Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
| drupal7/sites/all/modules/ldap/ldap_authorization/tests/BasicTests.test | ||
|---|---|---|
| 2 | 2 |
|
| 3 | 3 |
/** |
| 4 | 4 |
* @file |
| 5 |
* ldap_authentication simpletests |
|
| 6 |
* |
|
| 5 |
* Ldap_authentication simpletests. |
|
| 7 | 6 |
*/ |
| 8 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
|
| 9 | 7 |
|
| 8 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
|
| 9 |
/** |
|
| 10 |
* |
|
| 11 |
*/ |
|
| 10 | 12 |
class LdapAuthorizationBasicTests extends LdapTestCase {
|
| 13 |
|
|
| 14 |
/** |
|
| 15 |
* |
|
| 16 |
*/ |
|
| 11 | 17 |
public static function getInfo() {
|
| 12 | 18 |
return array( |
| 13 | 19 |
'name' => 'LDAP Authorization Basic Tests', |
| 14 | 20 |
'description' => 'Test ldap authorization.', |
| 15 |
'group' => 'LDAP Authorization' |
|
| 21 |
'group' => 'LDAP Authorization',
|
|
| 16 | 22 |
); |
| 17 | 23 |
} |
| 18 | 24 |
|
| 19 |
function __construct($test_id = NULL) {
|
|
| 25 |
/** |
|
| 26 |
* |
|
| 27 |
*/ |
|
| 28 |
public function __construct($test_id = NULL) {
|
|
| 20 | 29 |
parent::__construct($test_id); |
| 21 | 30 |
} |
| 22 | 31 |
|
| 23 | 32 |
public $module_name = 'ldap_authorization'; |
| 24 | 33 |
protected $ldap_test_data; |
| 25 | 34 |
|
| 26 |
function setUp() {
|
|
| 35 |
/** |
|
| 36 |
* |
|
| 37 |
*/ |
|
| 38 |
public function setUp() {
|
|
| 27 | 39 |
parent::setUp(array( |
| 28 | 40 |
'ldap_authentication', |
| 29 | 41 |
'ldap_authorization', |
| 30 | 42 |
'ldap_authorization_drupal_role', |
| 31 |
'ldap_test')); // don't need any real servers, configured, just ldap_servers code base |
|
| 43 |
// don't need any real servers, configured, just ldap_servers code base. |
|
| 44 |
'ldap_test', |
|
| 45 |
)); |
|
| 32 | 46 |
variable_set('ldap_simpletest', 2);
|
| 33 | 47 |
} |
| 34 | 48 |
|
| 35 |
function tearDown() {
|
|
| 49 |
/** |
|
| 50 |
* |
|
| 51 |
*/ |
|
| 52 |
public function tearDown() {
|
|
| 36 | 53 |
parent::tearDown(); |
| 37 | 54 |
variable_del('ldap_help_watchdog_detail');
|
| 38 | 55 |
variable_del('ldap_simpletest');
|
| 39 | 56 |
} |
| 40 | 57 |
|
| 41 | 58 |
/** |
| 42 |
* test install, api functions, and simple authorizations granted on logon
|
|
| 59 |
* Test install, api functions, and simple authorizations granted on logon.
|
|
| 43 | 60 |
*/ |
| 44 |
function testSimpleStuff() {
|
|
| 61 |
public function testSimpleStuff() {
|
|
| 45 | 62 |
|
| 46 |
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
| 63 |
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
| 47 | 64 |
$setup_success = ( |
| 48 | 65 |
module_exists('ldap_authentication') &&
|
| 49 | 66 |
module_exists('ldap_servers') &&
|
| ... | ... | |
| 53 | 70 |
); |
| 54 | 71 |
$this->assertTrue($setup_success, ' ldap_authorizations setup successful', 'LDAP Authorization: Test Setup Success'); |
| 55 | 72 |
|
| 56 |
|
|
| 57 | 73 |
$api_functions = array( |
| 58 | 74 |
'ldap_authorization_get_consumer_object' => array(1, 1), |
| 59 | 75 |
'ldap_authorization_get_consumers' => array(3, 0), |
| ... | ... | |
| 65 | 81 |
$this->assertTrue( |
| 66 | 82 |
function_exists($api_function_name) && |
| 67 | 83 |
$param_count[1] == $reflector->getNumberOfRequiredParameters() && |
| 68 |
$param_count[0] == $reflector->getNumberOfParameters() |
|
| 69 |
, ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', 'LDAP Server: API Functions'); |
|
| 84 |
$param_count[0] == $reflector->getNumberOfParameters(), ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', 'LDAP Server: API Functions'); |
|
| 70 | 85 |
} |
| 71 | 86 |
|
| 72 |
// make sure ldap authorization doesn't break cron.
|
|
| 87 |
// Make sure ldap authorization doesn't break cron.
