function LdapAuthenticationTestCase::testAuthenticationWhitelistTests in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_authentication/tests/ldap_authentication.test \LdapAuthenticationTestCase::testAuthenticationWhitelistTests()
- 7 ldap_authentication/tests/ldap_authentication.test \LdapAuthenticationTestCase::testAuthenticationWhitelistTests()
File
- ldap_authentication/
tests/ ldap_authentication.test, line 385
Class
Code
function testAuthenticationWhitelistTests() {
require_once drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php';
$sid = 'activedirectory1';
$testid = 'WL3';
$sids = array(
$sid,
);
$this
->prepTestData('hogwarts', array(
$sid,
), 'provisionToDrupal', 'WL3', 'drupal_role_authentication_test');
//debug($this->testFunctions);
$ldap_servers = ldap_servers_get_servers($sid, 'enabled');
$this
->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
// these 2 modules are configured in setup, but disabled for most authentication tests
module_disable(array(
'ldap_authorization_drupal_role',
'ldap_authorization',
));
/**
* LDAP_authen.WL.user1 test for user 1 being excluded from white and black list tests
*/
$user1 = user_load(1);
$password = $this
->randomString(20);
require_once DRUPAL_ROOT . '/includes/password.inc';
$account = array(
'name' => $user1->name,
'pass' => user_hash_password(trim($password)),
);
db_update('users')
->fields($account)
->condition('uid', 1)
->execute();
$edit = array(
'name' => $user1->name,
'pass' => $password,
);
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'User 1 successfully authenticated in LDAP_authen.WL.user1', $testid);
$this
->drupalGet('user/logout');
module_enable(array(
'ldap_authorization',
));
module_enable(array(
'ldap_authorization_drupal_role',
));
/**
* prep LDAP_authen.WL.allow
*/
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowOnlyIfTextInDn = array(
'pot',
);
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* LDAP_authen.WL.allow.match -- desirect_result: authenticate success
*/
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'User able to authenticate because in white list (allowOnlyIfTextInDn).', $testid);
/**
* LDAP_authen.WL.allow.miss -- desirect_result: authenticate fail
*/
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because not in white list (allowOnlyIfTextInDn).', $testid);
/**
* undo LDAP_authen.WL.allow settings
*/
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowOnlyIfTextInDn = array();
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* prep LDAP_authen.WL.exclude
*/
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfTextInDn = array(
'cn=ssnape',
);
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* LDAP_authen.WL.exclude.match -- desirect_result: authenticate fail
*/
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate in exclude list (excludeIfTextInDn).', $testid);
/**
* LDAP_authen.WL.exclude.miss-- desirect_result: authenticate success
*/
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'Able to authenticate because not in exclude list (allowOnlyIfTextInDn).', $testid);
/**
* undo LDAP_authen.WL.allow settings
*/
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfTextInDn = array();
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* prep LDAP_authen.WL.php
*/
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowTestPhp = "\n\n //exclude users with dumb in email address \n\n if (strpos(\$_ldap_user_entry['attr']['mail'][0], 'dumb') === FALSE) {\n\n print 1;\n\n }\n\n else {\n print 0;\n\n }\n ";
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* LDAP_authen.WL.php.php disabled -- desired result: authenticate fail with warning the authentication disabled
*/
module_disable(array(
'php',
));
$this
->AttemptLogonNewUser('adumbledore');
$this
->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, 'With php disabled and php code in whitelist, refuse authentication. (allowTestPhp).', $testid);
module_enable(array(
'php',
));
/**
* LDAP_authen.WL.php.true -- desired result: authenticate success
*/
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'Able to authenticate because php returned true (allowTestPhp).', $testid);
/**
* LDAP_authen.WL.php.false-- desired result: authenticate fail
*/
$this
->AttemptLogonNewUser('adumbledore');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because php returned false (allowTestPhp).', $testid);
/**
* clear LDAP_authen.WL.php
*/
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->allowTestPhp = '';
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* need to test username changes with PUID
* - given a user exists
* - change samaccountname in ldap server
* - have user logon
* - make sure old user and new user have same puid
*
*/
/*** multiple options used in whitelist **/
/**
* LDAP_authen.WL.allow[match].exclude[match] -- desired result: authenticate fail
*/
/**
* LDAP_authen.WL.allow[match].exclude[miss] -- desired result: authenticate success
*/
/**
* LDAP_authen.WL.exclude[match].*-- desirect_result: authenticate fail
*/
/**
* LDAP_authen.WL.exclude[match].php[false] -- desired result: authenticate fail
*/
/**
* LDAP_authen.WL1.excludeIfNoAuthorizations.hasAuthorizations
* test for excludeIfNoAuthorizations set to true and consumer granted authorizations
*/
// these 2 modules are configured in setup, but disabled for most authentication tests
module_disable(array(
'ldap_authorization_drupal_role',
'ldap_authorization',
));
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfNoAuthorizations = 1;
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
/**
* LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe
* test for excludeIfNoAuthorizations set to true and ldap_authorization disabled
* to make sure authentication fails completely
*/
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, t('Authentication prohibited when excludeIfNoAuthorizations =
true and LDAP Authorization disabled.
LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe'), $testid);
module_enable(array(
'ldap_authorization',
), TRUE);
module_enable(array(
'ldap_authorization_drupal_role',
), TRUE);
$consumer = ldap_authorization_get_consumers('drupal_role', TRUE, TRUE);
// clear static cache
$this
->AttemptLogonNewUser('hpotter');
$this
->assertText(t('Member for'), 'User able to authenticate because of excludeIfNoAuthorizations setting.', $testid);
/**
* LDAP_authen.WL1.excludeIfNoAuthorizations.hasNoAuthorizations
* test for excludeIfNoAuthorizations set to true and No consumer
* granted authorizations
*/
$this
->AttemptLogonNewUser('ssnape');
$this
->assertText(t('User disallowed'), 'User unable to authenticate because of excludeIfNoAuthorizations setting.', $testid);
$authenticationConf = new LdapAuthenticationConfAdmin();
$authenticationConf->excludeIfNoAuthorizations = 0;
$authenticationConf
->save();
$authenticationConf = ldap_authentication_get_valid_conf(TRUE);
module_disable(array(
'ldap_authorization_drupal_role',
'ldap_authorization',
));
}