1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* simpletest for Ldap Authorization OG Module
|
6
|
*
|
7
|
*/
|
8
|
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
9
|
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
|
10
|
|
11
|
class LdapAuthorizationOg1Tests extends LdapTestCase {
|
12
|
|
13
|
public $groupEntityType = 'node';
|
14
|
public $groupBundle = 'group';
|
15
|
public $groupType = 'node';
|
16
|
public $group_content_type = NULL;
|
17
|
public $group_nodes = array();
|
18
|
public $user1;
|
19
|
public $consumerType = 'og_group';
|
20
|
public $module_name = 'ldap_authorization_og';
|
21
|
protected $ldap_test_data;
|
22
|
public $customOgRoles = array(
|
23
|
'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
24
|
'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
25
|
);
|
26
|
|
27
|
public static function getInfo() {
|
28
|
return array(
|
29
|
'group' => 'LDAP Authorization',
|
30
|
'name' => 'OG 7.x-1.5 Tests.',
|
31
|
'description' => 'Test ldap authorization og 1.5',
|
32
|
);
|
33
|
}
|
34
|
|
35
|
function __construct($test_id = NULL) {
|
36
|
parent::__construct($test_id);
|
37
|
}
|
38
|
|
39
|
//function setUp() {
|
40
|
// parent::setUp(array(
|
41
|
// 'ldap_authentication',
|
42
|
// 'ldap_authorization',
|
43
|
// 'ldap_authorization_drupal_role',
|
44
|
// 'ldap_test')); // don't need any real servers, configured, just ldap_servers code base
|
45
|
// variable_set('ldap_simpletest', 2);
|
46
|
//}
|
47
|
|
48
|
function setUp($addl_modules = array()) {
|
49
|
parent::setUp(array('entity', 'ctools', 'og', 'ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role', 'ldap_authorization_og', 'ldap_test', 'og_ui'));
|
50
|
variable_set('ldap_simpletest', 2);
|
51
|
|
52
|
if (ldap_authorization_og_og_version() != 1) {
|
53
|
debug('LdapAuthorizationOg1Tests must be run with OG 7.x-1.x');
|
54
|
return;
|
55
|
}
|
56
|
|
57
|
$this->user1 = $this->drupalCreateUser();
|
58
|
$this->groups = array();
|
59
|
$this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
|
60
|
|
61
|
/**
|
62
|
* Group: The entity instance that will have members and content associated with it.
|
63
|
* Group Entity: entity type: node, bundle: group, name: OG Group
|
64
|
* Group Instances: $this->group_nodes[$label]
|
65
|
*
|
66
|
*/
|
67
|
|
68
|
|
69
|
|
70
|
// Create group and group content node types.
|
71
|
$this->groupBundle = $this->drupalCreateContentType(array(
|
72
|
'type' => 'group',
|
73
|
'name' => 'OG Group',
|
74
|
))->type;
|
75
|
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle); // entity type = "node" and group bundle = "group"
|
76
|
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle);
|
77
|
|
78
|
|
79
|
$this->createCustomRoles();
|
80
|
// create og group for each group in group csv
|
81
|
|
82
|
$this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1');
|
83
|
$this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME);
|
84
|
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
|
85
|
$label = $group['cn'];
|
86
|
// $group_type_obj = $this->drupalCreateContentType(array('name' => $label, 'type' => $label));
|
87
|
// og_create_field(OG_GROUP_FIELD, 'node', $group_type_obj->type);
|
88
|
$settings = array();
|
89
|
$settings['title'] = $label;
|
90
|
$settings['type'] = $this->groupBundle;
|
91
|
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
|
92
|
$group_node = $this->drupalCreateNode($settings);
|
93
|
$group = og_get_group('node', $group_node->nid);
|
94
|
$this->group_nodes[$label] = $group_node;
|
95
|
}
|
96
|
|
97
|
}
|
98
|
|
99
|
public function createCustomRoles() {
|
100
|
foreach ($this->customOgRoles as $og_role_name => $og_role) {
|
101
|
$role = new stdClass;
|
102
|
$role->name = $og_role_name;
|
103
|
$role->gid = 0;
|
104
|
$status = og_role_save($role);
|
105
|
}
|
106
|
$roles = db_query("SELECT rid, name FROM {og_role}", array())->fetchAllKeyed();
|
107
|
}
|
108
|
|
109
|