|
|
| 73 | 88 |
$this->assertTrue( |
| 74 | 89 |
drupal_cron_run(), |
| 75 | 90 |
t('Cron can run with ldap authorization enabled.'),
|
| 76 | 91 |
'LDAP Authorization: Cron Test' |
| 77 | 92 |
); |
| 78 | 93 |
|
| 79 |
|
|
| 80 | 94 |
/** |
| 81 | 95 |
* this is geared toward testing logon functionality |
| 82 | 96 |
*/ |
| ... | ... | |
| 122 | 136 |
$this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1; |
| 123 | 137 |
$this->consumerAdminConf['drupal_role']->save(); |
| 124 | 138 |
|
| 125 |
// setup: remove hpotter from honors members |
|
| 139 |
// setup: remove hpotter from honors members.
|
|
| 126 | 140 |
$test_data_pre_test = variable_get('ldap_test_server__' . $sid, NULL);
|
| 127 | 141 |
$test_data = variable_get('ldap_test_server__' . $sid, NULL);
|
| 128 | 142 |
|
| ... | ... | |
| 147 | 161 |
'LDAP Authorization: Test Logon' |
| 148 | 162 |
); |
| 149 | 163 |
|
| 150 |
// return test data to original state
|
|
| 164 |
// Return test data to original state.
|
|
| 151 | 165 |
variable_set('ldap_test_server__' . $sid, $test_data_pre_test);
|
| 152 | 166 |
$this->drupalGet('user/logout');
|
| 153 | 167 |
|
| 154 |
|
|
| 155 | 168 |
/** |
| 156 | 169 |
* test regranting of removed roles (regrantLdapProvisioned = 0) |
| 157 | 170 |
*/ |
| ... | ... | |
| 191 | 204 |
); |
| 192 | 205 |
$this->drupalGet('user/logout');
|
| 193 | 206 |
|
| 194 |
} |
|
| 195 |
|
|
| 196 |
|
|
| 197 |
/** |
|
| 198 |
* authorization configuration flags tests clumped together |
|
| 199 |
*/ |
|
| 207 |
} |
|
| 200 | 208 |
|
| 201 |
function testFlags() {
|
|
| 209 |
/** |
|
| 210 |
* Authorization configuration flags tests clumped together. |
|
| 211 |
*/ |
|
| 212 |
public function testFlags() {
|
|
| 202 | 213 |
|
| 203 |
$sid = 'activedirectory1'; |
|
| 204 |
$this->prepTestData( |
|
| 214 |
$sid = 'activedirectory1';
|
|
| 215 |
$this->prepTestData(
|
|
| 205 | 216 |
LDAP_TEST_LDAP_NAME, |
| 206 | 217 |
array($sid), |
| 207 | 218 |
'provisionToDrupal', |
| 208 | 219 |
'default', |
| 209 | 220 |
'drupal_role_default' |
| 210 |
); |
|
| 221 |
);
|
|
| 211 | 222 |
|
| 212 |
/** |
|
| 223 |
/**
|
|
| 213 | 224 |
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed |
| 214 | 225 |
*/ |
| 215 | 226 |
|
| 216 |
$user = $this->drupalCreateUser(array()); |
|
| 217 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 218 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); // just see if the correct ones are derived. |
|
| 219 |
$roles1 = $new_authorizations['drupal_role']; |
|
| 220 |
|
|
| 221 |
// $consumer_conf_admin = ldap_authorization_get_consumer_admin_object('drupal_role', FALSE);
|
|
| 222 |
$this->consumerAdminConf['drupal_role']->status = 0; |
|
| 223 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 224 |
|
|
| 225 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'drupal_role'); // just see if the correct ones are derived. |
|
| 226 |
$roles2 = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array(); |
|
| 227 |
$correct_roles = (count($roles1) > 0 && count($roles2) == 0); // not worried about which roles here, just that some are granted |
|
| 228 |
|
|
| 229 |
/** @FIXME: Broken test |
|
| 230 |
$this->assertTrue( |
|
| 231 |
$correct_roles, |
|
| 232 |
'disable consumer configuration disallows authorizations.', |
|
| 233 |
'LDAP_authorz.Flags.status.0' |
|
| 234 |
); |
|
| 235 |
*/ |
|
| 236 |
if (!$correct_roles) {
|
|
| 237 |
debug('LDAP_authorz.Flags.enable.0 roles with enabled'); debug($roles1);
|
|
| 238 |
debug('LDAP_authorz.Flags.enable.0 roles with disabled'); debug($roles2);
|
|
| 239 |
} |
|
| 227 |
$user = $this->drupalCreateUser(array()); |
|
| 228 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 229 |
// Just see if the correct ones are derived. |
|
| 230 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); |
|
| 231 |
$roles1 = $new_authorizations['drupal_role']; |
|
| 240 | 232 |
|
| 233 |
// $consumer_conf_admin = ldap_authorization_get_consumer_admin_object('drupal_role', FALSE);.
