Merge pull request #8855 from nextcloud/feature/noid/ldap-integration-autotests

behat integration tests for LDAP
This commit is contained in:
blizzz 2018-08-14 14:14:22 +02:00 committed by GitHub
commit d05c815796
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 358 additions and 732 deletions

View File

@ -562,6 +562,26 @@ pipeline:
when: when:
matrix: matrix:
TESTS: integration-ldap-features TESTS: integration-ldap-features
integration-ldap-openldap-features:
image: nextcloudci/integration-php7.0:integration-php7.0-6
commands:
- ./occ maintenance:install --admin-pass=admin --data-dir=/dev/shm/nc_int
- ./occ app:enable user_ldap
- cd build/integration
- ./run.sh ldap_features/ldap-openldap.feature
when:
matrix:
TESTS: integration-ldap-openldap-features
integration-ldap-openldap-uid-features:
image: nextcloudci/integration-php7.0:integration-php7.0-6
commands:
- ./occ maintenance:install --admin-pass=admin --data-dir=/dev/shm/nc_int
- ./occ app:enable user_ldap
- cd build/integration
- ./run.sh ldap_features/openldap-uid-username.feature
when:
matrix:
TESTS: integration-ldap-openldap-uid-features
integration-trashbin: integration-trashbin:
image: nextcloudci/integration-php7.0:integration-php7.0-8 image: nextcloudci/integration-php7.0:integration-php7.0-8
commands: commands:
@ -828,6 +848,10 @@ matrix:
- TESTS: integration-filesdrop-features - TESTS: integration-filesdrop-features
- TESTS: integration-transfer-ownership-features - TESTS: integration-transfer-ownership-features
- TESTS: integration-ldap-features - TESTS: integration-ldap-features
- TESTS: integration-ldap-openldap-features
ENABLE_OPENLDAP: true
- TESTS: integration-ldap-openldap-uid-features
ENABLE_OPENLDAP: true
- TESTS: integration-trashbin - TESTS: integration-trashbin
- TESTS: integration-remote-api - TESTS: integration-remote-api
- TESTS: integration-download - TESTS: integration-download
@ -1007,5 +1031,15 @@ services:
when: when:
matrix: matrix:
TESTS: acceptance TESTS: acceptance
openldap:
image: nextcloudci/openldap:openldap-4
environment:
- SLAPD_DOMAIN=nextcloud.ci
- SLAPD_ORGANIZATION=Nextcloud
- SLAPD_PASSWORD=admin
- SLAPD_ADDITIONAL_MODULES=memberof
when:
matrix:
ENABLE_OPENLDAP: true
branches: [ master, stable* ] branches: [ master, stable* ]

View File

@ -609,23 +609,23 @@ class Access extends LDAPUtility implements IUserTools {
//NOTE: mind, disabling cache affects only this instance! Using it //NOTE: mind, disabling cache affects only this instance! Using it
// outside of core user management will still cache the user as non-existing. // outside of core user management will still cache the user as non-existing.
$originalTTL = $this->connection->ldapCacheTTL; $originalTTL = $this->connection->ldapCacheTTL;
$this->connection->setConfiguration(array('ldapCacheTTL' => 0)); $this->connection->setConfiguration(['ldapCacheTTL' => 0]);
if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName)) if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName))
|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) { || (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) {
if($mapper->map($fdn, $intName, $uuid)) { if($mapper->map($fdn, $intName, $uuid)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
if($this->ncUserManager instanceof PublicEmitter) { if($this->ncUserManager instanceof PublicEmitter && $isUser) {
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]); $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
} }
$newlyMapped = true; $newlyMapped = true;
return $intName; return $intName;
} }
} }
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
$altName = $this->createAltInternalOwnCloudName($intName, $isUser); $altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) { if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
if($this->ncUserManager instanceof PublicEmitter) { if($this->ncUserManager instanceof PublicEmitter && $isUser) {
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]); $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
} }
$newlyMapped = true; $newlyMapped = true;