function deleteAndRecreateUser($cname) {
|
110
|
if ($user = user_load_by_name($cname)) {
|
111
|
user_delete($user->uid);
|
112
|
}
|
113
|
$user = $this->drupalCreateUser(array());
|
114
|
$user = $this->testFunctions->drupalLdapUpdateUser(array('name' => $cname, 'mail' => $cname . '@hogwarts.edu'), TRUE, $user);
|
115
|
return $user;
|
116
|
}
|
117
|
|
118
|
function UIGroupMembershipTest($user, $group_node, $test_id = NULL, $assert_true = TRUE) {
|
119
|
$this->drupalGet('user/' . $user->uid);
|
120
|
if ($assert_true) {
|
121
|
$this->assertText($group_node->title, 'User view UI shows group (' . $group_node->title . ') membership listed', $test_id);
|
122
|
}
|
123
|
else {
|
124
|
$this->assertNoText($group_node->title, 'User view UI does not show group (' . $group_node->title . ') membership listed', $test_id);
|
125
|
}
|
126
|
$this->drupalGet('node/' . $group_node->nid);
|
127
|
if ($assert_true) {
|
128
|
$this->assertText($user->name, 'Group view UI shows user name (' . $user->name . ') in group membership list', $test_id);
|
129
|
}
|
130
|
else {
|
131
|
$this->assertText('Request group membership', 'Group view UI show Request Group Membership form in group membership list', $test_id);
|
132
|
}
|
133
|
}
|
134
|
|
135
|
function manualOgGroup($user, $gid, $extra_rids = array()) {
|
136
|
$values = array('entity' => $user, 'entity_type' => 'user');
|
137
|
$user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][] = array('gid' => $gid);
|
138
|
og_entity_presave($user, 'user');
|
139
|
$user = user_save($user);
|
140
|
foreach ($extra_rids as $rid) {
|
141
|
og_role_grant($gid, $user->uid, $rid);
|
142
|
}
|
143
|
return user_load($user->uid, TRUE);
|
144
|
}
|
145
|
|
146
|
/**
|
147
|
* just make sure install succeeds and og and ldap_authorization_og functions work as designed
|
148
|
*/
|
149
|
function testBasicFunctionsAndApi() {
|
150
|
$this->ldapTestId = $this->module_name . ': setup success';
|
151
|
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
152
|
$setup_success = (
|
153
|
module_exists('ldap_authentication') &&
|
154
|
module_exists('ldap_servers') &&
|
155
|
module_exists('ldap_authorization') &&
|
156
|
module_exists('ldap_authorization_og') &&
|
157
|
(variable_get('ldap_simpletest', 2) == 2)
|
158
|
);
|
159
|
$this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
|
160
|
|
161
|
$this->ldapTestId = $this->module_name . ': cron test';
|
162
|
$this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
|
163
|
$this->assertTrue(ldap_authorization_og_authorization_id(2, 3) == "2-3",
|
164
|
t('ldap_authorization_og_authorization_id() function works.'), $this->ldapTestId);
|
165
|
$this->assertTrue(ldap_authorization_og_og_version() == 1,
|
166
|
t('ldap_authorization_og_og_version() is 1'), $this->ldapTestId);
|
167
|
|
168
|
/***
|
169
|
* I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og
|
170
|
*/
|
171
|
|
172
|
$web_user = $this->drupalCreateUser();
|
173
|
$this->ldapTestId = $this->module_name . ': og functions';
|
174
|
|
175
|
|
176
|
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name');
|
177
|
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name');
|
178
|
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name');
|
179
|
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name');
|
180
|
// debug('og_gryffindor_node');debug($og_gryffindor_node->nid); debug($og_gryffindor_group->gid);
|
181
|
// debug('og_students_node');debug($og_students_node->nid); debug($og_students_group->gid);
|
182
|
// debug('og_faculty_node');debug($og_faculty_node->nid); debug($og_faculty_group->gid);
|
183
|
// debug('og_users_node');debug($og_users_node->nid); debug($og_users_group->gid);
|
184
|
|
185
|
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
|
186
|
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
|
187
|
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
|
188
|
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
