diff options
Diffstat (limited to 'tests/units/Core')
18 files changed, 1566 insertions, 135 deletions
diff --git a/tests/units/Core/OAuth2Test.php b/tests/units/Core/Http/OAuth2Test.php index d5713608..d703dd7a 100644 --- a/tests/units/Core/OAuth2Test.php +++ b/tests/units/Core/Http/OAuth2Test.php @@ -1,8 +1,8 @@ <?php -require_once __DIR__.'/../Base.php'; +require_once __DIR__.'/../../Base.php'; -use Kanboard\Core\OAuth2; +use Kanboard\Core\Http\OAuth2; class OAuth2Test extends Base { diff --git a/tests/units/Core/Http/RememberMeCookieTest.php b/tests/units/Core/Http/RememberMeCookieTest.php new file mode 100644 index 00000000..ae5606ac --- /dev/null +++ b/tests/units/Core/Http/RememberMeCookieTest.php @@ -0,0 +1,108 @@ +<?php + +namespace Kanboard\Core\Http; + +require_once __DIR__.'/../../Base.php'; + +function setcookie($name, $value = "", $expire = 0, $path = "", $domain = "", $secure = false, $httponly = false) +{ + return RememberMeCookieTest::$functions->setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); +} + +class RememberMeCookieTest extends \Base +{ + public static $functions; + + public function setUp() + { + parent::setup(); + + self::$functions = $this + ->getMockBuilder('stdClass') + ->setMethods(array( + 'setcookie', + )) + ->getMock(); + } + + public function tearDown() + { + parent::tearDown(); + self::$functions = null; + } + + public function testEncode() + { + $cookie = new RememberMeCookie($this->container); + $this->assertEquals('a|b', $cookie->encode('a', 'b')); + } + + public function testDecode() + { + $cookie = new RememberMeCookie($this->container); + $this->assertEquals(array('token' => 'a', 'sequence' => 'b'), $cookie->decode('a|b')); + } + + public function testHasCookie() + { + $this->container['request'] = new Request($this->container, array(), array(), array(), array(), array()); + + $cookie = new RememberMeCookie($this->container); + $this->assertFalse($cookie->hasCookie()); + + $this->container['request'] = new Request($this->container, array(), array(), array(), array(), array(RememberMeCookie::COOKIE_NAME => 'miam')); + $this->assertTrue($cookie->hasCookie()); + } + + public function testWrite() + { + self::$functions + ->expects($this->once()) + ->method('setcookie') + ->with( + RememberMeCookie::COOKIE_NAME, + 'myToken|mySequence', + 1234, + '', + '', + false, + true + ) + ->will($this->returnValue(true)); + + $cookie = new RememberMeCookie($this->container); + $this->assertTrue($cookie->write('myToken', 'mySequence', 1234)); + } + + public function testRead() + { + $this->container['request'] = new Request($this->container, array(), array(), array(), array(), array()); + + $cookie = new RememberMeCookie($this->container); + $this->assertFalse($cookie->read()); + + $this->container['request'] = new Request($this->container, array(), array(), array(), array(), array(RememberMeCookie::COOKIE_NAME => 'T|S')); + + $this->assertEquals(array('token' => 'T', 'sequence' => 'S'), $cookie->read()); + } + + public function testRemove() + { + self::$functions + ->expects($this->once()) + ->method('setcookie') + ->with( + RememberMeCookie::COOKIE_NAME, + '', + time() - 3600, + '', + '', + false, + true + ) + ->will($this->returnValue(true)); + + $cookie = new RememberMeCookie($this->container); + $this->assertTrue($cookie->remove()); + } +} diff --git a/tests/units/Core/Http/RequestTest.php b/tests/units/Core/Http/RequestTest.php new file mode 100644 index 00000000..217698f9 --- /dev/null +++ b/tests/units/Core/Http/RequestTest.php @@ -0,0 +1,175 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Http\Request; + +class RequestTest extends Base +{ + public function testGetStringParam() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEquals('', $request->getStringParam('myvar')); + + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEquals('default', $request->getStringParam('myvar', 'default')); + + $request = new Request($this->container, array(), array('myvar' => 'myvalue'), array(), array(), array()); + $this->assertEquals('myvalue', $request->getStringParam('myvar')); + } + + public function testGetIntegerParam() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEquals(0, $request->getIntegerParam('myvar')); + + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEquals(5, $request->getIntegerParam('myvar', 5)); + + $request = new Request($this->container, array(), array('myvar' => 'myvalue'), array(), array(), array()); + $this->assertEquals(0, $request->getIntegerParam('myvar')); + + $request = new Request($this->container, array(), array('myvar' => '123'), array(), array(), array()); + $this->assertEquals(123, $request->getIntegerParam('myvar')); + } + + public function testGetValues() + { + $request = new Request($this->container, array(), array(), array('myvar' => 'myvalue'), array(), array()); + $this->assertEmpty($request->getValue('myvar')); + + $request = new Request($this->container, array(), array(), array('myvar' => 'myvalue', 'csrf_token' => $this->container['token']->getCSRFToken()), array(), array()); + $this->assertEquals('myvalue', $request->getValue('myvar')); + + $request = new Request($this->container, array(), array(), array('myvar' => 'myvalue', 'csrf_token' => $this->container['token']->getCSRFToken()), array(), array()); + $this->assertEquals(array('myvar' => 'myvalue'), $request->getValues()); + } + + public function testGetFileContent() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getFileContent('myfile')); + + $filename = tempnam(sys_get_temp_dir(), 'UnitTest'); + file_put_contents($filename, 'something'); + + $request = new Request($this->container, array(), array(), array(), array('myfile' => array('tmp_name' => $filename)), array()); + $this->assertEquals('something', $request->getFileContent('myfile')); + + unlink($filename); + } + + public function testGetFilePath() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getFilePath('myfile')); + + $request = new Request($this->container, array(), array(), array(), array('myfile' => array('tmp_name' => 'somewhere')), array()); + $this->assertEquals('somewhere', $request->getFilePath('myfile')); + } + + public function testIsPost() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertFalse($request->isPost()); + + $request = new Request($this->container, array('REQUEST_METHOD' => 'POST'), array(), array(), array(), array()); + $this->assertTrue($request->isPost()); + } + + public function testIsAjax() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertFalse($request->isAjax()); + + $request = new Request($this->container, array('HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'), array(), array(), array(), array()); + $this->assertTrue($request->isAjax()); + } + + public function testIsHTTPS() + { + $request = new Request($this->container, array(), array(), array(), array()); + $this->assertFalse($request->isHTTPS()); + + $request = new Request($this->container, array('HTTPS' => ''), array(), array(), array(), array()); + $this->assertFalse($request->isHTTPS()); + + $request = new Request($this->container, array('HTTPS' => 'off'), array(), array(), array(), array()); + $this->assertFalse($request->isHTTPS()); + + $request = new Request($this->container, array('HTTPS' => 'on'), array(), array(), array(), array()); + $this->assertTrue($request->isHTTPS()); + + $request = new Request($this->container, array('HTTPS' => '1'), array(), array(), array(), array()); + $this->assertTrue($request->isHTTPS()); + } + + public function testGetCookie() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getCookie('mycookie')); + + $request = new Request($this->container, array(), array(), array(), array(), array('mycookie' => 'miam')); + $this->assertEquals('miam', $request->getCookie('mycookie')); + } + + public function testGetHeader() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getHeader('X-Forwarded-For')); + + $request = new Request($this->container, array('HTTP_X_FORWARDED_FOR' => 'test'), array(), array(), array(), array()); + $this->assertEquals('test', $request->getHeader('X-Forwarded-For')); + } + + public function testGetRemoteUser() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getRemoteUser()); + + $request = new Request($this->container, array(REVERSE_PROXY_USER_HEADER => 'test'), array(), array(), array(), array()); + $this->assertEquals('test', $request->getRemoteUser()); + } + + public function testGetQueryString() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getQueryString()); + + $request = new Request($this->container, array('QUERY_STRING' => 'k=v'), array(), array(), array(), array()); + $this->assertEquals('k=v', $request->getQueryString()); + } + + public function testGetUri() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getUri()); + + $request = new Request($this->container, array('REQUEST_URI' => '/blah'), array(), array(), array(), array()); + $this->assertEquals('/blah', $request->getUri()); + } + + public function testGetUserAgent() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEquals('Unknown', $request->getUserAgent()); + + $request = new Request($this->container, array('HTTP_USER_AGENT' => 'My browser'), array(), array(), array(), array()); + $this->assertEquals('My browser', $request->getUserAgent()); + } + + public function testGetIpAddress() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEquals('Unknown', $request->getIpAddress()); + + $request = new Request($this->container, array('HTTP_X_FORWARDED_FOR' => '192.168.0.1,127.0.0.1'), array(), array(), array(), array()); + $this->assertEquals('192.168.0.1', $request->getIpAddress()); + + $request = new Request($this->container, array('REMOTE_ADDR' => '192.168.0.1'), array(), array(), array(), array()); + $this->assertEquals('192.168.0.1', $request->getIpAddress()); + + $request = new Request($this->container, array('REMOTE_ADDR' => ''), array(), array(), array(), array()); + $this->assertEquals('Unknown', $request->getIpAddress()); + } +} diff --git a/tests/units/Core/Ldap/ClientTest.php b/tests/units/Core/Ldap/ClientTest.php index 7b6e983d..d149500e 100644 --- a/tests/units/Core/Ldap/ClientTest.php +++ b/tests/units/Core/Ldap/ClientTest.php @@ -49,6 +49,13 @@ class ClientTest extends \Base self::$functions = null; } + public function testGetLdapServerNotConfigured() + { + $this->setExpectedException('\LogicException'); + $ldap = new Client; + $ldap->getLdapServer(); + } + public function testConnectSuccess() { self::$functions @@ -61,7 +68,8 @@ class ClientTest extends \Base ->will($this->returnValue('my_ldap_resource')); $ldap = new Client; - $this->assertEquals('my_ldap_resource', $ldap->getConnection('my_ldap_server')); + $ldap->open('my_ldap_server'); + $this->assertEquals('my_ldap_resource', $ldap->getConnection()); } public function testConnectFailure() @@ -78,7 +86,8 @@ class ClientTest extends \Base $this->setExpectedException('\Kanboard\Core\Ldap\ClientException'); $ldap = new Client; - $this->assertNotEquals('my_ldap_resource', $ldap->getConnection('my_ldap_server')); + $ldap->open('my_ldap_server'); + $this->assertNotEquals('my_ldap_resource', $ldap->getConnection()); } public function testConnectSuccessWithTLS() @@ -101,7 +110,8 @@ class ClientTest extends \Base ->will($this->returnValue(true)); $ldap = new Client; - $this->assertEquals('my_ldap_resource', $ldap->getConnection('my_ldap_server', 389, true)); + $ldap->open('my_ldap_server', 389, true); + $this->assertEquals('my_ldap_resource', $ldap->getConnection()); } public function testConnectFailureWithTLS() @@ -126,7 +136,8 @@ class ClientTest extends \Base $this->setExpectedException('\Kanboard\Core\Ldap\ClientException'); $ldap = new Client; - $this->assertNotEquals('my_ldap_resource', $ldap->getConnection('my_ldap_server', 389, true)); + $ldap->open('my_ldap_server', 389, true); + $this->assertNotEquals('my_ldap_resource', $ldap->getConnection()); } public function testAnonymousAuthenticationSuccess() @@ -134,13 +145,10 @@ class ClientTest extends \Base self::$functions ->expects($this->once()) ->method('ldap_bind') - ->with( - $this->equalTo('my_ldap_resource') - ) ->will($this->returnValue(true)); $ldap = new Client; - $this->assertTrue($ldap->useAnonymousAuthentication('my_ldap_resource')); + $this->assertTrue($ldap->useAnonymousAuthentication()); } public function testAnonymousAuthenticationFailure() @@ -148,21 +156,27 @@ class ClientTest extends \Base self::$functions ->expects($this->once()) ->method('ldap_bind') - ->with( - $this->equalTo('my_ldap_resource') - ) ->will($this->returnValue(false)); $this->setExpectedException('\Kanboard\Core\Ldap\ClientException'); $ldap = new Client; - $ldap->useAnonymousAuthentication('my_ldap_resource'); + $ldap->useAnonymousAuthentication(); } public function testUserAuthenticationSuccess() { self::$functions ->expects($this->once()) + ->method('ldap_connect') + ->with( + $this->equalTo('my_ldap_server'), + $this->equalTo(389) + ) + ->will($this->returnValue('my_ldap_resource')); + + self::$functions + ->expects($this->once()) ->method('ldap_bind') ->with( $this->equalTo('my_ldap_resource'), @@ -172,13 +186,23 @@ class ClientTest extends \Base ->will($this->returnValue(true)); $ldap = new Client; - $this->assertTrue($ldap->authenticate('my_ldap_resource', 'my_ldap_user', 'my_ldap_password')); + $ldap->open('my_ldap_server'); + $this->assertTrue($ldap->authenticate('my_ldap_user', 'my_ldap_password')); } public function testUserAuthenticationFailure() { self::$functions ->expects($this->once()) + ->method('ldap_connect') + ->with( + $this->equalTo('my_ldap_server'), + $this->equalTo(389) + ) + ->will($this->returnValue('my_ldap_resource')); + + self::$functions + ->expects($this->once()) ->method('ldap_bind') ->with( $this->equalTo('my_ldap_resource'), @@ -190,6 +214,7 @@ class ClientTest extends \Base $this->setExpectedException('\Kanboard\Core\Ldap\ClientException'); $ldap = new Client; - $ldap->authenticate('my_ldap_resource', 'my_ldap_user', 'my_ldap_password'); + $ldap->open('my_ldap_server'); + $ldap->authenticate('my_ldap_user', 'my_ldap_password'); } } diff --git a/tests/units/Core/Ldap/EntriesTest.php b/tests/units/Core/Ldap/EntriesTest.php new file mode 100644 index 00000000..65025b6e --- /dev/null +++ b/tests/units/Core/Ldap/EntriesTest.php @@ -0,0 +1,55 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Ldap\Entries; + +class EntriesTest extends Base +{ + private $entries = array( + 'count' => 2, + 0 => array( + 'cn' => array( + 'count' => 1, + 0 => 'Kanboard Other Group', + ), + 0 => 'cn', + 'count' => 1, + 'dn' => 'CN=Kanboard Other Group,CN=Users,DC=kanboard,DC=local', + ), + 1 => array( + 'cn' => array( + 'count' => 1, + 0 => 'Kanboard Users', + ), + 0 => 'cn', + 'count' => 1, + 'dn' => 'CN=Kanboard Users,CN=Users,DC=kanboard,DC=local', + ), + ); + + public function testGetAll() + { + $entries = new Entries(array()); + $this->assertEmpty($entries->getAll()); + + $entries = new Entries($this->entries); + $result = $entries->getAll(); + $this->assertCount(2, $result); + $this->assertInstanceOf('Kanboard\Core\Ldap\Entry', $result[0]); + $this->assertEquals('CN=Kanboard Users,CN=Users,DC=kanboard,DC=local', $result[1]->getDn()); + $this->assertEquals('Kanboard Users', $result[1]->getFirstValue('cn')); + } + + public function testGetFirst() + { + $entries = new Entries(array()); + $this->assertEquals('', $entries->getFirstEntry()->getDn()); + + $entries = new Entries($this->entries); + $result = $entries->getFirstEntry(); + $this->assertInstanceOf('Kanboard\Core\Ldap\Entry', $result); + $this->assertEquals('CN=Kanboard Other Group,CN=Users,DC=kanboard,DC=local', $result->getDn()); + $this->assertEquals('Kanboard Other Group', $result->getFirstValue('cn')); + } +} diff --git a/tests/units/Core/Ldap/EntryTest.php b/tests/units/Core/Ldap/EntryTest.php new file mode 100644 index 00000000..45585e77 --- /dev/null +++ b/tests/units/Core/Ldap/EntryTest.php @@ -0,0 +1,71 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Ldap\Entry; + +class EntryTest extends Base +{ + private $entry = array( + 'count' => 2, + 'dn' => 'uid=my_user,ou=People,dc=kanboard,dc=local', + 'displayname' => array( + 'count' => 1, + 0 => 'My LDAP user', + ), + 'broken' => array( + ), + 'mail' => array( + 'count' => 2, + 0 => 'user1@localhost', + 1 => 'user2@localhost', + ), + 'samaccountname' => array( + 'count' => 1, + 0 => 'my_ldap_user', + ), + 0 => 'displayname', + 1 => 'mail', + 2 => 'samaccountname', + ); + + public function testGetAll() + { + $expected = array( + 'user1@localhost', + 'user2@localhost', + ); + + $entry = new Entry($this->entry); + $this->assertEquals($expected, $entry->getAll('mail')); + $this->assertEmpty($entry->getAll('not found')); + $this->assertEmpty($entry->getAll('broken')); + } + + public function testGetFirst() + { + $entry = new Entry($this->entry); + $this->assertEquals('user1@localhost', $entry->getFirstValue('mail')); + $this->assertEquals('', $entry->getFirstValue('not found')); + $this->assertEquals('default', $entry->getFirstValue('not found', 'default')); + $this->assertEquals('default', $entry->getFirstValue('broken', 'default')); + } + + public function testGetDn() + { + $entry = new Entry($this->entry); + $this->assertEquals('uid=my_user,ou=People,dc=kanboard,dc=local', $entry->getDn()); + + $entry = new Entry(array()); + $this->assertEquals('', $entry->getDn()); + } + + public function testHasValue() + { + $entry = new Entry($this->entry); + $this->assertTrue($entry->hasValue('mail', 'user2@localhost')); + $this->assertFalse($entry->hasValue('mail', 'user3@localhost')); + $this->assertTrue($entry->hasValue('displayname', 'My LDAP user')); + $this->assertFalse($entry->hasValue('displayname', 'Something else')); + } +} diff --git a/tests/units/Core/Ldap/LdapGroupTest.php b/tests/units/Core/Ldap/LdapGroupTest.php new file mode 100644 index 00000000..3f538249 --- /dev/null +++ b/tests/units/Core/Ldap/LdapGroupTest.php @@ -0,0 +1,160 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Ldap\Group; +use Kanboard\Core\Ldap\Entries; +use Kanboard\Core\Security\Role; + +class LdapGroupTest extends Base +{ + private $query; + private $client; + private $group; + + public function setUp() + { + parent::setUp(); + + $this->client = $this + ->getMockBuilder('\Kanboard\Core\Ldap\Client') + ->setMethods(array( + 'getConnection', + )) + ->getMock(); + + $this->query = $this + ->getMockBuilder('\Kanboard\Core\Ldap\Query') + ->setConstructorArgs(array($this->client)) + ->setMethods(array( + 'execute', + 'hasResult', + 'getEntries', + )) + ->getMock(); + + $this->group = $this + ->getMockBuilder('\Kanboard\Core\Ldap\Group') + ->setConstructorArgs(array($this->query)) + ->setMethods(array( + 'getAttributeName', + 'getBasDn', + )) + ->getMock(); + } + + public function testGetGroups() + { + $entries = new Entries(array( + 'count' => 2, + 0 => array( + 'cn' => array( + 'count' => 1, + 0 => 'Kanboard Other Group', + ), + 0 => 'cn', + 'count' => 1, + 'dn' => 'CN=Kanboard Other Group,CN=Users,DC=kanboard,DC=local', + ), + 1 => array( + 'cn' => array( + 'count' => 1, + 0 => 'Kanboard Users', + ), + 0 => 'cn', + 'count' => 1, + 'dn' => 'CN=Kanboard Users,CN=Users,DC=kanboard,DC=local', + ), + )); + + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + + $this->query + ->expects($this->once()) + ->method('execute') + ->with( + $this->equalTo('CN=Users,DC=kanboard,DC=local'), + $this->equalTo('(&(objectClass=group)(sAMAccountName=Kanboard*))') + ); + + $this->query + ->expects($this->once()) + ->method('hasResult') + ->will($this->returnValue(true)); + + $this->query + ->expects($this->once()) + ->method('getEntries') + ->will($this->returnValue($entries)); + + $this->group + ->expects($this->any()) + ->method('getAttributeName') + ->will($this->returnValue('cn')); + + $this->group + ->expects($this->any()) + ->method('getBasDn') + ->will($this->returnValue('CN=Users,DC=kanboard,DC=local')); + + $groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))'); + $this->assertCount(2, $groups); + $this->assertInstanceOf('Kanboard\Group\LdapGroupProvider', $groups[0]); + $this->assertInstanceOf('Kanboard\Group\LdapGroupProvider', $groups[1]); + $this->assertEquals('Kanboard Other Group', $groups[0]->getName()); + $this->assertEquals('Kanboard Users', $groups[1]->getName()); + $this->assertEquals('CN=Kanboard Other Group,CN=Users,DC=kanboard,DC=local', $groups[0]->getExternalId()); + $this->assertEquals('CN=Kanboard Users,CN=Users,DC=kanboard,DC=local', $groups[1]->getExternalId()); + } + + public function testGetGroupsWithNoResult() + { + $entries = new Entries(array()); + + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + + $this->query + ->expects($this->once()) + ->method('execute') + ->with( + $this->equalTo('CN=Users,DC=kanboard,DC=local'), + $this->equalTo('(&(objectClass=group)(sAMAccountName=Kanboard*))') + ); + + $this->query + ->expects($this->once()) + ->method('hasResult') + ->will($this->returnValue(false)); + + $this->query + ->expects($this->never()) + ->method('getEntries'); + + $this->group + ->expects($this->any()) + ->method('getAttributeName') + ->will($this->returnValue('cn')); + + $this->group + ->expects($this->any()) + ->method('getBasDn') + ->will($this->returnValue('CN=Users,DC=kanboard,DC=local')); + + $groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))'); + $this->assertCount(0, $groups); + } + + public function testGetBaseDnNotConfigured() + { + $this->setExpectedException('\LogicException'); + + $group = new Group($this->query); + $group->getBasDn(); + } +} diff --git a/tests/units/Core/Ldap/LdapUserTest.php