Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/tests/Og2Tests.test | ||
---|---|---|
1 | 1 |
<?php |
2 | 2 |
|
3 | 3 |
/** |
4 |
* @file simpletest for Ldap Authorization OG Module, for og 7.x-2.x
|
|
4 |
* @file Simpletest for Ldap Authorization OG Module, for og 7.x-2.x.
|
|
5 | 5 |
* |
6 | 6 |
* Manual testing to accompany simpletests: |
7 | 7 |
* - logon with og authorization disabled and make sure nothing happens |
8 | 8 |
* - logon with og authorization enabled and make sure admin and member group memberships granted |
9 | 9 |
* - change mappings so no roles granted |
10 |
* - logon and make sure memberships revoked |
|
10 |
* - logon and make sure memberships revoked.
|
|
11 | 11 |
*/ |
12 | 12 |
|
13 | 13 |
drupal_load('module', 'ldap_test'); |
14 | 14 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class'); |
15 |
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php'); |
|
16 |
|
|
15 |
require_once drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php'; |
|
16 |
/** |
|
17 |
* |
|
18 |
*/ |
|
17 | 19 |
class LdapAuthorizationOg2Tests extends LdapTestCase { |
18 | 20 |
|
19 | 21 |
public $groupEntityType = 'node'; |
... | ... | |
28 | 30 |
public $customOgRoles = array( |
29 | 31 |
'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'), |
30 | 32 |
'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'), |
31 |
);
|
|
33 |
); |
|
32 | 34 |
|
35 |
/** |
|
36 |
* |
|
37 |
*/ |
|
33 | 38 |
public static function getInfo() { |
34 | 39 |
return array( |
35 | 40 |
'group' => 'LDAP Authorization', |
... | ... | |
38 | 43 |
); |
39 | 44 |
} |
40 | 45 |
|
41 |
function __construct($test_id = NULL) { |
|
46 |
/** |
|
47 |
* |
|
48 |
*/ |
|
49 |
public function __construct($test_id = NULL) { |
|
42 | 50 |
parent::__construct($test_id); |
43 | 51 |
} |
44 | 52 |
|
45 |
function setUp($addl_modules = array()) { |
|
53 |
/** |
|
54 |
* |
|
55 |
*/ |
|
56 |
public function setUp($addl_modules = array()) { |
|
46 | 57 |
parent::setUp(array('ldap_authentication', 'ldap_authorization', 'ldap_authorization_og')); |
47 | 58 |
variable_set('ldap_simpletest', 2); |
48 | 59 |
|
49 |
if (ldap_authorization_og_og_version() != 2) { |
|
50 |
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x'); |
|
51 |
return; |
|
52 |
} |
|
53 |
|
|
54 | 60 |
$this->user1 = $this->drupalCreateUser(); |
55 | 61 |
$this->groups = array(); |
56 | 62 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1')); |
57 | 63 |
|
58 |
|
|
59 |
|
|
60 | 64 |
// Create group and group content node types. |
61 | 65 |
$this->groupBundle = $this->drupalCreateContentType(array( |
62 | 66 |
'type' => 'group', |
63 | 67 |
'name' => 'OG Group', |
64 |
))->type;
|
|
68 |
))->type; |
|
65 | 69 |
|
66 | 70 |
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle); |
67 |
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle); |
|
68 |
|
|
69 |
// create og group for each group in group csv |
|
71 |
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle); |
|
70 | 72 |
|
73 |
// Create og group for each group in group csv. |
|
71 | 74 |
$this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1'); |
72 | 75 |
$this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME); |
73 | 76 |
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) { |
... | ... | |
83 | 86 |
|
84 | 87 |
} |
85 | 88 |
|
89 |
/** |
|
90 |
* |
|
91 |
*/ |
|
86 | 92 |
public function createCustomRoles() { |
87 | 93 |
|
88 | 94 |
foreach ($this->customOgRoles as $og_role_name => $og_role) { |
89 |
$role = new stdClass; |
|
95 |
$role = new stdClass();
|
|
90 | 96 |
$role->gid = 0; |
91 | 97 |
$role->group_type = $og_role['entity_type']; |
92 | 98 |
$role->group_bundle = $og_role['bundle_type']; |
... | ... | |
97 | 103 |
} |
98 | 104 |
|
99 | 105 |
/** |
100 |
* get test data in convenient format, so tests are easier to read and write
|
|
106 |
* Get test data in convenient format, so tests are easier to read and write.
