diff options
Diffstat (limited to 'apps/user_ldap/tests/Integration')
21 files changed, 1848 insertions, 0 deletions
diff --git a/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php b/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php new file mode 100644 index 00000000000..a736956ebf2 --- /dev/null +++ b/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php @@ -0,0 +1,137 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration; + +use OCA\User_LDAP\Access; +use OCA\User_LDAP\Connection; +use OCA\User_LDAP\LDAP; +use OCA\User_LDAP\User\Manager; + +abstract class AbstractIntegrationTest { + /** @var LDAP */ + protected $ldap; + + /** @var Connection */ + protected $connection; + + /** @var Access */ + protected $access; + + /** @var Manager */ + protected $userManager; + + /** @var string */ + protected $base; + + /** @var string[] */ + protected $server; + + public function __construct($host, $port, $bind, $pwd, $base) { + $this->base = $base; + $this->server = [ + 'host' => $host, + 'port' => $port, + 'dn' => $bind, + 'pwd' => $pwd + ]; + } + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + $this->initLDAPWrapper(); + $this->initConnection(); + $this->initUserManager(); + $this->initAccess(); + + } + + /** + * initializes the test LDAP wrapper + */ + protected function initLDAPWrapper() { + $this->ldap = new LDAP(); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + $this->connection = new Connection($this->ldap, '', null); + $this->connection->setConfiguration([ + 'ldapHost' => $this->server['host'], + 'ldapPort' => $this->server['port'], + 'ldapBase' => $this->base, + 'ldapAgentName' => $this->server['dn'], + 'ldapAgentPassword' => $this->server['pwd'], + 'ldapUserFilter' => 'objectclass=inetOrgPerson', + 'ldapUserDisplayName' => 'cn', + 'ldapGroupDisplayName' => 'cn', + 'ldapLoginFilter' => '(|(uid=%uid)(samaccountname=%uid))', + 'ldapCacheTTL' => 0, + 'ldapConfigurationActive' => 1, + ]); + } + + /** + * initializes an LDAP user manager instance + * @return Manager + */ + protected function initUserManager() { + $this->userManager = new FakeManager(); + } + + /** + * initializes the Access test instance + */ + protected function initAccess() { + $this->access = new Access($this->connection, $this->ldap, $this->userManager); + } + + /** + * runs the test cases while outputting progress and result information + * + * If a test failed, the script is exited with return code 1. + */ + public function run() { + $methods = get_class_methods($this); + $atLeastOneCaseRan = false; + foreach($methods as $method) { + if(strpos($method, 'case') === 0) { + print("running $method " . PHP_EOL); + if(!$this->$method()) { + print(PHP_EOL . '>>> !!! Test ' . $method . ' FAILED !!! <<<' . PHP_EOL . PHP_EOL); + exit(1); + } + $atLeastOneCaseRan = true; + } + } + if($atLeastOneCaseRan) { + print('Tests succeeded' . PHP_EOL); + } else { + print('No Test was available.' . PHP_EOL); + exit(1); + } + } +} diff --git a/apps/user_ldap/tests/Integration/ExceptionOnLostConnection.php b/apps/user_ldap/tests/Integration/ExceptionOnLostConnection.php new file mode 100644 index 00000000000..06c2585fb0b --- /dev/null +++ b/apps/user_ldap/tests/Integration/ExceptionOnLostConnection.php @@ -0,0 +1,195 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration; + + +use OC\ServerNotAvailableException; +use OCA\User_LDAP\LDAP; + +/** + * Class ExceptionOnLostConnection + * + * integration test, ensures that an exception is thrown, when the connection is lost. + * + * LDAP must be available via toxiproxy. + * + * This test must be run manually. + * + */ +class ExceptionOnLostConnection { + /** @var string */ + private $toxiProxyHost; + + /** @var string */ + private $toxiProxyName; + + /** @var string */ + private $ldapBase; + + /** @var string|null */ + private $ldapBindDN; + + /** @var string|null */ + private $ldapBindPwd; + + /** @var string */ + private $ldapHost; + + /** @var \OCA\User_LDAP\LDAP */ + private $ldap; + + /** @var bool */ + private $originalProxyState; + + /** + * @param string $proxyHost host of toxiproxy as url, like http://localhost:8474 + * @param string $proxyName name of the LDAP proxy service as configured in toxiProxy + * @param string $ldapBase any valid LDAP base DN + * @param null $bindDN optional, bind DN if anonymous bind is not possible + * @param null $bindPwd optional + */ + public function __construct($proxyHost, $proxyName, $ldapBase, $bindDN = null, $bindPwd = null) { + $this->toxiProxyHost = $proxyHost; + $this->toxiProxyName = $proxyName; + $this->ldapBase = $ldapBase; + $this->ldapBindDN = $bindDN; + $this->ldapBindPwd = $bindPwd; + + $this->setUp(); + } + + /** + * destructor + */ + public function __destruct() { + $this->cleanUp(); + } + + /** + * prepares everything for the test run. Includes loading ownCloud and + * the LDAP backend, as well as getting information about toxiproxy. + * Also creates an instance of the LDAP class, the testee + * + * @throws \Exception + */ + public function setUp() { + require_once __DIR__ . '/../../../../lib/base.php'; + \OC_App::loadApps('user_ldap'); + + $ch = $this->getCurl(); + $proxyInfoJson = curl_exec($ch); + $this->checkCurlResult($ch, $proxyInfoJson); + $proxyInfo = json_decode($proxyInfoJson, true); + $this->originalProxyState = $proxyInfo['enabled']; + $this->ldapHost = 'ldap://' . $proxyInfo['listen']; // contains port as well + + $this->ldap = new LDAP(); + } + + /** + * restores original state of the LDAP proxy, if necessary + */ + public function cleanUp() { + if($this->originalProxyState === true) { + $this->setProxyState(true); + } + } + + /** + * runs the test and prints the result. Exit code is 0 if successful, 1 on + * fail + */ + public function run() { + if($this->originalProxyState === false) { + $this->setProxyState(true); + } + //host contains port, 2nd parameter will be ignored + $cr = $this->ldap->connect($this->ldapHost, 0); + $this->ldap->bind($cr, $this->ldapBindDN, $this->ldapBindPwd); + $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', array('dn'), true, 5); + + // disable LDAP, will cause lost connection + $this->setProxyState(false); + try { + $this->ldap->search($cr, $this->ldapBase, 'objectClass=*', array('dn'), true, 5); + } catch (ServerNotAvailableException $e) { + print("Test PASSED" . PHP_EOL); + exit(0); + } + print("Test FAILED" . PHP_EOL); + exit(1); + } + + /** + * tests whether a curl operation ran successfully. If not, an exception + * is thrown + * + * @param resource $ch + * @param mixed $result + * @throws \Exception + */ + private function checkCurlResult($ch, $result) { + if($result === false) { + $error = curl_error($ch); + curl_close($ch); + throw new \Exception($error); + } + } + + /** + * enables or disabled the LDAP proxy service in toxiproxy + * + * @param bool $isEnabled whether is should be enabled or disables + * @throws \Exception + */ + private function setProxyState($isEnabled) { + if(!is_bool($isEnabled)) { + throw new \InvalidArgumentException('Bool expected'); + } + $postData = json_encode(['enabled' => $isEnabled]); + $ch = $this->getCurl(); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); + curl_setopt($ch, CURLOPT_HTTPHEADER, array( + 'Content-Type: application/json', + 'Content-Length: ' . strlen($postData)) + ); + $recvd = curl_exec($ch); + $this->checkCurlResult($ch, $recvd); + } + + /** + * initializes a curl handler towards the toxiproxy LDAP proxy service + * @return resource + */ + private function getCurl() { + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $this->toxiProxyHost . '/proxies/' . $this->toxiProxyName); + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + return $ch; + } +} + +$test = new ExceptionOnLostConnection('http://localhost:8474', 'ldap', 'dc=owncloud,dc=bzoc'); +$test->run(); + diff --git a/apps/user_ldap/tests/Integration/FakeManager.php b/apps/user_ldap/tests/Integration/FakeManager.php new file mode 100644 index 00000000000..11f270dba01 --- /dev/null +++ b/apps/user_ldap/tests/Integration/FakeManager.php @@ -0,0 +1,36 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration; + +/** + * Class FakeManager + * + * this is a mock of \OCA\User_LDAP\User\Manager which is a dependency of + * Access, that pulls plenty more things in. Because it is not needed in the + * scope of these tests, we replace it with a mock. + */ +class FakeManager extends \OCA\User_LDAP\User\Manager { + public function __construct() { + $this->ocConfig = \OC::$server->getConfig(); + $this->image = new \OCP\Image(); + } +} diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php new file mode 100644 index 00000000000..d058540bd4c --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php @@ -0,0 +1,122 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest { + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + require(__DIR__ . '/../setup-scripts/createExplicitGroups.php'); + require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php'); + parent::init(); + } + + /** + * tests whether the group filter works with one specific group, while the + * input is the same. + * + * @return bool + */ + protected function case1() { + $this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']); + + $dns = ['cn=RedGroup,ou=Groups,' . $this->base]; + $result = $this->access->groupsMatchFilter($dns); + return ($dns === $result); + } + + /** + * Tests whether a filter for limited groups is effective when more existing + * groups were passed for validation. + * + * @return bool + */ + protected function case2() { + $this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']); + + $dns = [ + 'cn=RedGroup,ou=Groups,' . $this->base, + 'cn=BlueGroup,ou=Groups,' . $this->base, + 'cn=PurpleGroup,ou=Groups,' . $this->base + ]; + $result = $this->access->groupsMatchFilter($dns); + + $status = + count($result) === 2 + && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result) + && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result); + + return $status; + } + + /** + * Tests whether a filter for limited groups is effective when more