You are here

function LdapAuthorizationDeriveFromAttr::testDeriveFromAttr in Lightweight Directory Access Protocol (LDAP) 7

File

ldap_authorization/tests/DeriveFromAttr/DeriveFromAttr.test, line 21

Class

LdapAuthorizationDeriveFromAttr

Code

function testDeriveFromAttr() {

  // TODO: Fix failing tests, excluding to make branch pass.
  return;
  $this->ldapTestId = 'DeriveFromAttr';
  $this->serversData = 'DeriveFromAttr/ldap_servers.inc';
  $this->authorizationData = 'DeriveFromAttr/ldap_authorization.inc';
  $this->authenticationData = 'DeriveFromAttr/ldap_authentication.inc';
  $this->consumerType = 'drupal_role';
  $this
    ->prepTestData();

  /**
   * test:  DeriveFromAttr.nomatch no matches on dn attribute.
   *
   * should not match any mappings
   */
  $user = $this
    ->drupalCreateUser(array());
  $unkool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'unkool',
    'mail' => 'unkool@nowhere.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  // debug("new_authorizations, notifications"); debug(array($new_authorizations, $notifications));
  $this
    ->assertTrue(count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');

  /**
   * test:  DeriveFromAttr.onematch  matches on one dn attribute.
   *
   * should match on 'cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu' which maps to 'sysadmins'
   */
  $user = $this
    ->drupalCreateUser(array());
  $jkool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'jkool',
    'mail' => 'jkool@guests.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations['drupal_role']));
  $this
    ->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "sysadmins"', $this->ldapTestId . '.onematch');
  $correct_roles = (bool) (isset($new_authorizations['drupal_role']) && in_array('mailgroup17', $new_authorizations['drupal_role']));
  $this
    ->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "mailgroup17" from numeric ldap value', $this->ldapTestId . '.numeric_attr_value');
  user_delete($user->uid);

  /**
   * test:  DeriveFromAttr.escaped:  same as DeriveFromAttr.onematch  with cn that has escaped commas in it.
   * 'dn' => 'cn=Doe\, John,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
   */
  $user = $this
    ->drupalCreateUser(array());
  $wilmaf = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'wilmaf',
    'mail' => 'wilmaf@guests.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($wilmaf, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations['drupal_role']));
  $this
    ->assertTrue($correct_roles, 'user account wilma tested for granting drupal_role "sysadmins"', $this->ldapTestId . '.escaped');
  user_delete($user->uid);

  /**
   * test:  DeriveFromAttr.manymatch many matches on dn attribute.
   *
   * cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu
   *
   * should match on 'cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu' and 'cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu'
   *   which map to 'sysadmins' and 'netadmins' drupal roles
   *
   */
  $user = $this
    ->drupalCreateUser(array());
  $verykool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'verykool',
    'mail' => 'verykool@myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('netadmins', $new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations[$this->consumerType]));
  $this
    ->assertTrue($correct_roles, 'user account verykool tested for granting "netadmins" and "sysadmins" drupal roles ', $this->ldapTestId . '.manymatch');
  $this
    ->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
  user_delete($user->uid);

  /**
   * test:  convert full dn to value of first attribute (consumer->deriveFromAttrUseFirstAttr = TRUE)
   * e.g. cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu would be converted to netadmins
   */
  $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
  $consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
  $consumer_conf_admin
    ->save();
  $user = $this
    ->drupalCreateUser(array());
  $verykool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'verykool',
    'mail' => 'verykool@guests.myuniversity.edu',
  ), TRUE, $user);

  // debug('verykool test'); debug($verykool);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  // debug('netadmins2 test'); debug(array($new_authorizations, $notifications));
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('netadmins2', $new_authorizations['drupal_role']));
  if (!$correct_roles) {
    debug('new authorizations');
    debug($new_authorizations);
  }
  $this
    ->assertTrue($correct_roles, 'user account verykool tested for granting drupal_role "netadmins2"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr');
  $consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
  $consumer_conf_admin
    ->save();
  user_delete($user->uid);

  /**
   * test:  same as previous test with escaped commas in memberOf DN to make sure escaping is dealt with correctly
   *
   * 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
   * 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
   *
   * should return sysadmins and "punctuated,comma,freaks" which map to
   * NULL and "comma freaks"
   */
  $consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
  $consumer_conf_admin
    ->save();
  $user = $this
    ->drupalCreateUser(array());
  $wilmaf = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'wilmaf',
    'mail' => 'wilmaf@guests.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($wilmaf, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('comma freaks', $new_authorizations['drupal_role']));
  $this
    ->assertTrue($correct_roles, 'user account wilmaf tested for granting drupal_role "comma freaks"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr.escaped');
  $consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
  $consumer_conf_admin
    ->save();
  user_delete($user->uid);

  /**
   * test:  same as previous test with quoted DN
   *
   * should return sysadmins and "punctuated,comma,freaks" which map to
   * NULL and "comma freaks"
   */
  $consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
  $consumer_conf_admin
    ->save();
  $user = $this
    ->drupalCreateUser(array());
  $barneyr = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'barneyr',
    'mail' => 'barneyr@guests.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($barneyr, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('comma freaks', $new_authorizations['drupal_role']));
  $this
    ->assertTrue($correct_roles, 'user account barneyr tested for granting drupal_role "comma freaks"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr.quoted');
  $consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
  $consumer_conf_admin
    ->save();
  user_delete($user->uid);

  /**
   * test:  PHP to transform Drupal login username to LDAP UserName attribute.
   * convert verykool@gmail.com username to verykool ldap UserName attribute
   */
  module_enable(array(
    'php',
  ));
  $php = " \$parts = explode(\"@\", \$name); \n if (count(\$parts) == 2) {\n print \$parts[0];\n }; \n ";
  $this->testFunctions
    ->setFakeServerProperty('ldapauthor1', 'ldapToDrupalUserPhp', $php);
  $user = $this
    ->drupalCreateUser(array());
  $verykool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'verykool@gmail.com',
    'mail' => 'verykool@gmail.com',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  // correct roles imply username correctly transformed to authmap
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('netadmins', $new_authorizations['drupal_role']) && in_array('sysadmins', $new_authorizations['drupal_role']));
  $this
    ->assertTrue($correct_roles, 'php transform drupal username verykool@gmail.com to ldap username attribute verykool"', $this->ldapTestId . '.ldapToDrupalUserPhp');
  $this->testFunctions
    ->setFakeServerProperty('ldap_test_server__ldapauthor1', 'ldapToDrupalUserPhp', NULL);
  user_delete($user->uid);
  module_disable(array(
    'php',
  ));
}