|
|
| 234 |
$this->consumerAdminConf['drupal_role']->status = 0; |
|
| 235 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 241 | 236 |
|
| 242 |
/** |
|
| 237 |
// Just see if the correct ones are derived. |
|
| 238 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'drupal_role'); |
|
| 239 |
$roles2 = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array(); |
|
| 240 |
// Not worried about which roles here, just that some are granted. |
|
| 241 |
$correct_roles = (count($roles1) > 0 && count($roles2) == 0); |
|
| 242 |
|
|
| 243 |
/** @FIXME: Broken test |
|
| 244 |
* $this->assertTrue( |
|
| 245 |
* $correct_roles, |
|
| 246 |
* 'disable consumer configuration disallows authorizations.', |
|
| 247 |
* 'LDAP_authorz.Flags.status.0' |
|
| 248 |
* ); |
|
| 249 |
*/ |
|
| 250 |
if (!$correct_roles) {
|
|
| 251 |
debug('LDAP_authorz.Flags.enable.0 roles with enabled'); debug($roles1);
|
|
| 252 |
debug('LDAP_authorz.Flags.enable.0 roles with disabled'); debug($roles2);
|
|
| 253 |
} |
|
| 254 |
|
|
| 255 |
/** |
|
| 243 | 256 |
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and |
| 244 | 257 |
* apply authorization query. should return no roles |
| 245 | 258 |
*/ |
| 246 |
$this->consumerAdminConf['drupal_role']->onlyApplyToLdapAuthenticated = 1; |
|
| 247 |
$this->consumerAdminConf['drupal_role']->status = 1; |
|
| 248 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 249 |
|
|
| 250 |
$user = $this->drupalCreateUser(array()); |
|
| 251 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user);
|
|
| 252 |
|
|
| 253 |
// remove authmap in case it exists so test will work |
|
| 254 |
db_delete('authmap')
|
|
| 255 |
->condition('uid', $user->uid)
|
|
| 256 |
->condition('module', 'ldap_user')
|
|
| 257 |
->execute(); |
|
| 258 |
|
|
| 259 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query'); // just see if the correct ones are derived. |
|
| 260 |
$roles = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array(); |
|
| 261 |
$success = (count($roles) == 0); |
|
| 262 |
$this->assertTrue( |
|
| 263 |
$success, |
|
| 264 |
' only apply to ldap authenticated grants no roles for non ldap user.', |
|
| 265 |
'LDAP_authorz.onlyLdapAuthenticated.1' |
|
| 266 |
); |
|
| 267 |
if (!$success) {
|
|
| 268 |
debug('LDAP_authorz.onlyLdapAuthenticated.1');
|
|
| 269 |
debug($roles); |
|
| 270 |
debug($this->testFunctions->ldapUserIsAuthmapped('hgrainger'));
|
|
| 271 |
debug($new_authorizations); |
|
| 272 |
debug($notifications); |
|
| 273 |
} |
|
| 259 |
$this->consumerAdminConf['drupal_role']->onlyApplyToLdapAuthenticated = 1; |
|
| 260 |
$this->consumerAdminConf['drupal_role']->status = 1; |
|
| 261 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 274 | 262 |
|
| 263 |
$user = $this->drupalCreateUser(array()); |
|
| 264 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user);
|
|
| 275 | 265 |
|
| 276 |
/** |
|
| 266 |
// Remove authmap in case it exists so test will work. |
|
| 267 |
db_delete('authmap')
|
|
| 268 |
->condition('uid', $user->uid)
|
|
| 269 |
->condition('module', 'ldap_user')
|
|
| 270 |
->execute(); |
|
| 271 |
|
|
| 272 |
// Just see if the correct ones are derived. |
|
| 273 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query'); |
|
| 274 |
$roles = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array(); |
|
| 275 |
$success = (count($roles) == 0); |
|
| 276 |
$this->assertTrue( |
|
| 277 |
$success, |
|
| 278 |
' only apply to ldap authenticated grants no roles for non ldap user.', |
|
| 279 |
'LDAP_authorz.onlyLdapAuthenticated.1' |
|
| 280 |
); |
|
| 281 |
if (!$success) {
|
|
| 282 |