existing + * groups were passed for validation. + * + * @return bool + */ + protected function case3() { + $this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']); + + $dns = [ + 'cn=RedGroup,ou=Groups,' . $this->base, + 'cn=PurpleGroup,ou=Groups,' . $this->base, + 'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base + ]; + $result = $this->access->groupsMatchFilter($dns); + + $status = + count($result) === 2 + && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result) + && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result); + + return $status; + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapBaseGroups' => 'ou=Groups,' . $this->base, + 'ldapUserFilter' => 'objectclass=inetOrgPerson', + 'ldapUserDisplayName' => 'displayName', + 'ldapGroupDisplayName' => 'cn', + 'ldapLoginFilter' => 'uid=%uid', + ]); + } +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestBackupServer.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestBackupServer.php new file mode 100644 index 00000000000..6c3907eb062 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestBackupServer.php @@ -0,0 +1,117 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\User_LDAP; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestBackupServer extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $originalHost = $this->connection->ldapHost; + $originalPort = $this->connection->ldapPort; + $this->connection->setConfiguration([ + 'ldapHost' => 'qwertz.uiop', + 'ldapPort' => '32123', + 'ldap_backup_host' => $originalHost, + 'ldap_backup_port' => $originalPort, + ]); + } + + /** + * tests that a backup connection is being used when the main LDAP server + * is offline + * + * Beware: after starting docker, the LDAP host might not be ready yet, thus + * causing a false positive. Retry in that case… or increase the sleep time + * in run-test.sh + * + * @return bool + */ + protected function case1() { + try { + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return false; + } + return true; + } + + /** + * ensures that an exception is thrown if LDAP main server and LDAP backup + * server are not available + * + * @return bool + */ + protected function case2() { + // reset possible LDAP connection + $this->initConnection(); + try { + $this->connection->setConfiguration([ + 'ldap_backup_host' => 'qwertz.uiop', + 'ldap_backup_port' => '32123', + ]); + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return true; + } + return false; + } + + /** + * ensures that an exception is thrown if main LDAP server is down and a + * backup server is not given + * + * @return bool + */ + protected function case3() { + // reset possible LDAP connection + $this->initConnection(); + try { + $this->connection->setConfiguration([ + 'ldap_backup_host' => '', + 'ldap_backup_port' => '', + ]); + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return true; + } + return false; + } +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestBackupServer($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestBatchApplyUserAttributes.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestBatchApplyUserAttributes.php new file mode 100644 index 00000000000..89afcaa4b90 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestBatchApplyUserAttributes.php @@ -0,0 +1,72 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestBatchApplyUserAttributes extends AbstractIntegrationTest { + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + require(__DIR__ . '/../setup-scripts/createUsersWithoutDisplayName.php'); + parent::init(); + + $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection()); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapUserDisplayName' => 'displayname', + ]); + } + + /** + * indirectly tests whether batchApplyUserAttributes does it job properly, + * when a user without display name is included in the result set from LDAP. + * + * @return bool + */ + protected function case1() { + $result = $this->access->fetchListOfUsers('objectclass=person', 'dn'); + // on the original issue, PHP would emit a fatal error + // – cannot catch it here, but will render the test as unsuccessful + return is_array($result) && !empty($result); + } + +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestBatchApplyUserAttributes($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestConnect.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestConnect.php new file mode 100644 index 00000000000..fb6886189a6 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestConnect.php @@ -0,0 +1,165 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\User_LDAP; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestConnect extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** @var string */ + protected $host; + + /** @var int */ + protected $port; + + public function __construct($host, $port, $bind, $pwd, $base) { + // make sure host is a simple host name + if(strpos($host, '://') !== false) { + $host = substr_replace($host, '', 0, strpos($host, '://') + 3); + } + if(strpos($host, ':') !