1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* See getInfo() for test summary.
|
6
|
*
|
7
|
* @todo test for ldapUserConf->setSynchMapping()
|
8
|
* @todo test for ldapUserConf->ldapAssociateDrupalAccount($drupal_username)
|
9
|
*/
|
10
|
|
11
|
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
12
|
/**
|
13
|
*
|
14
|
*/
|
15
|
class LdapUserUnitTests extends LdapTestCase {
|
16
|
|
17
|
/**
|
18
|
*
|
19
|
*/
|
20
|
public static function getInfo() {
|
21
|
return [
|
22
|
'name' => 'LDAP User Unit Tests',
|
23
|
'description' => 'Test functions outside of real contexts.',
|
24
|
'group' => 'LDAP User',
|
25
|
];
|
26
|
}
|
27
|
|
28
|
/**
|
29
|
*
|
30
|
*/
|
31
|
public function __construct($test_id = NULL) {
|
32
|
parent::__construct($test_id);
|
33
|
}
|
34
|
|
35
|
public $module_name = 'ldap_user';
|
36
|
protected $ldap_test_data;
|
37
|
|
38
|
/**
|
39
|
* Create one or more server configurations in such as way
|
40
|
* that this setUp can be a prerequisite for ldap_authentication and ldap_authorization.
|
41
|
*/
|
42
|
public function setUp() {
|
43
|
parent::setUp(['ldap_servers', 'ldap_user', 'ldap_authentication', 'ldap_test']);
|
44
|
variable_set('ldap_simpletest', 2);
|
45
|
}
|
46
|
|
47
|
/**
|
48
|
*
|
49
|
*/
|
50
|
public function tearDown() {
|
51
|
parent::tearDown();
|
52
|
variable_del('ldap_help_watchdog_detail');
|
53
|
variable_del('ldap_simpletest');
|
54
|
}
|
55
|
|
56
|
/**
|
57
|
* Make sure install succeeds and ldap user functions/methods work.
|
58
|
*/
|
59
|
public function testUnitTests() {
|
60
|
// TODO: Fix failing tests, excluding to make branch pass.
|
61
|
return;
|
62
|
|
63
|
// Just to give warning if setup doesn't succeed.
|
64
|
$setup_success = (
|
65
|
module_exists('ldap_user') &&
|
66
|
module_exists('ldap_servers') &&
|
67
|
(variable_get('ldap_simpletest', 2) > 0)
|
68
|
);
|
69
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('setup'));
|
70
|
|
71
|
$api_functions = [
|
72
|
'ldap_user_conf' => [2, 0],
|
73
|
'ldap_user_synch_to_drupal' => [3, 1],
|
74
|
'ldap_user_provision_to_drupal' => [2, 1],
|
75
|
'ldap_user_ldap_provision_semaphore' => [4, 2],
|
76
|
'ldap_user_token_replace' => [3, 2],
|
77
|
'ldap_user_token_tokenize_entry' => [5, 2],
|
78
|
];
|
79
|
|
80
|
foreach ($api_functions as $api_function_name => $param_count) {
|
81
|
$reflector = new ReflectionFunction($api_function_name);
|
82
|
$this->assertTrue(
|
83
|
function_exists($api_function_name) &&
|
84
|
$param_count[1] == $reflector->getNumberOfRequiredParameters() &&
|
85
|
$param_count[0] == $reflector->getNumberOfParameters(),
|
86
|
' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', $this->testId($api_function_name . ' unchanged'));
|
87
|
}
|
88
|
|
89
|
$this->assertTrue(drupal_cron_run(), t('Cron can run with ldap user enabled.'), $this->testId('cron works'));
|
90
|
|
91
|
// Test user token functions.
|
92
|
$entity = new stdClass();
|
93
|
$entity->lname[LANGUAGE_NONE][0]['value'] = 'potter';
|
94
|
$entity->house[LANGUAGE_NONE][0]['value'] = 'Gryffindor';
|
95
|
$entity->house[LANGUAGE_NONE][1]['value'] = 'Privet Drive';
|
96
|
$account = new stdClass();
|
97
|
$account->mail = 'hpotter@hogwarts.edu';
|
98
|
$mail = ldap_user_token_replace('[property.mail]', $account, $entity);
|
99
|
$this->assertTrue($mail == $account->mail, t('[property.mail] token worked on ldap_user_token_replace().'), $this->testId('tokens.property'));
|
100
|
$lname = ldap_user_token_replace('[field.lname]', $account, $entity);
|
101
|
$this->assertTrue($lname == $entity->lname[LANGUAGE_NONE][0]['value'], t('[field.lname] token worked on ldap_user_token_replace().'), $this->testId('tokens.property.field'));
|
102
|
$house1 = ldap_user_token_replace('[field.house:1]', $account, $entity);
|
103
|
$this->assertTrue($house1 == $entity->house[LANGUAGE_NONE][1]['value'], t('[field.house:1] token worked on ldap_user_token_replace().'), $this->testId('tokens.property.field.ordinal'));
|
104
|
// @todo need tests for :last and a multivalued attribute. see http://drupal.org/node/1245736
|
105
|
|
106
|
$sids = ['activedirectory1'];
|
107
|
$this->prepTestData('hogwarts', $sids, 'default');
|
108
|
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
|
109
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
110
|
|
111
|
$this->assertTrue(is_object($ldap_user_conf), t('ldap_conf class instantiated'), $this->testId('construct ldapUserConf object'));
|
112
|
|
113
|
$user_edit = [];
|
114
|
$ldap_user = ldap_servers_get_user_ldap_data('hpotter', $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
|
115
|
|
116
|
$desired_result = [
|
117
|
'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
118
|
'mail' => 'hpotter@hogwarts.edu',
|
119
|
'attr' => $ldap_server->entries['cn=hpotter,ou=people,dc=hogwarts,dc=edu'],
|
120
|
'sid' => 'activedirectory1',
|
121
|
];
|
122
|
|
123
|
if (is_array($ldap_user)) {
|
124
|
$array_diff = array_diff($ldap_user, $desired_result);
|
125
|
$this->assertTrue(count($array_diff) == 0, t('ldap_servers_get_user_ldap_data retrieved correct attributes and values'), $this->testId('ldap_servers_get_user_ldap_data'));
|
126
|
}
|
127
|
if (count($array_diff) != 0) {
|
128
|
debug('ldap_servers_get_user_ldap_data failed. resulting ldap data array:'); debug($ldap_user); debug('desired result:'); debug($desired_result); debug('array_diff:'); debug($array_diff);
|
129
|
}
|
130
|
$ldap_todrupal_prov_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, 'all', TRUE);
|
131
|
$ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_todrupal_prov_server);
|
132
|
|
133
|
unset($user_edit['pass']);
|
134
|
$desired_result = [
|
135
|
'mail' => 'hpotter@hogwarts.edu',
|
136
|
'name' => 'hpotter',
|
137
|
'init' => 'hpotter@hogwarts.edu',
|
138
|
'status' => 1,
|
139
|
'signature' => '',
|
140
|
'data' =>
|
141
|
[
|
142
|
'ldap_authentication' =>
|
143
|
[
|
144
|
'init' =>
|
145
|
[
|
146
|
'sid' => 'activedirectory1',
|
147
|
'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
148
|
'mail' => 'hpotter@hogwarts.edu',
|
149
|
],
|
150
|
],
|
151
|
],
|
152
|
'ldap_user_puid' =>
|
153
|
[
|
154
|
LANGUAGE_NONE =>
|
155
|
[
|
156
|
0 =>
|
157
|
[
|
158
|
'value' => '101',
|
159
|
],
|
160
|
],
|
161
|
],
|
162
|
'ldap_user_puid_property' =>
|
163
|
[
|
164
|
LANGUAGE_NONE =>
|
165
|
[
|
166
|
0 =>
|
167
|
[
|
168
|
'value' => 'guid',
|
169
|
],
|
170
|
],
|
171
|
],
|
172
|
'ldap_user_puid_sid' =>
|
173
|
[
|
174
|
LANGUAGE_NONE =>
|
175
|
[
|
176
|
0 =>
|
177
|
[
|
178
|
'value' => 'activedirectory1',
|
179
|
],
|
180
|
],
|
181
|
],
|
182
|
'ldap_user_current_dn' =>
|
183
|
[
|
184
|
LANGUAGE_NONE =>
|
185
|
[
|
186
|
0 =>
|
187
|
[
|
188
|
'value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
189
|
],
|
190
|
],
|
191
|
],
|
192
|
];
|
193
|
// @FIXME: Wrapper for failing test.
