1<?php 2 3namespace dokuwiki\plugin\pureldap\test; 4 5use dokuwiki\plugin\pureldap\classes\ADClient; 6 7/** 8 * General tests for the pureldap plugin 9 * 10 * @group plugin_pureldap 11 * @group plugins 12 */ 13class ADClientTest extends \DokuWikiTest 14{ 15 /** 16 * Create a client with default settings 17 * 18 * Optionally allows to override configs. 19 * 20 * All tests assume to be running against https://github.com/splitbrain/vagrant-active-directory 21 * 22 * @param array $conf 23 * @return ADClient 24 */ 25 protected function getClient($conf = []) 26 { 27 return new ADClient( 28 array_merge( 29 [ 30 'base_dn' => 'DC=example,DC=local', 31 'suffix' => 'example.local', 32 'servers' => ['localhost'], 33 'port' => 7389, // SSL: 7636 34 'admin_username' => 'vagrant', 35 'admin_password' => 'vagrant', 36 'encryption' => 'tls', 37 'validate' => 'self', 38 'attributes' => ['mobile'], 39 ], 40 $conf 41 ) 42 ); 43 } 44 45 /** 46 * Check user fetching 47 */ 48 public function testGetUser() 49 { 50 $expect = [ 51 'user' => 'a.legrand', 52 'name' => 'Amerigo Legrand', 53 'mail' => 'a.legrand@example.com', 54 'dn' => 'CN=Amerigo Legrand,CN=Users,DC=example,DC=local', 55 'grps' => [ 56 'beta', 57 'domain users', 58 'gamma nested', 59 'user', 60 ], 61 'expires' => false, 62 'mobile' => '+63 (483) 526-8809', 63 ]; 64 65 $client = $this->getClient(); 66 $user = $client->getUser('a.legrand@example.local'); 67 68 $this->assertGreaterThan(mktime(0,0,0,6,1,2023), $user['lastpwd'], 'lastpwd should be a timestamp'); 69 unset($user['lastpwd']); // we don't know the exact value, so we remove it for the comparison 70 $this->assertSame($expect, $user); 71 72 // access should work without the domain, too 73 $user = $client->getUser('a.legrand'); 74 unset($user['lastpwd']); 75 $this->assertSame($expect, $user); 76 77 // access should be case Insensitive 78 $user = $client->getUser('A.LeGrand'); 79 unset($user['lastpwd']); 80 $this->assertSame($expect, $user); 81 } 82 83 /** 84 * Check recursive groups 85 * 86 */ 87 public function testGetUserRecursiveGroups() 88 { 89 // User m.albro is member of 'gamma nested', which is in turn part of 'beta' 90 // thus the user should be part of both groups 91 $expect = [ 92 'beta', 93 'domain users', 94 'gamma nested', 95 'user', 96 ]; 97 98 $client = $this->getClient(['recursivegroups' => 1]); 99 $user = $client->getUser('m.albro@example.local'); 100 $this->assertSame($expect, $user['grps']); 101 } 102 103 /** 104 * Check getting all groups 105 */ 106 public function testGetGroups() 107 { 108 // to check paging, we set a super small page size 109 $client = $this->getClient(['page_size' => 2]); 110 111 $groups = $client->getGroups(); 112 $this->assertGreaterThan(3, count($groups)); 113 $this->assertContains('alpha', $groups); 114 $this->assertContains('beta', $groups); 115 $this->assertContains('gamma nested', $groups); 116 $this->assertContains('domain users', $groups); 117 } 118 119 /** 120 * Check getting filtered groups 121 */ 122 public function testGetGroupsFiltered() 123 { 124 // to check paging, we set a super small page size 125 $client = $this->getClient(['page_size' => 2]); 126 127 $groups = $client->getGroups('alpha', ADClient::FILTER_EQUAL); 128 $this->assertCount(1, $groups); 129 $this->assertSame(['alpha'], array_values($groups)); 130 } 131 132 public function testGetFilteredUsers() 133 { 134 // to check paging, we set a super small page size 135 $client = $this->getClient(['page_size' => 