View File

@ -1,127 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Joas Schilling <coding@schilljs.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\User_LDAP\Tests\Integration\Lib;
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
require_once __DIR__ . '/../Bootstrap.php';
class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
/**
* prepares the LDAP environment and sets up a test configuration for
* the LDAP backend.
*/
public function init() {
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
parent::init();
}
/**
* tests whether the group filter works with one specific group, while the
* input is the same.
*
* @return bool
*/
protected function case1() {
$this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
$dns = ['cn=RedGroup,ou=Groups,' . $this->base];
$result = $this->access->groupsMatchFilter($dns);
return ($dns === $result);
}
/**
* Tests whether a filter for limited groups is effective when more existing
* groups were passed for validation.
*
* @return bool
*/
protected function case2() {
$this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
$dns = [
'cn=RedGroup,ou=Groups,' . $this->base,
'cn=BlueGroup,ou=Groups,' . $this->base,
'cn=PurpleGroup,ou=Groups,' . $this->base
];
$result = $this->access->groupsMatchFilter($dns);
$status =
count($result) === 2
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
return $status;
}
/**
* Tests whether a filter for limited groups is effective when more existing
* groups were passed for validation.
*
* @return bool
*/
protected function case3() {
$this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
$dns = [
'cn=RedGroup,ou=Groups,' . $this->base,
'cn=PurpleGroup,ou=Groups,' . $this->base,
'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
];
$result = $this->access->groupsMatchFilter($dns);
$status =
count($result) === 2
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
return $status;
}
/**
* sets up the LDAP configuration to be used for the test
*/
protected function initConnection() {
parent::initConnection();
$this->connection->setConfiguration([
'ldapBaseGroups' => 'ou=Groups,' . $this->base,
'ldapUserFilter' => 'objectclass=inetOrgPerson',
'ldapUserDisplayName' => 'displayName',
'ldapGroupDisplayName' => 'cn',
'ldapLoginFilter' => 'uid=%uid',
]);
}
}
/** @var string $host */
/** @var int $port */
/** @var string $adn */
/** @var string $apwd */
/** @var string $bdn */
$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
$test->init();
$test->run();

View File

@ -1,124 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Joas Schilling <coding@schilljs.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\User_LDAP\Tests\Integration\Lib;
use OC\ServerNotAvailableException;
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
use OCA\User_LDAP\Mapping\UserMapping;
use OCA\User_LDAP\User_LDAP;
require_once __DIR__ . '/../Bootstrap.php';
class IntegrationTestBackupServer extends AbstractIntegrationTest {
/** @var UserMapping */
protected $mapping;
/** @var User_LDAP */
protected $backend;
/**
* sets up the LDAP configuration to be used for the test
*/
protected function initConnection() {
parent::initConnection();
$originalHost = $this->connection->ldapHost;
$originalPort = $this->connection->ldapPort;
$this->connection->setConfiguration([
'ldapHost' => 'qwertz.uiop',
'ldapPort' => '32123',
'ldap_backup_host' => $originalHost,
'ldap_backup_port' => $originalPort,
]);
}
/**
* tests that a backup connection is being used when the main LDAP server
* is offline
*
* Beware: after starting docker, the LDAP host might not be ready yet, thus
* causing a false positive. Retry in that case or increase the sleep time
* in run-test.sh
*
* @return bool
*/
protected function case1() {
try {
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return false;
}
return true;
}
/**
* ensures that an exception is thrown if LDAP main server and LDAP backup
* server are not available
*
* @return bool
*/
protected function case2() {
// reset possible LDAP connection
$this->initConnection();
try {
$this->connection->setConfiguration([
'ldap_backup_host' => 'qwertz.uiop',
'ldap_backup_port' => '32123',
]);
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return true;
}
return false;
}
/**
* ensures that an exception is thrown if main LDAP server is down and a
* backup server is not given
*
* @return bool
*/
protected function case3() {
// reset possible LDAP connection
$this->initConnection();
try {
$this->connection->setConfiguration([
'ldap_backup_host' => '',
'ldap_backup_port' => '',
]);
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return true;
}
return false;
}
}
/** @var string $host */
/** @var int $port */
/** @var string $adn */
/** @var string $apwd */
/** @var string $bdn */
$test = new IntegrationTestBackupServer($host, $port, $adn, $apwd, $bdn);
$test->init();
$test->run();

