diff options
Diffstat (limited to 'apps/user_ldap/tests/Group_LDAPTest.php')
| -rw-r--r-- | apps/user_ldap/tests/Group_LDAPTest.php | 1104 |
1 files changed, 549 insertions, 555 deletions
diff --git a/apps/user_ldap/tests/Group_LDAPTest.php b/apps/user_ldap/tests/Group_LDAPTest.php index 6204c22cb9e..10182111768 100644 --- a/apps/user_ldap/tests/Group_LDAPTest.php +++ b/apps/user_ldap/tests/Group_LDAPTest.php @@ -1,32 +1,10 @@ <?php + +declare(strict_types=1); /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * @author Vincent Petry <vincent@nextcloud.com> - * @author Vinicius Cubas Brand <vinicius@eita.org.br> - * @author Xuanwo <xuanwo@yunify.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\User_LDAP\Tests; @@ -37,7 +15,15 @@ use OCA\User_LDAP\GroupPluginManager; use OCA\User_LDAP\ILDAPWrapper; use OCA\User_LDAP\Mapping\GroupMapping; use OCA\User_LDAP\User\Manager; +use OCA\User_LDAP\User\OfflineUser; +use OCA\User_LDAP\User\User; +use OCA\User_LDAP\User_Proxy; use OCP\GroupInterface; +use OCP\IConfig; +use OCP\IUser; +use OCP\IUserManager; +use OCP\Security\ISecureRandom; +use OCP\Server; use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; @@ -49,17 +35,34 @@ use Test\TestCase; * @package OCA\User_LDAP\Tests */ class Group_LDAPTest extends TestCase { - public function testCountEmptySearchString() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); + private Access&MockObject $access; + private GroupPluginManager&MockObject $pluginManager; + private IConfig&MockObject $config; + private IUserManager&MockObject $ncUserManager; + private GroupLDAP $groupBackend; + + public function setUp(): void { + parent::setUp(); + + $this->access = $this->getAccessMock(); + $this->pluginManager = $this->createMock(GroupPluginManager::class); + $this->config = $this->createMock(IConfig::class); + $this->ncUserManager = $this->createMock(IUserManager::class); + } + + public function initBackend(): void { + $this->groupBackend = new GroupLDAP($this->access, $this->pluginManager, $this->config, $this->ncUserManager); + } + + public function testCountEmptySearchString(): void { $groupDN = 'cn=group,dc=foo,dc=bar'; - $this->enableGroups($access); + $this->enableGroups(); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturn($groupDN); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturnCallback(function ($dn) use ($groupDN) { if ($dn === $groupDN) { @@ -72,20 +75,20 @@ class Group_LDAPTest extends TestCase { } return []; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); // for primary groups - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('countUsers') ->willReturn(2); - $access->userManager->expects($this->any()) + $this->access->userManager->expects($this->any()) ->method('getAttributes') ->willReturn(['displayName', 'mail']); - $groupBackend = new GroupLDAP($access, $pluginManager); - $users = $groupBackend->countUsersInGroup('group'); + $this->initBackend(); + $users = $this->groupBackend->countUsersInGroup('group'); $this->assertSame(6, $users); } @@ -94,39 +97,20 @@ class Group_LDAPTest extends TestCase { * @return MockObject|Access */ private function getAccessMock() { - static $conMethods; - static $accMethods; - - if (is_null($conMethods) || is_null($accMethods)) { - $conMethods = get_class_methods(Connection::class); - $accMethods = get_class_methods(Access::class); - } $lw = $this->createMock(ILDAPWrapper::class); $connector = $this->getMockBuilder(Connection::class) - ->setMethods($conMethods) ->setConstructorArgs([$lw, '', null]) ->getMock(); - $access = $this->createMock(Access::class); - - $access->connection = $connector; - - $access->userManager = $this->createMock(Manager::class); + $this->access = $this->createMock(Access::class); + $this->access->connection = $connector; + $this->access->userManager = $this->createMock(Manager::class); - return $access; + return $this->access; } - /** - * @return MockObject|GroupPluginManager - */ - private function getPluginManagerMock() { - return $this->createMock(GroupPluginManager::class); - } - - private function enableGroups(Access $access) { - $access->connection = $this->createMock(Connection::class); - - $access->connection->expects($this->any()) + private function enableGroups(): void { + $this->access->connection->expects($this->any()) ->method('__get') ->willReturnCallback(function ($name) { if ($name === 'ldapDynamicGroupMemberURL') { @@ -138,372 +122,317 @@ class Group_LDAPTest extends TestCase { }); } - public function testCountWithSearchString() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); + public function testCountWithSearchString(): void { + $this->enableGroups(); - $this->enableGroups($access); - - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturn('cn=group,dc=foo,dc=bar'); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('fetchListOfUsers') ->willReturn([]); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturnCallback(function ($name) { //the search operation will call readAttribute, thus we need - //to anaylze the "dn". All other times we just need to return + //to analyze the "dn". All other times we just need to return //something that is neither null or false, but once an array //with the users in the group – so we do so all other times for - //simplicicity. - if (strpos($name, 'u') === 0) { + //simplicity. + if (str_starts_with($name, 'u')) { return strpos($name, '3'); } return ['u11', 'u22', 'u33', 'u34']; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('dn2username') ->willReturnCallback(function () { - return 'foobar' . \OC::$server->getSecureRandom()->generate(7); + return 'foobar' . Server::get(ISecureRandom::class)->generate(7); }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('escapeFilterPart') ->willReturnArgument(0); - $access->userManager->expects($this->any()) + $this->access->userManager->expects($this->any()) ->method('getAttributes') ->willReturn(['displayName', 