Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/tests/Og2Tests.test | ||
---|---|---|
1 | 1 |
<?php |
2 | 2 |
|
3 | 3 |
/** |
4 |
* @file Simpletest for Ldap Authorization OG Module, for og 7.x-2.x. |
|
5 |
* |
|
6 |
* Manual testing to accompany simpletests: |
|
7 |
* - logon with og authorization disabled and make sure nothing happens |
|
8 |
* - logon with og authorization enabled and make sure admin and member group memberships granted |
|
9 |
* - change mappings so no roles granted |
|
10 |
* - logon and make sure memberships revoked. |
|
4 |
* @file |
|
5 |
* Simpletest for Ldap Authorization OG Module, for og 7.x-2.x. |
|
11 | 6 |
*/ |
12 | 7 |
|
13 | 8 |
drupal_load('module', 'ldap_test'); |
14 | 9 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class'); |
15 | 10 |
require_once drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php'; |
11 |
|
|
16 | 12 |
/** |
13 |
* Simpletest for Ldap Authorization OG Module, for og 7.x-2.x. |
|
17 | 14 |
* |
15 |
* Manual testing to accompany simpletests: |
|
16 |
* - logon with og authorization disabled and make sure nothing happens |
|
17 |
* - logon with og authorization enabled and make sure admin and member group memberships granted |
|
18 |
* - change mappings so no roles granted |
|
19 |
* - logon and make sure memberships revoked. |
|
18 | 20 |
*/ |
19 | 21 |
class LdapAuthorizationOg2Tests extends LdapTestCase { |
20 | 22 |
|
... | ... | |
22 | 24 |
public $groupBundle = 'group'; |
23 | 25 |
public $groupType = 'node'; |
24 | 26 |
public $group_content_type = NULL; |
25 |
public $group_nodes = array();
|
|
27 |
public $group_nodes = [];
|
|
26 | 28 |
public $user1; |
27 | 29 |
public $consumerType = 'og_group'; |
28 | 30 |
public $module_name = 'ldap_authorization_og'; |
29 | 31 |
protected $ldap_test_data; |
30 |
public $customOgRoles = array(
|
|
31 |
'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
|
32 |
'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
|
33 |
);
|
|
32 |
public $customOgRoles = [
|
|
33 |
'dungeon-master' => ['entity_type' => 'node', 'bundle_type' => 'group'],
|
|
34 |
'time-keeper' => ['entity_type' => 'node', 'bundle_type' => 'group'],
|
|
35 |
];
|
|
34 | 36 |
|
35 | 37 |
/** |
36 | 38 |
* |
37 | 39 |
*/ |
38 | 40 |
public static function getInfo() { |
39 |
return array(
|
|
41 |
return [
|
|
40 | 42 |
'group' => 'LDAP Authorization', |
41 | 43 |
'name' => 'OG 7.x-2.x Tests.', |
42 | 44 |
'description' => 'Test ldap authorization og 2.', |
43 |
);
|
|
45 |
];
|
|
44 | 46 |
} |
45 | 47 |
|
46 | 48 |
/** |
... | ... | |
53 | 55 |
/** |
54 | 56 |
* |
55 | 57 |
*/ |
56 |
public function setUp($addl_modules = array()) {
|
|
57 |
parent::setUp(array('ldap_authentication', 'ldap_authorization', 'ldap_authorization_og'));
|
|
58 |
public function setUp($addl_modules = []) {
|
|
59 |
parent::setUp(['ldap_authentication', 'ldap_authorization', 'ldap_authorization_og']);
|
|
58 | 60 |
variable_set('ldap_simpletest', 2); |
59 | 61 |
|
60 | 62 |
$this->user1 = $this->drupalCreateUser(); |
61 |
$this->groups = array();
|
|
62 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
|
|
63 |
$this->groups = [];
|
|
64 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, ['activedirectory1']);
|
|
63 | 65 |
|
64 | 66 |
// Create group and group content node types. |
65 |
$this->groupBundle = $this->drupalCreateContentType(array(
|
|
67 |
$this->groupBundle = $this->drupalCreateContentType([
|
|
66 | 68 |
'type' => 'group', |
67 | 69 |
'name' => 'OG Group', |
68 |
))->type;
|
|
70 |
])->type;
|
|
69 | 71 |
|
70 | 72 |
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle); |
