Révision 7547bb19
Ajouté par Assos Assos il y a environ 7 ans
| drupal7/sites/all/modules/captcha/captcha.admin.inc | ||
|---|---|---|
| 41 | 41 |
function captcha_admin_settings() {
|
| 42 | 42 |
module_load_include('inc', 'captcha');
|
| 43 | 43 |
|
| 44 |
// Use javascript for some added usability on admin form.
|
|
| 44 |
// Use JavaScript for some added usability on admin form.
|
|
| 45 | 45 |
drupal_add_js(drupal_get_path('module', 'captcha') . '/captcha.js');
|
| 46 | 46 |
|
| 47 | 47 |
// Configuration of which forms to protect, with what challenge. |
| drupal7/sites/all/modules/captcha/captcha.inc | ||
|---|---|---|
| 39 | 39 |
db_delete('captcha_points')->condition('form_id', $form_id)->execute();
|
| 40 | 40 |
} |
| 41 | 41 |
// Handle a captcha_type object. |
| 42 |
elseif (is_object($captcha_type) && isset($captcha_type->module) && isset($captcha_type->captcha_type)) {
|
|
| 42 |
elseif (is_object($captcha_type) && !empty($captcha_type->module) && !empty($captcha_type->captcha_type)) {
|
|
| 43 | 43 |
db_merge('captcha_points')
|
| 44 | 44 |
->key(array('form_id' => $form_id))
|
| 45 | 45 |
->fields(array('module' => $captcha_type->module, 'captcha_type' => $captcha_type->captcha_type))
|
| ... | ... | |
| 104 | 104 |
if (!$captcha_point) {
|
| 105 | 105 |
$captcha_point = NULL; |
| 106 | 106 |
} |
| 107 |
elseif ($captcha_point->captcha_type == 'default') {
|
|
| 107 |
elseif (!empty($captcha_point->captcha_type) && $captcha_point->captcha_type == 'default') {
|
|
| 108 | 108 |
if (!$symbolic) {
|
| 109 | 109 |
list($module, $type) = explode('/', variable_get('captcha_default_challenge', 'captcha/Math'));
|
| 110 | 110 |
$captcha_point->module = $module; |
| ... | ... | |
| 114 | 114 |
$captcha_point = 'default'; |
| 115 | 115 |
} |
| 116 | 116 |
} |
| 117 |
elseif ($captcha_point->module == NULL && $captcha_point->captcha_type == NULL && $symbolic) {
|
|
| 117 |
elseif (empty($captcha_point->module) && empty($captcha_point->captcha_type) && $symbolic) {
|
|
| 118 | 118 |
$captcha_point = 'none'; |
| 119 | 119 |
} |
| 120 | 120 |
elseif ($symbolic) {
|
| 121 | 121 |
$captcha_point = $captcha_point->module . '/' . $captcha_point->captcha_type; |
| 122 | 122 |
} |
| 123 |
|
|
| 123 | 124 |
return $captcha_point; |
| 124 | 125 |
} |
| 125 | 126 |
|
| drupal7/sites/all/modules/captcha/captcha.info | ||
|---|---|---|
| 10 | 10 |
files[] = captcha.install |
| 11 | 11 |
files[] = captcha.test |
| 12 | 12 |
|
| 13 |
; Information added by Drupal.org packaging script on 2015-03-27
|
|
| 14 |
version = "7.x-1.3"
|
|
| 13 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 14 |
version = "7.x-1.4"
|
|
| 15 | 15 |
core = "7.x" |
| 16 | 16 |
project = "captcha" |
| 17 |
datestamp = "1427464219"
|
|
| 17 |
datestamp = "1487198287"
|
|
| 18 | 18 |
|
| drupal7/sites/all/modules/captcha/captcha.js | ||
|---|---|---|
| 4 | 4 |
attach: function (context) {
|
| 5 | 5 |
|
| 6 | 6 |
// Turn off autocompletion for the CAPTCHA response field. |
| 7 |
// We do it here with Javascript (instead of directly in the markup)
|
|
| 7 |
// We do it here with JavaScript (instead of directly in the markup)
|
|
| 8 | 8 |
// because this autocomplete attribute is not standard and |
| 9 | 9 |
// it would break (X)HTML compliance. |
| 10 | 10 |
$("#edit-captcha-response").attr("autocomplete", "off");
|
| drupal7/sites/all/modules/captcha/captcha.module | ||
|---|---|---|
| 157 | 157 |
'#process' => array('captcha_element_process'),
|
| 158 | 158 |
// The type of challenge: e.g. 'default', 'none', 'captcha/Math', 'image_captcha/Image'. |
| 159 | 159 |
'#captcha_type' => 'default', |
| 160 |
// Forces captcha validation for all cases if TRUE. |
|
| 161 |
'#captcha_always' => FALSE, |
|
| 160 | 162 |
'#default_value' => '', |
| 161 | 163 |
// CAPTCHA in admin mode: presolve the CAPTCHA and always show it (despite previous successful responses). |
| 162 | 164 |
'#captcha_admin_mode' => FALSE, |
| ... | ... | |
| 179 | 181 |
|
| 180 | 182 |
module_load_include('inc', 'captcha');
|
| 181 | 183 |
|
| 182 |
// Add Javascript for general CAPTCHA functionality.
|
|
| 184 |
// Add JavaScript for general CAPTCHA functionality.
|
|
| 183 | 185 |
drupal_add_js(drupal_get_path('module', 'captcha') . '/captcha.js');
|
| 184 | 186 |
|
| 185 | 187 |
// Prevent caching of the page with CAPTCHA elements. |
| 186 | 188 |
// This needs to be done even if the CAPTCHA will be ommitted later: |
| 187 | 189 |
// other untrusted users should not get a cached page when |
| 188 | 190 |
// the current untrusted user can skip the current CAPTCHA. |
| 189 |
global $conf; |
|
| 190 |
$conf['cache'] = FALSE; |
|
| 191 |
drupal_page_is_cacheable(FALSE); |
|
| 191 | 192 |
|
| 192 | 193 |
// Get the form ID of the form we are currently processing (which is not |
| 193 | 194 |
// necessary the same form that is submitted (if any). |
| ... | ... | |
| 254 | 255 |
'captcha_sid' => $captcha_sid, |
| 255 | 256 |
); |
| 256 | 257 |
|
| 257 |
if (_captcha_required_for_user($captcha_sid, $this_form_id) || $element['#captcha_admin_mode']) {
|
|
| 258 |
if (_captcha_required_for_user($captcha_sid, $this_form_id) || $element['#captcha_admin_mode'] || $element['#captcha_always']) {
|
|
| 258 | 259 |
// Generate a CAPTCHA and its solution |
| 259 | 260 |
// (note that the CAPTCHA session ID is given as third argument). |
| 260 | 261 |
$captcha = module_invoke($captcha_type_module, 'captcha', 'generate', $captcha_type_challenge, $captcha_sid); |
| ... | ... | |
| 594 | 595 |
* if the values could not be found, e.g. for a fresh form). |
| 595 | 596 |
*/ |
| 596 | 597 |
function _captcha_get_posted_captcha_info($element, $form_state, $this_form_id) {
|
| 597 |
if ($form_state['submitted'] && isset($form_state['captcha_info'])) {
|
|
| 598 |
//Handle Ajax scenarios |
|
| 599 |
if (!empty($form_state['rebuild_info'])) {
|
|
| 600 |
if (!empty($form_state['captcha_info']['posted_form_id'])) {
|
|
| 601 |
$posted_form_id = $form_state['captcha_info']['posted_form_id']; |
|
| 602 |
} |
|
| 603 |
else {
|
|
| 604 |
$posted_form_id = $form_state['input']['form_id']; |
|
| 605 |
} |
|
| 606 |
|
|
| 607 |
$posted_captcha_sid = $form_state['captcha_info']['captcha_sid']; |
|
| 608 |
} |
|
| 609 |
else if ($form_state['submitted'] && isset($form_state['captcha_info'])) {
|
|
| 598 | 610 |
// We are handling (or rebuilding) an already submitted form, |
| 599 | 611 |
// so we already determined the posted form ID and CAPTCHA session ID |
| 600 | 612 |
// for this form (from before submitting). Reuse this info. |
| ... | ... | |
| 764 | 776 |
// of multi-page forms. Take previewing a node submission for example: |
| 765 | 777 |
// when the challenge is solved correctely on preview, the form is still |
| 766 | 778 |
// not completely submitted, but the CAPTCHA can be skipped. |
| 767 |
if (_captcha_required_for_user($captcha_sid, $form_id) || $element['#captcha_admin_mode']) {
|
|
| 779 |
if (_captcha_required_for_user($captcha_sid, $form_id) || $element['#captcha_admin_mode'] || $element['#captcha_always']) {
|
|
| 768 | 780 |
// Update captcha_sessions table: store the solution of the generated CAPTCHA. |
| 769 | 781 |
_captcha_update_captcha_session($captcha_sid, $captcha_info['solution']); |
| 770 | 782 |
|
| drupal7/sites/all/modules/captcha/captcha.test | ||
|---|---|---|
| 60 | 60 |
|
| 61 | 61 |
function setUp() {
|
| 62 | 62 |
// Load two modules: the captcha module itself and the comment module for testing anonymous comments. |
| 63 |
parent::setUp('captcha', 'comment');
|
|
| 63 |
$modules = func_get_args(); |
|
| 64 |
if (isset($modules[0]) && is_array($modules[0])) {
|
|
| 65 |
$modules = $modules[0]; |
|
| 66 |
} |
|
| 67 |
parent::setUp(array_merge(array('captcha', 'comment'), $modules));
|
|
| 64 | 68 |
module_load_include('inc', 'captcha');
|
| 65 | 69 |
|
| 66 | 70 |
// Create a normal user. |
| ... | ... | |
| 602 | 606 |
// Set CAPTCHA on user register form. |
| 603 | 607 |
captcha_set_form_id_setting('user_register', 'captcha/Math');
|
| 604 | 608 |
|
| 605 |
// Put Javascript snippet in CAPTCHA description.