debug('LDAP_authorz.onlyLdapAuthenticated.1');
|
|
| 283 |
debug($roles); |
|
| 284 |
debug($this->testFunctions->ldapUserIsAuthmapped('hgrainger'));
|
|
| 285 |
debug($new_authorizations); |
|
| 286 |
debug($notifications); |
|
| 287 |
} |
|
| 288 |
|
|
| 289 |
/** |
|
| 277 | 290 |
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled |
| 278 | 291 |
*/ |
| 279 | 292 |
|
| 280 |
$this->consumerAdminConf['drupal_role']->synchOnLogon = 0; |
|
| 281 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 282 |
$edit = array( |
|
| 283 |
'name' => 'hgrainger', |
|
| 284 |
'pass' => 'goodpwd', |
|
| 285 |
); |
|
| 286 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 287 |
$this->assertText( |
|
| 288 |
t('Member for'),
|
|
| 289 |
'New Ldap user with good password authenticated.', |
|
| 290 |
'LDAP_authorz.Flags.synchOnLogon.0' |
|
| 291 |
); |
|
| 292 |
$this->assertTrue( |
|
| 293 |
$this->testFunctions->ldapUserIsAuthmapped('hgrainger'),
|
|
| 294 |
'Ldap user properly authmapped.', |
|
| 295 |
'LDAP_authorz.Flags.synchOnLogon.0' |
|
| 296 |
); |
|
| 297 |
|
|
| 298 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 299 |
$this->drupalGet('user/logout');
|
|
| 300 |
|
|
| 301 |
$this->consumerAdminConf['drupal_role']->synchOnLogon = 1; |
|
| 302 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 303 |
$edit = array( |
|
| 304 |
'name' => 'hgrainger', |
|
| 305 |
'pass' => 'goodpwd', |
|
| 306 |
); |
|
| 307 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 308 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.',
|
|
| 309 |
'LDAP_authorz.Flags.synchOnLogon=1'); |
|
| 310 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 311 |
$this->drupalGet('user/logout');
|
|
| 312 |
|
|
| 313 |
// create a couple roles for next 2 tests
|
|
| 314 |
$troublemaker = new stdClass(); |
|
| 315 |
$troublemaker->name = 'troublemaker'; |
|
| 316 |
user_role_save($troublemaker); |
|
| 317 |
$troublemaker = user_role_load_by_name('troublemaker');
|
|
| 318 |
|
|
| 319 |
$superadmin = new stdClass(); |
|
| 320 |
$superadmin->name = 'superadmin'; |
|
| 321 |
user_role_save($superadmin); |
|
| 322 |
$superadmin = user_role_load_by_name('superadmin');
|
|
| 323 |
|
|
| 324 |
/** |
|
| 293 |
$this->consumerAdminConf['drupal_role']->synchOnLogon = 0;
|
|
| 294 |
$this->consumerAdminConf['drupal_role']->save();
|
|
| 295 |
$edit = array(
|
|
| 296 |
'name' => 'hgrainger',
|
|
| 297 |
'pass' => 'goodpwd',
|
|
| 298 |
);
|
|
| 299 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 300 |
$this->assertText(
|
|
| 301 |
t('Member for'),
|
|
| 302 |
'New Ldap user with good password authenticated.',
|
|
| 303 |
'LDAP_authorz.Flags.synchOnLogon.0'
|
|
| 304 |
);
|
|
| 305 |
$this->assertTrue(
|
|
| 306 |
$this->testFunctions->ldapUserIsAuthmapped('hgrainger'),
|
|
| 307 |
'Ldap user properly authmapped.',
|
|
| 308 |
'LDAP_authorz.Flags.synchOnLogon.0'
|
|
| 309 |
);
|
|
| 310 |
|
|
| 311 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 312 |
$this->drupalGet('user/logout');
|
|
| 313 |
|
|
| 314 |
$this->consumerAdminConf['drupal_role']->synchOnLogon = 1;
|
|
| 315 |
$this->consumerAdminConf['drupal_role']->save();
|
|
| 316 |
$edit = array(
|
|
| 317 |
'name' => 'hgrainger',
|
|
| 318 |
'pass' => 'goodpwd',
|
|
| 319 |
);
|
|
| 320 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 321 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.',
|
|
| 322 |
'LDAP_authorz.Flags.synchOnLogon=1');
|
|
| 323 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 324 |
$this->drupalGet('user/logout');
|
|
| 325 |
|
|
| 326 |
// Create a couple roles for next 2 tests.
