xref: /plugin/pureldap/_test/ADClientTest.php (revision 0f498d06932ad0cbbdcc8844b96d4913174c7968)
1<?php
2
3namespace dokuwiki\plugin\pureldap\test;
4
5use dokuwiki\plugin\pureldap\classes\ADClient;
6
7/**
8 * General tests for the pureldap plugin
9 *
10 * @group plugin_pureldap
11 * @group plugins
12 */
13class ADClientTest extends \DokuWikiTest
14{
15    /**
16     * Create a client with default settings
17     *
18     * Optionally allows to override configs.
19     *
20     * All tests assume to be running against https://github.com/splitbrain/vagrant-active-directory
21     *
22     * @param array $conf
23     * @return ADClient
24     */
25    protected function getClient($conf = [])
26    {
27        return new ADClient(
28            array_merge(
29                [
30                    'base_dn' => 'DC=example,DC=local',
31                    'suffix' => 'example.local',
32                    'servers' => ['localhost'],
33                    'port' => 7389, // SSL: 7636
34                    'admin_username' => 'vagrant',
35                    'admin_password' => 'vagrant',
36                    'encryption' => 'tls',
37                    'validate' => 'self',
38                    'attributes' => ['mobile'],
39                ],
40                $conf
41            )
42        );
43    }
44
45    /**
46     * Check user fetching
47     */
48    public function testGetUser()
49    {
50        $expect = [
51            'user' => 'a.legrand',
52            'name' => 'Amerigo Legrand',
53            'mail' => 'a.legrand@example.com',
54            'dn' => 'CN=Amerigo Legrand,CN=Users,DC=example,DC=local',
55            'grps' => [
56                'beta',
57                'domain users',
58                'gamma nested',
59                'user',
60            ],
61            'expires' => false,
62            'mobile' => '+63 (483) 526-8809',
63        ];
64
65        $client = $this->getClient();
66        $user = $client->getUser('a.legrand@example.local');
67
68        $this->assertGreaterThan(mktime(0,0,0,6,1,2023), $user['lastpwd'], 'lastpwd should be a timestamp');
69        unset($user['lastpwd']); // we don't know the exact value, so we remove it for the comparison
70        $this->assertSame($expect, $user);
71
72        // access should work without the domain, too
73        $user = $client->getUser('a.legrand');
74        unset($user['lastpwd']);
75        $this->assertSame($expect, $user);
76
77        // access should be case Insensitive
78        $user = $client->getUser('A.LeGrand');
79        unset($user['lastpwd']);
80        $this->assertSame($expect, $user);
81    }
82
83    /**
84     * Check recursive groups
85     *
86     */
87    public function testGetUserRecursiveGroups()
88    {
89        // User m.albro is member of 'gamma nested', which is in turn part of 'beta'
90        // thus the user should be part of both groups
91        $expect = [
92            'beta',
93            'domain users',
94            'gamma nested',
95            'user',
96        ];
97
98        $client = $this->getClient(['recursivegroups' => 1]);
99        $user = $client->getUser('m.albro@example.local');
100        $this->assertSame($expect, $user['grps']);
101    }
102
103    /**
104     * Check getting all groups
105     */
106    public function testGetGroups()
107    {
108        // to check paging, we set a super small page size
109        $client = $this->getClient(['page_size' => 2]);
110
111        $groups = $client->getGroups();
112        $this->assertGreaterThan(3, count($groups));
113        $this->assertContains('alpha', $groups);
114        $this->assertContains('beta', $groups);
115        $this->assertContains('gamma nested', $groups);
116        $this->assertContains('domain users', $groups);
117    }
118
119    /**
120     * Check getting filtered groups
121     */
122    public function testGetGroupsFiltered()
123    {
124        // to check paging, we set a super small page size
125        $client = $this->getClient(['page_size' => 2]);
126
127        $groups = $client->getGroups('alpha', ADClient::FILTER_EQUAL);
