public function LdapAuthenticationTestCase::testAuthenticationWhitelistTests in Lightweight Directory Access Protocol (LDAP) 7.2
Same name and namespace in other branches
- 8.2 ldap_authentication/tests/ldap_authentication.test \LdapAuthenticationTestCase::testAuthenticationWhitelistTests()
- 7 ldap_authentication/tests/ldap_authentication.test \LdapAuthenticationTestCase::testAuthenticationWhitelistTests()
File
- ldap_authentication/tests/ldap_authentication.test, line 421
Class
- LdapAuthenticationTestCase
- LdapAuthenticationTestCase.
Code
public function testAuthenticationWhitelistTests() {
require_once drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php';
$sid = 'activedirectory1';
$testid = 'WL3';
$sids = [
$sid,
];
$this
->prepTestData('hogwarts', [
$sid,
], 'provisionToDrupal', 'WL3', 'drupal_role_authentication_test');
$ldap_servers = ldap_servers_get_servers($sid, 'enabled');
$this
->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
module_disable([
'ldap_authorization_drupal_role',
'ldap_authorization',
]);
$user1 = user_load(1);
$password = $this
->randomString(20);
require_once DRUPAL_ROOT . '/includes/password.inc';
$account = [
'name' => $user1->name,
'pass' => user_hash_password(trim($password)),
];
db_update('users')
->fields($account)
->condition('uid', 1)
->execute();
$edit = [
'name' => $user1->name,
'pass' => $password,
];
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'User 1 successfully authenticated in LDAP_authen.WL.user1', $testid);
$this
->drupalGet('user/logout');
module_enable([
'ldap_authorization',
]);
module_enable([
'ldap_authorization_drupal_role',
]);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowOnlyIfTextInDn = [
'pot',
];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'User able to authenticate because in white list (allowOnlyIfTextInDn).', $testid);
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because not in white list (allowOnlyIfTextInDn).', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowOnlyIfTextInDn = [];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfTextInDn = [
'cn=ssnape',
];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate in exclude list (excludeIfTextInDn).', $testid);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'Able to authenticate because not in exclude list (allowOnlyIfTextInDn).', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfTextInDn = [];
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowTestPhp = "\n\n //exclude users with dumb in email address \n\n if (strpos(\$_ldap_user_entry['attr']['mail'][0], 'dumb') === FALSE) {\n\n print 1;\n\n }\n\n else {\n print 0;\n\n }\n ";
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable([
'php',
]);
$this
->AttemptLogonNewUser('adumbledore');
$this
->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, 'With php disabled and php code in whitelist, refuse authentication. (allowTestPhp).', $testid);
module_enable([
'php',
]);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'Able to authenticate because php returned true (allowTestPhp).', $testid);
$this
->AttemptLogonNewUser('adumbledore');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because php returned false (allowTestPhp).', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowTestPhp = '';
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable([
'ldap_authorization_drupal_role',
'ldap_authorization',
]);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfNoAuthorizations = 1;
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, t('Authentication prohibited when excludeIfNoAuthorizations =
true and LDAP Authorization disabled.
LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe'), $testid);
module_enable([
'ldap_authorization',
], TRUE);
module_enable([
'ldap_authorization_drupal_role',
], TRUE);
$consumer = ldap_authorization_get_consumers('drupal_role', TRUE, TRUE);
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'User able to authenticate because of excludeIfNoAuthorizations setting.', $testid);
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because of excludeIfNoAuthorizations setting.', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfNoAuthorizations = 0;
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable([
'ldap_authorization_drupal_role',
'ldap_authorization',
]);
}