|
194
|
if (is_array($user_edit)) {
|
195
|
$array_diff = array_diff($user_edit, $desired_result);
|
196
|
}
|
197
|
// @todo need better diff, this will give false positives in most cases
|
198
|
$this->assertTrue(count($array_diff) == 0, t('ldapUserConf::entryToUserEdit retrieved correct property, field, and data values.'), $this->testId('ldapUserConf::entryToUserEdit'));
|
199
|
if (count($array_diff) != 0) {
|
200
|
debug('ldapUserConf::entryToUserEdit failed. resulting user edit array:'); debug($user_edit); debug('desired result:'); debug($desired_result); debug('array_diff:'); debug($array_diff);
|
201
|
}
|
202
|
|
203
|
$is_synched_tests = [
|
204
|
LDAP_USER_EVENT_CREATE_DRUPAL_USER => [
|
205
|
0 => ['[property.fake]', '[property.data]', '[property.uid]'],
|
206
|
1 => ['[property.mail]', '[property.name]', '[field.ldap_user_puid]', '[field.ldap_user_puid_property]', '[field.ldap_user_puid_sid]', '[field.ldap_user_current_dn]'],
|
207
|
],
|
208
|
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER => [
|
209
|
0 => ['[property.fake]', '[property.data]', '[property.uid]', '[field.ldap_user_puid]', '[field.ldap_user_puid_property]', '[field.ldap_user_puid_sid]'],
|
210
|
1 => ['[property.mail]', '[property.name]', '[field.ldap_user_current_dn]'],
|
211
|
],
|
212
|
];
|
213
|
|
214
|
$debug = [];
|
215
|
$fail = FALSE;
|
216
|
foreach ($is_synched_tests as $prov_event => $tests) {
|
217
|
foreach ($tests as $boolean_result => $attribute_tokens) {
|
218
|
foreach ($attribute_tokens as $attribute_token) {
|
219
|
$is_synched = $ldap_user_conf->isSynched($attribute_token, [$prov_event], LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER);
|
220
|
if ((int) $is_synched !== (int) $boolean_result) {
|
221
|
$fail = TRUE;
|
222
|
$debug[$attribute_token] = "isSynched($attribute_token, array($prov_event),
|
223
|
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) returned $is_synched when it should have returned " . (int) $boolean_result;
|
224
|
}
|
225
|
}
|
226
|
}
|
227
|
}
|
228
|
|
229
|
$this->assertFalse($fail, t('ldapUserConf::isSynched works'), $this->testId('ldapUserConf::isSynched'));
|
230
|
if ($fail) {
|
231
|
debug('ldapUserConf::isSynched failures:'); debug($debug);
|
232
|
}
|
233
|
|
234
|
$this->assertTrue($ldap_user_conf->isDrupalAcctProvisionServer('activedirectory1'), t('isDrupalAcctProvisionServer works'), $this->testId('isDrupalAcctProvisionServer'));
|
235
|
$this->assertFalse($ldap_user_conf->isLdapEntryProvisionServer('activedirectory1'), t('isLdapEntryProvisionServer works'), $this->testId('isLdapEntryProvisionServer'));
|
236
|
|
237
|
$ldap_user_required_attributes = $ldap_user_conf->getLdapUserRequiredAttributes(LDAP_USER_PROV_DIRECTION_ALL);
|
238
|
|
239
|
$provision_enabled_truth = (boolean) (
|
240
|
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE)
|
241
|
&& $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE)
|
242
|
&& !$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE)
|
243
|
);
|
244
|
$this->assertTrue($provision_enabled_truth, t('provisionEnabled works'), $this->testId('provisionEnabled.1'));
|
245
|
|
246
|
$provision_enabled_false =
|
247
|
($ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE) ||
|
248
|
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE) ||
|
249
|
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE));
|
250
|
$this->assertFalse($provision_enabled_false, t('provisionEnabled works'), $this->testId('provisionEnabled.2'));
|
251
|
|
252
|
$account = new stdClass();
|
253
|
$account->name = 'hpotter';
|
254
|
$params = ['ldap_context' => 'ldap_user_prov_to_drupal', 'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER];
|
255
|
list($ldap_entry, $error) = $ldap_user_conf->drupalUserToLdapEntry($account, 'activedirectory1', $params);
|
256
|
|
257
|
$account = NULL;
|
258
|
$user_edit = ['name' => 'hpotter'];
|
259
|
|
260
|
// Test method provisionDrupalAccount()
|
261
|
$hpotter = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
262
|
|
263
|
$hpotter = user_load_by_name('hpotter');
|
264
|
|
265
|
$properties_set = (
|
266
|
$hpotter->name == 'hpotter' &&
|
267
|
$hpotter->mail == 'hpotter@hogwarts.edu' &&
|
268
|
$hpotter->init == 'hpotter@hogwarts.edu' &&
|
269
|
$hpotter->status == 1
|
270
|
);
|
271
|
$this->assertTrue($properties_set, t('user name, mail, init, and status correctly populated for hpotter'), $this->testId());
|
272
|
|
273
|
$fields_set = (
|
274
|
isset($hpotter->ldap_user_puid[LANGUAGE_NONE][0]['value']) &&
|
275
|
$hpotter->ldap_user_puid[LANGUAGE_NONE][0]['value'] == '101' &&
|
276
|
isset($hpotter->ldap_user_puid_property[LANGUAGE_NONE][0]['value']) &&
|
277
|
$hpotter->ldap_user_puid_property[LANGUAGE_NONE][0]['value'] == 'guid' &&
|
278
|
isset($hpotter->ldap_user_puid_sid[LANGUAGE_NONE][0]['value']) &&
|
279
|
$hpotter->ldap_user_puid_sid[LANGUAGE_NONE][0]['value'] == 'activedirectory1' &&
|
280
|
isset($hpotter->ldap_user_current_dn[LANGUAGE_NONE][0]['value']) &&
|
281
|
$hpotter->ldap_user_current_dn[LANGUAGE_NONE][0]['value'] == 'cn=hpotter,ou=people,dc=hogwarts,dc=edu'
|
282
|
);
|
283
|
$this->assertTrue($fields_set, t('user ldap_user_puid, ldap_user_puid_property, ldap_user_puid_sid, and ldap_user_current_dn correctly populated for hpotter'), $this->testId('provisionDrupalAccount function test 3'));
|
284
|
|
285
|
// @FIXME: Wrapper for failing test.
|
286
|
if (is_array($hpotter->data['ldap_user'])) {
|
287
|
$data_diff = array_diff(
|
288
|
$hpotter->data['ldap_user'],
|
289
|
[
|
290
|
'init' =>
|
291
|
[
|
292
|
'sid' => 'activedirectory1',
|
293
|
'dn' => NULL,
|
294
|
'mail' => 'hpotter@hogwarts.edu',
|
295
|
],
|
296
|
]
|
297
|
);
|
298
|
$this->assertTrue(count($data_diff) == 0, t('user->data array correctly populated for hpotter'), $this->testId());
|
299
|
}
|
300
|
// Test account exists with correct username, mail, fname, puid, puidfield, dn
|
301
|
// Change some user mock ldap data first, (mail and fname) then synch.
|
302
|
$account = user_load_by_name('hpotter');
|
303
|
|
304
|
$user_edit = NULL;
|
305
|
$ldap_user_conf->ldapUserSynchMappings = [];
|
306
|
$sid = 'activedirectory1';
|
307
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['[property.mail]'] = [
|
308
|
'sid' => $sid,
|
309
|
'ldap_attr' => '[mail]',
|
310
|
'user_attr' => '[property.mail]',
|
311
|
'convert' => 0,
|
312
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
313
|
'ldap_contexts' => ['ldap_user_insert_drupal_user', 'ldap_user_update_drupal_user', 'ldap_authentication_authenticate'],
|
314
|
'prov_events' => [LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER],
|
315
|
'name' => 'Property: Mail',
|
316
|
'enabled' => TRUE,
|
317
|
'config_module' => 'ldap_servers',
|
318
|
'prov_module' => 'ldap_user',
|
319
|
'user_tokens' => '',
|
320
|
];
|
321
|
$ldap_user_conf->save();
|
322
|
|
323
|
$this->testFunctions->setFakeServerUserAttribute($sid, 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'mail', 'hpotter@owlcarriers.com', 0);
|
324
|
// Clear server cache.
