You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7.2

ldap_authentication.test in Lightweight Directory Access Protocol (LDAP) 7.2

Same filename and directory in other branches
  1. 8.2 ldap_authentication/tests/ldap_authentication.test
  2. 7 ldap_authentication/tests/ldap_authentication.test

File

ldap_authentication/tests/ldap_authentication.test
View source 
<?php

/**
 * @file
 * Ldap_authentication simpletests.
 */
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
module_load_include('module', 'ldap_authentication');

/**
 * LdapAuthenticationTestCase.
 */
class LdapAuthenticationTestCase extends LdapTestCase {
  public $module_name = 'ldap_authentication';
  protected $ldap_test_data;

  /**
   * Get info.
   */
  public static function getInfo() {
    return [
      'name' => 'LDAP Authentication Tests',
      'description' => 'Test ldap authentication.',
      'group' => 'LDAP Authentication',
    ];
  }

  /**
   * {@inheritdoc}
   */
  public function __construct($test_id = NULL) {
    parent::__construct($test_id);
  }

  /**
   *
   */
  public function setUp() {
    parent::setUp([
      'ldap_authentication',
      'ldap_authorization',
      'ldap_authorization_drupal_role',
      'ldap_test',
    ]);
    variable_set('ldap_simpletest', 2);
  }

  /**
   *
   */
  public function tearDown() {
    parent::tearDown();
    variable_del('ldap_help_watchdog_detail');
    variable_del('ldap_simpletest');
  }

  /**
   * Difficult to test install and uninstall since setUp does module enabling and installing.
   */
  public function testInstall() {
    $testid = $this->module_name . ': setup success';
    $setup_success = module_exists('ldap_authentication') && module_exists('ldap_servers');
    $this
      ->assertTrue($setup_success, ' ldap_authentication setup successful', $testid);
  }

  /**
   * LDAP Authentication Mixed Mode User Logon Test (ids = LDAP_authen.MM.ULT.*)
   */
  public function testMixedModeUserLogon() {
    $sid = 'activedirectory1';
    $testid = 'MixedModeUserLogon3';
    $sids = [
      $sid,
    ];
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'MixedModeUserLogon3', 'drupal_role_authentication_test');
    $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
    $this
      ->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);

    /**
     * LDAP_authen.MM.ULT.user1.goodpwd -- result: Successful logon as user 1
     */
    $user1 = user_load(1);
    $password = $this
      ->randomString(20);
    require_once DRUPAL_ROOT . '/includes/password.inc';
    $account = [
      'name' => $user1->name,
      'pass' => user_hash_password(trim($password)),
    ];
    db_update('users')
      ->fields($account)
      ->condition('uid', 1)
      ->execute();
    $edit = [
      'name' => $user1->name,
      'pass' => $password,
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'User 1 successfully authenticated', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.user1.badpwd  -- result: Drupal logon error message. **/
    $edit = [
      'name' => $user1->name,
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid);
    $this
      ->drupalLogout();

    /** LDAP_authen.MM.ULT.drupal.goodpwd - result: Successful logon **/
    $drupal_user = $this
      ->drupalCreateUser();
    $raw_pass = $drupal_user->pass_raw;
    $edit = [
      'name' => $drupal_user->name,
      'pass' => $raw_pass,
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'Drupal user (not ldap associated) successfully authenticated', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.drupal.badpwd - result: Drupal logon error message. **/
    $edit = [
      'name' => $drupal_user->name,
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'Drupal user  (not ldap associated) with bad password failed to authenticate.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.ldap.newaccount.badpwd - result: Drupal logon error message. **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.ldap.newaccount.goodpwd - result: Successful logon, with user record created and authmapped to ldap **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'New Ldap user with good password authenticated.');
    $this
      ->assertTrue($this->testFunctions
      ->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.existingacct.badpwd - result: Drupal logon error message. **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.existingacct.goodpwd - result: Successful logon. **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.');
    $this
      ->assertTrue($this->testFunctions
      ->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid);
    $this
      ->drupalGet('user/logout');
  }

  /**
   * LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*)
   */
  public function testExclusiveModeUserLogon() {
    $sid = 'activedirectory1';
    $testid = 'ExclusiveModeUserLogon3';
    $sids = [
      $sid,
    ];
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'ad_authentication', 'ExclusiveModeUserLogon3', 'drupal_role_authentication_test');
    $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
    $this
      ->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);

