diff options
Diffstat (limited to 'apps/user_ldap/tests/Integration')
19 files changed, 1318 insertions, 0 deletions
diff --git a/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php b/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php new file mode 100644 index 00000000000..00f8be18586 --- /dev/null +++ b/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php @@ -0,0 +1,168 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration; + +use OCA\User_LDAP\Access; +use OCA\User_LDAP\Connection; +use OCA\User_LDAP\GroupPluginManager; +use OCA\User_LDAP\Helper; +use OCA\User_LDAP\LDAP; +use OCA\User_LDAP\User\Manager; +use OCA\User_LDAP\UserPluginManager; +use OCP\IAvatarManager; +use OCP\IConfig; +use OCP\Image; +use OCP\IUserManager; +use OCP\Server; +use OCP\Share\IManager; +use Psr\Log\LoggerInterface; + +abstract class AbstractIntegrationTest { + /** @var LDAP */ + protected $ldap; + + /** @var Connection */ + protected $connection; + + /** @var Access */ + protected $access; + + /** @var Manager */ + protected $userManager; + + /** @var Helper */ + protected $helper; + + /** @var string[] */ + protected $server; + + /** + * @param string $base + */ + public function __construct( + $host, + $port, + $bind, + $pwd, + protected $base, + ) { + $this->server = [ + 'host' => $host, + 'port' => $port, + 'dn' => $bind, + 'pwd' => $pwd + ]; + } + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + \OC::$server->registerService(UserPluginManager::class, function () { + return new UserPluginManager(); + }); + \OC::$server->registerService(GroupPluginManager::class, function () { + return new GroupPluginManager(); + }); + + $this->initLDAPWrapper(); + $this->initConnection(); + $this->initUserManager(); + $this->initHelper(); + $this->initAccess(); + } + + /** + * initializes the test LDAP wrapper + */ + protected function initLDAPWrapper() { + $this->ldap = new LDAP(); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + $this->connection = new Connection($this->ldap, '', null); + $this->connection->setConfiguration([ + 'ldapHost' => $this->server['host'], + 'ldapPort' => $this->server['port'], + 'ldapBase' => $this->base, + 'ldapAgentName' => $this->server['dn'], + 'ldapAgentPassword' => $this->server['pwd'], + 'ldapUserFilter' => 'objectclass=inetOrgPerson', + 'ldapUserDisplayName' => 'cn', + 'ldapGroupDisplayName' => 'cn', + 'ldapLoginFilter' => '(|(uid=%uid)(samaccountname=%uid))', + 'ldapCacheTTL' => 0, + 'ldapConfigurationActive' => 1, + ]); + } + + /** + * initializes an LDAP user manager instance + */ + protected function initUserManager() { + $this->userManager = new Manager( + Server::get(IConfig::class), + Server::get(LoggerInterface::class), + Server::get(IAvatarManager::class), + new Image(), + Server::get(IUserManager::class), + Server::get(\OCP\Notification\IManager::class), + Server::get(IManager::class) + ); + } + + /** + * initializes the test Helper + */ + protected function initHelper() { + $this->helper = Server::get(Helper::class); + } + + /** + * initializes the Access test instance + */ + protected function initAccess() { + $this->access = new Access($this->connection, $this->ldap, $this->userManager, $this->helper, Server::get(IConfig::class), Server::get(LoggerInterface::class)); + } + + /** + * runs the test cases while outputting progress and result information + * + * If a test failed, the script is exited with return code 1. + */ + public function run() { + $methods = get_class_methods($this); + $atLeastOneCaseRan = false; + foreach ($methods as $method) { + if (str_starts_with($method, 'case')) { + print("running $method " . PHP_EOL); + try { + if (!$this->$method()) { + print(PHP_EOL . '>>> !!! Test ' . $method . ' FAILED !!! <<<' . PHP_EOL . PHP_EOL); + exit(1); + } + $atLeastOneCaseRan = true; + } catch (\Exception $e) { + print(PHP_EOL . '>>> !!! Test ' . $method . ' RAISED AN EXCEPTION !!! <<<' . PHP_EOL); + print($e->getMessage() . PHP_EOL . PHP_EOL); + exit(1); + } + } + } + if ($atLeastOneCaseRan) { + print('Tests succeeded' . PHP_EOL); + } else { + print('No Test was available.' . PHP_EOL); + exit(1); + } + } +} diff --git a/apps/user_ldap/tests/Integration/Bootstrap.php b/apps/user_ldap/tests/Integration/Bootstrap.php new file mode 100644 index 00000000000..ef0909d4bea --- /dev/null +++ b/apps/user_ldap/tests/Integration/Bootstrap.php @@ -0,0 +1,9 