71 | 73 |
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle); |
... | ... | |
75 | 77 |
$this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME); |
76 | 78 |
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) { |
77 | 79 |
$label = $group['cn']; |
78 |
$settings = array();
|
|
80 |
$settings = [];
|
|
79 | 81 |
$settings['type'] = $this->groupBundle; |
80 | 82 |
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1; |
81 | 83 |
$settings['uid'] = $this->user1->uid; |
... | ... | |
106 | 108 |
* Get test data in convenient format, so tests are easier to read and write. |
107 | 109 |
*/ |
108 | 110 |
public function getTestData($debug = FALSE) { |
109 |
$group_nodes = array();
|
|
110 |
$group_nids = array();
|
|
111 |
$group_entity_ids = array();
|
|
112 |
$roles = array();
|
|
113 |
$roles_by_name = array();
|
|
114 |
$consumer_ids = array();
|
|
115 |
foreach (array('gryffindor', 'students', 'faculty', 'users', 'hufflepuff', 'slytherin') as $i => $group_name) {
|
|
111 |
$group_nodes = [];
|
|
112 |
$group_nids = [];
|
|
113 |
$group_entity_ids = [];
|
|
114 |
$roles = [];
|
|
115 |
$roles_by_name = [];
|
|
116 |
$consumer_ids = [];
|
|
117 |
foreach (['gryffindor', 'students', 'faculty', 'users', 'hufflepuff', 'slytherin'] as $i => $group_name) {
|
|
116 | 118 |
list($group_nodes[$group_name], $group_entity_ids[$group_name]) = ldap_authorization_og2_get_group_from_name($this->groupEntityType, $group_name); |
117 | 119 |
$nid = $group_nodes[$group_name]->nid; |
118 | 120 |
$group_nids[$group_name] = $nid; |
... | ... | |
126 | 128 |
if ($debug) { |
127 | 129 |
debug("group_nids"); debug($group_nids); debug("group_entity_ids"); debug($group_entity_ids); debug("roles"); debug($roles); debug("roles_by_name"); debug($roles_by_name); |
128 | 130 |
} |
129 |
return array($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids);
|
|
131 |
return [$group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids];
|
|
130 | 132 |
} |
131 | 133 |
|
132 | 134 |
/** |
... | ... | |
169 | 171 |
* og_is_member($group_type, $gid, $entity_type = 'user', $entity = NULL, $states = array(OG_STATE_ACTIVE)) |
170 | 172 |
*/ |
171 | 173 |
|
172 |
$values = array(
|
|
174 |
$values = [
|
|
173 | 175 |
'entity_type' => 'user', |
174 | 176 |
'entity' => $web_user->uid, |
175 | 177 |
'field_name' => FALSE, |
176 | 178 |
'state' => OG_STATE_ACTIVE, |
177 |
);
|
|
179 |
];
|
|
178 | 180 |
$og_gryffindor_membership = og_group($this->groupType, $group_nids['gryffindor'], $values); |
179 | 181 |
$og_faculty_membership = og_group($this->groupType, $group_nids['faculty'], $values); |
180 | 182 |
|
... | ... | |
185 | 187 |
|
186 | 188 |
// Need to reload because of issue with og_group and og_role_grant. |
187 | 189 |
$web_user = user_load($web_user->uid, TRUE); |
188 |
$ids = array($web_user->uid);
|
|
190 |
$ids = [$web_user->uid];
|
|
189 | 191 |
$user_entity = entity_load('user', $ids); |
190 | 192 |
|
191 | 193 |
$this->assertTrue(og_is_member($this->groupType, $group_nids['gryffindor'], 'user', $web_user), |
... | ... | |
217 | 219 |
$this->assertTrue($og_auth->hasAuthorization($web_user, ldap_authorization_og_authorization_id($group_nids['faculty'], $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE], 'node')), |
218 | 220 |
'hasAuthorization() method works for non LDAP provisioned og authorization, faculty admin role', $this->ldapTestId); |
219 | 221 |
|
220 |
$should_haves = array(
|
|
222 |
$should_haves = [
|
|
221 | 223 |
$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE] => 'gryffindor member', |
222 | 224 |
$consumer_ids['faculty'][OG_AUTHENTICATED_ROLE] => 'faculty member', |