View File

@ -1,81 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Joas Schilling <coding@schilljs.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\User_LDAP\Tests\Integration\Lib;
use OCA\User_LDAP\Mapping\UserMapping;
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
require_once __DIR__ . '/../Bootstrap.php';
class IntegrationTestBatchApplyUserAttributes extends AbstractIntegrationTest {
/** @var UserMapping */
protected $mapping;
/**
* prepares the LDAP environment and sets up a test configuration for
* the LDAP backend.
*/
public function init() {
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
require(__DIR__ . '/../setup-scripts/createUsersWithoutDisplayName.php');
parent::init();
$this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
$this->mapping->clear();
$this->access->setUserMapper($this->mapping);
}
/**
* sets up the LDAP configuration to be used for the test
*/
protected function initConnection() {
parent::initConnection();
$this->connection->setConfiguration([
'ldapUserDisplayName' => 'displayname',
]);
}
/**
* indirectly tests whether batchApplyUserAttributes does it job properly,
* when a user without display name is included in the result set from LDAP.
*
* @return bool
*/
protected function case1() {
$result = $this->access->fetchListOfUsers('objectclass=person', 'dn');
// on the original issue, PHP would emit a fatal error
// cannot catch it here, but will render the test as unsuccessful
return is_array($result) && !empty($result);
}
}
/** @var string $host */
/** @var int $port */
/** @var string $adn */
/** @var string $apwd */
/** @var string $bdn */
$test = new IntegrationTestBatchApplyUserAttributes($host, $port, $adn, $apwd, $bdn);
$test->init();
$test->run();

View File

@ -1,172 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Joas Schilling <coding@schilljs.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\User_LDAP\Tests\Integration\Lib;
use OC\ServerNotAvailableException;
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
use OCA\User_LDAP\Mapping\UserMapping;
use OCA\User_LDAP\User_LDAP;
require_once __DIR__ . '/../Bootstrap.php';
class IntegrationTestConnect extends AbstractIntegrationTest {
/** @var UserMapping */
protected $mapping;
/** @var User_LDAP */
protected $backend;
/** @var string */
protected $host;
/** @var int */
protected $port;
public function __construct($host, $port, $bind, $pwd, $base) {
// make sure host is a simple host name
if(strpos($host, '://') !== false) {
$host = substr_replace($host, '', 0, strpos($host, '://') + 3);
}
if(strpos($host, ':') !== false) {
$host = substr_replace($host, '', strpos($host, ':'));
}
$this->host = $host;
$this->port = $port;
parent::__construct($host, $port, $bind, $pwd, $base);
}
/**
* test that a faulty host will does not connect successfully
*
* @return bool
*/
protected function case1() {
// reset possible LDAP connection
$this->initConnection();
$this->connection->setConfiguration([
'ldapHost' => 'qwertz.uiop',
]);
try {
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return true;
}
return false;
}
/**
* tests that a connect succeeds when only a hostname is provided
*
* @return bool
*/
protected function case2() {
// reset possible LDAP connection
$this->initConnection();
$this->connection->setConfiguration([
'ldapHost' => $this->host,
]);
try {
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return false;
}
return true;
}
/**
* tests that a connect succeeds when an LDAP URL is provided
*
* @return bool
*/
protected function case3() {
// reset possible LDAP connection
$this->initConnection();
$this->connection->setConfiguration([
'ldapHost' => 'ldap://' . $this->host,
]);
try {
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return false;
}
return true;
}
/**
* tests that a connect succeeds when an LDAP URL with port is provided
*
* @return bool
*/
protected function case4() {
// reset possible LDAP connection
$this->initConnection();
$this->connection->setConfiguration([
'ldapHost' => 'ldap://' . $this->host . ':' . $this->port,
]);
try {
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return false;
}
return true;
}
/**
* tests that a connect succeeds when a hostname with port is provided
*
* @return bool
*/
protected function case5() {
// reset possible LDAP connection
$this->initConnection();
$this->connection->setConfiguration([
'ldapHost' => $this->host . ':' . $this->port,
]);
try {
$this->connection->getConnectionResource();
} catch (ServerNotAvailableException $e) {
return false;
}
return true;
}
/**
* repeat case1, only to make sure that not a connection was reused by
* accident.
*
* @return bool
*/
protected function case6() {
return $this->case1();
}
}
/** @var string $host */
/** @var int $port */
/** @var string $adn */
/** @var string $apwd */
/** @var string $bdn */
$test = new IntegrationTestConnect($host, $port, $adn, $apwd, $bdn);
$test->init();
$test->run();