'mail']); - $groupBackend = new GroupLDAP($access, $pluginManager); - $users = $groupBackend->countUsersInGroup('group', '3'); + $this->initBackend(); + $users = $this->groupBackend->countUsersInGroup('group', '3'); $this->assertSame(2, $users); } - public function testCountUsersWithPlugin() { + public function testCountUsersWithPlugin(): void { /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'countUsersInGroup']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'countUsersInGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::COUNT_USERS) ->willReturn(true); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('countUsersInGroup') ->with('gid', 'search') ->willReturn(42); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $this->assertEquals($ldap->countUsersInGroup('gid', 'search'), 42); + $this->initBackend(); + $this->assertEquals($this->groupBackend->countUsersInGroup('gid', 'search'), 42); } - public function testGidNumber2NameSuccess() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testGidNumber2NameSuccess(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('searchGroups') ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('dn2groupname') ->with('cn=foo,dc=barfoo,dc=bar') ->willReturn('MyGroup'); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->gidNumber2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->gidNumber2Name('3117', $userDN); $this->assertSame('MyGroup', $group); } - public function testGidNumberID2NameNoGroup() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testGidNumberID2NameNoGroup(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('searchGroups') ->willReturn([]); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('dn2groupname'); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->gidNumber2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->gidNumber2Name('3117', $userDN); $this->assertSame(false, $group); } - public function testGidNumberID2NameNoName() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testGidNumberID2NameNoName(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('searchGroups') ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('dn2groupname') ->willReturn(false); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->gidNumber2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->gidNumber2Name('3117', $userDN); $this->assertSame(false, $group); } - public function testGetEntryGidNumberValue() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testGetEntryGidNumberValue(): void { + $this->enableGroups(); $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar'; $attr = 'gidNumber'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('readAttribute') ->with($dn, $attr) ->willReturn(['3117']); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $gid = $groupBackend->getGroupGidNumber($dn); + $this->initBackend(); + $gid = $this->groupBackend->getGroupGidNumber($dn); $this->assertSame('3117', $gid); } - public function testGetEntryGidNumberNoValue() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testGetEntryGidNumberNoValue(): void { + $this->enableGroups(); $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar'; $attr = 'gidNumber'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('readAttribute') ->with($dn, $attr) ->willReturn(false); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $gid = $groupBackend->getGroupGidNumber($dn); + $this->initBackend(); + $gid = $this->groupBackend->getGroupGidNumber($dn); $this->assertSame(false, $gid); } - public function testPrimaryGroupID2NameSuccessCache() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testPrimaryGroupID2NameSuccessCache(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; $gid = '3117'; - $groupDN = 'cn=foo,dc=barfoo,dc=bar'; /** @var MockObject $connection */ - $connection = $access->connection; + $connection = $this->access->connection; $connection->expects($this->once()) ->method('getFromCache') ->with('primaryGroupIDtoName_' . $gid) ->willReturn('MyGroup'); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('getSID'); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('searchGroups'); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('dn2groupname'); - $groupBackend = new GroupLDAP($access, $pluginManager); - $group = $groupBackend->primaryGroupID2Name($gid, $userDN); + $this->initBackend(); + $group = $this->groupBackend->primaryGroupID2Name($gid, $userDN); $this->assertSame('MyGroup', $group); } - public function testPrimaryGroupID2NameSuccess() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testPrimaryGroupID2NameSuccess(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('getSID') ->with($userDN) ->willReturn('S-1-5-21-249921958-728525901-1594176202'); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('searchGroups') ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('dn2groupname') ->with('cn=foo,dc=barfoo,dc=bar') ->willReturn('MyGroup'); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->primaryGroupID2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->primaryGroupID2Name('3117', $userDN); $this->assertSame('MyGroup', $group); } - public function testPrimaryGroupID2NameNoSID() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testPrimaryGroupID2NameNoSID(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('getSID') ->with($userDN) ->willReturn(false); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('searchGroups'); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('dn2groupname'); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->primaryGroupID2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->primaryGroupID2Name('3117', $userDN); $this->assertSame(false, $group); } - public function