cas_roles.test in CAS roles 7.2
Same filename and directory in other branches
Tests for CAS roles.
File
cas_roles.testView source
<?php
/**
* @file
* Tests for CAS roles.
*/
/**
* Test case for CAS attribute setting.
*/
class CasRolesTestCase extends CasTestHelper {
public $roles;
/**
*
*/
function setUp() {
$modules = func_get_args();
if (isset($modules[0]) && is_array($modules[0])) {
$modules = $modules[0];
}
$modules = array_merge(array(
'cas_attributes',
'cas_roles',
), $modules);
parent::setUp($modules);
// Set up the roles.
$this->roles['teacher'] = $this
->drupalCreateRole(array(), 'teacher');
$this->roles['student'] = $this
->drupalCreateRole(array(), 'student');
$this->roles['philosopher'] = $this
->drupalCreateRole(array(), 'philosopher');
$this->roles['staff'] = $this
->drupalCreateRole(array(), 'staff');
}
/**
*
*/
public static function getInfo() {
return array(
'name' => 'CAS Roles: Login',
'description' => 'Test CAS roles matching are done on login.',
'group' => 'Central Authentication Service',
);
}
/**
* Test the CAS role matching.
*/
function testRoleMapping() {
// Set up cas_roles
variable_set('cas_roles_sync_every_login', 1);
variable_set('cas_roles_roles', '[cas:attribute:position]');
variable_set('cas_roles_require_a_role_create', FALSE);
variable_set('cas_roles_require_a_role_login', FALSE);
$relations = array(
'authenticated user' => '',
'teacher' => '/^(Professor|Teacher)$/',
'student' => '/^Student$/',
'philosopher' => '/^(Philosopher|Tenure)$/',
'staff' => '',
);
variable_set('cas_roles_relations', $relations);
// Create a new CAS user.
$cas_name = $this
->randomName();
$attributes = array(
'position' => array(
'Professor',
'Tenure',
),
);
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
// Log in as the new CAS user.
$this
->casLogin($cas_name, $attributes);
// After login, user should have roles teacher and philosopher but not student or staff.
$user_roles = $this->loggedInUser->roles;
$this
->assertTrue(array_key_exists($this->roles['teacher'], $user_roles), "Test user has role teacher.");
$this
->assertFalse(array_key_exists($this->roles['student'], $user_roles), "Test user does not have role student.");
$this
->assertTrue(array_key_exists($this->roles['philosopher'], $user_roles), "Test user has role philosopher.");
$this
->assertFalse(array_key_exists($this->roles['staff'], $user_roles), "Test user does not have role staff.");
$this
->drupalLogout();
// Do not manage philosopher role any more. and test missing relations.
$relations = array(
'teacher' => '/^(Professor|Teacher)$/',
'student' => '/^Student$/',
'philosopher' => '',
);
variable_set('cas_roles_relations', $relations);
// Change the attributes.
$attributes = array(
'position' => array(
'Student',
),
);
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
// Log in again.
$this
->casLogin($cas_name, $attributes);
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE);
// Workaround since casLogin gets cached copy.
// After login, user should now have roles student and philosopher, but not teacher or staff.
$user_roles = $this->loggedInUser->roles;
$this
->assertFalse(array_key_exists($this->roles['teacher'], $user_roles), "Test user does not have role teacher.");
$this
->assertTrue(array_key_exists($this->roles['student'], $user_roles), "Test user has role student.");
$this
->assertTrue(array_key_exists($this->roles['philosopher'], $user_roles), "Test user has role philosopher.");
$this
->assertFalse(array_key_exists($this->roles['staff'], $user_roles), "Test user does not have role staff.");
$this
->drupalLogout();
// Set synchronisation to trigger only at the first login.
variable_set('cas_roles_sync_every_login', 0);
// Change the attributes.
$attributes = array(
'position' => array(
'Teacher',
),
);
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
// Log in again.
$this
->casLogin($cas_name, $attributes);
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE);
// Workaround since casLogin gets cached copy.
// After login, the user should have the same roles as before.
$user_roles = $this->loggedInUser->roles;
$this
->assertFalse(array_key_exists($this->roles['teacher'], $user_roles), "Test user does not have role teacher.");
$this
->assertTrue(array_key_exists($this->roles['student'], $user_roles), "Test user has role student.");
$this
->assertTrue(array_key_exists($this->roles['philosopher'], $user_roles), "Test user has role philosopher.");
$this
->assertFalse(array_key_exists($this->roles['staff'], $user_roles), "Test user does not have role staff.");
$this
->drupalLogout();
}
/**
*
*/
function testRoleMappingFromMultipleVariables() {
// Set up cas_roles
variable_set('cas_roles_sync_every_login', 1);
variable_set('cas_roles_roles', '[cas:attribute:department]_[cas:attribute:position]');
variable_set('cas_roles_require_a_role_create', FALSE);
variable_set('cas_roles_require_a_role_login', FALSE);
$relations = array(
'teacher' => '/^(Physics|Math)_/',
'student' => '/_Student$/',
'philosopher' => '/^(Physics|IT)_Professor$/',
'staff' => '/^Engineering_Staff$/',
);
variable_set('cas_roles_relations', $relations);
// Create a new CAS user.