|
325
|
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
|
326
|
$user = $ldap_user_conf->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, NULL, TRUE);
|
327
|
|
328
|
$hpotter = user_load_by_name('hpotter');
|
329
|
$hpotter_uid = $hpotter->uid;
|
330
|
$success = ($hpotter->mail == 'hpotter@owlcarriers.com');
|
331
|
|
332
|
$this->assertTrue($success, t('synchToDrupalAccount worked for property (mail) for hpotter'), $this->testId());
|
333
|
if (!$success) {
|
334
|
debug("hpotter mail after synchToDrupalAccount :" . $hpotter->mail);
|
335
|
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE, TRUE);
|
336
|
debug('ldap_server'); debug($ldap_server);
|
337
|
}
|
338
|
|
339
|
/**
|
340
|
* test for username change and provisioning with puid conflict
|
341
|
* hpotter drupal user already exists and has correct puid
|
342
|
* change samaccountname value (puid field) of hpotter ldap entry and attempt to provision account with new username (hpotterbrawn)
|
343
|
* return should be old drupal account (same uid)
|
344
|
*/
|
345
|
|
346
|
$this->testFunctions->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'samaccountname', 'hpotter-granger', 0);
|
347
|
$account = NULL;
|
348
|
$user_edit = ['name' => 'hpotter-granger'];
|
349
|
$hpottergranger = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
350
|
|
351
|
$this->testFunctions->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'samaccountname', 'hpotter', 0);
|
352
|
$pass = (is_object($hpottergranger) && is_object($hpotter) && $hpotter->uid == $hpottergranger->uid);
|
353
|
$this->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and synched instead of creating a conflicted drupal account.'), $this->testId('provisionDrupalAccount function test with existing user with same puid'));
|
354
|
if (!$pass) {
|
355
|
debug('hpotter'); debug($hpotter); debug('hpottergranger'); debug($hpottergranger);
|
356
|
}
|
357
|
$authmaps = user_get_authmaps('hpotter-granger');
|
358
|
$pass = $authmaps['ldap_user'] == 'hpotter-granger';
|
359
|
$this->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and fixed authmap.'), $this->testId());
|
360
|
|
361
|
$pass = is_object($hpottergranger) && $hpottergranger->name == 'hpotter-granger';
|
362
|
$this->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and fixed username.'), $this->testId());
|
363
|
|
364
|
$user_edit = ['name' => 'hpotter'];
|
365
|
$hpotter = user_save($hpottergranger, $user_edit, 'ldap_user');
|
366
|
|
367
|
// Delete and recreate test account to make sure account is in correct state.
|
368
|
$ldap_user_conf->deleteDrupalAccount('hpotter');
|
369
|
$this->assertFalse(user_load($hpotter_uid, TRUE), t('deleteDrupalAccount deleted hpotter successfully'), $this->testId());
|
370
|
|
371
|
$ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE, TRUE);
|
372
|
$ldap_server->refreshFakeData();
|
373
|
$account = NULL;
|
374
|
$user_edit = ['name' => 'hpotter'];
|
375
|
$hpotter = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
376
|
|
377
|
}
|
378
|
|
379
|
/**
|
380
|
*
|
381
|
*/
|
382
|
public function testProvisionToDrupal() {
|
383
|
// TODO: Fix failing tests, excluding to make branch pass.
|
384
|
return;
|
385
|
/**
|
386
|
* test that $ldap_user_conf->synchToDrupalAccount() works for various contexts.
|
387
|
* make sure changing when a given field/property is flagged for a particular context, everything works
|
388
|
* tests one property (property.mail) and one field (field.field_lname) as well as username, puid
|
389
|
*/
|
390
|
|
391
|
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
392
|
$setup_success = (
|
393
|
module_exists('ldap_user') &&
|
394
|
module_exists('ldap_servers') &&
|
395
|
(variable_get('ldap_simpletest', 0) > 0)
|
396
|
);
|
397
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId("setup"));
|
398
|
|
399
|
$sid = 'activedirectory1';
|
400
|
$sids = [$sid];
|
401
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
402
|
$tests = [];
|
403
|
|
404
|
$tests[] = [
|
405
|
'disabled' => 0,
|
406
|
'user' => 'hpotter',
|
407
|
'field_name' => 'field_lname',
|
408
|
'field_values' => [['sn' => 'Potter'], ['sn' => 'Pottery-Chard']],
|
409
|
// First value is what is desired on synch, second if no sycn.
|
410
|
'field_results' => ['Potter', 'Pottery-Chard'],
|
411
|
'mapping' => [
|
412
|
'sid' => $sid,
|
413
|
'name' => 'Field: Last Name',
|
414
|
'ldap_attr' => '[SN]',
|
415
|
'user_attr' => '[field.field_lname]',
|
416
|
'convert' => 0,
|
417
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
418
|
'prov_events' => [LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER],
|
419
|
'user_tokens' => '',
|
420
|
'config_module' => 'ldap_user',
|
421
|
'prov_module' => 'ldap_user',
|
422
|
'enabled' => TRUE,
|
423
|
],
|
424
|
];
|
425
|
|
426
|
// Test for compound tokens.
|
427
|
$tests[] = [
|
428
|
'disabled' => 0,
|
429
|
'user' => 'hpotter',
|
430
|
'field_name' => 'field_display_name',
|
431
|
'field_values' => [['givenname' => 'Harry', 'sn' => 'Potter'], ['givenname' => 'Sir Harry', 'sn' => 'Potter']],
|
432
|
// Desired results.
|
433
|
'field_results' => ['Harry Potter', 'Sir Harry Potter'],
|
434
|
'mapping' => [
|
435
|
'sid' => $sid,
|
436
|
'ldap_attr' => '[givenName] [sn]',
|
437
|
'user_attr' => '[field.field_display_name]',
|
438
|
'convert' => 0,
|
439
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
440
|
'prov_events' => [LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER],
|
441
|
'name' => 'Field: Display Name',
|
442
|
'enabled' => TRUE,
|
443
|
'config_module' => 'ldap_user',
|
444
|
'prov_module' => 'ldap_user',
|
445
|
'user_tokens' => '',
|
446
|
],
|
447
|
];
|
448
|
|
449
|
// Test for constants in use (e.g. "Smith" and "0") instead of tokens e.g. "[sn]" and "[enabled]".
|
450
|
$tests[] = [
|
451
|
'disabled' => 0,
|
452
|
'user' => 'hpotter',
|
453
|
'field_name' => 'field_lname',
|
454
|
'field_values' => [['sn' => 'Potter1'], ['sn' => 'Potter2']],
|
455
|
'field_results' => ['Smith', 'Smith'],
|
456
|
'mapping' => [
|
457
|
'sid' => $sid,
|
458
|
'name' => 'Field: Last Name',
|
459
|
// Testing of a constant mapped to a field. that is everyone should have last name smith.
|
460
|
'ldap_attr' => 'Smith',
|
461
|
'user_attr' => '[field.field_lname]',
|
462
|
'convert' => 0,
|
463
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
464
|
'prov_events' => [LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER],
|
465
|
'user_tokens' => '',
|
466
|
'config_module' => 'ldap_user',
|
467
|
'prov_module' => 'ldap_user',
|
468
|
'enabled' => TRUE,
|
469
|
|
470
|
],
|
471
|
];
|
472
|
|
473
|
// Test for compound tokens.
|
474
|
$tests[] = [
|
475
|
'disabled' => 0,
|
476
|
'user' => 'hpotter',
|
477
|
'property_name' => 'signature',
|
478
|
'property_values' => [['cn' => 'hpotter'], ['cn' => 'hpotter2']],
|
479
|
'property_results' => ['hpotter@hogwarts.edu', 'hpotter2@hogwarts.edu'],
|
480
|
'mapping' => [
|
481
|
'sid' => $sid,
|
482
|
'ldap_attr' => '[cn]@hogwarts.edu',
|
483
|
'user_attr' => '[property.signature]',
|
484
|
'convert' => 0,
|
485
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
486
|
'prov_events' => [LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER],
|
487
|
'name' => 'Property: Signature',
|
488
|
'enabled' => TRUE,
|
489
|
'config_module' => 'ldap_servers',
|
490
|
'prov_module' => 'ldap_user',
|
491
|
'user_tokens' => '',
|
492
|
],
|
493
|
];
|
494
|
|
495
|
$tests[] = [
|
496
|
'disabled' => 0,
|
497
|
'user' => 'hpotter',
|
498
|
'property_name' => 'mail',
|
499
|
'property_values' => [['mail' => 'hpotter@hogwarts.edu'], ['mail' => 'hpotter@owlmail.com']],
|
500
|
'property_results' => ['hpotter@hogwarts.edu', 'hpotter@owlmail.com'],
|
501
|
'mapping' => [
|
502
|
'sid' => $sid,
|
503
|
'ldap_attr' => '[mail]',
|
504
|
'user_attr' => '[property.mail]',
|
505
|
'convert' => 0,
|
506
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
507
|
'prov_events' => [LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER],
|
508
|
'name' => 'Property: Mail',
|
509
|
'enabled' => TRUE,
|
510
|
'config_module' => 'ldap_servers',
|
511
|
'prov_module' => 'ldap_user',
|
512
|
'user_tokens' => '',
|
513
|
],
|
514
|
];
|
515
|
|
516
|
$tests[] = [
|
517
|
'disabled' => 0,
|
518
|
'user' => 'hpotter',
|
519
|
'property_name' => 'status',
|
520
|
'property_values' => [[0 => 'z'], [0 => 'z']],
|
521
|
'property_results' => [0, 0],
|
522
|
'mapping' => [
|
523
|
'sid' => $sid,
|
524
|
'ldap_attr' => '0',
|
525
|
// Testing of a constant mapped to property.
