Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* ldap_authentication simpletests |
|
6 |
* |
|
5 |
* Ldap_authentication simpletests. |
|
7 | 6 |
*/ |
8 | 7 |
|
9 | 8 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class'); |
10 | 9 |
module_load_include('module', 'ldap_authentication'); |
11 | 10 |
|
11 |
/** |
|
12 |
* LdapAuthenticationTestCase. |
|
13 |
*/ |
|
12 | 14 |
class LdapAuthenticationTestCase extends LdapTestCase { |
15 |
|
|
16 |
public $module_name = 'ldap_authentication'; |
|
17 |
protected $ldap_test_data; |
|
18 |
|
|
19 |
/** |
|
20 |
* Get info. |
|
21 |
*/ |
|
13 | 22 |
public static function getInfo() { |
14 |
return array(
|
|
23 |
return [
|
|
15 | 24 |
'name' => 'LDAP Authentication Tests', |
16 | 25 |
'description' => 'Test ldap authentication.', |
17 |
'group' => 'LDAP Authentication' |
|
18 |
);
|
|
26 |
'group' => 'LDAP Authentication',
|
|
27 |
];
|
|
19 | 28 |
} |
20 | 29 |
|
21 |
function __construct($test_id = NULL) { |
|
30 |
/** |
|
31 |
* {@inheritdoc} |
|
32 |
*/ |
|
33 |
public function __construct($test_id = NULL) { |
|
22 | 34 |
parent::__construct($test_id); |
23 | 35 |
} |
24 | 36 |
|
25 |
public $module_name = 'ldap_authentication';
|
|
26 |
protected $ldap_test_data;
|
|
27 |
|
|
28 |
function setUp() { |
|
29 |
parent::setUp(array(
|
|
37 |
/**
|
|
38 |
*
|
|
39 |
*/ |
|
40 |
public function setUp() {
|
|
41 |
parent::setUp([
|
|
30 | 42 |
'ldap_authentication', |
31 | 43 |
'ldap_authorization', |
32 | 44 |
'ldap_authorization_drupal_role', |
33 | 45 |
'ldap_test', |
34 |
)); // don't need any real servers, configured, just ldap_servers code base |
|
46 |
// don't need any real servers, configured, just ldap_servers code base. |
|
47 |
]); |
|
35 | 48 |
variable_set('ldap_simpletest', 2); |
36 | 49 |
} |
37 | 50 |
|
38 |
function tearDown() { |
|
51 |
/** |
|
52 |
* |
|
53 |
*/ |
|
54 |
public function tearDown() { |
|
39 | 55 |
parent::tearDown(); |
40 | 56 |
variable_del('ldap_help_watchdog_detail'); |
41 | 57 |
variable_del('ldap_simpletest'); |
42 | 58 |
} |
43 | 59 |
|
44 | 60 |
/** |
45 |
* difficult to test install and uninstall since setUp does module enabling and installing.
|
|
61 |
* Difficult to test install and uninstall since setUp does module enabling and installing.
|
|
46 | 62 |
*/ |
47 |
function testInstall() { |
|
63 |
public function testInstall() {
|
|
48 | 64 |
$testid = $this->module_name . ': setup success'; |
49 | 65 |
$setup_success = ( |
50 | 66 |
module_exists('ldap_authentication') && |
... | ... | |
54 | 70 |
$this->assertTrue($setup_success, ' ldap_authentication setup successful', $testid); |
55 | 71 |
} |
56 | 72 |
|
57 |
|
|
58 |
/** |
|
59 |
* LDAP Authentication Mixed Mode User Logon Test (ids = LDAP_authen.MM.ULT.*) |
|
60 |
*/ |
|
61 |
|
|
62 |
|
|
63 |
function testMixedModeUserLogon() { |
|
73 |
/** |
|
74 |
* LDAP Authentication Mixed Mode User Logon Test (ids = LDAP_authen.MM.ULT.*) |
|
75 |
*/ |
|
76 |
public function testMixedModeUserLogon() { |
|
64 | 77 |
$sid = 'activedirectory1'; |
65 | 78 |
$testid = 'MixedModeUserLogon3'; |
66 |
$sids = array($sid);
|
|
79 |
$sids = [$sid];
|
|
67 | 80 |
$this->prepTestData( |
68 | 81 |
LDAP_TEST_LDAP_NAME, |
69 | 82 |
$sids, |
... | ... | |
81 | 94 |
|
82 | 95 |
$user1 = user_load(1); |
83 | 96 |
$password = $this->randomString(20); |
84 |
require_once(DRUPAL_ROOT . '/includes/password.inc');
|
|
85 |
$account = array(
|
|
97 |
require_once DRUPAL_ROOT . '/includes/password.inc';
|
|
98 |
$account = [
|
|
86 | 99 |
'name' => $user1->name, |
87 | 100 |
'pass' => user_hash_password(trim($password)), |
88 |
);
|
|
101 |
];
|
|
89 | 102 |
db_update('users') |
90 | 103 |
->fields($account) |
91 | 104 |
->condition('uid', 1) |
92 | 105 |
->execute(); |
93 | 106 |
|
94 |
$edit = array(
|
|
107 |
$edit = [
|
|
95 | 108 |
'name' => $user1->name, |
96 | 109 |
'pass' => $password, |
97 |
);
|
|
110 |
];
|
|
98 | 111 |
|
99 | 112 |
$this->drupalPost('user', $edit, t('Log in')); |
100 | 113 |
$this->assertText(t('Member for'), 'User 1 successfully authenticated', $testid); |
... | ... | |
102 | 115 |
|
103 | 116 |
/** LDAP_authen.MM.ULT.user1.badpwd -- result: Drupal logon error message. **/ |
104 | 117 |
|
105 |
$edit = array(
|
|
118 |
$edit = [
|
|
106 | 119 |
'name' => $user1->name, |
107 | 120 |
'pass' => 'mydabpassword', |
108 |
);
|
|
121 |
];
|
|
109 | 122 |
|
110 | 123 |