223 | 225 |
$consumer_ids['faculty'][OG_ADMINISTRATOR_ROLE] => 'faculty admin', |
224 | 226 |
$consumer_ids['faculty']['dungeon-master'] => 'faculty dungeon master', |
225 |
);
|
|
227 |
];
|
|
226 | 228 |
|
227 | 229 |
foreach ($should_haves as $consumer_id => $descriptor) { |
228 | 230 |
$this->assertTrue(ldap_authorization_og2_has_consumer_id($consumer_id, $web_user->uid), |
... | ... | |
230 | 232 |
} |
231 | 233 |
|
232 | 234 |
$ldap_entry = NULL; |
233 |
$user_data = array();
|
|
235 |
$user_data = [];
|
|
234 | 236 |
$web_user = user_load($web_user->uid, TRUE); |
235 | 237 |
|
236 | 238 |
$this->assertTrue(ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid), |
237 | 239 |
"LdapAuthorizationConsumerOG has faculty member role BEFORE authorizationRevoke() test revoke on member role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
238 | 240 |
|
239 | 241 |
$web_user = user_load($web_user->uid, TRUE); |
240 |
$consumers = array($consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer);
|
|
242 |
$consumers = [$consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer];
|
|
241 | 243 |
$og_auth->authorizationRevoke($web_user, $user_data, $consumers, $ldap_entry, TRUE); |
242 | 244 |
$result = ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid); |
243 | 245 |
$this->assertFalse($result, |
244 | 246 |
"LdapAuthorizationConsumerOG authorizationRevoke() test revoke on member role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
245 | 247 |
|
246 | 248 |
$web_user = user_load($web_user->uid, TRUE); |
247 |
$consumers = array($consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer);
|
|
249 |
$consumers = [$consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer];
|
|
248 | 250 |
$og_auth->authorizationRevoke($web_user, $user_data, $consumers, $ldap_entry, TRUE); |
249 | 251 |
$this->assertFalse(ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid), |
250 | 252 |
"LdapAuthorizationConsumerOG authorizationRevoke() test revoke on custom member role role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
... | ... | |
253 | 255 |
$initial_user_authorizations = $og_auth->usersAuthorizations($web_user, TRUE, TRUE); |
254 | 256 |
debug("initial_user_authorizations authorizations:"); debug($initial_user_authorizations); |
255 | 257 |
debug("initial_user data:"); debug($web_user->data); |
256 |
$og_auth->authorizationGrant($web_user, $user_data, array($consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
258 |
$og_auth->authorizationGrant($web_user, $user_data, [$consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer], $ldap_entry, TRUE);
|
|
257 | 259 |
$success = ldap_authorization_og2_has_consumer_id($consumer_ids['students'][OG_AUTHENTICATED_ROLE], $web_user->uid); |
258 | 260 |
$this->assertTrue($success, "LdapAuthorizationConsumerOG authorizationGrant() test grant on member role " . $consumer_ids['students'][OG_AUTHENTICATED_ROLE], $this->ldapTestId); |
259 | 261 |
if (!$success) { |
260 |
debug(array($user_data, array($consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer)));
|
|
262 |
debug([$user_data, [$consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer]]);
|
|
261 | 263 |
debug("user authorizations:"); debug($og_auth->usersAuthorizations($web_user, TRUE)); |
262 | 264 |
} |
263 | 265 |
$web_user = user_load($web_user->uid, TRUE); |
264 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, array('node:454:44334' => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
266 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, ['node:454:44334' => $og_auth->emptyConsumer], $ldap_entry, TRUE);