|
526
|
'user_attr' => '[property.status]',
|
527
|
'convert' => 0,
|
528
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
529
|
'prov_events' => [LDAP_USER_EVENT_CREATE_DRUPAL_USER],
|
530
|
'name' => 'Property: Status',
|
531
|
'enabled' => TRUE,
|
532
|
'config_module' => 'ldap_servers',
|
533
|
'prov_module' => 'ldap_user',
|
534
|
'user_tokens' => '',
|
535
|
],
|
536
|
];
|
537
|
|
538
|
// @todo test with binary field
|
539
|
// @todo case sensitivity in tokens and user_attr in mappings
|
540
|
|
541
|
$test_prov_events = [
|
542
|
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER => [
|
543
|
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
|
544
|
LDAP_USER_EVENT_CREATE_DRUPAL_USER,
|
545
|
],
|
546
|
|
547
|
LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY => [
|
548
|
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
|
549
|
LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
|
550
|
],
|
551
|
];
|
552
|
|
553
|
$this->privileged_user = $this->drupalCreateUser([
|
554
|
'administer site configuration',
|
555
|
'administer users',
|
556
|
]);
|
557
|
|
558
|
/** Tests for various synch contexts **/
|
559
|
foreach ($tests as $j => $test) {
|
560
|
|
561
|
$field_name = isset($test['field_name']) ? $test['field_name'] : FALSE;
|
562
|
$property_name = isset($test['property_name']) ? $test['property_name'] : FALSE;
|
563
|
$direction = ($property_name) ? $test['mapping']['direction'] : $test['mapping']['direction'];
|
564
|
// Test for each provision event.
|
565
|
foreach ($test_prov_events[$direction] as $i => $prov_event) {
|
566
|
|
567
|
// 1. set fake ldap values for field and property in fake ldap server
|
568
|
// and clear out mappings and set to provision account with test field and prop[0] on provision.
|
569
|
$ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE);
|
570
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
571
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
572
|
if ($property_name) {
|
573
|
$token_attributes = [];
|
574
|
ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);
|
575
|
foreach ($token_attributes as $attr_name => $attr_parts) {
|
576
|
$this->testFunctions->setFakeServerUserAttribute(
|
577
|
'activedirectory1',
|
578
|
'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
579
|
$attr_name,
|
580
|
$test['property_values'][0][$attr_name],
|
581
|
0);
|
582
|
}
|
583
|
$property_token = '[property.' . $property_name . ']';
|
584
|
$ldap_user_conf->ldapUserSynchMappings[$direction][$property_token] = $test['mapping'];
|
585
|
}
|
586
|
if ($field_name) {
|
587
|
$token_attributes = [];
|
588
|
ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);
|
589
|
foreach ($token_attributes as $attr_name => $attr_parts) {
|
590
|
$this->testFunctions->setFakeServerUserAttribute(
|
591
|
'activedirectory1',
|
592
|
'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
593
|
$attr_name,
|
594
|
$test['field_values'][0][drupal_strtolower($attr_name)],
|
595
|
0);
|
596
|
}
|
597
|
$field_token = '[field.' . $field_name . ']';
|
598
|
$ldap_user_conf->ldapUserSynchMappings[$direction][$field_token] = $test['mapping'];
|
599
|
}
|
600
|
|
601
|
$ldap_user_conf->save();
|
602
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
603
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
|
604
|
ldap_servers_flush_server_cache();
|
605
|
|
606
|
// 2. delete user.
|
607
|
$username = $test['user'];
|
608
|
$user_object = user_load_by_name($username);
|
609
|
if (is_object($user_object)) {
|
610
|
// Watch out for this.
|
611
|
user_delete($user_object->uid);
|
612
|
}
|
613
|
|
614
|
// 3. create new user with provisionDrupalAccount.
|
615
|
$account = NULL;
|
616
|
$user_edit = ['name' => $username];
|
617
|
$result = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
618
|
list($user_object, $user_entity) = ldap_user_load_user_acct_and_entity($username);
|
619
|
if ($property_name) {
|
620
|
// If intended to synch.
|
621
|
if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$property_token]['prov_events'])) {
|
622
|
$property_success = ($user_object->{$property_name} == $test['property_results'][0]);
|
623
|
$this->assertTrue($property_success, t("provisionDrupalAccount worked for property $property_name"), $this->testId(":provisionDrupalAccount.i=$j.prov_event=$prov_event"));
|
624
|
if (!$property_success) {
|
625
|
debug('field fail,' . $property_name); debug($user_entity->{$property_name}); debug($test['property_results'][0]);
|
626
|
}
|
627
|
}
|
628
|
}
|
629
|
if ($field_name) {
|
630
|
|
631
|
// If intended to synch.
|
632
|
if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$field_token]['prov_events'])) {
|
633
|
$field_success = isset($user_entity->{$field_name}[LANGUAGE_NONE][0]['value']) &&
|
634
|
$user_entity->{$field_name}[LANGUAGE_NONE][0]['value'] == $test['field_results'][0];
|
635
|
$this->assertTrue($field_success, t("provisionDrupalAccount worked for field $field_name"), $this->testId(":provisionDrupalAccount.i=$j.prov_event=$prov_event"));
|
636
|
if (!$field_success) {
|
637
|
// debug($user_entity);
|
638
|
debug('field fail,' . $field_name); debug($user_entity->{$field_name}); debug($test['field_results'][0]);
|
639
|
}
|
640
|
}
|
641
|
else {
|
642
|
debug("field_name=$field_name not configured to provisionDrupalAccount on drupal user create for direction=$direction and prov_event=$prov_event");
|
643
|
}
|
644
|
}
|
645
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
|
646
|
}
|
647
|
|
648
|
/**
|
649
|
* manually create drupal user with option of not ldap associated checked
|
650
|
*/
|
651
|
|
652
|
if ($hpotter = user_load_by_name('hpotter')) {
|
653
|
user_delete($hpotter->uid);
|
654
|
}
|
655
|
$this->assertFalse(user_load_by_name('hpotter'), t('hpotter removed before manual account creation test'), $this->testId('manual non ldap account created'));
|
656
|
|
657
|
$this->drupalLogout();
|
658
|
$this->drupalLogin($this->privileged_user);
|
659
|
$this->drupalGet('admin/people/create');
|
660
|
$edit = [
|
661
|
'name' => 'hpotter',
|
662
|
'mail' => 'hpotter@hogwarts.edu',
|
663
|
'pass[pass1]' => 'goodpwd',
|
664
|
'pass[pass2]' => 'goodpwd',
|
665
|
'notify' => FALSE,
|
666
|
'ldap_user_association' => LDAP_USER_MANUAL_ACCT_CONFLICT_NO_LDAP_ASSOCIATE,
|
667
|
];
|
668
|
$this->drupalPost('admin/people/create', $edit, t('Create new account'));
|
669
|
|
670
|
$hpotter = user_load_by_name('hpotter');
|
671
|
$this->assertTrue($hpotter, t('hpotter created via ui form'), $this->testId('manual non ldap account created'));
|
672
|
$this->assertTrue($hpotter && !ldap_user_is_ldap_associated($hpotter), t('hpotter not ldap associated'), $this->testId('manual non ldap account created'));
|
673
|
|
674
|
}
|
675
|
}
|
676
|
|
677
|
}
|
678
|
/**
|
679
|
*
|
680
|
*/
|
681
|
class LdapUserIntegrationTests extends LdapTestCase {
|
682
|
|
683
|
/**
|
684
|
*
|
685
|
*/
|
686
|
public static function getInfo() {
|
687
|
return [
|
688
|
'name' => 'LDAP User Integration Tests',
|
689
|
'description' => 'Test provisioning and synching in real contexts such as account creation on logon, synching on user edit, etc.',
|
690
|
'group' => 'LDAP User',
|
691
|
];
|
692
|
}
|
693
|
|
694
|
/**
|
695
|
*
|
696
|
*/
|
697
|
public function __construct($test_id = NULL) {
|
698
|
parent::__construct($test_id);
|
699
|
}
|
700
|
|
701
|
public $module_name = 'ldap_user';
|
702
|
protected $ldap_test_data;
|
703
|
|
704
|
/**
|
705
|
* Create one or more server configurations in such as way
|
706
|
* that this setUp can be a prerequisite for ldap_authentication and ldap_authorization.
