1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* simpletest for Ldap Authorization OG Module
|
6 |
|
|
*
|
7 |
|
|
*/
|
8 |
|
|
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
9 |
|
|
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
|
10 |
|
|
|
11 |
|
|
class LdapAuthorizationOg1Tests extends LdapTestCase {
|
12 |
|
|
|
13 |
|
|
public $groupEntityType = 'node';
|
14 |
|
|
public $groupBundle = 'group';
|
15 |
|
|
public $groupType = 'node';
|
16 |
|
|
public $group_content_type = NULL;
|
17 |
|
|
public $group_nodes = array();
|
18 |
|
|
public $user1;
|
19 |
|
|
public $consumerType = 'og_group';
|
20 |
|
|
public $module_name = 'ldap_authorization_og';
|
21 |
|
|
protected $ldap_test_data;
|
22 |
|
|
public $customOgRoles = array(
|
23 |
|
|
'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
24 |
|
|
'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
25 |
|
|
);
|
26 |
|
|
|
27 |
|
|
public static function getInfo() {
|
28 |
|
|
return array(
|
29 |
|
|
'group' => 'LDAP Authorization',
|
30 |
|
|
'name' => 'OG 7.x-1.5 Tests.',
|
31 |
|
|
'description' => 'Test ldap authorization og 1.5',
|
32 |
|
|
);
|
33 |
|
|
}
|
34 |
|
|
|
35 |
|
|
function __construct($test_id = NULL) {
|
36 |
|
|
parent::__construct($test_id);
|
37 |
|
|
}
|
38 |
|
|
|
39 |
|
|
//function setUp() {
|
40 |
|
|
// parent::setUp(array(
|
41 |
|
|
// 'ldap_authentication',
|
42 |
|
|
// 'ldap_authorization',
|
43 |
|
|
// 'ldap_authorization_drupal_role',
|
44 |
|
|
// 'ldap_test')); // don't need any real servers, configured, just ldap_servers code base
|
45 |
|
|
// variable_set('ldap_simpletest', 2);
|
46 |
|
|
//}
|
47 |
|
|
|
48 |
|
|
function setUp($addl_modules = array()) {
|
49 |
|
|
parent::setUp(array('entity', 'ctools', 'og', 'ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role', 'ldap_authorization_og', 'ldap_test', 'og_ui'));
|
50 |
|
|
variable_set('ldap_simpletest', 2);
|
51 |
|
|
|
52 |
|
|
if (ldap_authorization_og_og_version() != 1) {
|
53 |
|
|
debug('LdapAuthorizationOg1Tests must be run with OG 7.x-1.x');
|
54 |
|
|
return;
|
55 |
|
|
}
|
56 |
|
|
|
57 |
|
|
$this->user1 = $this->drupalCreateUser();
|
58 |
|
|
$this->groups = array();
|
59 |
|
|
$this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
|
60 |
|
|
|
61 |
|
|
/**
|
62 |
|
|
* Group: The entity instance that will have members and content associated with it.
|
63 |
|
|
* Group Entity: entity type: node, bundle: group, name: OG Group
|
64 |
|
|
* Group Instances: $this->group_nodes[$label]
|
65 |
|
|
*
|
66 |
|
|
*/
|
67 |
|
|
|
68 |
|
|
|
69 |
|
|
|
70 |
|
|
// Create group and group content node types.
|
71 |
|
|
$this->groupBundle = $this->drupalCreateContentType(array(
|
72 |
|
|
'type' => 'group',
|
73 |
|
|
'name' => 'OG Group',
|
74 |
|
|
))->type;
|
75 |
|
|
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle); // entity type = "node" and group bundle = "group"
|
76 |
|
|
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle);
|
77 |
|
|
|
78 |
|
|
|
79 |
|
|
$this->createCustomRoles();
|
80 |
|
|
// create og group for each group in group csv
|
81 |
|
|
|
82 |
|
|
$this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1');
|
83 |
|
|
$this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME);
|
84 |
|
|
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
|
85 |
|
|
$label = $group['cn'];
|
86 |
|
|
// $group_type_obj = $this->drupalCreateContentType(array('name' => $label, 'type' => $label));
|
87 |
|
|
// og_create_field(OG_GROUP_FIELD, 'node', $group_type_obj->type);
|
88 |
|
|
$settings = array();
|
89 |
|
|
$settings['title'] = $label;
|
90 |
|
|
$settings['type'] = $this->groupBundle;
|
91 |
|
|
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
|
92 |
|
|
$group_node = $this->drupalCreateNode($settings);
|
93 |
|
|
$group = og_get_group('node', $group_node->nid);
|
94 |
|
|
$this->group_nodes[$label] = $group_node;
|
95 |
|
|
}
|
96 |
|
|
|
97 |
|
|
}
|
98 |
|
|
|
99 |
|
|
public function createCustomRoles() {
|
100 |
|
|
foreach ($this->customOgRoles as $og_role_name => $og_role) {
|
101 |
|
|
$role = new stdClass;
|
102 |
|
|
$role->name = $og_role_name;