|
|
101 | 107 |
*/ |
102 | 108 |
public function getTestData($debug = FALSE) { |
103 | 109 |
$group_nodes = array(); |
... | ... | |
107 | 113 |
$roles_by_name = array(); |
108 | 114 |
$consumer_ids = array(); |
109 | 115 |
foreach (array('gryffindor', 'students', 'faculty', 'users', 'hufflepuff', 'slytherin') as $i => $group_name) { |
110 |
list($group_nodes[$group_name], $group_entity_ids[$group_name]) = ldap_authorization_og2_get_group_from_name($this->groupEntityType, $group_name);
|
|
116 |
list($group_nodes[$group_name], $group_entity_ids[$group_name]) = ldap_authorization_og2_get_group_from_name($this->groupEntityType, $group_name); |
|
111 | 117 |
$nid = $group_nodes[$group_name]->nid; |
112 | 118 |
$group_nids[$group_name] = $nid; |
113 | 119 |
$roles[$group_name] = og_roles($this->groupEntityType, $this->groupBundle, $nid, FALSE, TRUE); |
114 |
$roles_by_name[$group_name] = array_flip( $roles[$group_name] );
|
|
120 |
$roles_by_name[$group_name] = array_flip($roles[$group_name]);
|
|
115 | 121 |
foreach ($roles[$group_name] as $rid => $role_name) { |
116 | 122 |
$consumer_ids[$group_name][$role_name] = ldap_authorization_og_authorization_id($nid, $rid, 'node'); |
117 | 123 |
$consumer_ids[$group_name][$rid] = ldap_authorization_og_authorization_id($nid, $rid, 'node'); |
... | ... | |
124 | 130 |
} |
125 | 131 |
|
126 | 132 |
/** |
127 |
* just make sure install succeeds and
|
|
133 |
* Just make sure install succeeds and.
|
|
128 | 134 |
*/ |
129 |
function testBasicFunctionsAndApi() { |
|
135 |
public function testBasicFunctionsAndApi() {
|
|
130 | 136 |
// TODO: Fix failing tests, excluding to make branch pass. |
131 | 137 |
return; |
132 | 138 |
|
133 |
if (ldap_authorization_og_og_version() != 2) { |
|
134 |
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x'); |
|
135 |
return; |
|
136 |
} |
|
137 |
|
|
138 | 139 |
$this->createCustomRoles(); |
139 | 140 |
$all_roles = og_roles($this->groupEntityType, $this->groupBundle, 0, FALSE, TRUE); |
140 | 141 |
|
141 | 142 |
$this->ldapTestId = $this->module_name . ': setup success'; |
142 |
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
143 |
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
143 | 144 |
$setup_success = ( |
144 | 145 |
module_exists('ldap_authentication') && |
145 | 146 |
module_exists('ldap_servers') && |
... | ... | |
162 | 163 |
$this->ldapTestId = $this->module_name . ': og2 functions'; |
163 | 164 |
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this->getTestData(TRUE); |
164 | 165 |
|
165 |
|
|
166 | 166 |
/** |
167 | 167 |
* II.0 basic granting tests to make sure og_role_grant, ldap_authorization_og_rid_from_role_name, |
168 | 168 |
* and ldap_authorization_og2_get_group functions work |
... | ... | |
179 | 179 |
$og_faculty_membership = og_group($this->groupType, $group_nids['faculty'], $values); |
180 | 180 |
|
181 | 181 |
og_role_grant($this->groupType, $group_nids['gryffindor'], $web_user->uid, $roles_by_name['gryffindor'][OG_AUTHENTICATED_ROLE]); |
182 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE]);
|
|
183 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty']['dungeon-master']);
|
|
184 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_AUTHENTICATED_ROLE]);
|
|
182 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE]); |
|
183 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty']['dungeon-master']); |
|
184 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_AUTHENTICATED_ROLE]); |
|
185 | 185 |
|
186 |
$web_user = user_load($web_user->uid, TRUE); // need to reload because of issue with og_group and og_role_grant |
|
186 |
// Need to reload because of issue with og_group and og_role_grant. |
|
187 |
$web_user = user_load($web_user->uid, TRUE); |
|
187 | 188 |
$ids = array($web_user->uid); |
188 | 189 |
$user_entity = entity_load('user', $ids); |
189 | 190 |
|
... | ... | |
206 | 207 |
* II.A. construct ldapauthorization og object and test methods. |
207 | 208 |
* (unit tests for methods and class without any ldap user context). |
208 | 209 |
*/ |
209 |
// |
|
210 |
// .
