2014-04-08 14:57:06 +04:00
|
|
|
|
<?php
|
|
|
|
|
|
/**
|
2015-02-23 13:28:53 +03:00
|
|
|
|
* @author Arthur Schiwon <blizzz@owncloud.com>
|
|
|
|
|
|
* @author Joas Schilling <nickvergessen@gmx.de>
|
|
|
|
|
|
*
|
|
|
|
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
|
|
|
|
* @license AGPL-3.0
|
|
|
|
|
|
*
|
|
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
|
*
|
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
|
|
*
|
|
|
|
|
|
*/
|
2014-04-08 14:57:06 +04:00
|
|
|
|
namespace OCA\user_ldap\tests;
|
|
|
|
|
|
|
|
|
|
|
|
use \OCA\user_ldap\GROUP_LDAP as GroupLDAP;
|
|
|
|
|
|
use \OCA\user_ldap\lib\Access;
|
|
|
|
|
|
use \OCA\user_ldap\lib\Connection;
|
|
|
|
|
|
use \OCA\user_ldap\lib\ILDAPWrapper;
|
|
|
|
|
|
|
2014-11-11 00:28:12 +03:00
|
|
|
|
class Test_Group_Ldap extends \Test\TestCase {
|
2014-04-08 14:57:06 +04:00
|
|
|
|
private function getAccessMock() {
|
|
|
|
|
|
static $conMethods;
|
|
|
|
|
|
static $accMethods;
|
|
|
|
|
|
|
|
|
|
|
|
if(is_null($conMethods) || is_null($accMethods)) {
|
|
|
|
|
|
$conMethods = get_class_methods('\OCA\user_ldap\lib\Connection');
|
|
|
|
|
|
$accMethods = get_class_methods('\OCA\user_ldap\lib\Access');
|
|
|
|
|
|
}
|
|
|
|
|
|
$lw = $this->getMock('\OCA\user_ldap\lib\ILDAPWrapper');
|
|
|
|
|
|
$connector = $this->getMock('\OCA\user_ldap\lib\Connection',
|
|
|
|
|
|
$conMethods,
|
|
|
|
|
|
array($lw, null, null));
|
2014-04-25 20:52:13 +04:00
|
|
|
|
$um = new \OCA\user_ldap\lib\user\Manager(
|
|
|
|
|
|
$this->getMock('\OCP\IConfig'),
|
|
|
|
|
|
$this->getMock('\OCA\user_ldap\lib\FilesystemHelper'),
|
|
|
|
|
|
$this->getMock('\OCA\user_ldap\lib\LogWrapper'),
|
|
|
|
|
|
$this->getMock('\OCP\IAvatarManager'),
|
2015-01-07 02:52:18 +03:00
|
|
|
|
$this->getMock('\OCP\Image'),
|
|
|
|
|
|
$this->getMock('\OCP\IDBConnection')
|
2014-04-25 20:52:13 +04:00
|
|
|
|
);
|
2014-04-08 14:57:06 +04:00
|
|
|
|
$access = $this->getMock('\OCA\user_ldap\lib\Access',
|
|
|
|
|
|
$accMethods,
|
2014-04-25 20:52:13 +04:00
|
|
|
|
array($connector, $lw, $um));
|
2014-04-08 14:57:06 +04:00
|
|
|
|
|
|
|
|
|
|
return $access;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private function enableGroups($access) {
|
|
|
|
|
|
$access->connection->expects($this->any())
|
|
|
|
|
|
->method('__get')
|
2014-10-16 18:08:59 +04:00
|
|
|
|
->will($this->returnCallback(function() {
|
2014-04-08 14:57:06 +04:00
|
|
|
|
return 1;
|
|
|
|
|
|
}));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testCountEmptySearchString() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->any())
|
|
|
|
|
|
->method('groupname2dn')
|
|
|
|
|
|
->will($this->returnValue('cn=group,dc=foo,dc=bar'));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->any())
|
|
|
|
|
|
->method('readAttribute')
|
|
|
|
|
|
->will($this->returnValue(array('u11', 'u22', 'u33', 'u34')));
|
|
|
|
|
|
|
2015-01-28 17:52:59 +03:00
|
|
|
|
// for primary groups
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('countUsers')
|
|
|
|
|
|
->will($this->returnValue(2));
|
|
|
|
|
|
|
2014-04-08 14:57:06 +04:00
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
$users = $groupBackend->countUsersInGroup('group');
|
|
|
|
|
|
|
2015-01-28 17:52:59 +03:00
|
|
|
|
$this->assertSame(6, $users);
|
2014-04-08 14:57:06 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testCountWithSearchString() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->any())
|
|
|
|
|
|
->method('groupname2dn')
|
|
|
|
|
|
->will($this->returnValue('cn=group,dc=foo,dc=bar'));
|
|
|
|
|
|
|
2014-07-02 00:02:41 +04:00
|
|
|
|
$access->expects($this->any())
|
|
|
|
|
|
->method('fetchListOfUsers')
|
|
|
|
|
|
->will($this->returnValue(array()));
|
|
|
|
|
|
|
2014-04-08 14:57:06 +04:00
|
|
|
|
$access->expects($this->any())
|
|
|
|
|
|
->method('readAttribute')
|
|
|
|
|
|
->will($this->returnCallback(function($name) {
|
|
|
|
|
|
//the search operation will call readAttribute, thus we need
|
|
|
|
|
|
//to anaylze the "dn". All other times we just need to return
|
|
|
|
|
|
//something that is neither null or false, but once an array
|
|
|
|
|
|
//with the users in the group – so we do so all other times for
|
|
|
|
|
|
//simplicicity.