189
|
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
190
|
$student_member_consumer_id = $og_students_group->gid . '-' . $member_rid;
|
191
|
|
192
|
$gid = ldap_authorization_og1_entity_id_to_gid($og_gryffindor_node->nid);
|
193
|
$this->assertTrue($gid == $og_gryffindor_group->gid, t('ldap_authorization_og1_entity_id_to_gid() functions'), $this->ldapTestId);
|
194
|
|
195
|
|
196
|
// debug("anonymous_rid=$anonymous_rid, member_rid=$member_rid,admin_rid=$admin_rid, dungeon_master_rid=$dungeon_master_rid, time_keeper=$time_keeper");
|
197
|
|
198
|
/**
|
199
|
* @todo api tests: ldap_authorization_og_rid_from_role_name(),
|
200
|
* and ldap_authorization_og_get_group()
|
201
|
*/
|
202
|
|
203
|
$ids = array($web_user->uid);
|
204
|
// debug($ids);
|
205
|
$user_entities = entity_load('user', $ids, array(), TRUE);
|
206
|
$user_entity = $user_entities[$web_user->uid];
|
207
|
|
208
|
///***
|
209
|
// * II. construct ldapauthorization og object and test methods (ignoring if ldap created or not...
|
210
|
// * unit tests for methods and class without any ldap context.)
|
211
|
// */
|
212
|
|
213
|
$this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class';
|
214
|
|
215
|
$og_auth = new LdapAuthorizationConsumerOG('og_group');
|
216
|
$this->assertTrue(is_object($og_auth),
|
217
|
'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
|
218
|
|
219
|
|
220
|
/**
|
221
|
* test basic functions with admin user logged in
|
222
|
*/
|
223
|
|
224
|
$ldap_entry = NULL;
|
225
|
$user_data = array();
|
226
|
$user = user_load($web_user->uid, TRUE);
|
227
|
|
228
|
|
229
|
$this->assertFalse($og_auth->hasAuthorization($user, $student_member_consumer_id),
|
230
|
'hasAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
|
231
|
|
232
|
$user_auth_data = array();
|
233
|
$consumers = array($student_member_consumer_id => $og_auth->emptyConsumer);
|
234
|
|
235
|
$og_auth->authorizationGrant($user, $user_auth_data, $consumers, $ldap_entry, TRUE);
|
236
|
|
237
|
$this->assertTrue(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid),
|
238
|
'authorizationGrant function works', $this->ldapTestId);
|
239
|
|
240
|
$this->assertTrue(ldap_authorization_og1_has_role($og_students_group->gid, $user->uid, $member_rid),
|
241
|
'ldap_authorization_og1_has_role function works', $this->ldapTestId);
|
242
|
|
243
|
$this->assertTrue("member" == ldap_authorization_og1_role_name_from_rid($member_rid),
|
244
|
'ldap_authorization_og1_role_name_from_rid function works', $this->ldapTestId);
|
245
|
|
246
|
$this->assertTrue($member_rid == ldap_authorization_og1_role_name_to_role_id("member"),
|
247
|
'ldap_authorization_og1_role_name_to_role_id function works', $this->ldapTestId);
|
248
|
|
249
|
$has_student_membership = ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid);
|
250
|
$this->assertTrue($has_student_membership, 'ldap_authorization_og1_has_membership function', $this->ldapTestId);
|
251
|
|
252
|
|
253
|
if ($has_student_membership) {
|
254
|
$og_auth->authorizationRevoke($user, $user_auth_data, $consumers, $ldap_entry, TRUE);
|
255
|
$this->assertFalse(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid),
|
256
|
'authorizationRevoke function works', $this->ldapTestId);
|
257
|
}
|
258
|
|
259
|
$parts = $og_auth->og1ConsumerIdParts("3-2");
|
260
|
$this->assertTrue($parts[0] == 3 && $parts[1] == 2,
|
261
|
'LdapAuthorizationOgConsumerOG::og1ConsumerIdParts method works', $this->ldapTestId);
|
262
|
|
263
|
|
264
|
$mappings = array(
|
265
|
array('cn=students,ou=groups,dc=hogwarts,dc=edu', 'group-name=students,role-name=member'),
|
266
|
array('cn=faculty,ou=groups,dc=hogwarts,dc=edu', 'group-name=faculty,role-name=member'),
|
267
|
array('cn=gryffindor,ou=groups,dc=hogwarts,dc=edu', 'group-name=gryffindor,role-name=member'),
|
268
|
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'group-name=users,role-name=dungeon-master'),
|
269
|
