1*08ace392SAndreas Gohr<?php 2*08ace392SAndreas Gohr 3*08ace392SAndreas Gohrnamespace dokuwiki\plugin\pureldap\test; 4*08ace392SAndreas Gohr 5*08ace392SAndreas Gohruse dokuwiki\plugin\pureldap\classes\ADClient; 6*08ace392SAndreas Gohr 7*08ace392SAndreas Gohr/** 8*08ace392SAndreas Gohr * General tests for the pureldap plugin 9*08ace392SAndreas Gohr * 10*08ace392SAndreas Gohr * @group plugin_pureldap 11*08ace392SAndreas Gohr * @group plugins 12*08ace392SAndreas Gohr */ 13*08ace392SAndreas Gohrclass ADClientTest extends \DokuWikiTest 14*08ace392SAndreas Gohr{ 15*08ace392SAndreas Gohr /** 16*08ace392SAndreas Gohr * Create a client with default settings 17*08ace392SAndreas Gohr * 18*08ace392SAndreas Gohr * Optionally allows to override configs. 19*08ace392SAndreas Gohr * 20*08ace392SAndreas Gohr * All tests assume to be running against https://github.com/splitbrain/vagrant-active-directory 21*08ace392SAndreas Gohr * 22*08ace392SAndreas Gohr * @param array $conf 23*08ace392SAndreas Gohr * @return ADClient 24*08ace392SAndreas Gohr */ 25*08ace392SAndreas Gohr protected function getClient($conf = []) 26*08ace392SAndreas Gohr { 27*08ace392SAndreas Gohr return new ADClient( 28*08ace392SAndreas Gohr array_merge( 29*08ace392SAndreas Gohr [ 30*08ace392SAndreas Gohr 'base_dn' => 'DC=example,DC=local', 31*08ace392SAndreas Gohr 'suffix' => 'example.local', 32*08ace392SAndreas Gohr 'servers' => ['localhost'], 33*08ace392SAndreas Gohr 'port' => 7389, // SSL: 7636 34*08ace392SAndreas Gohr 'admin_username' => 'vagrant', 35*08ace392SAndreas Gohr 'admin_password' => 'vagrant', 36*08ace392SAndreas Gohr 'encryption' => 'tls', 37*08ace392SAndreas Gohr 'validate' => 'self', 38*08ace392SAndreas Gohr 'attributes' => ['mobile'], 39*08ace392SAndreas Gohr ], 40*08ace392SAndreas Gohr $conf 41*08ace392SAndreas Gohr ) 42*08ace392SAndreas Gohr ); 43*08ace392SAndreas Gohr } 44*08ace392SAndreas Gohr 45*08ace392SAndreas Gohr /** 46*08ace392SAndreas Gohr * Check user fetching 47*08ace392SAndreas Gohr */ 48*08ace392SAndreas Gohr public function testGetUser() 49*08ace392SAndreas Gohr { 50*08ace392SAndreas Gohr $expect = [ 51*08ace392SAndreas Gohr 'user' => 'a.legrand', 52*08ace392SAndreas Gohr 'name' => 'Amerigo Legrand', 53*08ace392SAndreas Gohr 'mail' => 'a.legrand@example.com', 54*08ace392SAndreas Gohr 'dn' => 'CN=Amerigo Legrand,CN=Users,DC=example,DC=local', 55*08ace392SAndreas Gohr 'grps' => [ 56*08ace392SAndreas Gohr 'beta', 57*08ace392SAndreas Gohr 'domain users', 58*08ace392SAndreas Gohr 'gamma nested', 59*08ace392SAndreas Gohr 'user', 60*08ace392SAndreas Gohr ], 61*08ace392SAndreas Gohr 'mobile' => '+63 (483) 526-8809', 62*08ace392SAndreas Gohr ]; 63*08ace392SAndreas Gohr 64*08ace392SAndreas Gohr $client = $this->getClient(); 65*08ace392SAndreas Gohr $user = $client->getUser('a.legrand@example.local'); 66*08ace392SAndreas Gohr $this->assertSame($expect, $user); 67*08ace392SAndreas Gohr 68*08ace392SAndreas Gohr // access should work without the domain, too 69*08ace392SAndreas Gohr $user = $client->getUser('a.legrand'); 70*08ace392SAndreas Gohr $this->assertSame($expect, $user); 71*08ace392SAndreas Gohr 72*08ace392SAndreas Gohr // access should be case Insensitive 73*08ace392SAndreas Gohr $user = $client->getUser('A.LeGrand'); 74*08ace392SAndreas Gohr $this->assertSame($expect, $user); 75*08ace392SAndreas Gohr } 76*08ace392SAndreas Gohr 77*08ace392SAndreas Gohr /** 78*08ace392SAndreas Gohr * Check recursive groups 79*08ace392SAndreas Gohr * 80*08ace392SAndreas Gohr */ 81*08ace392SAndreas Gohr public function testGetUserRecursiveGroups() 82*08ace392SAndreas