|
103 |
|
|
$role->gid = 0;
|
104 |
|
|
$status = og_role_save($role);
|
105 |
|
|
}
|
106 |
|
|
$roles = db_query("SELECT rid, name FROM {og_role}", array())->fetchAllKeyed();
|
107 |
|
|
}
|
108 |
|
|
|
109 |
|
|
function deleteAndRecreateUser($cname) {
|
110 |
|
|
if ($user = user_load_by_name($cname)) {
|
111 |
|
|
user_delete($user->uid);
|
112 |
|
|
}
|
113 |
|
|
$user = $this->drupalCreateUser(array());
|
114 |
|
|
$user = $this->testFunctions->drupalLdapUpdateUser(array('name' => $cname, 'mail' => $cname . '@hogwarts.edu'), TRUE, $user);
|
115 |
|
|
return $user;
|
116 |
|
|
}
|
117 |
|
|
|
118 |
|
|
function UIGroupMembershipTest($user, $group_node, $test_id = NULL, $assert_true = TRUE) {
|
119 |
|
|
$this->drupalGet('user/' . $user->uid);
|
120 |
|
|
if ($assert_true) {
|
121 |
|
|
$this->assertText($group_node->title, 'User view UI shows group (' . $group_node->title . ') membership listed', $test_id);
|
122 |
|
|
}
|
123 |
|
|
else {
|
124 |
|
|
$this->assertNoText($group_node->title, 'User view UI does not show group (' . $group_node->title . ') membership listed', $test_id);
|
125 |
|
|
}
|
126 |
|
|
$this->drupalGet('node/' . $group_node->nid);
|
127 |
|
|
if ($assert_true) {
|
128 |
|
|
$this->assertText($user->name, 'Group view UI shows user name (' . $user->name . ') in group membership list', $test_id);
|
129 |
|
|
}
|
130 |
|
|
else {
|
131 |
|
|
$this->assertText('Request group membership', 'Group view UI show Request Group Membership form in group membership list', $test_id);
|
132 |
|
|
}
|
133 |
|
|
}
|
134 |
|
|
|
135 |
|
|
function manualOgGroup($user, $gid, $extra_rids = array()) {
|
136 |
|
|
$values = array('entity' => $user, 'entity_type' => 'user');
|
137 |
|
|
$user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][] = array('gid' => $gid);
|
138 |
|
|
og_entity_presave($user, 'user');
|
139 |
|
|
$user = user_save($user);
|
140 |
|
|
foreach ($extra_rids as $rid) {
|
141 |
|
|
og_role_grant($gid, $user->uid, $rid);
|
142 |
|
|
}
|
143 |
|
|
return user_load($user->uid, TRUE);
|
144 |
|
|
}
|
145 |
|
|
|
146 |
|
|
/**
|
147 |
|
|
* just make sure install succeeds and og and ldap_authorization_og functions work as designed
|
148 |
|
|
*/
|
149 |
|
|
function testBasicFunctionsAndApi() {
|
150 |
|
|
$this->ldapTestId = $this->module_name . ': setup success';
|
151 |
|
|
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
152 |
|
|
$setup_success = (
|
153 |
|
|
module_exists('ldap_authentication') &&
|
154 |
|
|
module_exists('ldap_servers') &&
|
155 |
|
|
module_exists('ldap_authorization') &&
|
156 |
|
|
module_exists('ldap_authorization_og') &&
|
157 |
|
|
(variable_get('ldap_simpletest', 2) == 2)
|
158 |
|
|
);
|
159 |
|
|
$this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
|
160 |
|
|
|
161 |
|
|
$this->ldapTestId = $this->module_name . ': cron test';
|
162 |
|
|
$this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
|
163 |
|
|
$this->assertTrue(ldap_authorization_og_authorization_id(2, 3) == "2-3",
|
164 |
|
|
t('ldap_authorization_og_authorization_id() function works.'), $this->ldapTestId);
|
165 |
|
|
$this->assertTrue(ldap_authorization_og_og_version() == 1,
|
166 |
|
|
t('ldap_authorization_og_og_version() is 1'), $this->ldapTestId);
|
167 |
|
|
|
168 |
|
|
/***
|
169 |
|
|
* I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og
|
170 |
|
|
*/
|
171 |
|
|
|
172 |
|
|
$web_user = $this->drupalCreateUser();
|
173 |
|
|
$this->ldapTestId = $this->module_name . ': og functions';
|
174 |
|
|
|
175 |
|
|
|
176 |
|
|
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name');
|
177 |
|
|
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name');
|
178 |
|
|
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name');
|
179 |
|
|
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name');
|
180 |
|
|
// debug('og_gryffindor_node');debug($og_gryffindor_node->nid); debug($og_gryffindor_group->gid);
|
181 |
|
|
// debug('og_students_node');debug($og_students_node->nid); debug($og_students_group->gid);
|
182 |
|
|
// debug('og_faculty_node');debug($og_faculty_node->nid); debug($og_faculty_group->gid);
|
183 |