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +define('CLI_TEST_RUN', true); +require_once __DIR__ . '/../../../../lib/base.php'; +require_once __DIR__ . '/setup-scripts/config.php'; diff --git a/apps/user_ldap/tests/Integration/ExceptionOnLostConnection.php b/apps/user_ldap/tests/Integration/ExceptionOnLostConnection.php new file mode 100644 index 00000000000..3eec3df675a --- /dev/null +++ b/apps/user_ldap/tests/Integration/ExceptionOnLostConnection.php @@ -0,0 +1,166 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration; + +use OC\ServerNotAvailableException; +use OCA\User_LDAP\LDAP; +use OCP\App\IAppManager; +use OCP\Server; + +/** + * Class ExceptionOnLostConnection + * + * integration test, ensures that an exception is thrown, when the connection is lost. + * + * LDAP must be available via toxiproxy. + * + * This test must be run manually. + * + */ +class ExceptionOnLostConnection { + /** @var string */ + private $ldapHost; + + /** @var LDAP */ + private $ldap; + + /** @var bool */ + private $originalProxyState; + + /** + * @param string $toxiProxyHost host of toxiproxy as url, like http://localhost:8474 + * @param string $toxiProxyName name of the LDAP proxy service as configured in toxiProxy + * @param string $ldapBase any valid LDAP base DN + * @param null $ldapBindDN optional, bind DN if anonymous bind is not possible + * @param null $ldapBindPwd optional + */ + public function __construct( + private $toxiProxyHost, + private $toxiProxyName, + private $ldapBase, + private $ldapBindDN = null, + private $ldapBindPwd = null, + ) { + $this->setUp(); + } + + /** + * destructor + */ + public function __destruct() { + $this->cleanUp(); + } + + /** + * prepares everything for the test run. Includes loading Nextcloud and + * the LDAP backend, as well as getting information about toxiproxy. + * Also creates an instance of the LDAP class, the testee + * + * @throws \Exception + */ + public function setUp(): void { + require_once __DIR__ . '/../../../../lib/base.php'; + Server::get(IAppManager::class)->loadApps(['user_ldap']); + + $ch = $this->getCurl(); + $proxyInfoJson = curl_exec($ch); + $this->checkCurlResult($ch, $proxyInfoJson); + $proxyInfo = json_decode($proxyInfoJson, true); + $this->originalProxyState = $proxyInfo['enabled']; + $this->ldapHost = 'ldap://' . $proxyInfo['listen']; // contains port as well + + $this->ldap = new LDAP(); + } + + /** + * restores original state of the LDAP proxy, if necessary + */ + public function cleanUp() { + if ($this->originalProxyState === true) { + $this->setProxyState(true); + } + } + + /** + * runs the test and prints the result. Exit code is 0 if successful, 1 on + * fail + */ + public function run() { + if ($this->originalProxyState === false) { + $this->setProxyState(true); + } + //host contains port, 2nd parameter will be ignored + $cr = $this->ldap->connect($this->ldapHost, 0); + $this->ldap->bind($cr, $this->ldapBindDN, $this->ldapBindPwd); + $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', ['dn'], true, 5); + + // disable LDAP, will cause lost connection + $this->setProxyState(false); + try { + $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', ['dn'], true, 5); + } catch (ServerNotAvailableException $e) { + print('Test PASSED' . PHP_EOL); + exit(0); + } + print('Test FAILED' . PHP_EOL); + exit(1); + } + + /** + * tests whether a curl operation ran successfully. If not, an exception + * is thrown + * + * @param resource|\CurlHandle $ch + * @param mixed $result + * @throws \Exception + */ + private function checkCurlResult($ch, $result) { + if ($result === false) { + $error = curl_error($ch); + curl_close($ch); + throw new \Exception($error); + } + } + + /** + * enables or disabled the LDAP proxy service in toxiproxy + * + * @param bool $isEnabled whether is should be enabled or disables + * @throws \Exception + */ + private function setProxyState($isEnabled) { + if (!is_bool($isEnabled)) { + throw new \InvalidArgumentException('Bool expected'); + } + $postData = json_encode(['enabled' => $isEnabled]); + $ch = $this->getCurl(); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); + curl_setopt($ch, CURLOPT_HTTPHEADER, [ + 'Content-Type: application/json', + 'Content-Length: ' . strlen($postData)] + ); + $recvd = curl_exec($ch); + $this->checkCurlResult($ch, $recvd); + } + + /** + * initializes a curl handler towards the toxiproxy LDAP proxy service + * @return resource|\CurlHandle + */ + private function getCurl() { + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $this->toxiProxyHost . '/proxies/' . $this->toxiProxyName); + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + return $ch; + } +} + +$test = new ExceptionOnLostConnection('http://localhost:8474', 'ldap', 'dc=owncloud,dc=bzoc'); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAttributeDetection.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAttributeDetection.php new file mode 100644 index 00000000000..e1529384239 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAttributeDetection.php @@ -0,0 +1,78 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Group_LDAP; +use OCA\User_LDAP\GroupPluginManager; +use OCA\User_LDAP\Mapping\GroupMapping; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\User\DeletedUsersIndex; +use OCA\User_LDAP\User_LDAP; +use OCA\User_LDAP\UserPluginManager; +use OCP\IConfig; +use OCP\IDBConnection; +use OCP\IGroupManager; +use OCP\IUserManager; +use OCP\Server; +use Psr\Log\LoggerInterface; + +require_once __DIR__ . '/../Bootstrap.php'; + +class IntegrationTestAttributeDetection extends AbstractIntegrationTest { + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + require(__DIR__ . '/../setup-scripts/createExplicitGroups.php'); + + parent::init(); + + $this->connection->setConfiguration(['ldapGroupFilter' => 'objectClass=groupOfNames']); + $this->connection->setConfiguration(['ldapGroupMemberAssocAttr' => 'member']); + + $userMapper = new UserMapping(Server::get(IDBConnection::class)); + $userMapper->clear(); + $this->access->setUserMapper($userMapper); + + $groupMapper = new GroupMapping(Server::get(IDBConnection::class)); + $groupMapper->clear(); + $this->access->setGroupMapper($groupMapper); + + $userBackend = new User_LDAP($this->access, Server::get(\OCP\Notification\IManager::class), Server::get(UserPluginManager::class), Server::get(LoggerInterface::class), Server::get(DeletedUsersIndex::class)); + $userManager = Server::get(IUserManager::class); + $userManager->clearBackends(); + $userManager->registerBackend($userBackend); + + $groupBackend = new Group_LDAP($this->access, Server::get(GroupPluginManager::class), Server::get(IConfig::class)); + $groupManger = Server::get(IGroupManager::class); + $groupManger->clearBackends(); + $groupManger->addBackend($groupBackend); + } + + protected function caseNativeUUIDAttributeUsers() { + // trigger importing of users which also triggers UUID attribute detection + Server::get(IUserManager::class)->search('', 5, 0); + return $this->connection->ldapUuidUserAttribute === 'entryuuid'; + } + + protected function caseNativeUUIDAttributeGroups() { + // essentially the same as 'caseNativeUUIDAttributeUsers', code paths + // are similar, but we take no chances. + + // trigger importing of users which also triggers UUID attribute detection + Server::get(IGroupManager::class)->search('', 5, 0); + return $this->connection->ldapUuidGroupAttribute === 'entryuuid'; + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestAttributeDetection($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestCountUsersByLoginName.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestCountUsersByLoginName.php new file mode 100644 index 00000000000..8a1093e4304 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestCountUsersByLoginName.php @@ -0,0 +1,55 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; + +require_once __DIR__ . '/../Bootstrap.php'; + +class IntegrationTestCountUsersByLoginName extends AbstractIntegrationTest { + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + } + + /** + * tests countUsersByLoginName where it is expected that the login name does + * not match any LDAP user + * + * @return bool + */ + protected function case1() { + $result = $this->access->countUsersByLoginName('nothere'); + return $result === 0; + } + + /** + * tests countUsersByLoginName where it is expected that the login name does + * match one LDAP user + * + * @return bool + */ + protected function case2() { + $result = $this->access->countUsersByLoginName('alice'); + return $result === 1; + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestCountUsersByLoginName($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestFetchUsersByLoginName.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestFetchUsersByLoginName.php new file mode 100644 index 00000000000..1c2d7145ddf --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestFetchUsersByLoginName.php @@ -0,0 +1,72 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\User\DeletedUsersIndex; +use OCA\User_LDAP\User_LDAP; +use OCA\User_LDAP\UserPluginManager; +use OCP\IDBConnection; +use OCP\Server; +use Psr\Log\LoggerInterface; + +require_once __DIR__ . '/../Bootstrap.php'; + +class IntegrationTestFetchUsersByLoginName extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + + $this->mapping = new UserMapping(Server::get(IDBConnection::class)); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $this->backend = new User_LDAP($this->access, Server::get(\OCP\Notification\IManager::class), Server::get(UserPluginManager::class), Server::get(LoggerInterface::class), Server::get(DeletedUsersIndex::class)); + } + + /** + * tests fetchUserByLoginName where it is expected that the login name does + * not match any LDAP user + * + * @return bool + */ + protected function case1() { + $result = $this->access->fetchUsersByLoginName('nothere'); + return $result === []; + } + + /** + * tests fetchUserByLoginName where it is expected that the login name does + * match one LDAP user + * + * @return bool + */ + protected function case2() { + $result = $this->access->fetchUsersByLoginName('alice'); + return count($result) === 1; + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestFetchUsersByLoginName($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php new file mode 100644 index 00000000000..3e21d22fca3 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php @@ -0,0 +1,83 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\User\DeletedUsersIndex; +use OCA\User_LDAP\User_LDAP; +use OCA\User_LDAP\UserPluginManager; +use OCP\Server; +use Psr\Log\LoggerInterface; + +require_once __DIR__ . '/../Bootstrap.php'; + +class IntegrationTestPaging extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** @var int */ + protected $pagingSize = 2; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + + $this->backend = new User_LDAP($this->access, Server::get(\OCP\Notification\IManager::class), Server::get(UserPluginManager::class), Server::get(LoggerInterface::class), Server::get(DeletedUsersIndex::class)); + } + + public function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapPagingSize' => $this->pagingSize + ]); + } + + /** + * fetch first three, afterwards all users + * + * @return bool + */ + protected function case1() { + $filter = 'objectclass=inetorgperson'; + $attributes = ['cn', 'dn']; + + $result = $this->access->searchUsers($filter, $attributes, 4); + // beware, under circumstances, the result set can be larger then + // the specified limit! In this case, if we specify a limit of 3, + // the result will be 4, because the highest possible paging size + // is 2 (as configured). + // But also with more than one search base, the limit can be outpaced. + if (count($result) !== 4) { + return false; + } + + $result = $this->access->searchUsers($filter, $attributes); + if (count($result) !== 7) { + return false; + } + + return true; + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestPaging($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserAvatar.php b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserAvatar.php new file mode 100644 index 00000000000..6726143a449 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserAvatar.php @@ -0,0 +1,151 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration\Lib\User; + +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\User\DeletedUsersIndex; +use OCA\User_LDAP\User\Manager; +use OCA\User_LDAP\User\User; +use OCA\User_LDAP\User_LDAP; +use OCA\User_LDAP\UserPluginManager; +use OCP\IAvatarManager; +use OCP\IConfig; +use OCP\IDBConnection; +use OCP\Image; +use OCP\IUserManager; +use OCP\Server; +use Psr\Log\LoggerInterface; + +require_once __DIR__ . '/../../Bootstrap.php'; + +class IntegrationTestUserAvatar extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php'); + parent::init(); + $this->mapping = new UserMapping(Server::get(IDBConnection::class)); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $userBackend = new User_LDAP($this->access, Server::get(\OCP\Notification\IManager::class), Server::get(UserPluginManager::class), Server::get(LoggerInterface::class), Server::get(DeletedUsersIndex::class)); + Server::get(IUserManager::class)->registerBackend($userBackend); + } + + /** + * A