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'gid=2,rid=2'),
|
270
|
array('cn=users,ou=groups,dc=hogwarts,dc=edu', 'gid=2,rid=4'),
|
271
|
);
|
272
|
|
273
|
$normalized_mappings = $og_auth->normalizeMappings($mappings);
|
274
|
|
275
|
$correct_mappings = (
|
276
|
$normalized_mappings[0]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) &&
|
277
|
$normalized_mappings[1]['normalized'] = ldap_authorization_og_authorization_id($og_faculty_group->gid, $member_rid) &&
|
278
|
$normalized_mappings[2]['normalized'] = ldap_authorization_og_authorization_id($og_gryffindor_group->gid, $dungeon_master_rid) &&
|
279
|
$normalized_mappings[3]['normalized'] = ldap_authorization_og_authorization_id($og_users_group->gid, $member_rid) &&
|
280
|
$normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) &&
|
281
|
$normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, 4)
|
282
|
);
|
283
|
if (!$correct_mappings) {
|
284
|
debug('normalized_mappings'); debug($normalized_mappings);
|
285
|
}
|
286
|
$this->assertTrue($correct_mappings, 'normalizeMappings method works', $this->ldapTestId);
|
287
|
|
288
|
}
|
289
|
|
290
|
|
291
|
|
292
|
/**
|
293
|
* authorization configuration flags tests clumped together
|
294
|
*/
|
295
|
|
296
|
function testFlags() {
|
297
|
|
298
|
$sid = 'activedirectory1';
|
299
|
|
300
|
$this->prepTestData(
|
301
|
LDAP_TEST_LDAP_NAME,
|
302
|
array($sid),
|
303
|
'provisionToDrupal',
|
304
|
'default',
|
305
|
'og_group15'
|
306
|
);
|
307
|
|
308
|
|
309
|
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
310
|
|
311
|
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name');
|
312
|
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name');
|
313
|
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name');
|
314
|
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name');
|
315
|
list($og_slytherin_group, $og_slytherin_node) = ldap_authorization_og1_get_group('slytherin', 'group_name');
|
316
|
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
|
317
|
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
|
318
|
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
|
319
|
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
320
|
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
321
|
$students_membership_consumer_id = $og_students_group->gid . '-' . $member_rid;
|
322
|
$gryffindor_membership_consumer_id = $og_gryffindor_group->gid . '-' . $member_rid;
|
323
|
|
324
|
/**
|
325
|
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed
|
326
|
*/
|
327
|
|
328
|
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
|
329
|
$this->assertTrue(
|
330
|
$props_set_correctly,
|
331
|
'Authorization Configuration set correctly in test setup',
|
332
|
'LDAP_authorz.Flags.setup.0'
|
333
|
);
|
334
|
if (!$props_set_correctly) {
|
335
|
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
336
|
}
|
337
|
|
338
|
$test_id = 'LDAP_authorz.Flags.status.0';
|
339
|
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0;
|
340
|
$this->consumerAdminConf['og_group']->status = 0;
|
341
|
$this->consumerAdminConf['og_group']->save();
|
342
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
343
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
344
|
|
345
|
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group'); // just see if the correct ones are derived.
|
346
|
$groups1 = $new_authorizations['og_group'];
|
347
|
$this->assertTrue(
|
348
|
count($new_authorizations['og_group']) == 0,
|
349
|
'disabled consumer configuration disallows authorizations.',
|
350
|
$test_id
|
351
|
);
|
352
|
|
353
|
|
354
|
$test_id = 'LDAP_authorz.Flags.status.1';
|
355
|
$this->consumerAdminConf['og_group']->status = 1;
|
356
|
$this->consumerAdminConf['og_group']->save();
|
357
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
358
|
|
359
|
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group'); // just see if the correct ones are derived.
|
360
|
$correct_groups = !empty($new_authorizations['og_group'][$students_membership_consumer_id])
|
361
|
&& !empty($new_authorizations['og_group'][$gryffindor_membership_consumer_id]);
|
362
|
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', $test_id);
|
363
|
if (!$correct_groups) {
|
364
|
debug($test_id . "new_authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:"); debug($new_authorizations['og_group']); debug($notifications);
|
365
|
}
|
366
|
|
367
|
}
|
368
|
|
369
|
|
370
|
|
371
|
/**
|
372
|
* authorization configuration flags tests clumped together
|
373
|
*/
|
374
|
|
375
|
function testLogons() {
|
376
|
|
377
|
$sid = 'activedirectory1';
|
378
|
|
379
|
$this->prepTestData(
|
380
|
LDAP_TEST_LDAP_NAME,
|
381
|
array($sid),
|
382
|
'provisionToDrupal',
|
383
|
'default',
|
384
|
'og_group15'
|
385
|
);
|
386
|
|
387
|
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
388
|
list($og_gryffindor_group, $og_gryffindor_node) = ldap_authorization_og1_get_group('gryffindor', 'group_name'); //1
|
389
|
list($og_students_group, $og_students_node) = ldap_authorization_og1_get_group('students', 'group_name'); //4
|
390
|
list($og_faculty_group, $og_faculty_node) = ldap_authorization_og1_get_group('faculty', 'group_name'); // 7
|
391
|
list($og_users_group, $og_users_node) = ldap_authorization_og1_get_group('users', 'group_name'); //9
|
392
|
list($og_hufflepuff_group, $og_hufflepuff_node) = ldap_authorization_og1_get_group('hufflepuff', 'group_name');
|
393
|
list($og_slytherin_group, $og_slytherin_node) = ldap_authorization_og1_get_group('slytherin', 'group_name');
|
394
|
|
395
|
|
396
|
$anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
|
397
|
$member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
|
398
|
$admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
|
399
|
$dungeon_master_rid = ldap_authorization_og_rid_from_role_name('dungeon-master');
|
400
|
$time_keeper = ldap_authorization_og_rid_from_role_name('time-keeper');
|
401
|
$students_membership_consumer_id = $og_students_group->gid . '-' . $member_rid;
|
402
|
$gryffindor_membership_consumer_id = $og_gryffindor_group->gid . '-' . $member_rid;
|
403
|
$slytherin_membership_consumer_id = $og_slytherin_group->gid . '-' . $member_rid;
|
404
|
$hufflepuff_membership_consumer_id = $og_hufflepuff_group->gid . '-' . $member_rid;
|
405
|
|
406
|
//debug(
|
407
|
// "students_membership_consumer_id = $students_membership_consumer_id
|
408
|
// gryffindor_membership_consumer_id = $gryffindor_membership_consumer_id
|
409
|
// slytherin_membership_consumer_id = $slytherin_membership_consumer_id
|
410
|
// hufflepuff_membership_consumer_id = = $hufflepuff_membership_consumer_id "
|
411
|
//);
|
412
|
|
413
|
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
|
414
|
$this->assertTrue(
|
415
|
$props_set_correctly,
|
416
|
'Authorization Configuration set correctly in test setup',
|
417
|
'LDAP_authorz.Flags.setup.0'
|
418
|
);
|
419
|
if (!$props_set_correctly) {
|
420
|
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
421
|
}
|
422
|
|
423
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
424
|
|
425
|
/**
|
426
|
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled
|
427
|
*/
|
428
|
$test_id = 'LDAP_authorz.og.Flags.synchOnLogon.0';
|
429
|
$this->consumerAdminConf['og_group']->synchOnLogon = 0;
|
430
|
$this->consumerAdminConf['og_group']->save();
|
431
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
432
|
|
433
|
$edit = array(
|
434
|
'name' => 'hpotter',
|
435
|
'pass' => 'goodpwd',
|
436
|
);
|
437
|
$this->drupalPost('user', $edit, t('Log in'));
|
438
|
$this->assertText(
|
439
|
t('Member for'),
|
440
|
'New Ldap user with good password authenticated.',
|
441
|
$test_id
|
442
|
);
|
443
|
$this->assertTrue(
|
444
|
$this->testFunctions->ldapUserIsAuthmapped('hpotter'),
|
445
|
'Ldap user properly authmapped.',
|
446
|
$test_id
|
447
|
);
|
448
|
$hpotter = user_load_by_name('hpotter');
|
449
|
$hpotter = user_load($hpotter->uid, TRUE);
|
450
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
451
|
$this->drupalGet('user/logout');
|
452
|
$success = (count($authorizations) == 0);
|
453
|
$this->assertTrue($success, 'No authorizations granted when synchOnLogon=0', $test_id);
|
454
|
if (!$success) {
|
455
|
debug($test_id . "authorizations:"); debug($authorizations); debug($hpotter->data);
|
456
|
}
|
457
|
|
458
|
$test_id = 'LDAP_authorz.og.Flags.synchOnLogon.1';
|
459
|
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
|
460
|