|
|
210 | 211 |
$this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class'; |
211 | 212 |
$og_auth = new LdapAuthorizationConsumerOG('og_group'); |
212 | 213 |
$this->assertTrue(is_object($og_auth), 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId); |
... | ... | |
216 | 217 |
$this->assertTrue($og_auth->hasAuthorization($web_user, ldap_authorization_og_authorization_id($group_nids['faculty'], $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE], 'node')), |
217 | 218 |
'hasAuthorization() method works for non LDAP provisioned og authorization, faculty admin role', $this->ldapTestId); |
218 | 219 |
|
219 |
|
|
220 | 220 |
$should_haves = array( |
221 | 221 |
$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE] => 'gryffindor member', |
222 |
$consumer_ids['faculty'][OG_AUTHENTICATED_ROLE] => 'faculty member',
|
|
222 |
$consumer_ids['faculty'][OG_AUTHENTICATED_ROLE] => 'faculty member', |
|
223 | 223 |
$consumer_ids['faculty'][OG_ADMINISTRATOR_ROLE] => 'faculty admin', |
224 | 224 |
$consumer_ids['faculty']['dungeon-master'] => 'faculty dungeon master', |
225 | 225 |
); |
... | ... | |
244 | 244 |
"LdapAuthorizationConsumerOG authorizationRevoke() test revoke on member role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
245 | 245 |
|
246 | 246 |
$web_user = user_load($web_user->uid, TRUE); |
247 |
$consumers = array($consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer);
|
|
247 |
$consumers = array($consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer); |
|
248 | 248 |
$og_auth->authorizationRevoke($web_user, $user_data, $consumers, $ldap_entry, TRUE); |
249 | 249 |
$this->assertFalse(ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid), |
250 | 250 |
"LdapAuthorizationConsumerOG authorizationRevoke() test revoke on custom member role role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
... | ... | |
253 | 253 |
$initial_user_authorizations = $og_auth->usersAuthorizations($web_user, TRUE, TRUE); |
254 | 254 |
debug("initial_user_authorizations authorizations:"); debug($initial_user_authorizations); |
255 | 255 |
debug("initial_user data:"); debug($web_user->data); |
256 |
$og_auth->authorizationGrant($web_user, $user_data, array($consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
256 |
$og_auth->authorizationGrant($web_user, $user_data, array($consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer), $ldap_entry, TRUE); |
|
257 | 257 |
$success = ldap_authorization_og2_has_consumer_id($consumer_ids['students'][OG_AUTHENTICATED_ROLE], $web_user->uid); |
258 | 258 |
$this->assertTrue($success, "LdapAuthorizationConsumerOG authorizationGrant() test grant on member role " . $consumer_ids['students'][OG_AUTHENTICATED_ROLE], $this->ldapTestId); |
259 | 259 |
if (!$success) { |
... | ... | |
261 | 261 |
debug("user authorizations:"); debug($og_auth->usersAuthorizations($web_user, TRUE)); |
262 | 262 |
} |
263 | 263 |
$web_user = user_load($web_user->uid, TRUE); |
264 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, array('node:454:44334' => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
264 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, array('node:454:44334' => $og_auth->emptyConsumer), $ldap_entry, TRUE); |
|
265 | 265 |
$this->assertFalse($result, |
266 | 266 |
'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId); |
267 | 267 |
|
... | ... | |
290 | 290 |
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['gryffindor'], $web_user->uid, OG_ADMINISTRATOR_ROLE); |
291 | 291 |
$this->assertTrue($test, 'ldap_authorization_og2_has_role() function works', $this->ldapTestId); |
292 | 292 |
|
293 |
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['students'], $web_user->uid, OG_ADMINISTRATOR_ROLE);
|
|
293 |
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['students'], $web_user->uid, OG_ADMINISTRATOR_ROLE); |
|
294 | 294 |
$this->assertTrue($test === FALSE, 'ldap_authorization_og2_has_role() function fails with FALSE', $this->ldapTestId); |
295 | 295 |
|
296 | 296 |
} |
297 | 297 |
|
298 |
|
|
299 | 298 |
/** |
300 |
* authorization configuration flags tests clumped together |
|
301 |
*/ |
|
302 |
|
|
303 |
function testFlags() { |
|