|
|
| 327 |
$troublemaker = new stdClass();
|
|
| 328 |
$troublemaker->name = 'troublemaker';
|
|
| 329 |
user_role_save($troublemaker);
|
|
| 330 |
$troublemaker = user_role_load_by_name('troublemaker');
|
|
| 331 |
|
|
| 332 |
$superadmin = new stdClass();
|
|
| 333 |
$superadmin->name = 'superadmin';
|
|
| 334 |
user_role_save($superadmin);
|
|
| 335 |
$superadmin = user_role_load_by_name('superadmin');
|
|
| 336 |
|
|
| 337 |
/**
|
|
| 325 | 338 |
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for |
| 326 | 339 |
* removing manually granted roles |
| 327 | 340 |
* |
| ... | ... | |
| 333 | 346 |
* |
| 334 | 347 |
*/ |
| 335 | 348 |
|
| 336 |
$this->consumerAdminConf['drupal_role']->onlyApplyToLdapAuthenticated = 0; |
|
| 337 |
$this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1; |
|
| 338 |
$this->consumerAdminConf['drupal_role']->createConsumers = 1; |
|
| 339 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 340 |
// set correct roles manually |
|
| 341 |
$hpotter = user_load_by_name('hpotter');
|
|
| 342 |
user_delete($hpotter->uid); |
|
| 343 |
$user = $this->drupalCreateUser(array()); |
|
| 344 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 345 |
$edit = array( |
|
| 346 |
'name' => 'hpotter', |
|
| 347 |
'pass' => 'goodpwd', |
|
| 348 |
); |
|
| 349 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 350 |
$this->assertText( |
|
| 351 |
t('Member for'),
|
|
| 352 |
'New Ldap user with good password authenticated.', |
|
| 353 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 354 |
); |
|
| 355 |
$hpotter = user_load_by_name('hpotter');
|
|
| 356 |
|
|
| 357 |
// add an underserved, ldap granted drupal role superadmin |
|
| 358 |
// and an undeserved, non ldap granted role troublemaker |
|
| 359 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 360 |
$roles = $hpotter->roles; |
|
| 361 |
$roles[$troublemaker->rid] = $troublemaker->name; |
|
| 362 |
$roles[$superadmin->rid] = $superadmin->name; |
|
| 363 |
|
|
| 364 |
$data = array( |
|
| 365 |
'roles' => $roles, |
|
| 366 |
'data' => array('ldap_authorizations' =>
|
|
| 349 |
$this->consumerAdminConf['drupal_role']->onlyApplyToLdapAuthenticated = 0; |
|
| 350 |
$this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1; |
|
| 351 |
$this->consumerAdminConf['drupal_role']->createConsumers = 1; |
|
| 352 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 353 |
// Set correct roles manually. |
|
| 354 |
$hpotter = user_load_by_name('hpotter');
|
|
| 355 |
user_delete($hpotter->uid); |
|
| 356 |
$user = $this->drupalCreateUser(array()); |
|
| 357 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 358 |
$edit = array( |
|
| 359 |
'name' => 'hpotter', |
|
| 360 |
'pass' => 'goodpwd', |
|
| 361 |
); |
|
| 362 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 363 |
$this->assertText( |
|
| 364 |
t('Member for'),
|
|
| 365 |
'New Ldap user with good password authenticated.', |
|
| 366 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 367 |
); |
|
| 368 |
$hpotter = user_load_by_name('hpotter');
|
|
| 369 |
|
|
| 370 |
// Add an underserved, ldap granted drupal role superadmin |
|
| 371 |
// and an undeserved, non ldap granted role troublemaker. |
|
| 372 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 373 |
$roles = $hpotter->roles; |
|
| 374 |
$roles[$troublemaker->rid] = $troublemaker->name; |
|
| 375 |
$roles[$superadmin->rid] = $superadmin->name; |
|
| 376 |
|
|
| 377 |
$data = array( |
|
| 378 |
'roles' => $roles, |
|
| 379 |
'data' => array( |
|
| 380 |
'ldap_authorizations' => |
|
| 367 | 381 |
array( |
| 368 | 382 |
'drupal_role' => |
| 369 | 383 |
array( |
| ... | ... | |
| 371 | 385 |
array('date_granted' => 1304216778),
|
| 372 | 386 |
), |
| 373 | 387 |
), |
| 374 |
), |
|
| 375 |
); |
|
| 376 |
$hpotter = user_save($hpotter, $data); |
|
| 377 |
|
|
| 378 |
// apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role |
|
| 379 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'drupal_role', 'logon'); |
|
| 388 |
), |
|
| 389 |
); |
|
| 390 |
$hpotter = user_save($hpotter, $data); |
|
| 380 | 391 |
|
| 381 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 382 |
$this->assertTrue( |
|
| 383 |
(!isset($new_authorizations['drupal_role'][$superadmin->rid])), |
|
| 384 |
' revoke superadmin ldap granted roles when no longer deserved.', |
|
| 385 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 386 |
); |
|
| 392 |
// Apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role. |
|
| 393 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'drupal_role', 'logon'); |
|
| 387 | 394 |
|
| 395 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 396 |
$this->assertTrue( |
|
| 397 |
(!isset($new_authorizations['drupal_role'][$superadmin->rid])), |
|
| 398 |
' revoke superadmin ldap granted roles when no longer deserved.', |
|
| 399 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 400 |
); |
|
| 388 | 401 |
|
| 389 |
/** |
|
| 402 |
/**
|
|
| 390 | 403 |
* LDAP_authorz.Flags.regrantLdapProvisioned |
| 391 | 404 |
* $this->regrantLdapProvisioned == 1 : |
| 392 | 405 |
* Re grant !consumer_namePlural previously granted |
| ... | ... | |
| 396 | 409 |
* - logon |
| 397 | 410 |
* - check if regranted |
| 398 | 411 |
*/ |
| 399 |
$this->drupalGet('user/logout');
|
|
| 400 |
$this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 1; |
|
| 401 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 402 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 403 |
$roles = $hpotter->roles; |
|
| 404 |
unset($roles[$superadmin->rid]); |
|
| 405 |
user_save($hpotter, array('roles' => $roles));
|
|
