You are here

function LdapAuthorizationBasicTests::testFlags in Lightweight Directory Access Protocol (LDAP) 7

Same name and namespace in other branches
  1. 8.2 ldap_authorization/tests/BasicTests.test \LdapAuthorizationBasicTests::testFlags()
  2. 7.2 ldap_authorization/tests/BasicTests.test \LdapAuthorizationBasicTests::testFlags()

flag (binary switches) tests clumped together

File

ldap_authorization/tests/BasicTests/BasicTests.test, line 158

Class

LdapAuthorizationBasicTests

Code

function testFlags() {

  // TODO: Fix failing tests, excluding to make branch pass.
  return;
  $this->ldapTestId = 'Flags';
  $this->serversData = 'BasicTests/ldap_servers.inc';
  $this->authorizationData = 'BasicTests/ldap_authorization.flags.inc';
  $this->authenticationData = 'BasicTests/ldap_authentication.inc';
  $this->consumerType = 'drupal_role';
  $this
    ->prepTestData();

  /**
   * test:  LDAP_authorz.Flags.enable
   */
  $user = $this
    ->drupalCreateUser(array());
  $jkool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'jkool',
    'mail' => 'jkool@guests.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query');

  // just see if the correct ones are derived.
  $roles1 = $new_authorizations[$this->consumerType];
  $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
  $consumer_conf_admin->status = 0;
  $consumer_conf_admin
    ->save();
  $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $roles2 = isset($new_authorizations[$this->consumerType]) ? $new_authorizations[$this->consumerType] : array();
  $this
    ->assertTrue(count($roles1) == 1 && count($roles2) == 0, 'disable consumer configuration disallows authorizations.', $this->ldapTestId . '.enable');

  /**
   * LDAP_authorz.Flags.onlyLdapAuthenticated (I) - create normal user and apply authorization query
   */
  $consumer_conf_admin->onlyApplyToLdapAuthenticated = 1;
  $consumer_conf_admin->status = 1;
  $consumer_conf_admin
    ->save();

  // remove authmap for jkool then test
  $jkool = user_save($user, array(
    'name' => 'jkool',
    'mail' => 'jkool@guests.myuniversity.edu',
  ));
  user_set_authmaps($jkool, array(
    'authname_ldap_authentication' => NULL,
  ));
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query');

  // just see if the correct ones are derived.
  $roles = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array();
  $this
    ->assertTrue(count($roles) == 0, ' only apply to ldap authenticated grants no roles for non ldap user.', $this->ldapTestId . '.enable');
  user_set_authmaps($jkool, array(
    'authname_ldap_authentication' => 'jkool',
  ));

  /**
   * LDAP_authorz.Flags.applyOnLogon  (IV.B) - execute logon and check that roles are applied
   */

  /**
   * LDAP_authorz.Flags.revokeRoles (IV.C) - select this option, grant user role not deserved, and execute manual call
   */

  // set correct roles
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'set');
  $consumer_conf_admin->onlyApplyToLdapAuthenticated = 0;
  $consumer_conf_admin->revokeLdapProvisioned = 1;
  $consumer_conf_admin
    ->save();

  // add an underserved, ldap granted drupal role
  $jkool = user_load($jkool->uid);
  $data = array(
    'roles' => array(
      3 => 'administrator',
    ),
    'data' => array(
      'ldap_authorizations' => array(
        'drupal_role' => array(
          'administrator' => array(
            'date_granted' => 1304216778,
          ),
        ),
      ),
    ),
  );
  $jkool = user_save($jkool, $data);
  $was_set = isset($jkool->roles[3]);

  //debug('user load jkool1, was_set='. $was_set); debug($jkool);

  // apply correct authorizations.  should remove the administrator role.
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'set', $this->consumerType, 'logon');

  // debug('authorizations'); debug(array($new_authorizations, $notifications));
  $jkool = user_load($jkool->uid);

  //  debug('user load jkool'); debug($jkool);
  $this
    ->assertTrue($was_set && !isset($jkool->roles[3]), ' revoke ldap granted roles when no longer deserved.', $this->ldapTestId . '.revokeRoles');

  /**
   * LDAP_authorz.Flags.regrantRoles IV.C) - select this option, execute manual call to get deserved roles, remove a role, execute manual call to get deserved roles, make sure role regranted
   */

  /**
   * LDAP_authorz.Flags.createRoles IV.C) - select this option, delete some roles or make sure they don't exist.  manually execute.  check role created and granted to user
   */

  // take roles away from user
  $jkool = user_load($jkool->uid);
  $data = array(
    'roles' => array(),
    'data' => array(
      'ldap_authorizations' => array(),
    ),
  );
  $jkool = user_save($jkool, $data);
  $consumer_conf_admin->createConsumers = 1;
  $consumer_conf_admin
    ->save();

  // make sure role doesn't exist
  if (in_array('guests', array_values(user_roles()))) {
    user_role_delete('guests');
  }
  $guest_role_deleted = !in_array('guests', array_values(user_roles()));

  // set authorizations for user.  this should create role
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'set', 'drupal_role', 'logon');
  $jkool = user_load($jkool->uid);
  $guest_role_recreated = in_array('guests', array_values(user_roles()));
  $roles_by_name = array_flip(user_roles());

  // debug('roles_by_name'); debug($roles_by_name);
  $jkool_granted_guest = isset($jkool->roles[$roles_by_name['guests']]);
  $this
    ->assertTrue($guest_role_deleted && $guest_role_recreated && $jkool_granted_guest, ' create consumers (e.g. roles)', $this->ldapTestId . '.createRoles');
}