$this->drupalPost('user', $edit, t('Log in')); |
111 | 124 |
$this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid); |
... | ... | |
115 | 128 |
|
116 | 129 |
$drupal_user = $this->drupalCreateUser(); |
117 | 130 |
$raw_pass = $drupal_user->pass_raw; |
118 |
$edit = array(
|
|
131 |
$edit = [
|
|
119 | 132 |
'name' => $drupal_user->name, |
120 | 133 |
'pass' => $raw_pass, |
121 |
);
|
|
134 |
];
|
|
122 | 135 |
$this->drupalPost('user', $edit, t('Log in')); |
123 | 136 |
$this->assertText(t('Member for'), 'Drupal user (not ldap associated) successfully authenticated', $testid); |
124 | 137 |
$this->drupalGet('user/logout'); |
125 | 138 |
|
126 | 139 |
/** LDAP_authen.MM.ULT.drupal.badpwd - result: Drupal logon error message. **/ |
127 |
$edit = array(
|
|
140 |
$edit = [
|
|
128 | 141 |
'name' => $drupal_user->name, |
129 | 142 |
'pass' => 'mydabpassword', |
130 |
);
|
|
143 |
];
|
|
131 | 144 |
$this->drupalPost('user', $edit, t('Log in')); |
132 | 145 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user (not ldap associated) with bad password failed to authenticate.', $testid); |
133 | 146 |
$this->drupalGet('user/logout'); |
134 | 147 |
|
135 | 148 |
/** LDAP_authen.MM.ULT.ldap.newaccount.badpwd - result: Drupal logon error message. **/ |
136 |
$edit = array(
|
|
149 |
$edit = [
|
|
137 | 150 |
'name' => 'hpotter', |
138 | 151 |
'pass' => 'mydabpassword', |
139 |
);
|
|
152 |
];
|
|
140 | 153 |
$this->drupalPost('user', $edit, t('Log in')); |
141 | 154 |
$this->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid); |
142 | 155 |
$this->drupalGet('user/logout'); |
143 | 156 |
|
144 |
|
|
145 | 157 |
/** LDAP_authen.MM.ULT.ldap.newaccount.goodpwd - result: Successful logon, with user record created and authmapped to ldap **/ |
146 |
$edit = array(
|
|
158 |
$edit = [
|
|
147 | 159 |
'name' => 'hpotter', |
148 | 160 |
'pass' => 'goodpwd', |
149 |
);
|
|
161 |
];
|
|
150 | 162 |
$this->drupalPost('user', $edit, t('Log in')); |
151 | 163 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.'); |
152 | 164 |
$this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid); |
153 | 165 |
$this->drupalGet('user/logout'); |
154 | 166 |
|
155 | 167 |
/** LDAP_authen.MM.ULT.existingacct.badpwd - result: Drupal logon error message. **/ |
156 |
$edit = array(
|
|
168 |
$edit = [
|
|
157 | 169 |
'name' => 'hpotter', |
158 | 170 |
'pass' => 'mydabpassword', |
159 |
);
|
|
171 |
];
|
|
160 | 172 |
$this->drupalPost('user', $edit, t('Log in')); |
161 | 173 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid); |
162 | 174 |
$this->drupalGet('user/logout'); |
163 | 175 |
|
164 | 176 |
/** LDAP_authen.MM.ULT.existingacct.goodpwd - result: Successful logon. **/ |
165 |
$edit = array(
|
|
177 |
$edit = [
|
|
166 | 178 |
'name' => 'hpotter', |
167 | 179 |
'pass' => 'goodpwd', |
168 |
);
|
|
180 |
];
|
|
169 | 181 |
$this->drupalPost('user', $edit, t('Log in')); |
170 | 182 |
$this->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.'); |
171 | 183 |
$this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid); |
... | ... | |
173 | 185 |
|
174 | 186 |
} |
175 | 187 |
|
176 |
|
|
177 |
/** |
|
178 |
* LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*) |
|
179 |
*/ |
|
180 |
function testExclusiveModeUserLogon() { |
|
188 |
/** |
|
189 |
* LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*) |
|
190 |
*/ |
|
191 |
public function testExclusiveModeUserLogon() { |
|
181 | 192 |
|
182 | 193 |
$sid = 'activedirectory1'; |
183 | 194 |
$testid = 'ExclusiveModeUserLogon3'; |
184 |
$sids = array($sid);
|
|
195 |
$sids = [$sid];
|
|
185 | 196 |
$this->prepTestData( |
186 | 197 |
LDAP_TEST_LDAP_NAME, |
187 | 198 |
$sids, |
... | ... | |
199 | 210 |
|
200 | 211 |
$user1 = user_load(1); |
201 | 212 |
$password = $this->randomString(20); |
202 |
require_once(DRUPAL_ROOT . '/includes/password.inc');
|
|
203 |
$account = array(
|
|
213 |
require_once DRUPAL_ROOT . '/includes/password.inc';
|
|
214 |
$account = [
|
|
204 | 215 |
'name' => $user1->name, |
205 | 216 |
'pass' => user_hash_password(trim($password)), |
206 |
);
|
|
217 |
];
|
|
207 | 218 |
db_update('users') |
208 | 219 |
->fields($account) |
209 | 220 |
->condition('uid', 1) |
210 | 221 |
->execute(); |
211 | 222 |
|
212 |
$edit = array(
|
|
223 |
$edit = [
|
|
213 | 224 |
'name' => $user1->name, |
214 | 225 |
'pass' => $password, |
215 |
);
|
|
226 |
];
|
|
216 | 227 |
|
217 | 228 |
$this->drupalPost('user', $edit, t('Log in')); |
218 | 229 |
$this->assertText(t('Member for'), 'User 1 successfully authenticated', $testid); |
... | ... | |
220 | 231 |
|
221 | 232 |
/** LDAP_authen.EM.ULT.user1.badpwd -- result: Drupal logon error message. **/ |
222 | 233 |
|
223 |
$edit = array(
|
|
234 |
$edit = [
|
|
224 | 235 |
'name' => $user1->name, |
225 | 236 |
'pass' => 'mydabpassword', |
226 |
);
|
|
237 |
];
|
|
227 | 238 |
|
228 | 239 |
$this->drupalPost('user', $edit, t('Log in')); |
229 |
$this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid );
|
|
240 |
$this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid); |
|
230 | 241 |
$this->drupalLogout(); |
231 | 242 |
|
232 | 243 |
/** LDAP_authen.EM.ULT.drupal.goodpwd - result: failed logon **/ |
233 | 244 |
|
234 | 245 |
$drupal_user = $this->drupalCreateUser(); |
235 | 246 |
$raw_pass = $drupal_user->pass_raw; |
236 |
$edit = array(
|
|
247 |
$edit = [
|
|
237 | 248 |
'name' => $drupal_user->name, |
238 | 249 |
'pass' => $raw_pass, |
239 |
);
|
|
250 |
];
|
|
240 | 251 |
$this->drupalPost('user', $edit, t('Log in')); |
241 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user successfully authenticated', $testid );
|
|
252 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user successfully authenticated', $testid); |
|
242 | 253 |
$this->drupalGet('user/logout'); |
243 | 254 |
|
244 | 255 |
/** LDAP_authen.EM.ULT.drupal.badpwd - result: Drupal logon error message. **/ |
245 |
$edit = array(
|
|
256 |
$edit = [
|
|
246 | 257 |
'name' => $drupal_user->name, |
247 | 258 |
'pass' => 'mydabpassword', |
248 |
);
|
|
259 |
];
|
|
249 | 260 |
$this->drupalPost('user', $edit, t('Log in')); |
250 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user with bad password failed to authenticate.', $testid );
|
|
261 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user with bad password failed to authenticate.', $testid); |
|
251 | 262 |
$this->drupalGet('user/logout'); |
252 | 263 |
|
253 |
|
|
254 | 264 |
/** LDAP_authen.EM.ULT.ldap.newaccount.badpwd - result: Drupal logon error message. **/ |
255 |
$edit = array(
|
|
265 |
$edit = [
|
|
256 | 266 |
'name' => 'hpotter', |
257 | 267 |
'pass' => 'mydabpassword', |
258 |
);
|
|
268 |
];
|
|
259 | 269 |
$this->drupalPost('user', $edit, t('Log in')); |
260 |
$this->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid );
|
|
270 |
$this->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid); |
|
261 | 271 |
$this->drupalGet('user/logout'); |
262 | 272 |
|
263 |
|
|
264 |
|
|
265 | 273 |
/** LDAP_authen.EM.ULT.ldap.newaccount.goodpwd - result: Successful logon, with user record created and authmapped to ldap **/ |
266 |
$edit = array(
|
|
274 |
$edit = [
|
|
267 | 275 |
'name' => 'hpotter', |
268 | 276 |
'pass' => 'goodpwd', |
269 |
);
|
|
277 |
];
|
|
270 | 278 |
$this->drupalPost('user', $edit, t('Log in')); |
271 | 279 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.'); |
272 |
$this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid );
|
|
280 |
$this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid); |
|
273 | 281 |
$this->drupalGet('user/logout'); |
274 | 282 |
|
275 |
|
|
276 | 283 |
/** LDAP_authen.EM.ULT.existingacct.badpwd - result: Drupal logon error message. **/ |
277 |
$edit = array(
|
|
284 |
$edit = [
|
|
278 | 285 |
'name' => 'hpotter', |
279 | 286 |
'pass' => 'mydabpassword', |
280 |
);
|
|
287 |
];
|
|
281 | 288 |
$this->drupalPost('user', $edit, t('Log in')); |
282 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid );
|
|
289 |
$this->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid); |
|
283 | 290 |
$this->drupalGet('user/logout'); |
284 | 291 |
|
285 | 292 |
/** LDAP_authen.MM.ULT.existingacct.goodpwd - result: Successful logon. **/ |
286 |
$edit = array(
|
|
293 |
$edit = [
|
|
287 | 294 |
'name' => 'hpotter', |
288 | 295 |
'pass' => 'goodpwd', |
289 |
);
|
|
296 |
];
|
|
290 | 297 |
$this->drupalPost('user', $edit, t('Log in')); |
291 | 298 |
$this->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.'); |
292 |
$this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid );
|
|
299 |
$this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid); |
|
293 | 300 |
$this->drupalGet('user/logout'); |
294 | 301 |
|
295 | 302 |
} |
296 | 303 |
|
297 | 304 |
/** |
298 |
* set mock server variables for sso tests
|
|
305 |
* Set mock server variables for sso tests.
|
|
299 | 306 |
* |
300 |
* @param object $drupal_user in drupal stdClass format |
|
301 |
* @param array $ldap_user array |
|
302 |
* @param enum ldap implementation type |
|
307 |
* @param string $server_var_key |
|
308 |
* @param string $sso_name |
|
309 |
* @param string $ldapImplementation |
|
310 |
* @param bool $seamlessLogin |
|
303 | 311 |
* |
312 |
* @return object |
|
304 | 313 |
*/ |
305 | 314 |
private function setSsoServerEnvironment( |
306 | 315 |
$server_var_key = 'REMOTE_USER', |
... | ... | |
309 | 318 |
$seamlessLogin = TRUE |
310 | 319 |
) { |
311 | 320 |
|
312 |
// clear past environment
|
|
321 |
// Clear past environment.
|
|
313 | 322 |
ldap_servers_delete_globals('_SERVER', 'REMOTE_USER', TRUE); |
314 | 323 |
ldap_servers_delete_globals('_SERVER', 'REDIRECT_REMOTE_USER', TRUE); |
315 | 324 |
|
... | ... | |
317 | 326 |
|
318 | 327 |
$authenticationConf->ssoEnabled = TRUE; |
319 | 328 |
$authenticationConf->ssoRemoteUserStripDomainName = FALSE; |
320 |
$authenticationConf->ssoExcludedPaths = array();
|
|
321 |
$authenticationConf->ssoExcludedHosts = array();
|
|
329 |
$authenticationConf->ssoExcludedPaths = [];
|
|
330 |
$authenticationConf->ssoExcludedHosts = [];
|
|
322 | 331 |
$authenticationConf->seamlessLogin = $seamlessLogin; |
323 | 332 |
$authenticationConf->ldapImplementation = $ldapImplementation; |
324 | 333 |
|
325 | 334 |
if ($sso_name !== FALSE) { |
326 |
if (strpos($sso_name, '@')) {
|
|
335 |
if (strpos($sso_name, '@')) { |
|
327 | 336 |
$sso_name_parts = explode('@', $sso_name); |
328 | 337 |
$sso_name = $sso_name_parts[0]; |
329 | 338 |
$authenticationConf->ssoRemoteUserStripDomainName = TRUE; |
... | ... | |
334 | 343 |
return ldap_authentication_get_valid_conf(TRUE); |
335 | 344 |
|
336 | 345 |
} |
337 |
/** |
|
338 |
* LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*) |
|
339 |
*/ |
|
340 |
function testSSOUserLogon() { |
|
341 | 346 |
|
342 |
module_enable(array('ldap_sso', 'ldap_help')); |
|
347 |
/** |
|
348 |
* LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*) |
|
349 |
*/ |
|
350 |
public function testSSOUserLogon() { |
|
351 |
|
|
352 |
module_enable(['ldap_sso', 'ldap_help']); |
|
343 | 353 |
|
344 | 354 |
$sid = 'activedirectory1'; |
345 | 355 |
$testid = 'SSOUserLogon3'; |
346 |
$sids = array($sid);
|
|
356 |
$sids = [$sid];
|
|
347 | 357 |
$this->prepTestData( |
348 | 358 |
LDAP_TEST_LDAP_NAME, |
349 | 359 |
$sids, |
... | ... | |
355 | 365 |
$this->drupalGet('user/logout'); |
356 | 366 |
$this->drupalGet('user'); |
357 | 367 |
|
358 |
// just test that the setup works
|
|
368 |
// Just test that the setup works.
|
|
359 | 369 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
360 | 370 |
$this->assertTrue(ldap_servers_get_globals('_SERVER', 'REMOTE_USER', TRUE) == 'hpotter', |
361 | 371 |
'$_SERVER[REMOTE_USER] and $_SERVER[REDIRECT_REMOTE_USER] set properly for test with remote server ' . ldap_servers_get_globals('_SERVER', 'REMOTE_ADDR'), $testid); |
... | ... | |
377 | 387 |
$hpotter_ldap = $ldap_user_conf->getProvisionRelatedLdapEntry($hpotter_drupal); |
378 | 388 |
debug('hpotter ldap entry'); debug($hpotter_drupal); |
379 | 389 |
|
380 |
$tests = array(
|
|
381 |
'dontstripnames' => array('sso_name' => 'hpotter'),
|
|
382 |
'stripnames' => array('sso_name' => 'hpotter@hogwarts'),
|
|
390 |
$tests = [
|
|
391 |
'dontstripnames' => ['sso_name' => 'hpotter'],
|
|
392 |
'stripnames' => ['sso_name' => 'hpotter@hogwarts'],
|
|
383 | 393 |
|
384 |
);
|
|
394 |
];
|
|
385 | 395 |
|
386 | 396 |
foreach ($tests as $testid => $conf) { |
387 |
foreach (array('REMOTE_USER') as $server_var_key) { |
|
388 |
foreach (array('user') as $test_path) { // ,'user/login/sso' |
|
389 |
foreach (array('mod_auth_sspi', 'mod_auth_kerb') as $ldapImplementation) { // , 'mod_auth_kerb' |
|
390 |
foreach (array(TRUE, FALSE) as $seamlessLogin ) { // , FALSE |
|
397 |
foreach (['REMOTE_USER'] as $server_var_key) { |
|
398 |
// ,'user/login/sso'. |
|
399 |
foreach (['user'] as $test_path) { |
|
400 |
// , 'mod_auth_kerb'. |
|
401 |
foreach (['mod_auth_sspi', 'mod_auth_kerb'] as $ldapImplementation) { |
|
402 |
// , FALSE. |
|
403 |
foreach ([TRUE, FALSE] as $seamlessLogin) { |
|
391 | 404 |
$sso_name = $conf['sso_name']; |
392 | 405 |
$this->ldapTestId = "testSSO._SERVER-key=$server_var_key sso_name=$sso_name path=$test_path ldapImplementation=$ldapImplementation seamlessLogin=$seamlessLogin"; |
393 | 406 |
$ldapAuthenticationConf = $this->setSsoServerEnvironment($server_var_key, $sso_name, $ldapImplementation, $seamlessLogin); |
... | ... | |
402 | 415 |
} |
403 | 416 |
} |
404 | 417 |
|
405 |
|
|
406 |
function testAuthenticationWhitelistTests() { |
|
407 |
require_once(drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php'); |
|
418 |
/** |
|
419 |
* |
|
420 |
*/ |
|
421 |
public function testAuthenticationWhitelistTests() { |
|
422 |
require_once drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php'; |
|
408 | 423 |
|
409 | 424 |
$sid = 'activedirectory1'; |
410 | 425 |
$testid = 'WL3'; |
411 |
$sids = array($sid);
|
|
426 |
$sids = [$sid];
|
|
412 | 427 |
$this->prepTestData( |
413 | 428 |
'hogwarts', |
414 |
array($sid),
|
|
429 |
[$sid],
|
|
415 | 430 |
'provisionToDrupal', |
416 | 431 |
'WL3', |
417 | 432 |
'drupal_role_authentication_test' |
... | ... | |
420 | 435 |
$ldap_servers = ldap_servers_get_servers($sid, 'enabled'); |
421 | 436 |
$this->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid); |
422 | 437 |
|
423 |
// these 2 modules are configured in setup, but disabled for most authentication tests
|
|
424 |
module_disable(array('ldap_authorization_drupal_role', 'ldap_authorization'));
|
|
438 |
// These 2 modules are configured in setup, but disabled for most authentication tests.
|
|
439 |
module_disable(['ldap_authorization_drupal_role', 'ldap_authorization']);
|
|
425 | 440 |
|
426 | 441 |
/** |
427 | 442 |
* LDAP_authen.WL.user1 test for user 1 being excluded from white and black list tests |
... | ... | |
429 | 444 |
|
430 | 445 |
$user1 = user_load(1); |
431 | 446 |
$password = $this->randomString(20); |
432 |
require_once(DRUPAL_ROOT . '/includes/password.inc');
|
|
433 |
$account = array(
|
|
447 |
require_once DRUPAL_ROOT . '/includes/password.inc';
|
|
448 |
$account = [
|
|
434 | 449 |
'name' => $user1->name, |
435 | 450 |
'pass' => user_hash_password(trim($password)), |
436 |
);
|
|
451 |
];
|
|
437 | 452 |
db_update('users') |
438 | 453 |
->fields($account) |
439 | 454 |
->condition('uid', 1) |
440 | 455 |
->execute(); |
441 | 456 |
|
442 |
$edit = array(
|
|
457 |
$edit = [
|
|
443 | 458 |
'name' => $user1->name, |
444 | 459 |
'pass' => $password, |
445 |
);
|
|
460 |
];
|
|
446 | 461 |
|
447 | 462 |
$this->drupalPost('user', $edit, t('Log in')); |
448 | 463 |
$this->assertText(t('Member for'), 'User 1 successfully authenticated in LDAP_authen.WL.user1', $testid); |
449 | 464 |
$this->drupalGet('user/logout'); |
450 | 465 |
|
451 |
|
|
452 |
module_enable(array('ldap_authorization')); |
|
453 |
module_enable(array('ldap_authorization_drupal_role')); |
|
454 |
|
|
466 |
module_enable(['ldap_authorization']); |
|
467 |
module_enable(['ldap_authorization_drupal_role']); |
|
455 | 468 |
|
456 | 469 |
/** |
457 | 470 |
* prep LDAP_authen.WL.allow |
458 | 471 |
*/ |
459 | 472 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
460 |
$authenticationConf->allowOnlyIfTextInDn = array('pot');
|
|
473 |
$authenticationConf->allowOnlyIfTextInDn = ['pot'];
|
|
461 | 474 |
$authenticationConf->save(); |
462 | 475 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
463 | 476 |
|
464 |
/** |
|
477 |
/**
|
|
465 | 478 |
* LDAP_authen.WL.allow.match -- desirect_result: authenticate success |
466 | 479 |
*/ |
467 | 480 |
|
468 | 481 |
$this->AttemptLogonNewUser('hpotter'); |
469 | 482 |
$this->assertText(t('Member for'), 'User able to authenticate because in white list (allowOnlyIfTextInDn).', $testid); |
470 | 483 |
|
471 |
/** |
|
484 |
/**
|
|
472 | 485 |
* LDAP_authen.WL.allow.miss -- desirect_result: authenticate fail |
473 | 486 |
*/ |
474 | 487 |
|
475 | 488 |
$this->AttemptLogonNewUser('ssnape'); |
476 | 489 |
$this->assertText(t('User disallowed'), 'User unable to authenticate because not in white list (allowOnlyIfTextInDn).', $testid); |
477 | 490 |
|
478 |
|
|
479 | 491 |
/** |
480 | 492 |
* undo LDAP_authen.WL.allow settings |
481 | 493 |
*/ |
482 | 494 |
|
483 | 495 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
484 |
$authenticationConf->allowOnlyIfTextInDn = array();
|
|
496 |
$authenticationConf->allowOnlyIfTextInDn = [];
|
|
485 | 497 |
$authenticationConf->save(); |
486 | 498 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
487 | 499 |
/** |
488 | 500 |