|
707
|
*/
|
708
|
public function setUp() {
|
709
|
parent::setUp(['ldap_user', 'ldap_test']);
|
710
|
variable_set('ldap_simpletest', 2);
|
711
|
}
|
712
|
|
713
|
/**
|
714
|
*
|
715
|
*/
|
716
|
public function tearDown() {
|
717
|
parent::tearDown();
|
718
|
variable_del('ldap_help_watchdog_detail');
|
719
|
variable_del('ldap_simpletest');
|
720
|
}
|
721
|
|
722
|
/**
|
723
|
* Integration tests for provisioning to ldap.
|
724
|
*/
|
725
|
public function testProvisionToLdap() {
|
726
|
|
727
|
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
728
|
$setup_success = (
|
729
|
module_exists('ldap_user') &&
|
730
|
module_exists('ldap_servers') &&
|
731
|
(variable_get('ldap_simpletest', 2) > 0)
|
732
|
);
|
733
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId("setup"));
|
734
|
|
735
|
foreach (['activedirectory1', 'openldap1'] as $test_sid) {
|
736
|
$sids = [$test_sid];
|
737
|
// This will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc.
|
738
|
$this->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid);
|
739
|
$ldap_user_conf = ldap_user_conf('default', TRUE);
|
740
|
|
741
|
// 9.B. Create and approve new user, populating first and last name.
|
742
|
$username = 'bhautdeser';
|
743
|
if ($user = user_load_by_name($username)) {
|
744
|
user_delete($user->uid);
|
745
|
}
|
746
|
$user_edit = [
|
747
|
'name' => $username,
|
748
|
'mail' => $username . '@hogwarts.org',
|
749
|
'pass' => user_password(),
|
750
|
'status' => 1,
|
751
|
];
|
752
|
$user_acct = new stdClass();
|
753
|
$user_acct->is_new = TRUE;
|
754
|
$user_acct->field_fname[LANGUAGE_NONE][0]['value'] = 'Bercilak';
|
755
|
$user_acct->field_lname[LANGUAGE_NONE][0]['value'] = 'Hautdesert';
|
756
|
|
757
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
758
|
$desired_dn = "cn=bhautdeser,ou=people,dc=hogwarts,dc=edu";
|
759
|
|
760
|
$pre_entry = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
761
|
$drupal_account = user_save($user_acct, $user_edit);
|
762
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
763
|
|
764
|
$ldap_entry_success = (
|
765
|
$ldap_entry_post &&
|
766
|
$ldap_entry_post['cn'][0] == 'bhautdeser' &&
|
767
|
$ldap_entry_post['displayname'][0] == 'Bercilak Hautdesert' &&
|
768
|
$ldap_entry_post['sn'][0] == 'Hautdesert' &&
|
769
|
$ldap_entry_post['guid'][0] == '151' &&
|
770
|
$ldap_entry_post['provisionsource'][0] == 'drupal.hogwarts.edu'
|
771
|
);
|
772
|
$this->assertTrue($ldap_entry_success, t("provision of ldap entry on user create succeeded for " . $username), $this->testId("test for provision to ldap on drupal acct create"));
|
773
|
if (!$ldap_entry_success) {
|
774
|
debug('drupal_account'); debug($drupal_account);
|
775
|
debug("desired_dn=$desired_dn, ldap_entry_post=");
|
776
|
debug($ldap_entry_post);
|
777
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
778
|
}
|
779
|
|
780
|
// Need to reset for simpletests.
|
781
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
|
782
|
|
783
|
// Change lastname and first name (in drupal) and save user to test ldapSynch event handler
|
784
|
// confirm that appropriate attributes were changed in ldap entry.
|
785
|
$ldap_entry_pre = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
786
|
$user_acct_pre = user_load_by_name('bhautdeser');
|
787
|
$edit = [];
|
788
|
$edit['field_fname'][LANGUAGE_NONE][0]['value'] = 'Bredbeddle';
|
789
|
$edit['field_lname'][LANGUAGE_NONE][0]['value'] = 'Hautdesert';
|
790
|
$user_acct = user_save($user_acct, $edit);
|
791
|
$user_acct_post = user_load_by_name('bhautdeser');
|
792
|
|
793
|
// Clear cache.
|
794
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
795
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
796
|
|
797
|
$ldap_entry_success = (
|
798
|
$ldap_entry_post['givenname'][0] == 'Bredbeddle'
|
799
|
&& $ldap_entry_post['displayname'][0] == 'Bredbeddle Hautdesert'
|
800
|
&& $ldap_entry_post['sn'][0] == 'Hautdesert'
|
801
|
);
|
802
|
|
803
|
$this->assertTrue($ldap_entry_success, t("synch to ldap entry on user save succeeded for " . $username), $this->testId());
|
804
|
if (!$ldap_entry_success) {
|
805
|
debug("dn=$desired_dn");
|
806
|
debug('drupal_account pre'); debug($user_acct_pre);
|
807
|
debug('drupal_account post'); debug($user_acct_post);
|
808
|
debug('ldap_entry_pre'); debug($ldap_entry_pre);
|
809
|
debug('ldap_entry_post'); debug($ldap_entry_post);
|
810
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
811
|
}
|
812
|
|
813
|
// Change username and first name (in drupal) and save user to test ldapSynch event handler
|
814
|
// confirm that appropriate attributes were changed in ldap entry.
|
815
|
$ldap_entry_pre = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
816
|
$user_acct_pre = user_load_by_name('bhautdeser');
|
817
|
$edit = [];
|
818
|
$edit['field_fname'][LANGUAGE_NONE][0]['value'] = 'Bredbeddle';
|
819
|
$edit['field_lname'][LANGUAGE_NONE][0]['value'] = 'Hautdesert';
|
820
|
$user_acct = user_save($user_acct, $edit);
|
821
|
$user_acct_post = user_load_by_name('bhautdeser');
|
822
|
|
823
|
// Clear cache.
|
824
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
825
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
826
|
|
827
|
$ldap_entry_success = (
|
828
|
$ldap_entry_post['givenname'][0] == 'Bredbeddle'
|
829
|
&& $ldap_entry_post['displayname'][0] == 'Bredbeddle Hautdesert'
|
830
|
&& $ldap_entry_post['sn'][0] == 'Hautdesert'
|
831
|
);
|
832
|
|
833
|
$this->assertTrue($ldap_entry_success, t("synch to ldap entry on user save succeeded for " . $username), $this->testId());
|
834
|
if (!$ldap_entry_success) {
|
835
|
debug("dn=$desired_dn");
|
836
|
debug('drupal_account pre'); debug($user_acct_pre);
|
837
|
debug('drupal_account post'); debug($user_acct_post);
|
838
|
debug('ldap_entry_pre'); debug($ldap_entry_pre);
|
839
|
debug('ldap_entry_post'); debug($ldap_entry_post);
|
840
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
841
|
}
|
842
|
}
|
843
|
|
844
|
/**
|
845
|
* provisionToLdapEmailVerification
|
846
|
* use case where a user self creates and confirms a drupal account and
|
847
|
* a corresponding ldap entry with password is created
|
848
|
*/
|
849
|
$password_tests = [
|
850
|
'[password.user-random]' => 'goodpwd',
|
851
|
'[password.random]' => 'random',
|
852
|
];
|
853
|
|
854
|
foreach ($password_tests as $password_token => $password_result) {
|
855
|
$test_id = "provisionToLdapEmailVerification $password_token, $test_sid";
|
856
|
// Need to reset for simpletests.
|
857
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
|
858
|
/**
|
859
|
* provisionToLdapEmailVerification setup
|
860
|
*/
|
861
|
// This will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc.
|
862
|
$this->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid);
|
863
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
864
|
// Turn off provisioning to drupal.