128        $this->assertCount(1, $groups);
129        $this->assertSame(['alpha'], array_values($groups));
130    }
131
132    public function testGetFilteredUsers()
133    {
134        // to check paging, we set a super small page size
135        $client = $this->getClient(['page_size' => 2]);
136
137        $users = $client->getFilteredUsers(['grps' => 'alpha'], ADClient::FILTER_EQUAL);
138        $this->assertGreaterThan(20, count($users));
139        $this->assertLessThan(150, count($users));
140
141        $this->assertArrayHasKey('a.blaskett', $users, 'This user should be in alpha');
142        $this->assertArrayNotHasKey('a.legrand', $users, 'This user is not in alpha');
143
144        $users = $client->getFilteredUsers(['grps' => 'alpha', 'name' => 'Andras'], ADClient::FILTER_STARTSWITH);
145        $this->assertCount(1, $users);
146
147        // a group with a space
148        $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL);
149        $this->assertArrayHasKey('m.mcnevin', $users, 'This user should be in Gamma Nested');
150    }
151
152    public function testGetFilteredUsersRecursiveGroups()
153    {
154        // User m.albro is member of 'gamma nested', which is in turn part of 'beta'
155        // thus the user should be part of both groups
156
157        $client = $this->getClient(['recursivegroups' => 1]);
158
159        $users = $client->getFilteredUsers(['grps' => 'beta'], ADClient::FILTER_EQUAL);
160        $this->assertArrayHasKey('m.albro', $users, 'user should be in beta');
161
162        $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL);
163        $this->assertArrayHasKey('m.albro', $users, 'user should be in gamma nested');
164    }
165
166    public function testGetDomainUsers()
167    {
168        $client = $this->getClient();
169        $users = $client->getFilteredUsers(['grps' => 'domain users'], ADClient::FILTER_EQUAL);
170        $this->assertGreaterThan(250, count($users));
171
172        $users = $client->getFilteredUsers(['grps' => 'domain'], ADClient::FILTER_STARTSWITH);
173        $this->assertGreaterThan(250, count($users));
174    }
175
176    public function testSetPassword()
177    {
178        $client = $this->getClient();
179        // password is set as administrator
180        $this->assertTrue($client->setPassword('x.guiu', 'Shibol eTH876?!'), 'Password set as admin');
181
182        // login as user
183        $this->assertTrue($client->authenticate('x.guiu', 'Shibol eTH876?!'), 'Password works');
184
185        // set new pass as user
186        $this->assertTrue($client->setPassword('x.guiu', 'Fully New 1234??', 'Shibol eTH876?!'), 'Password as user');
187
188        // login as user with new password
189        $this->assertTrue($client->authenticate('x.guiu', 'Fully New 1234??'), 'New Password works');
190
191        // use new client for admin connection, and reset password back
192        $client = $this->getClient();
193        $this->assertTrue($client->setPassword('x.guiu', 'Foo_b_ar123!'), 'Password set back as admin');
194    }
195
196    public function testMaxPasswordAge()
197    {
198        $client = $this->getClient();
199        $maxAge = $client->getMaxPasswordAge(false);
200
201        // convert to days
202        $maxAge = $maxAge / 60 / 60 / 24;
203
204        $this->assertEquals(42, $maxAge, 'Default password age is 42 days');
205    }
206
207    /**
208     * Check that we can resolve nested groups (users are checked in @see test_getUserRecursiveGroups already)
209     */
210//    public function test_resolveRecursiveMembership() {
211//        $client = $this->getClient();
212//
213//        /** @var \FreeDSx\Ldap\Search\Paging $result */
214//        $result = $this->callInaccessibleMethod(
215//            $client,
216//            'resolveRecursiveMembership',
217//            [['CN=beta,CN=Users,DC=example,DC=local'], 'memberOf']
218//        );
219//        $entries = $result->getEntries();
220//        $this->assertEquals(1, $entries->count());
221//        $this->assertEquals('Gamma Nested', ($entries->first()->get('name')->getValues())[0]);
222//    }
223}
224