304 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
305 |
return; |
|
299 |
* Authorization configuration flags tests clumped together. |
|
300 |
*/ |
|
301 |
public function testFlags() { |
|
302 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
303 |
return; |
|
306 | 304 |
|
307 |
$sid = 'activedirectory1'; |
|
308 |
$this->prepTestData( |
|
305 |
$sid = 'activedirectory1';
|
|
306 |
$this->prepTestData(
|
|
309 | 307 |
LDAP_TEST_LDAP_NAME, |
310 | 308 |
array($sid), |
311 | 309 |
'provisionToDrupal', |
312 | 310 |
'default', |
313 | 311 |
'og_group2' |
314 |
); |
|
312 |
);
|
|
315 | 313 |
|
316 |
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE); |
|
317 |
/** |
|
314 |
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
|
315 |
/**
|
|
318 | 316 |
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed |
319 | 317 |
*/ |
320 | 318 |
|
321 |
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group2'); |
|
322 |
$this->assertTrue( |
|
323 |
$props_set_correctly, |
|
324 |
'Authorization Configuration set correctly in test setup', |
|
325 |
'LDAP_authorz.Flags.setup.0' |
|
326 |
); |
|
327 |
if (!$props_set_correctly) { |
|
328 |
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display); |
|
329 |
} |
|
330 |
|
|
331 |
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0; |
|
332 |
$this->consumerAdminConf['og_group']->status = 0; |
|
333 |
$this->consumerAdminConf['og_group']->save(); |
|
334 |
|
|
335 |
$user = $this->drupalCreateUser(array()); |
|
336 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user); |
|
319 |
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group2'); |
|
320 |
$this->assertTrue( |
|
321 |
$props_set_correctly, |
|
322 |
'Authorization Configuration set correctly in test setup', |
|
323 |
'LDAP_authorz.Flags.setup.0' |
|
324 |
); |
|
325 |
if (!$props_set_correctly) { |
|
326 |
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display); |
|
327 |
} |
|
337 | 328 |
|
338 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); // just see if the correct ones are derived. |
|
339 |
$groups1 = $new_authorizations['og_group']; |
|
340 |
$this->assertTrue( |
|
341 |
count($new_authorizations['og_group']) == 0, |
|
342 |
'disabled consumer configuration disallows authorizations.', |
|
343 |
'LDAP_authorz.Flags.status.0' |
|
344 |
); |
|
329 |
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0; |
|
330 |
$this->consumerAdminConf['og_group']->status = 0; |
|
331 |
$this->consumerAdminConf['og_group']->save(); |
|
345 | 332 |
|
346 |
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this->getTestData(TRUE); |
|
333 |
$user = $this->drupalCreateUser(array()); |
|
334 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user); |
|
347 | 335 |
|
348 |
$this->consumerAdminConf['og_group']->status = 1; |
|
349 |
$this->consumerAdminConf['og_group']->save(); |
|
350 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'og_group'); // just see if the correct ones are derived. |
|
336 |
// Just see if the correct ones are derived. |
|
337 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); |
|
338 |
$groups1 = $new_authorizations['og_group']; |
|
339 |
$this->assertTrue( |
|
340 |
count($new_authorizations['og_group']) == 0, |
|
341 |
'disabled consumer configuration disallows authorizations.', |
|
342 |
'LDAP_authorz.Flags.status.0' |
|
343 |
); |
|
351 | 344 |
|
352 |
$correct_groups = !empty($new_authorizations['og_group'][$consumer_ids['students'][OG_AUTHENTICATED_ROLE]]) && |
|
353 |
!empty($new_authorizations['og_group'][$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE]]); |
|
354 |
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', 'LDAP_authorz.Flags.status.1'); |
|
355 |
if (!$correct_groups) { |
|
356 |
debug('LDAP_authorz.Flags.enable.1 roles with enabled'); debug($new_authorizations); |
|
357 |
} |
|
345 |
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this->getTestData(TRUE); |
|
358 | 346 |
|
347 |
$this->consumerAdminConf['og_group']->status = 1; |
|
348 |
$this->consumerAdminConf['og_group']->save(); |
|
349 |
// Just see if the correct ones are derived. |
|
350 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'og_group'); |
|
351 |
|
|
352 |