testPrimaryGroupID2NameNoGroup() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testPrimaryGroupID2NameNoGroup(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('getSID') ->with($userDN) ->willReturn('S-1-5-21-249921958-728525901-1594176202'); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('searchGroups') ->willReturn([]); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('dn2groupname'); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->primaryGroupID2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->primaryGroupID2Name('3117', $userDN); $this->assertSame(false, $group); } - public function testPrimaryGroupID2NameNoName() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testPrimaryGroupID2NameNoName(): void { + $this->enableGroups(); $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('getSID') ->with($userDN) ->willReturn('S-1-5-21-249921958-728525901-1594176202'); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('searchGroups') ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('dn2groupname') ->willReturn(false); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $group = $groupBackend->primaryGroupID2Name('3117', $userDN); + $this->initBackend(); + $group = $this->groupBackend->primaryGroupID2Name('3117', $userDN); $this->assertSame(false, $group); } - public function testGetEntryGroupIDValue() { + public function testGetEntryGroupIDValue(): void { //tests getEntryGroupID via getGroupPrimaryGroupID //which is basically identical to getUserPrimaryGroupIDs - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + $this->enableGroups(); $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar'; $attr = 'primaryGroupToken'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('readAttribute') ->with($dn, $attr) ->willReturn(['3117']); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $gid = $groupBackend->getGroupPrimaryGroupID($dn); + $this->initBackend(); + $gid = $this->groupBackend->getGroupPrimaryGroupID($dn); $this->assertSame('3117', $gid); } - public function testGetEntryGroupIDNoValue() { + public function testGetEntryGroupIDNoValue(): void { //tests getEntryGroupID via getGroupPrimaryGroupID //which is basically identical to getUserPrimaryGroupIDs - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + $this->enableGroups(); $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar'; $attr = 'primaryGroupToken'; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('readAttribute') ->with($dn, $attr) ->willReturn(false); - $groupBackend = new GroupLDAP($access, $pluginManager); - - $gid = $groupBackend->getGroupPrimaryGroupID($dn); + $this->initBackend(); + $gid = $this->groupBackend->getGroupPrimaryGroupID($dn); $this->assertSame(false, $gid); } @@ -512,29 +441,26 @@ class Group_LDAPTest extends TestCase { * tests whether Group Backend behaves correctly when cache with uid and gid * is hit */ - public function testInGroupHitsUidGidCache() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testInGroupHitsUidGidCache(): void { + $this->enableGroups(); $uid = 'someUser'; $gid = 'someGroup'; $cacheKey = 'inGroup' . $uid . ':' . $gid; - $access->connection->expects($this->once()) + $this->access->connection->expects($this->once()) ->method('getFromCache') ->with($cacheKey) ->willReturn(true); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('username2dn'); - $groupBackend = new GroupLDAP($access, $pluginManager); - $groupBackend->inGroup($uid, $gid); + $this->initBackend(); + $this->groupBackend->inGroup($uid, $gid); } - public function groupWithMembersProvider() { + public static function groupWithMembersProvider(): array { return [ [ 'someGroup', @@ -549,19 +475,12 @@ class Group_LDAPTest extends TestCase { ]; } - /** - * @dataProvider groupWithMembersProvider - */ - public function testInGroupMember(string $gid, string $groupDn, array $memberDNs) { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $access->connection = $this->createMock(Connection::class); - + #[\PHPUnit\Framework\Attributes\DataProvider('groupWithMembersProvider')] + public function testInGroupMember(string $gid, string $groupDn, array $memberDNs): void { $uid = 'someUser'; $userDn = $memberDNs[0]; - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('__get') ->willReturnCallback(function ($name) { switch ($name) { @@ -576,38 +495,31 @@ class Group_LDAPTest extends TestCase { return 1; } }); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('getFromCache') ->willReturn(null); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('username2dn') ->with($uid) ->willReturn($userDn); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('groupname2dn') ->willReturn($groupDn); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturn($memberDNs); - $groupBackend = new GroupLDAP($access, $pluginManager); - $this->assertTrue($groupBackend->inGroup($uid, $gid)); + $this->initBackend(); + $this->assertTrue($this->groupBackend->inGroup($uid, $gid)); } - /** - * @dataProvider groupWithMembersProvider - */ - public function testInGroupMemberNot(string $gid, string $groupDn, array $memberDNs) { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $access->connection = $this->createMock(Connection::class); - + #[\PHPUnit\Framework\Attributes\DataProvider('groupWithMembersProvider')] + public function testInGroupMemberNot(string $gid, string $groupDn, array $memberDNs): void { $uid = 'unelatedUser'; $userDn = 'uid=unrelatedUser,ou=unrelatedTeam,ou=unrelatedDepartment,dc=someDomain,dc=someTld'; - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('__get') ->willReturnCallback(function ($name) { switch ($name) { @@ -622,46 +534,38 @@ class Group_LDAPTest extends TestCase { return 1; } }); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('getFromCache') ->willReturn(null); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('username2dn') ->with($uid) ->willReturn($userDn); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('groupname2dn') ->willReturn($groupDn); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturn($memberDNs); - $groupBackend = new