method that does the common steps of test cases 1 and 2. The evaluation + * is not happening here. + * + * @param string $dn + * @param string $username + * @param string $image + */ + private function execFetchTest($dn, $username, $image) { + $this->setJpegPhotoAttribute($dn, $image); + + // assigns our self-picked oc username to the dn + $this->mapping->map($dn, $username, 'fakeUUID-' . $username); + + // initialize home folder and make sure that the user will update + // also remove an possibly existing avatar + \OC_Util::tearDownFS(); + \OC_Util::setupFS($username); + \OC::$server->getUserFolder($username); + Server::get(IConfig::class)->deleteUserValue($username, 'user_ldap', User::USER_PREFKEY_LASTREFRESH); + if (Server::get(IAvatarManager::class)->getAvatar($username)->exists()) { + Server::get(IAvatarManager::class)->getAvatar($username)->remove(); + } + + // finally attempt to get the avatar set + $user = $this->userManager->get($dn); + $user->updateAvatar(); + } + + /** + * tests whether an avatar can be retrieved from LDAP and stored correctly + * + * @return bool + */ + protected function case1() { + $image = file_get_contents(__DIR__ . '/../../data/avatar-valid.jpg'); + $dn = 'uid=alice,ou=Users,' . $this->base; + $username = 'alice1337'; + + $this->execFetchTest($dn, $username, $image); + + return Server::get(IAvatarManager::class)->getAvatar($username)->exists(); + } + + /** + * tests whether an image received from LDAP which is of an invalid file + * type is dealt with properly (i.e. not set and not dying). + * + * @return bool + */ + protected function case2() { + // gif by Pmspinner from https://commons.wikimedia.org/wiki/File:Avatar2469_3.gif + $image = file_get_contents(__DIR__ . '/../../data/avatar-invalid.gif'); + $dn = 'uid=boris,ou=Users,' . $this->base; + $username = 'boris7844'; + + $this->execFetchTest($dn, $username, $image); + + return !Server::get(IAvatarManager::class)->getAvatar($username)->exists(); + } + + /** + * This writes an image to the 'jpegPhoto' attribute on LDAP. + * + * @param string $dn + * @param string $image An image read via file_get_contents + * @throws \OC\ServerNotAvailableException + */ + private function setJpegPhotoAttribute($dn, $image) { + $changeSet = ['jpegphoto' => $image]; + ldap_mod_add($this->connection->getConnectionResource(), $dn, $changeSet); + } + + protected function initUserManager() { + $this->userManager = new Manager( + Server::get(IConfig::class), + Server::get(LoggerInterface::class), + Server::get(IAvatarManager::class), + new Image(), + Server::get(IDBConnection::class), + Server::get(IUserManager::class), + Server::get(\OCP\Notification\IManager::class) + ); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapUserFilter' => 'objectclass=inetOrgPerson', + 'ldapUserDisplayName' => 'displayName', + 'ldapGroupDisplayName' => 'cn', + 'ldapLoginFilter' => 'uid=%uid', + ]); + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestUserAvatar($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserCleanUp.php b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserCleanUp.php new file mode 100644 index 00000000000..9b05298a151 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserCleanUp.php @@ -0,0 +1,93 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration\Lib\User; + +use OCA\User_LDAP\Jobs\CleanUp; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\User\DeletedUsersIndex; +use OCA\User_LDAP\User_LDAP; +use OCA\User_LDAP\UserPluginManager; +use OCP\IDBConnection; +use OCP\IUserManager; +use OCP\Server; +use Psr\Log\LoggerInterface; + +require_once __DIR__ . '/../../Bootstrap.php'; + +class IntegrationTestUserCleanUp extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php'); + parent::init(); + $this->mapping = new UserMapping(Server::get(IDBConnection::class)); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + + $userBackend = new User_LDAP($this->access, Server::get(\OCP\Notification\IManager::class), Server::get(UserPluginManager::class), Server::get(LoggerInterface::class), Server::get(DeletedUsersIndex::class)); + Server::get(IUserManager::class)->registerBackend($userBackend); + } + + /** + * adds a map entry for the user, so we know the username + * + * @param $dn + * @param $username + */ + private function prepareUser($dn, $username) { + // assigns our self-picked