== false) { + $host = substr_replace($host, '', strpos($host, ':')); + } + $this->host = $host; + $this->port = $port; + parent::__construct($host, $port, $bind, $pwd, $base); + } + + /** + * test that a faulty host will does not connect successfully + * + * @return bool + */ + protected function case1() { + // reset possible LDAP connection + $this->initConnection(); + $this->connection->setConfiguration([ + 'ldapHost' => 'qwertz.uiop', + ]); + try { + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return true; + } + return false; + } + + /** + * tests that a connect succeeds when only a hostname is provided + * + * @return bool + */ + protected function case2() { + // reset possible LDAP connection + $this->initConnection(); + $this->connection->setConfiguration([ + 'ldapHost' => $this->host, + ]); + try { + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return false; + } + return true; + } + + /** + * tests that a connect succeeds when an LDAP URL is provided + * + * @return bool + */ + protected function case3() { + // reset possible LDAP connection + $this->initConnection(); + $this->connection->setConfiguration([ + 'ldapHost' => 'ldap://' . $this->host, + ]); + try { + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return false; + } + return true; + } + + /** + * tests that a connect succeeds when an LDAP URL with port is provided + * + * @return bool + */ + protected function case4() { + // reset possible LDAP connection + $this->initConnection(); + $this->connection->setConfiguration([ + 'ldapHost' => 'ldap://' . $this->host . ':' . $this->port, + ]); + try { + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return false; + } + return true; + } + + /** + * tests that a connect succeeds when a hostname with port is provided + * + * @return bool + */ + protected function case5() { + // reset possible LDAP connection + $this->initConnection(); + $this->connection->setConfiguration([ + 'ldapHost' => $this->host . ':' . $this->port, + ]); + try { + $this->connection->getConnectionResource(); + } catch (\OC\ServerNotAvailableException $e) { + return false; + } + return true; + } + + /** + * repeat case1, only to make sure that not a connection was reused by + * accident. + * + * @return bool + */ + protected function case6() { + return $this->case1(); + } +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestConnect($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestCountUsersByLoginName.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestCountUsersByLoginName.php new file mode 100644 index 00000000000..5a49ed165ab --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestCountUsersByLoginName.php @@ -0,0 +1,65 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestCountUsersByLoginName extends AbstractIntegrationTest { + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + } + + /** + * tests countUsersByLoginName where it is expected that the login name does + * not match any LDAP user + * + * @return bool + */ + protected function case1() { + $result = $this->access->countUsersByLoginName('nothere'); + return $result === 0; + } + + /** + * tests countUsersByLoginName where it is expected that the login name does + * match one LDAP user + * + * @return bool + */ + protected function case2() { + $result = $this->access->countUsersByLoginName('alice'); + return $result === 1; + } +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestCountUsersByLoginName($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestFetchUsersByLoginName.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestFetchUsersByLoginName.php new file mode 100644 index 00000000000..06aa2cea8fc --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestFetchUsersByLoginName.php @@ -0,0 +1,78 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\User_LDAP; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestFetchUsersByLoginName extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + + $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection()); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig()); + } + + /** + * tests fetchUserByLoginName where it is expected that the login name does + * not match any LDAP user + * + * @return bool + */ + protected function case1() { + $result = $this->access->fetchUsersByLoginName('nothere'); + return $result === []; + } + + /** + * tests fetchUserByLoginName where it is expected that the login name does + * match one LDAP user + * + * @return bool + */ + protected function case2() { + $result = $this->access->fetchUsersByLoginName('alice'); + return count($result) === 1; + } + +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestFetchUsersByLoginName($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php new file mode 100644 index 00000000000..72cc3e459b7 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php @@ -0,0 +1,80 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\User_LDAP; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestPaging extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + + $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig()); + } + + /** + * tests that paging works properly against a simple example (reading all + * of few users in smallest steps) + * + * @return bool + */ + protected function case1() { + $limit = 1; + $offset = 0; + + $filter = 'objectclass=inetorgperson'; + $attributes = ['cn', 'dn']; + $users = []; + do { + $result = $this->access->searchUsers($filter, $attributes, $limit, $offset); + foreach($result as $user) { + $users[] = $user['cn']; + } + $offset += $limit; + } while ($this->access->hasMoreResults()); + + if(count($users) === 2) { + return true; + } + + return false; + } +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestPaging($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestUserHome.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestUserHome.php new file mode 100644 index 00000000000..8538fd2f964 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestUserHome.php @@ -0,0 +1,173 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib; + +use OCA\User_LDAP\User\Manager as LDAPUserManager; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\User_LDAP; + +require_once __DIR__ . '/../../../../../lib/base.php'; + +class IntegrationTestUserHome extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** @var User_LDAP */ + protected $backend; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../setup-scripts/createExplicitUsers.php'); + parent::init(); + + $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection()); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $this->backend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig()); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'homeFolderNamingRule' => 'homeDirectory', + ]); + } + + /** + * initializes an LDAP user manager instance + * @return LDAPUserManager + */ + protected function initUserManager() { + $this->userManager = new LDAPUserManager( + \OC::$server->getConfig(), + new \OCA\User_LDAP\FilesystemHelper(), + new \OCA\User_LDAP\LogWrapper(), + \OC::$server->getAvatarManager(), + new \OCP\Image(), + \OC::$server->getDatabaseConnection(), + \OC::$server->getUserManager() + ); + } + + /** + * homeDirectory on LDAP is empty. Return values of getHome should be + * identical to user name, following ownCloud default. + * + * @return bool + */ + protected function case1() { + \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false); + $userManager = \OC::$server->getUserManager(); + $userManager->clearBackends(); + $userManager->registerBackend($this->backend); + $users = $userManager->search('', 5, 0); + + foreach($users as $user) { + $home = $user->getHome(); + $uid = $user->getUID(); + $posFound = strpos($home, '/' . $uid); + $posExpected = strlen($home) - (strlen($uid) + 1); + if($posFound === false || $posFound !== $posExpected) { + print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL); + return false; + } + } + + return true; + } + + /** + * homeDirectory on LDAP is empty. Having the attributes set is enforced. + * + * @return bool + */ + protected function case2() { + \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true); + $userManager = \oc::$server->getUserManager(); + // clearing backends is critical, otherwise the userManager will have + // the user objects cached and the value from case1 returned + $userManager->clearBackends(); + $userManager->registerBackend($this->backend); + $users = $userManager->search('', 5, 0); + + try { + foreach ($users as $user) { + $user->getHome(); + print('User home was retrieved without throwing an Exception!' . PHP_EOL); + return false; + } + } catch (\Exception $e) { + if(strpos($e->getMessage(), 'Home dir attribute') === 0) { + return true; + } + } + + return false; + } + + /** + * homeDirectory on LDAP is set to "attr:" which is effectively empty. + * Return values of getHome should be ownCloud default. + * + * @return bool + */ + protected function case3() { + \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true); + $this->connection->setConfiguration([ + 'homeFolderNamingRule' => 'attr:', + ]); + $userManager = \oc::$server->getUserManager(); + $userManager->clearBackends(); + $userManager->registerBackend($this->backend); + $users = $userManager->search('', 5, 0); + + try { + foreach ($users as $user) { + $home = $user->getHome(); + $uid = $user->getUID(); + $posFound = strpos($home, '/' . $uid); + $posExpected = strlen($home) - (strlen($uid) + 1); + if ($posFound === false || $posFound !