You are here

function CasRolesTestCase::testRequireRole in CAS roles 7

Same name and namespace in other branches
  1. 7.2 cas_roles.test \CasRolesTestCase::testRequireRole()

Test the denial of login if a role is missing.

File

./cas_roles.test, line 216
Tests for CAS roles.

Class

CasRolesTestCase
Test case for CAS attribute setting.

Code

function testRequireRole() {

  // Set up cas_roles
  variable_set('cas_user_register', TRUE);
  variable_set('cas_roles_sync_every_login', 1);
  variable_set('cas_roles_behavior', CAS_ROLES_MATCH_REGEX);
  variable_set('cas_roles_roles', '[cas:attribute:department]');
  variable_set('cas_roles_require_a_role_create', FALSE);
  variable_set('cas_roles_require_a_role_login', TRUE);
  variable_set('cas_roles_relations', array(
    'authenticated user' => '/^(Math)$/',
  ));

  // Create a new CAS user.
  $cas_name = $this
    ->randomName();
  $attributes = array(
    'department' => 'Physics',
  );
  $cas_user = array(
    'name' => $cas_name,
    'attributes' => $attributes,
  );
  variable_set('cas_test_cas_user', $cas_user);

  // Test that the user is not automatically registered.
  $this
    ->drupalGet('cas');
  $this
    ->assertRaw(t('The user account %cas_name is not available on this site.', array(
    '%cas_name' => $cas_name,
  )));
  $this
    ->drupalLogout();

  // Set to allow users attributes.
  variable_set('cas_roles_relations', array(
    'authenticated user' => '/^(Physics)$/',
  ));
  $this
    ->drupalGet('cas');
  $this->loggedInUser = cas_user_load_by_name($cas_name, TRUE);
  $this
    ->assertRaw(t('Logged in via CAS as %cas_username.', array(
    '%cas_username' => $cas_name,
  )));
  $this
    ->drupalLogout();

  // Set to forbid users attributes.
  variable_set('cas_roles_relations', array(
    'authenticated user' => '/^(Math)$/',
  ));
  $this
    ->drupalGet('cas');
  $this
    ->assertRaw(t('The user account %cas_name is not available on this site.', array(
    '%cas_name' => $cas_name,
  )));
  $this
    ->drupalLogout();

  // Test that the user is can log in again when only creation is blocked.
  variable_set('cas_roles_require_a_role_create', TRUE);
  variable_set('cas_roles_require_a_role_login', FALSE);
  $this
    ->drupalGet('cas');
  $this->loggedInUser = cas_user_load_by_name($cas_name, TRUE);
  $this
    ->assertRaw(t('Logged in via CAS as %cas_username.', array(
    '%cas_username' => $cas_name,
  )));
  $this
    ->drupalLogout();
  $this
    ->clearCasUser();

  // But a new user is still blocked.
  $cas_name = $this
    ->randomName();
  $cas_user = array(
    'name' => $cas_name,
    'attributes' => $attributes,
  );
  variable_set('cas_test_cas_user', $cas_user);
  $this
    ->drupalGet('cas');
  $this
    ->assertRaw(t('No account found for %cas_name.', array(
    '%cas_name' => $cas_name,
  )));
}