1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Tests for CAS Attributes.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Helper class to automatically include the CAS Attributes module.
|
10
|
*/
|
11
|
class CasAttributesTestHelper extends CasTestHelper {
|
12
|
function setUp() {
|
13
|
// Install modules needed for this test. This could have been passed in as
|
14
|
// either a single array argument or a variable number of string arguments.
|
15
|
// @todo Remove this compatibility layer in Drupal 8, and only accept
|
16
|
// $modules as a single array argument.
|
17
|
$modules = func_get_args();
|
18
|
if (isset($modules[0]) && is_array($modules[0])) {
|
19
|
$modules = $modules[0];
|
20
|
}
|
21
|
$modules = array_merge(array('cas_attributes'), $modules);
|
22
|
parent::setUp($modules);
|
23
|
}
|
24
|
}
|
25
|
|
26
|
/**
|
27
|
* Test case for CAS attribute tokens.
|
28
|
*/
|
29
|
class CasAttributesTokenTestCase extends CasAttributesTestHelper {
|
30
|
|
31
|
public static function getInfo() {
|
32
|
return array(
|
33
|
'name' => 'CAS Attributes: Tokens',
|
34
|
'description' => 'Test CAS Attribute attribute tokens.',
|
35
|
'group' => 'Central Authentication Service',
|
36
|
);
|
37
|
}
|
38
|
|
39
|
/**
|
40
|
* Test the CAS attribute tokens.
|
41
|
*/
|
42
|
function testAttributeTokens() {
|
43
|
$account = $this->casCreateUser();
|
44
|
$attributes = array(
|
45
|
'surname' => 'Smith',
|
46
|
'givenName' => 'John',
|
47
|
'memberOf' => array(
|
48
|
'CN=Staff,OU=Groups,DC=example,DC=edu',
|
49
|
'CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu',
|
50
|
),
|
51
|
);
|
52
|
$this->casLogin($account, $attributes);
|
53
|
|
54
|
$this->assertToken('[cas:name]', $account->cas_name);
|
55
|
$this->assertToken('[cas:attribute:surname]', $attributes['surname']);
|
56
|
$this->assertToken('[cas:attribute:memberOf:first]', $attributes['memberOf'][0]);
|
57
|
$this->assertToken('[cas:attribute:memberOf:last]', $attributes['memberOf'][1]);
|
58
|
|
59
|
$keys = array_merge(array('attraStyle'), array_keys($attributes));
|
60
|
$keys = array_map('drupal_strtolower', $keys);
|
61
|
$this->assertToken('[cas:attribute:?]', t('Available attributes: %keys', array('%keys' => implode(', ', $keys))));
|
62
|
}
|
63
|
}
|
64
|
|
65
|
/**
|
66
|
* Test case for CAS attribute setting.
|
67
|
*/
|
68
|
class CasAttributesTestCase extends CasAttributesTestHelper {
|
69
|
|
70
|
function setUp() {
|
71
|
parent::setUp();
|
72
|
|
73
|
foreach (array('test_user_memberof', 'test_user_name') as $field_name) {
|
74
|
// Create a field, and an instance on 'user' entity type.
|
75
|
$field = array(
|
76
|
'field_name' => $field_name,
|
77
|
'type' => 'text',
|
78
|
'settings' => array(
|
79
|
'max_length' => 255,
|
80
|
),
|
81
|
);
|
82
|
field_create_field($field);
|
83
|
$instance = array(
|
84
|
'field_name' => $field_name,
|
85
|
'label' => t('Some user field called @field_name', array('@field_name' => $field_name)),
|
86
|
'entity_type' => 'user',
|
87
|
'bundle' => 'user',
|
88
|
);
|
89
|
field_create_instance($instance);
|
90
|
}
|
91
|
}
|
92
|
|
93
|
public static function getInfo() {
|
94
|
return array(
|
95
|
'name' => 'CAS Attributes: Login',
|
96
|
'description' => 'Test CAS Attributes are set on login.',
|
97
|
'group' => 'Central Authentication Service',
|
98
|
);
|
99
|
}
|
100
|
|
101
|
/**
|
102
|
* Test the CAS attribute tokens.
