You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7.2 » BasicTests.test » LdapAuthorizationBasicTests

public function LdapAuthorizationBasicTests::testSimpleStuff in Lightweight Directory Access Protocol (LDAP) 7.2

Same name and namespace in other branches
  1. 8.2 ldap_authorization/tests/BasicTests.test \LdapAuthorizationBasicTests::testSimpleStuff()
  2. 7 ldap_authorization/tests/BasicTests/BasicTests.test \LdapAuthorizationBasicTests::testSimpleStuff()

Test install, api functions, and simple authorizations granted on logon.

File

ldap_authorization/tests/BasicTests.test, line 61

Class

LdapAuthorizationBasicTests

Code

public function testSimpleStuff() {

  // Just to give warning if setup doesn't succeed.  may want to take these out at some point.
  $setup_success = module_exists('ldap_authentication') && module_exists('ldap_servers') && module_exists('ldap_authorization') && module_exists('ldap_authorization_drupal_role') && variable_get('ldap_simpletest', 2) > 0;
  $this
    ->assertTrue($setup_success, ' ldap_authorizations setup successful', 'LDAP Authorization: Test Setup Success');
  $api_functions = [
    'ldap_authorization_get_consumer_object' => [
      1,
      1,
    ],
    'ldap_authorization_get_consumers' => [
      3,
      0,
    ],
    'ldap_authorizations_user_authorizations' => [
      4,
      1,
    ],
  ];
  foreach ($api_functions as $api_function_name => $param_count) {
    $reflector = new ReflectionFunction($api_function_name);
    $this
      ->assertTrue(function_exists($api_function_name) && $param_count[1] == $reflector
      ->getNumberOfRequiredParameters() && $param_count[0] == $reflector
      ->getNumberOfParameters(), ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', 'LDAP Server: API Functions');
  }

  // Make sure ldap authorization doesn't break cron.
  $this
    ->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization enabled.'), 'LDAP Authorization: Cron Test');

  /**
   * this is geared toward testing logon functionality
   */
  $sid = 'activedirectory1';
  $testid = 'ExclusiveModeUserLogon3';
  $sids = [
    $sid,
  ];
  $this
    ->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default', 'drupal_role_default');
  $hpotter_logon_edit = [
    'name' => 'hpotter',
    'pass' => 'goodpwd',
  ];
  $this
    ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
  $this
    ->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP Authorization: Test Logon');
  $this
    ->assertTrue($this->testFunctions
    ->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', 'LDAP Authorization: Test Logon');
  $hpotter = $this->testFunctions
    ->userByNameFlushingCache('hpotter');
  $roles = array_values($hpotter->roles);
  $desired_roles = [
    'students',
    'authenticated user',
    'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu',
    'cn=honors students,ou=groups,dc=hogwarts,dc=edu',
  ];
  $diff1 = array_diff($roles, $desired_roles);
  $diff2 = array_diff($desired_roles, $roles);
  $correct_roles = count($diff1) == 0 && count($diff2) == 0;
  $roles_display = join(', ', $roles);
  if (!$correct_roles) {
    debug('hpotter roles');
    debug($roles);
    debug('desired roles');
    debug($desired_roles);
  }
  $this
    ->assertTrue($correct_roles, t('hpotter granted correct roles on actual logon: %roles', [
    '%roles' => $roles_display,
  ]), 'LDAP Authorization: Test Logon for roles');
  $this
    ->drupalGet('user/logout');

  /**
   * test revoking of no longer deserved roles when revokeLdapProvisioned=1
   */
  $this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1;
  $this->consumerAdminConf['drupal_role']
    ->save();

  // setup:  remove hpotter from honors members.
  $test_data_pre_test = variable_get('ldap_test_server__' . $sid, NULL);
  $test_data = variable_get('ldap_test_server__' . $sid, NULL);
  $this
    ->removeUserFromGroup($test_data, 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'cn=honors students,ou=groups,dc=hogwarts,dc=edu', "dc=hogwarts,dc=edu");
  variable_set('ldap_test_server__' . $sid, $test_data);
  $hpotter_dn = 'cn=hpotter,ou=people,dc=hogwarts,dc=edu';
  $this
    ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
  $hpotter = $this->testFunctions
    ->userByNameFlushingCache('hpotter');
  $roles = array_values($hpotter->roles);
  $this
    ->assertFalse(in_array('cn=honors students,ou=groups,dc=hogwarts,dc=edu', $roles), 'when revokeLdapProvisioned=1, removed role from user', 'LDAP Authorization: Test Logon');
  $this
    ->assertTrue(empty($hpotter->data['ldap_authorizations']['drupal_role']['cn=honors students,ou=groups,dc=hogwarts,dc=edu']), 'when revokeLdapProvisioned=1, removed user->data[ldap_authorizations][drupal_role][<role>]', 'LDAP Authorization: Test Logon');

  // Return test data to original state.
  variable_set('ldap_test_server__' . $sid, $test_data_pre_test);
  $this
    ->drupalGet('user/logout');

  /**
   * test regranting of removed roles (regrantLdapProvisioned = 0)
   */
  $hpotter = $this->testFunctions
    ->userByNameFlushingCache('hpotter');
  $roles = array_values($hpotter->roles);
  $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 0;
  $this->consumerAdminConf['drupal_role']
    ->save();
  $this->testFunctions
    ->removeRoleFromUser($hpotter, "cn=gryffindor,ou=groups,dc=hogwarts,dc=edu");
  $this
    ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
  $hpotter = $this->testFunctions
    ->userByNameFlushingCache('hpotter');
  $roles = array_values($hpotter->roles);
  $this
    ->assertFalse(in_array("cn=gryffindor,ou=groups,dc=hogwarts,dc=edu", $roles), 'when regrantLdapProvisioned=0, did not regrant role on logon', 'LDAP Authorization: Test Logon');
  $this
    ->assertTrue(!empty($hpotter->data['ldap_authorizations']['drupal_role']['cn=gryffindor,ou=groups,dc=hogwarts,dc=edu']), 'when regrantLdapProvisioned=0, role is not regranted, but initial grant still remains in user->data[ldap_authorizations][drupal_role][<role>]', 'LDAP Authorization: Test Logon');
  $this
    ->drupalGet('user/logout');

  /**
   * test regranting of removed roles (regrantLdapProvisioned = 1)
   */
  $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 1;
  $this->consumerAdminConf['drupal_role']
    ->save();
  $this
    ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
  $hpotter = $this->testFunctions
    ->userByNameFlushingCache('hpotter');
  $roles = array_values($hpotter->roles);
  $this
    ->assertTrue(in_array("cn=gryffindor,ou=groups,dc=hogwarts,dc=edu", $roles), 'when regrantLdapProvisioned=0, did not regrant role on logon', 'LDAP Authorization: Test Logon');
  $this
    ->drupalGet('user/logout');
}