== $posExpected) { + print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL); + return false; + } + } + } catch (\Exception $e) { + print("Unexpected Exception: " . $e->getMessage() . PHP_EOL); + return false; + } + + return true; + } +} + +require_once(__DIR__ . '/../setup-scripts/config.php'); +$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserAvatar.php b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserAvatar.php new file mode 100644 index 00000000000..5f555956ea2 --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserAvatar.php @@ -0,0 +1,152 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * @author Morris Jobke <hey@morrisjobke.de> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib\User; + +use OCA\User_LDAP\User\User; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; + +require_once __DIR__ . '/../../../../../../lib/base.php'; + +class IntegrationTestUserAvatar extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php'); + parent::init(); + $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection()); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $userBackend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig()); + \OC_User::useBackend($userBackend); + } + + /** + * A method that does the common steps of test cases 1 and 2. The evaluation + * is not happening here. + * + * @param string $dn + * @param string $username + * @param string $image + */ + private function execFetchTest($dn, $username, $image) { + $this->setJpegPhotoAttribute($dn, $image); + + // assigns our self-picked oc username to the dn + $this->mapping->map($dn, $username, 'fakeUUID-' . $username); + + // initialize home folder and make sure that the user will update + // also remove an possibly existing avatar + \OC_Util::tearDownFS(); + \OC_Util::setupFS($username); + \OC::$server->getUserFolder($username); + \OC::$server->getConfig()->deleteUserValue($username, 'user_ldap', User::USER_PREFKEY_LASTREFRESH); + if(\OC::$server->getAvatarManager()->getAvatar($username)->exists()) { + \OC::$server->getAvatarManager()->getAvatar($username)->remove(); + } + + // finally attempt to get the avatar set + $user = $this->userManager->get($dn); + $user->updateAvatar(); + } + + /** + * tests whether an avatar can be retrieved from LDAP and stored correctly + * + * @return bool + */ + protected function case1() { + $image = file_get_contents(__DIR__ . '/../../data/avatar-valid.jpg'); + $dn = 'uid=alice,ou=Users,' . $this->base; + $username = 'alice1337'; + + $this->execFetchTest($dn, $username, $image); + + return \OC::$server->getAvatarManager()->getAvatar($username)->exists(); + } + + /** + * tests whether an image received from LDAP which is of an invalid file + * type is dealt with properly (i.e. not set and not dying). + * + * @return bool + */ + protected function case2() { + // gif by Pmspinner from https://commons.wikimedia.org/wiki/File:Avatar2469_3.gif + $image = file_get_contents(__DIR__ . '/../../data/avatar-invalid.gif'); + $dn = 'uid=boris,ou=Users,' . $this->base; + $username = 'boris7844'; + + $this->execFetchTest($dn, $username, $image); + + return !\OC::$server->getAvatarManager()->getAvatar($username)->exists(); + } + + /** + * This writes an image to the 'jpegPhoto' attribute on LDAP. + * + * @param string $dn + * @param string $image An image read via file_get_contents + * @throws \OC\ServerNotAvailableException + */ + private function setJpegPhotoAttribute($dn, $image) { + $changeSet = ['jpegphoto' => $image]; + ldap_mod_add($this->connection->getConnectionResource(), $dn, $changeSet); + } + + protected function initUserManager() { + $this->userManager = new \OCA\User_LDAP\User\Manager( + \OC::$server->getConfig(), + new \OCA\User_LDAP\FilesystemHelper(), + new \OCA\User_LDAP\LogWrapper(), + \OC::$server->getAvatarManager(), + new \OCP\Image(), + \OC::$server->getDatabaseConnection(), + \OC::$server->getUserManager() + ); + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapUserFilter' => 'objectclass=inetOrgPerson', + 'ldapUserDisplayName' => 'displayName', + 'ldapGroupDisplayName' => 'cn', + 'ldapLoginFilter' => 'uid=%uid', + ]); + } +} + +require_once(__DIR__ . '/../../setup-scripts/config.php'); +$test = new IntegrationTestUserAvatar($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserDisplayName.php b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserDisplayName.php new file mode 100644 index 00000000000..07ab2e287ca --- /dev/null +++ b/apps/user_ldap/tests/Integration/Lib/User/IntegrationTestUserDisplayName.php @@ -0,0 +1,104 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\Tests\Integration\Lib\User; + +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest; + +require_once __DIR__ . '/../../../../../../lib/base.php'; + +class IntegrationTestUserDisplayName extends AbstractIntegrationTest { + /** @var UserMapping */ + protected $mapping; + + /** + * prepares the LDAP environment and sets up a test configuration for + * the LDAP backend. + */ + public function init() { + require(__DIR__ . '/../../setup-scripts/createExplicitUsers.php'); + parent::init(); + $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection()); + $this->mapping->clear(); + $this->access->setUserMapper($this->mapping); + $userBackend = new \OCA\User_LDAP\User_LDAP($this->access, \OC::$server->getConfig()); + \OC_User::useBackend($userBackend); + } + + /** + * adds a map entry for the user, so we know the username + * + * @param $dn + * @param $username + */ + private function prepareUser($dn, $username) { + // assigns our self-picked oc username to the dn + $this->mapping->map($dn, $username, 'fakeUUID-' . $username); + } + + /** + * tests whether a display name consisting of two parts is created correctly + * + * @return bool + */ + protected function case1() { + $username = 'alice1337'; + $dn = 'uid=alice,ou=Users,' . $this->base; + $this->prepareUser($dn, $username); + $displayName = \OC::$server->getUserManager()->get($username)->getDisplayName(); + + return strpos($displayName, '(Alice@example.com)') !== false; + } + + /** + * tests whether a display name consisting of one part is created correctly + * + * @return bool + */ + protected function case2() { + $this->connection->setConfiguration([ + 'ldapUserDisplayName2' => '', + ]); + $username = 'boris23421'; + $dn = 'uid=boris,ou=Users,' . $this->base; + $this->prepareUser($dn, $username); + $displayName = \OC::$server->getUserManager()->get($username)->getDisplayName(); + + return strpos($displayName, '(Boris@example.com)') === false; + } + + /** + * sets up the LDAP configuration to be used for the test + */ + protected function initConnection() { + parent::initConnection(); + $this->connection->setConfiguration([ + 'ldapUserDisplayName' => 'displayName', + 'ldapUserDisplayName2' => 'mail', + ]); + } +} + +require_once(__DIR__ . '/../../setup-scripts/config.php'); +$test = new IntegrationTestUserDisplayName($host, $port, $adn, $apwd, $bdn); +$test->init(); +$test->run(); diff --git a/apps/user_ldap/tests/Integration/data/avatar-invalid.gif b/apps/user_ldap/tests/Integration/data/avatar-invalid.gif Binary files differnew file mode 100644 index 00000000000..000108834d8 --- /dev/null +++ b/apps/user_ldap/tests/Integration/data/avatar-invalid.gif diff --git a/apps/user_ldap/tests/Integration/data/avatar-valid.jpg b/apps/user_ldap/tests/Integration/data/avatar-valid.jpg Binary files differnew file mode 100644 index 00000000000..61b5ec2e730 --- /dev/null +++ b/apps/user_ldap/tests/Integration/data/avatar-valid.jpg diff --git a/apps/user_ldap/tests/Integration/readme.md b/apps/user_ldap/tests/Integration/readme.md new file mode 100644 index 00000000000..e20efef8fdc --- /dev/null +++ b/apps/user_ldap/tests/Integration/readme.md @@ -0,0 +1,60 @@ +# Requirements # + +Have (as in do copy if not already done) the following files from https://github.com/owncloud/administration/tree/master/ldap-testing copied into the directory "setup-scripts": + + * start.sh + * stop.sh + * config.php + +Configure config.php according to your needs, also have a look into the LDAP and network settings in start.sh and stop.sh. + +# Usage # + +The basic command to run a test is: + +```# ./run-test.sh [phpscript]``` + +Yes, run it as root from within this directory. + +Example: + +``` +$ sudo ./run-test.sh lib/IntegrationTestAccessGroupsMatchFilter.php +71cbe88a4993e67066714d71c1cecc5ef26a54911a208103cb6294f90459e574 +c74dc0155db4efa7a0515d419528a8727bbc7596601cf25b0df05e348bd74895 +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +c74dc0155db4 osixia/phpldapadmin:0.5.1 "/sbin/my_init" 1 seconds ago Up Less than a second 80/tcp, 0.0.0.0:8443->443/tcp docker-phpldapadmin +71cbe88a4993 nickstenning/slapd:latest "/sbin/my_init" 1 seconds ago Up Less than a second 127.0.0.1:7770->389/tcp docker-slapd + +LDAP server now available under 127.0.0.1:7770 (internal IP is 172.17.0.78) +phpldapadmin now available under https://127.0.0.1:8443 + +created user : Alice Ealic +created group : RedGroup +created group : BlueGroup +created group : GreenGroup +created group : PurpleGroup +running case1 +running case2 +Tests succeeded +Stopping and resetting containers +docker-slapd +docker-phpldapadmin +docker-slapd +docker-phpldapadmin +``` + +# How it works # + +1. start.sh is executed which brings up a fresh and clean OpenLDAP in Docker. +2. The provided test script is executed. It also outputs results. +3. stop.sh is executed to shut down OpenLDAP + +# Beware # + +This is quick solution for basically one test case. With expension this mechanism should be improved as well. + +It does not run automatically, unless you do it. No integration with any testing framework. + +exceptionOnLostConnection.php is not part of this mechanism. Read its source and run it isolated. While you're at it, port it :þ + diff --git a/apps/user_ldap/tests/Integration/run-test.sh b/apps/user_ldap/tests/Integration/run-test.sh new file mode 100755 index 00000000000..7a29db25670 --- /dev/null +++ b/apps/user_ldap/tests/Integration/run-test.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +if [ $1 ] ; then + TESTSCRIPT=$1 +else + echo "No test file given" exit +fi + +if [ ! -e "$TESTSCRIPT" ] ; then + echo "Test file does not exist" + exit +fi + + +# sleep is necessary, otherwise the LDAP server cannot be connected to, yet. +setup-scripts/start.sh && sleep 5 && php -f "$TESTSCRIPT" +setup-scripts/stop.sh diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroups.php b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroups.php new file mode 100644 index 00000000000..57a304be057 --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroups.php @@ -0,0 +1,71 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * @author Morris Jobke <hey@morrisjobke.de> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +if(php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'Groups'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +//creates an OU +if (true) { + $entry = []; + $entry['objectclass'][] = 'top'; + $entry['objectclass'][] = 'organizationalunit'; + $entry['ou'] = $ouName; + $b = ldap_add($cr, $ouDN, $entry); + if (!$b) { + die(ldap_error($cr)); + } +} + +$groups = ['RedGroup', 'BlueGroup', 'GreenGroup', 'PurpleGroup']; +// groupOfNames requires groups to have at least one member +// the member used is created by createExplicitUsers.php script +$omniMember = 'uid=alice,ou=Users,' . $bdn; + +foreach ($groups as $cn) { + $newDN = 'cn=' . $cn . ',' . $ouDN; + + $entry = []; + $entry['cn'] = $cn; + $entry['objectclass'][] = 'groupOfNames'; + $entry['member'][] = $omniMember; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created group ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroupsDifferentOU.php b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroupsDifferentOU.php new file mode 100644 index 00000000000..62480c5160c --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitGroupsDifferentOU.php @@ -0,0 +1,71 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * @author Morris Jobke <hey@morrisjobke.de> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +if(php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'SpecialGroups'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +//creates an OU +if (true) { + $entry = []; + $entry['objectclass'][] = 'top'; + $entry['objectclass'][] = 'organizationalunit'; + $entry['ou'] = $ouName; + $b = ldap_add($cr, $ouDN, $entry); + if (!$b) { + die(ldap_error($cr)); + } +} + +$groups = ['SquareGroup', 'CircleGroup', 'TriangleGroup', 'SquaredCircleGroup']; +// groupOfNames requires groups to have at least one member +// the member used is created by createExplicitUsers.php script +$omniMember = 'uid=alice,ou=Users,' . $bdn; + +foreach ($groups as $cn) { + $newDN = 'cn=' . $cn . ',' . $ouDN; + + $entry = []; + $entry['cn'] = $cn; + $entry['objectclass'][] = 'groupOfNames'; + $entry['member'][] = $omniMember; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created group ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createExplicitUsers.php b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitUsers.php new file mode 100644 index 00000000000..fb5609865c4 --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createExplicitUsers.php @@ -0,0 +1,74 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * @author Morris Jobke <hey@morrisjobke.de> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +if(php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'Users'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +//creates on OU +if (true) { + $entry = []; + $entry['objectclass'][] = 'top'; + $entry['objectclass'][] = 'organizationalunit'; + $entry['ou'] = $ouName; + $b = ldap_add($cr, $ouDN, $entry); + if (!$b) { + die(ldap_error($cr)); + } +} + +$users = ['alice', 'boris']; + +foreach ($users as $uid) { + $newDN = 'uid=' . $uid . ',' . $ouDN; + $fn = ucfirst($uid); + $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK. + + $entry = []; + $entry['cn'] = $fn . ' ' . $sn; + $entry['objectclass'][] = 'inetOrgPerson'; + $entry['objectclass'][] = 'person'; + $entry['sn'] = $sn; + $entry['userPassword'] = $uid; + $entry['displayName'] = $sn . ', ' . $fn; + $entry['mail'] = $fn . '@example.com'; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created user ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} diff --git a/apps/user_ldap/tests/Integration/setup-scripts/createUsersWithoutDisplayName.php b/apps/user_ldap/tests/Integration/setup-scripts/createUsersWithoutDisplayName.php new file mode 100644 index 00000000000..687b1da91e1 --- /dev/null +++ b/apps/user_ldap/tests/Integration/setup-scripts/createUsersWithoutDisplayName.php @@ -0,0 +1,59 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +if(php_sapi_name() !== 'cli') { + print('Only via CLI, please.'); + exit(1); +} + +include __DIR__ . '/config.php'; + +$cr = ldap_connect($host, $port); +ldap_set_option($cr, LDAP_OPT_PROTOCOL_VERSION, 3); +$ok = ldap_bind($cr, $adn, $apwd); + +if (!$ok) { + die(ldap_error($cr)); +} + +$ouName = 'Users'; +$ouDN = 'ou=' . $ouName . ',' . $bdn; + +$users = ['robot']; + +foreach ($users as $uid) { + $newDN = 'uid=' . $uid . ',' . $ouDN; + $fn = ucfirst($uid); + $sn = ucfirst(str_shuffle($uid)); // not so explicit but it's OK. + + $entry = []; + $entry['cn'] = ucfirst($uid); + $entry['objectclass'][] = 'inetOrgPerson'; + $entry['objectclass'][] = 'person'; + $entry['sn'] = $sn; + $entry['userPassword'] = $uid; + + $ok = ldap_add($cr, $newDN, $entry); + if ($ok) { + echo('created user ' . ': ' . $entry['cn'] . PHP_EOL); + } else { + die(ldap_error($cr)); + } +} |