|
865
|
$ldap_user_conf->drupalAcctProvisionServer = 0;
|
866
|
$ldap_user_conf->ldapEntryProvisionServer = $test_sid;
|
867
|
$ldap_user_conf->ldapEntryProvisionTriggers = [
|
868
|
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE,
|
869
|
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE,
|
870
|
];
|
871
|
|
872
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY]['[password]'] = [
|
873
|
'sid' => $test_sid,
|
874
|
'ldap_attr' => '[password]',
|
875
|
'user_attr' => 'user_tokens',
|
876
|
'convert' => 0,
|
877
|
'user_tokens' => $password_token,
|
878
|
'config_module' => 'ldap_user',
|
879
|
'synch_module' => 'ldap_user',
|
880
|
'enabled' => 1,
|
881
|
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
882
|
];
|
883
|
|
884
|
$ldap_user_conf->save();
|
885
|
$ldap_user_conf = ldap_user_conf('default', TRUE);
|
886
|
|
887
|
variable_set('user_email_verification', TRUE);
|
888
|
// Or USER_REGISTER_ADMINISTRATORS_ONLY, USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL.
|
889
|
variable_set('user_register', USER_REGISTER_VISITORS);
|
890
|
// user_cancel_block_unpublish, user_cancel_reassign, user_cancel_delete.
|
891
|
variable_set('user_cancel_method', 'user_cancel_block');
|
892
|
$username = 'sstephens';
|
893
|
$this->drupalLogout();
|
894
|
if ($sstephens = user_load_by_name($username)) {
|
895
|
user_delete($sstephens->uid);
|
896
|
}
|
897
|
|
898
|
/**
|
899
|
* provisionToLdapEmailVerification test
|
900
|
*/
|
901
|
// User register form.
|
902
|
$this->drupalGet('user/register');
|
903
|
$edit = [
|
904
|
'name' => $username,
|
905
|
'mail' => $username . '@hogwarts.edu',
|
906
|
];
|
907
|
|
908
|
// This will create last and first name fields.
|
909
|
$this->createTestUserFields();
|
910
|
|
911
|
$this->drupalPost('user/register', $edit, t('Create new account'));
|
912
|
|
913
|
$sstephens = user_load_by_name($username);
|
914
|
|
915
|
// can't derive login url, must get it from outgoing email because timestamp in hash is not stored in user_mail_tokens()
|
916
|
$emails = $this->drupalGetMails();
|
917
|
// Most recent email is the one of interest.
|
918
|
$email_body = $emails[count($emails) - 1]['body'];
|
919
|
$result = [];
|
920
|
preg_match_all('/(user\/reset\/.*)This link can only be/s', $email_body, $result, PREG_PATTERN_ORDER);
|
921
|
if (is_array($result) && count($result) === 2) {
|
922
|
$login_path = trim($result[1][0]);
|
923
|
// User login form.
|
924
|
$this->drupalGet($login_path);
|
925
|
$sstephens = user_load_by_name($username);
|
926
|
$this->drupalPost($login_path, [], t('Log in'));
|
927
|
$sstephens = user_load_by_name($username);
|
928
|
|
929
|
$edit = [
|
930
|
'mail' => $username . '@hogwarts.edu',
|
931
|
'pass[pass1]' => 'goodpwd',
|
932
|
'pass[pass2]' => 'goodpwd',
|
933
|
'field_fname[und][0][value]' => 'Samantha',
|
934
|
'field_lname[und][0][value]' => 'Stephens',
|
935
|
];
|
936
|
|
937
|
$this->drupalPost(NULL, $edit, t('Save'));
|
938
|
$sstephens = user_load_by_name($username);
|
939
|
// Clear cache.
|
940
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
941
|
$desired_dn = "cn=$username,ou=people,dc=hogwarts,dc=edu";
|
942
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
943
|
|
944
|
$password_success = (
|
945
|
is_array($ldap_entry_post)
|
946
|
&&
|
947
|
(
|
948
|
($password_token == '[password.random]' && $ldap_entry_post['password'][0] && $ldap_entry_post['password'][0] != 'goodpwd')
|
949
|
||
|
950
|
($password_token == '[password.user-random]' && $ldap_entry_post['password'][0] == $password_result)
|
951
|
)
|
952
|
);
|
953
|
$ldap_entry_success = (
|
954
|
$password_success &&
|
955
|
$ldap_entry_post['cn'][0] == $username &&
|
956
|
$ldap_entry_post['displayname'][0] == 'Samantha Stephens' &&
|
957
|
$ldap_entry_post['provisionsource'][0] == 'drupal.hogwarts.edu' &&
|
958
|
$ldap_entry_post['sn'][0] == 'Stephens' &&
|
959
|
$ldap_entry_post['givenname'][0] == 'Samantha'
|
960
|
);
|
961
|
}
|
962
|
else {
|
963
|
$ldap_entry_success = FALSE;
|
964
|
}
|
965
|
|
966
|
$this->assertTrue($ldap_entry_success, t("correct ldap entry created for " . $username), $this->testId($test_id));
|
967
|
if (!$ldap_entry_success) {
|
968
|
debug("password_success=$password_success,password_token,password_result: $password_token, $password_result");
|
969
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
970
|
debug('ldap_entry_post'); debug($ldap_entry_post);
|
971
|
debug('user'); debug($sstephens);
|
972
|
}
|
973
|
/**
|
974
|
* @todo functional tests
|
975
|
*
|
976
|
* do a password reset of some sort
|
977
|
* try to add a drupal user that conflicts with an ldap user
|
978
|
* try a binary fields such as a user profile image
|
979
|
*/
|
980
|
|
981
|
}
|
982
|
|
983
|
// Test deletion of drupal entry on deletion of drupal user.
|
984
|
foreach (['activedirectory1', 'openldap1'] as $test_sid) {
|
985
|
$test_id = $test_sid;
|
986
|
// 1. setup.
|
987
|
$sids = [$test_sid];
|
988
|
// This will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc.
|
989
|
$this->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid);
|
990
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
991
|
if (!in_array(LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE, $ldap_user_conf->ldapEntryProvisionTriggers)) {
|
992
|
$ldap_user_conf->ldapEntryProvisionTriggers[] = LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE;
|
993
|
}
|
994
|
$ldap_user_conf->provisionsLdapEntriesFromDrupalUsers = TRUE;
|
995
|
$ldap_user_conf->save();
|
996
|
|
997
|
$username = 'bhautdeser';
|
998
|
if ($user = user_load_by_name($username)) {
|
999
|
user_delete($user->uid);
|
1000
|
}
|
1001
|
$user_edit = [
|
1002
|
'name' => $username,
|
1003
|
'mail' => $username . '@hogwarts.org',
|
1004
|
'pass' => user_password(),
|
1005
|
'status' => 1,
|
1006
|
];
|
1007
|
$user_acct = new stdClass();
|
1008
|
$user_acct->is_new = TRUE;
|
1009
|
$user_acct->field_fname[LANGUAGE_NONE][0]['value'] = 'Bercilak';
|
1010
|
$user_acct->field_lname[LANGUAGE_NONE][0]['value'] = 'Hautdesert';
|
1011
|
|
1012
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
1013
|
$desired_dn = "cn=bhautdeser,ou=people,dc=hogwarts,dc=edu";
|
1014
|
|
1015
|
$pre_entry = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
1016
|
$drupal_account = user_save($user_acct, $user_edit);
|
1017
|
$ldap_entry_pre_delete = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
1018
|
|
1019
|
$ldap_entry = $ldap_user_conf->getProvisionRelatedLdapEntry($drupal_account);
|
1020
|
|
1021
|
// 2. test.
|
1022
|
user_delete($drupal_account->uid);
|
1023
|
$ldap_server = ldap_servers_get_servers($test_sid, 'all', TRUE, TRUE);
|
1024
|
$ldap_entry_post_delete = $ldap_server->dnExists($desired_dn, 'ldap_entry');
|
1025
|
|
1026
|
$success = (!$ldap_entry_post_delete);
|
1027
|
$this->assertTrue($success, t("ldap entry removed for $username on drupal user delete with deletion enabled."), $this->testId($test_id));
|
1028
|
|
1029
|
if (!$success) {
|
1030
|
debug(" desired_dn=$desired_dn test_sid=$test_sid, ldap entry post:"); debug($ldap_entry_post_delete);
|
1031
|
}
|
1032
|
|
1033
|
}
|
1034
|
}
|
1035
|
|
1036
|
/**
|
1037
|
* Test cron function for dealing with ldap associated users who no longer have
|
1038
|
* ldap entries
|
1039
|
* - fix search in fake server to deal with general or queries.
