View source
<?php
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
module_load_include('module', 'ldap_authentication');
class LdapAuthenticationTestCase extends LdapTestCase {
public $module_name = 'ldap_authentication';
protected $ldap_test_data;
public static function getInfo() {
return [
'name' => 'LDAP Authentication Tests',
'description' => 'Test ldap authentication.',
'group' => 'LDAP Authentication',
];
}
public function __construct($test_id = NULL) {
parent::__construct($test_id);
}
public function setUp() {
parent::setUp([
'ldap_authentication',
'ldap_authorization',
'ldap_authorization_drupal_role',
'ldap_test',
]);
variable_set('ldap_simpletest', 2);
}
public function tearDown() {
parent::tearDown();
variable_del('ldap_help_watchdog_detail');
variable_del('ldap_simpletest');
}
public function testInstall() {
$testid = $this->module_name . ': setup success';
$setup_success = module_exists('ldap_authentication') && module_exists('ldap_servers');
$this
->assertTrue($setup_success, ' ldap_authentication setup successful', $testid);
}
public function testMixedModeUserLogon() {
$sid = 'activedirectory1';
$testid = 'MixedModeUserLogon3';
$sids = [
$sid,
];
$this
->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'MixedModeUserLogon3', 'drupal_role_authentication_test');
$ldap_servers = ldap_servers_get_servers($sid, 'enabled');
$this
->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
$user1 = user_load(1);
$password = $this
->randomString(20);
require_once DRUPAL_ROOT . '/includes/password.inc';
$account = [
'name' => $user1->name,
'pass' => user_hash_password(trim($password)),
];
db_update('users')
->fields($account)
->condition('uid', 1)
->execute();
$edit = [
'name' => $user1->name,
'pass' => $password,
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'User 1 successfully authenticated', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => $user1->name,
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid);
$this
->drupalLogout();
$drupal_user = $this
->drupalCreateUser();
$raw_pass = $drupal_user->pass_raw;
$edit = [
'name' => $drupal_user->name,
'pass' => $raw_pass,
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'Drupal user (not ldap associated) successfully authenticated', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => $drupal_user->name,
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'Drupal user (not ldap associated) with bad password failed to authenticate.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'goodpwd',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'New Ldap user with good password authenticated.');
$this
->assertTrue($this->testFunctions
->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'goodpwd',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.');
$this
->assertTrue($this->testFunctions
->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid);
$this
->drupalGet('user/logout');
}
public function testExclusiveModeUserLogon() {
$sid = 'activedirectory1';
$testid = 'ExclusiveModeUserLogon3';
$sids = [
$sid,
];
$this
->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'ad_authentication', 'ExclusiveModeUserLogon3', 'drupal_role_authentication_test');
$ldap_servers = ldap_servers_get_servers($sid, 'enabled');
$this
->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
$user1 = user_load(1);
$password = $this
->randomString(20);
require_once DRUPAL_ROOT . '/includes/password.inc';
$account = [
'name' => $user1->name,
'pass' => user_hash_password(trim($password)),
];
db_update('users')
->fields($account)
->condition('uid', 1)
->execute();
$edit = [
'name' => $user1->name,
'pass' => $password,
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'User 1 successfully authenticated', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => $user1->name,
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid);
$this
->drupalLogout();
$drupal_user = $this
->drupalCreateUser();
$raw_pass = $drupal_user->pass_raw;
$edit = [
'name' => $drupal_user->name,
'pass' => $raw_pass,
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'Drupal user successfully authenticated', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => $drupal_user->name,
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'Drupal user with bad password failed to authenticate.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'goodpwd',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'New Ldap user with good password authenticated.');
$this
->assertTrue($this->testFunctions
->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'mydabpassword',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid);
$this
->drupalGet('user/logout');
$edit = [
'name' => 'hpotter',
'pass' => 'goodpwd',
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.');
$this
->assertTrue($this->testFunctions
->ldapUserIsAuthmapped('hpotter'), 'Existing Ldap user still properly authmapped.', $testid);
$this
->drupalGet('user/logout');
}
private function setSsoServerEnvironment($server_var_key = 'REMOTE_USER', $sso_name = 'hpotter', $ldapImplementation = 'mod_auth_sspi', $seamlessLogin = TRUE) {
ldap_servers_delete_globals('_SERVER', 'REMOTE_USER', TRUE);
ldap_servers_delete_globals('_SERVER', 'REDIRECT_REMOTE_USER', TRUE);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->ssoEnabled = TRUE;
$authenticationConf->ssoRemoteUserStripDomainName = FALSE;
$authenticationConf->ssoExcludedPaths = [];
$authenticationConf->ssoExcludedHosts = [];
$authenticationConf->seamlessLogin = $seamlessLogin;
$authenticationConf->ldapImplementation = $ldapImplementation;
if ($sso_name !== FALSE) {