|
|
// debug('og_users_node');debug($og_users_node->nid); debug($og_users_group->gid);
|
184 |
|
|
|
185 |
|
|
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
|
186 |
|
|
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
|
187 |
|
|
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
|
188 |
|
|
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
189 |
|
|
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
190 |
|
|
$student_member_consumer_id = $og_students_group->gid . '-' . $member_rid;
|
191 |
|
|
|
192 |
|
|
$gid = ldap_authorization_og1_entity_id_to_gid($og_gryffindor_node->nid);
|
193 |
|
|
$this->assertTrue($gid == $og_gryffindor_group->gid, t('ldap_authorization_og1_entity_id_to_gid() functions'), $this->ldapTestId);
|
194 |
|
|
|
195 |
|
|
|
196 |
|
|
// debug("anonymous_rid=$anonymous_rid, member_rid=$member_rid,admin_rid=$admin_rid, dungeon_master_rid=$dungeon_master_rid, time_keeper=$time_keeper");
|
197 |
|
|
|
198 |
|
|
/**
|
199 |
|
|
* @todo api tests: ldap_authorization_og_rid_from_role_name(),
|
200 |
|
|
* and ldap_authorization_og_get_group()
|
201 |
|
|
*/
|
202 |
|
|
|
203 |
|
|
$ids = array($web_user->uid);
|
204 |
|
|
// debug($ids);
|
205 |
|
|
$user_entities = entity_load('user', $ids, array(), TRUE);
|
206 |
|
|
$user_entity = $user_entities[$web_user->uid];
|
207 |
|
|
|
208 |
|
|
///***
|
209 |
|
|
// * II. construct ldapauthorization og object and test methods (ignoring if ldap created or not...
|
210 |
|
|
// * unit tests for methods and class without any ldap context.)
|
211 |
|
|
// */
|
212 |
|
|
|
213 |
|
|
$this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class';
|
214 |
|
|
|
215 |
|
|
$og_auth = new LdapAuthorizationConsumerOG('og_group');
|
216 |
|
|
$this->assertTrue(is_object($og_auth),
|
217 |
|
|
'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
|
218 |
|
|
|
219 |
|
|
|
220 |
|
|
/**
|
221 |
|
|
* test basic functions with admin user logged in
|
222 |
|
|
*/
|
223 |
|
|
|
224 |
|
|
$ldap_entry = NULL;
|
225 |
|
|
$user_data = array();
|
226 |
|
|
$user = user_load($web_user->uid, TRUE);
|
227 |
|
|
|
228 |
|
|
|
229 |
|
|
$this->assertFalse($og_auth->hasAuthorization($user, $student_member_consumer_id),
|
230 |
|
|
'hasAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
|
231 |
|
|
|
232 |
|
|
$user_auth_data = array();
|
233 |
|
|
$consumers = array($student_member_consumer_id => $og_auth->emptyConsumer);
|
234 |
|
|
|
235 |
|
|
$og_auth->authorizationGrant($user, $user_auth_data, $consumers, $ldap_entry, TRUE);
|
236 |
|
|
|
237 |
|
|
$this->assertTrue(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid),
|
238 |
|
|
'authorizationGrant function works', $this->ldapTestId);
|
239 |
|
|
|
240 |
|
|
$this->assertTrue(ldap_authorization_og1_has_role($og_students_group->gid, $user->uid, $member_rid),
|
241 |
|
|
'ldap_authorization_og1_has_role function works', $this->ldapTestId);
|
242 |
|
|
|
243 |
|
|
$this->assertTrue("member" == ldap_authorization_og1_role_name_from_rid($member_rid),
|
244 |
|
|
'ldap_authorization_og1_role_name_from_rid function works', $this->ldapTestId);
|
245 |
|
|
|
246 |
|
|
$this->assertTrue($member_rid == ldap_authorization_og1_role_name_to_role_id("member"),
|
247 |
|
|
'ldap_authorization_og1_role_name_to_role_id function works', $this->ldapTestId);
|
248 |
|
|
|
249 |
|
|
$has_student_membership = ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid);
|
250 |
|
|
$this->assertTrue($has_student_membership, 'ldap_authorization_og1_has_membership function', $this->ldapTestId);
|
251 |
|
|
|
252 |
|
|
|
253 |
|
|
if ($has_student_membership) {
|
254 |
|
|
$og_auth->authorizationRevoke($user, $user_auth_data, $consumers, $ldap_entry, TRUE);
|
255 |
|
|
$this->assertFalse(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid),
|
256 |
|
|
'authorizationRevoke function works', $this->ldapTestId);
|
257 |
|
|
}
|
258 |
|
|
|
259 |
|
|
$parts = $og_auth->og1ConsumerIdParts("3-2");
|
260 |
|
|
$this->assertTrue($parts[0] == 3 && $parts[1] == 2,
|
261 |
|
|
'LdapAuthorizationOgConsumerOG::og1ConsumerIdParts method works', $this->ldapTestId);
|
262 |
|
|
|
263 |
|