| 406 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 407 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'drupal_role', 'logon'); |
|
| 408 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 409 |
$success = !in_array('administrator', array_values($hpotter->roles));
|
|
| 410 |
|
|
| 411 |
$this->assertTrue( |
|
| 412 |
$success, |
|
| 413 |
'regrant Ldap Provisioned roles that were manually revoked', |
|
| 414 |
'LDAP_authorz.Flags.regrantLdapProvisioned=1' |
|
| 415 |
); |
|
| 416 |
if (!$success) {
|
|
| 417 |
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1');
|
|
| 418 |
debug('hpotter roles'); debug($hpotter->roles);
|
|
| 419 |
debug('new_authorizations'); debug($new_authorizations);
|
|
| 420 |
} |
|
| 412 |
$this->drupalGet('user/logout');
|
|
| 413 |
$this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 1; |
|
| 414 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 415 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 416 |
$roles = $hpotter->roles; |
|
| 417 |
unset($roles[$superadmin->rid]); |
|
| 418 |
user_save($hpotter, array('roles' => $roles));
|
|
| 419 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 420 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'drupal_role', 'logon'); |
|
| 421 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 422 |
$success = !in_array('administrator', array_values($hpotter->roles));
|
|
| 421 | 423 |
|
| 422 |
/** |
|
| 424 |
$this->assertTrue( |
|
| 425 |
$success, |
|
| 426 |
'regrant Ldap Provisioned roles that were manually revoked', |
|
| 427 |
'LDAP_authorz.Flags.regrantLdapProvisioned=1' |
|
| 428 |
); |
|
| 429 |
if (!$success) {
|
|
| 430 |
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1');
|
|
| 431 |
debug('hpotter roles'); debug($hpotter->roles);
|
|
| 432 |
debug('new_authorizations'); debug($new_authorizations);
|
|
| 433 |
} |
|
| 434 |
|
|
| 435 |
/** |
|
| 423 | 436 |
* LDAP_authorz.Flags.createConsumers=1 |
| 424 | 437 |
*/ |
| 425 | 438 |
|
| 426 |
//add new mapping to and enable create consumers
|
|
| 427 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array($sid), 'provisionToDrupal', 'default', 'drupal_role_default'); |
|
| 428 |
$this->drupalGet('user/logout');
|
|
| 429 |
$new_role = 'oompa-loompas'; |
|
| 430 |
$this->consumerAdminConf['drupal_role']->createConsumers = 1; |
|
| 431 |
$this->consumerAdminConf['drupal_role']->mappings[] = array( |
|
| 439 |
// Add new mapping to and enable create consumers.
|
|
| 440 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
|
|
| 441 |
$this->drupalGet('user/logout');
|
|
| 442 |
$new_role = 'oompa-loompas';
|
|
| 443 |
$this->consumerAdminConf['drupal_role']->createConsumers = 1;
|
|
| 444 |
$this->consumerAdminConf['drupal_role']->mappings[] = array(
|
|
| 432 | 445 |
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu', |
| 433 | 446 |
'user_entered' => $new_role, |
| 434 | 447 |
'normalized' => $new_role, |
| 435 | 448 |
'simplified' => $new_role, |
| 436 | 449 |
'valid' => TRUE, |
| 437 | 450 |
'error_message' => '', |
| 451 |
); |
|
| 452 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 453 |
|
|
| 454 |
$edit = array( |
|
| 455 |
'name' => 'hpotter', |
|
| 456 |
'pass' => 'goodpwd', |
|
| 457 |
); |
|
| 458 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 459 |
|
|
| 460 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
|
| 461 |
$roles_by_name = array_flip(user_roles()); |
|
| 462 |
$hpotter = user_load_by_name('hpotter');
|
|
| 463 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 464 |
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]); |
|
| 465 |
|
|
| 466 |
$this->assertTrue( |
|
| 467 |
($new_role_created && $role_granted), |
|
| 468 |
'create consumers (e.g. roles)', |
|
| 469 |
'LDAP_authorz.Flags.createConsumers=1' |
|
| 438 | 470 |
); |
| 439 |
$this->consumerAdminConf['drupal_role']->save(); |
|
| 440 |
|
|
| 441 |
$edit = array( |
|
| 442 |
'name' => 'hpotter', |
|
| 443 |
'pass' => 'goodpwd', |
|
| 444 |
); |
|
| 445 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 446 |
|
|
| 447 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
|
| 448 |
$roles_by_name = array_flip(user_roles()); |
|
| 449 |
$hpotter = user_load_by_name('hpotter');
|
|
| 450 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 451 |
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]); |
|
| 452 |
|
|
| 453 |
|
|
| 454 |
$this->assertTrue( |
|
| 455 |
($new_role_created && $role_granted), |
|
| 456 |
'create consumers (e.g. roles)', |
|
| 457 |
'LDAP_authorz.Flags.createConsumers=1' |
|
| 458 |
); |
|
| 459 |
|
|
| 460 |
if (!($new_role_created && $role_granted)) {
|
|
| 461 |
debug('roles'); debug(user_roles());
|
|
| 462 |
debug('roles by name'); debug($roles_by_name);
|
|
| 463 |
debug('hpotter->roles'); debug($hpotter->roles);
|
|
| 464 |
debug("new role desired: $new_role");
|
|
| 465 |
debug("$new_role_created AND $role_granted");
|
|
| 466 |
} |
|
| 467 | 471 |
|
| 468 |
} |
|
| 472 |
if (!($new_role_created && $role_granted)) {
|
|
| 473 |
debug('roles'); debug(user_roles());
|
|
| 474 |
debug('roles by name'); debug($roles_by_name);
|
|
| 475 |
debug('hpotter->roles'); debug($hpotter->roles);
|
|
| 476 |
debug("new role desired: $new_role");
|
|
| 477 |
debug("$new_role_created AND $role_granted");
|
|
| 478 |
} |
|
| 479 |
|
|
| 480 |
} |
|
| 469 | 481 |
|
| 482 |
/** |
|
| 483 |
* |
|
| 484 |
*/ |
|
| 470 | 485 |
public function testUIForms() {
|
| 471 | 486 |
// TODO: Fix failing tests, excluding to make branch pass. |
| 472 | 487 |
return; |
| 473 | 488 |
|
| 474 | 489 |
$ldap_simpletest_initial = variable_get('ldap_simpletest', 2);
|
| 475 |
variable_del('ldap_simpletest'); // need to be out of fake server mode to test ui.