GroupLDAP($access, $pluginManager); - $this->assertFalse($groupBackend->inGroup($uid, $gid)); + $this->initBackend(); + $this->assertFalse($this->groupBackend->inGroup($uid, $gid)); } - /** - * @dataProvider groupWithMembersProvider - */ - public function testInGroupMemberUid(string $gid, string $groupDn, array $memberDNs) { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - + #[\PHPUnit\Framework\Attributes\DataProvider('groupWithMembersProvider')] + public function testInGroupMemberUid(string $gid, string $groupDn, array $memberDNs): void { $memberUids = []; $userRecords = []; foreach ($memberDNs as $dn) { - $memberUids[] = ldap_explode_dn($dn, false)[0]; + $memberUids[] = ldap_explode_dn($dn, 0)[0]; $userRecords[] = ['dn' => [$dn]]; } - - $access->connection = $this->createMock(Connection::class); - $uid = 'someUser'; $userDn = $memberDNs[0]; - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('__get') ->willReturnCallback(function ($name) { switch ($name) { @@ -678,65 +582,59 @@ class Group_LDAPTest extends TestCase { return 1; } }); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('getFromCache') ->willReturn(null); - $access->userManager->expects($this->any()) + $this->access->userManager->expects($this->any()) ->method('getAttributes') ->willReturn(['uid', 'mail', 'displayname']); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('username2dn') ->with($uid) ->willReturn($userDn); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('groupname2dn') ->willReturn($groupDn); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturn($memberUids); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('fetchListOfUsers') ->willReturn($userRecords); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('combineFilterWithOr') ->willReturn('(|(pseudo=filter)(filter=pseudo))'); - $groupBackend = new GroupLDAP($access, $pluginManager); - $this->assertTrue($groupBackend->inGroup($uid, $gid)); + $this->initBackend(); + $this->assertTrue($this->groupBackend->inGroup($uid, $gid)); } - public function testGetGroupsWithOffset() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); + public function testGetGroupsWithOffset(): void { + $this->enableGroups(); - $this->enableGroups($access); - - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('nextcloudGroupNames') ->willReturn(['group1', 'group2']); - $groupBackend = new GroupLDAP($access, $pluginManager); - $groups = $groupBackend->getGroups('', 2, 2); + $this->initBackend(); + $groups = $this->groupBackend->getGroups('', 2, 2); $this->assertSame(2, count($groups)); } /** - * tests that a user listing is complete, if all it's members have the group + * tests that a user listing is complete, if all its members have the group * as their primary. */ - public function testUsersInGroupPrimaryMembersOnly() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testUsersInGroupPrimaryMembersOnly(): void { + $this->enableGroups(); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('getFromCache') ->willReturn(null); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturnCallback(function ($dn, $attr) { if ($attr === 'primaryGroupToken') { @@ -746,43 +644,40 @@ class Group_LDAPTest extends TestCase { } return []; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturn('cn=foobar,dc=foo,dc=bar'); - $access->expects($this->exactly(2)) + $this->access->expects($this->exactly(2)) ->method('nextcloudUserNames') ->willReturnOnConsecutiveCalls(['lisa', 'bart', 'kira', 'brad'], ['walle', 'dino', 'xenia']); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('combineFilterWithAnd') ->willReturn('pseudo=filter'); - $access->userManager->expects($this->any()) + $this->access->userManager->expects($this->any()) ->method('getAttributes') ->willReturn(['displayName', 'mail']); - $groupBackend = new GroupLDAP($access, $pluginManager); - $users = $groupBackend->usersInGroup('foobar'); + $this->initBackend(); + $users = $this->groupBackend->usersInGroup('foobar'); $this->assertSame(7, count($users)); } /** - * tests that a user listing is complete, if all it's members have the group + * tests that a user listing is complete, if all its members have the group * as their primary. */ - public function testUsersInGroupPrimaryAndUnixMembers() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testUsersInGroupPrimaryAndUnixMembers(): void { + $this->enableGroups(); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('getFromCache') ->willReturn(null); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturnCallback(function ($dn, $attr) { if ($attr === 'primaryGroupToken') { @@ -790,44 +685,41 @@ class Group_LDAPTest extends TestCase { } return []; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturn('cn=foobar,dc=foo,dc=bar'); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('nextcloudUserNames') ->willReturn(['lisa', 'bart', 'kira', 'brad']); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('combineFilterWithAnd') ->willReturn('pseudo=filter'); - $access->userManager->expects($this->any()) + $this->access->userManager->expects($this->any()) ->method('getAttributes') ->willReturn(['displayName', 'mail']); - $groupBackend = new GroupLDAP($access, $pluginManager); - $users = $groupBackend->usersInGroup('foobar'); + $this->initBackend(); + $users = $this->groupBackend->usersInGroup('foobar'); $this->assertSame(4, count($users)); } /** - * tests that a user counting is complete, if all it's members have the group + * tests that a user counting is complete, if all its members have the group * as their primary. */ - public function testCountUsersInGroupPrimaryMembersOnly() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); + public function testCountUsersInGroupPrimaryMembersOnly(): void { + $this->enableGroups(); - $this->enableGroups($access); - - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('getFromCache') ->willReturn(null); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturnCallback(function ($dn, $attr) { if ($attr === 'primaryGroupToken') { @@ -835,65 +727,63 @@ class Group_LDAPTest extends TestCase { } return []; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturn('cn=foobar,dc=foo,dc=bar'); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('countUsers') ->willReturn(4); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); - $access->userManager->expects($this->any()) + $this->access->userManager->expects($this->any()) ->method('getAttributes') ->willReturn(['displayName', 'mail']); - $groupBackend = new GroupLDAP($access, $pluginManager); - $users = $groupBackend->countUsersInGroup('foobar'); + $this->initBackend(); + $users = $this->groupBackend->countUsersInGroup('foobar'); $this->assertSame(4, $users); } - public function testGetUserGroupsMemberOf() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $this->enableGroups($access); + public function testGetUserGroupsMemberOf(): void { + $this->enableGroups(); $dn = 'cn=userX,dc=foobar'; - $access->connection->hasPrimaryGroups = false; - $access->connection->hasGidNumber = false; + $this->access->connection->hasPrimaryGroups = false; + $this->access->connection->hasGidNumber = false; - $access->expects($this->any()) + $expectedGroups = ['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar']; + + $this->access->expects($this->any()) ->method('username2dn') ->willReturn($dn); - $access->expects($this->exactly(5)) - ->method('readAttribute') - ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], [], [], [])); - $access->expects($this->any()) + $this->access->expects($this->exactly(5)) + ->method('readAttribute')->willReturnOnConsecutiveCalls($expectedGroups, [], [], [], []); + $this->access->expects($this->any()) ->method('dn2groupname') ->willReturnArgument(0); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturnArgument(0); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); - $groupBackend = new GroupLDAP($access, $pluginManager); - $groups = $groupBackend->getUserGroups('userX'); + $this->config->expects($this->once()) + ->method('setUserValue') + ->with('userX', 'user_ldap', 'cached-group-memberships-', \json_encode($expectedGroups)); + + $this->initBackend(); + $groups = $this->groupBackend->getUserGroups('userX'); $this->assertSame(2, count($groups)); } - public function testGetUserGroupsMemberOfDisabled() { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - - $access->connection = $this->createMock(Connection::class); - $access->connection->expects($this->any()) + public function testGetUserGroupsMemberOfDisabled(): void { + $this->access->connection->expects($this->any()) ->method('__get') ->willReturnCallback(function ($name) { if ($name === 'useMemberOfToDetectMembership') { @@ -906,71 +796,187 @@ class Group_LDAPTest extends TestCase { $dn = 'cn=userX,dc=foobar'; - $access->connection->hasPrimaryGroups = false; - $access->connection->hasGidNumber = false; + $this->access->connection->hasPrimaryGroups = false; + $this->access->connection->hasGidNumber = false; - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('username2dn') ->willReturn($dn); - $access->expects($this->never()) + $this->access->expects($this->never()) ->method('readAttribute') ->with($dn, 'memberOf'); - $access->expects($this->once()) + $this->access->expects($this->once()) ->method('nextcloudGroupNames') ->willReturn([]); - $groupBackend = new GroupLDAP($access, $pluginManager); - $groupBackend->getUserGroups('userX'); + // empty group result should not be oer + $this->config->expects($this->once()) + ->method('setUserValue') + ->with('userX', 'user_ldap', 'cached-group-memberships-', '[]'); + + $ldapUser = $this->createMock(User::class); + + $this->access->userManager->expects($this->any()) + ->method('get') + ->with('userX') + ->willReturn($ldapUser); + + $userBackend = $this->createMock(User_Proxy::class); + $userBackend->expects($this->once()) + ->method('userExistsOnLDAP') + ->with('userX', true) + ->willReturn(true); + + $ncUser = $this->createMock(IUser::class); + $ncUser->expects($this->any()) + ->method('getBackend') + ->willReturn($userBackend); + + $this->ncUserManager->expects($this->once()) + ->method('get') + ->with('userX') + ->willReturn($ncUser); + + $this->initBackend(); + $this->groupBackend->getUserGroups('userX'); } - public function nestedGroupsProvider(): array { + public function testGetUserGroupsOfflineUser(): void { + $this->enableGroups(); + + $offlineUser = $this->createMock(OfflineUser::class); + + $this->config->expects($this->any()) + ->method('getUserValue') + ->with('userX', 'user_ldap', 'cached-group-memberships-', $this->anything()) + ->willReturn(\json_encode(['groupB', 'groupF'])); + + $this->access->userManager->expects($this->any()) + ->method('get') + ->with('userX') + ->willReturn($offlineUser); + + $this->initBackend(); + $returnedGroups = $this->groupBackend->getUserGroups('userX'); + $this->assertCount(2, $returnedGroups); + $this->assertContains('groupB', $returnedGroups); + $this->assertContains('groupF', $returnedGroups); + } + + /** + * regression tests against a case where a json object was stored instead of expected list + * @see https://github.com/nextcloud/server/issues/42374 + */ + public function testGetUserGroupsOfflineUserUnexpectedJson(): void { + $this->enableGroups(); + + $offlineUser = $this->createMock(OfflineUser::class); + + $this->config->expects($this->any()) + ->method('getUserValue') + ->with('userX', 'user_ldap', 'cached-group-memberships-', $this->anything()) + // results in a json object: {"0":"groupB","2":"groupF"} + ->willReturn(\json_encode([0 => 'groupB', 2 => 'groupF'])); + + $this->access->userManager->expects($this->any()) + ->method('get') + ->with('userX') + ->willReturn($offlineUser); + + $this->initBackend(); + $returnedGroups = $this->groupBackend->getUserGroups('userX'); + $this->assertCount(2, $returnedGroups); + $this->assertContains('groupB', $returnedGroups); + $this->assertContains('groupF', $returnedGroups); + } + + public