|
|
265 | 267 |
$this->assertFalse($result, |
266 | 268 |
'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId); |
267 | 269 |
|
268 | 270 |
$web_user = user_load($web_user->uid, TRUE); |
269 |
$result = $og_auth->authorizationGrant($web_user, $user_data, array('node:454:44334' => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
271 |
$result = $og_auth->authorizationGrant($web_user, $user_data, ['node:454:44334' => $og_auth->emptyConsumer], $ldap_entry, TRUE);
|
|
270 | 272 |
$this->assertFalse($result, |
271 | 273 |
'LdapAuthorizationConsumerOG authorizationGrant() test grant of bogus authorization', $this->ldapTestId); |
272 | 274 |
|
273 | 275 |
$web_user = user_load($web_user->uid, TRUE); |
274 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, array('bogusformat'), $ldap_entry, TRUE);
|
|
276 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, ['bogusformat'], $ldap_entry, TRUE);
|
|
275 | 277 |
$this->assertFalse($result, |
276 | 278 |
'LdapAuthorizationConsumerOG authorizationRevoke() test revoke malformed params', $this->ldapTestId); |
277 | 279 |
|
278 | 280 |
$web_user = user_load($web_user->uid, TRUE); |
279 |
$result = $og_auth->authorizationGrant($web_user, $user_data, array('bogusformat'), $ldap_entry, TRUE);
|
|
281 |
$result = $og_auth->authorizationGrant($web_user, $user_data, ['bogusformat'], $ldap_entry, TRUE);
|
|
280 | 282 |
$this->assertFalse($result, |
281 | 283 |
'LdapAuthorizationConsumerOG authorizationGrant() test grant malformed params', $this->ldapTestId); |
282 | 284 |
|
... | ... | |
305 | 307 |
$sid = 'activedirectory1'; |
306 | 308 |
$this->prepTestData( |
307 | 309 |
LDAP_TEST_LDAP_NAME, |
308 |
array($sid),
|
|
310 |
[$sid],
|
|
309 | 311 |
'provisionToDrupal', |
310 | 312 |
'default', |
311 | 313 |
'og_group2' |
... | ... | |
330 | 332 |
$this->consumerAdminConf['og_group']->status = 0; |
331 | 333 |
$this->consumerAdminConf['og_group']->save(); |
332 | 334 |
|
333 |
$user = $this->drupalCreateUser(array());
|
|
334 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
335 |
$user = $this->drupalCreateUser([]);
|
|
336 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(['name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'], TRUE, $user);
|
|
335 | 337 |
|
336 | 338 |
// Just see if the correct ones are derived. |
337 | 339 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); |
... | ... | |
364 | 366 |
$this->consumerAdminConf['og_group']->status = 1; |
365 | 367 |
$this->consumerAdminConf['og_group']->save(); |
366 | 368 |
|
367 |
$user = $this->drupalCreateUser(array());
|
|
368 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user);
|
|
369 |
$user = $this->drupalCreateUser([]);
|
|
370 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(['name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'], TRUE, $user);
|
|
369 | 371 |
|
370 | 372 |
// Remove old authmap in case it exists so test will work. |
371 | 373 |
db_delete('authmap') |
... | ... | |
390 | 392 |
|
391 | 393 |
$this->consumerAdminConf['og_group']->synchOnLogon = 0; |
392 | 394 |
$this->consumerAdminConf['og_group']->save(); |
393 |
$edit = array(
|
|
395 |
$edit = [
|
|
394 | 396 |
'name' => 'hgrainger', |
395 | 397 |
'pass' => 'goodpwd', |
396 |
);
|
|
398 |
];
|
|
397 | 399 |
$this->drupalPost('user', $edit, t('Log in')); |
398 | 400 |
$this->assertText( |
399 | 401 |
t('Member for'), |
... | ... | |
411 | 413 |
|
412 | 414 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1; |
413 | 415 |
$this->consumerAdminConf['og_group']->save(); |
414 |
$edit = array(
|
|
416 |
$edit = [
|
|
415 | 417 |
'name' => 'hgrainger', |