    /**
     * LDAP_authen.EM.ULT.user1.goodpwd -- result: Successful logon as user 1
     */
    $user1 = user_load(1);
    $password = $this
      ->randomString(20);
    require_once DRUPAL_ROOT . '/includes/password.inc';
    $account = [
      'name' => $user1->name,
      'pass' => user_hash_password(trim($password)),
    ];
    db_update('users')
      ->fields($account)
      ->condition('uid', 1)
      ->execute();
    $edit = [
      'name' => $user1->name,
      'pass' => $password,
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'User 1 successfully authenticated', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.EM.ULT.user1.badpwd  -- result: Drupal logon error message. **/
    $edit = [
      'name' => $user1->name,
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid);
    $this
      ->drupalLogout();

    /** LDAP_authen.EM.ULT.drupal.goodpwd - result: failed logon **/
    $drupal_user = $this
      ->drupalCreateUser();
    $raw_pass = $drupal_user->pass_raw;
    $edit = [
      'name' => $drupal_user->name,
      'pass' => $raw_pass,
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'Drupal user successfully authenticated', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.EM.ULT.drupal.badpwd - result: Drupal logon error message. **/
    $edit = [
      'name' => $drupal_user->name,
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'Drupal user with bad password failed to authenticate.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.EM.ULT.ldap.newaccount.badpwd - result: Drupal logon error message. **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.EM.ULT.ldap.newaccount.goodpwd - result: Successful logon, with user record created and authmapped to ldap **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'New Ldap user with good password authenticated.');
    $this
      ->assertTrue($this->testFunctions
      ->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.EM.ULT.existingacct.badpwd - result: Drupal logon error message. **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'mydabpassword',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid);
    $this
      ->drupalGet('user/logout');

    /** LDAP_authen.MM.ULT.existingacct.goodpwd - result: Successful logon. **/
    $edit = [
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.');
    $this
      ->assertTrue($this->testFunctions
      ->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid);
    $this
      ->drupalGet('user/logout');
  }

  /**
   * Set mock server variables for sso tests.
   *
   * @param string $server_var_key
   * @param string $sso_name
   * @param string $ldapImplementation
   * @param bool $seamlessLogin
   *
   * @return object
   */
  private function setSsoServerEnvironment($server_var_key = 'REMOTE_USER', $sso_name = 'hpotter', $ldapImplementation = 'mod_auth_sspi', $seamlessLogin = TRUE) {

    // Clear past environment.
    ldap_servers_delete_globals('_SERVER', 'REMOTE_USER', TRUE);
    ldap_servers_delete_globals('_SERVER', 'REDIRECT_REMOTE_USER', TRUE);
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->ssoEnabled = TRUE;
    $authenticationConf->ssoRemoteUserStripDomainName = FALSE;
    $authenticationConf->ssoExcludedPaths = [];
    $authenticationConf->ssoExcludedHosts = [];
    $authenticationConf->seamlessLogin = $seamlessLogin;
    $authenticationConf->ldapImplementation = $ldapImplementation;
    if ($sso_name !== FALSE) {
      if (strpos($sso_name, '@')) {
        $sso_name_parts = explode('@', $sso_name);
        $sso_name = $sso_name_parts[0];
        $authenticationConf->ssoRemoteUserStripDomainName = TRUE;
      }
      ldap_servers_set_globals('_SERVER', $server_var_key, $sso_name);
    }
    $authenticationConf
      ->save();
    return ldap_authentication_get_valid_conf(TRUE);
  }

  /**
   * LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*)
   */
  public function testSSOUserLogon() {
    module_enable([
      'ldap_sso',
      'ldap_help',
    ]);
    $sid = 'activedirectory1';
    $testid = 'SSOUserLogon3';
    $sids = [
      $sid,
    ];
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'ad_authentication', 'SSOUserLogon');
    $this
      ->setSsoServerEnvironment('REMOTE_USER', 'hpotter', 'mod_auth_sspi', TRUE);
    $this
      ->drupalGet('user/logout');
    $this
      ->drupalGet('user');

    // Just test that the setup works.
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $this
      ->assertTrue(ldap_servers_get_globals('_SERVER', 'REMOTE_USER', TRUE) == 'hpotter', '$_SERVER[REMOTE_USER] and $_SERVER[REDIRECT_REMOTE_USER] set properly for test with remote server ' . ldap_servers_get_globals('_SERVER', 'REMOTE_ADDR'), $testid);
    $setup_success = $authenticationConf->ssoEnabled == TRUE && $authenticationConf->ssoRemoteUserStripDomainName == FALSE && $authenticationConf->seamlessLogin == TRUE && $authenticationConf->ldapImplementation == 'mod_auth_sspi';
    $this
      ->assertTrue($setup_success, 'setup ldap sso test worked ', $testid);
    if (!$setup_success) {
      debug('authenticationConf');
      debug($authenticationConf);
    }
    $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
    $this
      ->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
    $hpotter_drupal = user_load_by_name('hpotter');
    $ldap_user_conf = ldap_user_conf('admin', TRUE);
    $hpotter_ldap = $ldap_user_conf
      ->getProvisionRelatedLdapEntry($hpotter_drupal);
    debug('hpotter ldap entry');
    debug($hpotter_drupal);
    $tests = [
      'dontstripnames' => [
        'sso_name' => 'hpotter',
      ],
      'stripnames' => [
        'sso_name' => 'hpotter@hogwarts',
      ],
    ];
    foreach ($tests as $testid => $conf) {
      foreach ([
        'REMOTE_USER',
      ] as $server_var_key) {