View File

@ -58,30 +58,12 @@ class IntegrationTestPaging extends AbstractIntegrationTest {
]); ]);
} }
/**
* tests that paging works properly against a simple example (reading all
* of few users in small steps)
*
* @return bool
*/
protected function case1() {
$filter = 'objectclass=inetorgperson';
$attributes = ['cn', 'dn'];
$result = $this->access->searchUsers($filter, $attributes);
if(count($result) === 7) {
return true;
}
return false;
}
/** /**
* fetch first three, afterwards all users * fetch first three, afterwards all users
* *
* @return bool * @return bool
*/ */
protected function case2() { protected function case1() {
$filter = 'objectclass=inetorgperson'; $filter = 'objectclass=inetorgperson';
$attributes = ['cn', 'dn']; $attributes = ['cn', 'dn'];
@ -102,23 +84,6 @@ class IntegrationTestPaging extends AbstractIntegrationTest {
return true; return true;
} }
/**
* reads all remaining users starting first page
*
* @return bool
*/
protected function case3() {
$filter = 'objectclass=inetorgperson';
$attributes = ['cn', 'dn'];
$result = $this->access->searchUsers($filter, $attributes, null, $this->pagingSize);
if(count($result) === (7 - $this->pagingSize)) {
return true;
}
return false;
}
} }
/** @var string $host */ /** @var string $host */

View File

@ -1,186 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Joas Schilling <coding@schilljs.com>
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Vinicius Cubas Brand <vinicius@eita.org.br>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\User_LDAP\Tests\Integration\Lib;
use OCA\User_LDAP\FilesystemHelper;
use OCA\User_LDAP\LogWrapper;
use OCA\User_LDAP\User\Manager as LDAPUserManager;
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
use OCA\User_LDAP\Mapping\UserMapping;
use OCA\User_LDAP\User_LDAP;
use OCP\Image;
require_once __DIR__ . '/../Bootstrap.php';
class IntegrationTestUserHome extends AbstractIntegrationTest {
/** @var UserMapping */
protected $mapping;
/** @var User_LDAP */
protected $backend;
/**
* prepares the LDAP environment and sets up a test configuration for
* the LDAP backend.
*/
public function init() {
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
parent::init();
$this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
$this->mapping->clear();
$this->access->setUserMapper($this->mapping);
$this->backend = new User_LDAP($this->access, \OC::$server->getConfig(), \OC::$server->getNotificationManager(), \OC::$server->getUserSession(), \OC::$server->query('LDAPUserPluginManager'));
}
/**
* sets up the LDAP configuration to be used for the test
*/
protected function initConnection() {
parent::initConnection();
$this->connection->setConfiguration([
'homeFolderNamingRule' => 'homeDirectory',
]);
}
/**
* initializes an LDAP user manager instance
* @return LDAPUserManager
*/
protected function initUserManager() {
$this->userManager = new LDAPUserManager(
\OC::$server->getConfig(),
new FilesystemHelper(),
new LogWrapper(),
\OC::$server->getAvatarManager(),
new Image(),
\OC::$server->getDatabaseConnection(),
\OC::$server->getUserManager(),
\OC::$server->getNotificationManager()
);
}
/**
* homeDirectory on LDAP is empty. Return values of getHome should be
* identical to user name, following Nextcloud default.
*
* @return bool
*/
protected function case1() {
\OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false);
$userManager = \OC::$server->getUserManager();
$userManager->clearBackends();
$userManager->registerBackend($this->backend);
$users = $userManager->search('', 5, 0);
foreach($users as $user) {
$home = $user->getHome();
$uid = $user->getUID();
$posFound = strpos($home, '/' . $uid);
$posExpected = strlen($home) - (strlen($uid) + 1);
if($posFound === false || $posFound !== $posExpected) {
print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
return false;
}
}
return true;
}
/**
* homeDirectory on LDAP is empty. Having the attributes set is enforced.
*
* @return bool
*/
protected function case2() {
\OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
$userManager = \OC::$server->getUserManager();
// clearing backends is critical, otherwise the userManager will have
// the user objects cached and the value from case1 returned
$userManager->clearBackends();
$userManager->registerBackend($this->backend);
$users = $userManager->search('', 5, 0);
try {
foreach ($users as $user) {
$user->getHome();
print('User home was retrieved without throwing an Exception!' . PHP_EOL);
return false;
}
} catch (\Exception $e) {
if(strpos($e->getMessage(), 'Home dir attribute') === 0) {
return true;
}
}
return false;
}
/**
* homeDirectory on LDAP is set to "attr:" which is effectively empty.
* Return values of getHome should be Nextcloud default.
*
* @return bool
*/
protected function case3() {
\OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
$this->connection->setConfiguration([
'homeFolderNamingRule' => 'attr:',
]);
$userManager = \OC::$server->getUserManager();
$userManager->clearBackends();
$userManager->registerBackend($this->backend);
$users = $userManager->search('', 5, 0);
try {
foreach ($users as $user) {
$home = $user->getHome();
$uid = $user->getUID();
$posFound = strpos($home, '/' . $uid);
$posExpected = strlen($home) - (strlen($uid) + 1);
if ($posFound === false || $posFound !== $posExpected) {
print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
return false;
}
}
} catch (\Exception $e) {
print("Unexpected Exception: " . $e->getMessage() . PHP_EOL);
return false;
}
return true;
}
}
/** @var string $host */
/** @var int $port */
/** @var string $adn */
/** @var string $apwd */
/** @var string $bdn */
$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
$test->init();
$test->run();

