xref: /plugin/pureldap/_test/ADClientTest.php (revision 08ace392be71b69ddc8b1eda246fad47272b7606) 
1<?php
2
3namespace dokuwiki\plugin\pureldap\test;
4
5use dokuwiki\plugin\pureldap\classes\ADClient;
6
7/**
8 * General tests for the pureldap plugin
9 *
10 * @group plugin_pureldap
11 * @group plugins
12 */
13class ADClientTest extends \DokuWikiTest
14{
15    /**
16     * Create a client with default settings
17     *
18     * Optionally allows to override configs.
19     *
20     * All tests assume to be running against https://github.com/splitbrain/vagrant-active-directory
21     *
22     * @param array $conf
23     * @return ADClient
24     */
25    protected function getClient($conf = [])
26    {
27        return new ADClient(
28            array_merge(
29                [
30                    'base_dn' => 'DC=example,DC=local',
31                    'suffix' => 'example.local',
32                    'servers' => ['localhost'],
33                    'port' => 7389, // SSL: 7636
34                    'admin_username' => 'vagrant',
35                    'admin_password' => 'vagrant',
36                    'encryption' => 'tls',
37                    'validate' => 'self',
38                    'attributes' => ['mobile'],
39                ],
40                $conf
41            )
42        );
43    }
44
45    /**
46     * Check user fetching
47     */
48    public function testGetUser()
49    {
50        $expect = [
51            'user' => 'a.legrand',
52            'name' => 'Amerigo Legrand',
53            'mail' => 'a.legrand@example.com',
54            'dn' => 'CN=Amerigo Legrand,CN=Users,DC=example,DC=local',
55            'grps' => [
56                'beta',
57                'domain users',
58                'gamma nested',
59                'user',
60            ],
61            'mobile' => '+63 (483) 526-8809',
62        ];
63
64        $client = $this->getClient();
65        $user = $client->getUser('a.legrand@example.local');
66        $this->assertSame($expect, $user);
67
68        // access should work without the domain, too
69        $user = $client->getUser('a.legrand');
70        $this->assertSame($expect, $user);
71
72        // access should be case Insensitive
73        $user = $client->getUser('A.LeGrand');
74        $this->assertSame($expect, $user);
75    }
76
77    /**
78     * Check recursive groups
79     *
80     */
81    public function testGetUserRecursiveGroups()
82    {
83        // User m.albro is member of 'gamma nested', which is in turn part of 'beta'
84        // thus the user should be part of both groups
85        $expect = [
86            'beta',
87            'domain users',
88            'gamma nested',
89            'user',
90        ];
91
92        $client = $this->getClient(['recursivegroups' => 1]);
93        $user = $client->getUser('m.albro@example.local');
94        $this->assertSame($expect, $user['grps']);
95    }
96
97    /**
98     * Check getting all groups
99     */
100    public function testGetGroups()
101    {
102        // to check paging, we set a super small page size
103        $client = $this->getClient(['page_size' => 2]);
104
105        $groups = $client->getGroups();
106        $this->assertGreaterThan(3, count($groups));
107        $this->assertContains('alpha', $groups);
108        $this->assertContains('beta', $groups);
109        $this->assertContains('gamma nested', $groups);
110        $this->assertContains('domain users', $groups);
111    }
112
113    /**
114     * Check getting filtered groups
115     */
116    public function testGetGroupsFiltered()
117    {
118        // to check paging, we set a super small page size
119        $client = $this->getClient(['page_size' => 2]);
120
121        $groups = $client->getGroups('alpha', ADClient::FILTER_EQUAL);
122        $this->assertCount(1, $groups);
123        $this->assertSame(['alpha'], array_values($groups));
124    }
125
126    public function testGetFilteredUsers()
127    {
128        // to check paging, we set a super small page size
129        $client = $this->getClient(['page_size' => 2]);
130
131        $users = $client->getFilteredUsers(['grps' => 'alpha'], ADClient::FILTER_EQUAL);
132        $this->assertGreaterThan(20, count($users));
133        $this->assertLessThan(150, count($users));
134
135        $this->assertArrayHasKey('a.blaskett', $users, 'This user should be in alpha');
136        $this->assertArrayNotHasKey('a.legrand', $users, 'This user is not in alpha');
137
138        $users = $client->getFilteredUsers(['grps' => 'alpha', 'name' => 'Andras'], ADClient::FILTER_STARTSWITH);
139        $this->assertCount(1, $users);
140
141        // a group with a space
142        $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL);
143        $this->assertArrayHasKey('m.mcnevin', $users, 'This user should be in Gamma Nested');
144    }
145
146    public function testGetFilteredUsersRecursiveGroups()
147    {
148        // User m.albro is member of 'gamma nested', which is in turn part of 'beta'
149        // thus the user should be part of both groups
150
151        $client = $this->getClient(['recursivegroups' => 1]);
152
153        $users = $client->getFilteredUsers(['grps' => 'beta'], ADClient::FILTER_EQUAL);
154        $this->assertArrayHasKey('m.albro', $users, 'user should be in beta');
155
156        $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL);
157        $this->assertArrayHasKey('m.albro', $users, 'user should be in gamma nested');
158    }
159
160    public function testGetDomainUsers()
161    {
162        $client = $this->getClient();
163        $users = $client->getFilteredUsers(['grps' => 'domain users'], ADClient::FILTER_EQUAL);
164        $this->assertGreaterThan(250, count($users));
165
166        $users = $client->getFilteredUsers(['grps' => 'domain'], ADClient::FILTER_STARTSWITH);
167        $this->assertGreaterThan(250, count($users));
168    }
169
170    public function testSetPassword()
171    {
172        $client = $this->getClient();
173        // password is set as administrator
174        $this->assertTrue($client->setPassword('x.guiu', 'Shibol eTH876?!'), 'Password set as admin');
175
176        // login as user
177        $this->assertTrue($client->authenticate('x.guiu', 'Shibol eTH876?!'), 'Password works');
178
179        // set new pass as user
180        $this->assertTrue($client->setPassword('x.guiu', 'Fully New 1234??', 'Shibol eTH876?!'), 'Password as user');
181
182        // login as user with new password
183        $this->assertTrue($client->authenticate('x.guiu',  'Fully New 1234??'), 'New Password works');
184
185        // use new client for admin connection, and reset password back
186        $client = $this->getClient();
187        $this->assertTrue($client->setPassword('x.guiu', 'Foo_b_ar123!'), 'Password set back as admin');
188    }
189
190    /**
191     * Check that we can resolve nested groups (users are checked in @see test_getUserRecursiveGroups already)
192     */
193//    public function test_resolveRecursiveMembership() {
194//        $client = $this->getClient();
195//
196//        /** @var \FreeDSx\Ldap\Search\Paging $result */
197//        $result = $this->callInaccessibleMethod(
198//            $client,
199//            'resolveRecursiveMembership',
200//            [['CN=beta,CN=Users,DC=example,DC=local'], 'memberOf']
201//        );
202//        $entries = $result->getEntries();
203//        $this->assertEquals(1, $entries->count());
204//        $this->assertEquals('Gamma Nested', ($entries->first()->get('name')->getValues())[0]);
205//    }
206}
207