if (strpos($sso_name, '@')) {
$sso_name_parts = explode('@', $sso_name);
$sso_name = $sso_name_parts[0];
$authenticationConf->ssoRemoteUserStripDomainName = TRUE;
}
ldap_servers_set_globals('_SERVER', $server_var_key, $sso_name);
}
$authenticationConf
->save();
return ldap_authentication_get_valid_conf(TRUE);
}
public function testSSOUserLogon() {
module_enable([
'ldap_sso',
'ldap_help',
]);
$sid = 'activedirectory1';
$testid = 'SSOUserLogon3';
$sids = [
$sid,
];
$this
->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'ad_authentication', 'SSOUserLogon');
$this
->setSsoServerEnvironment('REMOTE_USER', 'hpotter', 'mod_auth_sspi', TRUE);
$this
->drupalGet('user/logout');
$this
->drupalGet('user');
$authenticationConf = new LdapAuthenticationConfAdmin();
$this
->assertTrue(ldap_servers_get_globals('_SERVER', 'REMOTE_USER', TRUE) == 'hpotter', '$_SERVER[REMOTE_USER] and $_SERVER[REDIRECT_REMOTE_USER] set properly for test with remote server ' . ldap_servers_get_globals('_SERVER', 'REMOTE_ADDR'), $testid);
$setup_success = $authenticationConf->ssoEnabled == TRUE && $authenticationConf->ssoRemoteUserStripDomainName == FALSE && $authenticationConf->seamlessLogin == TRUE && $authenticationConf->ldapImplementation == 'mod_auth_sspi';
$this
->assertTrue($setup_success, 'setup ldap sso test worked ', $testid);
if (!$setup_success) {
debug('authenticationConf');
debug($authenticationConf);
}
$ldap_servers = ldap_servers_get_servers($sid, 'enabled');
$this
->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
$hpotter_drupal = user_load_by_name('hpotter');
$ldap_user_conf = ldap_user_conf('admin', TRUE);
$hpotter_ldap = $ldap_user_conf
->getProvisionRelatedLdapEntry($hpotter_drupal);
debug('hpotter ldap entry');
debug($hpotter_drupal);
$tests = [
'dontstripnames' => [
'sso_name' => 'hpotter',
],
'stripnames' => [
'sso_name' => 'hpotter@hogwarts',
],
];
foreach ($tests as $testid => $conf) {
foreach ([
'REMOTE_USER',
] as $server_var_key) {
foreach ([
'user',
] as $test_path) {
foreach ([
'mod_auth_sspi',
'mod_auth_kerb',
] as $ldapImplementation) {
foreach ([
TRUE,
FALSE,
] as $seamlessLogin) {
$sso_name = $conf['sso_name'];
$this->ldapTestId = "testSSO._SERVER-key={$server_var_key} sso_name={$sso_name} path={$test_path} ldapImplementation={$ldapImplementation} seamlessLogin={$seamlessLogin}";
$ldapAuthenticationConf = $this
->setSsoServerEnvironment($server_var_key, $sso_name, $ldapImplementation, $seamlessLogin);
$this
->drupalGet($test_path);
$this
->drupalGet('user/logout');
}
}
}
}
}
}
public function testAuthenticationWhitelistTests() {
require_once drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php';
$sid = 'activedirectory1';
$testid = 'WL3';
$sids = [
$sid,
];
$this
->prepTestData('hogwarts', [
$sid,
], 'provisionToDrupal', 'WL3', 'drupal_role_authentication_test');
$ldap_servers = ldap_servers_get_servers($sid, 'enabled');
$this
->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
module_disable([
'ldap_authorization_drupal_role',
'ldap_authorization',
]);
$user1 = user_load(1);
$password = $this
->randomString(20);
require_once DRUPAL_ROOT . '/includes/password.inc';
$account = [
'name' => $user1->name,
'pass' => user_hash_password(trim($password)),
];
db_update('users')
->fields($account)
->condition('uid', 1)
->execute();
$edit = [
'name' => $user1->name,
'pass' => $password,
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'User 1 successfully authenticated in LDAP_authen.WL.user1', $testid);
$this
->drupalGet('user/logout');
module_enable([
'ldap_authorization',
]);
module_enable([
'ldap_authorization_drupal_role',
]);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowOnlyIfTextInDn = [
'pot',
];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'User able to authenticate because in white list (allowOnlyIfTextInDn).', $testid);
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because not in white list (allowOnlyIfTextInDn).', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowOnlyIfTextInDn = [];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfTextInDn = [
'cn=ssnape',
];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate in exclude list (excludeIfTextInDn).', $testid);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'Able to authenticate because not in exclude list (allowOnlyIfTextInDn).', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfTextInDn = [];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowTestPhp = "\n\n //exclude users with dumb in email address \n\n if (strpos(\$_ldap_user_entry['attr']['mail'][0], 'dumb') === FALSE) {\n\n print 1;\n\n }\n\n else {\n print 0;\n\n }\n ";
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable([
'php',
]);
$this
->AttemptLogonNewUser('adumbledore');
$this
->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, 'With php disabled and php code in whitelist, refuse authentication. (allowTestPhp).', $testid);
module_enable([
'php',
]);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'Able to authenticate because php returned true (allowTestPhp).', $testid);
$this
->AttemptLogonNewUser('adumbledore');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because php returned false (allowTestPhp).', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowTestPhp = '';
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable([
'ldap_authorization_drupal_role',
'ldap_authorization',
]);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfNoAuthorizations = 1;
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, t('Authentication prohibited when excludeIfNoAuthorizations =
true and LDAP Authorization disabled.
LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe'), $testid);
module_enable([
'ldap_authorization',
], TRUE);
module_enable([
'ldap_authorization_drupal_role',
], TRUE);
$consumer = ldap_authorization_get_consumers('drupal_role', TRUE, TRUE);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'User able to authenticate because of excludeIfNoAuthorizations setting.', $testid);
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because of excludeIfNoAuthorizations setting.', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfNoAuthorizations = 0;
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable([
'ldap_authorization_drupal_role',
'ldap_authorization',
]);
}
public function testUI() {
$setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && module_exists('ldap_authentication') && variable_get('ldap_simpletest', 2) > 0;
$this
->assertTrue($setup_success, ' ldap_authentication UI setup successful', $this
->testId('user interface tests'));
$sid = 'activedirectory1';
$sids = [
'activedirectory1',
];
$this
->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default');
$this->privileged_user = $this
->drupalCreateUser([
'administer site configuration',
]);
$this
->drupalLogin($this->privileged_user);
$ldap_authentication_conf_pre = ldap_authentication_get_valid_conf();
$this
->drupalGet('admin/config/people/ldap/authentication');
$form_tests = [
'authenticationMode' => [
'property' => 'authenticationMode',
'values' => [
LDAP_AUTHENTICATION_MIXED,
LDAP_AUTHENTICATION_EXCLUSIVE,
],
'required' => TRUE,
],
'authenticationServers[' . $sid . ']' => [
'property' => 'enabledAuthenticationServers',
'values' => [
TRUE,
TRUE,
],
'desired_result' => [
[
$sid,
],
[
$sid,
],
],
],
'loginUIUsernameTxt' => [
'property' => 'loginUIUsernameTxt',
'values' => [
'',
'Hogwarts UserID',
],
],
'loginUIPasswordTxt' => [
'property' => 'loginUIPasswordTxt',
'values' => [
'',
'Hogwarts UserID Password',
],
],
'ldapUserHelpLinkUrl' => [
'property' => 'ldapUserHelpLinkUrl',
'values' => [
'',
'http://passwords.hogwarts.edu',
],
],
'ldapUserHelpLinkText' => [
'property' => 'ldapUserHelpLinkText',
'values' => [
'Hogwarts Password Management Page',
'Hogwarts Password Management Page',
],
],
'allowOnlyIfTextInDn' => [
'property' => 'allowOnlyIfTextInDn',
'values' => [
'witch\\nwarlord\\nwisecracker',
"witch\nwarlord\nwisecracker",
],
'desired_result' => [
[
'witch',
'warlord',
'wisecracker',
],
[
'witch',
'warlord',
'wisecracker',
],
],
],
'excludeIfTextInDn' => [
'property' => 'excludeIfTextInDn',
'values' => [
"muggle\nmuddle\nmummy",
"muggle\nmuddle\nmummy",
],
'desired_result' => [
[
'muggle',
'muddle',
'mummy',
],
[
'muggle',
'muddle',
'mummy',
],
],
],
'excludeIfNoAuthorizations' => [
'property' => 'excludeIfNoAuthorizations',
'values' => [
1,
1,
],
],
'emailOption' => [
'property' => 'emailOption',
'values' => [
LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE,
LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
],
'required' => TRUE,
],
'emailUpdate' => [
'property' => 'emailUpdate',
'values' => [
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE,
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
],
'required' => TRUE,
],
'allowTestPhp' => [
'property' => 'allowTestPhp',
'values' => [
'pretend php',
'pretend php',
],
],
];
module_enable([
'php',
]);
foreach ([
0,
1,
] as $i) {
$edit = [];
foreach ($form_tests as $field_name => $conf) {
$value = $conf['values'][$i];
$property = isset($conf['property']) ? $conf['property'] : $field_name;
$edit[$field_name] = $value;
}
$this
->drupalPost('admin/config/people/ldap/authentication', $edit, t('Save'));
$ldap_authentication_conf_post = ldap_authentication_get_valid_conf(TRUE);
foreach ($form_tests as $field_name => $conf) {
$property = isset($conf['property']) ? $conf['property'] : $field_name;
$desired = isset($conf['desired_result']) ? isset($conf['desired_result'][$i]) : $conf['values'][$i];
if (is_array($desired) && is_array($ldap_authentication_conf_post->{$property})) {
$success = count($desired) == count($ldap_authentication_conf_post->{$property});
}
else {
$success = $ldap_authentication_conf_post->{$property} == $desired;
}
$this
->assertTrue($success, $property . ' ' . t('field set correctly'), $this
->testId('ldap authentication user interface tests'));
if (!$success) {
debug("fail {$i} {$property}");
debug("desired:");
debug($desired);
debug("actual:");
debug($ldap_authentication_conf_post->{$property});
}
}
}
}
}