Add integration tests

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

9 files changed, 840 insertions, 0 deletions

diff --git a/tests/unit/AppInfo/ApplicationTest.php b/tests/unit/AppInfo/ApplicationTest.php
new file mode 100644
index 00000000..69ca49b3
--- /dev/null
+++ b/tests/unit/AppInfo/ApplicationTest.php
@@ -0,0 +1,66 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, Joas Schilling <coding@schilljs.com>
+ * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @author Joas Schilling <coding@schilljs.com>
+ * @author Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\User_SAML\Tests\AppInfo;
+
+use OCA\User_SAML\AppInfo\Application;
+use OCA\User_SAML\Controller\SAMLController;
+use OCA\User_SAML\Middleware\OnlyLoggedInMiddleware;
+
+class ApplicationTest extends \Test\TestCase  {
+	/** @var Application */
+	protected $app;
+	/** @var \OCP\AppFramework\IAppContainer */
+	protected $container;
+
+	protected function setUp() {
+		parent::setUp();
+		$this->app = new Application();
+		$this->container = $this->app->getContainer();
+	}
+
+	public function testContainerAppName() {
+		$this->app = new Application();
+		$this->assertEquals('user_saml', $this->container->getAppName());
+	}
+
+	public function queryData() {
+		return [
+			['OnlyLoggedInMiddleware', OnlyLoggedInMiddleware::class],
+		];
+
+	}
+
+	/**
+	 * @dataProvider queryData
+	 * @param string $service
+	 * @param string $expected
+	 */
+	public function testContainerQuery($service, $expected = null) {
+		if ($expected === null) {
+			$expected = $service;
+		}
+		$this->assertTrue($this->container->query($service) instanceof $expected);
+	}
+}
diff --git a/tests/unit/AppInfo/RoutesTest.php b/tests/unit/AppInfo/RoutesTest.php
new file mode 100644
index 00000000..ed1acffd
--- /dev/null
+++ b/tests/unit/AppInfo/RoutesTest.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Tests\AppInfo;
+
+use Test\TestCase;
+
+class Test extends TestCase  {
+	public function testFile() {
+		$routes = require_once __DIR__ . '/../../../appinfo/routes.php';
+
+		$expected = [
+			'routes' => [
+				[
+					'name' => 'SAML#login',
+					'url' => '/saml/login',
+					'verb' => 'GET',
+				],
+				[
+					'name' => 'SAML#getMetadata',
+					'url' => '/saml/metadata',
+					'verb' => 'GET',
+				],
+				[
+					'name' => 'SAML#assertionConsumerService',
+					'url' => '/saml/acs',
+					'verb' => 'POST',
+				],
+				[
+					'name' => 'SAML#singleLogoutService',
+					'url' => '/saml/sls',
+					'verb' => 'GET',
+				],
+				[
+					'name' => 'SAML#notProvisioned',
+					'url' => '/saml/notProvisioned',
+					'verb' => 'GET',
+				],
+			],
+		];
+		$this->assertSame($expected, $routes);
+	}
+}
diff --git a/tests/unit/Controller/SAMLControllerTest.php b/tests/unit/Controller/SAMLControllerTest.php
new file mode 100644
index 00000000..6007f646
--- /dev/null
+++ b/tests/unit/Controller/SAMLControllerTest.php
@@ -0,0 +1,282 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Tests\Controller;
+
+use OCA\User_SAML\Controller\SAMLController;
+use OCA\User_SAML\SAMLSettings;
+use OCA\User_SAML\UserBackend;
+use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IConfig;
+use OCP\IRequest;
+use OCP\ISession;
+use OCP\IURLGenerator;
+use OCP\IUserBackend;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use Test\TestCase;
+
+class SAMLControllerTest extends TestCase  {
+	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+	private $request;
+	/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+	/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
+	private $userSession;
+	/** @var SAMLSettings|\PHPUnit_Framework_MockObject_MockObject*/
+	private $samlSettings;
+	/** @var UserBackend|\PHPUnit_Framework_MockObject_MockObject */
+	private $userBackend;
+	/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
+	private $config;
+	/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */
+	private $urlGenerator;
+	/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
+	private $userManager;
+	/** @var SAMLController */
+	private $samlController;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->request = $this->createMock(IRequest::class);
+		$this->session = $this->createMock(ISession::class);
+		$this->userSession = $this->createMock(IUserSession::class);
+		$this->samlSettings = $this->createMock(SAMLSettings::class);
