integration test checking the group filter

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-11 00:32:49 +02:00 · 2018-04-11 00:32:49 +02:00 · 3450ed4536
parent b4eeb9eff5
commit 3450ed4536
3 changed files with 74 additions and 127 deletions
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php
+++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php
@ -1,127 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests\Integration\Lib;
-
-use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../Bootstrap.php';
-
-class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
-
-	/**
-	 * prepares the LDAP environment and sets up a test configuration for
-	 * the LDAP backend.
-	 */
-	public function init() {
-		require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
-		require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
-		require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
-		parent::init();
-	}
-
-	/**
-	 * tests whether the group filter works with one specific group, while the
-	 * input is the same.
-	 *
-	 * @return bool
-	 */
-	protected function case1() {
-		$this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
-
-		$dns = ['cn=RedGroup,ou=Groups,' . $this->base];
-		$result = $this->access->groupsMatchFilter($dns);
-		return ($dns === $result);
-	}
-
-	/**
-	 * Tests whether a filter for limited groups is effective when more existing
-	 * groups were passed for validation.
-	 *
-	 * @return bool
-	 */
-	protected function case2() {
-		$this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
-
-		$dns = [
-			'cn=RedGroup,ou=Groups,' . $this->base,
-			'cn=BlueGroup,ou=Groups,' . $this->base,
-			'cn=PurpleGroup,ou=Groups,' . $this->base
-		];
-		$result = $this->access->groupsMatchFilter($dns);
-
-		$status =
-			count($result) === 2
-			&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
-			&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
-
-		return $status;
-	}
-
-	/**
-	 * Tests whether a filter for limited groups is effective when more existing
-	 * groups were passed for validation.
-	 *
-	 * @return bool
-	 */
-	protected function case3() {
-		$this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
-
-		$dns = [
-			'cn=RedGroup,ou=Groups,' . $this->base,
-			'cn=PurpleGroup,ou=Groups,' . $this->base,
-			'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
-		];
-		$result = $this->access->groupsMatchFilter($dns);
-
-		$status =
-			count($result) === 2
-			&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
-			&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
-
-		return $status;
-	}
-
-	/**
-	 * sets up the LDAP configuration to be used for the test
-	 */
-	protected function initConnection() {
-		parent::initConnection();
-		$this->connection->setConfiguration([
-			'ldapBaseGroups' => 'ou=Groups,' . $this->base,
-			'ldapUserFilter' => 'objectclass=inetOrgPerson',
-			'ldapUserDisplayName' => 'displayName',
-			'ldapGroupDisplayName' => 'cn',
-			'ldapLoginFilter' => 'uid=%uid',
-		]);
-	}
-}
-
-/** @var string $host */
-/** @var int $port */
-/** @var string $adn */
-/** @var string $apwd */
-/** @var string $bdn */
-$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
--- a/build/integration/features/bootstrap/LDAPContext.php
+++ b/build/integration/features/bootstrap/LDAPContext.php
@ -98,6 +98,7 @@ class LDAPContext implements Context {
 			['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
 			['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
 			['configData[ldapUserDisplayName]', 'displayname'],
+			['configData[ldapGroupDisplayName]', 'cn'],
 			['configData[ldapEmailAttribute]', 'mail'],
 			['configData[ldapConfigurationActive]', '1'],
 		]);
@ -124,4 +125,34 @@ class LDAPContext implements Context {
 		$backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
 		PHPUnit_Framework_Assert::assertEquals('LDAP', $backend);
 	}
+
+	/**
+	 * @Given /^modify LDAP configuration$/
+	 */
+	public function modifyLDAPConfiguration(TableNode $table) {
+		$originalAsAn = $this->currentUser;
+		$this->asAn('admin');
+		$configData = $table->getRows();
+		foreach($configData as &$row) {
+			$row[0] = 'configData[' . $row[0] . ']';
+		}
+		$this->settingTheLDAPConfigurationTo(new TableNode($configData));
+		$this->asAn($originalAsAn);
+	}
+
+	/**
+	 * @Given /^the group result should$/
+	 */
+	public function theGroupResultShould(TableNode $expectations) {
+		$listReturnedGroups = simplexml_load_string($this->response->getBody())->data[0]->groups[0]->element;
+		$extractedGroupsArray = json_decode(json_encode($listReturnedGroups), 1);
+
+		foreach($expectations->getRows() as $groupExpectation) {
+			if((int)$groupExpectation[1] === 1) {
+				PHPUnit_Framework_Assert::assertContains($groupExpectation[0], $extractedGroupsArray);
+			} else {
+				PHPUnit_Framework_Assert::assertNotContains($groupExpectation[0], $extractedGroupsArray);
+			}
+		}
+	}
 }
--- a/build/integration/ldap_features/ldap-openldap.feature
+++ b/build/integration/ldap_features/ldap-openldap.feature
@ -15,3 +15,46 @@ Feature: LDAP
    And looking up details for the first result matches expectations
      | email | alice@nextcloud.ci |
      | displayname | Alice |
+
+  Scenario: Test group filter with one specific group
+    Given having a valid LDAP configuration
+    And modify LDAP configuration
+      | ldapGroupFilter | cn=RedGroup |
+      | ldapBaseGroups  | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
+    And As an "admin"
+    And sending "GET" to "/cloud/groups"
+    Then the OCS status code should be "200"
+    And the group result should
+      | RedGroup     | 1 |
+      | GreenGroup   | 0 |
+      | BlueGroup    | 0 |
+      | PurpleGroup  | 0 |
+
+  Scenario: Test group filter with two specific groups
+    Given having a valid LDAP configuration
+    And modify LDAP configuration
+      | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
+      | ldapBaseGroups  | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
+    And As an "admin"
+    And sending "GET" to "/cloud/groups"
+    Then the OCS status code should be "200"
+    And the group result should
+      | RedGroup     | 1 |
+      | GreenGroup   | 1 |
+      | BlueGroup    | 0 |
+      | PurpleGroup  | 0 |
+
+  Scenario: Test group filter ruling out a group from a different base
+    Given having a valid LDAP configuration
+    And modify LDAP configuration
+      | ldapGroupFilter | (objectClass=groupOfNames) |
+      | ldapBaseGroups  | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
+    And As an "admin"
+    And sending "GET" to "/cloud/groups"
+    Then the OCS status code should be "200"
+    And the group result should
+      | RedGroup     | 1 |
+      | GreenGroup   | 1 |
+      | BlueGroup    | 1 |
+      | PurpleGroup  | 1 |
+      | SquareGroup  | 0 |