View File

@ -497,4 +497,11 @@ trait BasicStructure {
$file->isDir() ? rmdir($file) : unlink($file); $file->isDir() ? rmdir($file) : unlink($file);
} }
} }
/**
* @Given /^cookies are reset$/
*/
public function cookiesAreReset() {
$this->cookieJar = new CookieJar();
}
} }

View File

@ -32,6 +32,14 @@ class LDAPContext implements Context {
protected $apiUrl; protected $apiUrl;
/** @AfterScenario */
public function teardown() {
if($this->configID === null) {
return;
}
$this->sendingTo('DELETE', $this->apiUrl . '/' . $this->configID);
}
/** /**
* @Given /^the response should contain a tag "([^"]*)"$/ * @Given /^the response should contain a tag "([^"]*)"$/
*/ */
@ -82,4 +90,110 @@ class LDAPContext implements Context {
public function settingTheLDAPConfigurationTo(TableNode $configData) { public function settingTheLDAPConfigurationTo(TableNode $configData) {
$this->sendingToWith('PUT', $this->apiUrl . '/' . $this->configID, $configData); $this->sendingToWith('PUT', $this->apiUrl . '/' . $this->configID, $configData);
} }
/**
* @Given /^having a valid LDAP configuration$/
*/
public function havingAValidLDAPConfiguration() {
$this->asAn('admin');
$this->creatingAnLDAPConfigurationAt('/apps/user_ldap/api/v1/config');
$data = new TableNode([
['configData[ldapHost]', 'openldap'],
['configData[ldapPort]', '389'],
['configData[ldapBase]', 'dc=nextcloud,dc=ci'],
['configData[ldapAgentName]', 'cn=admin,dc=nextcloud,dc=ci'],
['configData[ldapAgentPassword]', 'admin'],
['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
['configData[ldapUserDisplayName]', 'displayname'],
['configData[ldapGroupDisplayName]', 'cn'],
['configData[ldapEmailAttribute]', 'mail'],
['configData[ldapConfigurationActive]', '1'],
]);
$this->settingTheLDAPConfigurationTo($data);
$this->asAn('');
}
/**
* @Given /^looking up details for the first result matches expectations$/
* @param TableNode $expectations
*/
public function lookingUpDetailsForTheFirstResult(TableNode $expectations) {
$userResultElements = simplexml_load_string($this->response->getBody())->data[0]->users[0]->element;
$userResults = json_decode(json_encode($userResultElements), 1);
$userId = array_shift($userResults);
$this->sendingTo('GET', '/cloud/users/' . $userId);
$this->theRecordFieldsShouldMatch($expectations);
}
/**
* @Given /^modify LDAP configuration$/
*/
public function modifyLDAPConfiguration(TableNode $table) {
$originalAsAn = $this->currentUser;
$this->asAn('admin');
$configData = $table->getRows();
foreach($configData as &$row) {
$row[0] = 'configData[' . $row[0] . ']';
}
$this->settingTheLDAPConfigurationTo(new TableNode($configData));
$this->asAn($originalAsAn);
}
/**
* @Given /^the "([^"]*)" result should match$/
*/
public function theGroupResultShouldMatch(string $type, TableNode $expectations) {
$listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
$extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
foreach($expectations->getRows() as $expectation) {
if((int)$expectation[1] === 1) {
Assert::assertContains($expectation[0], $extractedIDsArray);
} else {
Assert::assertNotContains($expectation[0], $extractedIDsArray);
}
}
}
/**
* @Given /^Expect ServerException on failed web login as "([^"]*)"$/
*/
public function expectServerExceptionOnFailedWebLoginAs($login) {
try {
$this->loggingInUsingWebAs($login);
} catch (\GuzzleHttp\Exception\ServerException $e) {
Assert::assertEquals(500, $e->getResponse()->getStatusCode());
return;
}
Assert::assertTrue(false, 'expected Exception not received');
}
/**
* @Given /^the "([^"]*)" result should contain "([^"]*)" of$/
*/
public function theResultShouldContainOf($type, $expectedCount, TableNode $expectations) {
$listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
$extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
$uidsFound = 0;
foreach($expectations->getRows() as $expectation) {
if(in_array($expectation[0], $extractedIDsArray)) {
$uidsFound++;
}
}
Assert::assertSame((int)$expectedCount, $uidsFound);
}
/**
* @Given /^the record's fields should match$/
*/
public function theRecordFieldsShouldMatch(TableNode $expectations) {
foreach($expectations->getRowsHash() as $k => $v) {
$value = (string)simplexml_load_string($this->response->getBody())->data[0]->$k;
Assert::assertEquals($v, $value, "got $value");
}
$backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
Assert::assertEquals('LDAP', $backend);
}
} }