function testGetUserGroupsUnrecognizedOfflineUser(): void { + $this->enableGroups(); + $dn = 'cn=userX,dc=foobar'; + + $ldapUser = $this->createMock(User::class); + + $userBackend = $this->createMock(User_Proxy::class); + $userBackend->expects($this->once()) + ->method('userExistsOnLDAP') + ->with('userX', true) + ->willReturn(false); + + $ncUser = $this->createMock(IUser::class); + $ncUser->expects($this->any()) + ->method('getBackend') + ->willReturn($userBackend); + + $this->config->expects($this->atLeastOnce()) + ->method('getUserValue') + ->with('userX', 'user_ldap', 'cached-group-memberships-', $this->anything()) + ->willReturn(\json_encode(['groupB', 'groupF'])); + + $this->access->expects($this->any()) + ->method('username2dn') + ->willReturn($dn); + + $this->access->userManager->expects($this->any()) + ->method('get') + ->with('userX') + ->willReturn($ldapUser); + + $this->ncUserManager->expects($this->once()) + ->method('get') + ->with('userX') + ->willReturn($ncUser); + + $this->initBackend(); + $returnedGroups = $this->groupBackend->getUserGroups('userX'); + $this->assertCount(2, $returnedGroups); + $this->assertContains('groupB', $returnedGroups); + $this->assertContains('groupF', $returnedGroups); + } + + public static function nestedGroupsProvider(): array { return [ [true], [false], ]; } - /** - * @dataProvider nestedGroupsProvider - */ - public function testGetGroupsByMember(bool $nestedGroups) { - $access = $this->getAccessMock(); - $pluginManager = $this->getPluginManagerMock(); - + #[\PHPUnit\Framework\Attributes\DataProvider('nestedGroupsProvider')] + public function testGetGroupsByMember(bool $nestedGroups): void { $groupFilter = '(&(objectclass=nextcloudGroup)(nextcloudEnabled=TRUE))'; - $access->connection = $this->createMock(Connection::class); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('__get') - ->willReturnCallback(function ($name) use ($nestedGroups, $groupFilter) { + ->willReturnCallback(function (string $name) use ($nestedGroups, $groupFilter) { switch ($name) { case 'useMemberOfToDetectMembership': return 0; case 'ldapDynamicGroupMemberURL': return ''; case 'ldapNestedGroups': - return $nestedGroups; + return (int)$nestedGroups; case 'ldapGroupMemberAssocAttr': return 'member'; case 'ldapGroupFilter': return $groupFilter; case 'ldapBaseGroups': return []; + case 'ldapGroupDisplayName': + return 'cn'; } return 1; }); $dn = 'cn=userX,dc=foobar'; - $access->connection->hasPrimaryGroups = false; - $access->connection->hasGidNumber = false; + $this->access->connection->hasPrimaryGroups = false; + $this->access->connection->hasGidNumber = false; - $access->expects($this->exactly(2)) + $this->access->expects($this->exactly(2)) ->method('username2dn') ->willReturn($dn); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('readAttribute') ->willReturn([]); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('combineFilterWithAnd') ->willReturnCallback(function (array $filterParts) { // ⚠ returns a pseudo-filter only, not real LDAP Filter syntax @@ -980,352 +986,346 @@ class Group_LDAPTest extends TestCase { $group1 = [ 'cn' => 'group1', 'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'], + 'member' => [$dn], ]; $group2 = [ 'cn' => 'group2', 'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'], + 'member' => [$dn], + ]; + $group3 = [ + 'cn' => 'group3', + 'dn' => ['cn=group3,ou=groups,dc=domain,dc=com'], + 'member' => [$group2['dn'][0]], ]; - $access->expects($this->once()) + $expectedGroups = ($nestedGroups ? [$group1, $group2, $group3] : [$group1, $group2]); + $expectedGroupsNames = ($nestedGroups ? ['group1', 'group2', 'group3'] : ['group1', 'group2']); + + $this->access->expects($this->any()) ->method('nextcloudGroupNames') - ->with([$group1, $group2]) - ->willReturn(['group1', 'group2']); - $access->expects($nestedGroups ? $this->atLeastOnce() : $this->once()) + ->with($expectedGroups) + ->willReturn($expectedGroupsNames); + $this->access->expects($nestedGroups ? $this->atLeastOnce() : $this->once()) ->method('fetchListOfGroups') - ->willReturnCallback(function ($filter, $attr, $limit, $offset) use ($nestedGroups, $groupFilter, $group1, $group2) { + ->willReturnCallback(function ($filter, $attr, $limit, $offset) use ($nestedGroups, $groupFilter, $group1, $group2, $group3, $dn) { static $firstRun = true; if (!$nestedGroups) { // When nested groups are enabled, groups cannot be filtered early as it would // exclude intermediate groups. But we can, and should, when working with flat groups. - $this->assertTrue(strpos($filter, $groupFilter) !== false); + $this->assertTrue(str_contains($filter, $groupFilter)); } - if ($firstRun) { - $firstRun = false; + [$memberFilter] = explode('&', $filter); + if ($memberFilter === 'member=' . $dn) { return [$group1, $group2]; + return []; + } elseif ($memberFilter === 'member=' . $group2['dn'][0]) { + return [$group3]; + } else { + return []; } - return []; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('dn2groupname') ->willReturnCallback(function (string $dn) { return ldap_explode_dn($dn, 1)[0]; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') - ->willReturnCallback(function (string $gid) use ($group1, $group2) { + ->willReturnCallback(function (string $gid) use ($group1, $group2, $group3) { if ($gid === $group1['cn']) { return $group1['dn'][0]; } if ($gid === $group2['cn']) { return $group2['dn'][0]; } + if ($gid === $group3['cn']) { + return $group3['dn'][0]; + } }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('isDNPartOfBase') ->willReturn(true); - $groupBackend = new GroupLDAP($access, $pluginManager); - $groups = $groupBackend->getUserGroups('userX'); - $this->assertEquals(['group1', 'group2'], $groups); + $this->initBackend(); + $groups = $this->groupBackend->getUserGroups('userX'); + $this->assertEquals($expectedGroupsNames, $groups); - $groupsAgain = $groupBackend->getUserGroups('userX'); - $this->assertEquals(['group1', 