|
|
| 490 |
// Need to be out of fake server mode to test ui. |
|
| 491 |
variable_del('ldap_simpletest');
|
|
| 476 | 492 |
|
| 477 | 493 |
$sid = 'activedirectory1'; |
| 478 | 494 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array($sid), 'provisionToDrupal', 'default'); |
| ... | ... | |
| 486 | 502 |
} |
| 487 | 503 |
$ldap_server->save('add');
|
| 488 | 504 |
|
| 489 |
|
|
| 490 | 505 |
$consumer_form_data = array( |
| 491 | 506 |
'sid' => array('activedirectory1', 'activedirectory1'),
|
| 492 | 507 |
'status' => array(TRUE, TRUE), |
| 493 | 508 |
'only_ldap_authenticated' => array(FALSE, TRUE), |
| 494 | 509 |
'use_first_attr_as_groupid' => array(FALSE, TRUE), |
| 495 | 510 |
'mappings' => array("a|b", "a|b"),
|
| 496 |
'use_filter' => array(FALSE, TRUE),
|
|
| 511 |
'use_filter' => array(FALSE, TRUE), |
|
| 497 | 512 |
'synchronization_modes[user_logon]' => array(TRUE, FALSE), |
| 498 | 513 |
'synchronization_actions[revoke_ldap_provisioned]' => array(TRUE, FALSE), |
| 499 | 514 |
'synchronization_actions[regrant_ldap_provisioned]' => array(FALSE, TRUE), |
| 500 | 515 |
'synchronization_actions[create_consumers]' => array(TRUE, FALSE), |
| 501 | 516 |
); |
| 502 | 517 |
|
| 503 |
|
|
| 504 | 518 |
$this->privileged_user = $this->drupalCreateUser(array('administer site configuration'));
|
| 505 | 519 |
$this->drupalLogin($this->privileged_user); |
| 506 | 520 |
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
|
| 507 |
$this->drupalGet('admin/config/people/ldap/servers/edit/activedirectory1'); // this is just for debugging to show the server.
|
|
| 521 |
// This is just for debugging to show the server. |
|
| 522 |
$this->drupalGet('admin/config/people/ldap/servers/edit/activedirectory1');
|
|
| 508 | 523 |
$ldap_server_admin = new LdapServerAdmin($sid); |
| 509 | 524 |
|
| 510 | 525 |
if (!is_array($ldap_server_admin->basedn)) {
|
| ... | ... | |
| 516 | 531 |
|
| 517 | 532 |
foreach (array(0) as $i) {
|
| 518 | 533 |
foreach (array('drupal_role') as $consumer_type) {
|
| 519 |
foreach (array(1) as $ctools_enabled) { // may want to put this back in after ctools requirement is fixed
|
|
| 534 |
// May want to put this back in after ctools requirement is fixed. |
|
| 535 |
foreach (array(1) as $ctools_enabled) {
|
|
| 520 | 536 |
$this->ldapTestId = "testUIForms.$i.$consumer_type.ctools.$ctools_enabled"; |
| 521 | 537 |
if ($ctools_enabled) {
|
| 522 | 538 |
module_enable(array('ctools'));
|
| ... | ... | |
| 538 | 554 |
$this->drupalPost('admin/config/people/ldap/authorization/add/' . $consumer_type, $edit, t('Add'));
|
| 539 | 555 |
$field_to_prop_map = LdapAuthorizationConsumerConf::field_to_properties_map(); |
| 540 | 556 |
$ldap_consumer = ldap_authorization_get_consumer_object($consumer_type); |
| 541 |
$this->assertTrue(is_object($ldap_consumer), 'ldap consumer conf loaded after add-save', $this->ldapTestId . ' Add consumer configuration'); |
|
| 542 |
// assert one ldap server exists in db table |
|
| 543 |
|
|
| 544 |
// assert load of server has correct properties for each input |
|
| 557 |
$this->assertTrue(is_object($ldap_consumer), 'ldap consumer conf loaded after add-save', $this->ldapTestId . ' Add consumer configuration'); |
|
| 558 |
// Assert one ldap server exists in db table |
|
| 559 |
// Assert load of server has correct properties for each input. |
|
| 545 | 560 |
$mismatches = $this->compareFormToProperties($ldap_consumer, $consumer_form_data, $i, $field_to_prop_map, $lcase_transformed); |
