integration test checking the group filter

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2018-04-11 00:32:49 +02:00
parent b4eeb9eff5
commit 3450ed4536
No known key found for this signature in database
GPG Key ID: 7424F1874854DF23
3 changed files with 74 additions and 127 deletions

View File

@ -1,127 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Joas Schilling <coding@schilljs.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\User_LDAP\Tests\Integration\Lib;
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
require_once __DIR__ . '/../Bootstrap.php';
class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
/**
* prepares the LDAP environment and sets up a test configuration for
* the LDAP backend.
*/
public function init() {
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
parent::init();
}
/**
* tests whether the group filter works with one specific group, while the
* input is the same.
*
* @return bool
*/
protected function case1() {
$this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
$dns = ['cn=RedGroup,ou=Groups,' . $this->base];
$result = $this->access->groupsMatchFilter($dns);
return ($dns === $result);
}
/**
* Tests whether a filter for limited groups is effective when more existing
* groups were passed for validation.
*
* @return bool
*/
protected function case2() {
$this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
$dns = [
'cn=RedGroup,ou=Groups,' . $this->base,
'cn=BlueGroup,ou=Groups,' . $this->base,
'cn=PurpleGroup,ou=Groups,' . $this->base
];
$result = $this->access->groupsMatchFilter($dns);
$status =
count($result) === 2
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
return $status;
}
/**
* Tests whether a filter for limited groups is effective when more existing
* groups were passed for validation.
*
* @return bool
*/
protected function case3() {
$this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
$dns = [
'cn=RedGroup,ou=Groups,' . $this->base,
'cn=PurpleGroup,ou=Groups,' . $this->base,
'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
];
$result = $this->access->groupsMatchFilter($dns);
$status =
count($result) === 2
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
return $status;
}
/**
* sets up the LDAP configuration to be used for the test
*/
protected function initConnection() {
parent::initConnection();
$this->connection->setConfiguration([
'ldapBaseGroups' => 'ou=Groups,' . $this->base,
'ldapUserFilter' => 'objectclass=inetOrgPerson',
'ldapUserDisplayName' => 'displayName',
'ldapGroupDisplayName' => 'cn',
'ldapLoginFilter' => 'uid=%uid',
]);
}
}
/** @var string $host */
/** @var int $port */
/** @var string $adn */
/** @var string $apwd */
/** @var string $bdn */
$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
$test->init();
$test->run();

View File

@ -98,6 +98,7 @@ class LDAPContext implements Context {
['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
['configData[ldapUserDisplayName]', 'displayname'],
['configData[ldapGroupDisplayName]', 'cn'],
['configData[ldapEmailAttribute]', 'mail'],
['configData[ldapConfigurationActive]', '1'],
]);
@ -124,4 +125,34 @@ class LDAPContext implements Context {
$backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
PHPUnit_Framework_Assert::assertEquals('LDAP', $backend);
}
/**
* @Given /^modify LDAP configuration$/
*/
public function modifyLDAPConfiguration(TableNode $table) {
$originalAsAn = $this->currentUser;
$this->asAn('admin');
$configData = $table->getRows();
foreach($configData as &$row) {
$row[0] = 'configData[' . $row[0] . ']';
}
$this->settingTheLDAPConfigurationTo(new TableNode($configData));
$this->asAn($originalAsAn);
}
/**
* @Given /^the group result should$/
*/
public function theGroupResultShould(TableNode $expectations) {
$listReturnedGroups = simplexml_load_string($this->response->getBody())->data[0]->groups[0]->element;
$extractedGroupsArray = json_decode(json_encode($listReturnedGroups), 1);
foreach($expectations->getRows() as $groupExpectation) {
if((int)$groupExpectation[1] === 1) {
PHPUnit_Framework_Assert::assertContains($groupExpectation[0], $extractedGroupsArray);
} else {
PHPUnit_Framework_Assert::assertNotContains($groupExpectation[0], $extractedGroupsArray);
}
}
}
}

View File

@ -15,3 +15,46 @@ Feature: LDAP
And looking up details for the first result matches expectations
| email | alice@nextcloud.ci |
| displayname | Alice |
Scenario: Test group filter with one specific group
Given having a valid LDAP configuration
And modify LDAP configuration
| ldapGroupFilter | cn=RedGroup |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the group result should
| RedGroup | 1 |
| GreenGroup | 0 |
| BlueGroup | 0 |
| PurpleGroup | 0 |
Scenario: Test group filter with two specific groups
Given having a valid LDAP configuration
And modify LDAP configuration
| ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the group result should
| RedGroup | 1 |
| GreenGroup | 1 |
| BlueGroup | 0 |
| PurpleGroup | 0 |
Scenario: Test group filter ruling out a group from a different base
Given having a valid LDAP configuration
And modify LDAP configuration
| ldapGroupFilter | (objectClass=groupOfNames) |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the group result should
| RedGroup | 1 |
| GreenGroup | 1 |
| BlueGroup | 1 |
| PurpleGroup | 1 |
| SquareGroup | 0 |