|
103
|
*/
|
104
|
function testNewUserLogin() {
|
105
|
// Create a new CAS user.
|
106
|
$cas_name = $this->randomName();
|
107
|
$attributes = array(
|
108
|
'surname' => 'Smith',
|
109
|
'givenName' => 'John',
|
110
|
'memberOf' => array(
|
111
|
'CN=Staff,OU=Groups,DC=example,DC=edu',
|
112
|
'CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu',
|
113
|
),
|
114
|
);
|
115
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
116
|
variable_set('cas_test_cas_user', $cas_user);
|
117
|
|
118
|
// Set up the relationship mappings.
|
119
|
$this->drupalLogin($this->admin_user);
|
120
|
$edit = array(
|
121
|
'cas_attributes_sync_every_login' => 0,
|
122
|
'cas_attributes_overwrite' => 1,
|
123
|
'cas_attributes_relations[name]' => '[cas:attribute:NAME]',
|
124
|
'cas_attributes_relations[mail]' => '[cas:name]@example.com',
|
125
|
'cas_attributes_relations[test_user_memberof]' => '[cas:attribute:memberOf:first]',
|
126
|
'cas_attributes_relations[test_user_name]' => '[cas:attribute:givenName] [cas:attribute:surname]',
|
127
|
);
|
128
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
129
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
130
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
131
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
132
|
$this->drupalLogout();
|
133
|
|
134
|
// Log in as the new CAS user.
|
135
|
$this->casLogin($cas_name, $attributes);
|
136
|
|
137
|
// After login, the account is reloaded into $this->loggedInUser.
|
138
|
// The account name should not have been changed, since the token should
|
139
|
// evaluate to nothing.
|
140
|
$this->assertEqual($this->loggedInUser->name, $cas_name);
|
141
|
$this->assertEqual($this->loggedInUser->mail, "$cas_name@example.com");
|
142
|
$this->assertEqual($this->loggedInUser->test_user_memberof[LANGUAGE_NONE][0]['value'], 'CN=Staff,OU=Groups,DC=example,DC=edu');
|
143
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'John Smith');
|
144
|
|
145
|
}
|
146
|
|
147
|
function testSyncEveryLogin() {
|
148
|
// Create a new CAS user.
|
149
|
$cas_name = $this->randomName();
|
150
|
$attributes = array(
|
151
|
'surname' => 'Smith',
|
152
|
'givenName' => 'John',
|
153
|
);
|
154
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
155
|
variable_set('cas_test_cas_user', $cas_user);
|
156
|
|
157
|
// Set up a relationship mapping, and leave sync_every_login turned off.
|
158
|
$this->drupalLogin($this->admin_user);
|
159
|
$edit = array(
|
160
|
'cas_attributes_sync_every_login' => 0,
|
161
|
'cas_attributes_overwrite' => 1,
|
162
|
'cas_attributes_relations[test_user_name]' => '[cas:attribute:givenName] [cas:attribute:surname]',
|
163
|
);
|
164
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
165
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
166
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
167
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
168
|
$this->drupalLogout();
|
169
|
|
170
|
// Log in as the new CAS user.
|
171
|
$this->casLogin($cas_name, $attributes);
|
172
|
|
173
|
// After login, the account is reloaded into $this->loggedInUser.
|
174
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'John Smith');
|
175
|
|
176
|
// change the attributes
|
177
|
$attributes = array(
|
178
|
'surname' => 'Smith',
|
179
|
'givenName' => 'Dave',
|
180
|
);
|
181
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
182
|
variable_set('cas_test_cas_user', $cas_user);
|
183
|
|
184
|
// log out and log back in
|
185
|
$this->drupalLogout();
|
186
|
$this->casLogin($cas_name, $attributes);
|
187
|
|
188
|
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE); // workaround since casLogin gets cached copy
|
189
|
|
190
|
// Sync every login is turned off so name should not have changed.
|
191
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'John Smith');
|
192
|
|
193
|
// turn on sync every login
|
194
|
$this->drupalLogout();
|
195
|
$this->drupalLogin($this->admin_user);
|
196
|
$edit = array(
|
197
|
'cas_attributes_sync_every_login' => 1,
|
198
|
);
|
199
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
200
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
201
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
202
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
203
|
$this->drupalLogout();
|
204
|
|
205
|
// log CAS user back in
|
206
|
$this->casLogin($cas_name, $attributes);
|
207
|
|
208
|
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE); // workaround since casLogin gets cached copy
|
209
|
|
210
|
// Sync every login is on and overwrite is on so name should be updated.
|
211
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'Dave Smith');
|
212
|
|
213
|
}
|
214
|
|
215
|
function testOverwriteAttributesLogin() {
|
216
|
// Create a new CAS user.
|
217
|
$cas_name = $this->randomName();
|
218
|
$attributes = array(
|
219
|
'surname' => 'Smith',
|
220
|
'givenName' => 'John',
|
221
|
);
|
222
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
223
|
variable_set('cas_test_cas_user', $cas_user);
|
224
|
|
225
|
// Set up a relationship mapping, and leave overwrite existing data turned off.
|
226
|
$this->drupalLogin($this->admin_user);
|
227
|
$edit = array(
|
228
|
'cas_attributes_sync_every_login' => 1,
|
229
|
'cas_attributes_overwrite' => 0,
|
230
|
'cas_attributes_relations[test_user_name]' => '[cas:attribute:givenName] [cas:attribute:surname]',
|
231
|
);
|
232
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
233
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
234
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
235
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
236
|
$this->drupalLogout();
|
237
|
|
238
|
// Log in as the new CAS user.
|
239
|
$this->casLogin($cas_name, $attributes);
|
240
|
|
241
|
// After login, the account is reloaded into $this->loggedInUser.
|
242
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'John Smith');
|
243
|
|
244
|
// change the attributes
|
245
|
$attributes = array(
|
246
|
'surname' => 'Smith',
|
247
|
'givenName' => 'Dave',
|
248
|
);
|
249
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
250
|
variable_set('cas_test_cas_user', $cas_user);
|
251
|
|
252
|
// log out and log back in
|
253
|
$this->drupalLogout();
|
254
|
$this->casLogin($cas_name, $attributes);
|
255
|
|
256
|
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE); // workaround since casLogin gets cached copy
|
257
|
|
258
|
// Overwrite existing data is turned off so name should not have changed.
|
259
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'John Smith');
|
260
|
|
261
|
// turn on sync every login
|
262
|
$this->drupalLogout();
|
263
|
$this->drupalLogin($this->admin_user);
|
264
|
$edit = array(
|
265
|
'cas_attributes_overwrite' => 1,
|
266
|
);
|
267
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
268
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
269
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
270
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
271
|
$this->drupalLogout();
|
272
|
|
273
|
// log CAS user back in
|
274
|
$this->casLogin($cas_name, $attributes);
|
275
|
|
276
|
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE); // workaround since casLogin gets cached copy
|
277
|
|
278
|
// Sync every login is on and overwrite is on so name should be updated.
|
279
|
$this->assertEqual($this->loggedInUser->test_user_name[LANGUAGE_NONE][0]['value'], 'Dave Smith');
|
280
|
|
281
|
}
|
282
|
|
283
|
function testRoleMapping() {
|
284
|
// Create a new CAS user.
|
285
|
$cas_name = $this->randomName();
|
286
|
$attributes = array(
|
287
|
'some_roles' => array(
|
288
|
'teacher','scholar',
|
289
|
),
|
290
|
);
|
291
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
292
|
variable_set('cas_test_cas_user', $cas_user);
|
293
|
|
294
|
// create several roles
|
295
|
$role_ids = array();
|
296
|
$teacher_role_id = $this->drupalCreateRole(array(), 'teacher');
|
297
|
$role_ids[$teacher_role_id] = $teacher_role_id;
|
298
|
$scholar_role_id = $this->drupalCreateRole(array(), 'scholar');
|
299
|
$role_ids[$scholar_role_id] = $scholar_role_id;
|
300
|
$philosopher_role_id = $this->drupalCreateRole(array(), 'philosopher');
|
301
|
$role_ids[$philosopher_role_id] = $philosopher_role_id;
|
302
|
|
303
|
// Manage all three new roles via CAS
|
304
|
$this->admin_user = $this->drupalCreateUser(array('administer users', 'administer cas', 'administer permissions'));
|
305
|
$this->drupalLogin($this->admin_user);
|
306
|
$edit = array(
|
307
|
'cas_attributes_sync_every_login' => 1,
|
308
|
'cas_attributes_overwrite' => 0,
|
309
|
'cas_attributes_roles_mapping' => 'some_roles',
|
310
|
);
|
311
|
foreach($role_ids as $rid) {
|
312
|
$edit['cas_attributes_roles_manage[' . $rid . ']'] = $rid;
|
313
|
}
|
314
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
315
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
316
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
317
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
318
|
$this->drupalLogout();
|
319
|
|
320
|
// Log in as the new CAS user.
|
321
|
$this->casLogin($cas_name, $attributes);
|
322
|
|
323
|
// After login, user should have roles teacher and scholar, but not philosopher
|
324
|
$user_roles = $this->loggedInUser->roles;
|
325
|
$this->assertTrue(array_key_exists($teacher_role_id, $user_roles), "Test user has role teacher.");
|
326
|
$this->assertTrue(array_key_exists($scholar_role_id, $user_roles), "Test user has role scholar.");
|
327
|
$this->assertFalse(array_key_exists($philosopher_role_id, $user_roles), "Test user does not have role philosopher.");
|
328
|
|
329
|
$this->drupalLogout();
|
330
|
|
331
|
// change the attributes
|
332
|
$attributes = array(
|
333
|
'some_roles' => array(
|
334
|
'philosopher','scholar',
|
335
|
),
|
336
|
);
|
337
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
338
|
variable_set('cas_test_cas_user', $cas_user);
|
339
|
|
340
|
// Log in again.
|
341
|
$this->casLogin($cas_name, $attributes);
|
342
|
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE); // workaround since casLogin gets cached copy
|
343
|
|
344
|
// After login, user should now have roles scholar and philosopher, but not teacher
|
345
|
$user_roles = $this->loggedInUser->roles;
|
346
|
$this->assertFalse(array_key_exists($teacher_role_id, $user_roles), "Test user does not have role teacher.");
|
347
|
$this->assertTrue(array_key_exists($scholar_role_id, $user_roles), "Test user has role scholar.");
|
348
|
$this->assertTrue(array_key_exists($philosopher_role_id, $user_roles), "Test user has role philosopher.");
|
349
|
|
350
|
$this->drupalLogout();
|
351
|
|
352
|
// stop managing philosopher role
|
353
|
$this->drupalLogin($this->admin_user);
|
354
|
$edit = array();
|
355
|
foreach($role_ids as $rid) {
|
356
|
$edit['cas_attributes_roles_manage[' . $rid . ']'] = $rid;
|
357
|
}
|
358
|
$edit['cas_attributes_roles_manage[' . $philosopher_role_id . ']'] = FALSE;
|
359
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
360
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
361
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
362
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
363
|
$this->drupalLogout();
|
364
|
|
365
|
// change the attributes again
|
366
|
$attributes = array(
|
367
|
'some_roles' => array(
|
368
|
'teacher',
|
369
|
),
|
370
|
);
|
371
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
372
|
variable_set('cas_test_cas_user', $cas_user);
|
373
|
|
374
|
// Log in yet again.