$correct_groups = !empty($new_authorizations['og_group'][$consumer_ids['students'][OG_AUTHENTICATED_ROLE]]) && |
|
353 |
!empty($new_authorizations['og_group'][$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE]]); |
|
354 |
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', 'LDAP_authorz.Flags.status.1'); |
|
355 |
if (!$correct_groups) { |
|
356 |
debug('LDAP_authorz.Flags.enable.1 roles with enabled'); debug($new_authorizations); |
|
357 |
} |
|
359 | 358 |
|
360 |
/** |
|
359 |
/**
|
|
361 | 360 |
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and |
362 | 361 |
* apply authorization query. should return no roles |
363 | 362 |
*/ |
364 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1; |
|
365 |
$this->consumerAdminConf['og_group']->status = 1; |
|
366 |
$this->consumerAdminConf['og_group']->save(); |
|
367 |
|
|
368 |
$user = $this->drupalCreateUser(array()); |
|
369 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user); |
|
370 |
|
|
371 |
// remove old authmap in case it exists so test will work |
|
372 |
db_delete('authmap') |
|
373 |
->condition('uid', $user->uid) |
|
374 |
->condition('module', 'ldap_user') |
|
375 |
->execute(); |
|
376 |
|
|
377 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query'); // just see if the correct ones are derived. |
|
378 |
$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group'] ) == 0); |
|
379 |
$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', 'LDAP_authorz.onlyLdapAuthenticated.1'); |
|
380 |
if (!$success) { |
|
381 |
debug('LDAP_authorz.onlyLdapAuthenticated.1'); |
|
382 |
debug($new_authorizations); |
|
383 |
debug($this->testFunctions->ldapUserIsAuthmapped('hgrainger')); |
|
384 |
debug($notifications); |
|
385 |
} |
|
363 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1; |
|
364 |
$this->consumerAdminConf['og_group']->status = 1; |
|
365 |
$this->consumerAdminConf['og_group']->save(); |
|
386 | 366 |
|
367 |
$user = $this->drupalCreateUser(array()); |
|
368 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user); |
|
387 | 369 |
|
388 |
/** |
|
370 |
// Remove old authmap in case it exists so test will work. |
|
371 |
db_delete('authmap') |
|
372 |
->condition('uid', $user->uid) |
|
373 |
->condition('module', 'ldap_user') |
|
374 |
->execute(); |
|
375 |
|
|
376 |
// Just see if the correct ones are derived. |
|
377 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query'); |
|
378 |
$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0); |
|
379 |
$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', 'LDAP_authorz.onlyLdapAuthenticated.1'); |
|
380 |
if (!$success) { |
|
381 |
debug('LDAP_authorz.onlyLdapAuthenticated.1'); |
|
382 |
debug($new_authorizations); |
|
383 |
debug($this->testFunctions->ldapUserIsAuthmapped('hgrainger')); |
|
384 |
debug($notifications); |
|
385 |
} |
|
386 |
|
|
387 |
/** |
|
389 | 388 |
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled |
390 | 389 |
*/ |
391 | 390 |
|
392 |
$this->consumerAdminConf['og_group']->synchOnLogon = 0; |
|
393 |
$this->consumerAdminConf['og_group']->save(); |
|
394 |
$edit = array( |
|
395 |
'name' => 'hgrainger', |
|
396 |
'pass' => 'goodpwd', |
|
397 |
); |
|
398 |
$this->drupalPost('user', $edit, t('Log in')); |
|
399 |
$this->assertText( |
|
400 |
t('Member for'), |
|
401 |
'New Ldap user with good password authenticated.', |
|
402 |
'LDAP_authorz.Flags.synchOnLogon.0' |
|
403 |
); |
|
404 |
$this->assertTrue( |
|
405 |
$this->testFunctions->ldapUserIsAuthmapped('hgrainger'), |
|
406 |
'Ldap user properly authmapped.', |
|
407 |
'LDAP_authorz.Flags.synchOnLogon.0' |
|
408 |
); |
|
391 |
$this->consumerAdminConf['og_group']->synchOnLogon = 0;
|
|
392 |
$this->consumerAdminConf['og_group']->save();
|
|
393 |
$edit = array(
|
|
394 |
'name' => 'hgrainger',
|
|
395 |
'pass' => 'goodpwd',
|
|
396 |
);
|
|
397 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
398 |
$this->assertText(
|
|
399 |
t('Member for'),
|
|
400 |
'New Ldap user with good password authenticated.',
|
|
401 |
'LDAP_authorz.Flags.synchOnLogon.0'
|
|
402 |
);
|
|
403 |
$this->assertTrue(
|
|
404 |
$this->testFunctions->ldapUserIsAuthmapped('hgrainger'),
|
|
405 |
'Ldap user properly authmapped.',
|
|
406 |
'LDAP_authorz.Flags.synchOnLogon.0'