Gohr { 83*08ace392SAndreas Gohr // User m.albro is member of 'gamma nested', which is in turn part of 'beta' 84*08ace392SAndreas Gohr // thus the user should be part of both groups 85*08ace392SAndreas Gohr $expect = [ 86*08ace392SAndreas Gohr 'beta', 87*08ace392SAndreas Gohr 'domain users', 88*08ace392SAndreas Gohr 'gamma nested', 89*08ace392SAndreas Gohr 'user', 90*08ace392SAndreas Gohr ]; 91*08ace392SAndreas Gohr 92*08ace392SAndreas Gohr $client = $this->getClient(['recursivegroups' => 1]); 93*08ace392SAndreas Gohr $user = $client->getUser('m.albro@example.local'); 94*08ace392SAndreas Gohr $this->assertSame($expect, $user['grps']); 95*08ace392SAndreas Gohr } 96*08ace392SAndreas Gohr 97*08ace392SAndreas Gohr /** 98*08ace392SAndreas Gohr * Check getting all groups 99*08ace392SAndreas Gohr */ 100*08ace392SAndreas Gohr public function testGetGroups() 101*08ace392SAndreas Gohr { 102*08ace392SAndreas Gohr // to check paging, we set a super small page size 103*08ace392SAndreas Gohr $client = $this->getClient(['page_size' => 2]); 104*08ace392SAndreas Gohr 105*08ace392SAndreas Gohr $groups = $client->getGroups(); 106*08ace392SAndreas Gohr $this->assertGreaterThan(3, count($groups)); 107*08ace392SAndreas Gohr $this->assertContains('alpha', $groups); 108*08ace392SAndreas Gohr $this->assertContains('beta', $groups); 109*08ace392SAndreas Gohr $this->assertContains('gamma nested', $groups); 110*08ace392SAndreas Gohr $this->assertContains('domain users', $groups); 111*08ace392SAndreas Gohr } 112*08ace392SAndreas Gohr 113*08ace392SAndreas Gohr /** 114*08ace392SAndreas Gohr * Check getting filtered groups 115*08ace392SAndreas Gohr */ 116*08ace392SAndreas Gohr public function testGetGroupsFiltered() 117*08ace392SAndreas Gohr { 118*08ace392SAndreas Gohr // to check paging, we set a super small page size 119*08ace392SAndreas Gohr $client = $this->getClient(['page_size' => 2]); 120*08ace392SAndreas Gohr 121*08ace392SAndreas Gohr $groups = $client->getGroups('alpha', ADClient::FILTER_EQUAL); 122*08ace392SAndreas Gohr $this->assertCount(1, $groups); 123*08ace392SAndreas Gohr $this->assertSame(['alpha'], array_values($groups)); 124*08ace392SAndreas Gohr } 125*08ace392SAndreas Gohr 126*08ace392SAndreas Gohr public function testGetFilteredUsers() 127*08ace392SAndreas Gohr { 128*08ace392SAndreas Gohr // to check paging, we set a super small page size 129*08ace392SAndreas Gohr $client = $this->getClient(['page_size' => 2]); 130*08ace392SAndreas Gohr 131*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'alpha'], ADClient::FILTER_EQUAL); 132*08ace392SAndreas Gohr $this->assertGreaterThan(20, count($users)); 133*08ace392SAndreas Gohr $this->assertLessThan(150, count($users)); 134*08ace392SAndreas Gohr 135*08ace392SAndreas Gohr $this->assertArrayHasKey('a.blaskett', $users, 'This user should be in alpha'); 136*08ace392SAndreas Gohr $this->assertArrayNotHasKey('a.legrand', $users, 'This user is not in alpha'); 137*08ace392SAndreas Gohr 138*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'alpha', 'name' => 'Andras'], ADClient::FILTER_STARTSWITH); 139*08ace392SAndreas Gohr $this->assertCount(1, $users); 140*08ace392SAndreas Gohr 141*08ace392SAndreas Gohr // a group with a space 142*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL); 143*08ace392SAndreas Gohr $this->assertArrayHasKey('m.mcnevin', $users, 'This user should be in Gamma Nested'); 144*08ace392SAndreas Gohr } 145*08ace392SAndreas Gohr 146*08ace392SAndreas Gohr public function testGetFilteredUsersRecursiveGroups() 147*08ace392SAndreas Gohr { 148*08ace392SAndreas Gohr // User