integration test checking the group filter
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
parent
b4eeb9eff5
commit
3450ed4536
|
@ -1,127 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
* @author Joas Schilling <coding@schilljs.com>
|
||||
*
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\User_LDAP\Tests\Integration\Lib;
|
||||
|
||||
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
|
||||
|
||||
require_once __DIR__ . '/../Bootstrap.php';
|
||||
|
||||
class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
|
||||
|
||||
/**
|
||||
* prepares the LDAP environment and sets up a test configuration for
|
||||
* the LDAP backend.
|
||||
*/
|
||||
public function init() {
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
|
||||
parent::init();
|
||||
}
|
||||
|
||||
/**
|
||||
* tests whether the group filter works with one specific group, while the
|
||||
* input is the same.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case1() {
|
||||
$this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
|
||||
|
||||
$dns = ['cn=RedGroup,ou=Groups,' . $this->base];
|
||||
$result = $this->access->groupsMatchFilter($dns);
|
||||
return ($dns === $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests whether a filter for limited groups is effective when more existing
|
||||
* groups were passed for validation.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case2() {
|
||||
$this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
|
||||
|
||||
$dns = [
|
||||
'cn=RedGroup,ou=Groups,' . $this->base,
|
||||
'cn=BlueGroup,ou=Groups,' . $this->base,
|
||||
'cn=PurpleGroup,ou=Groups,' . $this->base
|
||||
];
|
||||
$result = $this->access->groupsMatchFilter($dns);
|
||||
|
||||
$status =
|
||||
count($result) === 2
|
||||
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
|
||||
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests whether a filter for limited groups is effective when more existing
|
||||
* groups were passed for validation.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case3() {
|
||||
$this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
|
||||
|
||||
$dns = [
|
||||
'cn=RedGroup,ou=Groups,' . $this->base,
|
||||
'cn=PurpleGroup,ou=Groups,' . $this->base,
|
||||
'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
|
||||
];
|
||||
$result = $this->access->groupsMatchFilter($dns);
|
||||
|
||||
$status =
|
||||
count($result) === 2
|
||||
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
|
||||
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
||||
/**
|
||||
* sets up the LDAP configuration to be used for the test
|
||||
*/
|
||||
protected function initConnection() {
|
||||
parent::initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapBaseGroups' => 'ou=Groups,' . $this->base,
|
||||
'ldapUserFilter' => 'objectclass=inetOrgPerson',
|
||||
'ldapUserDisplayName' => 'displayName',
|
||||
'ldapGroupDisplayName' => 'cn',
|
||||
'ldapLoginFilter' => 'uid=%uid',
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
/** @var string $host */
|
||||
/** @var int $port */
|
||||
/** @var string $adn */
|
||||
/** @var string $apwd */
|
||||
/** @var string $bdn */
|
||||
$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
|
||||
$test->init();
|
||||
$test->run();
|
|
@ -98,6 +98,7 @@ class LDAPContext implements Context {
|
|||
['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
|
||||
['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
|
||||
['configData[ldapUserDisplayName]', 'displayname'],
|
||||
['configData[ldapGroupDisplayName]', 'cn'],
|
||||
['configData[ldapEmailAttribute]', 'mail'],
|
||||
['configData[ldapConfigurationActive]', '1'],
|
||||
]);
|
||||
|
@ -124,4 +125,34 @@ class LDAPContext implements Context {
|
|||
$backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
|
||||
PHPUnit_Framework_Assert::assertEquals('LDAP', $backend);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^modify LDAP configuration$/
|
||||
*/
|
||||
public function modifyLDAPConfiguration(TableNode $table) {
|
||||
$originalAsAn = $this->currentUser;
|
||||
$this->asAn('admin');
|
||||
$configData = $table->getRows();
|
||||
foreach($configData as &$row) {
|
||||
$row[0] = 'configData[' . $row[0] . ']';
|
||||
}
|
||||
$this->settingTheLDAPConfigurationTo(new TableNode($configData));
|
||||
$this->asAn($originalAsAn);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^the group result should$/
|
||||
*/
|
||||
public function theGroupResultShould(TableNode $expectations) {
|
||||
$listReturnedGroups = simplexml_load_string($this->response->getBody())->data[0]->groups[0]->element;
|
||||
$extractedGroupsArray = json_decode(json_encode($listReturnedGroups), 1);
|
||||
|
||||
foreach($expectations->getRows() as $groupExpectation) {
|
||||
if((int)$groupExpectation[1] === 1) {
|
||||
PHPUnit_Framework_Assert::assertContains($groupExpectation[0], $extractedGroupsArray);
|
||||
} else {
|
||||
PHPUnit_Framework_Assert::assertNotContains($groupExpectation[0], $extractedGroupsArray);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,3 +15,46 @@ Feature: LDAP
|
|||
And looking up details for the first result matches expectations
|
||||
| email | alice@nextcloud.ci |
|
||||
| displayname | Alice |
|
||||
|
||||
Scenario: Test group filter with one specific group
|
||||
Given having a valid LDAP configuration
|
||||
And modify LDAP configuration
|
||||
| ldapGroupFilter | cn=RedGroup |
|
||||
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/groups"
|
||||
Then the OCS status code should be "200"
|
||||
And the group result should
|
||||
| RedGroup | 1 |
|
||||
| GreenGroup | 0 |
|
||||
| BlueGroup | 0 |
|
||||
| PurpleGroup | 0 |
|
||||
|
||||
Scenario: Test group filter with two specific groups
|
||||
Given having a valid LDAP configuration
|
||||
And modify LDAP configuration
|
||||
| ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
|
||||
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/groups"
|
||||
Then the OCS status code should be "200"
|
||||
And the group result should
|
||||
| RedGroup | 1 |
|
||||
| GreenGroup | 1 |
|
||||
| BlueGroup | 0 |
|
||||
| PurpleGroup | 0 |
|
||||
|
||||
Scenario: Test group filter ruling out a group from a different base
|
||||
Given having a valid LDAP configuration
|
||||
And modify LDAP configuration
|
||||
| ldapGroupFilter | (objectClass=groupOfNames) |
|
||||
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/groups"
|
||||
Then the OCS status code should be "200"
|
||||
And the group result should
|
||||
| RedGroup | 1 |
|
||||
| GreenGroup | 1 |
|
||||
| BlueGroup | 1 |
|
||||
| PurpleGroup | 1 |
|
||||
| SquareGroup | 0 |
|
||||
|
|
Loading…
Reference in New Issue