|
|
407 |
);
|
|
409 | 408 |
|
410 |
$hgrainger = user_load_by_name('hgrainger'); |
|
411 |
$this->drupalGet('user/logout'); |
|
409 |
$hgrainger = user_load_by_name('hgrainger');
|
|
410 |
$this->drupalGet('user/logout');
|
|
412 | 411 |
|
413 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1; |
|
414 |
$this->consumerAdminConf['og_group']->save(); |
|
415 |
$edit = array( |
|
416 |
'name' => 'hgrainger', |
|
417 |
'pass' => 'goodpwd', |
|
418 |
); |
|
419 |
$this->drupalPost('user', $edit, t('Log in')); |
|
420 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', |
|
421 |
'LDAP_authorz.Flags.synchOnLogon=1'); |
|
422 |
$hgrainger = user_load_by_name('hgrainger'); |
|
423 |
$this->drupalGet('user/logout'); |
|
424 |
|
|
425 |
// create a couple roles for next 2 tests
|
|
426 |
$troublemaker = new stdClass(); |
|
427 |
$troublemaker->name = 'troublemaker'; |
|
428 |
user_role_save($troublemaker); |
|
429 |
$troublemaker = user_role_load_by_name('troublemaker'); |
|
430 |
|
|
431 |
$superadmin = new stdClass(); |
|
432 |
$superadmin->name = 'superadmin'; |
|
433 |
user_role_save($superadmin); |
|
434 |
$superadmin = user_role_load_by_name('superadmin'); |
|
435 |
|
|
436 |
/** |
|
412 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
|
|
413 |
$this->consumerAdminConf['og_group']->save();
|
|
414 |
$edit = array(
|
|
415 |
'name' => 'hgrainger',
|
|
416 |
'pass' => 'goodpwd',
|
|
417 |
);
|
|
418 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
419 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.',
|
|
420 |
'LDAP_authorz.Flags.synchOnLogon=1');
|
|
421 |
$hgrainger = user_load_by_name('hgrainger');
|
|
422 |
$this->drupalGet('user/logout');
|
|
423 |
|
|
424 |
// Create a couple roles for next 2 tests.
|
|
425 |
$troublemaker = new stdClass();
|
|
426 |
$troublemaker->name = 'troublemaker';
|
|
427 |
user_role_save($troublemaker);
|
|
428 |
$troublemaker = user_role_load_by_name('troublemaker');
|
|
429 |
|
|
430 |
$superadmin = new stdClass();
|
|
431 |
$superadmin->name = 'superadmin';
|
|
432 |
user_role_save($superadmin);
|
|
433 |
$superadmin = user_role_load_by_name('superadmin');
|
|
434 |
|
|
435 |
/**
|
|
437 | 436 |
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for |
438 | 437 |
* removing manually granted roles |
439 | 438 |
* |
... | ... | |
445 | 444 |
* |
446 | 445 |
*/ |
447 | 446 |
|
448 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0; |
|
449 |
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1; |
|
450 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
|
451 |
$this->consumerAdminConf['og_group']->save(); |
|
452 |
// set correct roles manually |
|
453 |
$hpotter = user_load_by_name('hpotter'); |
|
454 |
user_delete($hpotter->uid); |
|
455 |
$user = $this->drupalCreateUser(array()); |
|
456 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user); |
|
457 |
$edit = array( |
|
458 |
'name' => 'hpotter', |
|
459 |
'pass' => 'goodpwd', |
|
460 |
); |
|
461 |
$this->drupalPost('user', $edit, t('Log in')); |
|
462 |
$this->assertText( |
|
463 |
t('Member for'), |
|
464 |
'New Ldap user with good password authenticated.', |
|
465 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
466 |
); |
|
467 |
$hpotter = user_load_by_name('hpotter'); |
|
468 |
|
|
469 |
// add an underserved, ldap granted drupal role superadmin |
|
470 |
// and an undeserved, non ldap granted role troublemaker |
|
471 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
472 |
$roles = $hpotter->roles; |
|
473 |
$roles[$troublemaker->rid] = $troublemaker->name; |
|
474 |
$roles[$superadmin->rid] = $superadmin->name; |
|
475 |
|
|
476 |
$data = array( |
|
477 |
'roles' => $roles, |
|
478 |
'data' => array('ldap_authorizations' => |
|
447 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0; |
|
448 |
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1; |
|
449 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
|
450 |
$this->consumerAdminConf['og_group']->save(); |
|
451 |
// Set correct roles manually. |
|
452 |
$hpotter = user_load_by_name('hpotter'); |
|
453 |
user_delete($hpotter->uid); |
|
454 |
$user = $this->drupalCreateUser(array()); |
|
455 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user); |