416 | 418 |
'pass' => 'goodpwd', |
417 |
);
|
|
419 |
];
|
|
418 | 420 |
$this->drupalPost('user', $edit, t('Log in')); |
419 | 421 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', |
420 | 422 |
'LDAP_authorz.Flags.synchOnLogon=1'); |
... | ... | |
451 | 453 |
// Set correct roles manually. |
452 | 454 |
$hpotter = user_load_by_name('hpotter'); |
453 | 455 |
user_delete($hpotter->uid); |
454 |
$user = $this->drupalCreateUser(array());
|
|
455 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
456 |
$edit = array(
|
|
456 |
$user = $this->drupalCreateUser([]);
|
|
457 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(['name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'], TRUE, $user);
|
|
458 |
$edit = [
|
|
457 | 459 |
'name' => 'hpotter', |
458 | 460 |
'pass' => 'goodpwd', |
459 |
);
|
|
461 |
];
|
|
460 | 462 |
$this->drupalPost('user', $edit, t('Log in')); |
461 | 463 |
$this->assertText( |
462 | 464 |
t('Member for'), |
... | ... | |
472 | 474 |
$roles[$troublemaker->rid] = $troublemaker->name; |
473 | 475 |
$roles[$superadmin->rid] = $superadmin->name; |
474 | 476 |
|
475 |
$data = array(
|
|
477 |
$data = [
|
|
476 | 478 |
'roles' => $roles, |
477 |
'data' => array(
|
|
479 |
'data' => [
|
|
478 | 480 |
'ldap_authorizations' => |
479 |
array(
|
|
481 |
[
|
|
480 | 482 |
'og_group' => |
481 |
array(
|
|
483 |
[
|
|
482 | 484 |
$superadmin->name => |
483 |
array('date_granted' => 1304216778),
|
|
484 |
),
|
|
485 |
),
|
|
486 |
),
|
|
487 |
);
|
|
485 |
['date_granted' => 1304216778],
|
|
486 |
],
|
|
487 |
],
|
|
488 |
],
|
|
489 |
];
|
|
488 | 490 |
$hpotter = user_save($hpotter, $data); |
489 | 491 |
|
490 | 492 |
// Apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role. |
... | ... | |
513 | 515 |
$hpotter = user_load($hpotter->uid, TRUE); |
514 | 516 |
$roles = $hpotter->roles; |
515 | 517 |
unset($roles[$superadmin->rid]); |
516 |
user_save($hpotter, array('roles' => $roles));
|
|
518 |
user_save($hpotter, ['roles' => $roles]);
|
|
517 | 519 |
$hpotter = user_load($hpotter->uid, TRUE); |
518 | 520 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
519 | 521 |
$hpotter = user_load($hpotter->uid, TRUE); |
... | ... | |
538 | 540 |
// @todo. this needs to be finished when creation of og groups is added to ldap authorization og functionality |
539 | 541 |
|
540 | 542 |
// Add new mapping to and enable create consumers. |
541 |
$this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
|
|
543 |
$this->prepTestData('hogwarts', [$sid], 'provisionToDrupal', 'default', 'drupal_role_default');
|
|
542 | 544 |
$this->drupalGet('user/logout'); |
543 | 545 |
$new_role = 'oompa-loompas'; |
544 | 546 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
545 |
$this->consumerAdminConf['og_group']->mappings[] = array(
|
|
547 |
$this->consumerAdminConf['og_group']->mappings[] = [
|
|
546 | 548 |
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu', |
547 | 549 |
'user_entered' => $new_role, |
548 | 550 |
'normalized' => 'node:' . $new_role . ':' . OG_AUTHENTICATED_ROLE, |
549 | 551 |
'simplified' => $new_role, |
550 | 552 |
'valid' => TRUE, |
551 | 553 |
'error_message' => '', |
552 |
);
|
|
554 |
];
|
|
553 | 555 |
|
554 | 556 |
$this->consumerAdminConf['og_group']->save(); |
555 | 557 |
|
556 |
$edit = array(
|
|
558 |
$edit = [
|
|
557 | 559 |
'name' => 'hpotter', |
558 | 560 |
'pass' => 'goodpwd', |
559 |
);
|
|
561 |
];
|
|
560 | 562 |
$this->drupalPost('user', $edit, t('Log in')); |
561 | 563 |
|
562 | 564 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
Formats disponibles : Unified diff
Weekly update of contrib modules