        // ,'user/login/sso'.
        foreach ([
          'user',
        ] as $test_path) {

          // , 'mod_auth_kerb'.
          foreach ([
            'mod_auth_sspi',
            'mod_auth_kerb',
          ] as $ldapImplementation) {

            // , FALSE.
            foreach ([
              TRUE,
              FALSE,
            ] as $seamlessLogin) {
              $sso_name = $conf['sso_name'];
              $this->ldapTestId = "testSSO._SERVER-key={$server_var_key} sso_name={$sso_name} path={$test_path} ldapImplementation={$ldapImplementation} seamlessLogin={$seamlessLogin}";
              $ldapAuthenticationConf = $this
                ->setSsoServerEnvironment($server_var_key, $sso_name, $ldapImplementation, $seamlessLogin);
              $this
                ->drupalGet($test_path);

              // @FIXME: Broken test
              // $this->assertText(t('Member for'), 'Successful logon.', $this->ldapTestId);
              $this
                ->drupalGet('user/logout');
            }
          }
        }
      }
    }
  }

  /**
   *
   */
  public function testAuthenticationWhitelistTests() {
    require_once drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php';
    $sid = 'activedirectory1';
    $testid = 'WL3';
    $sids = [
      $sid,
    ];
    $this
      ->prepTestData('hogwarts', [
      $sid,
    ], 'provisionToDrupal', 'WL3', 'drupal_role_authentication_test');
    $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
    $this
      ->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);

    // These 2 modules are configured in setup, but disabled for most authentication tests.
    module_disable([
      'ldap_authorization_drupal_role',
      'ldap_authorization',
    ]);

    /**
     * LDAP_authen.WL.user1  test for user 1 being excluded from white and black list tests
     */
    $user1 = user_load(1);
    $password = $this
      ->randomString(20);
    require_once DRUPAL_ROOT . '/includes/password.inc';
    $account = [
      'name' => $user1->name,
      'pass' => user_hash_password(trim($password)),
    ];
    db_update('users')
      ->fields($account)
      ->condition('uid', 1)
      ->execute();
    $edit = [
      'name' => $user1->name,
      'pass' => $password,
    ];
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'User 1 successfully authenticated in LDAP_authen.WL.user1', $testid);
    $this
      ->drupalGet('user/logout');
    module_enable([
      'ldap_authorization',
    ]);
    module_enable([
      'ldap_authorization_drupal_role',
    ]);

    /**
     * prep LDAP_authen.WL.allow
     */
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->allowOnlyIfTextInDn = [
      'pot',
    ];
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * LDAP_authen.WL.allow.match -- desirect_result: authenticate success
     */
    $this
      ->AttemptLogonNewUser('hpotter');
    $this
      ->assertText(t('Member for'), 'User able to authenticate because in white list (allowOnlyIfTextInDn).', $testid);

    /**
     *  LDAP_authen.WL.allow.miss -- desirect_result: authenticate fail
     */
    $this
      ->AttemptLogonNewUser('ssnape');
    $this
      ->assertText(t('User disallowed'), 'User unable to authenticate because not in white list (allowOnlyIfTextInDn).', $testid);

    /**
     * undo LDAP_authen.WL.allow settings
     */
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->allowOnlyIfTextInDn = [];
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * prep LDAP_authen.WL.exclude
     */
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->excludeIfTextInDn = [
      'cn=ssnape',
    ];
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * LDAP_authen.WL.exclude.match -- desirect_result: authenticate fail
     */
    $this
      ->AttemptLogonNewUser('ssnape');
    $this
      ->assertText(t('User disallowed'), 'User unable to authenticate in exclude list (excludeIfTextInDn).', $testid);

    /**
     *  LDAP_authen.WL.exclude.miss-- desirect_result: authenticate success
     */
    $this
      ->AttemptLogonNewUser('hpotter');
    $this
      ->assertText(t('Member for'), 'Able to authenticate because not in exclude list (allowOnlyIfTextInDn).', $testid);