|
1040
|
*
|
1041
|
* Simpletest approach:
|
1042
|
* - loop through all options for user_cancel
|
1043
|
* ldap_user_orphan_email
|
1044
|
* user_cancel_block, user_cancel_block_unpublish,
|
1045
|
* user_cancel_reassign, user_cancel_delete
|
1046
|
* - automatically generate 70 ldap users with cns hpotter1-hpotter300
|
1047
|
* - create 75 corresponding drupal uses that are ldap identified
|
1048
|
* - delete 10 of the ldap entries
|
1049
|
* - run cron
|
1050
|
* - test for drupal accounts being dealt with correctly and or email sent.
|
1051
|
*/
|
1052
|
public function testDrupalAccountsOrphaned() {
|
1053
|
// TODO: Fix failing tests, excluding to make branch pass.
|
1054
|
return;
|
1055
|
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
1056
|
$setup_success = (
|
1057
|
module_exists('ldap_user') &&
|
1058
|
module_exists('ldap_servers') &&
|
1059
|
(variable_get('ldap_simpletest', 2) > 0)
|
1060
|
);
|
1061
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('orphaned entries tests'));
|
1062
|
|
1063
|
$sids = ['activedirectory1'];
|
1064
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
1065
|
|
1066
|
$ldap_user_conf = ldap_user_conf('admin');
|
1067
|
$drupal_form = $ldap_user_conf->drupalForm();
|
1068
|
$account_options = $drupal_form['basic_to_drupal']['orphanedDrupalAcctBehavior']['#options'];
|
1069
|
$cn_to_account = [];
|
1070
|
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
|
1071
|
|
1072
|
foreach ($account_options as $account_option => $account_option_text) {
|
1073
|
$sids = ['activedirectory1'];
|
1074
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
1075
|
$ldap_user_conf->orphanedDrupalAcctBehavior = $account_option;
|
1076
|
$ldap_user_conf->save();
|
1077
|
$test_id = "ldap_user.orphans.$account_option";
|
1078
|
$test_text = "Test of orphaned Drupal account option: $account_option_text";
|
1079
|
$success = FALSE;
|
1080
|
|
1081
|
// Create 70 drupal accounts (clone0 to clone69) based on corresponding ldap entries.
|
1082
|
$first_clone_username = 'clone0';
|
1083
|
$last_clone_username = 'clone' . (LDAP_TEST_USER_ORPHAN_CLONE_COUNT - 1);
|
1084
|
// 70.
|
1085
|
for ($i = 0; $i < LDAP_TEST_USER_ORPHAN_CLONE_COUNT; $i++) {
|
1086
|
$name = "clone" . $i;
|
1087
|
$account = $this->createLdapIdentifiedDrupalAccount(
|
1088
|
$ldap_user_conf,
|
1089
|
$name,
|
1090
|
'activedirectory1'
|
1091
|
);
|
1092
|
$cn_to_account[$name] = $account;
|
1093
|
}
|
1094
|
|
1095
|
// Delete 10 ldap entries.
|
1096
|
// @FIXME: Wrapper for broken test.
|
1097
|
if (is_object($cn_to_account[$first_clone_username])) {
|
1098
|
$clone_first_uid = $cn_to_account[$first_clone_username]->uid;
|
1099
|
$clone_last_uid = $cn_to_account[$last_clone_username]->uid;
|
1100
|
$clone_first = user_load($clone_first_uid, TRUE);
|
1101
|
$clone_last = user_load($clone_last_uid, TRUE);
|
1102
|
}
|
1103
|
|
1104
|
$delete = LDAP_TEST_USER_ORPHAN_CLONE_COUNT - LDAP_TEST_USER_ORPHAN_CLONE_REMOVE_COUNT;
|
1105
|
for ($i = 0; $i < $delete; $i++) {
|
1106
|
$name = "clone" . $i;
|
1107
|
$account = $cn_to_account[$name];
|
1108
|
// ?? is it possible the ldap delete hook is causing the drupal user to get populated with empty values?
|
1109
|
$ldap_server->delete($account->ldap_user_current_dn[LANGUAGE_NONE][0]['value']);
|
1110
|
}
|
1111
|
|
1112
|
$clone_first = user_load($clone_first_uid, TRUE);
|
1113
|
$clone_last = user_load($clone_last_uid, TRUE);
|
1114
|
drupal_cron_run();
|
1115
|
$clone_first = user_load($clone_first_uid, TRUE);
|
1116
|
$clone_last = user_load($clone_last_uid, TRUE);
|
1117
|
switch ($account_option) {
|
1118
|
|
1119
|
case 'ldap_user_orphan_do_not_check':
|
1120
|
$test_uids = [];
|
1121
|
// 70.
|
1122
|
for ($i = 0; $i < LDAP_TEST_USER_ORPHAN_CLONE_COUNT; $i++) {
|
1123
|
$name = "clone" . $i;
|
1124
|
$test_uids[] = @$cn_to_account[$name]->uid;
|
1125
|
}
|
1126
|
$success = TRUE;
|
1127
|
$accounts = user_load_multiple($test_uids);
|
1128
|
foreach ($accounts as $uid => $account) {
|
1129
|
if ($account->status != 1) {
|
1130
|
$success = FALSE;
|
1131
|
break;
|
1132
|
}
|
1133
|
}
|
1134
|
if ($success) {
|
1135
|
$success = ($clone_last && $clone_last->status == 1);
|
1136
|
}
|
1137
|
|
1138
|
break;
|
1139
|
|
1140
|
case 'ldap_user_orphan_email':
|
1141
|
// Test is if email has 10 users and was sent.
|
1142
|
$emails = $this->drupalGetMails();
|
1143
|
if (count($emails)) {
|
1144
|
// Most recent email is the one of interest.
|
1145
|
$email_body = $emails[count($emails) - 1]['body'];
|
1146
|
$success = (strpos($email_body, "The following $delete Drupal users") !== FALSE);
|
1147
|
}
|
1148
|
else {
|
1149
|
$success = FALSE;
|
1150
|
}
|
1151
|
|
1152
|
break;
|
1153
|
|
1154
|
case 'user_cancel_block':
|
1155
|
case 'user_cancel_block_unpublish':
|
1156
|
// Test is if clone0-clone9 have a status of 0
|
1157
|
// and clone12,11... have a status of 1.
|
1158
|
$test_uids = [];
|
1159
|
// 70.
|
1160
|
for ($i = 0; $i < $delete; $i++) {
|
1161
|
$name = "clone" . $i;
|
1162
|
$test_uids[] = @$cn_to_account[$name]->uid;
|
1163
|
}
|
1164
|
$success = TRUE;
|
1165
|
$accounts = user_load_multiple($test_uids);
|
1166
|
foreach ($accounts as $uid => $account) {
|
1167
|
if ($account->status != 0) {
|
1168
|
$success = FALSE;
|
1169
|
break;
|
1170
|
}
|
1171
|
}
|
1172
|
if ($success) {
|
1173
|
$clone_last = user_load($clone_last_uid, TRUE);
|
1174
|
$success = ($clone_last && $clone_last->status == 1);
|
1175
|
}
|
1176
|
break;
|
1177
|
|
1178
|
case 'user_cancel_reassign':
|
1179
|
case 'user_cancel_delete':
|
1180
|
// Test is if clone0-clone9 are deleted
|
1181
|
// and clone12,11... have a status of 1.
|
1182
|
$test_uids = [];
|
1183
|
// 70.
|
1184
|
for ($i = 0; $i < $delete; $i++) {
|
1185
|
$name = "clone" . $i;
|
1186
|
$test_uids[] = @$cn_to_account[$name]->uid;
|
1187
|
}
|
1188
|
$success = TRUE;
|
1189
|
$accounts = user_load_multiple($test_uids);
|
1190
|
$success = (count($accounts) == LDAP_TEST_USER_ORPHAN_CLONE_COUNT);
|
1191
|
|
1192
|
if ($success) {
|
1193
|
$clone_last = user_load($clone_last_uid, TRUE);
|
1194
|
$success = ($clone_last && $clone_last->status == 1);
|
1195
|
}
|
1196
|
break;
|
1197
|
}
|
1198
|
|
1199
|
$this->assertTrue($success, $test_id, $test_text);
|
1200
|
|
1201
|
// Remove all drupal users except 1 for next test.