+		$this->userBackend = $this->createMock(UserBackend::class);
+		$this->config = $this->createMock(IConfig::class);
+		$this->urlGenerator = $this->createMock(IURLGenerator::class);
+		$this->userManager = $this->createMock(IUserManager::class);
+
+		$this->samlController = new SAMLController(
+			'user_saml',
+			$this->request,
+			$this->session,
+			$this->userSession,
+			$this->samlSettings,
+			$this->userBackend,
+			$this->config,
+			$this->urlGenerator,
+			$this->userManager
+		);
+	}
+
+	/**
+	 * @expectedExceptionMessage Type of "UnknownValue" is not supported for user_saml
+	 * @expectedException \Exception
+	 */
+	public function testLoginWithInvalidAppValue() {
+		$this->config
+			->expects($this->once())
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('UnknownValue');
+		$this->samlController->login();
+	}
+
+	public function testLoginWithEnvVariableAndNotExistingUidInSettingsArray() {
+		$this->config
+			->expects($this->at(0))
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('environment-variable');
+		$this->session
+			->expects($this->once())
+			->method('get')
+			->with('user_saml.samlUserData')
+			->willReturn([
+				'foo' => 'bar',
+				'bar' => 'foo',
+			]);
+		$this->config
+			->expects($this->at(1))
+			->method('getAppValue')
+			->with('user_saml', 'general-uid_mapping')
+			->willReturn('uid');
+		$this->urlGenerator
+			->expects($this->once())
+			->method('linkToRouteAbsolute')
+			->with('user_saml.SAML.notProvisioned')
+			->willReturn('https://nextcloud.com/notProvisioned/');
+
+		$expected = new RedirectResponse('https://nextcloud.com/notProvisioned/');
+		$this->assertEquals($expected, $this->samlController->login());
+	}
+
+
+	public function testLoginWithEnvVariableAndExistingUser() {
+		$this->config
+			->expects($this->at(0))
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('environment-variable');
+		$this->session
+			->expects($this->once())
+			->method('get')
+			->with('user_saml.samlUserData')
+			->willReturn([
+				'foo' => 'bar',
+				'uid' => 'MyUid',
+				'bar' => 'foo',
+			]);
+		$this->config
+			->expects($this->at(1))
+			->method('getAppValue')
+			->with('user_saml', 'general-uid_mapping')
+			->willReturn('uid');
+		$this->userManager
+			->expects($this->once())
+			->method('userExists')
+			->with('MyUid')
+			->willReturn(true);
+		$this->urlGenerator
+			->expects($this->once())
+			->method('getAbsoluteURL')
+			->with('/')
+			->willReturn('https://nextcloud.com/absolute/');
+
+		$expected = new RedirectResponse('https://nextcloud.com/absolute/');
+		$this->assertEquals($expected, $this->samlController->login());
+	}
+
+	public function testLoginWithEnvVariableAndExistingUserAndArray() {
+		$this->config
+			->expects($this->at(0))
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('environment-variable');
+		$this->session
+			->expects($this->once())
+			->method('get')
+			->with('user_saml.samlUserData')
+			->willReturn([
+				'foo' => 'bar',
+				'uid' => ['MyUid'],
+				'bar' => 'foo',
+			]);
+		$this->config
+			->expects($this->at(1))
+			->method('getAppValue')
+			->with('user_saml', 'general-uid_mapping')
+			->willReturn('uid');
+		$this->userManager
+			->expects($this->once())
+			->method('userExists')
+			->with('MyUid')
+			->willReturn(true);
+		$this->urlGenerator
+			->expects($this->once())
+			->method('getAbsoluteURL')
+			->with('/')
+			->willReturn('https://nextcloud.com/absolute/');
+
+		$expected = new RedirectResponse('https://nextcloud.com/absolute/');
+		$this->assertEquals($expected, $this->samlController->login());
+	}
+
+	public function testLoginWithEnvVariableAndNotExistingUserWithProvisioning() {
+		$this->config
+			->expects($this->at(0))
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('environment-variable');
+		$this->session
+			->expects($this->once())
+			->method('get')
+			->with('user_saml.samlUserData')
+			->willReturn([
+				'foo' => 'bar',
+				'uid' => 'MyUid',
+				'bar' => 'foo',
+			]);
+		$this->config
+			->expects($this->at(1))
+			->method('getAppValue')
+			->with('user_saml', 'general-uid_mapping')
+			->willReturn('uid');
+		$this->userManager
+			->expects($this->once())
+			->method('userExists')
+			->with('MyUid')
+			->willReturn(false);
+		$this->urlGenerator
+			->expects($this->once())
+			->method('getAbsoluteURL')
+			->with('/')
+			->willReturn('https://nextcloud.com/absolute/');
+		$this->userBackend
+			->expects($this->at(0))
+			->method('autoprovisionAllowed')
+			->willReturn(true);
+		$this->userBackend
+			->expects($this->at(1))
+			->method('createUserIfNotExists')
+			->with('MyUid');
+
+		$expected = new RedirectResponse('https://nextcloud.com/absolute/');
+		$this->assertEquals($expected, $this->samlController->login());
+	}
+
+	public function testLoginWithEnvVariableAndNotExistingUserWithoutProvisioning() {
+		$this->config
+			->expects($this->at(0))
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('environment-variable');
+		$this->session
+			->expects($this->once())
+			->method('get')
+			->with('user_saml.samlUserData')
+			->willReturn([
+				'foo' => 'bar',
+				'uid' => 'MyUid',
+				'bar' => 'foo',
+			]);
+		$this->config
+			->expects($this->at(1))
+			->method('getAppValue')
+			->with('user_saml', 'general-uid_mapping')
+			->willReturn('uid');
+		$this->userManager
+			->expects($this->once())
+			->method('userExists')
+			->with('MyUid')
+			->willReturn(false);
+		$this->urlGenerator
+			->expects($this->once())
+			->method('linkToRouteAbsolute')
+			->with('user_saml.SAML.notProvisioned')
+			->willReturn('https://nextcloud.com/notprovisioned/');
+		$this->userBackend
+			->expects($this->once())
+			->method('autoprovisionAllowed')
+			->willReturn(false);
+
+		$expected = new RedirectResponse('https://nextcloud.com/notprovisioned/');
+		$this->assertEquals($expected, $this->samlController->login());
+	}
+
+	public function testNotProvisioned() {
+		$expected = new TemplateResponse('user_saml', 'notProvisioned', [], 'guest');
+		$this->assertEquals($expected, $this->samlController->notProvisioned());
+	}
+}
diff --git a/tests/unit/Middleware/OnlyLoggedInMiddlewareTest.php b/tests/unit/Middleware/OnlyLoggedInMiddlewareTest.php
new file mode 100644
index 00000000..37e721f8
--- /dev/null
+++ b/tests/unit/Middleware/OnlyLoggedInMiddlewareTest.php
@@ -0,0 +1,108 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Tests\Middleware;
+
+use OCA\User_SAML\Middleware\OnlyLoggedInMiddleware;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Utility\IControllerMethodReflector;
+use OCP\IUserSession;
+
+class OnlyLoggedInMiddlewareTest extends \Test\TestCase  {
+	/** @var IControllerMethodReflector|\PHPUnit_Framework_MockObject_MockObject */
+	private $reflector;
+	/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
+	private $userSession;
+	/** @var OnlyLoggedInMiddleware */
+	private $onlyLoggedInMiddleware;
+
+	public function setUp() {
+		$this->reflector = $this->createMock(IControllerMethodReflector::class);
+		$this->userSession = $this->createMock(IUserSession::class);
+		$this->onlyLoggedInMiddleware = new OnlyLoggedInMiddleware(
+			$this->reflector,
+			$this->userSession
+		);
+
+		return parent::setUp();
+	}
+
+	public function testBeforeControllerWithoutAnnotation() {
+		$this->reflector
+			->expects($this->once())
+			->method('hasAnnotation')
+			->with('OnlyUnauthenticatedUsers')
+			->willReturn(false);
+		$this->userSession
+			->expects($this->never())
+			->method('isLoggedIn');
+
+		$this->onlyLoggedInMiddleware->beforeController($this->createMock(Controller::class), 'bar');
+	}
+
+	public function testBeforeControllerWithAnnotationAndNotLoggedIn() {
+		$this->reflector
+			->expects($this->once())
+			->method('hasAnnotation')
+			->with('OnlyUnauthenticatedUsers')
+			->willReturn(true);
+		$this->userSession
+			->expects($this->once())
+			->method('isLoggedIn')
+			->willReturn(false);
+
+		$this->onlyLoggedInMiddleware->beforeController($this->createMock(Controller::class), 'bar');
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage User is already logged-in
+	 */
+	public function testBeforeControllerWithAnnotationAndLoggedIn() {
+		$this->reflector
+			->expects($this->once())
+			->method('hasAnnotation')
+			->with('OnlyUnauthenticatedUsers')
+			->willReturn(true);
+		$this->userSession
+			->expects($this->once())
+			->method('isLoggedIn')
+			->willReturn(true);
+
+		$this->onlyLoggedInMiddleware->beforeController($this->createMock(Controller::class), 'bar');
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage My Exception
+	 */
+	public function testAfterExceptionWithNormalException() {
+		$exception = new \Exception('My Exception');
+		$this->onlyLoggedInMiddleware->afterException($this->createMock(Controller::class), 'bar', $exception);
+	}
+
+	public function testAfterExceptionWithAlreadyLoggedInException() {
+		$exception = new \Exception('User is already logged-in');
+		$expected = new JSONResponse('User is already logged-in', 403);
+		$this->assertEquals($expected, $this->onlyLoggedInMiddleware->afterException($this->createMock(Controller::class), 'bar', $exception));
+	}
+}
diff --git a/tests/unit/Settings/AdminTest.php b/tests/unit/Settings/AdminTest.php
new file mode 100644
index 00000000..b1f10488
--- /dev/null
+++ b/tests/unit/Settings/AdminTest.php
@@ -0,0 +1,150 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Tests\Settings;
+
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Defaults;
+use OCP\IConfig;
+use OCP\IL10N;
+
+class AdminTest extends \Test\TestCase  {
+	/** @var \OCA\User_SAML\Settings\Admin */
+	private $admin;
+	/** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */
+	private $l10n;
+	/** @var Defaults|\PHPUnit_Framework_MockObject_MockObject */
+	private $defaults;
+	/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
+	private $config;
+
+	public function setUp() {
+		$this->l10n = $this->createMock(IL10N::class);
+		$this->defaults = $this->createMock(Defaults::class);
+		$this->config = $this->createMock(IConfig::class);
+
+		$this->admin = new \OCA\User_SAML\Settings\Admin(
+			$this->l10n,
+			$this->defaults,
+			$this->config
+		);
+
+		return parent::setUp();
+	}
+
+	public function formDataProvider() {
+		$this->l10n
+			->expects($this->any())
+			->method('t')
+			->will($this->returnCallback(function($text, $parameters = array()) {
+				return vsprintf($text, $parameters);
+			}));
+
+		$serviceProviderFields = [
+			'x509cert' => 'X.509 certificate of the Service Provider',
+			'privateKey' => 'Private key of the Service Provider',
+		];
+		$securityOfferFields = [
+			'nameIdEncrypted' => 'Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.',
+			'authnRequestsSigned' => 'Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]',
+			'logoutRequestSigned' => 'Indicates whether the  <samlp:logoutRequest> messages sent by this SP will be signed.',
+			'logoutResponseSigned' => 'Indicates whether the  <samlp:logoutResponse> messages sent by this SP will be signed.',
+			'signMetadata' => 'Whether the metadata should be signed.',
+		];
+		$securityRequiredFields = [
+			'wantMessagesSigned' => 'Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed.',
+			'wantAssertionsSigned' => 'Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]',
+			'wantAssertionsEncrypted' => 'Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted.',
+			'wantNameId' => ' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.',
+			'wantNameIdEncrypted' => 'Indicates a requirement for the NameID received by this SP to be encrypted.',
+			'wantXMLValidation' => 'Indicates if the SP will validate all received XMLs.',
+		];
+		$securityGeneral = [
+			'lowercaseUrlencoding' => 'ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.',
+		];
+		$generalSettings = [
+			'uid_mapping' => [
+				'text' => 'Attribute to map the UID to.',
+				'type' => 'line',
+				'required' => true,
+			],
+			'require_provisioned_account' => [
+				'text' => 'Only allow authentication if an account is existent on some other backend. (e.g. LDAP)',
+				'type' => 'checkbox',
+			],
+			'use_saml_auth_for_desktop' => [
+				'text' => 'Use SAML auth for the Nextcloud desktop clients (requires user re-authentication)',
+				'type' => 'checkbox',
+			],
+		];
+
+		$params = [
+			'sp' => $serviceProviderFields,
+			'security-offer' => $securityOfferFields,
+			'security-required' => $securityRequiredFields,
+			'security-general' => $securityGeneral,
+			'general' => $generalSettings,
+		];
+
+		return $params;
+	}
+
+	public function testGetFormWithoutType() {
+		$this->config
+			->expects($this->once())
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('');
+
+		$params = $this->formDataProvider();
+		unset($params['general']['use_saml_auth_for_desktop']);
+		$params['type'] = '';
+
+		$expected = new TemplateResponse('user_saml', 'admin', $params);
+		$this->assertEquals($expected, $this->admin->getForm());
+	}
+
+	public function testGetFormWithSaml() {
+		$this->defaults
+			->expects($this->once())
+			->method('getName')
+			->willReturn('Nextcloud');
+		$this->config
+			->expects($this->once())
+			->method('getAppValue')
+			->with('user_saml', 'type')
+			->willReturn('saml');
+
+		$params = $this->formDataProvider();
+		$params['type'] = 'saml';
+
+		$expected = new TemplateResponse('user_saml', 'admin', $params);
+		$this->assertEquals($expected, $this->admin->getForm());
+	}
+
+	public function testGetSection() {
+		$this->assertSame('saml', $this->admin->getSection());
+	}
+
+	public function testGetPriority() {
+		$this->assertSame(0, $this->admin->getPriority());
+	}
+}
diff --git a/tests/unit/Settings/SectionTest.php b/tests/unit/Settings/SectionTest.php
new file mode 100644
index 00000000..43946f7e
--- /dev/null
+++ b/tests/unit/Settings/SectionTest.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Tests\Settings;
+
+class SectionTest extends \Test\TestCase  {
+	/** @var \OCA\User_SAML\Settings\Section */
+	private $section;
+	/** @var \OCP\IL10N */
+	private $l10n;
+
+	public function setUp() {
+		$this->l10n = $this->createMock(\OCP\IL10N::class);
+		$this->section = new \OCA\User_SAML\Settings\Section(
+			$this->l10n
+		);
+
+		return parent::setUp();
+	}
+
+	public function testGetId() {
+		$this->assertSame('saml', $this->section->getID());
+	}
+
+	public function testGetName() {
+		$this->l10n
+			->expects($this->once())
+			->method('t')
+			->with('SSO & SAML authentication')
+			->willReturn('SAML authentication');
+
+		$this->assertSame('SAML authentication', $this->section->getName());
+	}
+
+	public function testGetPriority() {
+		$this->assertSame(75, $this->section->getPriority());
+	}
+}
diff --git a/tests/unit/UserBackendTest.php b/tests/unit/UserBackendTest.php
new file mode 100644
index 00000000..ff7a975e
--- /dev/null
+++ b/tests/unit/UserBackendTest.php
@@ -0,0 +1,63 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Tests\Settings;
+
+use OCA\User_SAML\UserBackend;
+use OCP\IConfig;
+use OCP\IDBConnection;
+use OCP\ISession;
+use OCP\IURLGenerator;
+use OCP\IUserBackend;
+use Test\TestCase;
+
+class UserBackendTest extends TestCase   {
+	/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
+	private $config;
+	/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */
+	private $urlGenerator;
+	/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+	/** @var IDBConnection|\PHPUnit_Framework_MockObject_MockObject */
+	private $db;
+	/** @var IUserBackend|\PHPUnit_Framework_MockObject_MockObject */
+	private $userBackend;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->config = $this->createMock(IConfig::class);
+		$this->urlGenerator = $this->createMock(IURLGenerator::class);
+		$this->session = $this->createMock(ISession::class);
+		$this->db = $this->createMock(IDBConnection::class);
+
+		$this->userBackend = new UserBackend(
+			$this->config,
+			$this->urlGenerator,
+			$this->session,
+			$this->db
+		);
+	}
+
+	public function testGetBackendName() {
+		$this->assertSame('user_saml', $this->userBackend->getBackendName());
+	}
+}
diff --git a/tests/unit/bootstrap.php b/tests/unit/bootstrap.php
new file mode 100644
index 00000000..fe1a5ae0
--- /dev/null
+++ b/tests/unit/bootstrap.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+if (!defined('PHPUNIT_RUN')) {
+	define('PHPUNIT_RUN', 1);
+}
+require_once __DIR__.'/../../../../lib/base.php';
+\OC::$loader->addValidRoot(\OC::$SERVERROOT . '/tests');
+\OC_App::loadApp('user_saml');
+if(!class_exists('PHPUnit_Framework_TestCase')) {
+	require_once('PHPUnit/Autoload.php');
+}
+OC_Hook::clear();
diff --git a/tests/unit/phpunit.xml b/tests/unit/phpunit.xml
new file mode 100644
index 00000000..873b0b0f
--- /dev/null
+++ b/tests/unit/phpunit.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<phpunit bootstrap="bootstrap.php"
+		 strict="true"
+		 verbose="true"
+		 timeoutForSmallTests="900"
+		 timeoutForMediumTests="900"
+		 timeoutForLargeTests="900"
+>
+	<testsuite name='User_SAML App Tests'>
+		<directory suffix='Test.php'>.</directory>
+	</testsuite>
+	<!-- filters for code coverage -->
+	<filter>
+		<whitelist>
+			<directory suffix=".php">../../../user_saml/appinfo</directory>
+			<directory suffix=".php">../../../user_saml/lib</directory>
+		</whitelist>
+	</filter>
+	<logging>
+		<!-- and this is where your report will be written -->
+		<log type="coverage-clover" target="./clover.xml"/>
+	</logging>
+</phpunit>