|
|
264 |
|
|
$mappings = array(
|
265 |
|
|
array('cn=students,ou=groups,dc=hogwarts,dc=edu', 'group-name=students,role-name=member'),
|
266 |
|
|
array('cn=faculty,ou=groups,dc=hogwarts,dc=edu', 'group-name=faculty,role-name=member'),
|
267 |
|
|
array('cn=gryffindor,ou=groups,dc=hogwarts,dc=edu', 'group-name=gryffindor,role-name=member'),
|
268 |
|
|
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'group-name=users,role-name=dungeon-master'),
|
269 |
|
|
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'gid=2,rid=2'),
|
270 |
|
|
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'gid=2,rid=4'),
|
271 |
|
|
);
|
272 |
|
|
|
273 |
|
|
$normalized_mappings = $og_auth->normalizeMappings($mappings);
|
274 |
|
|
|
275 |
|
|
$correct_mappings = (
|
276 |
|
|
$normalized_mappings[0]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) &&
|
277 |
|
|
$normalized_mappings[1]['normalized'] = ldap_authorization_og_authorization_id($og_faculty_group->gid, $member_rid) &&
|
278 |
|
|
$normalized_mappings[2]['normalized'] = ldap_authorization_og_authorization_id($og_gryffindor_group->gid, $dungeon_master_rid) &&
|
279 |
|
|
$normalized_mappings[3]['normalized'] = ldap_authorization_og_authorization_id($og_users_group->gid, $member_rid) &&
|
280 |
|
|
$normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) &&
|
281 |
|
|
$normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, 4)
|
282 |
|
|
);
|
283 |
|
|
if (!$correct_mappings) {
|
284 |
|
|
debug('normalized_mappings'); debug($normalized_mappings);
|
285 |
|
|
}
|
286 |
|
|
$this->assertTrue($correct_mappings, 'normalizeMappings method works', $this->ldapTestId);
|
287 |
|
|
|
288 |
|
|
}
|
289 |
|
|
|
290 |
|
|
|
291 |
|
|
|
292 |
|
|
/**
|
293 |
|
|
* authorization configuration flags tests clumped together
|
294 |
|
|
*/
|
295 |
|
|
|
296 |
|
|
function testFlags() {
|
297 |
|
|
|
298 |
|
|
$sid = 'activedirectory1';
|
299 |
|
|
|
300 |
|
|
$this->prepTestData(
|
301 |
|
|
LDAP_TEST_LDAP_NAME,
|
302 |
|
|
array($sid),
|
303 |
|
|
'provisionToDrupal',
|
304 |
|
|
'default',
|
305 |
|
|
'og_group15'
|
306 |
|
|
);
|
307 |
|
|
|
308 |
|
|
|
309 |
|
|
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
310 |
|
|
|
311 |
|
|
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name');
|
312 |
|
|
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name');
|
313 |
|
|
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name');
|
314 |
|
|
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name');
|
315 |
|
|
list($og_slytherin_group, $og_slytherin_node) = ldap_authorization_og1_get_group('slytherin', 'group_name');
|
316 |
|
|
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
|
317 |
|
|
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
|
318 |
|
|
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
|
319 |
|
|
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
320 |
|
|
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
321 |
|
|
$students_membership_consumer_id = $og_students_group->gid . '-' . $member_rid;
|
322 |
|
|
$gryffindor_membership_consumer_id = $og_gryffindor_group->gid . '-' . $member_rid;
|
323 |
|
|
|
324 |
|
|
/**
|
325 |
|
|
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed
|
326 |
|
|
*/
|
327 |
|
|
|
328 |
|
|
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
|
329 |
|
|
$this->assertTrue(
|
330 |
|
|
$props_set_correctly,
|
331 |
|
|
'Authorization Configuration set correctly in test setup',
|
332 |
|
|
'LDAP_authorz.Flags.setup.0'
|
333 |
|
|
);
|
334 |
|
|
if (!$props_set_correctly) {
|
335 |
|
|
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
336 |
|
|
}
|
337 |
|
|
|
338 |
|
|
$test_id = 'LDAP_authorz.Flags.status.0';
|
339 |
|
|
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0;
|
340 |
|
|
$this->consumerAdminConf['og_group']->status = 0;
|
341 |
|
|
$this->consumerAdminConf['og_group']->save();
|
342 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
343 |
|
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
344 |
|
|
|
345 |
|
|
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group'); // just see if the correct ones are derived.
|
346 |
|
|
$groups1 = $new_authorizations['og_group'];
|
347 |
|
|
$this->assertTrue(
|
348 |
|
|
count($new_authorizations['og_group']) == 0,
|
349 |
|
|
'disabled consumer configuration disallows authorizations.',
|
350 |
|
|
$test_id
|
351 |
|
|
);
|
352 |
|
|
|
353 |
|
|
|
354 |
|
|
$test_id = 'LDAP_authorz.Flags.status.1';
|
355 |
|
|
$this->consumerAdminConf['og_group']->status = 1;
|
356 |
|
|
$this->consumerAdminConf['og_group']->save();
|
357 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
358 |
|
|
|
359 |
|
|
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group'); // just see if the correct ones are derived.
|
360 |
|
|
$correct_groups = !empty($new_authorizations['og_group'][$students_membership_consumer_id])
|
361 |
|
|
&& !empty($new_authorizations['og_group'][$gryffindor_membership_consumer_id]);
|
362 |
|
|
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', $test_id);
|
363 |
|
|
if (!$correct_groups) {
|
364 |
|
|
debug($test_id . "new_authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:"); debug($new_authorizations['og_group']); debug($notifications);
|
365 |
|
|
}
|
366 |
|
|
|
367 |
|
|
}
|
368 |
|
|
|
369 |
|
|
|
370 |
|
|
|
371 |
|
|
/**
|
372 |
|
|
* authorization configuration flags tests clumped together
|
373 |
|
|
*/
|
374 |
|
|
|
375 |
|
|
function testLogons() {
|
376 |
|
|
|
377 |
|
|
$sid = 'activedirectory1';
|
378 |
|
|
|
379 |
|
|
$this->prepTestData(
|
380 |
|
|
LDAP_TEST_LDAP_NAME,
|
381 |
|
|
array($sid),
|
382 |
|
|
'provisionToDrupal',
|
383 |
|
|
'default',
|
384 |
|
|
'og_group15'
|
385 |
|
|
);
|
386 |
|
|
|
387 |
|
|
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
388 |
|
|
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name'); //1
|
389 |
|
|
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name'); //4
|
390 |
|
|
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name'); // 7
|
391 |
|
|
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name'); //9
|
392 |
|
|
list($og_hufflepuff_group, $og_hufflepuff_node) = ldap_authorization_og1_get_group('hufflepuff', 'group_name');
|
393 |
|
|
list($og_slytherin_group, $og_slytherin_node) = ldap_authorization_og1_get_group('slytherin', 'group_name');
|
394 |
|
|
|
395 |
|
|
|
396 |
|
|
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
|
397 |
|
|
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
|
398 |
|
|
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
|
399 |
|
|
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
400 |
|
|
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
401 |
|
|
$students_membership_consumer_id = $og_students_group->gid . '-' . $member_rid;
|
402 |
|
|
$gryffindor_membership_consumer_id = $og_gryffindor_group->gid . '-' . $member_rid;
|
403 |
|
|
$slytherin_membership_consumer_id = $og_slytherin_group->gid . '-' . $member_rid;
|
404 |
|
|
$hufflepuff_membership_consumer_id = $og_hufflepuff_group->gid . '-' . $member_rid;
|
405 |
|
|
|
406 |
|
|
//debug(
|
407 |
|
|
// "students_membership_consumer_id = $students_membership_consumer_id
|
408 |
|
|
// gryffindor_membership_consumer_id = $gryffindor_membership_consumer_id
|
409 |
|
|
// slytherin_membership_consumer_id = $slytherin_membership_consumer_id
|
410 |
|
|
// hufflepuff_membership_consumer_id = = $hufflepuff_membership_consumer_id "
|
411 |
|
|
//);
|
412 |
|
|
|
413 |
|
|
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
|
414 |
|
|
$this->assertTrue(
|
415 |
|
|
$props_set_correctly,
|
416 |
|
|
'Authorization Configuration set correctly in test setup',
|
417 |
|
|
'LDAP_authorz.Flags.setup.0'
|
418 |
|
|
);
|
419 |
|
|
if (!$props_set_correctly) {
|
420 |
|
|
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
421 |
|
|
}
|
422 |
|
|
|
423 |
|
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
424 |
|
|
|
425 |
|
|
/**
|
426 |
|
|
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled
|
427 |
|
|
*/
|
428 |
|
|
$test_id = 'LDAP_authorz.og.Flags.synchOnLogon.0';
|
429 |
|
|
$this->consumerAdminConf['og_group']->synchOnLogon = 0;
|
430 |
|
|
$this->consumerAdminConf['og_group']->save();
|
431 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
432 |
|
|
|
433 |
|
|
$edit = array(
|
434 |
|
|
'name' => 'hpotter',
|
435 |
|
|
'pass' => 'goodpwd',
|
436 |
|
|
);
|
437 |
|
|
$this->drupalPost('user', $edit, t('Log in'));
|
438 |
|
|
$this->assertText(
|
439 |
|
|
t('Member for'),
|
440 |
|
|
'New Ldap user with good password authenticated.',
|
441 |
|
|
$test_id
|
442 |
|
|
);
|
443 |
|
|
$this->assertTrue(
|
444 |
|
|
$this->testFunctions->ldapUserIsAuthmapped('hpotter'),
|
445 |
|
|
'Ldap user properly authmapped.',
|
446 |
|
|
$test_id
|
447 |
|
|
);
|
448 |
|
|
$hpotter = user_load_by_name('hpotter');
|
449 |
|
|
$hpotter = user_load($hpotter->uid, TRUE);
|
450 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
451 |
|
|
$this->drupalGet('user/logout');
|
452 |
|
|
$success = (count($authorizations) == 0);
|
453 |
|
|
$this->assertTrue($success, 'No authorizations granted when synchOnLogon=0', $test_id);
|
454 |
|
|
if (!$success) {
|
455 |
|
|
debug($test_id . "authorizations:"); debug($authorizations); debug($hpotter->data);
|
456 |
|
|
}
|
457 |
|
|
|
458 |
|
|
$test_id = 'LDAP_authorz.og.Flags.synchOnLogon.1';
|
459 |
|
|
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
|
460 |
|
|
$this->consumerAdminConf['og_group']->save();
|
461 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group'); // flushes object static cache
|
462 |
|
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
463 |
|
|
|
464 |
|
|
$edit = array(
|
465 |
|
|
'name' => 'hpotter',
|
466 |
|
|
'pass' => 'goodpwd',
|
467 |
|
|
);
|
468 |
|
|
$this->drupalPost('user', $edit, t('Log in'));
|
469 |
|
|
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
|
470 |
|
|
$hpotter = user_load_by_name('hpotter');
|
471 |
|
|
$hpotter = user_load($hpotter->uid, TRUE);
|
472 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
473 |
|
|
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
|
474 |
|
|
$success = in_array($students_membership_consumer_id, $authorizations) && in_array($gryffindor_membership_consumer_id, $authorizations);
|
475 |
|
|
$this->drupalGet('user/logout');
|
476 |
|
|
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
|
477 |
|
|
if (!$success) {
|
478 |
|
|
debug($test_id . "authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:");
|
479 |
|
|
debug($authorizations); debug("hpotter->data"); debug($hpotter->data);
|
480 |
|
|
}
|
481 |
|
|
|
482 |
|
|
$user_data = $hpotter->data['ldap_authorizations']['og_group'];
|
483 |
|
|
$success = (isset($user_data[$students_membership_consumer_id]) &&
|
484 |
dd54aff9
|
Assos Assos
|
isset($user_data[$gryffindor_membership_consumer_id]) &&
|
485 |
|
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
486 |
|
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
487 |
|
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
488 |
|
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
489 |
|
|
$user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id);
|
490 |
85ad3d82
|
Assos Assos
|
$this->assertTrue($success, 'Correct User Data Authorization Records', $test_id);
|
491 |
|
|
|
492 |
|
|
|
493 |
|
|
|
494 |
|
|
/** test multiple logon scenario. this deals with a variety of concerns such as caching of
|
495 |
|
|
* user and og data
|
496 |
|
|
*/
|
497 |
|
|
$test_id = 'LDAP_authorz.og.mulitplelogons';
|
498 |
|
|
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
|
499 |
|
|
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
|
500 |
|
|
$this->consumerAdminConf['og_group']->status = 1;
|
501 |
|
|
$this->consumerAdminConf['og_group']->save();
|
502 |
|
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
503 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
504 |
|
|
|
505 |
|
|
$this->drupalGet('user/logout');
|
506 |
|
|
$pre_authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
507 |
|
|
$this->assertTrue(count($pre_authorizations) == 0, 'Setup correct for test ' . $test_id, $test_id);
|
508 |
|
|
|
509 |
|
|
foreach (array(1, 2, 3) as $i) {
|
510 |
|
|
$this->drupalGet('user/logout');
|
511 |
|
|
$edit = array(
|
512 |
|
|
'name' => 'hpotter',
|
513 |
|
|
'pass' => 'goodpwd',
|
514 |
|
|
);
|
515 |
|
|
$this->drupalPost('user', $edit, t('Log in'));
|
516 |
|
|
$this->assertText(t('Member for'), "Repeated logon grant test i=$i", $test_id);
|
517 |
|
|
$hpotter = user_load_by_name('hpotter');
|
518 |
|
|
$hpotter = user_load($hpotter->uid, TRUE);
|
519 |
|
|
|
520 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
521 |
|
|
$success = in_array($students_membership_consumer_id, $authorizations) &&
|
522 |
|
|
in_array($gryffindor_membership_consumer_id, $authorizations);
|
523 |
|
|
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
|
524 |
|
|
if (!$success) {
|
525 |
|
|
debug("$test_id i=$i"); debug($hpotter->data); debug($og_group_consumer->usersAuthorizations($hpotter), TRUE);
|
526 |
|
|
}
|
527 |
|
|
$this->UIGroupMembershipTest($hpotter, $og_gryffindor_node, $test_id);
|
528 |
|
|
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
|
529 |
|
|
// also need to assert user->data['ldap_authorizations']['og_group'] array
|
530 |
|
|
|
531 |
|
|
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
|
532 |
|
|
$user_data = $hpotter->data['ldap_authorizations']['og_group'];
|
533 |
|
|
$success = (isset($user_data[$students_membership_consumer_id]) &&
|
534 |
dd54aff9
|
Assos Assos
|
isset($user_data[$gryffindor_membership_consumer_id]) &&
|
535 |
|
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
536 |
|
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
537 |
|
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
538 |
|
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
539 |
|
|
$user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id);
|
540 |
85ad3d82
|
Assos Assos
|
$this->assertTrue($success, 'Correct User Data Authorization Records', $test_id);
|
541 |
|
|
$this->drupalGet('user/logout');
|
542 |
|
|
}
|
543 |
|
|
|
544 |
|
|
/**
|
545 |
|
|
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for
|
546 |
|
|
* removing manually granted roles
|
547 |
|
|
*
|
548 |
|
|
* $this->revokeLdapProvisioned == 1 : Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.