b/tests/units/Core/Ldap/LdapUserTest.php new file mode 100644 index 00000000..2b3db1e5 --- /dev/null +++ b/tests/units/Core/Ldap/LdapUserTest.php @@ -0,0 +1,379 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Ldap\User; +use Kanboard\Core\Ldap\Entries; +use Kanboard\Core\Security\Role; + +class LdapUserTest extends Base +{ + private $query; + private $client; + private $user; + + public function setUp() + { + parent::setUp(); + + $this->client = $this + ->getMockBuilder('\Kanboard\Core\Ldap\Client') + ->setMethods(array( + 'getConnection', + )) + ->getMock(); + + $this->query = $this + ->getMockBuilder('\Kanboard\Core\Ldap\Query') + ->setConstructorArgs(array($this->client)) + ->setMethods(array( + 'execute', + 'hasResult', + 'getEntries', + )) + ->getMock(); + + $this->user = $this + ->getMockBuilder('\Kanboard\Core\Ldap\User') + ->setConstructorArgs(array($this->query)) + ->setMethods(array( + 'getAttributeUsername', + 'getAttributeEmail', + 'getAttributeName', + 'getAttributeGroup', + 'getGroupAdminDn', + 'getGroupManagerDn', + 'getBasDn', + )) + ->getMock(); + } + + public function testGetUser() + { + $entries = new Entries(array( + 'count' => 1, + 0 => array( + 'count' => 2, + 'dn' => 'uid=my_ldap_user,ou=People,dc=kanboard,dc=local', + 'displayname' => array( + 'count' => 1, + 0 => 'My LDAP user', + ), + 'mail' => array( + 'count' => 2, + 0 => 'user1@localhost', + 1 => 'user2@localhost', + ), + 'samaccountname' => array( + 'count' => 1, + 0 => 'my_ldap_user', + ), + 0 => 'displayname', + 1 => 'mail', + 2 => 'samaccountname', + ) + )); + + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + + $this->query + ->expects($this->once()) + ->method('execute') + ->with( + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('(uid=my_ldap_user)') + ); + + $this->query + ->expects($this->once()) + ->method('hasResult') + ->will($this->returnValue(true)); + + $this->query + ->expects($this->once()) + ->method('getEntries') + ->will($this->returnValue($entries)); + + $this->user + ->expects($this->any()) + ->method('getAttributeUsername') + ->will($this->returnValue('samaccountname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeName') + ->will($this->returnValue('displayname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeEmail') + ->will($this->returnValue('mail')); + + $this->user + ->expects($this->any()) + ->method('getBasDn') + ->will($this->returnValue('ou=People,dc=kanboard,dc=local')); + + $user = $this->user->find('(uid=my_ldap_user)'); + $this->assertInstanceOf('Kanboard\User\LdapUserProvider', $user); + $this->assertEquals('uid=my_ldap_user,ou=People,dc=kanboard,dc=local', $user->getDn()); + $this->assertEquals('my_ldap_user', $user->getUsername()); + $this->assertEquals('My LDAP user', $user->getName()); + $this->assertEquals('user1@localhost', $user->getEmail()); + $this->assertEquals(Role::APP_USER, $user->getRole()); + $this->assertEquals(array(), $user->getExternalGroupIds()); + $this->assertEquals(array('is_ldap_user' => 1), $user->getExtraAttributes()); + } + + public function testGetUserWithAdminRole() + { + $entries = new Entries(array( + 'count' => 1, + 0 => array( + 'count' => 2, + 'dn' => 'uid=my_ldap_user,ou=People,dc=kanboard,dc=local', + 'displayname' => array( + 'count' => 1, + 0 => 'My LDAP user', + ), + 'mail' => array( + 'count' => 2, + 0 => 'user1@localhost', + 1 => 'user2@localhost', + ), + 'samaccountname' => array( + 'count' => 1, + 0 => 'my_ldap_user', + ), + 'memberof' => array( + 'count' => 1, + 0 => 'CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local', + ), + 0 => 'displayname', + 1 => 'mail', + 2 => 'samaccountname', + 3 => 'memberof', + ) + )); + + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + + $this->query + ->expects($this->once()) + ->method('execute') + ->with( + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('(uid=my_ldap_user)') + ); + + $this->query + ->expects($this->once()) + ->method('hasResult') + ->will($this->returnValue(true)); + + $this->query + ->expects($this->once()) + ->method('getEntries') + ->will($this->returnValue($entries)); + + $this->user + ->expects($this->any()) + ->method('getAttributeUsername') + ->will($this->returnValue('samaccountname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeName') + ->will($this->returnValue('displayname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeEmail') + ->will($this->returnValue('mail')); + + $this->user + ->expects($this->any()) + ->method('getAttributeGroup') + ->will($this->returnValue('memberof')); + + $this->user + ->expects($this->any()) + ->method('getGroupAdminDn') + ->will($this->returnValue('CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local')); + + $this->user + ->expects($this->any()) + ->method('getBasDn') + ->will($this->returnValue('ou=People,dc=kanboard,dc=local')); + + $user = $this->user->find('(uid=my_ldap_user)'); + $this->assertInstanceOf('Kanboard\User\LdapUserProvider', $user); + $this->assertEquals('uid=my_ldap_user,ou=People,dc=kanboard,dc=local', $user->getDn()); + $this->assertEquals('my_ldap_user', $user->getUsername()); + $this->assertEquals('My LDAP user', $user->getName()); + $this->assertEquals('user1@localhost', $user->getEmail()); + $this->assertEquals(Role::APP_ADMIN, $user->getRole()); + $this->assertEquals(array('CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local'), $user->getExternalGroupIds()); + $this->assertEquals(array('is_ldap_user' => 1), $user->getExtraAttributes()); + } + + public function testGetUserWithManagerRole() + { + $entries = new Entries(array( + 'count' => 1, + 0 => array( + 'count' => 2, + 'dn' => 'uid=my_ldap_user,ou=People,dc=kanboard,dc=local', + 'displayname' => array( + 'count' => 1, + 0 => 'My LDAP user', + ), + 'mail' => array( + 'count' => 2, + 0 => 'user1@localhost', + 1 => 'user2@localhost', + ), + 'samaccountname' => array( + 'count' => 1, + 0 => 'my_ldap_user', + ), + 'memberof' => array( + 'count' => 2, + 0 => 'CN=Kanboard-Users,CN=Users,DC=kanboard,DC=local', + 1 => 'CN=Kanboard-Managers,CN=Users,DC=kanboard,DC=local', + ), + 0 => 'displayname', + 1 => 'mail', + 2 => 'samaccountname', + 3 => 'memberof', + ) + )); + + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + + $this->query + ->expects($this->once()) + ->method('execute') + ->with( + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('(uid=my_ldap_user)') + ); + + $this->query + ->expects($this->once()) + ->method('hasResult') + ->will($this->returnValue(true)); + + $this->query + ->expects($this->once()) + ->method('getEntries') + ->will($this->returnValue($entries)); + + $this->user + ->expects($this->any()) + ->method('getAttributeUsername') + ->will($this->returnValue('samaccountname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeName') + ->will($this->returnValue('displayname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeEmail') + ->will($this->returnValue('mail')); + + $this->user + ->expects($this->any()) + ->method('getAttributeGroup') + ->will($this->returnValue('memberof')); + + $this->user + ->expects($this->any()) + ->method('getGroupManagerDn') + ->will($this->returnValue('CN=Kanboard-Managers,CN=Users,DC=kanboard,DC=local')); + + $this->user + ->expects($this->any()) + ->method('getBasDn') + ->will($this->returnValue('ou=People,dc=kanboard,dc=local')); + + $user = $this->user->find('(uid=my_ldap_user)'); + $this->assertInstanceOf('Kanboard\User\LdapUserProvider', $user); + $this->assertEquals('uid=my_ldap_user,ou=People,dc=kanboard,dc=local', $user->getDn()); + $this->assertEquals('my_ldap_user', $user->getUsername()); + $this->assertEquals('My LDAP user', $user->getName()); + $this->assertEquals('user1@localhost', $user->getEmail()); + $this->assertEquals(Role::APP_MANAGER, $user->getRole()); + $this->assertEquals(array('CN=Kanboard-Users,CN=Users,DC=kanboard,DC=local', 'CN=Kanboard-Managers,CN=Users,DC=kanboard,DC=local'), $user->getExternalGroupIds()); + $this->assertEquals(array('is_ldap_user' => 1), $user->getExtraAttributes()); + } + + public function testGetUserNotFound() + { + $entries = new Entries(array()); + + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + + $this->query + ->expects($this->once()) + ->method('execute') + ->with( + $this->equalTo('ou=People,dc=kanboard,dc=local'), + $this->equalTo('(uid=my_ldap_user)') + ); + + $this->query + ->expects($this->once()) + ->method('hasResult') + ->will($this->returnValue(false)); + + $this->query + ->expects($this->never()) + ->method('getEntries'); + + $this->user + ->expects($this->any()) + ->method('getAttributeUsername') + ->will($this->returnValue('samaccountname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeName') + ->will($this->returnValue('displayname')); + + $this->user + ->expects($this->any()) + ->method('getAttributeEmail') + ->will($this->returnValue('mail')); + + $this->user + ->expects($this->any()) + ->method('getBasDn') + ->will($this->returnValue('ou=People,dc=kanboard,dc=local')); + + $user = $this->user->find('(uid=my_ldap_user)'); + $this->assertEquals(null, $user); + } + + public function testGetBaseDnNotConfigured() + { + $this->setExpectedException('\LogicException'); + + $user = new User($this->query); + $user->getBasDn(); + } +} diff --git a/tests/units/Core/Ldap/QueryTest.php b/tests/units/Core/Ldap/QueryTest.php index 2eb3940f..b3987df0 100644 --- a/tests/units/Core/Ldap/QueryTest.php +++ b/tests/units/Core/Ldap/QueryTest.php @@ -17,6 +17,7 @@ function ldap_get_entries($link_identifier, $result_identifier) class QueryTest extends \Base { public static $functions; + private $client; public function setUp() { @@ -29,6 +30,13 @@ class QueryTest extends \Base 'ldap_get_entries', )) ->getMock(); + + $this->client = $this + ->getMockBuilder('\Kanboard\Core\Ldap\Client') + ->setMethods(array( + 'getConnection', + )) + ->getMock(); } public function tearDown() @@ -58,6 +66,11 @@ class QueryTest extends \Base ) ); + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + self::$functions ->expects($this->once()) ->method('ldap_search') @@ -78,20 +91,25 @@ class QueryTest extends \Base ) ->will($this->returnValue($entries)); - $query = new Query; - $query->execute('my_ldap_resource', 'ou=People,dc=kanboard,dc=local', 'uid=my_user', array('displayname')); + $query = new Query($this->client); + $query->execute('ou=People,dc=kanboard,dc=local', 'uid=my_user', array('displayname')); $this->assertTrue($query->hasResult()); - $this->assertEquals('My user', $query->getAttributeValue('displayname')); - $this->assertEquals('user1@localhost', $query->getAttributeValue('mail')); - $this->assertEquals('', $query->getAttributeValue('not_found')); + $this->assertEquals('My user', $query->getEntries()->getFirstEntry()->getFirstValue('displayname')); + $this->assertEquals('user1@localhost', $query->getEntries()->getFirstEntry()->getFirstValue('mail')); + $this->assertEquals('', $query->getEntries()->getFirstEntry()->getFirstValue('not_found')); - $this->assertEquals('uid=my_user,ou=People,dc=kanboard,dc=local', $query->getAttribute('dn')); - $this->assertEquals(null, $query->getAttribute('missing')); + $this->assertEquals('uid=my_user,ou=People,dc=kanboard,dc=local', $query->getEntries()->getFirstEntry()->getDn()); + $this->assertEquals('', $query->getEntries()->getFirstEntry()->getFirstValue('missing')); } public function testExecuteQueryNotFound() { + $this->client + ->expects($this->any()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + self::$functions ->expects($this->once()) ->method('ldap_search') @@ -112,13 +130,18 @@ class QueryTest extends \Base ) ->will($this->returnValue(array())); - $query = new Query; - $query->execute('my_ldap_resource', 'ou=People,dc=kanboard,dc=local', 'uid=my_user', array('displayname')); + $query = new Query($this->client); + $query->execute('ou=People,dc=kanboard,dc=local', 'uid=my_user', array('displayname')); $this->assertFalse($query->hasResult()); } public function testExecuteQueryFailed() { + $this->client + ->expects($this->once()) + ->method('getConnection') + ->will($this->returnValue('my_ldap_resource')); + self::$functions ->expects($this->once()) ->method('ldap_search') @@ -130,8 +153,8 @@ class QueryTest extends \Base ) ->will($this->returnValue(false)); - $query = new Query; - $query->execute('my_ldap_resource', 'ou=People,dc=kanboard,dc=local', 'uid=my_user', array('displayname')); + $query = new Query($this->client); + $query->execute('ou=People,dc=kanboard,dc=local', 'uid=my_user', array('displayname')); $this->assertFalse($query->hasResult()); } } diff --git a/tests/units/Core/Ldap/UserTest.php b/tests/units/Core/Ldap/UserTest.php deleted file mode 100644 index 56cc588c..00000000 --- a/tests/units/Core/Ldap/UserTest.php +++ /dev/null @@ -1,95 +0,0 @@ -<?php - -namespace Kanboard\Core\Ldap; - -require_once __DIR__.'/../../Base.php'; - -class UserTest extends \Base -{ - public function testGetProfile() - { - $entries = array( - 'count' => 1, - 0 => array( - 'count' => 2, - 'dn' => 'uid=my_user,ou=People,dc=kanboard,dc=local', - 'displayname' => array( - 'count' => 1, - 0 => 'My LDAP user', - ), - 'mail' => array( - 'count' => 2, - 0 => 'user1@localhost', - 1 => 'user2@localhost', - ), - 'samaccountname' => array( - 'count' => 1, - 0 => 'my_ldap_user', - ), - 0 => 'displayname', - 1 => 'mail', - 2 => 'samaccountname', - ) - ); - - $expected = array( - 'ldap_id' => 'uid=my_user,ou=People,dc=kanboard,dc=local', - 'username' => 'my_ldap_user', - 'name' => 'My LDAP user', - 'email' => 'user1@localhost', - 'is_admin' => 0, - 'is_project_admin' => 0, - 'is_ldap_user' => 1, - ); - - $query = $this - ->getMockBuilder('\Kanboard\Core\Ldap\Query') - ->setConstructorArgs(array($entries)) - ->setMethods(array( - 'execute', - 'hasResult', - )) - ->getMock(); - - $query - ->expects($this->once()) - ->method('execute') - ->with( - $this->equalTo('my_ldap_resource'), - $this->equalTo('ou=People,dc=kanboard,dc=local'), - $this->equalTo('(uid=my_user)') - ); - - $query - ->expects($this->once()) - ->method('hasResult') - ->will($this->returnValue(true)); - - $user = $this - ->getMockBuilder('\Kanboard\Core\Ldap\User') - ->setConstructorArgs(array($query)) - ->setMethods(array( - 'getAttributeUsername', - 'getAttributeEmail', - 'getAttributeName', - )) - ->getMock(); - - $user - ->expects($this->any()) - ->method('getAttributeUsername') - ->will($this->returnValue('samaccountname')); - - $user - ->expects($this->any()) - ->method('getAttributeName') - ->will($this->returnValue('displayname')); - - $user - ->expects($this->any()) - ->method('getAttributeEmail') - ->will($this->returnValue('mail')); - - $this->assertEquals($expected, $user->getProfile('my_ldap_resource', 'ou=People,dc=kanboard,dc=local', '(uid=my_user)')); - } -} diff --git a/tests/units/Core/Security/AccessMapTest.php b/tests/units/Core/Security/AccessMapTest.php index ab74e036..61693ce8 100644 --- a/tests/units/Core/Security/AccessMapTest.php +++ b/tests/units/Core/Security/AccessMapTest.php @@ -6,17 +6,34 @@ use Kanboard\Core\Security\AccessMap; class AccessMapTest extends Base { - public function testGetRoles() + public function testRoleHierarchy() + { + $acl = new AccessMap; + $acl->setRoleHierarchy('admin', array('manager', 'user')); + $acl->setRoleHierarchy('manager', array('user')); + + $this->assertEquals(array('admin'), $acl->getRoleHierarchy('admin')); + $this->assertEquals(array('manager', 'admin'), $acl->getRoleHierarchy('manager')); + $this->assertEquals(array('user', 'admin', 'manager'), $acl->getRoleHierarchy('user')); + } + + public function testAddRulesAndGetRoles() { $acl = new AccessMap; $acl->setDefaultRole('role3'); - $acl->add('MyController', 'myAction1', array('role1', 'role2')); - $acl->add('MyController', 'myAction2', array('role1')); - $acl->add('MyAdminController', '*', array('role2')); + $acl->setRoleHierarchy('role2', array('role1')); + + $acl->add('MyController', 'myAction1', 'role2'); + $acl->add('MyController', 'myAction2', 'role1'); + $acl->add('MyAdminController', '*', 'role2'); + $acl->add('SomethingElse', array('actionA', 'actionB'), 'role2'); - $this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction1')); - $this->assertEquals(array('role1'), $acl->getRoles('mycontroller', 'MyAction2')); + $this->assertEquals(array('role2'), $acl->getRoles('mycontroller', 'MyAction1')); + $this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction2')); $this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction')); $this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound')); + $this->assertEquals(array('role2'), $acl->getRoles('somethingelse', 'actiona')); + $this->assertEquals(array('role2'), $acl->getRoles('somethingelse', 'actionb')); + $this->assertEquals(array('role3'), $acl->getRoles('somethingelse', 'actionc')); } } diff --git a/tests/units/Core/Security/AuthenticationManagerTest.php b/tests/units/Core/Security/AuthenticationManagerTest.php new file mode 100644 index 00000000..c2369626 --- /dev/null +++ b/tests/units/Core/Security/AuthenticationManagerTest.php @@ -0,0 +1,150 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Http\Request; +use Kanboard\Core\Security\AuthenticationManager; +use Kanboard\Auth\DatabaseAuth; +use Kanboard\Auth\TotpAuth; +use Kanboard\Auth\ReverseProxyAuth; + +class AuthenticationManagerTest extends Base +{ + public function testRegister() + { + $authManager = new AuthenticationManager($this->container); + $authManager->register(new DatabaseAuth($this->container)); + $provider = $authManager->getProvider('Database'); + + $this->assertInstanceOf('Kanboard\Core\Security\AuthenticationProviderInterface', $provider); + } + + public function testGetProviderNotFound() + { + $authManager = new AuthenticationManager($this->container); + $this->setExpectedException('LogicException'); + $authManager->getProvider('Dababase'); + } + + public function testGetPostProviderNotFound() + { + $authManager = new AuthenticationManager($this->container); + $this->setExpectedException('LogicException'); + $authManager->getPostAuthenticationProvider(); + } + + public function testGetPostProvider() + { + $authManager = new AuthenticationManager($this->container); + $authManager->register(new TotpAuth($this->container)); + $provider = $authManager->getPostAuthenticationProvider(); + + $this->assertInstanceOf('Kanboard\Core\Security\PostAuthenticationProviderInterface', $provider); + } + + public function testCheckSessionWhenNobodyIsLogged() + { + $authManager = new AuthenticationManager($this->container); + $authManager->register(new DatabaseAuth($this->container)); + + $this->assertFalse($this->container['userSession']->isLogged()); + $this->assertTrue($authManager->checkCurrentSession()); + } + + public function testCheckSessionWhenSomeoneIsLogged() + { + $authManager = new AuthenticationManager($this->container); + $authManager->register(new DatabaseAuth($this->container)); + + $this->container['sessionStorage']->user = array('id' => 1); + + $this->assertTrue($this->container['userSession']->isLogged()); + $this->assertTrue($authManager->checkCurrentSession()); + } + + public function testCheckSessionWhenNotValid() + { + $authManager = new AuthenticationManager($this->container); + $authManager->register(new DatabaseAuth($this->container)); + + $this->container['sessionStorage']->user = array('id' => 2); + + $this->assertTrue($this->container['userSession']->isLogged()); + $this->assertFalse($authManager->checkCurrentSession()); + $this->assertFalse($this->container['userSession']->isLogged()); + } + + public function testPreAuthenticationSuccessful() + { + $this->container['request'] = new Request($this->container, array(REVERSE_PROXY_USER_HEADER => 'admin')); + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess')); + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure')); + + $authManager = new AuthenticationManager($this->container); + $authManager->register(new ReverseProxyAuth($this->container)); + + $this->assertTrue($authManager->preAuthentication()); + + $called = $this->container['dispatcher']->getCalledListeners(); + $this->assertArrayHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called); + $this->assertArrayNotHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called); + } + + public function testPreAuthenticationFailed() + { + $this->container['request'] = new Request($this->container, array(REVERSE_PROXY_USER_HEADER => '')); + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess')); + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure')); + + $authManager = new AuthenticationManager($this->container); + $authManager->register(new ReverseProxyAuth($this->container)); + + $this->assertFalse($authManager->preAuthentication()); + + $called = $this->container['dispatcher']->getCalledListeners(); + $this->assertArrayNotHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called); + $this->assertArrayNotHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called); + } + + public function testPasswordAuthenticationSuccessful() + { + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess')); + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure')); + + $authManager = new AuthenticationManager($this->container); + $authManager->register(new DatabaseAuth($this->container)); + + $this->assertTrue($authManager->passwordAuthentication('admin', 'admin')); + + $called = $this->container['dispatcher']->getCalledListeners(); + $this->assertArrayHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called); + $this->assertArrayNotHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called); + } + + public