|
375
|
$this->casLogin($cas_name, $attributes);
|
376
|
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE); // workaround since casLogin gets cached copy
|
377
|
|
378
|
// After login, user should now have roles teacher and philosopher, but not scholar
|
379
|
$user_roles = $this->loggedInUser->roles;
|
380
|
$this->assertTrue(array_key_exists($teacher_role_id, $user_roles), "Test user has role teacher.");
|
381
|
$this->assertFalse(array_key_exists($scholar_role_id, $user_roles), "Test user does not have role scholar.");
|
382
|
$this->assertTrue(array_key_exists($philosopher_role_id, $user_roles), "Test user has role philosopher.");
|
383
|
|
384
|
}
|
385
|
|
386
|
function testRoleMappingFromMultipleVariables() {
|
387
|
// Create a new CAS user.
|
388
|
$cas_name = $this->randomName();
|
389
|
$attributes = array(
|
390
|
'a_role' => array(
|
391
|
'architect',
|
392
|
),
|
393
|
'some_other_roles' => array(
|
394
|
'teacher','scholar',
|
395
|
),
|
396
|
'yet_another_role' => array(
|
397
|
'doctor',
|
398
|
),
|
399
|
);
|
400
|
$cas_user = array('name' => $cas_name, 'attributes' => $attributes);
|
401
|
variable_set('cas_test_cas_user', $cas_user);
|
402
|
|
403
|
// create several roles
|
404
|
$role_ids = array();
|
405
|
$teacher_role_id = $this->drupalCreateRole(array(), 'teacher');
|
406
|
$role_ids[$teacher_role_id] = $teacher_role_id;
|
407
|
$scholar_role_id = $this->drupalCreateRole(array(), 'scholar');
|
408
|
$role_ids[$scholar_role_id] = $scholar_role_id;
|
409
|
$philosopher_role_id = $this->drupalCreateRole(array(), 'philosopher');
|
410
|
$role_ids[$philosopher_role_id] = $philosopher_role_id;
|
411
|
$architect_role_id = $this->drupalCreateRole(array(), 'architect');
|
412
|
$role_ids[$architect_role_id] = $architect_role_id;
|
413
|
$doctor_role_id = $this->drupalCreateRole(array(), 'doctor');
|
414
|
$role_ids[$doctor_role_id] = $doctor_role_id;
|
415
|
|
416
|
// Manage all five new roles via CAS
|
417
|
$this->admin_user = $this->drupalCreateUser(array('administer users', 'administer cas', 'administer permissions'));
|
418
|
$this->drupalLogin($this->admin_user);
|
419
|
$edit = array(
|
420
|
'cas_attributes_sync_every_login' => 1,
|
421
|
'cas_attributes_overwrite' => 0,
|
422
|
'cas_attributes_roles_mapping' => "a_role\nsome_other_roles \nyet_another_role\n\n",
|
423
|
);
|
424
|
foreach($role_ids as $rid) {
|
425
|
$edit['cas_attributes_roles_manage[' . $rid . ']'] = $rid;
|
426
|
}
|
427
|
$this->drupalPost('admin/config/people/cas/attributes', $edit, t('Save configuration'));
|
428
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
429
|
$this->drupalGet('admin/config/people/cas/attributes/cas');
|
430
|
$this->drupalGet('user/' . $this->admin_user->uid . '/edit');
|
431
|
$this->drupalLogout();
|
432
|
|
433
|
// Log in as the new CAS user.
|
434
|
$this->casLogin($cas_name, $attributes);
|
435
|
|
436
|
// After login, user should have roles teacher, scholar, architect, and doctor, but not philosopher
|
437
|
$user_roles = $this->loggedInUser->roles;
|
438
|
$this->assertTrue(array_key_exists($teacher_role_id, $user_roles), "Test user has role teacher.");
|
439
|
$this->assertTrue(array_key_exists($scholar_role_id, $user_roles), "Test user has role scholar.");
|
440
|
$this->assertFalse(array_key_exists($philosopher_role_id, $user_roles), "Test user does not have role philosopher.");
|
441
|
$this->assertTrue(array_key_exists($architect_role_id, $user_roles), "Test user has role architect.");
|
442
|
$this->assertTrue(array_key_exists($doctor_role_id, $user_roles), "Test user has role doctor.");
|
443
|
|
444
|
}
|
445
|
|
446
|
}
|