View File

@ -342,6 +342,7 @@ Feature: provisioning
| theming | | theming |
| twofactor_backupcodes | | twofactor_backupcodes |
| updatenotification | | updatenotification |
| user_ldap |
| workflowengine | | workflowengine |
| files_external | | files_external |
| oauth2 | | oauth2 |

View File

@ -0,0 +1,104 @@
Feature: LDAP
Background:
Given using api version "2"
And having a valid LDAP configuration
Scenario: Test valid configuration by logging in
Given Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Test valid configuration with port in the hostname by logging in
Given modify LDAP configuration
| ldapHost | openldap:389 |
And cookies are reset
And Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Test valid configuration with LDAP protocol by logging in
Given modify LDAP configuration
| ldapHost | ldap://openldap |
And cookies are reset
And Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Test valid configuration with LDAP protoccol and port by logging in
Given modify LDAP configuration
| ldapHost | ldap://openldap:389 |
And cookies are reset
And Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Look for a known LDAP user
Given As an "admin"
And sending "GET" to "/cloud/users?search=alice"
Then the OCS status code should be "200"
And looking up details for the first result matches expectations
| email | alice@nextcloud.ci |
| displayname | Alice |
Scenario: Test group filter with one specific group
Given modify LDAP configuration
| ldapGroupFilter | cn=RedGroup |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the "groups" result should match
| RedGroup | 1 |
| GreenGroup | 0 |
| BlueGroup | 0 |
| PurpleGroup | 0 |
Scenario: Test group filter with two specific groups
Given modify LDAP configuration
| ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the "groups" result should match
| RedGroup | 1 |
| GreenGroup | 1 |
| BlueGroup | 0 |
| PurpleGroup | 0 |
Scenario: Test group filter ruling out a group from a different base
Given modify LDAP configuration
| ldapGroupFilter | (objectClass=groupOfNames) |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the "groups" result should match
| RedGroup | 1 |
| GreenGroup | 1 |
| BlueGroup | 1 |
| PurpleGroup | 1 |
| SquareGroup | 0 |
Scenario: Test backup server
Given modify LDAP configuration
| ldapBackupHost | openldap |
| ldapBackupPort | 389 |
| ldapHost | foo.bar |
| ldapPort | 2456 |
And Logging in using web as "alice"
Then the HTTP status code should be "200"
Scenario: Test backup server offline
Given modify LDAP configuration
| ldapBackupHost | off.line |
| ldapBackupPort | 3892 |
| ldapHost | foo.bar |
| ldapPort | 2456 |
Then Expect ServerException on failed web login as "alice"
Scenario: Test LDAP server offline, no backup server
Given modify LDAP configuration
| ldapHost | foo.bar |
| ldapPort | 2456 |
Then Expect ServerException on failed web login as "alice"