function testPasswordAuthenticationFailed() + { + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess')); + $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure')); + + $authManager = new AuthenticationManager($this->container); + $authManager->register(new DatabaseAuth($this->container)); + + $this->assertFalse($authManager->passwordAuthentication('admin', 'wrong password')); + + $called = $this->container['dispatcher']->getCalledListeners(); + $this->assertArrayNotHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called); + $this->assertArrayHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called); + } + + public function onSuccess($event) + { + $this->assertInstanceOf('Kanboard\Event\AuthSuccessEvent', $event); + $this->assertTrue(in_array($event->getAuthType(), array('Database', 'ReverseProxy'))); + } + + public function onFailure($event) + { + $this->assertInstanceOf('Kanboard\Event\AuthFailureEvent', $event); + $this->assertEquals('admin', $event->getUsername()); + } +} diff --git a/tests/units/Core/Security/AuthorizationTest.php b/tests/units/Core/Security/AuthorizationTest.php index ffeb3741..70561ad8 100644 --- a/tests/units/Core/Security/AuthorizationTest.php +++ b/tests/units/Core/Security/AuthorizationTest.php @@ -12,17 +12,28 @@ class AuthorizationTest extends Base { $acl = new AccessMap; $acl->setDefaultRole(Role::APP_USER); - $acl->add('MyController', 'myAction1', array(Role::APP_ADMIN, Role::APP_MANAGER)); - $acl->add('MyController', 'myAction2', array(Role::APP_ADMIN)); - $acl->add('MyAdminController', '*', array(Role::APP_MANAGER)); + $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER)); + $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER)); + + $acl->add('MyController', 'myAction1', Role::APP_MANAGER); + $acl->add('MyController', 'myAction2', Role::APP_ADMIN); + $acl->add('MyManagerController', '*', Role::APP_MANAGER); $authorization = new Authorization($acl); + $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN)); $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER)); $this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER)); - $this->assertTrue($authorization->isAllowed('anotherController', 'anotherAction', Role::APP_USER)); - $this->assertTrue($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_MANAGER)); - $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_ADMIN)); - $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', 'something else')); + $this->assertFalse($authorization->isAllowed('myController', 'myAction1', 'something else')); + + $this->assertTrue($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_ADMIN)); + $this->assertTrue($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_MANAGER)); + $this->assertFalse($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_USER)); + $this->assertFalse($authorization->isAllowed('MyManagerController', 'myAction', 'something else')); + + $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_ADMIN)); + $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_MANAGER)); + $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_USER)); + $this->assertFalse($authorization->isAllowed('MyUserController', 'myAction', 'something else')); } } diff --git a/tests/units/Core/User/GroupSyncTest.php b/tests/units/Core/User/GroupSyncTest.php new file mode 100644 index 00000000..e22b86d4 --- /dev/null +++ b/tests/units/Core/User/GroupSyncTest.php @@ -0,0 +1,30 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\User\GroupSync; +use Kanboard\Model\Group; +use Kanboard\Model\GroupMember; + +class GroupSyncTest extends Base +{ + public function testSynchronize() + { + $group = new Group($this->container); + $groupMember = new GroupMember($this->container); + $groupSync = new GroupSync($this->container); + + $this->assertEquals(1, $group->create('My Group 1', 'externalId1')); + $this->assertEquals(2, $group->create('My Group 2', 'externalId2')); + + $this->assertTrue($groupMember->addUser(1, 1)); + + $this->assertTrue($groupMember->isMember(1, 1)); + $this->assertFalse($groupMember->isMember(2, 1)); + + $groupSync->synchronize(1, array('externalId1', 'externalId2', 'externalId3')); + + $this->assertTrue($groupMember->isMember(1, 1)); + $this->assertTrue($groupMember->isMember(2, 1)); + } +} diff --git a/tests/units/Core/User/UserProfileTest.php b/tests/units/Core/User/UserProfileTest.php new file mode 100644 index 00000000..4886a945 --- /dev/null +++ b/tests/units/Core/User/UserProfileTest.php @@ -0,0 +1,63 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Security\Role; +use Kanboard\Core\User\UserProfile; +use Kanboard\User\LdapUserProvider; +use Kanboard\User\DatabaseUserProvider; + +class UserProfileTest extends Base +{ + public function testInitializeLocalUser() + { + $userProfile = new UserProfile($this->container); + $user = new DatabaseUserProvider(array('id' => 1)); + + $this->assertTrue($userProfile->initialize($user)); + $this->assertNotEmpty($this->container['sessionStorage']->user); + $this->assertEquals('admin', $this->container['sessionStorage']->user['username']); + } + + public function testInitializeLocalUserNotFound() + { + $userProfile = new UserProfile($this->container); + $user = new DatabaseUserProvider(array('id' => 2)); + + $this->assertFalse($userProfile->initialize($user)); + $this->assertFalse(isset($this->container['sessionStorage']->user)); + } + + public function testInitializeRemoteUser() + { + $userProfile = new UserProfile($this->container); + $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); + + $this->assertTrue($userProfile->initialize($user)); + $this->assertNotEmpty($this->container['sessionStorage']->user); + $this->assertEquals(2, $this->container['sessionStorage']->user['id']); + $this->assertEquals('bob', $this->container['sessionStorage']->user['username']); + $this->assertEquals(Role::APP_MANAGER, $this->container['sessionStorage']->user['role']); + + $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); + + $this->assertTrue($userProfile->initialize($user)); + $this->assertNotEmpty($this->container['sessionStorage']->user); + $this->assertEquals(2, $this->container['sessionStorage']->user['id']); + $this->assertEquals('bob', $this->container['sessionStorage']->user['username']); + } + + public function testAssignRemoteUser() + { + $userProfile = new UserProfile($this->container); + $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); + + $this->assertTrue($userProfile->assign(1, $user)); + $this->assertNotEmpty($this->container['sessionStorage']->user); + $this->assertEquals(1, $this->container['sessionStorage']->user['id']); + $this->assertEquals('admin', $this->container['sessionStorage']->user['username']); + $this->assertEquals('Bob', $this->container['sessionStorage']->user['name']); + $this->assertEquals('', $this->container['sessionStorage']->user['email']); + $this->assertEquals(Role::APP_ADMIN, $this->container['sessionStorage']->user['role']); + } +} diff --git a/tests/units/Core/User/UserPropertyTest.php b/tests/units/Core/User/UserPropertyTest.php new file mode 100644 index 00000000..170eab4c --- /dev/null +++ b/tests/units/Core/User/UserPropertyTest.php @@ -0,0 +1,60 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Security\Role; +use Kanboard\Core\User\UserProperty; +use Kanboard\User\LdapUserProvider; + +class UserPropertyTest extends Base +{ + public function testGetProperties() + { + $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_USER, array()); + + $expected = array( + 'username' => 'bob', + 'name' => 'Bob', + 'role' => Role::APP_USER, + 'is_ldap_user' => 1, + ); + + $this->assertEquals($expected, UserProperty::getProperties($user)); + + $user = new LdapUserProvider('ldapId', 'bob', '', '', '', array()); + + $expected = array( + 'username' => 'bob', + 'is_ldap_user' => 1, + ); + + $this->assertEquals($expected, UserProperty::getProperties($user)); + } + + public function testFilterProperties() + { + $profile = array( + 'id' => 123, + 'username' => 'bob', + 'name' => null, + 'email' => '', + 'other_column' => 'myvalue', + 'role' => Role::APP_ADMIN, + ); + + $properties = array( + 'external_id' => '456', + 'username' => 'bobby', + 'name' => 'Bobby', + 'email' => 'admin@localhost', + 'role' => '', + ); + + $expected = array( + 'name' => 'Bobby', + 'email' => 'admin@localhost', + ); + + $this->assertEquals($expected, UserProperty::filterProperties($profile, $properties)); + } +} diff --git a/tests/units/Core/User/UserSessionTest.php b/tests/units/Core/User/UserSessionTest.php new file mode 100644 index 00000000..64413f98 --- /dev/null +++ b/tests/units/Core/User/UserSessionTest.php @@ -0,0 +1,144 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\User\UserSession; +use Kanboard\Core\Security\Role; + +class UserSessionTest extends Base +{ + public function testInitialize() + { + $us = new UserSession($this->container); + + $user = array( + 'id' => '123', + 'username' => 'john', + 'password' => 'something', + 'twofactor_secret' => 'something else', + 'is_admin' => '1', + 'is_project_admin' => '0', + 'is_ldap_user' => '0', + 'twofactor_activated' => '0', + 'role' => Role::APP_MANAGER, + ); + + $us->initialize($user); + + $session = $this->container['sessionStorage']->getAll(); + + $this->assertNotEmpty($session); + $this->assertEquals(123, $session['user']['id']); + $this->assertEquals('john', $session['user']['username']); + $this->assertEquals(Role::APP_MANAGER, $session['user']['role']); + $this->assertFalse($session['user']['is_ldap_user']); + $this->assertFalse($session['user']['twofactor_activated']); + $this->assertArrayNotHasKey('password', $session['user']); + $this->assertArrayNotHasKey('twofactor_secret', $session['user']); + $this->assertArrayNotHasKey('is_admin', $session['user']); + $this->assertArrayNotHasKey('is_project_admin', $session['user']); + + $this->assertEquals('john', $us->getUsername()); + } + + public function testGetId() + { + $us = new UserSession($this->container); + + $this->assertEquals(0, $us->getId()); + + $this->container['sessionStorage']->user = array('id' => 2); + $this->assertEquals(2, $us->getId()); + + $this->container['sessionStorage']->user = array('id' => '2'); + $this->assertEquals(2, $us->getId()); + } + + public function testIsLogged() + { + $us = new UserSession($this->container); + + $this->assertFalse($us->isLogged()); + + $this->container['sessionStorage']->user = array(); + $this->assertFalse($us->isLogged()); + + $this->container['sessionStorage']->user = array('id' => 1); + $this->assertTrue($us->isLogged()); + } + + public function testIsAdmin() + { + $us = new UserSession($this->container); + + $this->assertFalse($us->isAdmin()); + + $this->container['sessionStorage']->user = array('role' => Role::APP_ADMIN); + $this->assertTrue($us->isAdmin()); + + $this->container['sessionStorage']->user = array('role' => Role::APP_USER); + $this->assertFalse($us->isAdmin()); + + $this->container['sessionStorage']->user = array('role' => ''); + $this->assertFalse($us->isAdmin()); + } + + public function testCommentSorting() + { + $us = new UserSession($this->container); + $this->assertEquals('ASC', $us->getCommentSorting()); + + $us->setCommentSorting('DESC'); + $this->assertEquals('DESC', $us->getCommentSorting()); + } + + public function testBoardCollapseMode() + { + $us = new UserSession($this->container); + $this->assertFalse($us->isBoardCollapsed(2)); + + $us->setBoardDisplayMode(3, false); + $this->assertFalse($us->isBoardCollapsed(3)); + + $us->setBoardDisplayMode(3, true); + $this->assertTrue($us->isBoardCollapsed(3)); + } + + public function testFilters() + { + $us = new UserSession($this->container); + $this->assertEquals('status:open', $us->getFilters(1)); + + $us->setFilters(1, 'assignee:me'); + $this->assertEquals('assignee:me', $us->getFilters(1)); + + $this->assertEquals('status:open', $us->getFilters(2)); + + $us->setFilters(2, 'assignee:bob'); + $this->assertEquals('assignee:bob', $us->getFilters(2)); + } + + public function testPostAuthentication() + { + $us = new UserSession($this->container); + $this->assertFalse($us->isPostAuthenticationValidated()); + + $this->container['sessionStorage']->postAuthenticationValidated = false; + $this->assertFalse($us->isPostAuthenticationValidated()); + + $us->validatePostAuthentication(); + $this->assertTrue($us->isPostAuthenticationValidated()); + + $this->container['sessionStorage']->user = array(); + $this->assertFalse($us->hasPostAuthentication()); + + $this->container['sessionStorage']->user = array('twofactor_activated' => false); + $this->assertFalse($us->hasPostAuthentication()); + + $this->container['sessionStorage']->user = array('twofactor_activated' => true); + $this->assertTrue($us->hasPostAuthentication()); + + $us->disablePostAuthentication(); + $this->assertFalse($us->hasPostAuthentication()); + } +} diff --git a/tests/units/Core/User/UserSyncTest.php b/tests/units/Core/User/UserSyncTest.php new file mode 100644 index 00000000..e7ce42b2 --- /dev/null +++ b/tests/units/Core/User/UserSyncTest.php @@ -0,0 +1,55 @@ +<?php + +require_once __DIR__.'/../../Base.php'; + +use Kanboard\Core\Security\Role; +use Kanboard\Core\User\UserSync; +use Kanboard\User\LdapUserProvider; + +class UserSyncTest extends Base +{ + public function testSynchronizeNewUser() + { + $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); + $userSync = new UserSync($this->container); + + $profile = array( + 'id' => 2, + 'username' => 'bob', + 'name' => 'Bob', + 'email' => '', + 'role' => Role::APP_MANAGER, + 'is_ldap_user' => 1, + ); + + $this->assertArraySubset($profile, $userSync->synchronize($user)); + } + + public function testSynchronizeExistingUser() + { + $userSync = new UserSync($this->container); + $user = new LdapUserProvider('ldapId', 'admin', 'Admin', 'email@localhost', Role::APP_MANAGER, array()); + + $profile = array( + 'id' => 1, + 'username' => 'admin', + 'name' => 'Admin', + 'email' => 'email@localhost', + 'role' => Role::APP_MANAGER, + ); + + $this->assertArraySubset($profile, $userSync->synchronize($user)); + + $user = new LdapUserProvider('ldapId', 'admin', '', '', Role::APP_ADMIN, array()); + + $profile = array( + 'id' => 1, + 'username' => 'admin', + 'name' => 'Admin', + 'email' => 'email@localhost', + 'role' => Role::APP_ADMIN, + ); + + $this->assertArraySubset($profile, $userSync->synchronize($user)); + } +} |