|
456 |
$edit = array( |
|
457 |
'name' => 'hpotter', |
|
458 |
'pass' => 'goodpwd', |
|
459 |
); |
|
460 |
$this->drupalPost('user', $edit, t('Log in')); |
|
461 |
$this->assertText( |
|
462 |
t('Member for'), |
|
463 |
'New Ldap user with good password authenticated.', |
|
464 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
465 |
); |
|
466 |
$hpotter = user_load_by_name('hpotter'); |
|
467 |
|
|
468 |
// Add an underserved, ldap granted drupal role superadmin |
|
469 |
// and an undeserved, non ldap granted role troublemaker. |
|
470 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
471 |
$roles = $hpotter->roles; |
|
472 |
$roles[$troublemaker->rid] = $troublemaker->name; |
|
473 |
$roles[$superadmin->rid] = $superadmin->name; |
|
474 |
|
|
475 |
$data = array( |
|
476 |
'roles' => $roles, |
|
477 |
'data' => array( |
|
478 |
'ldap_authorizations' => |
|
479 | 479 |
array( |
480 | 480 |
'og_group' => |
481 | 481 |
array( |
... | ... | |
483 | 483 |
array('date_granted' => 1304216778), |
484 | 484 |
), |
485 | 485 |
), |
486 |
), |
|
487 |
); |
|
488 |
$hpotter = user_save($hpotter, $data); |
|
489 |
|
|
490 |
// apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role |
|
491 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
486 |
), |
|
487 |
); |
|
488 |
$hpotter = user_save($hpotter, $data); |
|
492 | 489 |
|
493 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
494 |
$this->assertTrue( |
|
495 |
(!isset($new_authorizations['og_group'][$superadmin->rid])), |
|
496 |
' revoke superadmin ldap granted roles when no longer deserved.', |
|
497 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
498 |
); |
|
490 |
// Apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role. |
|
491 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
499 | 492 |
|
493 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
494 |
$this->assertTrue( |
|
495 |
(!isset($new_authorizations['og_group'][$superadmin->rid])), |
|
496 |
' revoke superadmin ldap granted roles when no longer deserved.', |
|
497 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
498 |
); |
|
500 | 499 |
|
501 |
/** |
|
500 |
/**
|
|
502 | 501 |
* LDAP_authorz.Flags.regrantLdapProvisioned |
503 | 502 |
* $this->regrantLdapProvisioned == 1 : |
504 | 503 |
* Re grant !consumer_namePlural previously granted |
... | ... | |
508 | 507 |
* - logon |
509 | 508 |
* - check if regranted |
510 | 509 |
*/ |
511 |
$this->drupalGet('user/logout'); |
|
512 |
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1; |
|
513 |
$this->consumerAdminConf['og_group']->save(); |
|
514 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
515 |
$roles = $hpotter->roles; |
|
516 |
unset($roles[$superadmin->rid]); |
|
517 |
user_save($hpotter, array('roles' => $roles)); |
|
518 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
519 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
520 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
521 |
$success = !in_array('administrator', array_values($hpotter->roles)); |
|
522 |
|
|
523 |
$this->assertTrue( |
|
524 |
$success, |
|
525 |
'regrant Ldap Provisioned roles that were manually revoked', |
|
526 |
'LDAP_authorz.Flags.regrantLdapProvisioned=1' |
|
527 |
); |
|
528 |
if (!$success) { |
|
529 |
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1'); |
|
530 |
debug('hpotter roles'); debug($hpotter->roles); |
|
531 |
debug('new_authorizations'); debug($new_authorizations); |
|
532 |
} |
|
510 |
$this->drupalGet('user/logout'); |
|
511 |
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1; |
|
512 |
$this->consumerAdminConf['og_group']->save(); |
|
513 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
514 |
$roles = $hpotter->roles; |
|
515 |
unset($roles[$superadmin->rid]); |
|
516 |
user_save($hpotter, array('roles' => $roles)); |
|
517 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
518 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
519 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
520 |
$success = !in_array('administrator', array_values($hpotter->roles)); |
|
533 | 521 |
|
534 |
/** |
|
522 |
$this->assertTrue( |
|
523 |
$success, |
|
524 |
'regrant Ldap Provisioned roles that were manually revoked', |
|