* prep LDAP_authen.WL.exclude |
489 | 501 |
*/ |
490 | 502 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
491 |
$authenticationConf->excludeIfTextInDn = array('cn=ssnape');
|
|
503 |
$authenticationConf->excludeIfTextInDn = ['cn=ssnape'];
|
|
492 | 504 |
$authenticationConf->save(); |
493 | 505 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
494 | 506 |
|
495 |
/** |
|
507 |
/**
|
|
496 | 508 |
* LDAP_authen.WL.exclude.match -- desirect_result: authenticate fail |
497 | 509 |
*/ |
498 | 510 |
|
499 | 511 |
$this->AttemptLogonNewUser('ssnape'); |
500 | 512 |
$this->assertText(t('User disallowed'), 'User unable to authenticate in exclude list (excludeIfTextInDn).', $testid); |
501 | 513 |
|
502 |
/** |
|
514 |
/**
|
|
503 | 515 |
* LDAP_authen.WL.exclude.miss-- desirect_result: authenticate success |
504 | 516 |
*/ |
505 | 517 |
|
... | ... | |
511 | 523 |
*/ |
512 | 524 |
|
513 | 525 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
514 |
$authenticationConf->excludeIfTextInDn = array();
|
|
526 |
$authenticationConf->excludeIfTextInDn = [];
|
|
515 | 527 |
$authenticationConf->save(); |
516 | 528 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
517 | 529 |
|
... | ... | |
531 | 543 |
|
532 | 544 |
$authenticationConf->save(); |
533 | 545 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
534 |
/** |
|
546 |
/**
|
|
535 | 547 |
* LDAP_authen.WL.php.php disabled -- desired result: authenticate fail with warning the authentication disabled |
536 | 548 |
*/ |
537 |
module_disable(array('php'));
|
|
549 |
module_disable(['php']);
|
|
538 | 550 |
$this->AttemptLogonNewUser('adumbledore'); |
539 | 551 |
$this->assertText( |
540 | 552 |
LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, |
541 | 553 |
'With php disabled and php code in whitelist, refuse authentication. (allowTestPhp).', |
542 | 554 |
$testid |
543 | 555 |
); |
544 |
module_enable(array('php'));
|
|
556 |
module_enable(['php']);
|
|
545 | 557 |
|
546 |
|
|
547 |
/** |
|
558 |
/** |
|
548 | 559 |
* LDAP_authen.WL.php.true -- desired result: authenticate success |
549 | 560 |
*/ |
550 | 561 |
$this->AttemptLogonNewUser('hpotter'); |
551 | 562 |
$this->assertText(t('Member for'), 'Able to authenticate because php returned true (allowTestPhp).', $testid); |
552 | 563 |
|
553 |
/** |
|
564 |
/**
|
|
554 | 565 |
* LDAP_authen.WL.php.false-- desired result: authenticate fail |
555 | 566 |
*/ |
556 | 567 |
|
... | ... | |
561 | 572 |
$testid |
562 | 573 |
); |
563 | 574 |
|
564 |
|
|
565 |
/** |
|
575 |
/** |
|
566 | 576 |
* clear LDAP_authen.WL.php |
567 | 577 |
*/ |
568 | 578 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
... | ... | |
570 | 580 |
$authenticationConf->save(); |
571 | 581 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
572 | 582 |
|
573 |
/** |
|
583 |
/**
|
|
574 | 584 |
* need to test username changes with PUID |
575 | 585 |
* - given a user exists |
576 | 586 |
* - change samaccountname in ldap server |
... | ... | |
579 | 589 |
* |
580 | 590 |
*/ |
581 | 591 |
|
592 |
/*** multiple options used in whitelist **/ |
|
582 | 593 |
|
583 |
/*** multiple options used in whitelist **/ |
|
584 |
|
|
585 |
|
|
586 |
|
|
587 |
/** |
|
594 |
/** |
|
588 | 595 |
* LDAP_authen.WL.allow[match].exclude[match] -- desired result: authenticate fail |
589 | 596 |
*/ |
590 | 597 |
|
591 |
|
|
592 |
|
|
593 |
/** |
|
598 |
/** |
|
594 | 599 |
* LDAP_authen.WL.allow[match].exclude[miss] -- desired result: authenticate success |
595 | 600 |
*/ |
596 | 601 |
|
597 |
|
|
598 | 602 |
/** |
599 | 603 |
* LDAP_authen.WL.exclude[match].*-- desirect_result: authenticate fail |
600 | 604 |
*/ |
601 | 605 |
|
602 |
|
|
603 |
|
|
604 |
/** |
|
606 |
/** |
|
605 | 607 |
* LDAP_authen.WL.exclude[match].php[false] -- desired result: authenticate fail |
606 | 608 |
*/ |
607 | 609 |
|
608 |
|
|
609 |
/** |
|
610 |
/** |
|
610 | 611 |
* LDAP_authen.WL1.excludeIfNoAuthorizations.hasAuthorizations |
611 | 612 |
* test for excludeIfNoAuthorizations set to true and consumer granted authorizations |
612 | 613 |
*/ |
613 | 614 |
|
614 |
// these 2 modules are configured in setup, but disabled for most authentication tests
|
|
615 |
module_disable(array('ldap_authorization_drupal_role', 'ldap_authorization'));
|
|
615 |
// These 2 modules are configured in setup, but disabled for most authentication tests.
|
|
616 |
module_disable(['ldap_authorization_drupal_role', 'ldap_authorization']);
|
|
616 | 617 |
$authenticationConf = new LdapAuthenticationConfAdmin(); |
617 | 618 |
$authenticationConf->excludeIfNoAuthorizations = 1; |
618 | 619 |
$authenticationConf->save(); |
... | ... | |
623 | 624 |
* to make sure authentication fails completely |
624 | 625 |
*/ |
625 | 626 |
|
626 |
|
|
627 | 627 |
$this->AttemptLogonNewUser('hpotter'); |
628 | 628 |
$this->assertText( |
629 | 629 |
LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, |
... | ... | |
633 | 633 |
$testid |
634 | 634 |
); |
635 | 635 |
|
636 |
module_enable(array('ldap_authorization'), TRUE); |
|
637 |
module_enable(array('ldap_authorization_drupal_role'), TRUE); |
|
638 |
$consumer = ldap_authorization_get_consumers('drupal_role', TRUE, TRUE); // clear static cache |
|
636 |
module_enable(['ldap_authorization'], TRUE); |
|
637 |
module_enable(['ldap_authorization_drupal_role'], TRUE); |
|
638 |
// Clear static cache. |
|
639 |
$consumer = ldap_authorization_get_consumers('drupal_role', TRUE, TRUE); |
|
639 | 640 |
|
640 | 641 |
$this->AttemptLogonNewUser('hpotter'); |
641 | 642 |
$this->assertText( |
... | ... | |
661 | 662 |
$authenticationConf->excludeIfNoAuthorizations = 0; |
662 | 663 |
$authenticationConf->save(); |
663 | 664 |
$authenticationConf = ldap_authentication_get_valid_conf(TRUE); |
664 |
module_disable(array('ldap_authorization_drupal_role', 'ldap_authorization')); |
|
665 |
|
|
665 |
module_disable(['ldap_authorization_drupal_role', 'ldap_authorization']); |
|
666 | 666 |
|
667 | 667 |
} |
668 | 668 |
|
669 | 669 |
/** |
670 |
* make sure user admin interface works.
|
|
670 |
* Make sure user admin interface works.
|
|
671 | 671 |
*/ |
672 |
function testUI() { |
|
672 |
public function testUI() {
|
|
673 | 673 |
|
674 |
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
674 |
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
675 | 675 |
$setup_success = ( |
676 | 676 |
module_exists('ldap_user') && |
677 | 677 |
module_exists('ldap_servers') && |
... | ... | |
681 | 681 |
$this->assertTrue($setup_success, ' ldap_authentication UI setup successful', $this->testId('user interface tests')); |
682 | 682 |
|
683 | 683 |
$sid = 'activedirectory1'; |
684 |
$sids = array('activedirectory1');
|
|
684 |
$sids = ['activedirectory1'];
|
|
685 | 685 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default'); |
686 | 686 |
|
687 |
$this->privileged_user = $this->drupalCreateUser(array(
|
|
687 |
$this->privileged_user = $this->drupalCreateUser([
|
|
688 | 688 |
'administer site configuration', |
689 |
));
|
|
689 |
]);
|
|
690 | 690 |
|
691 | 691 |
$this->drupalLogin($this->privileged_user); |
692 | 692 |
|
... | ... | |
694 | 694 |
|
695 | 695 |
$this->drupalGet('admin/config/people/ldap/authentication'); |
696 | 696 |
|
697 |
$form_tests = array(
|
|
698 |
'authenticationMode' => array(
|
|
697 |
$form_tests = [
|
|
698 |
'authenticationMode' => [
|
|
699 | 699 |
'property' => 'authenticationMode', |
700 |
'values' => array(
|
|
700 |
'values' => [
|
|
701 | 701 |
LDAP_AUTHENTICATION_MIXED, |
702 |
LDAP_AUTHENTICATION_EXCLUSIVE |
|
703 |
),
|
|
702 |
LDAP_AUTHENTICATION_EXCLUSIVE,
|
|
703 |
],
|
|
704 | 704 |
'required' => TRUE, |
705 |
),
|
|
706 |
'authenticationServers[' . $sid . ']' => array(
|
|
705 |
],
|
|
706 |
'authenticationServers[' . $sid . ']' => [
|
|
707 | 707 |
'property' => 'enabledAuthenticationServers', |
708 |
'values' => array(
|
|
708 |
'values' => [
|
|
709 | 709 |
TRUE, |
710 | 710 |
TRUE, |
711 |
), |
|
712 |
'desired_result' => array( |
|
713 |
array($sid), |
|
714 |
array($sid), |
|
715 |
) |
|
716 |
), |
|
717 |
'loginUIUsernameTxt' => |
|
718 |
array( |
|
719 |
'property' => 'loginUIUsernameTxt', |
|
720 |
'values' => array( |
|
721 |
'', |
|
722 |
'Hogwarts UserID', |
|
723 |
), |
|
724 |
), |
|
725 |
'loginUIPasswordTxt' => |
|
726 |
array( |
|
727 |
'property' => 'loginUIPasswordTxt', |
|
728 |
'values' => array( |
|
729 |
'', |
|
730 |
'Hogwarts UserID Password', |
|
731 |
), |
|
732 |
), |
|
733 |
'ldapUserHelpLinkUrl' => |
|
734 |
array( |
|
735 |
'property' => 'ldapUserHelpLinkUrl', |
|
736 |
'values' => array( |
|
737 |
'', |
|
738 |
'http://passwords.hogwarts.edu', |
|
739 |
), |
|