| 546 | 561 |
if (count($mismatches)) {
|
| 547 | 562 |
debug('mismatches between ldap server properties and form submitted values');
|
| 548 | 563 |
debug($mismatches); |
| 549 | 564 |
debug($consumer_form_data); |
| 550 | 565 |
} |
| 551 |
$this->assertTrue(count($mismatches) == 0, 'Add form for ldap consumer properties match values submitted.', $this->ldapTestId . ' Add consumer conf'); |
|
| 552 |
|
|
| 566 |
$this->assertTrue(count($mismatches) == 0, 'Add form for ldap consumer properties match values submitted.', $this->ldapTestId . ' Add consumer conf'); |
|
| 553 | 567 |
|
| 554 | 568 |
/** update server conf test **/ |
| 555 | 569 |
|
| ... | ... | |
| 565 | 579 |
unset($edit['sid']); |
| 566 | 580 |
$this->drupalPost('admin/config/people/ldap/authorization/edit/' . $consumer_type, $edit, t('Save'));
|
| 567 | 581 |
$ldap_consumer = ldap_authorization_get_consumer_object($consumer_type); |
| 568 |
$this->assertTrue(is_object($ldap_consumer), 'ldap consumer conf loaded after edit-save', $this->ldapTestId . ' update consumer configuration');
|
|
| 582 |
$this->assertTrue(is_object($ldap_consumer), 'ldap consumer conf loaded after edit-save', $this->ldapTestId . ' update consumer configuration'); |
|
| 569 | 583 |
|
| 570 | 584 |
$mismatches = $this->compareFormToProperties($ldap_consumer, $consumer_form_data, $i, $field_to_prop_map, $lcase_transformed); |
| 571 | 585 |
if (count($mismatches)) {
|
| ... | ... | |
| 573 | 587 |
debug($mismatches); |
| 574 | 588 |
debug($consumer_form_data); |
| 575 | 589 |
} |
| 576 |
$this->assertTrue(count($mismatches) == 0, 'Update form for ldap server properties match values submitted.', $this->ldapTestId . '.Update consumer conf');
|
|
| 590 |
$this->assertTrue(count($mismatches) == 0, 'Update form for ldap server properties match values submitted.', $this->ldapTestId . '.Update consumer conf'); |
|
| 577 | 591 |
|
| 578 | 592 |
/** delete server conf test **/ |
| 579 | 593 |
$this->drupalGet('admin/config/people/ldap/authorization/delete/' . $consumer_type);
|
| 580 | 594 |
$this->drupalPost('admin/config/people/ldap/authorization/delete/' . $consumer_type, array(), t('Delete'));
|
| 581 | 595 |
ctools_include('export');
|
| 582 | 596 |
ctools_export_load_object_reset('ldap_authorization');
|
| 583 |
$consumer_conf = ldap_authorization_get_consumer_conf($consumer_type);//
|
|
| 597 |
$consumer_conf = ldap_authorization_get_consumer_conf($consumer_type); |
|
| 584 | 598 |
$pass = (is_object($consumer_conf) && $consumer_conf->inDatabase === FALSE); |
| 585 |
$this->assertTrue($pass, 'Delete form for consumer conf deleted conf.', $this->ldapTestId . '.Delete consumer conf');
|
|
| 599 |
$this->assertTrue($pass, 'Delete form for consumer conf deleted conf.', $this->ldapTestId . '.Delete consumer conf'); |
|
| 586 | 600 |
if (!$pass) {
|
| 587 | 601 |
debug('ldap consumer after delete. is_object=' . is_object($consumer_conf));
|
| 588 | 602 |
debug('inDatabase?' . is_object($ldap_consumer) ? $consumer_conf->inDatabase : '?');
|
| ... | ... | |
| 593 | 607 |
} |
| 594 | 608 |
} |
| 595 | 609 |
} |
| 596 |
variable_set('ldap_simpletest', $ldap_simpletest_initial); // return to fake server mode
|
|
| 610 |
// Return to fake server mode. |
|
| 611 |
variable_set('ldap_simpletest', $ldap_simpletest_initial);
|
|
| 597 | 612 |
} |
| 598 | 613 |
|
| 599 |
|
|
| 600 |
|
|
| 601 | 614 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules