|
1
|
<?php
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
/**
|
|
6
|
* @file
|
|
7
|
* see getInfo() for test summary
|
|
8
|
*
|
|
9
|
* @todo test for ldapUserConf->setSynchMapping()
|
|
10
|
* @todo test for ldapUserConf->ldapAssociateDrupalAccount($drupal_username)
|
|
11
|
*
|
|
12
|
*/
|
|
13
|
|
|
14
|
|
|
15
|
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
|
16
|
|
|
17
|
class LdapUserUnitTests extends LdapTestCase {
|
|
18
|
public static function getInfo() {
|
|
19
|
return array(
|
|
20
|
'name' => 'LDAP User Unit Tests',
|
|
21
|
'description' => 'Test functions outside of real contexts.',
|
|
22
|
'group' => 'LDAP User'
|
|
23
|
);
|
|
24
|
}
|
|
25
|
|
|
26
|
function __construct($test_id = NULL) {
|
|
27
|
parent::__construct($test_id);
|
|
28
|
}
|
|
29
|
|
|
30
|
public $module_name = 'ldap_user';
|
|
31
|
protected $ldap_test_data;
|
|
32
|
|
|
33
|
/**
|
|
34
|
* create one or more server configurations in such as way
|
|
35
|
* that this setUp can be a prerequisite for ldap_authentication and ldap_authorization
|
|
36
|
*/
|
|
37
|
|
|
38
|
function setUp() {
|
|
39
|
parent::setUp(array('ldap_servers', 'ldap_user', 'ldap_authentication', 'ldap_test'));
|
|
40
|
variable_set('ldap_simpletest', 2);
|
|
41
|
}
|
|
42
|
|
|
43
|
function tearDown() {
|
|
44
|
parent::tearDown();
|
|
45
|
variable_del('ldap_help_watchdog_detail');
|
|
46
|
variable_del('ldap_simpletest');
|
|
47
|
}
|
|
48
|
|
|
49
|
/**
|
|
50
|
* make sure install succeeds and ldap user functions/methods work
|
|
51
|
*/
|
|
52
|
function testUnitTests() {
|
|
53
|
|
|
54
|
// just to give warning if setup doesn't succeed.
|
|
55
|
$setup_success = (
|
|
56
|
module_exists('ldap_user') &&
|
|
57
|
module_exists('ldap_servers') &&
|
|
58
|
(variable_get('ldap_simpletest', 2) > 0)
|
|
59
|
);
|
|
60
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('setup'));
|
|
61
|
|
|
62
|
$api_functions = array(
|
|
63
|
'ldap_user_conf' => array(2, 0),
|
|
64
|
'ldap_user_synch_to_drupal' => array(3, 1),
|
|
65
|
'ldap_user_provision_to_drupal' => array(2, 1),
|
|
66
|
'ldap_user_ldap_provision_semaphore' => array(4, 2),
|
|
67
|
'ldap_user_token_replace' => array(3, 2),
|
|
68
|
'ldap_user_token_tokenize_entry' => array(5, 2)
|
|
69
|
);
|
|
70
|
|
|
71
|
foreach ($api_functions as $api_function_name => $param_count) {
|
|
72
|
$reflector = new ReflectionFunction($api_function_name);
|
|
73
|
$this->assertTrue(
|
|
74
|
function_exists($api_function_name) &&
|
|
75
|
$param_count[1] == $reflector->getNumberOfRequiredParameters() &&
|
|
76
|
$param_count[0] == $reflector->getNumberOfParameters()
|
|
77
|
, ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', $this->testId($api_function_name . ' unchanged'));
|
|
78
|
}
|
|
79
|
|
|
80
|
$this->assertTrue(drupal_cron_run(), t('Cron can run with ldap user enabled.'), $this->testId('cron works'));
|
|
81
|
|
|
82
|
// test user token functions
|
|
83
|
$entity = new stdClass();
|
|
84
|
$entity->lname['und'][0]['value'] = 'potter';
|
|
85
|
$entity->house['und'][0]['value'] = 'Gryffindor';
|
|
86
|
$entity->house['und'][1]['value'] = 'Privet Drive';
|
|
87
|
$account = new stdClass();
|
|
88
|
$account->mail = 'hpotter@hogwarts.edu';
|
|
89
|
$mail = ldap_user_token_replace('[property.mail]', $account, $entity);
|
|
90
|
$this->assertTrue($mail == $account->mail, t('[property.mail] token worked on ldap_user_token_replace().'), $this->testId('tokens.property'));
|
|
91
|
$lname = ldap_user_token_replace('[field.lname]', $account, $entity);
|
|
92
|
$this->assertTrue($lname == $entity->lname['und'][0]['value'], t('[field.lname] token worked on ldap_user_token_replace().'), $this->testId('tokens.property.field'));
|
|
93
|
$house1 = ldap_user_token_replace('[field.house:1]', $account, $entity);
|
|
94
|
$this->assertTrue($house1 == $entity->house['und'][1]['value'], t('[field.house:1] token worked on ldap_user_token_replace().'), $this->testId('tokens.property.field.ordinal'));
|
|
95
|
//@todo need tests for :last and a multivalued attribute. see http://drupal.org/node/1245736
|
|
96
|
|
|
97
|
|
|
98
|
$sids = array('activedirectory1');
|
|
99
|
$this->prepTestData('hogwarts', $sids, 'default'); // prepTestData($sids, 'provisionToDrupal', 'default');
|
|
100
|
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
|
|
101
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
|
102
|
|
|
103
|
$this->assertTrue(is_object($ldap_user_conf), t('ldap_conf class instantiated'), $this->testId('construct ldapUserConf object'));
|
|
104
|
|
|
105
|
$user_edit = array();
|
|
106
|
$ldap_user = ldap_servers_get_user_ldap_data('hpotter', $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
|
|
107
|
|
|
108
|
$desired_result = array(
|
|
109
|
'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
|
110
|
'mail' => 'hpotter@hogwarts.edu',
|
|
111
|
'attr' => $ldap_server->entries['cn=hpotter,ou=people,dc=hogwarts,dc=edu'],
|
|
112
|
'sid' => 'activedirectory1',
|
|
113
|
);
|
|
114
|
|
|
115
|
|
|
116
|
$array_diff = array_diff($ldap_user, $desired_result);
|
|
117
|
$this->assertTrue(count($array_diff) == 0, t('ldap_servers_get_user_ldap_data retrieved correct attributes and values'), $this->testId('ldap_servers_get_user_ldap_data'));
|
|
118
|
if (count($array_diff) != 0) {
|
|
119
|
debug('ldap_servers_get_user_ldap_data failed. resulting ldap data array:'); debug($ldap_user); debug('desired result:'); debug($desired_result); debug('array_diff:'); debug($array_diff);
|
|
120
|
}
|
|
121
|
$ldap_todrupal_prov_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, 'all', TRUE);
|
|
122
|
$ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_todrupal_prov_server);
|
|
123
|
|
|
124
|
unset($user_edit['pass']);
|
|
125
|
$desired_result = array(
|
|
126
|
'mail' => 'hpotter@hogwarts.edu',
|
|
127
|
'name' => 'hpotter',
|
|
128
|
'init' => 'hpotter@hogwarts.edu',
|
|
129
|
'status' => 1,
|
|
130
|
'signature' => '',
|
|
131
|
'data' =>
|
|
132
|
array(
|
|
133
|
'ldap_authentication' =>
|
|
134
|
array(
|
|
135
|
'init' =>
|
|
136
|
array(
|
|
137
|
'sid' => 'activedirectory1',
|
|
138
|
'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
|
139
|
'mail' => 'hpotter@hogwarts.edu',
|
|
140
|
),
|
|
141
|
),
|
|
142
|
),
|
|
143
|
'ldap_user_puid' =>
|
|
144
|
array(
|
|
145
|
'und' =>
|
|
146
|
array(
|
|
147
|
0 =>
|
|
148
|
array(
|
|
149
|
'value' => '101',
|
|
150
|
),
|
|
151
|
),
|
|
152
|
),
|
|
153
|
'ldap_user_puid_property' =>
|
|
154
|
array(
|
|
155
|
'und' =>
|
|
156
|
array(
|
|
157
|
0 =>
|
|
158
|
array(
|
|
159
|
'value' => 'guid',
|
|
160
|
),
|
|
161
|
),
|
|
162
|
),
|
|
163
|
'ldap_user_puid_sid' =>
|
|
164
|
array(
|
|
165
|
'und' =>
|
|
166
|
array(
|
|
167
|
0 =>
|
|
168
|
array(
|
|
169
|
'value' => 'activedirectory1',
|
|
170
|
),
|
|
171
|
),
|
|
172
|
),
|
|
173
|
'ldap_user_current_dn' =>
|
|
174
|
array(
|
|
175
|
'und' =>
|
|
176
|
array(
|
|
177
|
0 =>
|
|
178
|
array(
|
|
179
|
'value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
|
180
|
),
|
|
181
|
),
|
|
182
|
),
|
|
183
|
);
|
|
184
|
$array_diff = array_diff($user_edit, $desired_result);
|
|
185
|
//@todo need better diff, this will give false positives in most cases
|
|
186
|
// debug('user_edit,desired_result,diff'); debug( array($user_edit, $desired_result, $array_diff));
|
|
187
|
$this->assertTrue(count($array_diff) == 0, t('ldapUserConf::entryToUserEdit retrieved correct property, field, and data values.'), $this->testId('ldapUserConf::entryToUserEdit'));
|
|
188
|
if (count($array_diff) != 0) {
|
|
189
|
debug('ldapUserConf::entryToUserEdit failed. resulting user edit array:'); debug($user_edit); debug('desired result:'); debug($desired_result); debug('array_diff:'); debug($array_diff);
|
|
190
|
}
|
|
191
|
|
|
192
|
$is_synched_tests = array(
|
|
193
|
LDAP_USER_EVENT_CREATE_DRUPAL_USER => array(
|
|
194
|
0 => array('[property.fake]', '[property.data]', '[property.uid]'),
|
|
195
|
1 => array('[property.mail]', '[property.name]', '[field.ldap_user_puid]', '[field.ldap_user_puid_property]', '[field.ldap_user_puid_sid]', '[field.ldap_user_current_dn]'),
|
|
196
|
),
|
|
197
|
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER => array(
|
|
198
|
0 => array('[property.fake]', '[property.data]', '[property.uid]', '[field.ldap_user_puid]', '[field.ldap_user_puid_property]', '[field.ldap_user_puid_sid]'),
|
|
199
|
1 => array('[property.mail]', '[property.name]', '[field.ldap_user_current_dn]'),
|
|
200
|
),
|
|
201
|
);
|
|
202
|
|
|
203
|
$debug = array();
|
|
204
|
$fail = FALSE;
|
|
205
|
foreach ($is_synched_tests as $prov_event => $tests) {
|
|
206
|
foreach ($tests as $boolean_result => $attribute_tokens) {
|
|
207
|
foreach ($attribute_tokens as $attribute_token) {
|
|
208
|
$is_synched = $ldap_user_conf->isSynched($attribute_token, array($prov_event), LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER);
|
|
209
|
// debug("is_synched_tests: is_synched=$is_synched, attribute_token=$attribute_token, prov_event=$prov_event");
|
|
210
|
if ((int)$is_synched !== (int)$boolean_result) {
|
|
211
|
$fail = TRUE;
|
|
212
|
$debug[$attribute_token] = "isSynched($attribute_token, array($prov_event),
|
|
213
|
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) returned $is_synched when it should have returned ". (int)$boolean_result;
|
|
214
|
}
|
|
215
|
}
|
|
216
|
}
|
|
217
|
}
|
|
218
|
|
|
219
|
$this->assertFalse($fail, t('ldapUserConf::isSynched works'), $this->testId('ldapUserConf::isSynched'));
|
|
220
|
if ($fail) {
|
|
221
|
debug('ldapUserConf::isSynched failures:'); debug($debug);
|
|
222
|
}
|
|
223
|
|
|
224
|
$this->assertTrue($ldap_user_conf->isDrupalAcctProvisionServer('activedirectory1'), t('isDrupalAcctProvisionServer works'), $this->testId('isDrupalAcctProvisionServer'));
|
|
225
|
$this->assertFalse($ldap_user_conf->isLdapEntryProvisionServer('activedirectory1'), t('isLdapEntryProvisionServer works'), $this->testId('isLdapEntryProvisionServer'));
|
|
226
|
|
|
227
|
$ldap_user_required_attributes = $ldap_user_conf->getLdapUserRequiredAttributes(LDAP_USER_PROV_DIRECTION_ALL);
|
|
228
|
|
|
229
|
$provision_enabled_truth = (boolean)(
|
|
230
|
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE)
|
|
231
|
&& $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE)
|
|
232
|
&& !$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE)
|
|
233
|
);
|
|
234
|
$this->assertTrue($provision_enabled_truth, t('provisionEnabled works'), $this->testId('provisionEnabled.1'));
|
|
235
|
|
|
236
|
$provision_enabled_false =
|
|
237
|
($ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE) ||
|
|
238
|
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE) ||
|
|
239
|
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE));
|
|
240
|
$this->assertFalse($provision_enabled_false, t('provisionEnabled works'), $this->testId('provisionEnabled.2'));
|
|
241
|
|
|
242
|
|
|
243
|
$account = new stdClass();
|
|
244
|
$account->name = 'hpotter';
|
|
245
|
$params = array('ldap_context' => 'ldap_user_prov_to_drupal', 'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER);
|
|
246
|
list($ldap_entry, $error) = $ldap_user_conf->drupalUserToLdapEntry($account, 'activedirectory1', $params);
|
|
247
|
// debug('ldap_entry'); debug($ldap_entry);
|
|
248
|
|
|
249
|
$account = NULL;
|
|
250
|
$user_edit = array('name' => 'hpotter');
|
|
251
|
|
|
252
|
// test method provisionDrupalAccount()
|
|
253
|
|
|
254
|
$hpotter = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
|
255
|
|
|
256
|
$hpotter = user_load_by_name('hpotter');
|
|
257
|
|
|
258
|
$properties_set = (
|
|
259
|
$hpotter->name == 'hpotter' &&
|
|
260
|
$hpotter->mail == 'hpotter@hogwarts.edu' &&
|
|
261
|
$hpotter->init == 'hpotter@hogwarts.edu' &&
|
|
262
|
$hpotter->status == 1
|
|
263
|
);
|
|
264
|
$this->assertTrue($properties_set, t('user name, mail, init, and status correctly populated for hpotter'), $this->testId());
|
|
265
|
|
|
266
|
$fields_set = (
|
|
267
|
isset($hpotter->ldap_user_puid['und'][0]['value']) &&
|
|
268
|
$hpotter->ldap_user_puid['und'][0]['value'] == '101' &&
|
|
269
|
isset($hpotter->ldap_user_puid_property['und'][0]['value']) &&
|
|
270
|
$hpotter->ldap_user_puid_property['und'][0]['value'] == 'guid' &&
|
|
271
|
isset($hpotter->ldap_user_puid_sid['und'][0]['value']) &&
|
|
272
|
$hpotter->ldap_user_puid_sid['und'][0]['value'] == 'activedirectory1' &&
|
|
273
|
isset($hpotter->ldap_user_current_dn['und'][0]['value']) &&
|
|
274
|
$hpotter->ldap_user_current_dn['und'][0]['value'] == 'cn=hpotter,ou=people,dc=hogwarts,dc=edu'
|
|
275
|
);
|
|
276
|
$this->assertTrue($fields_set, t('user ldap_user_puid, ldap_user_puid_property, ldap_user_puid_sid, and ldap_user_current_dn correctly populated for hpotter'), $this->testId('provisionDrupalAccount function test 3'));
|
|
277
|
|
|
278
|
|
|
279
|
$data_diff = array_diff(
|
|
280
|
$hpotter->data['ldap_user'],
|
|
281
|
array(
|
|
282
|
'init' =>
|
|
283
|
array(
|
|
284
|
'sid' => 'activedirectory1',
|
|
285
|
'dn' => NULL,
|
|
286
|
'mail' => 'hpotter@hogwarts.edu',
|
|
287
|
),
|
|
288
|
)
|
|
289
|
);
|
|
290
|
$this->assertTrue(count($data_diff) == 0, t('user->data array correctly populated for hpotter'), $this->testId());
|
|
291
|
// test account exists with correct username, mail, fname, puid, puidfield, dn
|
|
292
|
|
|
293
|
// change some user mock ldap data first, (mail and fname) then synch
|
|
294
|
$account = user_load_by_name('hpotter');
|
|
295
|
|
|
296
|
$user_edit = NULL;
|
|
297
|
$ldap_user_conf->ldapUserSynchMappings = array();
|
|
298
|
$sid = 'activedirectory1';
|
|
299
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['[property.mail]'] = array(
|
|
300
|
'sid' => $sid,
|
|
301
|
'ldap_attr' => '[mail]',
|
|
302
|
'user_attr' => '[property.mail]',
|
|
303
|
'convert' => 0,
|
|
304
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
305
|
'ldap_contexts' => array('ldap_user_insert_drupal_user', 'ldap_user_update_drupal_user', 'ldap_authentication_authenticate'),
|
|
306
|
'prov_events' => array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
|
|
307
|
'name' => 'Property: Mail',
|
|
308
|
'enabled' => TRUE,
|
|
309
|
'config_module' => 'ldap_servers',
|
|
310
|
'prov_module' => 'ldap_user',
|
|
311
|
'user_tokens' => '',
|
|
312
|
);
|
|
313
|
$ldap_user_conf->save();
|
|
314
|
|
|
315
|
$this->testFunctions->setFakeServerUserAttribute($sid, 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'mail', 'hpotter@owlcarriers.com', 0);
|
|
316
|
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE); // clear server cache;
|
|
317
|
$user = $ldap_user_conf->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, NULL, TRUE);
|
|
318
|
|
|
319
|
$hpotter = user_load_by_name('hpotter');
|
|
320
|
$hpotter_uid = $hpotter->uid;
|
|
321
|
$success = ($hpotter->mail == 'hpotter@owlcarriers.com');
|
|
322
|
|
|
323
|
$this->assertTrue($success, t('synchToDrupalAccount worked for property (mail) for hpotter'), $this->testId());
|
|
324
|
if (!$success) {
|
|
325
|
debug("hpotter mail after synchToDrupalAccount :" . $hpotter->mail);
|
|
326
|
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE, TRUE);
|
|
327
|
debug('ldap_server'); debug($ldap_server);
|
|
328
|
}
|
|
329
|
|
|
330
|
/**
|
|
331
|
* test for username change and provisioning with puid conflict
|
|
332
|
* hpotter drupal user already exists and has correct puid
|
|
333
|
* change samaccountname value (puid field) of hpotter ldap entry and attempt to provision account with new username (hpotterbrawn)
|
|
334
|
* return should be old drupal account (same uid)
|
|
335
|
*/
|
|
336
|
|
|
337
|
$this->testFunctions->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'samaccountname', 'hpotter-granger', 0);
|
|
338
|
$account = NULL;
|
|
339
|
$user_edit = array('name' => 'hpotter-granger');
|
|
340
|
$hpottergranger = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
|
341
|
|
|
342
|
$this->testFunctions->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'samaccountname', 'hpotter', 0);
|
|
343
|
$pass = (is_object($hpottergranger) && is_object($hpotter) && $hpotter->uid == $hpottergranger->uid);
|
|
344
|
$this->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and synched instead of creating a conflicted drupal account.'), $this->testId('provisionDrupalAccount function test with existing user with same puid'));
|
|
345
|
if (!$pass) {
|
|
346
|
debug('hpotter'); debug($hpotter); debug('hpottergranger'); debug($hpottergranger);
|
|
347
|
}
|
|
348
|
$authmaps = user_get_authmaps('hpotter-granger');
|
|
349
|
$pass = $authmaps['ldap_user'] == 'hpotter-granger';
|
|
350
|
$this->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and fixed authmap.'), $this->testId());
|
|
351
|
|
|
352
|
$pass = is_object($hpottergranger) && $hpottergranger->name == 'hpotter-granger';
|
|
353
|
$this->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and fixed username.'), $this->testId());
|
|
354
|
|
|
355
|
$user_edit = array('name' => 'hpotter');
|
|
356
|
$hpotter = user_save($hpottergranger, $user_edit, 'ldap_user');
|
|
357
|
|
|
358
|
|
|
359
|
// delete and recreate test account to make sure account is in correct state
|
|
360
|
$ldap_user_conf->deleteDrupalAccount('hpotter');
|
|
361
|
$this->assertFalse(user_load($hpotter_uid, TRUE), t('deleteDrupalAccount deleted hpotter successfully'), $this->testId());
|
|
362
|
|
|
363
|
$ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE, TRUE);
|
|
364
|
$ldap_server->refreshFakeData();
|
|
365
|
$account = NULL;
|
|
366
|
$user_edit = array('name' => 'hpotter');
|
|
367
|
$hpotter = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
|
368
|
|
|
369
|
}
|
|
370
|
|
|
371
|
function testProvisionToDrupal() {
|
|
372
|
/**
|
|
373
|
* test that $ldap_user_conf->synchToDrupalAccount() works for various contexts.
|
|
374
|
* make sure changing when a given field/property is flagged for a particular context, everything works
|
|
375
|
* tests one property (property.mail) and one field (field.field_lname) as well as username, puid
|
|
376
|
*/
|
|
377
|
|
|
378
|
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
379
|
$setup_success = (
|
|
380
|
module_exists('ldap_user') &&
|
|
381
|
module_exists('ldap_servers') &&
|
|
382
|
(variable_get('ldap_simpletest', 0) > 0)
|
|
383
|
);
|
|
384
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId("setup"));
|
|
385
|
|
|
386
|
|
|
387
|
$sid = 'activedirectory1';
|
|
388
|
$sids = array($sid);
|
|
389
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
|
390
|
$tests = array();
|
|
391
|
|
|
392
|
$tests[] = array(
|
|
393
|
'disabled' => 0,
|
|
394
|
'user' => 'hpotter',
|
|
395
|
'field_name' => 'field_lname',
|
|
396
|
'field_values' => array(array('sn' => 'Potter'), array('sn' => 'Pottery-Chard')),
|
|
397
|
'field_results' => array('Potter', 'Pottery-Chard'), // first value is what is desired on synch, second if no sycn
|
|
398
|
'mapping' => array(
|
|
399
|
'sid' => $sid,
|
|
400
|
'name' => 'Field: Last Name',
|
|
401
|
'ldap_attr' => '[SN]',
|
|
402
|
'user_attr' => '[field.field_lname]',
|
|
403
|
'convert' => 0,
|
|
404
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
405
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
|
|
406
|
'user_tokens' => '',
|
|
407
|
'config_module' => 'ldap_user',
|
|
408
|
'prov_module' => 'ldap_user',
|
|
409
|
'enabled' => TRUE,
|
|
410
|
),
|
|
411
|
);
|
|
412
|
|
|
413
|
// test for compound tokens
|
|
414
|
$tests[] = array(
|
|
415
|
'disabled' => 0,
|
|
416
|
'user' => 'hpotter',
|
|
417
|
'field_name' => 'field_display_name',
|
|
418
|
'field_values' => array(array('givenname' => 'Harry', 'sn' => 'Potter'), array('givenname' => 'Sir Harry', 'sn' => 'Potter')),
|
|
419
|
'field_results' => array('Harry Potter', 'Sir Harry Potter'), // desired results
|
|
420
|
'mapping' => array(
|
|
421
|
'sid' => $sid,
|
|
422
|
'ldap_attr' => '[givenName] [sn]',
|
|
423
|
'user_attr' => '[field.field_display_name]',
|
|
424
|
'convert' => 0,
|
|
425
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
426
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
|
|
427
|
'name' => 'Field: Display Name',
|
|
428
|
'enabled' => TRUE,
|
|
429
|
'config_module' => 'ldap_user',
|
|
430
|
'prov_module' => 'ldap_user',
|
|
431
|
'user_tokens' => '',
|
|
432
|
),
|
|
433
|
);
|
|
434
|
|
|
435
|
|
|
436
|
// test for constants in use (e.g. "Smith" and "0") instead of tokens e.g. "[sn]" and "[enabled]"
|
|
437
|
$tests[] = array(
|
|
438
|
'disabled' => 0,
|
|
439
|
'user' => 'hpotter',
|
|
440
|
'field_name' => 'field_lname',
|
|
441
|
'field_values' => array(array('sn' => 'Potter1'), array('sn' => 'Potter2')),
|
|
442
|
'field_results' => array('Smith', 'Smith'),
|
|
443
|
'mapping' => array(
|
|
444
|
'sid' => $sid,
|
|
445
|
'name' => 'Field: Last Name',
|
|
446
|
'ldap_attr' => 'Smith', // testing of a constant mapped to a field. that is everyone should have last name smith
|
|
447
|
'user_attr' => '[field.field_lname]',
|
|
448
|
'convert' => 0,
|
|
449
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
450
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
|
|
451
|
'user_tokens' => '',
|
|
452
|
'config_module' => 'ldap_user',
|
|
453
|
'prov_module' => 'ldap_user',
|
|
454
|
'enabled' => TRUE,
|
|
455
|
|
|
456
|
),
|
|
457
|
);
|
|
458
|
|
|
459
|
// test for compound tokens
|
|
460
|
$tests[] = array(
|
|
461
|
'disabled' => 0,
|
|
462
|
'user' => 'hpotter',
|
|
463
|
'property_name' => 'signature',
|
|
464
|
'property_values' => array(array('cn' => 'hpotter'), array('cn' => 'hpotter2')),
|
|
465
|
'property_results' => array('hpotter@hogwarts.edu', 'hpotter2@hogwarts.edu'),
|
|
466
|
'mapping' => array(
|
|
467
|
'sid' => $sid,
|
|
468
|
'ldap_attr' => '[cn]@hogwarts.edu',
|
|
469
|
'user_attr' => '[property.signature]',
|
|
470
|
'convert' => 0,
|
|
471
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
472
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
|
|
473
|
'name' => 'Property: Signature',
|
|
474
|
'enabled' => TRUE,
|
|
475
|
'config_module' => 'ldap_servers',
|
|
476
|
'prov_module' => 'ldap_user',
|
|
477
|
'user_tokens' => '',
|
|
478
|
),
|
|
479
|
);
|
|
480
|
|
|
481
|
$tests[] = array(
|
|
482
|
'disabled' => 0,
|
|
483
|
'user' => 'hpotter',
|
|
484
|
'property_name' => 'mail',
|
|
485
|
'property_values' => array(array('mail' => 'hpotter@hogwarts.edu'), array('mail' => 'hpotter@owlmail.com')),
|
|
486
|
'property_results' => array('hpotter@hogwarts.edu', 'hpotter@owlmail.com'),
|
|
487
|
'mapping' => array(
|
|
488
|
'sid' => $sid,
|
|
489
|
'ldap_attr' => '[mail]',
|
|
490
|
'user_attr' => '[property.mail]',
|
|
491
|
'convert' => 0,
|
|
492
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
493
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
|
|
494
|
'name' => 'Property: Mail',
|
|
495
|
'enabled' => TRUE,
|
|
496
|
'config_module' => 'ldap_servers',
|
|
497
|
'prov_module' => 'ldap_user',
|
|
498
|
'user_tokens' => '',
|
|
499
|
),
|
|
500
|
);
|
|
501
|
|
|
502
|
$tests[] = array(
|
|
503
|
'disabled' => 0,
|
|
504
|
'user' => 'hpotter',
|
|
505
|
'property_name' => 'status',
|
|
506
|
'property_values' => array(array(0 => 'z'), array(0 => 'z')),
|
|
507
|
'property_results' => array(0, 0),
|
|
508
|
'mapping' => array(
|
|
509
|
'sid' => $sid,
|
|
510
|
'ldap_attr' => '0',
|
|
511
|
'user_attr' => '[property.status]', // testing of a constant mapped to property
|
|
512
|
'convert' => 0,
|
|
513
|
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
|
|
514
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
|
|
515
|
'name' => 'Property: Status',
|
|
516
|
'enabled' => TRUE,
|
|
517
|
'config_module' => 'ldap_servers',
|
|
518
|
'prov_module' => 'ldap_user',
|
|
519
|
'user_tokens' => '',
|
|
520
|
),
|
|
521
|
);
|
|
522
|
|
|
523
|
// @todo test with binary field
|
|
524
|
// @todo case sensitivity in tokens and user_attr in mappings
|
|
525
|
|
|
526
|
$test_prov_events = array(
|
|
527
|
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER => array(
|
|
528
|
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
|
|
529
|
LDAP_USER_EVENT_CREATE_DRUPAL_USER,
|
|
530
|
),
|
|
531
|
|
|
532
|
LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY => array(
|
|
533
|
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
|
|
534
|
LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
|
|
535
|
),
|
|
536
|
);
|
|
537
|
|
|
538
|
$this->privileged_user = $this->drupalCreateUser(array(
|
|
539
|
'administer site configuration',
|
|
540
|
'administer users'
|
|
541
|
));
|
|
542
|
|
|
543
|
/** Tests for various synch contexts **/
|
|
544
|
foreach ($tests as $j => $test) {
|
|
545
|
|
|
546
|
$field_name = isset($test['field_name']) ? $test['field_name'] : FALSE;
|
|
547
|
$property_name = isset($test['property_name']) ? $test['property_name'] : FALSE;
|
|
548
|
$direction = ($property_name) ? $test['mapping']['direction'] : $test['mapping']['direction'];
|
|
549
|
foreach ($test_prov_events[$direction] as $i => $prov_event) { // test for each provision event
|
|
550
|
|
|
551
|
// 1. set fake ldap values for field and property in fake ldap server
|
|
552
|
// and clear out mappings and set to provision account with test field and prop[0] on provision
|
|
553
|
$ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE);
|
|
554
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
|
555
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
|
556
|
if ($property_name) {
|
|
557
|
$token_attributes = array();
|
|
558
|
ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);
|
|
559
|
foreach ($token_attributes as $attr_name => $attr_parts) {
|
|
560
|
$this->testFunctions->setFakeServerUserAttribute(
|
|
561
|
'activedirectory1',
|
|
562
|
'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
|
563
|
$attr_name,
|
|
564
|
$test['property_values'][0][$attr_name],
|
|
565
|
0);
|
|
566
|
}
|
|
567
|
$property_token = '[property.' . $property_name . ']';
|
|
568
|
$ldap_user_conf->ldapUserSynchMappings[$direction][$property_token] = $test['mapping'];
|
|
569
|
}
|
|
570
|
if ($field_name) {
|
|
571
|
$token_attributes = array();
|
|
572
|
ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);
|
|
573
|
//debug('token_attributes'); debug($token_attributes);
|
|
574
|
foreach ($token_attributes as $attr_name => $attr_parts ) {
|
|
575
|
$this->testFunctions->setFakeServerUserAttribute(
|
|
576
|
'activedirectory1',
|
|
577
|
'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
|
|
578
|
$attr_name,
|
|
579
|
$test['field_values'][0][drupal_strtolower($attr_name)],
|
|
580
|
0);
|
|
581
|
}
|
|
582
|
$field_token = '[field.' . $field_name . ']';
|
|
583
|
$ldap_user_conf->ldapUserSynchMappings[$direction][$field_token] = $test['mapping'];
|
|
584
|
}
|
|
585
|
|
|
586
|
$ldap_user_conf->save();
|
|
587
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
|
588
|
// debug("ldap_user_conf in prep field_token=$field_token"); debug($ldap_user_conf->synchMapping); debug($ldap_user_conf->ldapUserSynchMappings);
|
|
589
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
|
|
590
|
ldap_servers_flush_server_cache();
|
|
591
|
|
|
592
|
// 2. delete user
|
|
593
|
$username = $test['user'];
|
|
594
|
$user_object = user_load_by_name($username);
|
|
595
|
if (is_object($user_object)) {
|
|
596
|
user_delete($user_object->uid); // watch out for this.
|
|
597
|
}
|
|
598
|
|
|
599
|
// 3. create new user with provisionDrupalAccount
|
|
600
|
$account = NULL;
|
|
601
|
$user_edit = array('name' => $username);
|
|
602
|
// $this->ldapTestId = $this->module_name . ': provisionDrupalAccount function test';
|
|
603
|
$result = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
|
604
|
list($user_object, $user_entity) = ldap_user_load_user_acct_and_entity($username);
|
|
605
|
if ($property_name) {
|
|
606
|
if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$property_token]['prov_events'])) { // if intended to synch
|
|
607
|
$property_success = ($user_object->{$property_name} == $test['property_results'][0]);
|
|
608
|
$this->assertTrue($property_success, t("provisionDrupalAccount worked for property $property_name"), $this->testId(":provisionDrupalAccount.i=$j.prov_event=$prov_event"));
|
|
609
|
if (!$property_success) {
|
|
610
|
debug('field fail,' . $property_name); debug($user_entity->{$property_name}); debug($test['property_results'][0]); //debug($user_entity);
|
|
611
|
}
|
|
612
|
}
|
|
613
|
else {
|
|
614
|
// debug("property_name=$property_name not configured to provisionDrupalAccount on drupal user create for direction=$direction and prov_event=$prov_event");
|
|
615
|
}
|
|
616
|
}
|
|
617
|
if ($field_name) {
|
|
618
|
// debug("property_name=$property_name, prov_event=$prov_event, direction=$direction, field_token=$field_token, sid=$sid, ldap_user_conf->ldapUserSynchMappings $direction - $sid"); debug($ldap_user_conf->ldapUserSynchMappings[$direction][$sid]);
|
|
619
|
|
|
620
|
if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$field_token]['prov_events'])) { // if intended to synch
|
|
621
|
$field_success = isset($user_entity->{$field_name}['und'][0]['value']) &&
|
|
622
|
$user_entity->{$field_name}['und'][0]['value'] == $test['field_results'][0];
|
|
623
|
$this->assertTrue($field_success, t("provisionDrupalAccount worked for field $field_name"), $this->testId(":provisionDrupalAccount.i=$j.prov_event=$prov_event"));
|
|
624
|
if (!$field_success) {
|
|
625
|
debug('field fail,' . $field_name); debug($user_entity->{$field_name}); debug($test['field_results'][0]); //debug($user_entity);
|
|
626
|
}
|
|
627
|
}
|
|
628
|
else {
|
|
629
|
debug("field_name=$field_name not configured to provisionDrupalAccount on drupal user create for direction=$direction and prov_event=$prov_event");
|
|
630
|
}
|
|
631
|
}
|
|
632
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
|
|
633
|
}
|
|
634
|
|
|
635
|
/**
|
|
636
|
* manually create drupal user with option of not ldap associated checked
|
|
637
|
*/
|
|
638
|
|
|
639
|
if ($hpotter = user_load_by_name('hpotter')) {
|
|
640
|
user_delete($hpotter->uid);
|
|
641
|
}
|
|
642
|
$this->assertFalse(user_load_by_name('hpotter'), t('hpotter removed before manual account creation test'), $this->testId('manual non ldap account created'));
|
|
643
|
|
|
644
|
$this->drupalLogout();
|
|
645
|
$this->drupalLogin($this->privileged_user);
|
|
646
|
$this->drupalGet('admin/people/create');
|
|
647
|
$edit = array(
|
|
648
|
'name' => 'hpotter',
|
|
649
|
'mail' => 'hpotter@hogwarts.edu',
|
|
650
|
'pass[pass1]' => 'goodpwd',
|
|
651
|
'pass[pass2]' => 'goodpwd',
|
|
652
|
'notify' => FALSE,
|
|
653
|
'ldap_user_association' => LDAP_USER_MANUAL_ACCT_CONFLICT_NO_LDAP_ASSOCIATE,
|
|
654
|
);
|
|
655
|
$this->drupalPost('admin/people/create', $edit, t('Create new account'));
|
|
656
|
|
|
657
|
$hpotter = user_load_by_name('hpotter');
|
|
658
|
$this->assertTrue($hpotter, t('hpotter created via ui form'), $this->testId('manual non ldap account created'));
|
|
659
|
$this->assertTrue($hpotter && !ldap_user_is_ldap_associated($hpotter), t('hpotter not ldap associated'), $this->testId('manual non ldap account created'));
|
|
660
|
|
|
661
|
|
|
662
|
|
|
663
|
}
|
|
664
|
/**
|
|
665
|
* $entry = $servers['activedirectory1']->dnExists($desired_dn, 'ldap_entry');
|
|
666
|
|
|
667
|
* $this->assertFalse($entry, t("Corresponding LDAP entry deleted when Drupal Account deleted for " . $username), $this->ldapTestId);
|
|
668
|
*/
|
|
669
|
}
|
|
670
|
|
|
671
|
}
|
|
672
|
|
|
673
|
class LdapUserIntegrationTests extends LdapTestCase {
|
|
674
|
|
|
675
|
public static function getInfo() {
|
|
676
|
return array(
|
|
677
|
'name' => 'LDAP User Integration Tests',
|
|
678
|
'description' => 'Test provisioning and synching in real contexts such as account creation on logon, synching on user edit, etc.',
|
|
679
|
'group' => 'LDAP User'
|
|
680
|
);
|
|
681
|
}
|
|
682
|
|
|
683
|
function __construct($test_id = NULL) {
|
|
684
|
parent::__construct($test_id);
|
|
685
|
}
|
|
686
|
|
|
687
|
public $module_name = 'ldap_user';
|
|
688
|
protected $ldap_test_data;
|
|
689
|
|
|
690
|
/**
|
|
691
|
* create one or more server configurations in such as way
|
|
692
|
* that this setUp can be a prerequisite for ldap_authentication and ldap_authorization
|
|
693
|
*/
|
|
694
|
|
|
695
|
function setUp() {
|
|
696
|
parent::setUp(array('ldap_user', 'ldap_test'));
|
|
697
|
variable_set('ldap_simpletest', 2);
|
|
698
|
}
|
|
699
|
|
|
700
|
function tearDown() {
|
|
701
|
parent::tearDown();
|
|
702
|
variable_del('ldap_help_watchdog_detail');
|
|
703
|
variable_del('ldap_simpletest');
|
|
704
|
}
|
|
705
|
|
|
706
|
/**
|
|
707
|
* integration tests for provisioning to ldap
|
|
708
|
*/
|
|
709
|
function testProvisionToLdap() {
|
|
710
|
|
|
711
|
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
712
|
$setup_success = (
|
|
713
|
module_exists('ldap_user') &&
|
|
714
|
module_exists('ldap_servers') &&
|
|
715
|
(variable_get('ldap_simpletest', 2) > 0)
|
|
716
|
);
|
|
717
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId("setup"));
|
|
718
|
|
|
719
|
foreach (array('activedirectory1', 'openldap1') as $test_sid) {
|
|
720
|
$sids = array($test_sid);
|
|
721
|
$this->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid); // this will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc
|
|
722
|
$ldap_user_conf = ldap_user_conf('default', TRUE);
|
|
723
|
|
|
724
|
// 9.B. Create and approve new user, populating first and last name.
|
|
725
|
$username = 'bhautdeser';
|
|
726
|
if ($user = user_load_by_name($username)) {
|
|
727
|
user_delete($user->uid);
|
|
728
|
}
|
|
729
|
$user_edit = array(
|
|
730
|
'name' => $username,
|
|
731
|
'mail' => $username . '@hogwarts.org',
|
|
732
|
'pass' => user_password(),
|
|
733
|
'status' => 1,
|
|
734
|
);
|
|
735
|
$user_acct = new stdClass();
|
|
736
|
$user_acct->is_new = TRUE;
|
|
737
|
$user_acct->field_fname['und'][0]['value'] = 'Bercilak';
|
|
738
|
$user_acct->field_lname['und'][0]['value'] = 'Hautdesert';
|
|
739
|
|
|
740
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
|
741
|
$desired_dn = "cn=bhautdeser,ou=people,dc=hogwarts,dc=edu";
|
|
742
|
|
|
743
|
$pre_entry = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
744
|
$drupal_account = user_save($user_acct, $user_edit);
|
|
745
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
746
|
|
|
747
|
$ldap_entry_success = (
|
|
748
|
$ldap_entry_post &&
|
|
749
|
$ldap_entry_post['cn'][0] == 'bhautdeser' &&
|
|
750
|
$ldap_entry_post['displayname'][0] == 'Bercilak Hautdesert' &&
|
|
751
|
$ldap_entry_post['sn'][0] == 'Hautdesert' &&
|
|
752
|
$ldap_entry_post['guid'][0] == '151' &&
|
|
753
|
$ldap_entry_post['provisionsource'][0] == 'drupal.hogwarts.edu'
|
|
754
|
);
|
|
755
|
$this->assertTrue($ldap_entry_success, t("provision of ldap entry on user create succeeded for " . $username), $this->testId("test for provision to ldap on drupal acct create"));
|
|
756
|
if (!$ldap_entry_success) {
|
|
757
|
debug('drupal_account'); debug($drupal_account);
|
|
758
|
debug("desired_dn=$desired_dn, ldap_entry_post=");
|
|
759
|
debug($ldap_entry_post);
|
|
760
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
|
761
|
}
|
|
762
|
|
|
763
|
|
|
764
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE); // need to reset for simpletests
|
|
765
|
|
|
766
|
// Change lastname and first name (in drupal) and save user to test ldapSynch event handler
|
|
767
|
// confirm that appropriate attributes were changed in ldap entry
|
|
768
|
$ldap_entry_pre = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
769
|
$user_acct_pre = user_load_by_name('bhautdeser');
|
|
770
|
$edit = array();
|
|
771
|
$edit['field_fname']['und'][0]['value'] = 'Bredbeddle';
|
|
772
|
$edit['field_lname']['und'][0]['value'] = 'Hautdesert';
|
|
773
|
$user_acct = user_save($user_acct, $edit);
|
|
774
|
$user_acct_post = user_load_by_name('bhautdeser');
|
|
775
|
|
|
776
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE); // clear cache
|
|
777
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
778
|
|
|
779
|
$ldap_entry_success = (
|
|
780
|
$ldap_entry_post['givenname'][0] == 'Bredbeddle'
|
|
781
|
&& $ldap_entry_post['displayname'][0] == 'Bredbeddle Hautdesert'
|
|
782
|
&& $ldap_entry_post['sn'][0] == 'Hautdesert'
|
|
783
|
);
|
|
784
|
|
|
785
|
$this->assertTrue($ldap_entry_success, t("synch to ldap entry on user save succeeded for " . $username), $this->testId());
|
|
786
|
if (!$ldap_entry_success) {
|
|
787
|
debug("dn=$desired_dn");
|
|
788
|
debug('drupal_account pre'); debug($user_acct_pre);
|
|
789
|
debug('drupal_account post'); debug($user_acct_post);
|
|
790
|
debug('ldap_entry_pre'); debug($ldap_entry_pre);
|
|
791
|
debug('ldap_entry_post'); debug($ldap_entry_post);
|
|
792
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
|
793
|
}
|
|
794
|
|
|
795
|
|
|
796
|
// Change username and first name (in drupal) and save user to test ldapSynch event handler
|
|
797
|
// confirm that appropriate attributes were changed in ldap entry
|
|
798
|
$ldap_entry_pre = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
799
|
$user_acct_pre = user_load_by_name('bhautdeser');
|
|
800
|
$edit = array();
|
|
801
|
$edit['field_fname']['und'][0]['value'] = 'Bredbeddle';
|
|
802
|
$edit['field_lname']['und'][0]['value'] = 'Hautdesert';
|
|
803
|
$user_acct = user_save($user_acct, $edit);
|
|
804
|
$user_acct_post = user_load_by_name('bhautdeser');
|
|
805
|
|
|
806
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE); // clear cache
|
|
807
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
808
|
|
|
809
|
$ldap_entry_success = (
|
|
810
|
$ldap_entry_post['givenname'][0] == 'Bredbeddle'
|
|
811
|
&& $ldap_entry_post['displayname'][0] == 'Bredbeddle Hautdesert'
|
|
812
|
&& $ldap_entry_post['sn'][0] == 'Hautdesert'
|
|
813
|
);
|
|
814
|
|
|
815
|
$this->assertTrue($ldap_entry_success, t("synch to ldap entry on user save succeeded for " . $username), $this->testId());
|
|
816
|
if (!$ldap_entry_success) {
|
|
817
|
debug("dn=$desired_dn");
|
|
818
|
debug('drupal_account pre'); debug($user_acct_pre);
|
|
819
|
debug('drupal_account post'); debug($user_acct_post);
|
|
820
|
debug('ldap_entry_pre'); debug($ldap_entry_pre);
|
|
821
|
debug('ldap_entry_post'); debug($ldap_entry_post);
|
|
822
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
|
823
|
}
|
|
824
|
}
|
|
825
|
|
|
826
|
/**
|
|
827
|
* provisionToLdapEmailVerification
|
|
828
|
* use case where a user self creates and confirms a drupal account and
|
|
829
|
* a corresponding ldap entry with password is created
|
|
830
|
*/
|
|
831
|
$password_tests = array(
|
|
832
|
'[password.user-random]' => 'goodpwd',
|
|
833
|
'[password.random]' => 'random',
|
|
834
|
);
|
|
835
|
|
|
836
|
foreach ($password_tests as $password_token => $password_result) {
|
|
837
|
$test_id = "provisionToLdapEmailVerification $password_token, $test_sid";
|
|
838
|
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE); // need to reset for simpletests
|
|
839
|
/**
|
|
840
|
* provisionToLdapEmailVerification setup
|
|
841
|
*/
|
|
842
|
$this->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid); // this will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc
|
|
843
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
|
844
|
$ldap_user_conf->drupalAcctProvisionServer = 0; // turn off provisioning to drupal
|
|
845
|
$ldap_user_conf->ldapEntryProvisionServer = $test_sid;
|
|
846
|
$ldap_user_conf->ldapEntryProvisionTriggers = array(
|
|
847
|
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE,
|
|
848
|
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE
|
|
849
|
);
|
|
850
|
|
|
851
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY]['[password]'] = array(
|
|
852
|
'sid' => $test_sid,
|
|
853
|
'ldap_attr' => '[password]',
|
|
854
|
'user_attr' => 'user_tokens',
|
|
855
|
'convert' => 0,
|
|
856
|
'user_tokens' => $password_token,
|
|
857
|
'config_module' => 'ldap_user',
|
|
858
|
'synch_module' => 'ldap_user',
|
|
859
|
'enabled' => 1,
|
|
860
|
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
861
|
);
|
|
862
|
|
|
863
|
$ldap_user_conf->save();
|
|
864
|
$ldap_user_conf = ldap_user_conf('default', TRUE);
|
|
865
|
// debug('ldap_user_conf after provisionToLdapEmailVerification setup'); debug($ldap_user_conf);
|
|
866
|
|
|
867
|
variable_set('user_email_verification', TRUE);
|
|
868
|
variable_set('user_register', USER_REGISTER_VISITORS); // or USER_REGISTER_ADMINISTRATORS_ONLY, USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL
|
|
869
|
variable_set('user_cancel_method', 'user_cancel_block'); // user_cancel_block_unpublish, user_cancel_reassign, user_cancel_delete
|
|
870
|
$username = 'sstephens';
|
|
871
|
$this->drupalLogout();
|
|
872
|
if ($sstephens = user_load_by_name($username)) {
|
|
873
|
user_delete($sstephens->uid);
|
|
874
|
}
|
|
875
|
|
|
876
|
/**
|
|
877
|
* provisionToLdapEmailVerification test
|
|
878
|
*/
|
|
879
|
$this->drupalGet('user/register'); // user register form
|
|
880
|
$edit = array(
|
|
881
|
'name' => $username,
|
|
882
|
'mail' => $username . '@hogwarts.edu',
|
|
883
|
);
|
|
884
|
|
|
885
|
$this->createTestUserFields(); // this will create last and first name fields
|
|
886
|
|
|
887
|
$this->drupalPost('user/register', $edit, t('Create new account'));
|
|
888
|
|
|
889
|
$sstephens = user_load_by_name($username);
|
|
890
|
|
|
891
|
|
|
892
|
//can't derive login url, must get it from outgoing email because timestamp in hash is not stored in user_mail_tokens()
|
|
893
|
|
|
894
|
$emails = $this->drupalGetMails();
|
|
895
|
$email_body = $emails[count($emails) - 1]['body']; // most recent email is the one of interest
|
|
896
|
$result = array();
|
|
897
|
preg_match_all('/(user\/reset\/.*)This link can only be/s', $email_body, $result, PREG_PATTERN_ORDER);
|
|
898
|
if (count($result == 2)) {
|
|
899
|
$login_path = trim($result[1][0]);
|
|
900
|
$this->drupalGet($login_path); // user login form
|
|
901
|
$sstephens = user_load_by_name($username);
|
|
902
|
$this->drupalPost($login_path, array(), t('Log in'));
|
|
903
|
$sstephens = user_load_by_name($username);
|
|
904
|
|
|
905
|
$edit = array(
|
|
906
|
'mail' => $username . '@hogwarts.edu',
|
|
907
|
'pass[pass1]' => 'goodpwd',
|
|
908
|
'pass[pass2]' => 'goodpwd',
|
|
909
|
'field_fname[und][0][value]' => 'Samantha',
|
|
910
|
'field_lname[und][0][value]' => 'Stephens'
|
|
911
|
);
|
|
912
|
|
|
913
|
$this->drupalPost(NULL, $edit, t('Save'));
|
|
914
|
$sstephens = user_load_by_name($username);
|
|
915
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE); // clear cache
|
|
916
|
$desired_dn = "cn=$username,ou=people,dc=hogwarts,dc=edu";
|
|
917
|
$ldap_entry_post = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
918
|
|
|
919
|
$password_success = (
|
|
920
|
is_array($ldap_entry_post)
|
|
921
|
&&
|
|
922
|
(
|
|
923
|
($password_token == '[password.random]' && $ldap_entry_post['password'][0] && $ldap_entry_post['password'][0] != 'goodpwd')
|
|
924
|
||
|
|
925
|
($password_token == '[password.user-random]' && $ldap_entry_post['password'][0] == $password_result)
|
|
926
|
)
|
|
927
|
);
|
|
928
|
$ldap_entry_success = (
|
|
929
|
$password_success &&
|
|
930
|
$ldap_entry_post['cn'][0] == $username &&
|
|
931
|
$ldap_entry_post['displayname'][0] == 'Samantha Stephens' &&
|
|
932
|
$ldap_entry_post['provisionsource'][0] == 'drupal.hogwarts.edu' &&
|
|
933
|
$ldap_entry_post['sn'][0] == 'Stephens' &&
|
|
934
|
$ldap_entry_post['givenname'][0] == 'Samantha'
|
|
935
|
);
|
|
936
|
}
|
|
937
|
else {
|
|
938
|
$ldap_entry_success = FALSE;
|
|
939
|
}
|
|
940
|
|
|
941
|
$this->assertTrue($ldap_entry_success, t("correct ldap entry created for " . $username), $this->testId($test_id));
|
|
942
|
if (!$ldap_entry_success) {
|
|
943
|
debug("password_success=$password_success,password_token,password_result: $password_token, $password_result");
|
|
944
|
debug('ldap_user_conf'); debug($ldap_user_conf);
|
|
945
|
debug('ldap_entry_post'); debug($ldap_entry_post);
|
|
946
|
debug('user'); debug($sstephens);
|
|
947
|
}
|
|
948
|
/**
|
|
949
|
* @todo functional tests
|
|
950
|
|
|
951
|
do a password reset of some sort
|
|
952
|
try to add a drupal user that conflicts with an ldap user
|
|
953
|
try a binary fields such as a user profile image
|
|
954
|
*/
|
|
955
|
|
|
956
|
}
|
|
957
|
|
|
958
|
// test deletion of drupal entry on deletion of drupal user
|
|
959
|
foreach (array('activedirectory1', 'openldap1') as $test_sid) {
|
|
960
|
$test_id = $test_sid;
|
|
961
|
// 1. setup
|
|
962
|
$sids = array($test_sid);
|
|
963
|
$this->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid); // this will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc
|
|
964
|
$ldap_user_conf = ldap_user_conf('admin', TRUE);
|
|
965
|
if (!in_array(LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE, $ldap_user_conf->ldapEntryProvisionTriggers)) {
|
|
966
|
$ldap_user_conf->ldapEntryProvisionTriggers[] = LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE;
|
|
967
|
}
|
|
968
|
$ldap_user_conf->provisionsLdapEntriesFromDrupalUsers = TRUE;
|
|
969
|
$ldap_user_conf->save();
|
|
970
|
|
|
971
|
$username = 'bhautdeser';
|
|
972
|
if ($user = user_load_by_name($username)) {
|
|
973
|
user_delete($user->uid);
|
|
974
|
}
|
|
975
|
$user_edit = array(
|
|
976
|
'name' => $username,
|
|
977
|
'mail' => $username . '@hogwarts.org',
|
|
978
|
'pass' => user_password(),
|
|
979
|
'status' => 1,
|
|
980
|
);
|
|
981
|
$user_acct = new stdClass();
|
|
982
|
$user_acct->is_new = TRUE;
|
|
983
|
$user_acct->field_fname['und'][0]['value'] = 'Bercilak';
|
|
984
|
$user_acct->field_lname['und'][0]['value'] = 'Hautdesert';
|
|
985
|
|
|
986
|
$servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
|
|
987
|
$desired_dn = "cn=bhautdeser,ou=people,dc=hogwarts,dc=edu";
|
|
988
|
|
|
989
|
$pre_entry = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
990
|
$drupal_account = user_save($user_acct, $user_edit);
|
|
991
|
$ldap_entry_pre_delete = $servers[$test_sid]->dnExists($desired_dn, 'ldap_entry');
|
|
992
|
|
|
993
|
$ldap_entry = $ldap_user_conf->getProvisionRelatedLdapEntry($drupal_account);
|
|
994
|
|
|
995
|
// 2. test
|
|
996
|
user_delete($drupal_account->uid);
|
|
997
|
$ldap_server = ldap_servers_get_servers($test_sid, 'all', TRUE, TRUE);
|
|
998
|
$ldap_entry_post_delete = $ldap_server->dnExists($desired_dn, 'ldap_entry');
|
|
999
|
|
|
1000
|
|
|
1001
|
$success = (!$ldap_entry_post_delete);
|
|
1002
|
$this->assertTrue($success, t("ldap entry removed for $username on drupal user delete with deletion enabled."), $this->testId($test_id));
|
|
1003
|
|
|
1004
|
if (!$success) {
|
|
1005
|
debug(" desired_dn=$desired_dn test_sid=$test_sid, ldap entry post:"); debug($ldap_entry_post_delete);
|
|
1006
|
}
|
|
1007
|
|
|
1008
|
}
|
|
1009
|
}
|
|
1010
|
|
|
1011
|
/**
|
|
1012
|
* test cron function for dealing with ldap associated users who no longer have
|
|
1013
|
* ldap entries
|
|
1014
|
* - fix search in fake server to deal with general or queries
|
|
1015
|
*
|
|
1016
|
* simpletest approach:
|
|
1017
|
* - loop through all options for user_cancel
|
|
1018
|
* ldap_user_orphan_email
|
|
1019
|
user_cancel_block, user_cancel_block_unpublish,
|
|
1020
|
user_cancel_reassign, user_cancel_delete
|
|
1021
|
* - automatically generate 70 ldap users with cns hpotter1-hpotter300
|
|
1022
|
* - create 75 corresponding drupal uses that are ldap identified
|
|
1023
|
* - delete 10 of the ldap entries
|
|
1024
|
* - run cron
|
|
1025
|
* - test for drupal accounts being dealt with correctly and or email sent
|
|
1026
|
*/
|
|
1027
|
function testDrupalAccountsOrphaned() {
|
|
1028
|
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
1029
|
$setup_success = (
|
|
1030
|
module_exists('ldap_user') &&
|
|
1031
|
module_exists('ldap_servers') &&
|
|
1032
|
(variable_get('ldap_simpletest', 2) > 0)
|
|
1033
|
);
|
|
1034
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('orphaned entries tests'));
|
|
1035
|
|
|
1036
|
$sids = array('activedirectory1');
|
|
1037
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
|
1038
|
|
|
1039
|
$ldap_user_conf = ldap_user_conf('admin');
|
|
1040
|
$drupal_form = $ldap_user_conf->drupalForm();
|
|
1041
|
$account_options = $drupal_form['basic_to_drupal']['orphanedDrupalAcctBehavior']['#options'];
|
|
1042
|
$cn_to_account = array();
|
|
1043
|
$ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
|
|
1044
|
// debug("ldap_server"); debug(is_object($ldap_server));
|
|
1045
|
|
|
1046
|
foreach ($account_options as $account_option => $account_option_text) {
|
|
1047
|
// debug("$account_option - $account_option_text");
|
|
1048
|
$sids = array('activedirectory1');
|
|
1049
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
|
1050
|
$ldap_user_conf->orphanedDrupalAcctBehavior = $account_option;
|
|
1051
|
$ldap_user_conf->save();
|
|
1052
|
$test_id = "ldap_user.orphans.$account_option";
|
|
1053
|
$test_text = "Test of orphaned Drupal account option: $account_option_text";
|
|
1054
|
$success = FALSE;
|
|
1055
|
|
|
1056
|
// create 70 drupal accounts (clone0 to clone69) based on corresponding ldap entries
|
|
1057
|
$first_clone_username = 'clone0';
|
|
1058
|
$last_clone_username= 'clone' . (LDAP_TEST_USER_ORPHAN_CLONE_COUNT - 1);
|
|
1059
|
for ($i = 0; $i < LDAP_TEST_USER_ORPHAN_CLONE_COUNT; $i++) { // 70
|
|
1060
|
$name = "clone" . $i;
|
|
1061
|
//debug("create clone $name, activedirectory1");
|
|
1062
|
$account = $this->createLdapIdentifiedDrupalAccount(
|
|
1063
|
$ldap_user_conf,
|
|
1064
|
$name,
|
|
1065
|
'activedirectory1'
|
|
1066
|
);
|
|
1067
|
$cn_to_account[$name] = $account;
|
|
1068
|
//debug("new account"); debug($account);
|
|
1069
|
}
|
|
1070
|
// debug($cn_to_account['clone0']);
|
|
1071
|
// debug($cn_to_account[$last_clone_username]);
|
|
1072
|
|
|
1073
|
// delete 10 ldap entries
|
|
1074
|
$clone_first_uid = $cn_to_account[$first_clone_username]->uid;
|
|
1075
|
$clone_last_uid = $cn_to_account[$last_clone_username]->uid;
|
|
1076
|
$clone_first = user_load($clone_first_uid, TRUE);
|
|
1077
|
$clone_last = user_load($clone_last_uid, TRUE);
|
|
1078
|
|
|
1079
|
//debug("pre ldap delete, clone0 and cloneN $first_clone_username and $last_clone_username"); debug($clone_first);debug($clone_last); //debug($ldap_server->entries);
|
|
1080
|
$delete = LDAP_TEST_USER_ORPHAN_CLONE_COUNT - LDAP_TEST_USER_ORPHAN_CLONE_REMOVE_COUNT;
|
|
1081
|
for ($i = 0; $i < $delete; $i++) {
|
|
1082
|
$name = "clone" . $i;
|
|
1083
|
$account = $cn_to_account[$name];
|
|
1084
|
//debug("delete ldap entry: ". $account->ldap_user_current_dn['und'][0]['value']);
|
|
1085
|
// ?? is it possible the ldap delete hook is causing the drupal user to get populated with empty values?
|
|
1086
|
$ldap_server->delete($account->ldap_user_current_dn['und'][0]['value']);
|
|
1087
|
}
|
|
1088
|
|
|
1089
|
$clone_first = user_load($clone_first_uid, TRUE);
|
|
1090
|
$clone_last = user_load($clone_last_uid, TRUE);
|
|
1091
|
//debug("post ldap delete and pre cron, clone0 and cloneN"); debug($clone_first->status);debug($clone_last->status);// debug($ldap_server->entries);
|
|
1092
|
drupal_cron_run();
|
|
1093
|
$clone_first = user_load($clone_first_uid, TRUE);
|
|
1094
|
$clone_last = user_load($clone_last_uid, TRUE);
|
|
1095
|
//debug("post cron, clone0 and cloneN"); debug($clone_first->status);debug($clone_last->status); //debug($ldap_server->entries);
|
|
1096
|
switch ($account_option) {
|
|
1097
|
|
|
1098
|
case 'ldap_user_orphan_do_not_check':
|
|
1099
|
$test_uids = array();
|
|
1100
|
for ($i = 0; $i < LDAP_TEST_USER_ORPHAN_CLONE_COUNT; $i++) { // 70
|
|
1101
|
$name = "clone" . $i;
|
|
1102
|
$test_uids[] = @$cn_to_account[$name]->uid;
|
|
1103
|
|
|
1104
|
//debug($account);
|
|
1105
|
}
|
|
1106
|
$success = TRUE;
|
|
1107
|
$accounts = user_load_multiple($test_uids);
|
|
1108
|
// debug("accounts for $test_id"); debug($accounts);
|
|
1109
|
foreach ($accounts as $uid => $account) {
|
|
1110
|
if ($account->status != 1) {
|
|
1111
|
$success = FALSE;
|
|
1112
|
break;
|
|
1113
|
}
|
|
1114
|
}
|
|
1115
|
if ($success) {
|
|
1116
|
$success = ($clone_last && $clone_last->status == 1);
|
|
1117
|
if (!$success) {
|
|
1118
|
// debug("success = $success, status=" . $clone_last->status);
|
|
1119
|
}
|
|
1120
|
}
|
|
1121
|
|
|
1122
|
|
|
1123
|
break;
|
|
1124
|
|
|
1125
|
case 'ldap_user_orphan_email' :
|
|
1126
|
// debug('ldap_user_orphan_email');
|
|
1127
|
// test is if email has 10 users and was sent
|
|
1128
|
$emails = $this->drupalGetMails();
|
|
1129
|
if (count($emails)) {
|
|
1130
|
$email_body = $emails[count($emails) - 1]['body']; // most recent email is the one of interest
|
|
1131
|
$success = (strpos($email_body, "The following $delete Drupal users") !== FALSE);
|
|
1132
|
}
|
|
1133
|
else {
|
|
1134
|
$success = FALSE;
|
|
1135
|
}
|
|
1136
|
|
|
1137
|
break;
|
|
1138
|
|
|
1139
|
case 'user_cancel_block':
|
|
1140
|
case 'user_cancel_block_unpublish':
|
|
1141
|
//debug('user_cancel_block');
|
|
1142
|
// test is if clone0-clone9 have a status of 0
|
|
1143
|
// and clone12,11... have a status of 1
|
|
1144
|
$test_uids = array();
|
|
1145
|
for ($i = 0; $i < $delete; $i++) { // 70
|
|
1146
|
$name = "clone" . $i;
|
|
1147
|
$test_uids[] = @$cn_to_account[$name]->uid;
|
|
1148
|
}
|
|
1149
|
$success = TRUE;
|
|
1150
|
$accounts = user_load_multiple($test_uids);
|
|
1151
|
foreach ($accounts as $uid => $account) {
|
|
1152
|
if ($account->status != 0) {
|
|
1153
|
$success = FALSE;
|
|
1154
|
break;
|
|
1155
|
}
|
|
1156
|
}
|
|
1157
|
if ($success) {
|
|
1158
|
$clone_last = user_load($clone_last_uid, TRUE);
|
|
1159
|
$success = ($clone_last && $clone_last->status == 1);
|
|
1160
|
}
|
|
1161
|
break;
|
|
1162
|
|
|
1163
|
case 'user_cancel_reassign':
|
|
1164
|
case 'user_cancel_delete':
|
|
1165
|
// test is if clone0-clone9 are deleted
|
|
1166
|
// and clone12,11... have a status of 1
|
|
1167
|
$test_uids = array();
|
|
1168
|
for ($i = 0; $i < $delete; $i++) { // 70
|
|
1169
|
$name = "clone" . $i;
|
|
1170
|
$test_uids[] = @$cn_to_account[$name]->uid;
|
|
1171
|
|
|
1172
|
//debug($account);
|
|
1173
|
}
|
|
1174
|
$success = TRUE;
|
|
1175
|
$accounts = user_load_multiple($test_uids);
|
|
1176
|
$success = (count($accounts) == LDAP_TEST_USER_ORPHAN_CLONE_COUNT);
|
|
1177
|
|
|
1178
|
if ($success) {
|
|
1179
|
$clone_last = user_load($clone_last_uid, TRUE);
|
|
1180
|
$success = ($clone_last && $clone_last->status == 1);
|
|
1181
|
}
|
|
1182
|
break;
|
|
1183
|
}
|
|
1184
|
|
|
1185
|
$this->assertTrue($success, $test_id, $test_text);
|
|
1186
|
|
|
1187
|
// remove all drupal users except 1 for next test
|
|
1188
|
foreach ($cn_to_account as $cn => $account) {
|
|
1189
|
@user_delete($account->uid);
|
|
1190
|
}
|
|
1191
|
|
|
1192
|
}
|
|
1193
|
|
|
1194
|
}
|
|
1195
|
|
|
1196
|
function createLdapIdentifiedDrupalAccount($ldap_user_conf, $name, $sid) {
|
|
1197
|
|
|
1198
|
$account = NULL;
|
|
1199
|
$user_edit = array('name' => $name);
|
|
1200
|
$user = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
|
|
1201
|
|
|
1202
|
return user_load($user->uid, TRUE);
|
|
1203
|
}
|
|
1204
|
|
|
1205
|
}
|
|
1206
|
|
|
1207
|
class LdapUserUITests extends LdapTestCase {
|
|
1208
|
|
|
1209
|
public static function getInfo() {
|
|
1210
|
return array(
|
|
1211
|
'name' => 'LDAP User User Interface',
|
|
1212
|
'description' => 'Test ldap user admin interface.',
|
|
1213
|
'group' => 'LDAP User'
|
|
1214
|
);
|
|
1215
|
}
|
|
1216
|
|
|
1217
|
function __construct($test_id = NULL) {
|
|
1218
|
parent::__construct($test_id);
|
|
1219
|
}
|
|
1220
|
|
|
1221
|
public $module_name = 'ldap_user';
|
|
1222
|
protected $ldap_test_data;
|
|
1223
|
|
|
1224
|
/**
|
|
1225
|
* create one or more server configurations in such as way
|
|
1226
|
* that this setUp can be a prerequisite for ldap_authentication and ldap_authorization
|
|
1227
|
*/
|
|
1228
|
|
|
1229
|
function setUp() {
|
|
1230
|
parent::setUp(array('ldap_user', 'ldap_test'));
|
|
1231
|
variable_set('ldap_simpletest', 2);
|
|
1232
|
}
|
|
1233
|
|
|
1234
|
function tearDown() {
|
|
1235
|
parent::tearDown();
|
|
1236
|
variable_del('ldap_help_watchdog_detail');
|
|
1237
|
variable_del('ldap_simpletest');
|
|
1238
|
}
|
|
1239
|
|
|
1240
|
/**
|
|
1241
|
* make sure user admin interface works. (its a beast)
|
|
1242
|
*/
|
|
1243
|
function testUI() {
|
|
1244
|
|
|
1245
|
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
1246
|
$setup_success = (
|
|
1247
|
module_exists('ldap_user') &&
|
|
1248
|
module_exists('ldap_servers') &&
|
|
1249
|
(variable_get('ldap_simpletest', 2) > 0)
|
|
1250
|
);
|
|
1251
|
$this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('user interface tests'));
|
|
1252
|
|
|
1253
|
$sids = array('activedirectory1');
|
|
1254
|
$this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
|
|
1255
|
|
|
1256
|
$this->privileged_user = $this->drupalCreateUser(array(
|
|
1257
|
'administer site configuration',
|
|
1258
|
'administer users'
|
|
1259
|
));
|
|
1260
|
|
|
1261
|
$this->drupalLogin($this->privileged_user);
|
|
1262
|
|
|
1263
|
$ldap_user_conf = ldap_user_conf();
|
|
1264
|
// debug('ldap_user_conf before form submission'); debug($ldap_user_conf);
|
|
1265
|
|
|
1266
|
|
|
1267
|
$this->drupalGet('admin/config/people/ldap/user');
|
|
1268
|
|
|
1269
|
// Populate the field settings with new settings.
|
|
1270
|
$sid = 'activedirectory1';
|
|
1271
|
|
|
1272
|
$edit_direct_map = array(
|
|
1273
|
|
|
1274
|
'manualAccountConflict' => LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE,
|
|
1275
|
'drupalAcctProvisionServer' => $sid,
|
|
1276
|
'userConflictResolve' => LDAP_USER_CONFLICT_LOG,
|
|
1277
|
'acctCreation' => LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT,
|
|
1278
|
'orphanedDrupalAcctBehavior' => 'ldap_user_orphan_email',
|
|
1279
|
'orphanedCheckQty' => '50',
|
|
1280
|
'ldapEntryProvisionServer' => $sid,
|
|
1281
|
);
|
|
1282
|
// 'wsEnabled' => TRUE, 'wsKey' => $wsKey,
|
|
1283
|
|
|
1284
|
|
|
1285
|
// 'wsUserIps' => join("\n", $wsUserIps),
|
|
1286
|
$edit = $edit_direct_map + array(
|
|
1287
|
'drupalAcctProvisionTriggers[' . LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE . ']' => TRUE,
|
|
1288
|
'drupalAcctProvisionTriggers[' . LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE . ']' => TRUE,
|
|
1289
|
|
|
1290
|
'1__sm__ldap_attr__6' => '[sn]',
|
|
1291
|
'1__sm__convert__6' => FALSE,
|
|
1292
|
'1__sm__user_attr__6' => '[field.field_lname]',
|
|
1293
|
'1__sm__1__6' => TRUE,
|
|
1294
|
'1__sm__2__6' => TRUE,
|
|
1295
|
|
|
1296
|
'1__sm__ldap_attr__7' => '[givenname]',
|
|
1297
|
'1__sm__convert__7' => FALSE,
|
|
1298
|
'1__sm__user_attr__7' => '[field.field_fname]',
|
|
1299
|
'1__sm__1__7' => TRUE,
|
|
1300
|
'1__sm__2__7' => TRUE,
|
|
1301
|
|
|
1302
|
'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE . ']' => TRUE,
|
|
1303
|
'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE . ']' => TRUE,
|
|
1304
|
'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE . ']' => TRUE,
|
|
1305
|
|
|
1306
|
'2__sm__user_attr__0' => 'user_tokens',
|
|
1307
|
'2__sm__user_tokens__0' => 'Drupal provisioned account for [property.uid]',
|
|
1308
|
'2__sm__convert__0' => FALSE,
|
|
1309
|
'2__sm__ldap_attr__0' => '[description]',
|
|
1310
|
'2__sm__4__3' => TRUE,
|
|
1311
|
'2__sm__4__3' => TRUE,
|
|
1312
|
|
|
1313
|
'2__sm__user_attr__1' => '[property.uid]',
|
|
1314
|
'2__sm__user_tokens__1' => '',
|
|
1315
|
'2__sm__convert__1' => TRUE,
|
|
1316
|
'2__sm__ldap_attr__1' => '[guid]',
|
|
1317
|
'2__sm__4__1' => TRUE,
|
|
1318
|
'2__sm__4__1' => TRUE,
|
|
1319
|
|
|
1320
|
'2__sm__user_attr__2' => 'user_tokens',
|
|
1321
|
'2__sm__user_tokens__2' => 'cn=[property.name]ou=people,dc=hogwarts,dc=edu',
|
|
1322
|
'2__sm__convert__2' => FALSE,
|
|
1323
|
'2__sm__ldap_attr__2' => '[dn]',
|
|
1324
|
'2__sm__4__2' => TRUE,
|
|
1325
|
'2__sm__4__2' => TRUE,
|
|
1326
|
);
|
|
1327
|
|
|
1328
|
$this->drupalPost('admin/config/people/ldap/user', $edit, t('Save'));
|
|
1329
|
|
|
1330
|
$ldap_user_conf = ldap_user_conf(NULL, TRUE);
|
|
1331
|
// debug('edit'); debug($edit); debug('user conf object after save'); debug($ldap_user_conf);
|
|
1332
|
|
|
1333
|
foreach ($edit_direct_map as $property => $value) {
|
|
1334
|
$this->assertTrue($ldap_user_conf->{$property} == $value, $property . ' ' . t('field set correctly'), $this->testId('user interface tests'));
|
|
1335
|
}
|
|
1336
|
|
|
1337
|
// $this->assertTrue(
|
|
1338
|
// ($ldap_user_conf->wsUserIps[0] == $wsUserIps[0] && $ldap_user_conf->wsUserIps[1] == $wsUserIps[1])
|
|
1339
|
// , t('webserice ips set correctly'), $this->testId('user interface tests'));
|
|
1340
|
|
|
1341
|
$this->assertTrue(
|
|
1342
|
isset($ldap_user_conf->drupalAcctProvisionTriggers[LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE]) &&
|
|
1343
|
isset($ldap_user_conf->drupalAcctProvisionTriggers[LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE])
|
|
1344
|
, t('drupal provision triggers set correctly'), $this->testId('user interface tests'));
|
|
1345
|
|
|
1346
|
$this->assertTrue(
|
|
1347
|
isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE]) &&
|
|
1348
|
isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE]) &&
|
|
1349
|
isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE])
|
|
1350
|
, t('ldap provision triggers set correctly'), $this->testId('user interface tests'));
|
|
1351
|
|
|
1352
|
$field_token = '[field.field_lname]';
|
|
1353
|
$field_lname_set_correctly = (
|
|
1354
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['enabled'] == TRUE &&
|
|
1355
|
|
|
1356
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['ldap_attr'] == '[sn]');
|
|
1357
|
|
|
1358
|
$this->assertTrue($field_lname_set_correctly, t('Synch mapping for field.field_lname field set correctly'), $this->testId('user interface tests'));
|
|
1359
|
if (!$field_lname_set_correctly) {
|
|
1360
|
debug('ldap_user_conf->synchMapping[direction][field.field_lname]'); debug($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['field.field_lname']);
|
|
1361
|
}
|
|
1362
|
|
|
1363
|
$field_token = '[field.field_fname]';
|
|
1364
|
$field_fname_set_correctly = ($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['enabled'] == TRUE &&
|
|
1365
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['direction'] == 1 &&
|
|
1366
|
$ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['ldap_attr'] == '[givenname]');
|
|
1367
|
|
|
1368
|
$this->assertTrue($field_fname_set_correctly, t('Synch mapping for field.field_lname field set correctly'), $this->testId('user interface tests'));
|
|
1369
|
if (!$field_fname_set_correctly) {
|
|
1370
|
debug('ldap_user_conf->synchMapping[direction][field.field_lname]'); debug($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['field.field_lname']);
|
|
1371
|
}
|
|
1372
|
|
|
1373
|
|
|
1374
|
|
|
1375
|
|
|
1376
|
}
|
|
1377
|
|
|
1378
|
|
|
1379
|
|
|
1380
|
|
|
1381
|
|
|
1382
|
}
|
