function LdapAuthorizationDeriveFromAttr::testDeriveFromAttr in Lightweight Directory Access Protocol (LDAP) 7
File
- ldap_authorization/
tests/ DeriveFromAttr/ DeriveFromAttr.test, line 21
Class
Code
function testDeriveFromAttr() {
// TODO: Fix failing tests, excluding to make branch pass.
return;
$this->ldapTestId = 'DeriveFromAttr';
$this->serversData = 'DeriveFromAttr/ldap_servers.inc';
$this->authorizationData = 'DeriveFromAttr/ldap_authorization.inc';
$this->authenticationData = 'DeriveFromAttr/ldap_authentication.inc';
$this->consumerType = 'drupal_role';
$this
->prepTestData();
/**
* test: DeriveFromAttr.nomatch no matches on dn attribute.
*
* should not match any mappings
*/
$user = $this
->drupalCreateUser(array());
$unkool = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'unkool',
'mail' => 'unkool@nowhere.myuniversity.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query', $this->consumerType);
// just see if the correct ones are derived.
// debug("new_authorizations, notifications"); debug(array($new_authorizations, $notifications));
$this
->assertTrue(count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
/**
* test: DeriveFromAttr.onematch matches on one dn attribute.
*
* should match on 'cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu' which maps to 'sysadmins'
*/
$user = $this
->drupalCreateUser(array());
$jkool = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'jkool',
'mail' => 'jkool@guests.myuniversity.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query', $this->consumerType);
// just see if the correct ones are derived.
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations['drupal_role']));
$this
->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "sysadmins"', $this->ldapTestId . '.onematch');
$correct_roles = (bool) (isset($new_authorizations['drupal_role']) && in_array('mailgroup17', $new_authorizations['drupal_role']));
$this
->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "mailgroup17" from numeric ldap value', $this->ldapTestId . '.numeric_attr_value');
user_delete($user->uid);
/**
* test: DeriveFromAttr.escaped: same as DeriveFromAttr.onematch with cn that has escaped commas in it.
* 'dn' => 'cn=Doe\, John,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
*/
$user = $this
->drupalCreateUser(array());
$wilmaf = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'wilmaf',
'mail' => 'wilmaf@guests.myuniversity.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($wilmaf, 'query', $this->consumerType);
// just see if the correct ones are derived.
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations['drupal_role']));
$this
->assertTrue($correct_roles, 'user account wilma tested for granting drupal_role "sysadmins"', $this->ldapTestId . '.escaped');
user_delete($user->uid);
/**
* test: DeriveFromAttr.manymatch many matches on dn attribute.
*
* cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu
*
* should match on 'cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu' and 'cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu'
* which map to 'sysadmins' and 'netadmins' drupal roles
*
*/
$user = $this
->drupalCreateUser(array());
$verykool = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'verykool',
'mail' => 'verykool@myuniversity.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType);
// just see if the correct ones are derived.
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('netadmins', $new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations[$this->consumerType]));
$this
->assertTrue($correct_roles, 'user account verykool tested for granting "netadmins" and "sysadmins" drupal roles ', $this->ldapTestId . '.manymatch');
$this
->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
user_delete($user->uid);
/**
* test: convert full dn to value of first attribute (consumer->deriveFromAttrUseFirstAttr = TRUE)
* e.g. cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu would be converted to netadmins
*/
$consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
$consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
$consumer_conf_admin
->save();
$user = $this
->drupalCreateUser(array());
$verykool = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'verykool',
'mail' => 'verykool@guests.myuniversity.edu',
), TRUE, $user);
// debug('verykool test'); debug($verykool);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType);
// just see if the correct ones are derived.
// debug('netadmins2 test'); debug(array($new_authorizations, $notifications));
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('netadmins2', $new_authorizations['drupal_role']));
if (!$correct_roles) {
debug('new authorizations');
debug($new_authorizations);
}
$this
->assertTrue($correct_roles, 'user account verykool tested for granting drupal_role "netadmins2"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr');
$consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
$consumer_conf_admin
->save();
user_delete($user->uid);
/**
* test: same as previous test with escaped commas in memberOf DN to make sure escaping is dealt with correctly
*
* 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
* 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
*
* should return sysadmins and "punctuated,comma,freaks" which map to
* NULL and "comma freaks"
*/
$consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
$consumer_conf_admin
->save();
$user = $this
->drupalCreateUser(array());
$wilmaf = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'wilmaf',
'mail' => 'wilmaf@guests.myuniversity.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($wilmaf, 'query', $this->consumerType);
// just see if the correct ones are derived.
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('comma freaks', $new_authorizations['drupal_role']));
$this
->assertTrue($correct_roles, 'user account wilmaf tested for granting drupal_role "comma freaks"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr.escaped');
$consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
$consumer_conf_admin
->save();
user_delete($user->uid);
/**
* test: same as previous test with quoted DN
*
* should return sysadmins and "punctuated,comma,freaks" which map to
* NULL and "comma freaks"
*/
$consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
$consumer_conf_admin
->save();
$user = $this
->drupalCreateUser(array());
$barneyr = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'barneyr',
'mail' => 'barneyr@guests.myuniversity.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($barneyr, 'query', $this->consumerType);
// just see if the correct ones are derived.
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('comma freaks', $new_authorizations['drupal_role']));
$this
->assertTrue($correct_roles, 'user account barneyr tested for granting drupal_role "comma freaks"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr.quoted');
$consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
$consumer_conf_admin
->save();
user_delete($user->uid);
/**
* test: PHP to transform Drupal login username to LDAP UserName attribute.
* convert verykool@gmail.com username to verykool ldap UserName attribute
*/
module_enable(array(
'php',
));
$php = " \$parts = explode(\"@\", \$name); \n if (count(\$parts) == 2) {\n print \$parts[0];\n }; \n ";
$this->testFunctions
->setFakeServerProperty('ldapauthor1', 'ldapToDrupalUserPhp', $php);
$user = $this
->drupalCreateUser(array());
$verykool = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'verykool@gmail.com',
'mail' => 'verykool@gmail.com',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType);
// just see if the correct ones are derived.
// correct roles imply username correctly transformed to authmap
$correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('netadmins', $new_authorizations['drupal_role']) && in_array('sysadmins', $new_authorizations['drupal_role']));
$this
->assertTrue($correct_roles, 'php transform drupal username verykool@gmail.com to ldap username attribute verykool"', $this->ldapTestId . '.ldapToDrupalUserPhp');
$this->testFunctions
->setFakeServerProperty('ldap_test_server__ldapauthor1', 'ldapToDrupalUserPhp', NULL);
user_delete($user->uid);
module_disable(array(
'php',
));
}