740 |
), |
|
741 |
'ldapUserHelpLinkText' => |
|
742 |
array( |
|
743 |
'property' => 'ldapUserHelpLinkText', |
|
744 |
'values' => array( |
|
745 |
'Hogwarts Password Management Page', |
|
746 |
'Hogwarts Password Management Page' |
|
747 |
), |
|
748 |
), |
|
749 |
'allowOnlyIfTextInDn' => array( |
|
711 |
], |
|
712 |
'desired_result' => [ |
|
713 |
[$sid], |
|
714 |
[$sid], |
|
715 |
], |
|
716 |
], |
|
717 |
'loginUIUsernameTxt' => [ |
|
718 |
'property' => 'loginUIUsernameTxt', |
|
719 |
'values' => [ |
|
720 |
'', |
|
721 |
'Hogwarts UserID', |
|
722 |
], |
|
723 |
], |
|
724 |
'loginUIPasswordTxt' => [ |
|
725 |
'property' => 'loginUIPasswordTxt', |
|
726 |
'values' => [ |
|
727 |
'', |
|
728 |
'Hogwarts UserID Password', |
|
729 |
], |
|
730 |
], |
|
731 |
'ldapUserHelpLinkUrl' => [ |
|
732 |
'property' => 'ldapUserHelpLinkUrl', |
|
733 |
'values' => [ |
|
734 |
'', |
|
735 |
'http://passwords.hogwarts.edu', |
|
736 |
], |
|
737 |
], |
|
738 |
'ldapUserHelpLinkText' => [ |
|
739 |
'property' => 'ldapUserHelpLinkText', |
|
740 |
'values' => [ |
|
741 |
'Hogwarts Password Management Page', |
|
742 |
'Hogwarts Password Management Page', |
|
743 |
], |
|
744 |
], |
|
745 |
'allowOnlyIfTextInDn' => [ |
|
750 | 746 |
'property' => 'allowOnlyIfTextInDn', |
751 |
'values' => array(
|
|
747 |
'values' => [
|
|
752 | 748 |
'witch\nwarlord\nwisecracker', |
753 |
"witch\nwarlord\nwisecracker" |
|
754 |
),
|
|
755 |
'desired_result' => array(
|
|
756 |
array('witch', 'warlord', 'wisecracker'),
|
|
757 |
array('witch', 'warlord', 'wisecracker'),
|
|
758 |
)
|
|
759 |
),
|
|
760 |
'excludeIfTextInDn' => array(
|
|
749 |
"witch\nwarlord\nwisecracker",
|
|
750 |
],
|
|
751 |
'desired_result' => [
|
|
752 |
['witch', 'warlord', 'wisecracker'],
|
|
753 |
['witch', 'warlord', 'wisecracker'],
|
|
754 |
],
|
|
755 |
],
|
|
756 |
'excludeIfTextInDn' => [
|
|
761 | 757 |
'property' => 'excludeIfTextInDn', |
762 |
'values' => array( |
|
758 |
'values' => [ |
|
759 |
"muggle\nmuddle\nmummy", |
|
763 | 760 |
"muggle\nmuddle\nmummy", |
764 |
"muggle\nmuddle\nmummy" |
|
765 |
), |
|
766 |
'desired_result' => array( |
|
767 |
array('muggle', 'muddle', 'mummy'), |
|
768 |
array('muggle', 'muddle', 'mummy'), |
|
769 |
) |
|
770 |
), |
|
771 |
'excludeIfNoAuthorizations' => array( |
|
761 |
], |
|
762 |
'desired_result' => [ |
|
763 |
['muggle', 'muddle', 'mummy'], |
|
764 |
['muggle', 'muddle', 'mummy'], |
|
765 |
], |
|
766 |
], |
|
767 |
'excludeIfNoAuthorizations' => [ |
|
772 | 768 |
'property' => 'excludeIfNoAuthorizations', |
773 |
'values' => array(
|
|
774 |
array(TRUE),
|
|
775 |
array(TRUE),
|
|
776 |
),
|
|
777 |
),
|
|
778 |
'emailOption' => array(
|
|
769 |
'values' => [
|
|
770 |
[TRUE],
|
|
771 |
[TRUE],
|
|
772 |
],
|
|
773 |
],
|
|
774 |
'emailOption' => [
|
|
779 | 775 |
'property' => 'emailOption', |
780 |
'values' => array(
|
|
776 |
'values' => [
|
|
781 | 777 |
LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE, |
782 | 778 |
LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE, |
783 |
),
|
|
779 |
],
|
|
784 | 780 |
'required' => TRUE, |
785 |
),
|
|
786 |
'emailUpdate' => array(
|
|
781 |
],
|
|
782 |
'emailUpdate' => [
|
|
787 | 783 |
'property' => 'emailUpdate', |
788 |
'values' => array(
|
|
784 |
'values' => [
|
|
789 | 785 |
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE, |
790 | 786 |
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE, |
791 |
),
|
|
787 |
],
|
|
792 | 788 |
'required' => TRUE, |
793 |
),
|
|
794 |
'allowTestPhp' => array(
|
|
789 |
],
|
|
790 |
'allowTestPhp' => [
|
|
795 | 791 |
'property' => 'allowTestPhp', |
796 |
'values' => array(
|
|
792 |
'values' => [
|
|
797 | 793 |
'pretend php', |
798 | 794 |
'pretend php', |
799 |
),
|
|
800 |
),
|
|
801 |
);
|
|
795 |
],
|
|
796 |
],
|
|
797 |
];
|
|
802 | 798 |
|
803 |
module_enable(array('php'));
|
|
804 |
foreach (array(0, 1) as $i) {
|
|
805 |
$edit = array();
|
|
799 |
module_enable(['php']);
|
|
800 |
foreach ([0, 1] as $i) {
|
|
801 |
$edit = [];
|
|
806 | 802 |
foreach ($form_tests as $field_name => $conf) { |
807 | 803 |
$value = $conf['values'][$i]; |
808 | 804 |
$property = isset($conf['property']) ? $conf['property'] : $field_name; |
Formats disponibles : Unified diff
Weekly update of contrib modules