oc username to the dn + $this->mapping->map($dn, $username, 'fakeUUID-' . $username); + } + + private function deleteUserFromLDAP($dn) { + $cr = $this->connection->getConnectionResource(); + ldap_delete($cr, $dn); + } + + /** + * tests whether a display name consisting of two parts is created correctly + * + * @return bool + */ + protected function case1() { + $username = 'alice1337'; + $dn = 'uid=alice,ou=Users,' . $this->base; + $this->prepareUser($dn, $username); + + $this->deleteUserFromLDAP($dn); + + $job = new CleanUp(); + $job->run([]); + + // user instance must not be requested from global user manager, before + // it is deleted from the LDAP server. The instance will be returned + // from cache and may false-positively confirm the correctness. + $user = Server::get(IUserManager::class)->get($username); + if ($user === null) { + return false; + } + $user->delete(); + + return Server::get(IUserManager::class)->get($username) === null; + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestUserCleanUp($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserDisplayName.php b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserDisplayName.php new file mode 100644 index 00000000000..6fbfd9ba51b --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserDisplayName.php @@ -0,0 +1,101 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OCA\User_LDAP\Tests\Integration\Lib\User; + +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\User\DeletedUsersIndex; +use OCA\User_LDAP\User_LDAP; +use OCA\User_LDAP\UserPluginManager; +use OCP\IDBConnection; +use OCP\IUserManager; +use OCP\Server; +use Psr\Log\LoggerInterface; + +require_once __DIR__ . '/../../Bootstrap.php'; + +class IntegrationTestUserDisplayName extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php'); + parent::init(); + $this->mapping = new UserMapping(Server::get(IDBConnection::class)); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $userBackend = new User_LDAP($this->access, Server::get(\OCP\Notification\IManager::class), Server::get(UserPluginManager::class), Server::get(LoggerInterface::class), Server::get(DeletedUsersIndex::class)); + Server::get(IUserManager::class)->registerBackend($userBackend); + } + + /** + * adds a map entry for the user, so we know the username + * + * @param $dn + * @param $username + */ + private function prepareUser($dn, $username) { + // assigns our self-picked oc username to the dn + $this->mapping->map($dn, $username, 'fakeUUID-' . $username); + } + + /** + * tests whether a display name consisting of two parts is created correctly + * + * @return bool + */ + protected function case1() { + $username = 'alice1337'; + $dn = 'uid=alice,ou=Users,' . $this->base; + $this->prepareUser($dn, $username); + $displayName = Server::get(IUserManager::class)->get($username)->getDisplayName(); + + return str_contains($displayName, '(Alice@example.com)'); + } + + /** + * tests whether a display name consisting of one part is created correctly + * + * @return bool + */ + protected function case2() { + $this->connection->setConfiguration([ + 'ldapUserDisplayName2' => '', + ]); + $username = 'boris23421'; + $dn = 'uid=boris,ou=Users,' . $this->base; + $this->prepareUser($dn, $username); + $displayName = Server::get(IUserManager::class)->get($username)->getDisplayName(); + + return !str_contains($displayName, '(Boris@example.com)'); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapUserDisplayName' => 'displayName', + 'ldapUserDisplayName2' => 'mail', + ]); + } +} + +/** @var string $host */ +/** @var int $port */ +/** @var string $adn */ +/** @var string $apwd */ +/** @var string $bdn */ +$test = new IntegrationTestUserDisplayName($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/data/avatar-invalid.gif b/apps/user_ldap/tests/Integration/data/avatar-invalid.gif Binary files differnew file mode 100644 index 00000000000..000108834d8 --- /dev/null +++ b/apps/user_ldap/tests/Integration/data/avatar-invalid.gif diff --git a/apps/user_ldap/tests/Integration/data/avatar-valid.jpg b/apps/user_ldap/tests/Integration/data/avatar-valid.jpg Binary files differnew file mode 100644 index 00000000000..451b631eea6 --- /dev/null +++ b/apps/user_ldap/tests/Integration/data/avatar-valid.jpg diff --git a/apps/user_ldap/tests/Integration/readme.md b/apps/user_ldap/tests/Integration/readme.md new file mode 100644 index 00000000000..d551387c903 --- /dev/null +++ b/apps/user_ldap/tests/Integration/readme.md @@ -0,0 +1,65 @@ +<!-- + - SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + - SPDX-FileCopyrightText: 2015 ownCloud, Inc. + - SPDX-License-Identifier: AGPL-3.0-only + --> +# Requirements # + +Have (as in do copy if not already done) the following files from https://github.com/owncloud/administration/tree/master/ldap-testing copied into the directory "setup-scripts": + + * start.sh + * stop.sh + * config.php + +Configure config.php according to your needs, also have a look into the LDAP and network settings in start.sh and stop.sh. + +# Usage # + +The basic command to run a test is: + +```# ./run-test.sh [phpscript]``` + +Yes, run it as root from within this directory. + +Example: + +``` +$ sudo ./run-test.sh lib/IntegrationTestAccessGroupsMatchFilter.php +71cbe88a4993e67066714d71c1cecc5ef26a54911a208103cb6294f90459e574 +c74dc0155db4efa7a0515d419528a8727bbc7596601cf25b0df05e348bd74895 +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +c74dc0155db4 osixia/phpldapadmin:0.5.1 "/sbin/my_init" 1 seconds ago Up Less than a second 80/tcp, 0.0.0.0:8443->443/tcp docker-phpldapadmin +71cbe88a4993 nickstenning/slapd:latest "/sbin/my_init" 1 seconds ago Up Less than a second 127.0.0.1:7770->389/tcp docker-slapd + +LDAP server now available under 127.0.0.1:7770 (internal IP is 172.17.0.78) +phpldapadmin now available under https://127.0.0.1:8443 + +created user : Alice Ealic +created group : RedGroup +created group : BlueGroup +created group : GreenGroup +created group : PurpleGroup +running case1 +running case2 +Tests succeeded +Stopping and resetting containers +docker-slapd +docker-phpldapadmin +docker-slapd +docker-phpldapadmin +``` + +# How it works # + +1. start.sh is executed which brings up a fresh and clean OpenLDAP in Docker. +2. The provided test script is executed. It also outputs results. +3. stop.sh is executed to shut down OpenLDAP + +# Beware # + +This is quick solution for basically one test case. With expension this mechanism should be improved as well. + +It does not run automatically, unless you do it. No integration with any testing framework. + +exceptionOnLostConnection.php is not part of this mechanism. Read its source and run it isolated. While you're at it, port it :þ + diff --git a/apps/user_ldap/tests/Integration/run-all.sh b/apps/user_ldap/tests/Integration/run-all.sh new file mode 100755 index 00000000000..a0739a019eb --- /dev/null +++ b/apps/user_ldap/tests/Integration/run-all.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# +# SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +# +trigger_notification() { + which notify-send 1>/dev/null + if [[ $? == 1 ]] ; then + return + fi + export NOTIFY_USER=$SUDO_USER + export RESULT_STR=$1 + # does not work. just pipe result into a non-sudo cmd + su "$NOTIFY_USER" -c "notify-send -u normal -t 43200000 -a Nextcloud -i Nextcloud \"LDAP Integration tests $RESULT_STR\"" +} + +FILES_ROOT=($(ls -d -p Lib/* | grep -v "/$")) +FILES_USER=($(ls -d -p Lib/User/* | grep -v "/$")) +# TODO: Loop through dirs (and subdirs?) once there are more +TESTFILES=("${FILES_ROOT[@]}" "${FILES_USER[@]}") + +TESTCMD="./run-test.sh" + +echo "Running " ${#TESTFILES[@]} " tests" +for TESTFILE in "${TESTFILES[@]}" ; do + echo -n "Test: $TESTFILE… " + STATE=`$TESTCMD "$TESTFILE" | grep -c "Tests succeeded"` + if [ "$STATE" -eq 0 ] ; then + echo "failed!" + trigger_notification "failed" + exit 1 + fi + echo "succeeded" +done + +echo -e "\nAll tests succeeded" +trigger_notification "succeeded" diff --git a/apps/user_ldap/tests/Integration/run-test.sh b/apps/user_ldap/tests/Integration/run-test.sh new file mode 100755 index 00000000000..1b674aa04f3 --- /dev/null +++ b/apps/user_ldap/tests/Integration/run-test.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +# +if [ $1 ] ; then + TESTSCRIPT=$1 +else + echo "No test file given" exit +fi + +if [ ! -e "$TESTSCRIPT" ] ; then + echo "Test file does not exist" + exit +fi + + +# sleep is necessary, otherwise the LDAP server cannot be connected to, yet. +setup-scripts/start.sh && sleep 5 && php -f "$TESTSCRIPT" +setup-scripts/stop.sh diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroups.php b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroups.php new file mode 100644 index 00000000000..819c4c6e860 --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroups.php @@ -0,0 +1,57 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +if (php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'Groups'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +//creates an OU +if (true) { + $entry = []; + $entry['objectclass'][] = 'top'; + $entry['objectclass'][] = 'organizationalunit'; + $entry['ou'] = $ouName; + $b = ldap_add($cr, $ouDN, $entry); + if (!