|
549 |
|
|
*
|
550 |
|
|
* grant groups via ldap and some not manually,
|
551 |
|
|
* then logon again and make sure the ldap provided roles are revoked and the drupal ones are not revoked
|
552 |
|
|
*
|
553 |
|
|
*/
|
554 |
|
|
$test_id = 'LDAP_authorz.og.Flags.revokeLdapProvisioned.1';
|
555 |
|
|
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
|
556 |
|
|
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
|
557 |
|
|
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
|
558 |
|
|
$this->consumerAdminConf['og_group']->save();
|
559 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
560 |
|
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
561 |
|
|
$edit = array(
|
562 |
|
|
'name' => 'hpotter',
|
563 |
|
|
'pass' => 'goodpwd',
|
564 |
|
|
);
|
565 |
|
|
|
566 |
|
|
// group to 2 "undeserved" groups, but only ldap associate 1
|
567 |
|
|
$hpotter = $this->manualOgGroup($hpotter, $og_slytherin_group->gid);
|
568 |
|
|
$hpotter = $this->manualOgGroup($hpotter, $og_hufflepuff_group->gid);
|
569 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
570 |
|
|
$this->assertTrue(
|
571 |
|
|
in_array($slytherin_membership_consumer_id, $authorizations) &&
|
572 |
|
|
in_array($hufflepuff_membership_consumer_id, $authorizations)
|
573 |
|
|
, "prep for $test_id", $test_id);
|
574 |
|
|
|
575 |
|
|
|
576 |
|
|
// debug(); debug("4.1 hpotter->data"); debug($hpotter->data);
|
577 |
|
|
// $undeserved_consumer_id = $og_slytherin_group->gid . '-' . $member_rid;
|
578 |
|
|
$user_edit['data'] = $hpotter->data;
|
579 |
|
|
$user_edit['data']['ldap_authorizations']['og_group'][$slytherin_membership_consumer_id] =
|
580 |
|
|
array(
|
581 |
|
|
array('date_granted' => 1304216778),
|
582 |
|
|
array('consumer_id_mixed_case' => $slytherin_membership_consumer_id),
|
583 |
|
|
);
|
584 |
|
|
$hpotter = user_save($hpotter, $user_edit);
|
585 |
|
|
|
586 |
|
|
$this->drupalPost('user', $edit, t('Log in'));
|
587 |
|
|
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
|
588 |
|
|
$hpotter = user_load_by_name('hpotter');
|
589 |
|
|
$hpotter = user_load($hpotter->uid, TRUE);
|
590 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
591 |
|
|
$this->UIGroupMembershipTest($hpotter, $og_hufflepuff_node, $test_id);
|
592 |
|
|
$this->UIGroupMembershipTest($hpotter, $og_slytherin_node, $test_id, FALSE);
|
593 |
|
|
$this->assertTrue(
|
594 |
|
|
!in_array($slytherin_membership_consumer_id, $authorizations) &&
|
595 |
|
|
in_array($hufflepuff_membership_consumer_id, $authorizations)
|
596 |
|
|
, "Ldap granted og revoked when not deserved in ldap, manual og membership retained.", $test_id);
|
597 |
|
|
|
598 |
|
|
// assert that slytherin membership removed, but hufflepuff kept
|
599 |
|
|
//debug($authorizations);
|
600 |
|
|
//debug("4. hpotter->data"); debug($hpotter->data);
|
601 |
|
|
|
602 |
|
|
/**
|
603 |
|
|
* LDAP_authorz.Flags.regrantLdapProvisioned
|
604 |
|
|
* $this->regrantLdapProvisioned == 1 :
|
605 |
|
|
* Re grant !consumer_namePlural previously granted
|
606 |
|
|
* by LDAP Authorization but removed manually.
|
607 |
|
|
*
|
608 |
|
|
* - manually remove ldap granted og membership
|
609 |
|
|
* - logon
|
610 |
|
|
* - check if regranted
|
611 |
|
|
*/
|
612 |
|
|
$test_id = 'LDAP_authorz.Flags.regrantLdapProvisioned=1';
|
613 |
|
|
$this->drupalGet('user/logout');
|
614 |
|
|
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
|
615 |
|
|
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
|
616 |
|
|
$this->consumerAdminConf['og_group']->save();
|
617 |
|
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
618 |
|
|
$hpotter = user_load($hpotter->uid, TRUE); // do not recreate hpotter user because using date from last test
|
619 |
|
|
|
620 |
|
|
// ungroup hpotter from students
|
621 |
|
|
$hpotter = og_ungroup($og_students_group->gid, 'user', $hpotter, TRUE);
|
622 |
|
|
// confirm doesn't have authorization
|
623 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
624 |
|
|
$this->assertTrue(!in_array($students_membership_consumer_id, $authorizations), 'hpotter student membership removed before testing regrant', $test_id);
|
625 |
|
|
/**
|
626 |
|
|
* logon
|
627 |
|
|
*/
|
628 |
|
|
$this->drupalPost('user', $edit, t('Log in'));
|
629 |
|
|
|
630 |
|
|
// assert students membership regranted
|
631 |
|
|
$hpotter = user_load($hpotter->uid, TRUE);
|
632 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
633 |
|
|
module_load_include('php', 'og', 'module');
|
634 |
|
|
og_invalidate_cache();
|
635 |
|
|
$caches = array(
|
636 |
|
|
'og_get_entity_groups',
|
637 |
|
|
'og_get_membership',
|
638 |
|
|
'og_get_field_og_membership_properties',
|
639 |
|
|
);
|
640 |
|
|
|
641 |
|
|
foreach ($caches as $cache) {
|
642 |
|
|
drupal_static_reset($cache);
|
643 |
|
|
}
|
644 |
|
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
645 |
|
|
$success = in_array($students_membership_consumer_id, $authorizations);
|
646 |
|
|
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
|
647 |
|
|
$this->assertTrue($success, "regrant Ldap Provisioned og groups ($students_membership_consumer_id) that were manually revoked", $test_id);
|
648 |
|
|
if (!$success) {
|
649 |
|
|
debug($test_id);
|
650 |
|
|
debug("students_membership_consumer_id=$students_membership_consumer_id");
|
651 |
|
|
debug('hpotter->data'); debug($hpotter->data);
|
652 |
|
|
debug('current authorizations'); debug($authorizations);
|
653 |
|
|
}
|
654 |
|
|
//debug("5. hpotter->data"); debug($hpotter->data);
|
655 |
|
|
|
656 |
|
|
|
657 |
|
|
/**
|
658 |
|
|
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and
|
659 |
|
|
* apply authorization query. should return no og groups
|
660 |
|
|
*
|
661 |
|
|
* THIS NEEDS TO BE REWORKED. ITS A MEANINGLESS TEST IN CURRENT STATE
|
662 |
|
|
* should
|
663 |
|
|
* A. leave on mixed mode ldap authentication
|
664 |
|
|
* logon with non ldap password and receive no authorizations
|
665 |
|
|
*
|
666 |
|
|
* B. leave on mixed mode authentication and logon with ldap
|
667 |
|
|
* groups should be granted
|
668 |
|
|
*
|
669 |
|
|
*/
|
670 |
|
|
//$test_id = 'LDAP_authorz.onlyLdapAuthenticated.1';
|
671 |
|
|
//$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1;
|
672 |
|
|
//$this->consumerAdminConf['og_group']->status = 1;
|
673 |
|
|
//$this->consumerAdminConf['og_group']->save();
|
674 |
|
|
//$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
675 |
|
|
//
|
676 |
|
|
//$hpotter = $this->deleteAndRecreateUser('hpotter');
|
677 |
|
|
//
|
678 |
|
|
//list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group'); // just see if the correct ones are derived.
|
679 |
|
|
//$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0);
|
680 |
|
|
//$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', $test_id);
|
681 |
|
|
//$hpotter = user_load($hpotter->uid, TRUE);
|
682 |
|
|
//if (!$success) {
|
683 |
|
|
// debug($test_id . "new_authorizations:"); debug($new_authorizations);
|
684 |
|
|
// debug($this->testFunctions->ldapUserIsAuthmapped('hpotter'));
|
685 |
|
|
// debug($notifications);
|
686 |
|
|
// debug($hpotter);
|
687 |
|
|
//}
|
688 |
|
|
|
689 |
|
|
}
|
690 |
|
|
|
691 |
|
|
|
692 |
|
|
} |