|
|
| 609 |
// Put JavaScript snippet in CAPTCHA description.
|
|
| 606 | 610 |
$this->drupalLogin($this->admin_user); |
| 607 | 611 |
$xss = '<script type="text/javascript">alert("xss")</script>';
|
| 608 | 612 |
$edit = array('captcha_description' => $xss);
|
| 609 | 613 |
$this->drupalPost(self::CAPTCHA_ADMIN_PATH, $edit, 'Save configuration'); |
| 610 | 614 |
|
| 611 |
// Visit user register form and check if Javascript snippet is there.
|
|
| 615 |
// Visit user register form and check if JavaScript snippet is there.
|
|
| 612 | 616 |
$this->drupalLogout(); |
| 613 | 617 |
$this->drupalGet('user/register');
|
| 614 |
$this->assertNoRaw($xss, 'Javascript should not be allowed in CAPTCHA description.', 'CAPTCHA');
|
|
| 618 |
$this->assertNoRaw($xss, 'JavaScript should not be allowed in CAPTCHA description.', 'CAPTCHA');
|
|
| 615 | 619 |
|
| 616 | 620 |
} |
| 617 | 621 |
|
| drupal7/sites/all/modules/captcha/image_captcha/image_captcha.admin.inc | ||
|---|---|---|
| 14 | 14 |
|
| 15 | 15 |
// Add CSS for theming of admin form. |
| 16 | 16 |
$form['#attached']['css'] = array(drupal_get_path('module', 'image_captcha') . '/image_captcha.css');
|
| 17 |
// Use javascript for some added usability on admin form.
|
|
| 17 |
// Use JavaScript for some added usability on admin form.
|
|
| 18 | 18 |
$form['#attached']['js'] = array(drupal_get_path('module', 'image_captcha') . '/image_captcha.js');
|
| 19 | 19 |
|
| 20 | 20 |
// First some error checking. |
| drupal7/sites/all/modules/captcha/image_captcha/image_captcha.info | ||
|---|---|---|
| 9 | 9 |
files[] = image_captcha.module |
| 10 | 10 |
files[] = image_captcha.admin.inc |
| 11 | 11 |
files[] = image_captcha.user.inc |
| 12 |
files[] = image_captcha.test |
|
| 12 | 13 |
|
| 13 |
; Information added by Drupal.org packaging script on 2015-03-27
|
|
| 14 |
version = "7.x-1.3"
|
|
| 14 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 15 |
version = "7.x-1.4"
|
|
| 15 | 16 |
core = "7.x" |
| 16 | 17 |
project = "captcha" |
| 17 |
datestamp = "1427464219"
|
|
| 18 |
datestamp = "1487198287"
|
|
| 18 | 19 |
|
| drupal7/sites/all/modules/captcha/image_captcha/image_captcha.module | ||
|---|---|---|
| 244 | 244 |
'ts' => REQUEST_TIME, |
| 245 | 245 |
), |
| 246 | 246 |
); |
| 247 |
$img_src = check_url(url("image_captcha", $options));
|
|
| 247 |
$img_src = drupal_strip_dangerous_protocols(url("image_captcha", $options));
|
|
| 248 | 248 |
list($width, $height) = _image_captcha_image_size($code); |
| 249 | 249 |
$result['form']['captcha_image'] = array( |
| 250 | 250 |
'#theme' => 'image', |
| drupal7/sites/all/modules/captcha/image_captcha/image_captcha.test | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* @file |
|
| 5 |
* Tests for the Image CAPTCHA module. |
|
| 6 |
*/ |
|
| 7 |
|
|
| 8 |
class ImageCaptchaWebTestCase extends CaptchaBaseWebTestCase {
|
|
| 9 |
|
|
| 10 |
public static function getInfo() {
|
|
| 11 |
return array( |
|
| 12 |
'name' => 'General Image CAPTCHA functionality', |
|
| 13 |
'description' => 'Testing of the basic Image CAPTCHA functions.', |
|
| 14 |
'group' => 'CAPTCHA', |
|
| 15 |
); |
|
| 16 |
} |
|
| 17 |
|
|
| 18 |
public function setUp() {
|
|
| 19 |
parent::setUp('image_captcha');
|
|
| 20 |
} |
|
| 21 |
|
|
| 22 |
/** |
|
| 23 |
* Helper function to get the CAPTCHA image element from the current form. |
|
| 24 |
*/ |
|
| 25 |
protected function getCaptchaImageFromForm() {
|
|
| 26 |
$elements = $this->xpath('//input[@name="captcha_sid"]/../img');
|
|
| 27 |
return $elements[0]; |
|
| 28 |
} |
|
| 29 |
|
|
| 30 |
/** |
|
| 31 |
* Helper function to get a CAPTCHA form. |
|
| 32 |
*/ |
|
| 33 |
protected function getImageCaptchaForm($form_id = 'user_login', $page = 'user') {
|
|
| 34 |
// Set a CAPTCHA on supplied form. |
|
| 35 |
captcha_set_form_id_setting($form_id, 'image_captcha/Image'); |
|
| 36 |
|
|
| 37 |
// Fetch the page and make sure that we got a CAPTCHA. |
|
| 38 |
$this->drupalGet($page); |
|
| 39 |
$this->assertCaptchaPresence(TRUE); |
|
| 40 |
} |
|
| 41 |
|
|
| 42 |
/** |
|
| 43 |
* Asserts that the image URL actually returns an image. |
|
| 44 |
*/ |
|
| 45 |
protected function assertNonEmptyImage() {
|
|
| 46 |
$img = $this->getCaptchaImageFromForm(); |
|
| 47 |
|
|
| 48 |
// Try to fetch the image. |
|
| 49 |
$this->drupalGet($this->getAbsoluteUrl($img['src'])); |
|
| 50 |
$this->assertTrue($this->drupalGetHeader('Content-Length') > 0,
|
|
| 51 |
'Image CAPTCHA image is not empty.'); |
|
| 52 |
} |
|
| 53 |
|
|
| 54 |
/** |
|
| 55 |
* Tests if the image URL actually returns an image with clean URLs enabled. |
|
| 56 |
*/ |
|
| 57 |
public function testNonEmptyImageCleanURLs() {
|
|
| 58 |
variable_set('clean_url', 1);
|
|
| 59 |
$this->getImageCaptchaForm(); |
|
| 60 |
$this->assertNonEmptyImage(); |
|
| 61 |
} |
|
| 62 |
|
|
| 63 |
/** |
|
| 64 |
* Tests if the image URL actually returns an image with clean URLs disabled. |
|
| 65 |
*/ |
|
| 66 |
public function testNonEmptyImageDirtyURLs() {
|
|
| 67 |
variable_set('clean_url', 0);
|
|
| 68 |
$this->getImageCaptchaForm(); |
|
| 69 |
$this->assertNonEmptyImage(); |
|
| 70 |
} |
|
| 71 |
|
|
| 72 |
} |
|
| drupal7/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php | ||
|---|---|---|
| 303 | 303 |
|
| 304 | 304 |
$this->ldapUser = new LdapUserConf(); |
| 305 | 305 |
$this->ssoEnabled = module_exists('ldap_sso');
|
| 306 |
$this->apiPrefs['requireHttps'] = variable_get('ldap_servers_require_ssl_for_credentails', 0);
|
|
| 306 |
$this->apiPrefs['requireHttps'] = variable_get('ldap_servers_require_ssl_for_credentials', 0);
|
|
| 307 | 307 |
$this->apiPrefs['encryption'] = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
|
| 308 | 308 |
|
| 309 | 309 |
} |
| drupal7/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php | ||
|---|---|---|
| 69 | 69 |
*/ |
| 70 | 70 |
|
| 71 | 71 |
$values['emailOptionOptions'] = array( |
| 72 |
LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE => t('Don\'t show an email field on user forms. LDAP derived email will be used for user and connot be changed by user'),
|
|
| 73 |
LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE => t('Show disabled email field on user forms with LDAP derived email. LDAP derived email will be used for user and connot be changed by user'),
|
|
| 74 |
LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW => t('Leave email field on user forms enabled. Generally used when provisioning to LDAP or not using email derived from LDAP.'),
|
|
| 72 |
LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE => t('Don\'t show an email field on user forms. LDAP derived email will be used for user and cannot be changed by user.'),
|
|
| 73 |
LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE => t('Show disabled email field on user forms with LDAP derived email. LDAP derived email will be used for user and cannot be changed by user.'),
|
|
| 74 |
LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW => t('Leave email field on user forms enabled. Generally used when provisioning to LDAP or not using email derived from LDAP.'),
|
|
| 75 | 75 |
); |
| 76 | 76 |
|
| 77 | 77 |
$values['emailUpdateOptions'] = array( |
| drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
|---|---|---|
| 461 | 461 |
|
| 462 | 462 |
// don't pass in ldap user to provisionDrupalAccount, because want to requery with correct attributes needed |
| 463 | 463 |
// this may be a case where efficiency dictates querying for all attributes |
| 464 |
$drupal_account = $auth_conf->ldapUser->provisionDrupalAccount(NULL, $user_edit, NULL, TRUE);
|
|
| 464 |
$drupal_account = $auth_conf->ldapUser->provisionDrupalAccount(NULL, $user_edit, $ldap_user, TRUE);
|
|
| 465 | 465 |
|
| 466 | 466 |
if ($drupal_account === FALSE) {
|
| 467 | 467 |
watchdog('ldap_user', 'Failed to find or create %drupal_accountname on logon.', $watchdog_tokens, WATCHDOG_ERROR);
|
| drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info | ||
|---|---|---|
| 14 | 14 |
files[] = ldap_authentication.admin.inc |
| 15 | 15 |
files[] = tests/ldap_authentication.test |
| 16 | 16 |
|
| 17 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 18 |
version = "7.x-2.0-beta11"
|
|
| 17 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 18 |
version = "7.x-2.0-beta12"
|
|
| 19 | 19 |
core = "7.x" |
| 20 | 20 |
project = "ldap" |
| 21 |
datestamp = "1470608343"
|
|
| 21 |
datestamp = "1487199794"
|
|
| 22 | 22 |
|
| drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module | ||
|---|---|---|
| 81 | 81 |
'type' => MENU_CALLBACK, |
| 82 | 82 |
'file' => 'ldap_authentication.pages.inc', |
| 83 | 83 |
); |
| 84 |
|
|
| 84 |
|
|
| 85 | 85 |
$items['admin/config/people/ldap/authentication'] = array( |
| 86 | 86 |
'title' => 'Authentication', |
| 87 | 87 |
'description' => 'Configure LDAP Authentication', |
| ... | ... | |
| 183 | 183 |
/** |
| 184 | 184 |
* Helper function that determines whether or not the user's profile |
| 185 | 185 |
* is valid or needs to be updated on login. |
| 186 |
*
|
|
| 186 |
* |
|
| 187 | 187 |
* Currently this only checks if mail is valid or not according to the |
| 188 | 188 |
* authentication settings. |
| 189 |
*
|
|
| 189 |
* |
|
| 190 | 190 |
* @return boolean |
| 191 | 191 |
* TRUE if the user's profile is valid, otherwise FALSE. |
| 192 |
*
|
|
| 192 |
* |
|
| 193 | 193 |
*/ |
| 194 | 194 |
function _ldap_authentication_verify_user_profile() {
|
| 195 | 195 |
global $user; |
| ... | ... | |
| 262 | 262 |
|
| 263 | 263 |
|
| 264 | 264 |
/** |
| 265 |
* Determines if the passed user has a valid authmap record. |
|
| 265 | 266 |
* |
| 266 | 267 |
* @param object $user |
| 268 |
* A drupal user account. |
|
| 269 |
* |
|
| 267 | 270 |
* @return boolean |
| 268 | 271 |
* true if user is recorded as ldap authenticated and identified (ldap_authentified) |
| 269 | 272 |
*/ |
| 270 |
|
|
| 271 | 273 |
function ldap_authentication_ldap_authenticated($user) {
|
| 272 |
|
|
| 273 |
if (is_numeric($user)) {
|
|
| 274 |
$user = @user_load((int)$user); |
|
| 275 |
} |
|
| 276 | 274 |
if (!is_object($user) || $user->uid == 0) {
|
| 277 | 275 |
return FALSE; |
| 278 | 276 |
} |
| ... | ... | |
| 321 | 319 |
|
| 322 | 320 |
$use_warnings = array(); |
| 323 | 321 |
$auth_conf = ldap_authentication_get_valid_conf(); |
| 324 |
if ($auth_conf && in_array($sid, array_keys($auth_conf->sids))) {
|
|
| 322 |
if ($auth_conf && in_array($sid, array_keys($auth_conf->sids)) && !empty($auth_conf->sids[$sid])) {
|
|
| 325 | 323 |
$use_warnings[] = t('This server (%server_name) may not be deleted or
|
| 326 | 324 |
disabled because it is being used for ldap authentication.', |
| 327 | 325 |
array('%server_name' => $server_name));
|
| ... | ... | |
| 335 | 333 |
global $user; |
| 336 | 334 |
} |
| 337 | 335 |
$auth_conf = ldap_authentication_get_valid_conf(); |
| 338 |
if (current_path() == 'user/password' || $user->uid == 1 || !$auth_conf) {
|
|
| 336 |
// Hide user/password form if ldap authentication is required and deny access |
|
| 337 |
// to users without ldap authorizations is enabled |
|
| 338 |
if ($user->uid == 1 || $auth_conf || (current_path() == 'user/password' && $auth_conf->authenticationMode != LDAP_AUTHENTICATION_EXCLUSIVE)) {
|
|
| 339 | 339 |
return TRUE; |
| 340 | 340 |
// always show at user/passwordurl. otherwise user 1 will not be able to reset password. |
| 341 | 341 |
} |
| drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.rules.inc | ||
|---|---|---|
| 12 | 12 |
'ldap_user_created' => array( |
| 13 | 13 |
'label' => t('User created from LDAP entry'),
|
| 14 | 14 |
'module' => 'ldap_authentication', |
| 15 |
'arguments' => array( |
|
| 15 |
'group' => t('User'),
|
|
| 16 |
'variables' => array( |
|
| 16 | 17 |
'user' => array( |
| 17 | 18 |
'type' => 'user', |
| 18 | 19 |
'label' => t('The user created.'),
|
| drupal7/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test | ||
|---|---|---|
| 391 | 391 |
$this->ldapTestId = "testSSO._SERVER-key=$server_var_key sso_name=$sso_name path=$test_path ldapImplementation=$ldapImplementation seamlessLogin=$seamlessLogin"; |
| 392 | 392 |
$ldapAuthenticationConf = $this->setSsoServerEnvironment($server_var_key, $sso_name, $ldapImplementation, $seamlessLogin); |
| 393 | 393 |
$this->drupalGet($test_path); |
| 394 |
$this->assertText(t('Member for'), 'Successful logon.', $this->ldapTestId);
|
|
| 394 |
// @FIXME: Broken test |
|
| 395 |
// $this->assertText(t('Member for'), 'Successful logon.', $this->ldapTestId);
|
|
| 395 | 396 |
$this->drupalGet('user/logout');
|
| 396 | 397 |
} |
| 397 | 398 |
} |
| drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php | ||
|---|---|---|
| 132 | 132 |
|
| 133 | 133 |
$form['status']['only_ldap_authenticated'] = array( |
| 134 | 134 |
'#type' => 'checkbox', |
| 135 |
'#title' => t('Only apply the following LDAP to !consumer_name configuration to users authenticated via LDAP. On uncommon reason for disabling this is when you are using Drupal authentication, but want to leverage LDAP for authorization; for this to work the Drupal username still has to map to an LDAP entry.', $consumer_tokens),
|
|
| 135 |
'#title' => t('Only apply the following LDAP to !consumer_name configuration to users authenticated via LDAP. One uncommon reason for disabling this is when you are using Drupal authentication, but want to leverage LDAP for authorization; for this to work the Drupal username still has to map to an LDAP entry.', $consumer_tokens),
|
|
| 136 | 136 |
'#default_value' => $this->onlyApplyToLdapAuthenticated, |
| 137 | 137 |
); |
| 138 | 138 |
|
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info | ||
|---|---|---|
| 14 | 14 |
files[] = ldap_authorization.admin.test.inc |
| 15 | 15 |
files[] = ldap_authorization.theme.inc |
| 16 | 16 |
files[] = tests/BasicTests.test |
| 17 |
files[] = tests/Og1Tests.test |
|
| 18 | 17 |
files[] = tests/Og2Tests.test |
| 19 | 18 |
configure = admin/config/people/ldap/authorization |
| 20 | 19 |
|
| 21 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 22 |
version = "7.x-2.0-beta11"
|
|
| 20 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 21 |
version = "7.x-2.0-beta12"
|
|
| 23 | 22 |
core = "7.x" |
| 24 | 23 |
project = "ldap" |
| 25 |
datestamp = "1470608343"
|
|
| 24 |
datestamp = "1487199794"
|
|
| 26 | 25 |
|
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info | ||
|---|---|---|
| 9 | 9 |
files[] = ldap_authorization_drupal_role.module |
| 10 | 10 |
files[] = ldap_authorization_drupal_role.inc |
| 11 | 11 |
|
| 12 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 13 |
version = "7.x-2.0-beta11"
|
|
| 12 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 13 |
version = "7.x-2.0-beta12"
|
|
| 14 | 14 |
core = "7.x" |
| 15 | 15 |
project = "ldap" |
| 16 |
datestamp = "1470608343"
|
|
| 16 |
datestamp = "1487199794"
|
|
| 17 | 17 |
|
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php | ||
|---|---|---|
| 585 | 585 |
|
| 586 | 586 |
$user_edit = array('data' => $user->data);
|
| 587 | 587 |
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data; |
| 588 |
// Force a reload of the user object, since changes made through the grant- |
|
| 589 |
// and revoke-functions above might have changed og-related field data. |
|
| 590 |
// Those changes will not yet be reflected in $user, potentially causing |
|
| 591 |
// data loss when user_save() is called with stale data. |
|
| 592 |
$user = user_load($user->uid, TRUE); |
|
| 588 | 593 |
$user = user_save($user, $user_edit); |
| 594 |
|
|
| 589 | 595 |
$user_auth_data = $user->data['ldap_authorizations'][$this->consumerType]; // reset this variable because user save hooks can impact it. |
| 590 | 596 |
|
| 591 | 597 |
$this->flushRelatedCaches($consumers, $user); |
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info | ||
|---|---|---|
| 13 | 13 |
|
| 14 | 14 |
core = "7.x" |
| 15 | 15 |
|
| 16 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 17 |
version = "7.x-2.0-beta11"
|
|
| 16 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 17 |
version = "7.x-2.0-beta12"
|
|
| 18 | 18 |
core = "7.x" |
| 19 | 19 |
project = "ldap" |
| 20 |
datestamp = "1470608343"
|
|
| 20 |
datestamp = "1487199794"
|
|
| 21 | 21 |
|
| drupal7/sites/all/modules/ldap/ldap_authorization/tests/BasicTests.test | ||
|---|---|---|
| 226 | 226 |
$roles2 = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array(); |
| 227 | 227 |
$correct_roles = (count($roles1) > 0 && count($roles2) == 0); // not worried about which roles here, just that some are granted |
| 228 | 228 |
|
| 229 |
/** @FIXME: Broken test |
|
| 229 | 230 |
$this->assertTrue( |
| 230 | 231 |
$correct_roles, |
| 231 | 232 |
'disable consumer configuration disallows authorizations.', |
| 232 | 233 |
'LDAP_authorz.Flags.status.0' |
| 233 | 234 |
); |
| 235 |
*/ |
|
| 234 | 236 |
if (!$correct_roles) {
|
| 235 | 237 |
debug('LDAP_authorz.Flags.enable.0 roles with enabled'); debug($roles1);
|
| 236 | 238 |
debug('LDAP_authorz.Flags.enable.0 roles with disabled'); debug($roles2);
|
| ... | ... | |
| 468 | 470 |
} |
| 469 | 471 |
|
| 470 | 472 |
public function testUIForms() {
|
| 473 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
| 474 |
return; |
|
| 471 | 475 |
|
| 472 | 476 |
$ldap_simpletest_initial = variable_get('ldap_simpletest', 2);
|
| 473 | 477 |
variable_del('ldap_simpletest'); // need to be out of fake server mode to test ui.
|
| drupal7/sites/all/modules/ldap/ldap_authorization/tests/Og1Tests.test | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* @file |
|
| 5 |
* simpletest for Ldap Authorization OG Module |
|
| 6 |
* |
|
| 7 |
*/ |
|
| 8 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
|
| 9 |
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
|
|
| 10 |
|
|
| 11 |
class LdapAuthorizationOg1Tests extends LdapTestCase {
|
|
| 12 |
|
|
| 13 |
public $groupEntityType = 'node'; |
|
| 14 |
public $groupBundle = 'group'; |
|
| 15 |
public $groupType = 'node'; |
|
| 16 |
public $group_content_type = NULL; |
|
| 17 |
public $group_nodes = array(); |
|
| 18 |
public $user1; |
|
| 19 |
public $consumerType = 'og_group'; |
|
| 20 |
public $module_name = 'ldap_authorization_og'; |
|
| 21 |
protected $ldap_test_data; |
|
| 22 |
public $customOgRoles = array( |
|
| 23 |
'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
|
| 24 |
'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
|
| 25 |
); |
|
| 26 |
|
|
| 27 |
public static function getInfo() {
|
|
| 28 |
return array( |
|
| 29 |
'group' => 'LDAP Authorization', |
|
| 30 |
'name' => 'OG 7.x-1.5 Tests.', |
|
| 31 |
'description' => 'Test ldap authorization og 1.5', |
|
| 32 |
); |
|
| 33 |
} |
|
| 34 |
|
|
| 35 |
function __construct($test_id = NULL) {
|
|
| 36 |
parent::__construct($test_id); |
|
| 37 |
} |
|
| 38 |
|
|
| 39 |
//function setUp() {
|
|
| 40 |
// parent::setUp(array( |
|
| 41 |
// 'ldap_authentication', |
|
| 42 |
// 'ldap_authorization', |
|
| 43 |
// 'ldap_authorization_drupal_role', |
|
| 44 |
// 'ldap_test')); // don't need any real servers, configured, just ldap_servers code base |
|
| 45 |
// variable_set('ldap_simpletest', 2);
|
|
| 46 |
//} |
|
| 47 |
|
|
| 48 |
function setUp($addl_modules = array()) {
|
|
| 49 |
parent::setUp(array('entity', 'ctools', 'og', 'ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role', 'ldap_authorization_og', 'ldap_test', 'og_ui'));
|
|
| 50 |
variable_set('ldap_simpletest', 2);
|
|
| 51 |
|
|
| 52 |
if (ldap_authorization_og_og_version() != 1) {
|
|
| 53 |
debug('LdapAuthorizationOg1Tests must be run with OG 7.x-1.x');
|
|
| 54 |
return; |
|
| 55 |
} |
|
| 56 |
|
|
| 57 |
$this->user1 = $this->drupalCreateUser(); |
|
| 58 |
$this->groups = array(); |
|
| 59 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
|
|
| 60 |
|
|
| 61 |
/** |
|
| 62 |
* Group: The entity instance that will have members and content associated with it. |
|
| 63 |
* Group Entity: entity type: node, bundle: group, name: OG Group |
|
| 64 |
* Group Instances: $this->group_nodes[$label] |
|
| 65 |
* |
|
| 66 |
*/ |
|
| 67 |
|
|
| 68 |
|
|
| 69 |
|
|
| 70 |
// Create group and group content node types. |
|
| 71 |
$this->groupBundle = $this->drupalCreateContentType(array( |
|
| 72 |
'type' => 'group', |
|
| 73 |
'name' => 'OG Group', |
|
| 74 |
))->type; |
|
| 75 |
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle); // entity type = "node" and group bundle = "group" |
|
| 76 |
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle); |
|
| 77 |
|
|
| 78 |
|
|
| 79 |
$this->createCustomRoles(); |
|
| 80 |
// create og group for each group in group csv |
|
| 81 |
|
|
| 82 |
$this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1'); |
|
| 83 |
$this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME); |
|
| 84 |
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
|
|
| 85 |
$label = $group['cn']; |
|
| 86 |
// $group_type_obj = $this->drupalCreateContentType(array('name' => $label, 'type' => $label));
|
|
| 87 |
// og_create_field(OG_GROUP_FIELD, 'node', $group_type_obj->type); |
|
| 88 |
$settings = array(); |
|
| 89 |
$settings['title'] = $label; |
|
| 90 |
$settings['type'] = $this->groupBundle; |
|
| 91 |
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1; |
|
| 92 |
$group_node = $this->drupalCreateNode($settings); |
|
| 93 |
$group = og_get_group('node', $group_node->nid);
|
|
| 94 |
$this->group_nodes[$label] = $group_node; |
|
| 95 |
} |
|
| 96 |
|
|
| 97 |
} |
|
| 98 |
|
|
| 99 |
public function createCustomRoles() {
|
|
| 100 |
foreach ($this->customOgRoles as $og_role_name => $og_role) {
|
|
| 101 |
$role = new stdClass; |
|
| 102 |
$role->name = $og_role_name; |
|
| 103 |
$role->gid = 0; |
|
| 104 |
$status = og_role_save($role); |
|
| 105 |
} |
|
| 106 |
$roles = db_query("SELECT rid, name FROM {og_role}", array())->fetchAllKeyed();
|
|
| 107 |
} |
|
| 108 |
|
|
| 109 |
function deleteAndRecreateUser($cname) {
|
|
| 110 |
if ($user = user_load_by_name($cname)) {
|
|
| 111 |
user_delete($user->uid); |
|
| 112 |
} |
|
| 113 |
$user = $this->drupalCreateUser(array()); |
|
| 114 |
$user = $this->testFunctions->drupalLdapUpdateUser(array('name' => $cname, 'mail' => $cname . '@hogwarts.edu'), TRUE, $user);
|
|
| 115 |
return $user; |
|
| 116 |
} |
|
| 117 |
|
|
| 118 |
function UIGroupMembershipTest($user, $group_node, $test_id = NULL, $assert_true = TRUE) {
|
|
| 119 |
$this->drupalGet('user/' . $user->uid);
|
|
| 120 |
if ($assert_true) {
|
|
| 121 |
$this->assertText($group_node->title, 'User view UI shows group (' . $group_node->title . ') membership listed', $test_id);
|
|
| 122 |
} |
|
| 123 |
else {
|
|
| 124 |
$this->assertNoText($group_node->title, 'User view UI does not show group (' . $group_node->title . ') membership listed', $test_id);
|
|
| 125 |
} |
|
| 126 |
$this->drupalGet('node/' . $group_node->nid);
|
|
| 127 |
if ($assert_true) {
|
|
| 128 |
$this->assertText($user->name, 'Group view UI shows user name (' . $user->name . ') in group membership list', $test_id);
|
|
| 129 |
} |
|
| 130 |
else {
|
|
| 131 |
$this->assertText('Request group membership', 'Group view UI show Request Group Membership form in group membership list', $test_id);
|
|
| 132 |
} |
|
| 133 |
} |
|
| 134 |
|
|
| 135 |
function manualOgGroup($user, $gid, $extra_rids = array()) {
|
|
| 136 |
$values = array('entity' => $user, 'entity_type' => 'user');
|
|
| 137 |
$user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][] = array('gid' => $gid);
|
|
| 138 |
og_entity_presave($user, 'user'); |
|
| 139 |
$user = user_save($user); |
|
| 140 |
foreach ($extra_rids as $rid) {
|
|
| 141 |
og_role_grant($gid, $user->uid, $rid); |
|
| 142 |
} |
|
| 143 |
return user_load($user->uid, TRUE); |
|
| 144 |
} |
|
| 145 |
|
|
| 146 |
/** |
|
| 147 |
* just make sure install succeeds and og and ldap_authorization_og functions work as designed |
|
| 148 |
*/ |
|
| 149 |
function testBasicFunctionsAndApi() {
|
|
| 150 |
$this->ldapTestId = $this->module_name . ': setup success'; |
|
| 151 |
// just to give warning if setup doesn't succeed. may want to take these out at some point. |
|
| 152 |
$setup_success = ( |
|
| 153 |
module_exists('ldap_authentication') &&
|
|
| 154 |
module_exists('ldap_servers') &&
|
|
| 155 |
module_exists('ldap_authorization') &&
|
|
| 156 |
module_exists('ldap_authorization_og') &&
|
|
| 157 |
(variable_get('ldap_simpletest', 2) == 2)
|
|
| 158 |
); |
|
| 159 |
$this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId); |
|
| 160 |
|
|
| 161 |
$this->ldapTestId = $this->module_name . ': cron test'; |
|
| 162 |
$this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
|
|
| 163 |
$this->assertTrue(ldap_authorization_og_authorization_id(2, 3) == "2-3", |
|
| 164 |
t('ldap_authorization_og_authorization_id() function works.'), $this->ldapTestId);
|
|
| 165 |
$this->assertTrue(ldap_authorization_og_og_version() == 1, |
|
| 166 |
t('ldap_authorization_og_og_version() is 1'), $this->ldapTestId);
|
|
| 167 |
|
|
| 168 |
/*** |
|
| 169 |
* I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og |
|
| 170 |
*/ |
|
| 171 |
|
|
| 172 |
$web_user = $this->drupalCreateUser(); |
|
| 173 |
$this->ldapTestId = $this->module_name . ': og functions'; |
|
| 174 |
|
|
| 175 |
|
|
| 176 |
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name');
|
|
| 177 |
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name');
|
|
| 178 |
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name');
|
|
| 179 |
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name');
|
|
| 180 |
// debug('og_gryffindor_node');debug($og_gryffindor_node->nid); debug($og_gryffindor_group->gid);
|
|
| 181 |
// debug('og_students_node');debug($og_students_node->nid); debug($og_students_group->gid);
|
|
| 182 |
// debug('og_faculty_node');debug($og_faculty_node->nid); debug($og_faculty_group->gid);
|
|
| 183 |
// debug('og_users_node');debug($og_users_node->nid); debug($og_users_group->gid);
|
|
| 184 |
|
|
| 185 |
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE); |
|
| 186 |
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE); |
|
| 187 |
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE); |
|
| 188 |
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
|
| 189 |
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
|
| 190 |
$student_member_consumer_id = $og_students_group->gid . '-' . $member_rid; |
|
| 191 |
|
|
| 192 |
$gid = ldap_authorization_og1_entity_id_to_gid($og_gryffindor_node->nid); |
|
| 193 |
$this->assertTrue($gid == $og_gryffindor_group->gid, t('ldap_authorization_og1_entity_id_to_gid() functions'), $this->ldapTestId);
|
|
| 194 |
|
|
| 195 |
|
|
| 196 |
// debug("anonymous_rid=$anonymous_rid, member_rid=$member_rid,admin_rid=$admin_rid, dungeon_master_rid=$dungeon_master_rid, time_keeper=$time_keeper");
|
|
| 197 |
|
|
| 198 |
/** |
|
| 199 |
* @todo api tests: ldap_authorization_og_rid_from_role_name(), |
|
| 200 |
* and ldap_authorization_og_get_group() |
|
| 201 |
*/ |
|
| 202 |
|
|
| 203 |
$ids = array($web_user->uid); |
|
| 204 |
// debug($ids); |
|
| 205 |
$user_entities = entity_load('user', $ids, array(), TRUE);
|
|
| 206 |
$user_entity = $user_entities[$web_user->uid]; |
|
| 207 |
|
|
| 208 |
///*** |
|
| 209 |
// * II. construct ldapauthorization og object and test methods (ignoring if ldap created or not... |
|
| 210 |
// * unit tests for methods and class without any ldap context.) |
|
| 211 |
// */ |
|
| 212 |
|
|
| 213 |
$this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class'; |
|
| 214 |
|
|
| 215 |
$og_auth = new LdapAuthorizationConsumerOG('og_group');
|
|
| 216 |
$this->assertTrue(is_object($og_auth), |
|
| 217 |
'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId); |
|
| 218 |
|
|
| 219 |
|
|
| 220 |
/** |
|
| 221 |
* test basic functions with admin user logged in |
|
| 222 |
*/ |
|
| 223 |
|
|
| 224 |
$ldap_entry = NULL; |
|
| 225 |
$user_data = array(); |
|
| 226 |
$user = user_load($web_user->uid, TRUE); |
|
| 227 |
|
|
| 228 |
|
|
| 229 |
$this->assertFalse($og_auth->hasAuthorization($user, $student_member_consumer_id), |
|
| 230 |
'hasAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId); |
|
| 231 |
|
|
| 232 |
$user_auth_data = array(); |
|
| 233 |
$consumers = array($student_member_consumer_id => $og_auth->emptyConsumer); |
|
| 234 |
|
|
| 235 |
$og_auth->authorizationGrant($user, $user_auth_data, $consumers, $ldap_entry, TRUE); |
|
| 236 |
|
|
| 237 |
$this->assertTrue(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid), |
|
| 238 |
'authorizationGrant function works', $this->ldapTestId); |
|
| 239 |
|
|
| 240 |
$this->assertTrue(ldap_authorization_og1_has_role($og_students_group->gid, $user->uid, $member_rid), |
|
| 241 |
'ldap_authorization_og1_has_role function works', $this->ldapTestId); |
|
| 242 |
|
|
| 243 |
$this->assertTrue("member" == ldap_authorization_og1_role_name_from_rid($member_rid),
|
|
| 244 |
'ldap_authorization_og1_role_name_from_rid function works', $this->ldapTestId); |
|
| 245 |
|
|
| 246 |
$this->assertTrue($member_rid == ldap_authorization_og1_role_name_to_role_id("member"),
|
|
| 247 |
'ldap_authorization_og1_role_name_to_role_id function works', $this->ldapTestId); |
|
| 248 |
|
|
| 249 |
$has_student_membership = ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid); |
|
| 250 |
$this->assertTrue($has_student_membership, 'ldap_authorization_og1_has_membership function', $this->ldapTestId); |
|
| 251 |
|
|
| 252 |
|
|
| 253 |
if ($has_student_membership) {
|
|
| 254 |
$og_auth->authorizationRevoke($user, $user_auth_data, $consumers, $ldap_entry, TRUE); |
|
| 255 |
$this->assertFalse(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid), |
|
| 256 |
'authorizationRevoke function works', $this->ldapTestId); |
|
| 257 |
} |
|
| 258 |
|
|
| 259 |
$parts = $og_auth->og1ConsumerIdParts("3-2");
|
|
| 260 |
$this->assertTrue($parts[0] == 3 && $parts[1] == 2, |
|
| 261 |
'LdapAuthorizationOgConsumerOG::og1ConsumerIdParts method works', $this->ldapTestId); |
|
| 262 |
|
|
| 263 |
|
|
| 264 |
$mappings = array( |
|
| 265 |
array('cn=students,ou=groups,dc=hogwarts,dc=edu', 'group-name=students,role-name=member'),
|
|
| 266 |
array('cn=faculty,ou=groups,dc=hogwarts,dc=edu', 'group-name=faculty,role-name=member'),
|
|
| 267 |
array('cn=gryffindor,ou=groups,dc=hogwarts,dc=edu', 'group-name=gryffindor,role-name=member'),
|
|
| 268 |
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'group-name=users,role-name=dungeon-master'),
|
|
| 269 |
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'gid=2,rid=2'),
|
|
| 270 |
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'gid=2,rid=4'),
|
|
| 271 |
); |
|
| 272 |
|
|
| 273 |
$normalized_mappings = $og_auth->normalizeMappings($mappings); |
|
| 274 |
|
|
| 275 |
$correct_mappings = ( |
|
| 276 |
$normalized_mappings[0]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) && |
|
| 277 |
$normalized_mappings[1]['normalized'] = ldap_authorization_og_authorization_id($og_faculty_group->gid, $member_rid) && |
|
| 278 |
$normalized_mappings[2]['normalized'] = ldap_authorization_og_authorization_id($og_gryffindor_group->gid, $dungeon_master_rid) && |
|
| 279 |
$normalized_mappings[3]['normalized'] = ldap_authorization_og_authorization_id($og_users_group->gid, $member_rid) && |
|
| 280 |
$normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) && |
|
| 281 |
$normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, 4) |
|
| 282 |
); |
|
| 283 |
if (!$correct_mappings) {
|
|
| 284 |
debug('normalized_mappings'); debug($normalized_mappings);
|
|
| 285 |
} |
|
| 286 |
$this->assertTrue($correct_mappings, 'normalizeMappings method works', $this->ldapTestId); |
|
| 287 |
|
|
| 288 |
} |
|
| 289 |
|
|
| 290 |
|
|
| 291 |
|
|
| 292 |
/** |
|
| 293 |
* authorization configuration flags tests clumped together |
|
| 294 |
*/ |
|
| 295 |
|
|
| 296 |
function testFlags() {
|
|
| 297 |
|
|
| 298 |
$sid = 'activedirectory1'; |
|
| 299 |
|
|
| 300 |
$this->prepTestData( |
|
| 301 |
LDAP_TEST_LDAP_NAME, |
|
| 302 |
array($sid), |
|
| 303 |
'provisionToDrupal', |
|
| 304 |
'default', |
|
| 305 |
'og_group15' |
|
| 306 |
); |
|
| 307 |
|
|
| 308 |
|
|
| 309 |
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
|
| 310 |
|
|
| 311 |
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name');
|
|
| 312 |
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name');
|
|
| 313 |
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name');
|
|
| 314 |
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name');
|
|
| 315 |
list($og_slytherin_group, $og_slytherin_node) = ldap_authorization_og1_get_group('slytherin', 'group_name');
|
|
| 316 |
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE); |
|
| 317 |
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE); |
|
| 318 |
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE); |
|
| 319 |
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
|
| 320 |
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
|
| 321 |
$students_membership_consumer_id = $og_students_group->gid . '-' . $member_rid; |
|
| 322 |
$gryffindor_membership_consumer_id = $og_gryffindor_group->gid . '-' . $member_rid; |
|
| 323 |
|
|
| 324 |
/** |
|
| 325 |
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed |
|
| 326 |
*/ |
|
| 327 |
|
|
| 328 |
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
|
|
| 329 |
$this->assertTrue( |
|
| 330 |
$props_set_correctly, |
|
| 331 |
'Authorization Configuration set correctly in test setup', |
|
| 332 |
'LDAP_authorz.Flags.setup.0' |
|
| 333 |
); |
|
| 334 |
if (!$props_set_correctly) {
|
|
| 335 |
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
|
| 336 |
} |
|
| 337 |
|
|
| 338 |
$test_id = 'LDAP_authorz.Flags.status.0'; |
|
| 339 |
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0; |
|
| 340 |
$this->consumerAdminConf['og_group']->status = 0; |
|
| 341 |
$this->consumerAdminConf['og_group']->save(); |
|
| 342 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 343 |
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
|
| 344 |
|
|
| 345 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group'); // just see if the correct ones are derived. |
|
| 346 |
$groups1 = $new_authorizations['og_group']; |
|
| 347 |
$this->assertTrue( |
|
| 348 |
count($new_authorizations['og_group']) == 0, |
|
| 349 |
'disabled consumer configuration disallows authorizations.', |
|
| 350 |
$test_id |
|
| 351 |
); |
|
| 352 |
|
|
| 353 |
|
|
| 354 |
$test_id = 'LDAP_authorz.Flags.status.1'; |
|
| 355 |
$this->consumerAdminConf['og_group']->status = 1; |
|
| 356 |
$this->consumerAdminConf['og_group']->save(); |
|
| 357 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 358 |
|
|
| 359 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group'); // just see if the correct ones are derived. |
|
| 360 |
$correct_groups = !empty($new_authorizations['og_group'][$students_membership_consumer_id]) |
|
| 361 |
&& !empty($new_authorizations['og_group'][$gryffindor_membership_consumer_id]); |
|
| 362 |
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', $test_id); |
|
| 363 |
if (!$correct_groups) {
|
|
| 364 |
debug($test_id . "new_authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:"); debug($new_authorizations['og_group']); debug($notifications); |
|
| 365 |
} |
|
| 366 |
|
|
| 367 |
} |
|
| 368 |
|
|
| 369 |
|
|
| 370 |
|
|
| 371 |
/** |
|
| 372 |
* authorization configuration flags tests clumped together |
|
| 373 |
*/ |
|
| 374 |
|
|
| 375 |
function testLogons() {
|
|
| 376 |
|
|
| 377 |
$sid = 'activedirectory1'; |
|
| 378 |
|
|
| 379 |
$this->prepTestData( |
|
| 380 |
LDAP_TEST_LDAP_NAME, |
|
| 381 |
array($sid), |
|
| 382 |
'provisionToDrupal', |
|
| 383 |
'default', |
|
| 384 |
'og_group15' |
|
| 385 |
); |
|
| 386 |
|
|
| 387 |
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
|
| 388 |
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name'); //1
|
|
| 389 |
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name'); //4
|
|
| 390 |
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name'); // 7
|
|
| 391 |
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name'); //9
|
|
| 392 |
list($og_hufflepuff_group, $og_hufflepuff_node) = ldap_authorization_og1_get_group('hufflepuff', 'group_name');
|
|
| 393 |
list($og_slytherin_group, $og_slytherin_node) = ldap_authorization_og1_get_group('slytherin', 'group_name');
|
|
| 394 |
|
|
| 395 |
|
|
| 396 |
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE); |
|
| 397 |
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE); |
|
| 398 |
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE); |
|
| 399 |
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
|
| 400 |
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
|
| 401 |
$students_membership_consumer_id = $og_students_group->gid . '-' . $member_rid; |
|
| 402 |
$gryffindor_membership_consumer_id = $og_gryffindor_group->gid . '-' . $member_rid; |
|
| 403 |
$slytherin_membership_consumer_id = $og_slytherin_group->gid . '-' . $member_rid; |
|
| 404 |
$hufflepuff_membership_consumer_id = $og_hufflepuff_group->gid . '-' . $member_rid; |
|
| 405 |
|
|
| 406 |
//debug( |
|
| 407 |
// "students_membership_consumer_id = $students_membership_consumer_id |
|
| 408 |
// gryffindor_membership_consumer_id = $gryffindor_membership_consumer_id |
|
| 409 |
// slytherin_membership_consumer_id = $slytherin_membership_consumer_id |
|
| 410 |
// hufflepuff_membership_consumer_id = = $hufflepuff_membership_consumer_id " |
|
| 411 |
//); |
|
| 412 |
|
|
| 413 |
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
|
|
| 414 |
$this->assertTrue( |
|
| 415 |
$props_set_correctly, |
|
| 416 |
'Authorization Configuration set correctly in test setup', |
|
| 417 |
'LDAP_authorz.Flags.setup.0' |
|
| 418 |
); |
|
| 419 |
if (!$props_set_correctly) {
|
|
| 420 |
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
|
| 421 |
} |
|
| 422 |
|
|
| 423 |
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
|
| 424 |
|
|
| 425 |
/** |
|
| 426 |
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled |
|
| 427 |
*/ |
|
| 428 |
$test_id = 'LDAP_authorz.og.Flags.synchOnLogon.0'; |
|
| 429 |
$this->consumerAdminConf['og_group']->synchOnLogon = 0; |
|
| 430 |
$this->consumerAdminConf['og_group']->save(); |
|
| 431 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 432 |
|
|
| 433 |
$edit = array( |
|
| 434 |
'name' => 'hpotter', |
|
| 435 |
'pass' => 'goodpwd', |
|
| 436 |
); |
|
| 437 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 438 |
$this->assertText( |
|
| 439 |
t('Member for'),
|
|
| 440 |
'New Ldap user with good password authenticated.', |
|
| 441 |
$test_id |
|
| 442 |
); |
|
| 443 |
$this->assertTrue( |
|
| 444 |
$this->testFunctions->ldapUserIsAuthmapped('hpotter'),
|
|
| 445 |
'Ldap user properly authmapped.', |
|
| 446 |
$test_id |
|
| 447 |
); |
|
| 448 |
$hpotter = user_load_by_name('hpotter');
|
|
| 449 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 450 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 451 |
$this->drupalGet('user/logout');
|
|
| 452 |
$success = (count($authorizations) == 0); |
|
| 453 |
$this->assertTrue($success, 'No authorizations granted when synchOnLogon=0', $test_id); |
|
| 454 |
if (!$success) {
|
|
| 455 |
debug($test_id . "authorizations:"); debug($authorizations); debug($hpotter->data); |
|
| 456 |
} |
|
| 457 |
|
|
| 458 |
$test_id = 'LDAP_authorz.og.Flags.synchOnLogon.1'; |
|
| 459 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1; |
|
| 460 |
$this->consumerAdminConf['og_group']->save(); |
|
| 461 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group'); // flushes object static cache
|
|
| 462 |
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
|
| 463 |
|
|
| 464 |
$edit = array( |
|
| 465 |
'name' => 'hpotter', |
|
| 466 |
'pass' => 'goodpwd', |
|
| 467 |
); |
|
| 468 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 469 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
|
|
| 470 |
$hpotter = user_load_by_name('hpotter');
|
|
| 471 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 472 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 473 |
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id); |
|
| 474 |
$success = in_array($students_membership_consumer_id, $authorizations) && in_array($gryffindor_membership_consumer_id, $authorizations); |
|
| 475 |
$this->drupalGet('user/logout');
|
|
| 476 |
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id); |
|
| 477 |
if (!$success) {
|
|
| 478 |
debug($test_id . "authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:"); |
|
| 479 |
debug($authorizations); debug("hpotter->data"); debug($hpotter->data);
|
|
| 480 |
} |
|
| 481 |
|
|
| 482 |
$user_data = $hpotter->data['ldap_authorizations']['og_group']; |
|
| 483 |
$success = (isset($user_data[$students_membership_consumer_id]) && |
|
| 484 |
isset($user_data[$gryffindor_membership_consumer_id]) && |
|
| 485 |
isset($user_data[$students_membership_consumer_id]['date_granted']) && |
|
| 486 |
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) && |
|
| 487 |
isset($user_data[$students_membership_consumer_id]['date_granted']) && |
|
| 488 |
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) && |
|
| 489 |
$user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id); |
|
| 490 |
$this->assertTrue($success, 'Correct User Data Authorization Records', $test_id); |
|
| 491 |
|
|
| 492 |
|
|
| 493 |
|
|
| 494 |
/** test multiple logon scenario. this deals with a variety of concerns such as caching of |
|
| 495 |
* user and og data |
|
| 496 |
*/ |
|
| 497 |
$test_id = 'LDAP_authorz.og.mulitplelogons'; |
|
| 498 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0; |
|
| 499 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1; |
|
| 500 |
$this->consumerAdminConf['og_group']->status = 1; |
|
| 501 |
$this->consumerAdminConf['og_group']->save(); |
|
| 502 |
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
|
| 503 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 504 |
|
|
| 505 |
$this->drupalGet('user/logout');
|
|
| 506 |
$pre_authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 507 |
$this->assertTrue(count($pre_authorizations) == 0, 'Setup correct for test ' . $test_id, $test_id); |
|
| 508 |
|
|
| 509 |
foreach (array(1, 2, 3) as $i) {
|
|
| 510 |
$this->drupalGet('user/logout');
|
|
| 511 |
$edit = array( |
|
| 512 |
'name' => 'hpotter', |
|
| 513 |
'pass' => 'goodpwd', |
|
| 514 |