    /**
     * undo LDAP_authen.WL.allow settings
     */
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->excludeIfTextInDn = [];
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * prep LDAP_authen.WL.php
     */
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->allowTestPhp = "\n\n      //exclude users with dumb in email address \n\n      if (strpos(\$_ldap_user_entry['attr']['mail'][0], 'dumb') === FALSE) {\n\n        print 1;\n\n      }\n\n      else {\n        print 0;\n\n      }\n      ";
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * LDAP_authen.WL.php.php disabled -- desired result: authenticate fail with warning the authentication disabled
     */
    module_disable([
      'php',
    ]);
    $this
      ->AttemptLogonNewUser('adumbledore');
    $this
      ->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, 'With php disabled and php code in whitelist, refuse authentication. (allowTestPhp).', $testid);
    module_enable([
      'php',
    ]);

    /**
     * LDAP_authen.WL.php.true -- desired result: authenticate success
     */
    $this
      ->AttemptLogonNewUser('hpotter');
    $this
      ->assertText(t('Member for'), 'Able to authenticate because php returned true (allowTestPhp).', $testid);

    /**
     *  LDAP_authen.WL.php.false-- desired result: authenticate fail
     */
    $this
      ->AttemptLogonNewUser('adumbledore');
    $this
      ->assertText(t('User disallowed'), 'User unable to authenticate because php returned false (allowTestPhp).', $testid);

    /**
     * clear LDAP_authen.WL.php
     */
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->allowTestPhp = '';
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * need to test username changes with PUID
     *   - given a user exists
     *   - change samaccountname in ldap server
     *   - have user logon
     *   - make sure old user and new user have same puid
     *
     */

    /***  multiple options used in whitelist **/

    /**
     * LDAP_authen.WL.allow[match].exclude[match] -- desired result: authenticate fail
     */

    /**
     *  LDAP_authen.WL.allow[match].exclude[miss] -- desired result: authenticate success
     */

    /**
     * LDAP_authen.WL.exclude[match].*-- desirect_result: authenticate fail
     */

    /**
     *  LDAP_authen.WL.exclude[match].php[false] -- desired result: authenticate fail
     */

    /**
     * LDAP_authen.WL1.excludeIfNoAuthorizations.hasAuthorizations
     * test for excludeIfNoAuthorizations set to true and consumer granted authorizations
     */

    // These 2 modules are configured in setup, but disabled for most authentication tests.
    module_disable([
      'ldap_authorization_drupal_role',
      'ldap_authorization',
    ]);
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->excludeIfNoAuthorizations = 1;
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);

    /**
     * LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe
     * test for excludeIfNoAuthorizations set to true and ldap_authorization disabled
     * to make sure authentication fails completely
     */
    $this
      ->AttemptLogonNewUser('hpotter');
    $this
      ->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, t('Authentication prohibited when excludeIfNoAuthorizations =
        true and LDAP Authorization disabled.
        LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe'), $testid);
    module_enable([
      'ldap_authorization',
    ], TRUE);
    module_enable([
      'ldap_authorization_drupal_role',
    ], TRUE);

    // Clear static cache.
    $consumer = ldap_authorization_get_consumers('drupal_role', TRUE, TRUE);
    $this
      ->AttemptLogonNewUser('hpotter');
    $this
      ->assertText(t('Member for'), 'User able to authenticate because of excludeIfNoAuthorizations setting.', $testid);

    /**
     * LDAP_authen.WL1.excludeIfNoAuthorizations.hasNoAuthorizations
     * test for excludeIfNoAuthorizations set to true and No consumer
     * granted authorizations
     */
    $this
      ->AttemptLogonNewUser('ssnape');
    $this
      ->assertText(t('User disallowed'), 'User unable to authenticate because of excludeIfNoAuthorizations setting.', $testid);
    $authenticationConf = new LdapAuthenticationConfAdmin();
    $authenticationConf->excludeIfNoAuthorizations = 0;
    $authenticationConf
      ->save();
    $authenticationConf = ldap_authentication_get_valid_conf(TRUE);
    module_disable([
      'ldap_authorization_drupal_role',
      'ldap_authorization',
    ]);
  }

  /**
   * Make sure user admin interface works.
   */
  public function testUI() {