m.albro is member of 'gamma nested', which is in turn part of 'beta' 149*08ace392SAndreas Gohr // thus the user should be part of both groups 150*08ace392SAndreas Gohr 151*08ace392SAndreas Gohr $client = $this->getClient(['recursivegroups' => 1]); 152*08ace392SAndreas Gohr 153*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'beta'], ADClient::FILTER_EQUAL); 154*08ace392SAndreas Gohr $this->assertArrayHasKey('m.albro', $users, 'user should be in beta'); 155*08ace392SAndreas Gohr 156*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL); 157*08ace392SAndreas Gohr $this->assertArrayHasKey('m.albro', $users, 'user should be in gamma nested'); 158*08ace392SAndreas Gohr } 159*08ace392SAndreas Gohr 160*08ace392SAndreas Gohr public function testGetDomainUsers() 161*08ace392SAndreas Gohr { 162*08ace392SAndreas Gohr $client = $this->getClient(); 163*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'domain users'], ADClient::FILTER_EQUAL); 164*08ace392SAndreas Gohr $this->assertGreaterThan(250, count($users)); 165*08ace392SAndreas Gohr 166*08ace392SAndreas Gohr $users = $client->getFilteredUsers(['grps' => 'domain'], ADClient::FILTER_STARTSWITH); 167*08ace392SAndreas Gohr $this->assertGreaterThan(250, count($users)); 168*08ace392SAndreas Gohr } 169*08ace392SAndreas Gohr 170*08ace392SAndreas Gohr public function testSetPassword() 171*08ace392SAndreas Gohr { 172*08ace392SAndreas Gohr $client = $this->getClient(); 173*08ace392SAndreas Gohr // password is set as administrator 174*08ace392SAndreas Gohr $this->assertTrue($client->setPassword('x.guiu', 'Shibol eTH876?!'), 'Password set as admin'); 175*08ace392SAndreas Gohr 176*08ace392SAndreas Gohr // login as user 177*08ace392SAndreas Gohr $this->assertTrue($client->authenticate('x.guiu', 'Shibol eTH876?!'), 'Password works'); 178*08ace392SAndreas Gohr 179*08ace392SAndreas Gohr // set new pass as user 180*08ace392SAndreas Gohr $this->assertTrue($client->setPassword('x.guiu', 'Fully New 1234??', 'Shibol eTH876?!'), 'Password as user'); 181*08ace392SAndreas Gohr 182*08ace392SAndreas Gohr // login as user with new password 183*08ace392SAndreas Gohr $this->assertTrue($client->authenticate('x.guiu', 'Fully New 1234??'), 'New Password works'); 184*08ace392SAndreas Gohr 185*08ace392SAndreas Gohr // use new client for admin connection, and reset password back 186*08ace392SAndreas Gohr $client = $this->getClient(); 187*08ace392SAndreas Gohr $this->assertTrue($client->setPassword('x.guiu', 'Foo_b_ar123!'), 'Password set back as admin'); 188*08ace392SAndreas Gohr } 189*08ace392SAndreas Gohr 190*08ace392SAndreas Gohr /** 191*08ace392SAndreas Gohr * Check that we can resolve nested groups (users are checked in @see test_getUserRecursiveGroups already) 192*08ace392SAndreas Gohr */ 193*08ace392SAndreas Gohr// public function test_resolveRecursiveMembership() { 194*08ace392SAndreas Gohr// $client = $this->getClient(); 195*08ace392SAndreas Gohr// 196*08ace392SAndreas Gohr// /** @var \FreeDSx\Ldap\Search\Paging $result */ 197*08ace392SAndreas Gohr// $result = $this->callInaccessibleMethod( 198*08ace392SAndreas Gohr// $client, 199*08ace392SAndreas Gohr// 'resolveRecursiveMembership', 200*08ace392SAndreas Gohr// [['CN=beta,CN=Users,DC=example,DC=local'], 'memberOf'] 201*08ace392SAndreas Gohr// ); 202*08ace392SAndreas Gohr// $entries = $result->getEntries(); 203*08ace392SAndreas Gohr// $this->assertEquals(1, $entries->count()); 204*08ace392SAndreas Gohr// $this->assertEquals('Gamma Nested', ($entries->first()->get('name')->getValues())[0]); 205*08ace392SAndreas Gohr// } 206*08ace392SAndreas Gohr} 207