); |
|
| 515 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 516 |
$this->assertText(t('Member for'), "Repeated logon grant test i=$i", $test_id);
|
|
| 517 |
$hpotter = user_load_by_name('hpotter');
|
|
| 518 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 519 |
|
|
| 520 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 521 |
$success = in_array($students_membership_consumer_id, $authorizations) && |
|
| 522 |
in_array($gryffindor_membership_consumer_id, $authorizations); |
|
| 523 |
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id); |
|
| 524 |
if (!$success) {
|
|
| 525 |
debug("$test_id i=$i"); debug($hpotter->data); debug($og_group_consumer->usersAuthorizations($hpotter), TRUE);
|
|
| 526 |
} |
|
| 527 |
$this->UIGroupMembershipTest($hpotter, $og_gryffindor_node, $test_id); |
|
| 528 |
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id); |
|
| 529 |
// also need to assert user->data['ldap_authorizations']['og_group'] array |
|
| 530 |
|
|
| 531 |
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id); |
|
| 532 |
$user_data = $hpotter->data['ldap_authorizations']['og_group']; |
|
| 533 |
$success = (isset($user_data[$students_membership_consumer_id]) && |
|
| 534 |
isset($user_data[$gryffindor_membership_consumer_id]) && |
|
| 535 |
isset($user_data[$students_membership_consumer_id]['date_granted']) && |
|
| 536 |
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) && |
|
| 537 |
isset($user_data[$students_membership_consumer_id]['date_granted']) && |
|
| 538 |
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) && |
|
| 539 |
$user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id); |
|
| 540 |
$this->assertTrue($success, 'Correct User Data Authorization Records', $test_id); |
|
| 541 |
$this->drupalGet('user/logout');
|
|
| 542 |
} |
|
| 543 |
|
|
| 544 |
/** |
|
| 545 |
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for |
|
| 546 |
* removing manually granted roles |
|
| 547 |
* |
|
| 548 |
* $this->revokeLdapProvisioned == 1 : Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid. |
|
| 549 |
* |
|
| 550 |
* grant groups via ldap and some not manually, |
|
| 551 |
* then logon again and make sure the ldap provided roles are revoked and the drupal ones are not revoked |
|
| 552 |
* |
|
| 553 |
*/ |
|
| 554 |
$test_id = 'LDAP_authorz.og.Flags.revokeLdapProvisioned.1'; |
|
| 555 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0; |
|
| 556 |
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1; |
|
| 557 |
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1; |
|
| 558 |
$this->consumerAdminConf['og_group']->save(); |
|
| 559 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 560 |
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
|
| 561 |
$edit = array( |
|
| 562 |
'name' => 'hpotter', |
|
| 563 |
'pass' => 'goodpwd', |
|
| 564 |
); |
|
| 565 |
|
|
| 566 |
// group to 2 "undeserved" groups, but only ldap associate 1 |
|
| 567 |
$hpotter = $this->manualOgGroup($hpotter, $og_slytherin_group->gid); |
|
| 568 |
$hpotter = $this->manualOgGroup($hpotter, $og_hufflepuff_group->gid); |
|
| 569 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 570 |
$this->assertTrue( |
|
| 571 |
in_array($slytherin_membership_consumer_id, $authorizations) && |
|
| 572 |
in_array($hufflepuff_membership_consumer_id, $authorizations) |
|
| 573 |
, "prep for $test_id", $test_id); |
|
| 574 |
|
|
| 575 |
|
|
| 576 |
// debug(); debug("4.1 hpotter->data"); debug($hpotter->data);
|
|
| 577 |
// $undeserved_consumer_id = $og_slytherin_group->gid . '-' . $member_rid; |
|
| 578 |
$user_edit['data'] = $hpotter->data; |
|
| 579 |
$user_edit['data']['ldap_authorizations']['og_group'][$slytherin_membership_consumer_id] = |
|
| 580 |
array( |
|
| 581 |
array('date_granted' => 1304216778),
|
|
| 582 |
array('consumer_id_mixed_case' => $slytherin_membership_consumer_id),
|
|
| 583 |
); |
|
| 584 |
$hpotter = user_save($hpotter, $user_edit); |
|
| 585 |
|
|
| 586 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 587 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
|
|
| 588 |
$hpotter = user_load_by_name('hpotter');
|
|
| 589 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 590 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 591 |
$this->UIGroupMembershipTest($hpotter, $og_hufflepuff_node, $test_id); |
|
| 592 |
$this->UIGroupMembershipTest($hpotter, $og_slytherin_node, $test_id, FALSE); |
|
| 593 |
$this->assertTrue( |
|
| 594 |
!in_array($slytherin_membership_consumer_id, $authorizations) && |
|
| 595 |
in_array($hufflepuff_membership_consumer_id, $authorizations) |
|
| 596 |
, "Ldap granted og revoked when not deserved in ldap, manual og membership retained.", $test_id); |
|
| 597 |
|
|
| 598 |
// assert that slytherin membership removed, but hufflepuff kept |
|
| 599 |
//debug($authorizations); |
|
| 600 |
//debug("4. hpotter->data"); debug($hpotter->data);
|
|
| 601 |
|
|
| 602 |
/** |
|
| 603 |
* LDAP_authorz.Flags.regrantLdapProvisioned |
|
| 604 |
* $this->regrantLdapProvisioned == 1 : |
|
| 605 |
* Re grant !consumer_namePlural previously granted |
|
| 606 |
* by LDAP Authorization but removed manually. |
|
| 607 |
* |
|
| 608 |
* - manually remove ldap granted og membership |
|
| 609 |
* - logon |
|
| 610 |
* - check if regranted |
|
| 611 |
*/ |
|
| 612 |
$test_id = 'LDAP_authorz.Flags.regrantLdapProvisioned=1'; |
|
| 613 |
$this->drupalGet('user/logout');
|
|
| 614 |
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1; |
|
| 615 |
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1; |
|
| 616 |
$this->consumerAdminConf['og_group']->save(); |
|
| 617 |
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 618 |
$hpotter = user_load($hpotter->uid, TRUE); // do not recreate hpotter user because using date from last test |
|
| 619 |
|
|
| 620 |
// ungroup hpotter from students |
|
| 621 |
$hpotter = og_ungroup($og_students_group->gid, 'user', $hpotter, TRUE); |
|
| 622 |
// confirm doesn't have authorization |
|
| 623 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 624 |
$this->assertTrue(!in_array($students_membership_consumer_id, $authorizations), 'hpotter student membership removed before testing regrant', $test_id); |
|
| 625 |
/** |
|
| 626 |
* logon |
|
| 627 |
*/ |
|
| 628 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 629 |
|
|
| 630 |
// assert students membership regranted |
|
| 631 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 632 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 633 |
module_load_include('php', 'og', 'module');
|
|
| 634 |
og_invalidate_cache(); |
|
| 635 |
$caches = array( |
|
| 636 |
'og_get_entity_groups', |
|
| 637 |
'og_get_membership', |
|
| 638 |
'og_get_field_og_membership_properties', |
|
| 639 |
); |
|
| 640 |
|
|
| 641 |
foreach ($caches as $cache) {
|
|
| 642 |
drupal_static_reset($cache); |
|
| 643 |
} |
|
| 644 |
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE); |
|
| 645 |
$success = in_array($students_membership_consumer_id, $authorizations); |
|
| 646 |
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id); |
|
| 647 |
$this->assertTrue($success, "regrant Ldap Provisioned og groups ($students_membership_consumer_id) that were manually revoked", $test_id); |
|
| 648 |
if (!$success) {
|
|
| 649 |
debug($test_id); |
|
| 650 |
debug("students_membership_consumer_id=$students_membership_consumer_id");
|
|
| 651 |
debug('hpotter->data'); debug($hpotter->data);
|
|
| 652 |
debug('current authorizations'); debug($authorizations);
|
|
| 653 |
} |
|
| 654 |
//debug("5. hpotter->data"); debug($hpotter->data);
|
|
| 655 |
|
|
| 656 |
|
|
| 657 |
/** |
|
| 658 |
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and |
|
| 659 |
* apply authorization query. should return no og groups |
|
| 660 |
* |
|
| 661 |
* THIS NEEDS TO BE REWORKED. ITS A MEANINGLESS TEST IN CURRENT STATE |
|
| 662 |
* should |
|
| 663 |
* A. leave on mixed mode ldap authentication |
|
| 664 |
* logon with non ldap password and receive no authorizations |
|
| 665 |
* |
|
| 666 |
* B. leave on mixed mode authentication and logon with ldap |
|
| 667 |
* groups should be granted |
|
| 668 |
* |
|
| 669 |
*/ |
|
| 670 |
//$test_id = 'LDAP_authorz.onlyLdapAuthenticated.1'; |
|
| 671 |
//$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1; |
|
| 672 |
//$this->consumerAdminConf['og_group']->status = 1; |
|
| 673 |
//$this->consumerAdminConf['og_group']->save(); |
|
| 674 |
//$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
|
| 675 |
// |
|
| 676 |
//$hpotter = $this->deleteAndRecreateUser('hpotter');
|
|
| 677 |
// |
|
| 678 |
//list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group'); // just see if the correct ones are derived. |
|
| 679 |
//$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0); |
|
| 680 |
//$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', $test_id); |
|
| 681 |
//$hpotter = user_load($hpotter->uid, TRUE); |
|
| 682 |
//if (!$success) {
|
|
| 683 |
// debug($test_id . "new_authorizations:"); debug($new_authorizations); |
|
| 684 |
// debug($this->testFunctions->ldapUserIsAuthmapped('hpotter'));
|
|
| 685 |
// debug($notifications); |
|
| 686 |
// debug($hpotter); |
|
| 687 |
//} |
|
| 688 |
|
|
| 689 |
} |
|
| 690 |
|
|
| 691 |
|
|
| 692 |
} |
|
| drupal7/sites/all/modules/ldap/ldap_authorization/tests/Og2Tests.test | ||
|---|---|---|
| 127 | 127 |
* just make sure install succeeds and |
| 128 | 128 |
*/ |
| 129 | 129 |
function testBasicFunctionsAndApi() {
|
| 130 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
| 131 |
return; |
|
| 130 | 132 |
|
| 131 | 133 |
if (ldap_authorization_og_og_version() != 2) {
|
| 132 | 134 |
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
|
| ... | ... | |
| 300 | 302 |
*/ |
| 301 | 303 |
|
| 302 | 304 |
function testFlags() {
|
| 305 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
| 306 |
return; |
|
| 303 | 307 |
|
| 304 | 308 |
$sid = 'activedirectory1'; |
| 305 | 309 |
$this->prepTestData( |
| drupal7/sites/all/modules/ldap/ldap_feeds/FeedsLdapEntryParser.inc | ||
|---|---|---|
| 22 | 22 |
$parsed_item = array('dn' => (string)$ldap_entry['dn']);
|
| 23 | 23 |
foreach ($mappings as $j => $map) {
|
| 24 | 24 |
$source_lcase = drupal_strtolower($map['source']); |
| 25 |
// dn is already parsed |
|
| 26 |
if ($source_lcase == 'dn') {
|
|
| 27 |
continue; |
|
| 28 |
} |
|
| 25 | 29 |
$source = $map['source']; |
| 26 | 30 |
if (isset($ldap_entry['attr'])) {
|
| 27 | 31 |
// exception need because of unconvential format of ldap data returned from $ldap_server->userUserNameToExistingLdapEntry |
| ... | ... | |
| 30 | 34 |
else {
|
| 31 | 35 |
$ldap_attributes = $ldap_entry; |
| 32 | 36 |
} |
| 33 |
if ($source_lcase != 'dn' && isset($ldap_attributes[$source_lcase][0])) {
|
|
| 37 |
if (isset($ldap_attributes[$source_lcase][0])) {
|
|
| 34 | 38 |
if ($ldap_attributes[$source_lcase]['count'] == 1 && is_scalar($ldap_attributes[$source_lcase][0])) {
|
| 35 | 39 |
$parsed_item[$source] = (string)$ldap_attributes[$source_lcase][0]; |
| 36 | 40 |
} |
| ... | ... | |
| 40 | 44 |
} |
| 41 | 45 |
} |
| 42 | 46 |
else {
|
| 43 |
$parsed_item[$source] = ''; |
|
| 47 |
$parsed_item[$source] = ' ';
|
|
| 44 | 48 |
} |
| 45 | 49 |
} |
| 46 | 50 |
$parsed_items[] = $parsed_item; |
| drupal7/sites/all/modules/ldap/ldap_feeds/FeedsLdapQueryFetcher.inc | ||
|---|---|---|
| 29 | 29 |
public function getRaw() {
|
| 30 | 30 |
|
| 31 | 31 |
$results = array(); |
| 32 |
$count = 0; |
|
| 32 | 33 |
foreach ($this->query_ids as $i => $query_id) {
|
| 33 | 34 |
$ldapQuery = ldap_query_get_queries($query_id, 'enabled', TRUE); |
| 34 | 35 |
$more_results = $ldapQuery->query(); |
| 35 | 36 |
if (is_array($more_results)) {
|
| 37 |
$count += $more_results['count']; |
|
| 36 | 38 |
$results = array_merge($results, $more_results); |
| 37 | 39 |
} |
| 38 | 40 |
} |
| 41 |
if ($count) {
|
|
| 42 |
$results['count'] = $count; |
|
| 43 |
} |
|
| 39 | 44 |
return $results; |
| 40 | 45 |
} |
| 41 | 46 |
} |
| drupal7/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info | ||
|---|---|---|
| 12 | 12 |
core = 7.x |
| 13 | 13 |
php = 5.2 |
| 14 | 14 |
|
| 15 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 16 |
version = "7.x-2.0-beta11"
|
|
| 15 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 16 |
version = "7.x-2.0-beta12"
|
|
| 17 | 17 |
core = "7.x" |
| 18 | 18 |
project = "ldap" |
| 19 |
datestamp = "1470608343"
|
|
| 19 |
datestamp = "1487199794"
|
|
| 20 | 20 |
|
| drupal7/sites/all/modules/ldap/ldap_help/ldap_help.info | ||
|---|---|---|
| 5 | 5 |
|
| 6 | 6 |
dependencies[] = ldap_servers |
| 7 | 7 |
dependencies[] = ldap_test |
| 8 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 9 |
version = "7.x-2.0-beta11"
|
|
| 8 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 9 |
version = "7.x-2.0-beta12"
|
|
| 10 | 10 |
core = "7.x" |
| 11 | 11 |
project = "ldap" |
| 12 |
datestamp = "1470608343"
|
|
| 12 |
datestamp = "1487199794"
|
|
| 13 | 13 |
|
| drupal7/sites/all/modules/ldap/ldap_query/ldap_query.info | ||
|---|---|---|
| 17 | 17 |
|
| 18 | 18 |
configure = admin/config/people/ldap/query |
| 19 | 19 |
|
| 20 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 21 |
version = "7.x-2.0-beta11"
|
|
| 20 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 21 |
version = "7.x-2.0-beta12"
|
|
| 22 | 22 |
core = "7.x" |
| 23 | 23 |
project = "ldap" |
| 24 |
datestamp = "1470608343"
|
|
| 24 |
datestamp = "1487199794"
|
|
| 25 | 25 |
|
| drupal7/sites/all/modules/ldap/ldap_servers/LdapServer.class.php | ||
|---|---|---|
| 489 | 489 |
|
| 490 | 490 |
foreach ($new_entry as $key => $new_val) {
|
| 491 | 491 |
$old_value = FALSE; |
| 492 |
$old_value_is_scalar = FALSE; |
|
| 492 | 493 |
$key_lcase = drupal_strtolower($key); |
| 493 | 494 |
if (isset($old_entry[$key_lcase])) {
|
| 494 | 495 |
if ($old_entry[$key_lcase]['count'] == 1) {
|
| ... | ... | |
| 1119 | 1120 |
} |
| 1120 | 1121 |
else {
|
| 1121 | 1122 |
foreach ($errors as $err => $err_val){
|
| 1122 |
watchdog('ldap_server', "Error storing picture: %$err", "%$err_val", WATCHDOG_ERROR );
|
|
| 1123 |
watchdog('ldap_server', "Error storing picture: %$err", array("%$err" => $err_val), WATCHDOG_ERROR);
|
|
| 1123 | 1124 |
} |
| 1124 | 1125 |
return FALSE; |
| 1125 | 1126 |
} |
| drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.encryption.inc | ||
|---|---|---|
| 51 | 51 |
); */ |
| 52 | 52 |
|
| 53 | 53 |
$encrypts = array( |
| 54 |
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'No Encyption' |
|
| 54 |
LDAP_SERVERS_ENC_TYPE_CLEARTEXT => 'No Encryption'
|
|
| 55 | 55 |
); |
| 56 | 56 |
if (function_exists('mcrypt_module_open')) {
|
| 57 | 57 |
$encrypts[LDAP_SERVERS_ENC_TYPE_BLOWFISH] = 'Blowfish'; |
| drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.info | ||
|---|---|---|
| 17 | 17 |
files[] = tests/ldap_servers.test |
| 18 | 18 |
configure = admin/config/people/ldap/servers |
| 19 | 19 |
|
| 20 |
; Information added by Drupal.org packaging script on 2016-08-07
|
|
| 21 |
version = "7.x-2.0-beta11"
|
|
| 20 |
; Information added by Drupal.org packaging script on 2017-02-15
|
|
| 21 |
version = "7.x-2.0-beta12"
|
|
| 22 | 22 |
core = "7.x" |
| 23 | 23 |
project = "ldap" |
| 24 |
datestamp = "1470608343"
|
|
| 24 |
datestamp = "1487199794"
|
|
| 25 | 25 |
|
| drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.install | ||
|---|---|---|
| 18 | 18 |
*/ |
| 19 | 19 |
function ldap_servers_uninstall() {
|
| 20 | 20 |
variable_del('ldap_servers_encryption');
|
| 21 |
variable_del('ldap_servers_require_ssl_for_credentails');
|
|
| 21 |
variable_del('ldap_servers_require_ssl_for_credentials');
|
|
| 22 | 22 |
variable_del('ldap_servers_encrypt_key');
|
| 23 | 23 |
|
| 24 | 24 |
} |
| ... | ... | |
| 857 | 857 |
} |
| 858 | 858 |
} |
| 859 | 859 |
|
| 860 |
/** |
|
| 861 |
* Fixes a typo in an LDAP variable name. |
|
| 862 |
*/ |
|
| 863 |
function ldap_servers_update_7207() {
|
|
| 864 |
if (!is_null($old_var = variable_get('ldap_servers_require_ssl_for_credentails'))) {
|
|
| 865 |
variable_set('ldap_servers_require_ssl_for_credentials', $old_var);
|
|
| 866 |
variable_del('ldap_servers_require_ssl_for_credentails');
|
|
| 867 |
} |
|
| 868 |
} |
|
| 869 |
|
|
| 860 | 870 |
function ldap_servers_install_update_schema($schema, &$change_log) {
|
| 861 | 871 |
foreach ($schema as $table_name => $table_schema) {
|
| 862 | 872 |
foreach ($table_schema['fields'] as $field_name => $field_schema) {
|
| drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.module | ||
|---|---|---|
| 698 | 698 |
// if no explicit $sid, find most appropriate one |
Formats disponibles : Unified diff
Weekly update of contrib modules