$b) { + die(ldap_error($cr)); + } +} + +$groups = ['RedGroup', 'BlueGroup', 'GreenGroup', 'PurpleGroup']; +// groupOfNames requires groups to have at least one member +// the member used is created by createExplicitUsers.php script +$omniMember = 'uid=alice,ou=Users,' . $bdn; + +foreach ($groups as $cn) { + $newDN = 'cn=' . $cn . ',' . $ouDN; + + $entry = []; + $entry['cn'] = $cn; + $entry['objectclass'][] = 'groupOfNames'; + $entry['member'][] = $omniMember; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created group ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroupsDifferentOU.php b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroupsDifferentOU.php new file mode 100644 index 00000000000..b0a3cd46b4f --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroupsDifferentOU.php @@ -0,0 +1,57 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +if (php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'SpecialGroups'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +//creates an OU +if (true) { + $entry = []; + $entry['objectclass'][] = 'top'; + $entry['objectclass'][] = 'organizationalunit'; + $entry['ou'] = $ouName; + $b = ldap_add($cr, $ouDN, $entry); + if (!$b) { + die(ldap_error($cr)); + } +} + +$groups = ['SquareGroup', 'CircleGroup', 'TriangleGroup', 'SquaredCircleGroup']; +// groupOfNames requires groups to have at least one member +// the member used is created by createExplicitUsers.php script +$omniMember = 'uid=alice,ou=Users,' . $bdn; + +foreach ($groups as $cn) { + $newDN = 'cn=' . $cn . ',' . $ouDN; + + $entry = []; + $entry['cn'] = $cn; + $entry['objectclass'][] = 'groupOfNames'; + $entry['member'][] = $omniMember; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created group ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createExplicitUsers.php b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitUsers.php new file mode 100644 index 00000000000..7137bd18a58 --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitUsers.php @@ -0,0 +1,60 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +if (php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'Users'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +//creates on OU +if (true) { + $entry = []; + $entry['objectclass'][] = 'top'; + $entry['objectclass'][] = 'organizationalunit'; + $entry['ou'] = $ouName; + $b = ldap_add($cr, $ouDN, $entry); + if (!$b) { + die(ldap_error($cr)); + } +} + +$users = ['alice', 'boris', 'cynthia', 'derek', 'evelina', 'fatima', 'gregor']; + +foreach ($users as $uid) { + $newDN = 'uid=' . $uid . ',' . $ouDN; + $fn = ucfirst($uid); + $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK. + + $entry = []; + $entry['cn'] = $fn . ' ' . $sn; + $entry['objectclass'][] = 'inetOrgPerson'; + $entry['objectclass'][] = 'person'; + $entry['sn'] = $sn; + $entry['userPassword'] = $uid; + $entry['displayName'] = $sn . ', ' . $fn; + $entry['mail'] = $fn . '@example.com'; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created user ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createUsersWithoutDisplayName.php b/apps/user_ldap/tests/Integration/setup-scripts/createUsersWithoutDisplayName.php new file mode 100644 index 00000000000..18584fbe748 --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createUsersWithoutDisplayName.php @@ -0,0 +1,46 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +if (php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'Users'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +$users = ['robot']; + +foreach ($users as $uid) { + $newDN = 'uid=' . $uid . ',' . $ouDN; + $fn = ucfirst($uid); + $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK. + + $entry = []; + $entry['cn'] = ucfirst($uid); + $entry['objectclass'][] = 'inetOrgPerson'; + $entry['objectclass'][] = 'person'; + $entry['sn'] = $sn; + $entry['userPassword'] = $uid; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created user ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} |