'group2'], $groupsAgain); + $groupsAgain = $this->groupBackend->getUserGroups('userX'); + $this->assertEquals($expectedGroupsNames, $groupsAgain); } - public function testCreateGroupWithPlugin() { - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'createGroup']) + public function testCreateGroupWithPlugin(): void { + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'createGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::CREATE_GROUP) ->willReturn(true); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('createGroup') ->with('gid') ->willReturn('result'); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $this->assertEquals($ldap->createGroup('gid'), true); + $this->initBackend(); + $this->assertTrue($this->groupBackend->createGroup('gid')); } - public function testCreateGroupFailing() { + public function testCreateGroupFailing(): void { $this->expectException(\Exception::class); - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'createGroup']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'createGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::CREATE_GROUP) ->willReturn(false); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $ldap->createGroup('gid'); + $this->initBackend(); + $this->groupBackend->createGroup('gid'); } - public function testDeleteGroupWithPlugin() { - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'deleteGroup']) + public function testDeleteGroupWithPlugin(): void { + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'deleteGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::DELETE_GROUP) ->willReturn(true); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('deleteGroup') ->with('gid') ->willReturn(true); $mapper = $this->getMockBuilder(GroupMapping::class) - ->setMethods(['unmap']) + ->onlyMethods(['unmap']) ->disableOriginalConstructor() ->getMock(); - $access = $this->getAccessMock(); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('getGroupMapper') ->willReturn($mapper); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $this->assertTrue($ldap->deleteGroup('gid')); + $this->initBackend(); + $this->assertTrue($this->groupBackend->deleteGroup('gid')); } - public function testDeleteGroupFailing() { + public function testDeleteGroupFailing(): void { $this->expectException(\Exception::class); - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'deleteGroup']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'deleteGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::DELETE_GROUP) ->willReturn(false); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $ldap->deleteGroup('gid'); + $this->initBackend(); + $this->groupBackend->deleteGroup('gid'); } - public function testAddToGroupWithPlugin() { - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'addToGroup']) + public function testAddToGroupWithPlugin(): void { + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'addToGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::ADD_TO_GROUP) ->willReturn(true); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('addToGroup') ->with('uid', 'gid') ->willReturn('result'); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $this->assertEquals($ldap->addToGroup('uid', 'gid'), 'result'); + $this->initBackend(); + $this->assertEquals('result', $this->groupBackend->addToGroup('uid', 'gid')); } - public function testAddToGroupFailing() { + public function testAddToGroupFailing(): void { $this->expectException(\Exception::class); - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'addToGroup']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'addToGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::ADD_TO_GROUP) ->willReturn(false); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $ldap->addToGroup('uid', 'gid'); + $this->initBackend(); + $this->groupBackend->addToGroup('uid', 'gid'); } - public function testRemoveFromGroupWithPlugin() { - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'removeFromGroup']) + public function testRemoveFromGroupWithPlugin(): void { + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'removeFromGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::REMOVE_FROM_GROUP) ->willReturn(true); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('removeFromGroup') ->with('uid', 'gid') ->willReturn('result'); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $this->assertEquals($ldap->removeFromGroup('uid', 'gid'), 'result'); + $this->initBackend(); + $this->assertEquals('result', $this->groupBackend->removeFromGroup('uid', 'gid')); } - public function testRemoveFromGroupFailing() { + public function testRemoveFromGroupFailing(): void { $this->expectException(\Exception::class); - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'removeFromGroup']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'removeFromGroup']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::REMOVE_FROM_GROUP) ->willReturn(false); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $ldap->removeFromGroup('uid', 'gid'); + $this->initBackend(); + $this->groupBackend->removeFromGroup('uid', 'gid'); } - public function testGetGroupDetailsWithPlugin() { + public function testGetGroupDetailsWithPlugin(): void { /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'getGroupDetails']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'getGroupDetails']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::GROUP_DETAILS) ->willReturn(true); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('getGroupDetails') ->with('gid') ->willReturn('result'); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $this->assertEquals($ldap->getGroupDetails('gid'), 'result'); + $this->initBackend(); + $this->assertEquals('result', $this->groupBackend->getGroupDetails('gid')); } - - public function testGetGroupDetailsFailing() { + public function testGetGroupDetailsFailing(): void { $this->expectException(\Exception::class); - /** @var