new ConstraintViolationException()); @@ -512,22 +486,17 @@ class AccessTest extends TestCase { $this->access->setPassword('CN=foo', 'MyPassword'); } - public function testSetPassword() { + public function testSetPassword(): void { $this->connection ->method('__get') ->willReturn(true); - $connection = $this->createMock(LDAP::class); + $connection = ldap_connect('ldap://example.com'); $this->connection ->expects($this->any()) ->method('getConnectionResource') ->willReturn($connection); $this->ldap ->expects($this->once()) - ->method('isResource') - ->with($connection) - ->willReturn(true); - $this->ldap - ->expects($this->once()) ->method('modReplace') ->with($connection, 'CN=foo', 'MyPassword') ->willReturn(true); @@ -540,7 +509,7 @@ class AccessTest extends TestCase { $base, $fakeConnection, $fakeSearchResultResource, - $fakeLdapEntries + $fakeLdapEntries, ) { $this->connection ->expects($this->any()) @@ -559,7 +528,7 @@ class AccessTest extends TestCase { ->expects($this->any()) ->method('isResource') ->willReturnCallback(function ($resource) { - return is_resource($resource) || is_object($resource); + return is_object($resource); }); $this->ldap ->expects($this->any()) @@ -579,7 +548,7 @@ class AccessTest extends TestCase { ->willReturnArgument(0); } - public function testSearchNoPagedSearch() { + public function testSearchNoPagedSearch(): void { // scenario: no pages search, 1 search base $filter = 'objectClass=nextcloudUser'; $base = 'ou=zombies,dc=foobar,dc=nextcloud,dc=com'; @@ -606,7 +575,7 @@ class AccessTest extends TestCase { $this->assertSame($expected, $result); } - public function testFetchListOfUsers() { + public function testFetchListOfUsers(): void { $filter = 'objectClass=nextcloudUser'; $base = 'ou=zombies,dc=foobar,dc=nextcloud,dc=com'; $attrs = ['dn', 'uid']; @@ -626,20 +595,21 @@ class AccessTest extends TestCase { ]; $expected = $fakeLdapEntries; unset($expected['count']); - array_walk($expected, function (&$v) { + array_walk($expected, function (&$v): void { $v['dn'] = [$v['dn']]; // dn is translated into an array internally for consistency }); $this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries); - $this->connection->expects($this->exactly($fakeLdapEntries['count'])) + // Called twice per user, for userExists and userExistsOnLdap + $this->connection->expects($this->exactly(2 * $fakeLdapEntries['count'])) ->method('writeToCache') ->with($this->stringStartsWith('userExists'), true); $this->userMapper->expects($this->exactly($fakeLdapEntries['count'])) ->method('getNameByDN') ->willReturnCallback(function ($fdn) { - $parts = ldap_explode_dn($fdn, false); + $parts = ldap_explode_dn($fdn, 0); return $parts[0]; }); @@ -648,7 +618,7 @@ class AccessTest extends TestCase { $this->assertSame($expected, $list); } - public function testFetchListOfGroupsKnown() { + public function testFetchListOfGroupsKnown(): void { $filter = 'objectClass=nextcloudGroup'; $attributes = ['cn', 'gidNumber', 'dn']; $base = 'ou=SomeGroups,dc=my,dc=directory'; @@ -678,7 +648,7 @@ class AccessTest extends TestCase { $this->groupMapper->expects($this->never()) ->method('getNameByDN'); - $this->connection->expects($this->exactly(2)) + $this->connection->expects($this->exactly(1)) ->method('writeToCache'); $groups = $this->access->fetchListOfGroups($filter, $attributes); @@ -687,7 +657,7 @@ class AccessTest extends TestCase { $this->assertSame('Another Good Team', $groups[1]['cn'][0]); } - public function intUsernameProvider() { + public static function intUsernameProvider(): array { return [ ['alice', 'alice'], ['b/ob', 'bob'], @@ -705,7 +675,7 @@ class AccessTest extends TestCase { ]; } - public function groupIDCandidateProvider() { + public static function groupIDCandidateProvider(): array { return [ ['alice', 'alice'], ['b/ob', 'b/ob'], @@ -722,13 +692,8 @@ class AccessTest extends TestCase { ]; } - /** - * @dataProvider intUsernameProvider - * - * @param $name - * @param $expected - */ - public function testSanitizeUsername($name, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('intUsernameProvider')] + public function testSanitizeUsername(string $name, ?string $expected): void { if ($expected === null) { $this->expectException(\InvalidArgumentException::class); } @@ -736,15 +701,13 @@ class AccessTest extends TestCase { $this->assertSame($expected, $sanitizedName); } - /** - * @dataProvider groupIDCandidateProvider - */ - public function testSanitizeGroupIDCandidate(string $name, string $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('groupIDCandidateProvider')] + public function testSanitizeGroupIDCandidate(string $name, string $expected): void { $sanitizedName = $this->access->sanitizeGroupIDCandidate($name); $this->assertSame($expected, $sanitizedName); } - public function testUserStateUpdate() { + public function testUserStateUpdate(): void { $this->connection->expects($this->any()) ->method('__get') ->willReturnMap([ @@ -763,7 +726,7 @@ class AccessTest extends TestCase { ->with('detta') ->willReturnOnConsecutiveCalls($offlineUserMock, $regularUserMock); - /** @var UserMapping|\PHPUnit\Framework\MockObject\MockObject $mapperMock */ + /** @var UserMapping&MockObject $mapperMock */ $mapperMock = $this->createMock(UserMapping::class); $mapperMock->expects($this->any()) ->method('getNameByDN') |