|
1202
|
foreach ($cn_to_account as $cn => $account) {
|
1203
|
@user_delete($account->uid);
|
1204
|
}
|
1205
|
|
1206
|
}
|
1207
|
|
1208
|
}
|
1209
|
|
1210
|
/**
|
1211
|
*
|
1212
|
*/
|
1213
|
public function createLdapIdentifiedDrupalAccount($ldap_user_conf, $name, $sid) {
|
1214
|
|
1215
|
$account = NULL;
|
1216
|
$user_edit = ['name' => $name];
|
1217
|
$user = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
1218
|
|
1219
|
return user_load($user->uid, TRUE);
|
1220
|
}
|
1221
|
|
1222
|
}
|
1223
|
/**
|
1224
|
*
|
1225
|
*/
|
1226
|
class LdapUserUITests extends LdapTestCase {
|
1227
|
|
1228
|
/**
|
1229
|
*
|
1230
|
*/
|
1231
|
public static function getInfo() {
|
1232
|
return [
|
1233
|
'name' => 'LDAP User User Interface',
|
1234
|
'description' => 'Test ldap user admin interface.',
|
1235
|
'group' => 'LDAP User',
|
1236
|
];
|
1237
|
}
|
1238
|
|
1239
|
/**
|
1240
|
*
|
1241
|
*/
|
1242
|
public function __construct($test_id = NULL) {
|
1243
|
parent::__construct($test_id);
|
1244
|
}
|
1245
|
|
1246
|
public $module_name = 'ldap_user';
|
1247
|
protected $ldap_test_data;
|
1248
|
|
1249
|
/**
|
1250
|
* Create one or more server configurations in such as way
|
1251
|
* that this setUp can be a prerequisite for ldap_authentication and ldap_authorization.
|
1252
|
*/
|
1253
|
public function setUp() {
|
1254
|
parent::setUp(['ldap_user', 'ldap_test']);
|
1255
|
variable_set('ldap_simpletest', 2);
|
1256
|
}
|
1257
|
|
1258
|
/**
|
1259
|
*
|
1260
|
*/
|
1261
|
public function tearDown() {
|
1262
|
parent::tearDown();
|
1263
|
variable_del('ldap_help_watchdog_detail');
|
1264
|
variable_del('ldap_simpletest');
|
1265
|
}
|
1266
|
|
1267
|
/**
|
1268
|
* Make sure user admin interface works. (its a beast)
|
1269
|
*/
|
1270
|
public function testUI() {
|
1271
|
|
1272
|
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
1273
|
$setup_success = (
|
1274
|
module_exists('ldap_user') &&
|
1275
|
module_exists('ldap_servers') &&
|
1276
|
(variable_get('ldap_simpletest', 2) > 0)
|
1277
|
);
|
1278
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('user interface tests'));
|
1279
|
|
1280
|
$sids = ['activedirectory1'];
|
1281
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
1282
|
|
1283
|
$this->privileged_user = $this->drupalCreateUser([
|
1284
|
'administer site configuration',
|
1285
|
'administer users',
|
1286
|
]);
|
1287
|
|
1288
|
$this->drupalLogin($this->privileged_user);
|
1289
|
|
1290
|
$ldap_user_conf = ldap_user_conf();
|
1291
|
|
1292
|
$this->drupalGet('admin/config/people/ldap/user');
|
1293
|
|
1294
|
// Populate the field settings with new settings.
|
1295
|
$sid = 'activedirectory1';
|
1296
|
|
1297
|
$edit_direct_map = [
|
1298
|
|
1299
|
'manualAccountConflict' => LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE,
|
1300
|
'drupalAcctProvisionServer' => $sid,
|
1301
|
'userConflictResolve' => LDAP_USER_CONFLICT_LOG,
|
1302
|
'acctCreation' => LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT,
|
1303
|
'orphanedDrupalAcctBehavior' => 'ldap_user_orphan_email',
|
1304
|
'orphanedCheckQty' => '50',
|
1305
|
'ldapEntryProvisionServer' => $sid,
|
1306
|
];
|
1307
|
$edit = $edit_direct_map + [
|
1308
|
'drupalAcctProvisionTriggers[' . LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE . ']' => TRUE,
|
1309
|
'drupalAcctProvisionTriggers[' . LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE . ']' => TRUE,
|
1310
|
|
1311
|
'1__sm__ldap_attr__6' => '[sn]',
|
1312
|
'1__sm__convert__6' => FALSE,
|
1313
|
'1__sm__user_attr__6' => '[field.field_lname]',
|
1314
|
'1__sm__1__6' => TRUE,
|
1315
|
'1__sm__2__6' => TRUE,
|
1316
|
|
1317
|
'1__sm__ldap_attr__7' => '[givenname]',
|
1318
|
'1__sm__convert__7' => FALSE,
|
1319
|
'1__sm__user_attr__7' => '[field.field_fname]',
|
1320
|
'1__sm__1__7' => TRUE,
|
1321
|
'1__sm__2__7' => TRUE,
|
1322
|
|
1323
|
'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE . ']' => TRUE,
|
1324
|
'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE . ']' => TRUE,
|
1325
|
'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE . ']' => TRUE,
|
1326
|
|
1327
|
'2__sm__user_attr__0' => 'user_tokens',
|
1328
|
'2__sm__user_tokens__0' => 'Drupal provisioned account for [property.uid]',
|
1329
|
'2__sm__convert__0' => FALSE,
|
1330
|
'2__sm__ldap_attr__0' => '[description]',
|
1331
|
'2__sm__4__3' => TRUE,
|
1332
|
'2__sm__4__3' => TRUE,
|
1333
|
|
1334
|
'2__sm__user_attr__1' => '[property.uid]',
|
1335
|
'2__sm__user_tokens__1' => '',
|
1336
|
'2__sm__convert__1' => TRUE,
|
1337
|
'2__sm__ldap_attr__1' => '[guid]',
|
1338
|
'2__sm__4__1' => TRUE,
|
1339
|
'2__sm__4__1' => TRUE,
|
1340
|
|
1341
|
'2__sm__user_attr__2' => 'user_tokens',
|
1342
|
'2__sm__user_tokens__2' => 'cn=[property.name]ou=people,dc=hogwarts,dc=edu',
|
1343
|
'2__sm__convert__2' => FALSE,
|
1344
|
'2__sm__ldap_attr__2' => '[dn]',
|
1345
|
'2__sm__4__2' => TRUE,
|
1346
|
'2__sm__4__2' => TRUE,
|
1347
|
];
|
1348
|
|
1349
|
$this->drupalPost('admin/config/people/ldap/user', $edit, t('Save'));
|
1350
|
|
1351
|
$ldap_user_conf = ldap_user_conf(NULL, TRUE);
|
1352
|
|
1353
|
foreach ($edit_direct_map as $property => $value) {
|
1354
|
$this->assertTrue($ldap_user_conf->{$property} == $value, $property . ' ' . t('field set correctly'), $this->testId('user interface tests'));
|
1355
|
}
|
1356
|
|
1357
|
$this->assertTrue(
|
1358
|
isset($ldap_user_conf->drupalAcctProvisionTriggers[LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE]) &&
|
1359
|
isset($ldap_user_conf->drupalAcctProvisionTriggers[LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE]),
|
1360
|
t('drupal provision triggers set correctly'), $this->testId('user interface tests'));
|
1361
|
|
1362
|
$this->assertTrue(
|
1363
|
isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE]) &&
|
1364
|
isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE]) &&
|
1365
|
isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE]),
|
1366
|
t('ldap provision triggers set correctly'), $this->testId('user interface tests'));
|
1367
|
|
1368
|
$field_token = '[field.field_lname]';
|
1369
|
$field_lname_set_correctly = (
|
1370
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['enabled'] == TRUE &&
|
1371
|
|
1372
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['ldap_attr'] == '[sn]');
|
1373
|
|
1374
|
$this->assertTrue($field_lname_set_correctly, t('Synch mapping for field.field_lname field set correctly'), $this->testId('user interface tests'));
|
1375
|
if (!$field_lname_set_correctly) {
|
1376
|
debug('ldap_user_conf->synchMapping[direction][field.field_lname]'); debug($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['field.field_lname']);
|
1377
|
}
|
1378
|
|
1379
|
$field_token = '[field.field_fname]';
|
1380
|
$field_fname_set_correctly = ($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['enabled'] == TRUE &&
|
1381
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['direction'] == 1 &&
|
1382
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['ldap_attr'] == '[givenname]');
|
1383
|
|
1384
|
$this->assertTrue($field_fname_set_correctly, t('Synch mapping for field.field_lname field set correctly'), $this->testId('user interface tests'));
|
1385
|
if (!$field_fname_set_correctly) {
|
1386
|
debug('ldap_user_conf->synchMapping[direction][field.field_lname]'); debug($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['field.field_lname']);
|
1387
|
}
|
1388
|
|
1389
|
}
|
1390
|
|
1391
|
}
|