GroupPluginManager|MockObject $pluginManager */ - $pluginManager = $this->getMockBuilder(GroupPluginManager::class) - ->setMethods(['implementsActions', 'getGroupDetails']) + $this->pluginManager = $this->getMockBuilder(GroupPluginManager::class) + ->onlyMethods(['implementsActions', 'getGroupDetails']) ->getMock(); - $pluginManager->expects($this->once()) + $this->pluginManager->expects($this->once()) ->method('implementsActions') ->with(GroupInterface::GROUP_DETAILS) ->willReturn(false); - $access = $this->getAccessMock(); - $access->connection = $this->createMock(Connection::class); - - $ldap = new GroupLDAP($access, $pluginManager); - - $ldap->getGroupDetails('gid'); + $this->initBackend(); + $this->groupBackend->getGroupDetails('gid'); } - public function groupMemberProvider() { + public static function groupMemberProvider(): array { $base = 'dc=species,dc=earth'; - $groups0 = [ + $birdsDn = [ 'uid=3723,' . $base, 'uid=8372,' . $base, 'uid=8427,' . $base, 'uid=2333,' . $base, 'uid=4754,' . $base, ]; - $groups1 = [ + $birdsUid = [ '3723', '8372', '8427', '2333', '4754', ]; - $groups2Nested = ['6642', '1424']; - $expGroups2 = array_merge($groups1, $groups2Nested); + $animalsDn = [ + 'uid=lion,' . $base, + 'uid=tiger,' . $base, + ]; + $plantsDn = [ + 'uid=flower,' . $base, + 'uid=tree,' . $base, + ]; + $thingsDn = [ + 'uid=thing1,' . $base, + 'uid=thing2,' . $base, + ]; return [ [ #0 – test DNs - 'cn=Birds,' . $base, - $groups0, - ['cn=Birds,' . $base => $groups0] + ['cn=Birds,' . $base => $birdsDn], + ['cn=Birds,' . $base => $birdsDn] ], [ #1 – test uids - 'cn=Birds,' . $base, - $groups1, - ['cn=Birds,' . $base => $groups1] + ['cn=Birds,' . $base => $birdsUid], + ['cn=Birds,' . $base => $birdsUid] + ], + [ #2 – test simple nested group + ['cn=Animals,' . $base => array_merge($birdsDn, $animalsDn)], + [ + 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base], $animalsDn), + 'cn=Birds,' . $base => $birdsDn, + ] + ], + [ #3 – test recursive nested group + [ + 'cn=Animals,' . $base => array_merge($birdsDn, $animalsDn), + 'cn=Birds,' . $base => array_merge($birdsDn, $animalsDn), + ], + [ + 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base,'cn=Birds,' . $base,'cn=Animals,' . $base], $animalsDn), + 'cn=Birds,' . $base => array_merge(['cn=Animals,' . $base,'cn=Birds,' . $base], $birdsDn), + ] + ], + [ #4 – Complicated nested group + ['cn=Things,' . $base => array_merge($birdsDn, $animalsDn, $thingsDn, $plantsDn)], + [ + 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base], $animalsDn), + 'cn=Birds,' . $base => $birdsDn, + 'cn=Plants,' . $base => $plantsDn, + 'cn=Things,' . $base => array_merge(['cn=Animals,' . $base,'cn=Plants,' . $base], $thingsDn), + ] ], ]; } - /** - * @param string $groupDN - * @param string[] $expectedMembers - * @param array $groupsInfo - * @dataProvider groupMemberProvider - */ - public function testGroupMembers($groupDN, $expectedMembers, $groupsInfo = null) { - $access = $this->getAccessMock(); - $access->expects($this->any()) + #[\PHPUnit\Framework\Attributes\DataProvider('groupMemberProvider')] + public function testGroupMembers(array $expectedResult, array $groupsInfo): void { + $this->access->expects($this->any()) ->method('readAttribute') - ->willReturnCallback(function ($group) use ($groupDN, $expectedMembers, $groupsInfo) { + ->willReturnCallback(function ($group) use ($groupsInfo) { if (isset($groupsInfo[$group])) { return $groupsInfo[$group]; } return []; }); - $access->connection = $this->createMock(Connection::class); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('__get') - ->willReturnCallback(function ($name) { + ->willReturnCallback(function (string $name) { if ($name === 'ldapNestedGroups') { return 1; } elseif ($name === 'ldapGroupMemberAssocAttr') { @@ -1334,35 +1334,32 @@ class Group_LDAPTest extends TestCase { return null; }); - /** @var GroupPluginManager $pluginManager */ - $pluginManager = $this->createMock(GroupPluginManager::class); - - $ldap = new GroupLDAP($access, $pluginManager); - $resultingMembers = $this->invokePrivate($ldap, '_groupMembers', [$groupDN]); + $this->initBackend(); + foreach ($expectedResult as $groupDN => $expectedMembers) { + $resultingMembers = $this->invokePrivate($this->groupBackend, '_groupMembers', [$groupDN]); - $this->assertEqualsCanonicalizing($expectedMembers, $resultingMembers); + sort($expectedMembers); + sort($resultingMembers); + $this->assertEquals($expectedMembers, $resultingMembers); + } } - public function displayNameProvider() { + public static function displayNameProvider(): array { return [ ['Graphic Novelists', ['Graphic Novelists']], ['', false], ]; } - /** - * @dataProvider displayNameProvider - */ - public function testGetDisplayName(string $expected, $ldapResult) { + #[\PHPUnit\Framework\Attributes\DataProvider('displayNameProvider')] + public function testGetDisplayName(string $expected, bool|array $ldapResult): void { $gid = 'graphic_novelists'; - $access = $this->getAccessMock(); - $access->expects($this->atLeastOnce()) + $this->access->expects($this->atLeastOnce()) ->method('readAttribute') ->willReturn($ldapResult); - $access->connection = $this->createMock(Connection::class); - $access->connection->expects($this->any()) + $this->access->connection->expects($this->any()) ->method('__get') ->willReturnCallback(function ($name) { if ($name === 'ldapGroupMemberAssocAttr') { @@ -1375,14 +1372,11 @@ class Group_LDAPTest extends TestCase { return null; }); - $access->expects($this->any()) + $this->access->expects($this->any()) ->method('groupname2dn') ->willReturn('fakedn'); - /** @var GroupPluginManager $pluginManager */ - $pluginManager = $this->createMock(GroupPluginManager::class); - - $ldap = new GroupLDAP($access, $pluginManager); - $this->assertSame($expected, $ldap->getDisplayName($gid)); + $this->initBackend(); + $this->assertSame($expected, $this->groupBackend->getDisplayName($gid)); } } |