$cas_name = $this
->randomName();
$attributes = array(
'department' => array(
'Math',
'IT',
),
'position' => array(
'Professor',
'Staff',
),
);
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
// Log in as the new CAS user.
$this
->casLogin($cas_name, $attributes);
// After login, user should have roles teacher and philosopher but not student or staff.
$user_roles = $this->loggedInUser->roles;
$this
->assertTrue(array_key_exists($this->roles['teacher'], $user_roles), "Test user has role teacher.");
$this
->assertFalse(array_key_exists($this->roles['student'], $user_roles), "Test user does not have role student.");
$this
->assertTrue(array_key_exists($this->roles['philosopher'], $user_roles), "Test user has role philosopher.");
$this
->assertFalse(array_key_exists($this->roles['staff'], $user_roles), "Test user does not have role staff.");
$this
->drupalLogout();
// Create a new CAS user.
$cas_name = $this
->randomName();
$attributes = array(
'department' => array(
'Engineering',
'IT',
),
'position' => array(
'Student',
'Staff',
),
);
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
// Log in as the new CAS user.
$this
->casLogin($cas_name, $attributes);
$this->loggedInUser = user_load($this->loggedInUser->uid, TRUE);
// Workaround since casLogin gets cached copy.
// After login, user should have roles teacher and philosopher but not student or staff.
$user_roles = $this->loggedInUser->roles;
$this
->assertFalse(array_key_exists($this->roles['teacher'], $user_roles), "Test user does not have role teacher.");
$this
->assertTrue(array_key_exists($this->roles['student'], $user_roles), "Test user has role student.");
$this
->assertFalse(array_key_exists($this->roles['philosopher'], $user_roles), "Test user does not have role philosopher.");
$this
->assertTrue(array_key_exists($this->roles['staff'], $user_roles), "Test user has role staff.");
$this
->drupalLogout();
}
/**
* Test the denial of login if a role is missing.
*/
function testRequireRole() {
// Set up cas_roles
variable_set('cas_user_register', TRUE);
variable_set('cas_roles_sync_every_login', 1);
variable_set('cas_roles_roles', '[cas:attribute:department]');
variable_set('cas_roles_require_a_role_create', FALSE);
variable_set('cas_roles_require_a_role_login', TRUE);
variable_set('cas_roles_relations', array(
'authenticated user' => '/^(Math)$/',
));
// Create a new CAS user.
$cas_name = $this
->randomName();
$attributes = array(
'department' => 'Physics',
);
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
// Test that the user is not automatically registered.
$this
->drupalGet('cas');
$this
->assertRaw(t('The user account %cas_name is not available on this site.', array(
'%cas_name' => $cas_name,
)));
$this
->drupalLogout();
// Set to allow users attributes.
variable_set('cas_roles_relations', array(
'authenticated user' => '/^(Physics)$/',
));
$this
->drupalGet('cas');
$this->loggedInUser = cas_user_load_by_name($cas_name, TRUE);
$this
->assertRaw(t('Logged in via CAS as %cas_username.', array(
'%cas_username' => $cas_name,
)));
$this
->drupalLogout();
// Set to forbid users attributes.
variable_set('cas_roles_relations', array(
'authenticated user' => '/^(Math)$/',
));
$this
->drupalGet('cas');
$this
->assertRaw(t('The user account %cas_name is not available on this site.', array(
'%cas_name' => $cas_name,
)));
$this
->drupalLogout();
// Test that the user is can log in again when only creation is blocked.
variable_set('cas_roles_require_a_role_create', TRUE);
variable_set('cas_roles_require_a_role_login', FALSE);
$this
->drupalGet('cas');
$this->loggedInUser = cas_user_load_by_name($cas_name, TRUE);
$this
->assertRaw(t('Logged in via CAS as %cas_username.', array(
'%cas_username' => $cas_name,
)));
$this
->drupalLogout();
$this
->clearCasUser();
// But a new user is still blocked.
$cas_name = $this
->randomName();
$cas_user = array(
'name' => $cas_name,
'attributes' => $attributes,
);
variable_set('cas_test_cas_user', $cas_user);
$this
->drupalGet('cas');
$this
->assertRaw(t('No account found for %cas_name.', array(
'%cas_name' => $cas_name,
)));
}
}Classes
Name |
Description |
|---|---|
| CasRolesTestCase | Test case for CAS attribute setting. |