    // Just to give warning if setup doesn't succeed.  may want to take these out at some point.
    $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && module_exists('ldap_authentication') && variable_get('ldap_simpletest', 2) > 0;
    $this
      ->assertTrue($setup_success, ' ldap_authentication UI setup successful', $this
      ->testId('user interface tests'));
    $sid = 'activedirectory1';
    $sids = [
      'activedirectory1',
    ];
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default');
    $this->privileged_user = $this
      ->drupalCreateUser([
      'administer site configuration',
    ]);
    $this
      ->drupalLogin($this->privileged_user);
    $ldap_authentication_conf_pre = ldap_authentication_get_valid_conf();
    $this
      ->drupalGet('admin/config/people/ldap/authentication');
    $form_tests = [
      'authenticationMode' => [
        'property' => 'authenticationMode',
        'values' => [
          LDAP_AUTHENTICATION_MIXED,
          LDAP_AUTHENTICATION_EXCLUSIVE,
        ],
        'required' => TRUE,
      ],
      'authenticationServers[' . $sid . ']' => [
        'property' => 'enabledAuthenticationServers',
        'values' => [
          TRUE,
          TRUE,
        ],
        'desired_result' => [
          [
            $sid,
          ],
          [
            $sid,
          ],
        ],
      ],
      'loginUIUsernameTxt' => [
        'property' => 'loginUIUsernameTxt',
        'values' => [
          '',
          'Hogwarts UserID',
        ],
      ],
      'loginUIPasswordTxt' => [
        'property' => 'loginUIPasswordTxt',
        'values' => [
          '',
          'Hogwarts UserID Password',
        ],
      ],
      'ldapUserHelpLinkUrl' => [
        'property' => 'ldapUserHelpLinkUrl',
        'values' => [
          '',
          'http://passwords.hogwarts.edu',
        ],
      ],
      'ldapUserHelpLinkText' => [
        'property' => 'ldapUserHelpLinkText',
        'values' => [
          'Hogwarts Password Management Page',
          'Hogwarts Password Management Page',
        ],
      ],
      'allowOnlyIfTextInDn' => [
        'property' => 'allowOnlyIfTextInDn',
        'values' => [
          'witch\\nwarlord\\nwisecracker',
          "witch\nwarlord\nwisecracker",
        ],
        'desired_result' => [
          [
            'witch',
            'warlord',
            'wisecracker',
          ],
          [
            'witch',
            'warlord',
            'wisecracker',
          ],
        ],
      ],
      'excludeIfTextInDn' => [
        'property' => 'excludeIfTextInDn',
        'values' => [
          "muggle\nmuddle\nmummy",
          "muggle\nmuddle\nmummy",
        ],
        'desired_result' => [
          [
            'muggle',
            'muddle',
            'mummy',
          ],
          [
            'muggle',
            'muddle',
            'mummy',
          ],
        ],
      ],
      'excludeIfNoAuthorizations' => [
        'property' => 'excludeIfNoAuthorizations',
        'values' => [
          1,
          1,
        ],
      ],
      'emailOption' => [
        'property' => 'emailOption',
        'values' => [
          LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE,
          LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
        ],
        'required' => TRUE,
      ],
      'emailUpdate' => [
        'property' => 'emailUpdate',
        'values' => [
          LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE,
          LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
        ],
        'required' => TRUE,
      ],
      'allowTestPhp' => [
        'property' => 'allowTestPhp',
        'values' => [
          'pretend php',
          'pretend php',
        ],
      ],
    ];
    module_enable([
      'php',
    ]);
    foreach ([
      0,
      1,
    ] as $i) {
      $edit = [];
      foreach ($form_tests as $field_name => $conf) {
        $value = $conf['values'][$i];
        $property = isset($conf['property']) ? $conf['property'] : $field_name;
        $edit[$field_name] = $value;
      }
      $this
        ->drupalPost('admin/config/people/ldap/authentication', $edit, t('Save'));
      $ldap_authentication_conf_post = ldap_authentication_get_valid_conf(TRUE);
      foreach ($form_tests as $field_name => $conf) {
        $property = isset($conf['property']) ? $conf['property'] : $field_name;
        $desired = isset($conf['desired_result']) ? isset($conf['desired_result'][$i]) : $conf['values'][$i];
        if (is_array($desired) && is_array($ldap_authentication_conf_post->{$property})) {
          $success = count($desired) == count($ldap_authentication_conf_post->{$property});
        }
        else {
          $success = $ldap_authentication_conf_post->{$property} == $desired;
        }
        $this
          ->assertTrue($success, $property . ' ' . t('field set correctly'), $this
          ->testId('ldap authentication user interface tests'));
        if (!$success) {
          debug("fail {$i} {$property}");
          debug("desired:");
          debug($desired);
          debug("actual:");
          debug($ldap_authentication_conf_post->{$property});
        }
      }
    }
  }

}

Classes

Namesort descending Description
LdapAuthenticationTestCase LdapAuthenticationTestCase.