You are here

Home » API reference » CAS Attributes 8 » CasAttributesSubscriberTest.php » CasAttributesSubscriberTest

public function CasAttributesSubscriberTest::testDenyLoginOnNoRoleMatch in CAS Attributes 8

Same name and namespace in other branches
  1. 2.x tests/src/Unit/Subscriber/CasAttributesSubscriberTest.php \Drupal\Tests\cas_attributes\Unit\Subscriber\CasAttributesSubscriberTest::testDenyLoginOnNoRoleMatch()

Verifies the 'deny login feature' when no roles map to user.

File

tests/src/Unit/Subscriber/CasAttributesSubscriberTest.php, line 243

Class

CasAttributesSubscriberTest
CasAttributesSubscriber unit tests.

Namespace

Drupal\Tests\cas_attributes\Unit\Subscriber

Code

public function testDenyLoginOnNoRoleMatch() {

  // Set up a role/attr mapping config and configure CAS Attributes to DENY
  // login when no role/attr mapping can be established for a user.
  $roleMapping = [
    [
      'rid' => $this
        ->randomMachineName(8),
      'method' => 'exact_any',
      'attribute' => 'fruit',
      'value' => 'apple',
      'remove_without_match' => FALSE,
    ],
  ];
  $config_factory = $this
    ->getConfigFactoryStub([
    'cas_attributes.settings' => [
      'role.sync_frequency' => CasAttributesSettings::SYNC_FREQUENCY_EVERY_LOGIN,
      'role.deny_login_no_match' => TRUE,
      'role.mappings' => $roleMapping,
    ],
  ]);

  // Give the user an attribute that does not match our role mapping.
  $propertyBag = new CasPropertyBag('test');
  $propertyBag
    ->setAttribute('fruit', [
    'orange',
  ]);

  // Now call the preRegister method and confirm that the user would be
  // denied login.
  $preLoginEvent = new CasPreLoginEvent($this->account, $propertyBag);
  $subscriber = new CasAttributesSubscriber($config_factory, $this->tokenService, $this->requestStack);
  $subscriber
    ->onPreLogin($preLoginEvent);
  $this
    ->assertFalse($preLoginEvent
    ->getAllowLogin());

  // Give the user an attribute that maps to one of the roles, and confirm
  // they are no longer denied.
  $propertyBag = new CasPropertyBag('test');
  $propertyBag
    ->setAttribute('fruit', [
    'apple',
  ]);
  $preLoginEvent = new CasPreLoginEvent($this->account, $propertyBag);
  $subscriber = new CasAttributesSubscriber($config_factory, $this->tokenService, $this->requestStack);
  $subscriber
    ->onPreLogin($preLoginEvent);
  $this
    ->assertTrue($preLoginEvent
    ->getAllowLogin());

  // Update configuration so that login will not be denied when no role
  // mapping match exists.
  $config_factory = $this
    ->getConfigFactoryStub([
    'cas_attributes.settings' => [
      'role.sync_frequency' => CasAttributesSettings::SYNC_FREQUENCY_EVERY_LOGIN,
      'role.deny_login_no_match' => FALSE,
      'role.mappings' => $roleMapping,
    ],
  ]);

  // Give a user an incorrect attribute value, and confirm they can still
  // log in.
  $propertyBag = new CasPropertyBag('test');
  $propertyBag
    ->setAttribute('fruit', [
    'orange',
  ]);
  $preLoginEvent = new CasPreLoginEvent($this->account, $propertyBag);
  $subscriber = new CasAttributesSubscriber($config_factory, $this->tokenService, $this->requestStack);
  $subscriber
    ->onPreLogin($preLoginEvent);
  $this
    ->assertTrue($preLoginEvent
    ->getAllowLogin());
}