525 |
'LDAP_authorz.Flags.regrantLdapProvisioned=1' |
|
526 |
); |
|
527 |
if (!$success) { |
|
528 |
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1'); |
|
529 |
debug('hpotter roles'); debug($hpotter->roles); |
|
530 |
debug('new_authorizations'); debug($new_authorizations); |
|
531 |
} |
|
532 |
|
|
533 |
/** |
|
535 | 534 |
* LDAP_authorz.Flags.createConsumers=1 |
536 | 535 |
*/ |
537 | 536 |
|
538 |
if (!empty($og_group_consumer['allowConsumerObjectCreation']) && $og_group_consumer['allowConsumerObjectCreation']) { |
|
539 |
//@todo. this needs to be finished when creation of og groups is added to ldap authorization og functionality
|
|
540 |
|
|
541 |
//add new mapping to and enable create consumers
|
|
542 |
$this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default', 'drupal_role_default'); |
|
543 |
$this->drupalGet('user/logout'); |
|
544 |
$new_role = 'oompa-loompas'; |
|
545 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
|
546 |
$this->consumerAdminConf['og_group']->mappings[] = array( |
|
547 |
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu', |
|
548 |
'user_entered' => $new_role, |
|
549 |
'normalized' => 'node:' . $new_role . ':' . OG_AUTHENTICATED_ROLE, |
|
550 |
'simplified' => $new_role, |
|
551 |
'valid' => TRUE, |
|
552 |
'error_message' => '', |
|
537 |
if (!empty($og_group_consumer['allowConsumerObjectCreation']) && $og_group_consumer['allowConsumerObjectCreation']) {
|
|
538 |
// @todo. this needs to be finished when creation of og groups is added to ldap authorization og functionality
|
|
539 |
|
|
540 |
// Add new mapping to and enable create consumers.
|
|
541 |
$this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
|
|
542 |
$this->drupalGet('user/logout');
|
|
543 |
$new_role = 'oompa-loompas';
|
|
544 |
$this->consumerAdminConf['og_group']->createConsumers = 1;
|
|
545 |
$this->consumerAdminConf['og_group']->mappings[] = array(
|
|
546 |
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
|
|
547 |
'user_entered' => $new_role,
|
|
548 |
'normalized' => 'node:' . $new_role . ':' . OG_AUTHENTICATED_ROLE,
|
|
549 |
'simplified' => $new_role,
|
|
550 |
'valid' => TRUE,
|
|
551 |
'error_message' => '',
|
|
553 | 552 |
); |
554 | 553 |
|
555 |
$this->consumerAdminConf['og_group']->save(); |
|
554 |
$this->consumerAdminConf['og_group']->save();
|
|
556 | 555 |
|
557 |
$edit = array( |
|
558 |
'name' => 'hpotter', |
|
559 |
'pass' => 'goodpwd', |
|
560 |
); |
|
561 |
$this->drupalPost('user', $edit, t('Log in')); |
|
562 |
|
|
563 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
|
564 |
$roles_by_name = array_flip(user_roles()); |
|
565 |
$hpotter = user_load_by_name('hpotter'); |
|
566 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
567 |
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]); |
|
568 |
debug('roles'); debug(user_roles()); |
|
569 |
debug('roles by name'); debug($roles_by_name); |
|
570 |
debug('hpotter->roles'); debug($hpotter->roles); |
|
571 |
debug("$new_role_created AND $role_granted"); |
|
556 |
$edit = array( |
|
557 |
'name' => 'hpotter', |
|
558 |
'pass' => 'goodpwd', |
|
559 |
); |
|
560 |
$this->drupalPost('user', $edit, t('Log in')); |
|
561 |
|
|
562 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
|
563 |
$roles_by_name = array_flip(user_roles()); |
|
564 |
$hpotter = user_load_by_name('hpotter'); |
|
565 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
566 |
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]); |
|
567 |
debug('roles'); debug(user_roles()); |
|
568 |
debug('roles by name'); debug($roles_by_name); |
|
569 |
debug('hpotter->roles'); debug($hpotter->roles); |
|
570 |
debug("$new_role_created AND $role_granted"); |
|
571 |
|
|
572 |
$this->assertTrue( |
|
573 |
($new_role_created && $role_granted), |
|
574 |
'create consumers (e.g. roles)', |
|
575 |
'LDAP_authorz.Flags.createConsumers=1' |
|
576 |
); |
|
577 |
} |
|
572 | 578 |
|
573 |
$this->assertTrue( |
|
574 |
($new_role_created && $role_granted), |
|
575 |
'create consumers (e.g. roles)', |
|
576 |
'LDAP_authorz.Flags.createConsumers=1' |
|
577 |
); |
|
578 | 579 |
} |
579 | 580 |
|
580 | 581 |
} |
581 |
|
|
582 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules