diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-09-06 14:28:06 -0400 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-09-06 14:28:06 -0400 |
| commit | b0994ba68e7cbaa077d81006fb0f25bcbd049353 (patch) | |
| tree | 218b4a1e289f1e6d05ca774486d3d259a4e5dfa7 /tests | |
| parent | 3c0b56bc0214d2b0ad561a9001240ae73dea8e64 (diff) | |
Add unit tests for LDAP and ReverseProxy auth
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/units/Auth/LdapTest.php | 377 | ||||
| -rw-r--r-- | tests/units/Auth/ReverseProxyTest.php | 37 | ||||
| -rw-r--r-- | tests/units/Base.php | 3 |
3 files changed, 402 insertions, 15 deletions
diff --git a/tests/units/Auth/LdapTest.php b/tests/units/Auth/LdapTest.php index 8d470d88..5c453b39 100644 --- a/tests/units/Auth/LdapTest.php +++ b/tests/units/Auth/LdapTest.php @@ -13,25 +13,40 @@ function ldap_set_option() { } -function ldap_bind($ldap, $ldap_username, $ldap_password) +function ldap_bind($link_identifier, $bind_rdn, $bind_password) { - return LdapTest::$functions->ldap_bind($ldap, $ldap_username, $ldap_password); + return LdapTest::$functions->ldap_bind($link_identifier, $bind_rdn, $bind_password); +} + +function ldap_search($link_identifier, $base_dn, $filter, array $attributes) +{ + return LdapTest::$functions->ldap_search($link_identifier, $base_dn, $filter, $attributes); +} + +function ldap_get_entries($link_identifier, $result_identifier) +{ + return LdapTest::$functions->ldap_get_entries($link_identifier, $result_identifier); } class LdapTest extends \Base { public static $functions; + private $ldap; public function setUp() { parent::setup(); + $this->ldap = $ldap = new Ldap($this->container); + self::$functions = $this ->getMockBuilder('stdClass') ->setMethods(array( 'ldap_connect', 'ldap_set_option', 'ldap_bind', + 'ldap_search', + 'ldap_get_entries', )) ->getMock(); } @@ -53,8 +68,7 @@ class LdapTest extends \Base ) ->will($this->returnValue('my_ldap_resource')); - $ldap = new Ldap($this->container); - $this->assertNotFalse($ldap->connect()); + $this->assertNotFalse($this->ldap->connect('my_ldap_server')); } public function testConnectFailure() @@ -68,8 +82,7 @@ class LdapTest extends \Base ) ->will($this->returnValue(false)); - $ldap = new Ldap($this->container); - $this->assertFalse($ldap->connect()); + $this->assertFalse($this->ldap->connect('my_ldap_server')); } public function testBindAnonymous() @@ -84,8 +97,7 @@ class LdapTest extends \Base ) ->will($this->returnValue(true)); - $ldap = new Ldap($this->container); - $this->assertTrue($ldap->bind('my_ldap_connection', 'my_user', 'my_password', 'anonymous')); + $this->assertTrue($this->ldap->bind('my_ldap_connection', 'my_user', 'my_password', 'anonymous')); } public function testBindUser() @@ -100,8 +112,7 @@ class LdapTest extends \Base ) ->will($this->returnValue(true)); - $ldap = new Ldap($this->container); - $this->assertTrue($ldap->bind('my_ldap_connection', 'my_user', 'my_password', 'user', 'uid=%s', 'something')); + $this->assertTrue($this->ldap->bind('my_ldap_connection', 'my_user', 'my_password', 'user', 'uid=%s', 'something')); } public function testBindProxy() @@ -116,7 +127,349 @@ class LdapTest extends \Base ) ->will($this->returnValue(true)); - $ldap = new Ldap($this->container); - $this->assertTrue($ldap->bind('my_ldap_connection', 'my_user', 'my_password', 'proxy', 'someone', 'something')); + $this->assertTrue($this->ldap->bind('my_ldap_connection', 'my_user', 'my_password', 'proxy', 'someone', 'something')); + } + + public function testSearchSuccess() + { + $entries = array( + 'count' => 1, + 0 => array( + 'count' => 2, + 'dn' => 'uid=my_user,ou=People,dc=kanboard,dc=local', + 'displayname' => array( + 'count' => 1, + 0 => 'My user', + ), + 'mail' => array( + 'count' => 2, + 0 => 'user1@localhost', + 1 => 'user2@localhost', + ), + 0 => 'displayname', + 1 => 'mail', + ) + ); + + $expected = array( + 'username' => 'my_user', + 'name' => 'My user', + 'email' => 'user1@localhost', + ); + + self::$functions + ->expects($this->at(0)) + ->method('ldap_search') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('uid=my_user'), + $this->equalTo(array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL)) + ) + ->will($this->returnValue('my_result_identifier')); + + self::$functions + ->expects($this->at(1)) + ->method('ldap_get_entries') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('my_result_identifier') + ) + ->will($this->returnValue($entries)); + + self::$functions + ->expects($this->at(2)) + ->method('ldap_bind') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('uid=my_user,ou=People,dc=kanboard,dc=local'), + $this->equalTo('my_password') + ) + ->will($this->returnValue(true)); + + $this->assertEquals($expected, $this->ldap->search('my_ldap_connection', 'my_user', 'my_password', 'ou=People,dc=kanboard,dc=local', 'uid=%s')); + } + + public function testSearchWithBadPassword() + { + $entries = array( + 'count' => 1, + 0 => array( + 'count' => 2, + 'dn' => 'uid=my_user,ou=People,dc=kanboard,dc=local', + 'displayname' => array( + 'count' => 1, + 0 => 'My user', + ), + 'mail' => array( + 'count' => 2, + 0 => 'user1@localhost', + 1 => 'user2@localhost', + ), + 0 => 'displayname', + 1 => 'mail', + ) + ); + + self::$functions + ->expects($this->at(0)) + ->method('ldap_search') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('uid=my_user'), + $this->equalTo(array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL)) + ) + ->will($this->returnValue('my_result_identifier')); + + self::$functions + ->expects($this->at(1)) + ->method('ldap_get_entries') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('my_result_identifier') + ) + ->will($this->returnValue($entries)); + + self::$functions + ->expects($this->at(2)) + ->method('ldap_bind') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('uid=my_user,ou=People,dc=kanboard,dc=local'), + $this->equalTo('my_password') + ) + ->will($this->returnValue(false)); + + $this->assertFalse($this->ldap->search('my_ldap_connection', 'my_user', 'my_password', 'ou=People,dc=kanboard,dc=local', 'uid=%s')); + } + + public function testSearchWithUserNotFound() + { + self::$functions + ->expects($this->at(0)) + ->method('ldap_search') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('uid=my_user'), + $this->equalTo(array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL)) + ) + ->will($this->returnValue('my_result_identifier')); + + self::$functions + ->expects($this->at(1)) + ->method('ldap_get_entries') + ->with( + $this->equalTo('my_ldap_connection'), + $this->equalTo('my_result_identifier') + ) + ->will($this->returnValue(array())); + + $this->assertFalse($this->ldap->search('my_ldap_connection', 'my_user', 'my_password', 'ou=People,dc=kanboard,dc=local', 'uid=%s')); + } + + public function testSuccessfulAuthentication() + { + $this->container['userSession'] = $this + ->getMockBuilder('\Model\UserSession') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('refresh')) + ->getMock(); + + $this->container['user'] = $this + ->getMockBuilder('\Model\User') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('getByUsername')) + ->getMock(); + + $ldap = $this + ->getMockBuilder('\Auth\Ldap') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('findUser')) + ->getMock(); + + $ldap + ->expects($this->once()) + ->method('findUser') + ->with( + $this->equalTo('user'), + $this->equalTo('password') + ) + ->will($this->returnValue(array('username' => 'user', 'name' => 'My user', 'email' => 'user@here'))); + + $this->container['user'] + ->expects($this->once()) + ->method('getByUsername') + ->with( + $this->equalTo('user') + ) + ->will($this->returnValue(array('id' => 2, 'username' => 'user', 'is_ldap_user' => 1))); + + $this->container['userSession'] + ->expects($this->once()) + ->method('refresh'); + + $this->assertTrue($ldap->authenticate('user', 'password')); + } + + public function testAuthenticationWithExistingLocalUser() + { + $this->container['userSession'] = $this + ->getMockBuilder('\Model\UserSession') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('refresh')) + ->getMock(); + + $this->container['user'] = $this + ->getMockBuilder('\Model\User') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('getByUsername')) + ->getMock(); + + $ldap = $this + ->getMockBuilder('\Auth\Ldap') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('findUser')) + ->getMock(); + + $ldap + ->expects($this->once()) + ->method('findUser') + ->with( + $this->equalTo('user'), + $this->equalTo('password') + ) + ->will($this->returnValue(array('username' => 'user', 'name' => 'My user', 'email' => 'user@here'))); + + $this->container['user'] + ->expects($this->once()) + ->method('getByUsername') + ->with( + $this->equalTo('user') + ) + ->will($this->returnValue(array('id' => 2, 'username' => 'user', 'is_ldap_user' => 0))); + + $this->container['userSession'] + ->expects($this->never()) + ->method('refresh'); + + $this->assertFalse($ldap->authenticate('user', 'password')); + } + + public function testAuthenticationWithAutomaticAccountCreation() + { + $this->container['userSession'] = $this + ->getMockBuilder('\Model\UserSession') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('refresh')) + ->getMock(); + + $this->container['user'] = $this + ->getMockBuilder('\Model\User') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('getByUsername')) + ->getMock(); + + $ldap = $this + ->getMockBuilder('\Auth\Ldap') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('findUser', 'createUser')) + ->getMock(); + + $ldap + ->expects($this->at(0)) + ->method('findUser') + ->with( + $this->equalTo('user'), + $this->equalTo('password') + ) + ->will($this->returnValue(array('username' => 'user', 'name' => 'My user', 'email' => 'user@here'))); + + $ldap + ->expects($this->at(1)) + ->method('createUser') + ->with( + $this->equalTo('user'), + $this->equalTo('My user'), + $this->equalTo('user@here') + ) + ->will($this->returnValue(true)); + + $this->container['user'] + ->expects($this->at(0)) + ->method('getByUsername') + ->with( + $this->equalTo('user') + ) + ->will($this->returnValue(null)); + + $this->container['user'] + ->expects($this->at(1)) + ->method('getByUsername') + ->with( + $this->equalTo('user') + ) + ->will($this->returnValue(array('id' => 2, 'username' => 'user', 'is_ldap_user' => 1))); + + $this->container['userSession'] + ->expects($this->once()) + ->method('refresh'); + + $this->assertTrue($ldap->authenticate('user', 'password')); + } + + public function testAuthenticationWithAutomaticAccountCreationFailed() + { + $this->container['userSession'] = $this + ->getMockBuilder('\Model\UserSession') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('refresh')) + ->getMock(); + + $this->container['user'] = $this + ->getMockBuilder('\Model\User') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('getByUsername')) + ->getMock(); + + $ldap = $this + ->getMockBuilder('\Auth\Ldap') + ->setConstructorArgs(array($this->container)) + ->setMethods(array('findUser', 'createUser')) + ->getMock(); + + $ldap + ->expects($this->at(0)) + ->method('findUser') + ->with( + $this->equalTo('user'), + $this->equalTo('password') + ) + ->will($this->returnValue(array('username' => 'user', 'name' => 'My user', 'email' => 'user@here'))); + + $ldap + ->expects($this->at(1)) + ->method('createUser') + ->with( + $this->equalTo('user'), + $this->equalTo('My user'), + $this->equalTo('user@here') + ) + ->will($this->returnValue(false)); + + $this->container['user'] + ->expects($this->once()) + ->method('getByUsername') + ->with( + $this->equalTo('user') + ) + ->will($this->returnValue(null)); + + $this->container['userSession'] + ->expects($this->never()) + ->method('refresh'); + + $this->assertFalse($ldap->authenticate('user', 'password')); } } diff --git a/tests/units/Auth/ReverseProxyTest.php b/tests/units/Auth/ReverseProxyTest.php new file mode 100644 index 00000000..bbab7c0d --- /dev/null +++ b/tests/units/Auth/ReverseProxyTest.php @@ -0,0 +1,37 @@ +<?php + +require_once __DIR__.'/../Base.php'; + +use Auth\ReverseProxy; +use Model\User; + +class ReverseProxyTest extends Base +{ + public function setUp() + { + parent::setup(); + $_SERVER = array(); + } + + public function testFailedAuthentication() + { + $auth = new ReverseProxy($this->container); + $this->assertFalse($auth->authenticate()); + } + + public function testSuccessfulAuthentication() + { + $_SERVER[REVERSE_PROXY_USER_HEADER] = 'my_user'; + + $a = new ReverseProxy($this->container); + $u = new User($this->container); + + $this->assertTrue($a->authenticate()); + + $user = $u->getByUsername('my_user'); + $this->assertNotEmpty($user); + $this->assertEquals(0, $user['is_admin']); + $this->assertEquals(1, $user['is_ldap_user']); + $this->assertEquals(1, $user['disable_login_form']); + } +} diff --git a/tests/units/Base.php b/tests/units/Base.php index a48ae5ec..0a045a09 100644 --- a/tests/units/Base.php +++ b/tests/units/Base.php @@ -1,9 +1,6 @@ <?php require __DIR__.'/../../vendor/autoload.php'; - -define('LDAP_SERVER', 'my_ldap_server'); - require __DIR__.'/../../app/constants.php'; use Symfony\Component\EventDispatcher\EventDispatcher; |