|
|
|
|
|
|
if(strpos($name, 'u') === 0) {
|
|
|
|
|
|
return strpos($name, '3');
|
|
|
|
|
|
}
|
|
|
|
|
|
return array('u11', 'u22', 'u33', 'u34');
|
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->any())
|
|
|
|
|
|
->method('dn2username')
|
2014-07-02 00:02:41 +04:00
|
|
|
|
->will($this->returnCallback(function() {
|
|
|
|
|
|
return 'foobar' . \OCP\Util::generateRandomBytes(7);
|
|
|
|
|
|
}));
|
2014-04-08 14:57:06 +04:00
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
$users = $groupBackend->countUsersInGroup('group', '3');
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame(2, $users);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-02 00:02:41 +04:00
|
|
|
|
public function testPrimaryGroupID2NameSuccess() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('getSID')
|
|
|
|
|
|
->with($userDN)
|
|
|
|
|
|
->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('searchGroups')
|
|
|
|
|
|
->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar')));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('dn2groupname')
|
|
|
|
|
|
->with('cn=foo,dc=barfoo,dc=bar')
|
|
|
|
|
|
->will($this->returnValue('MyGroup'));
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
|
|
|
|
|
|
$group = $groupBackend->primaryGroupID2Name('3117', $userDN);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame('MyGroup', $group);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testPrimaryGroupID2NameNoSID() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('getSID')
|
|
|
|
|
|
->with($userDN)
|
|
|
|
|
|
->will($this->returnValue(false));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->never())
|
|
|
|
|
|
->method('searchGroups');
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->never())
|
|
|
|
|
|
->method('dn2groupname');
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
|
|
|
|
|
|
$group = $groupBackend->primaryGroupID2Name('3117', $userDN);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame(false, $group);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testPrimaryGroupID2NameNoGroup() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('getSID')
|
|
|
|
|
|
->with($userDN)
|
|
|
|
|
|
->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('searchGroups')
|
|
|
|
|
|
->will($this->returnValue(array()));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->never())
|
|
|
|
|
|
->method('dn2groupname');
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
|
|
|
|
|
|
$group = $groupBackend->primaryGroupID2Name('3117', $userDN);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame(false, $group);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testPrimaryGroupID2NameNoName() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('getSID')
|
|
|
|
|
|
->with($userDN)
|
|
|
|
|
|
->will($this->returnValue('S-1-5-21-249921958-728525901-1594176202'));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('searchGroups')
|
|
|
|
|
|
->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar')));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('dn2groupname')
|
|
|
|
|
|
->will($this->returnValue(false));
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
|
|
|
|
|
|
$group = $groupBackend->primaryGroupID2Name('3117', $userDN);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame(false, $group);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testGetEntryGroupIDValue() {
|
|
|
|
|
|
//tests getEntryGroupID via getGroupPrimaryGroupID
|
|
|
|
|
|
//which is basically identical to getUserPrimaryGroupIDs
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
|
|
|
|
|
|
$attr = 'primaryGroupToken';
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('readAttribute')
|
|
|
|
|
|
->with($dn, $attr)
|
|
|
|
|
|
->will($this->returnValue(array('3117')));
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
|
|
|
|
|
|
$gid = $groupBackend->getGroupPrimaryGroupID($dn);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame('3117', $gid);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testGetEntryGroupIDNoValue() {
|
|
|
|
|
|
//tests getEntryGroupID via getGroupPrimaryGroupID
|
|
|
|
|
|
//which is basically identical to getUserPrimaryGroupIDs
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
|
|
|
|
|
|
$attr = 'primaryGroupToken';
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->once())
|
|
|
|
|
|
->method('readAttribute')
|
|
|
|
|
|
->with($dn, $attr)
|
|
|
|
|
|
->will($this->returnValue(false));
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
|
|
|
|
|
|
$gid = $groupBackend->getGroupPrimaryGroupID($dn);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertSame(false, $gid);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-10-16 18:08:59 +04:00
|
|
|
|
/**
|
|
|
|
|
|
* tests whether Group Backend behaves correctly when cache with uid and gid
|
|
|
|
|
|
* is hit
|
|
|
|
|
|
*/
|
|
|
|
|
|
public function testInGroupHitsUidGidCache() {
|
|
|
|
|
|
$access = $this->getAccessMock();
|
|
|
|
|
|
$this->enableGroups($access);
|
|
|
|
|
|
|
|
|
|
|
|
$uid = 'someUser';
|
|
|
|
|
|
$gid = 'someGroup';
|
|
|
|
|
|
$cacheKey = 'inGroup'.$uid.':'.$gid;
|
|
|
|
|
|
$access->connection->expects($this->once())
|
|
|
|
|
|
->method('isCached')
|
|
|
|
|
|
->with($cacheKey)
|
|
|
|
|
|
->will($this->returnValue(true));
|
|
|
|
|
|
|
|
|
|
|
|
$access->connection->expects($this->once())
|
|
|
|
|
|
->method('getFromCache')
|
|
|
|
|
|
->with($cacheKey)
|
|
|
|
|
|
->will($this->returnValue(true));
|
|
|
|
|
|
|
|
|
|
|
|
$access->expects($this->never())
|
|
|
|
|
|
->method('username2dn');
|
|
|
|
|
|
|
|
|
|
|
|
$groupBackend = new GroupLDAP($access);
|
|
|
|
|
|
$groupBackend->inGroup($uid, $gid);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-25 20:52:13 +04:00
|
|
|
|
}
|