View File

@ -0,0 +1,88 @@
Feature: LDAP
Background:
Given using api version "2"
And having a valid LDAP configuration
And modify LDAP configuration
| ldapExpertUsernameAttr | uid |
Scenario: Look for a expected LDAP users
Given As an "admin"
And sending "GET" to "/cloud/users"
Then the OCS status code should be "200"
And the "users" result should match
| alice | 1 |
| elisa | 1 |
| ghost | 0 |
Scenario: check default home of an LDAP user
Given As an "admin"
And sending "GET" to "/cloud/users/alice"
Then the OCS status code should be "200"
And the record's fields should match
| storageLocation | /dev/shm/nc_int/alice |
Scenario: check custom relative home of an LDAP user
Given modify LDAP configuration
| homeFolderNamingRule | sn |
And As an "admin"
And sending "GET" to "/cloud/users/alice"
Then the OCS status code should be "200"
And the record's fields should match
| storageLocation | /dev/shm/nc_int/Alfgeirdottir |
Scenario: check custom absolute home of an LDAP user
Given modify LDAP configuration
| homeFolderNamingRule | roomNumber |
And As an "admin"
And sending "GET" to "/cloud/users/elisa"
Then the OCS status code should be "200"
And the record's fields should match
| storageLocation | /dev/shm/elisa-data |
Scenario: Fetch all users, invoking pagination
Given modify LDAP configuration
| ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
| ldapPagingSize | 2 |
And As an "admin"
And sending "GET" to "/cloud/users"
Then the OCS status code should be "200"
And the "users" result should match
| ebba | 1 |
| eindis | 1 |
| fjolnir | 1 |
| gunna | 1 |
| juliana | 1 |
| leo | 1 |
| stigur | 1 |
Scenario: Fetch all users, invoking pagination
Given modify LDAP configuration
| ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
| ldapPagingSize | 2 |
And As an "admin"
And sending "GET" to "/cloud/users?limit=10"
Then the OCS status code should be "200"
And the "users" result should match
| ebba | 1 |
| eindis | 1 |
| fjolnir | 1 |
| gunna | 1 |
| juliana | 1 |
| leo | 1 |
| stigur | 1 |
Scenario: Fetch from second batch of all users, invoking pagination
Given modify LDAP configuration
| ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
| ldapPagingSize | 2 |
And As an "admin"
And sending "GET" to "/cloud/users?limit=10&offset=2"
Then the OCS status code should be "200"
And the "users" result should contain "5" of
| ebba |
| eindis |
| fjolnir |
| gunna |
| juliana |
| leo |
| stigur |

View File

@ -22,6 +22,7 @@ else
exit 1 exit 1
fi fi
fi fi
NC_DATADIR=$($OCC config:system:get datadirectory)
composer install composer install
@ -48,6 +49,7 @@ if [ "$INSTALLED" == "true" ]; then
#Enable external storage app #Enable external storage app
$OCC app:enable files_external $OCC app:enable files_external
$OCC app:enable user_ldap
mkdir -p work/local_storage mkdir -p work/local_storage
OUTPUT_CREATE_STORAGE=`$OCC files_external:create local_storage local null::null -c datadir=$PWD/work/local_storage` OUTPUT_CREATE_STORAGE=`$OCC files_external:create local_storage local null::null -c datadir=$PWD/work/local_storage`
@ -70,10 +72,11 @@ if [ "$INSTALLED" == "true" ]; then
#Disable external storage app #Disable external storage app
$OCC app:disable files_external $OCC app:disable files_external
$OCC app:disable user_ldap
fi fi
if [ -z $HIDE_OC_LOGS ]; then if [ -z $HIDE_OC_LOGS ]; then
tail "${OC_PATH}/data/nextcloud.log" tail "${NC_DATADIR}/nextcloud.log"
fi fi
echo "runsh: Exit code: $RESULT" echo "runsh: Exit code: $RESULT"