2]); 136 137 $users = $client->getFilteredUsers(['grps' => 'alpha'], ADClient::FILTER_EQUAL); 138 $this->assertGreaterThan(20, count($users)); 139 $this->assertLessThan(150, count($users)); 140 141 $this->assertArrayHasKey('a.blaskett', $users, 'This user should be in alpha'); 142 $this->assertArrayNotHasKey('a.legrand', $users, 'This user is not in alpha'); 143 144 $users = $client->getFilteredUsers(['grps' => 'alpha', 'name' => 'Andras'], ADClient::FILTER_STARTSWITH); 145 $this->assertCount(1, $users); 146 147 // a group with a space 148 $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL); 149 $this->assertArrayHasKey('m.mcnevin', $users, 'This user should be in Gamma Nested'); 150 } 151 152 public function testGetFilteredUsersRecursiveGroups() 153 { 154 // User m.albro is member of 'gamma nested', which is in turn part of 'beta' 155 // thus the user should be part of both groups 156 157 $client = $this->getClient(['recursivegroups' => 1]); 158 159 $users = $client->getFilteredUsers(['grps' => 'beta'], ADClient::FILTER_EQUAL); 160 $this->assertArrayHasKey('m.albro', $users, 'user should be in beta'); 161 162 $users = $client->getFilteredUsers(['grps' => 'gamma nested'], ADClient::FILTER_EQUAL); 163 $this->assertArrayHasKey('m.albro', $users, 'user should be in gamma nested'); 164 } 165 166 public function testGetDomainUsers() 167 { 168 $client = $this->getClient(); 169 $users = $client->getFilteredUsers(['grps' => 'domain users'], ADClient::FILTER_EQUAL); 170 $this->assertGreaterThan(250, count($users)); 171 172 $users = $client->getFilteredUsers(['grps' => 'domain'], ADClient::FILTER_STARTSWITH); 173 $this->assertGreaterThan(250, count($users)); 174 } 175 176 public function testSetPassword() 177 { 178 $client = $this->getClient(); 179 // password is set as administrator 180 $this->assertTrue($client->setPassword('x.guiu', 'Shibol eTH876?!'), 'Password set as admin'); 181 182 // login as user 183 $this->assertTrue($client->authenticate('x.guiu', 'Shibol eTH876?!'), 'Password works'); 184 185 // set new pass as user 186 $this->assertTrue($client->setPassword('x.guiu', 'Fully New 1234??', 'Shibol eTH876?!'), 'Password as user'); 187 188 // login as user with new password 189 $this->assertTrue($client->authenticate('x.guiu', 'Fully New 1234??'), 'New Password works'); 190 191 // use new client for admin connection, and reset password back 192 $client = $this->getClient(); 193 $this->assertTrue($client->setPassword('x.guiu', 'Foo_b_ar123!'), 'Password set back as admin'); 194 } 195 196 public function testMaxPasswordAge() 197 { 198 $client = $this->getClient(); 199 $maxAge = $client->getMaxPasswordAge(false); 200 201 // convert to days 202 $maxAge = $maxAge / 60 / 60 / 24; 203 204 $this->assertEquals(42, $maxAge, 'Default password age is 42 days'); 205 } 206 207 /** 208 * Check that we can resolve nested groups (users are checked in @see test_getUserRecursiveGroups already) 209 */ 210// public function test_resolveRecursiveMembership() { 211// $client = $this->getClient(); 212// 213// /** @var \FreeDSx\Ldap\Search\Paging $result */ 214// $result = $this->callInaccessibleMethod( 215// $client, 216// 'resolveRecursiveMembership', 217// [['CN=beta,CN=Users,DC=example,DC=local'], 'memberOf'] 218// ); 219// $entries = $result->getEntries(); 220// $this->assertEquals(1, $entries->count()); 221// $this->assertEquals('Gamma Nested', ($entries->first()->get('name')->getValues())[0]); 222// } 223} 224