$this->consumerAdminConf['og_group']->save();
|
461
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group'); // flushes object static cache
|
462
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
463
|
|
464
|
$edit = array(
|
465
|
'name' => 'hpotter',
|
466
|
'pass' => 'goodpwd',
|
467
|
);
|
468
|
$this->drupalPost('user', $edit, t('Log in'));
|
469
|
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
|
470
|
$hpotter = user_load_by_name('hpotter');
|
471
|
$hpotter = user_load($hpotter->uid, TRUE);
|
472
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
473
|
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
|
474
|
$success = in_array($students_membership_consumer_id, $authorizations) && in_array($gryffindor_membership_consumer_id, $authorizations);
|
475
|
$this->drupalGet('user/logout');
|
476
|
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
|
477
|
if (!$success) {
|
478
|
debug($test_id . "authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:");
|
479
|
debug($authorizations); debug("hpotter->data"); debug($hpotter->data);
|
480
|
}
|
481
|
|
482
|
$user_data = $hpotter->data['ldap_authorizations']['og_group'];
|
483
|
$success = (isset($user_data[$students_membership_consumer_id]) &&
|
484
|
isset($user_data[$gryffindor_membership_consumer_id]) &&
|
485
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
486
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
487
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
488
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
489
|
$user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id);
|
490
|
$this->assertTrue($success, 'Correct User Data Authorization Records', $test_id);
|
491
|
|
492
|
|
493
|
|
494
|
/** test multiple logon scenario. this deals with a variety of concerns such as caching of
|
495
|
* user and og data
|
496
|
*/
|
497
|
$test_id = 'LDAP_authorz.og.mulitplelogons';
|
498
|
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
|
499
|
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
|
500
|
$this->consumerAdminConf['og_group']->status = 1;
|
501
|
$this->consumerAdminConf['og_group']->save();
|
502
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
503
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
504
|
|
505
|
$this->drupalGet('user/logout');
|
506
|
$pre_authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
507
|
$this->assertTrue(count($pre_authorizations) == 0, 'Setup correct for test ' . $test_id, $test_id);
|
508
|
|
509
|
foreach (array(1, 2, 3) as $i) {
|
510
|
$this->drupalGet('user/logout');
|
511
|
$edit = array(
|
512
|
'name' => 'hpotter',
|
513
|
'pass' => 'goodpwd',
|
514
|
);
|
515
|
$this->drupalPost('user', $edit, t('Log in'));
|
516
|
$this->assertText(t('Member for'), "Repeated logon grant test i=$i", $test_id);
|
517
|
$hpotter = user_load_by_name('hpotter');
|
518
|
$hpotter = user_load($hpotter->uid, TRUE);
|
519
|
|
520
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
521
|
$success = in_array($students_membership_consumer_id, $authorizations) &&
|
522
|
in_array($gryffindor_membership_consumer_id, $authorizations);
|
523
|
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
|
524
|
if (!$success) {
|
525
|
debug("$test_id i=$i"); debug($hpotter->data); debug($og_group_consumer->usersAuthorizations($hpotter), TRUE);
|
526
|
}
|
527
|
$this->UIGroupMembershipTest($hpotter, $og_gryffindor_node, $test_id);
|
528
|
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
|
529
|
// also need to assert user->data['ldap_authorizations']['og_group'] array
|
530
|
|
531
|
$this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
|
532
|
$user_data = $hpotter->data['ldap_authorizations']['og_group'];
|
533
|
$success = (isset($user_data[$students_membership_consumer_id]) &&
|
534
|
isset($user_data[$gryffindor_membership_consumer_id]) &&
|
535
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
536
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
537
|
isset($user_data[$students_membership_consumer_id]['date_granted']) &&
|
538
|
isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
|
539
|
$user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id);
|
540
|
$this->assertTrue($success, 'Correct User Data Authorization Records', $test_id);
|
541
|
$this->drupalGet('user/logout');
|
542
|
}
|
543
|
|
544
|
/**
|
545
|
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for
|
546
|
* removing manually granted roles
|
547
|
*
|
548
|
* $this->revokeLdapProvisioned == 1 : Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.
|
549
|
*
|
550
|
* grant groups via ldap and some not manually,
|
551
|
* then logon again and make sure the ldap provided roles are revoked and the drupal ones are not revoked
|
552
|
*
|
553
|
*/
|
554
|
$test_id = 'LDAP_authorz.og.Flags.revokeLdapProvisioned.1';
|
555
|
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
|
556
|
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
|
557
|
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
|
558
|
$this->consumerAdminConf['og_group']->save();
|
559
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
560
|
$hpotter = $this->deleteAndRecreateUser('hpotter');
|
561
|
$edit = array(
|
562
|
'name' => 'hpotter',
|
563
|
'pass' => 'goodpwd',
|
564
|
);
|
565
|
|
566
|
// group to 2 "undeserved" groups, but only ldap associate 1
|
567
|
$hpotter = $this->manualOgGroup($hpotter, $og_slytherin_group->gid);
|
568
|
$hpotter = $this->manualOgGroup($hpotter, $og_hufflepuff_group->gid);
|
569
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
570
|
$this->assertTrue(
|
571
|
in_array($slytherin_membership_consumer_id, $authorizations) &&
|
572
|
in_array($hufflepuff_membership_consumer_id, $authorizations)
|
573
|
, "prep for $test_id", $test_id);
|
574
|
|
575
|
|
576
|
// debug(); debug("4.1 hpotter->data"); debug($hpotter->data);
|
577
|
// $undeserved_consumer_id = $og_slytherin_group->gid . '-' . $member_rid;
|
578
|
$user_edit['data'] = $hpotter->data;
|
579
|
$user_edit['data']['ldap_authorizations']['og_group'][$slytherin_membership_consumer_id] =
|
580
|
array(
|
581
|
array('date_granted' => 1304216778),
|
582
|
array('consumer_id_mixed_case' => $slytherin_membership_consumer_id),
|
583
|
);
|
584
|
$hpotter = user_save($hpotter, $user_edit);
|
585
|
|
586
|
$this->drupalPost('user', $edit, t('Log in'));
|
587
|
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
|
588
|
$hpotter = user_load_by_name('hpotter');
|
589
|
$hpotter = user_load($hpotter->uid, TRUE);
|
590
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
591
|
$this->UIGroupMembershipTest($hpotter, $og_hufflepuff_node, $test_id);
|
592
|
$this->UIGroupMembershipTest($hpotter, $og_slytherin_node, $test_id, FALSE);
|
593
|
$this->assertTrue(
|
594
|
!in_array($slytherin_membership_consumer_id, $authorizations) &&
|
595
|
in_array($hufflepuff_membership_consumer_id, $authorizations)
|
596
|
, "Ldap granted og revoked when not deserved in ldap, manual og membership retained.", $test_id);
|
597
|
|
598
|
// assert that slytherin membership removed, but hufflepuff kept
|
599
|
//debug($authorizations);
|
600
|
//debug("4. hpotter->data"); debug($hpotter->data);
|
601
|
|
602
|
/**
|
603
|
* LDAP_authorz.Flags.regrantLdapProvisioned
|
604
|
* $this->regrantLdapProvisioned == 1 :
|
605
|
* Re grant !consumer_namePlural previously granted
|
606
|
* by LDAP Authorization but removed manually.
|
607
|
*
|
608
|
* - manually remove ldap granted og membership
|
609
|
* - logon
|
610
|
* - check if regranted
|
611
|
*/
|
612
|
$test_id = 'LDAP_authorz.Flags.regrantLdapProvisioned=1';
|
613
|
$this->drupalGet('user/logout');
|
614
|
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
|
615
|
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
|
616
|
$this->consumerAdminConf['og_group']->save();
|
617
|
$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
618
|
$hpotter = user_load($hpotter->uid, TRUE); // do not recreate hpotter user because using date from last test
|
619
|
|
620
|
// ungroup hpotter from students
|
621
|
$hpotter = og_ungroup($og_students_group->gid, 'user', $hpotter, TRUE);
|
622
|
// confirm doesn't have authorization
|
623
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
624
|
$this->assertTrue(!in_array($students_membership_consumer_id, $authorizations), 'hpotter student membership removed before testing regrant', $test_id);
|
625
|
/**
|
626
|
* logon
|
627
|
*/
|
628
|
$this->drupalPost('user', $edit, t('Log in'));
|
629
|
|
630
|
// assert students membership regranted
|
631
|
$hpotter = user_load($hpotter->uid, TRUE);
|
632
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
633
|
module_load_include('php', 'og', 'module');
|
634
|
og_invalidate_cache();
|
635
|
$caches = array(
|
636
|
'og_get_entity_groups',
|
637
|
'og_get_membership',
|
638
|
'og_get_field_og_membership_properties',
|
639
|
);
|
640
|
|
641
|
foreach ($caches as $cache) {
|
642
|
drupal_static_reset($cache);
|
643
|
}
|
644
|
$authorizations = $og_group_consumer->usersAuthorizations($hpotter, TRUE);
|
645
|
$success = in_array($students_membership_consumer_id, $authorizations);
|
646
|
$this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
|
647
|
$this->assertTrue($success, "regrant Ldap Provisioned og groups ($students_membership_consumer_id) that were manually revoked", $test_id);
|
648
|
if (!$success) {
|
649
|
debug($test_id);
|
650
|
debug("students_membership_consumer_id=$students_membership_consumer_id");
|
651
|
debug('hpotter->data'); debug($hpotter->data);
|
652
|
debug('current authorizations'); debug($authorizations);
|
653
|
}
|
654
|
//debug("5. hpotter->data"); debug($hpotter->data);
|
655
|
|
656
|
|
657
|
/**
|
658
|
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and
|
659
|
* apply authorization query. should return no og groups
|
660
|
*
|
661
|
* THIS NEEDS TO BE REWORKED. ITS A MEANINGLESS TEST IN CURRENT STATE
|
662
|
* should
|
663
|
* A. leave on mixed mode ldap authentication
|
664
|
* logon with non ldap password and receive no authorizations
|
665
|
*
|
666
|
* B. leave on mixed mode authentication and logon with ldap
|
667
|
* groups should be granted
|
668
|
*
|
669
|
*/
|
670
|
//$test_id = 'LDAP_authorz.onlyLdapAuthenticated.1';
|
671
|
//$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1;
|
672
|
//$this->consumerAdminConf['og_group']->status = 1;
|
673
|
//$this->consumerAdminConf['og_group']->save();
|
674
|
//$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
|
675
|
//
|
676
|
//$hpotter = $this->deleteAndRecreateUser('hpotter');
|
677
|
//
|
678
|
//list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group'); // just see if the correct ones are derived.
|
679
|
//$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0);
|
680
|
//$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', $test_id);
|
681
|
//$hpotter = user_load($hpotter->uid, TRUE);
|
682
|
//if (!$success) {
|
683
|
// debug($test_id . "new_authorizations:"); debug($new_authorizations);
|
684
|
// debug($this->testFunctions->ldapUserIsAuthmapped('hpotter'));
|
685
|
// debug($notifications);
|
686
|
// debug($hpotter);
|
687
|
//}
|
688
|
|
689
|
}
|
690
|
|
691
|
|
692
|
}
|