You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.2

ldap_user.test in Lightweight Directory Access Protocol (LDAP) 8.2

Same filename and directory in other branches
  1. 7.2 ldap_user/tests/ldap_user.test

File

ldap_user/tests/ldap_user.test
View source 
<?php

/**
 * @file
 * see getInfo() for test summary
 *
 *  @todo test for ldapUserConf->setSynchMapping()
 *  @todo test for ldapUserConf->ldapAssociateDrupalAccount($drupal_username)
 *
 */
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
class LdapUserUnitTests extends LdapTestCase {
  public static function getInfo() {
    return array(
      'name' => 'LDAP User Unit Tests',
      'description' => 'Test functions outside of real contexts.',
      'group' => 'LDAP User',
    );
  }
  function __construct($test_id = NULL) {
    parent::__construct($test_id);
  }
  public $module_name = 'ldap_user';
  protected $ldap_test_data;

  /**
   *  create one or more server configurations in such as way
   *  that this setUp can be a prerequisite for ldap_authentication and ldap_authorization
   */
  function setUp() {
    parent::setUp(array(
      'ldap_servers',
      'ldap_user',
      'ldap_authentication',
      'ldap_test',
    ));
    variable_set('ldap_simpletest', 2);
  }
  function tearDown() {
    parent::tearDown();
    variable_del('ldap_help_watchdog_detail');
    variable_del('ldap_simpletest');
  }

  /**
   * make sure install succeeds and ldap user functions/methods work
   */
  function testUnitTests() {

    // just to give warning if setup doesn't succeed.
    $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && config('ldap_test.settings')
      ->get('simpletest') > 0;
    $this
      ->assertTrue($setup_success, ' ldap_user setup successful', $this
      ->testId('setup'));
    $api_functions = array(
      'ldap_user_conf' => array(
        2,
        0,
      ),
      'ldap_user_synch_to_drupal' => array(
        3,
        1,
      ),
      'ldap_user_provision_to_drupal' => array(
        2,
        1,
      ),
      'ldap_user_ldap_provision_semaphore' => array(
        4,
        2,
      ),
      'ldap_user_token_replace' => array(
        3,
        2,
      ),
      'ldap_user_token_tokenize_entry' => array(
        5,
        2,
      ),
    );
    foreach ($api_functions as $api_function_name => $param_count) {
      $reflector = new ReflectionFunction($api_function_name);
      $this
        ->assertTrue(function_exists($api_function_name) && $param_count[1] == $reflector
        ->getNumberOfRequiredParameters() && $param_count[0] == $reflector
        ->getNumberOfParameters(), ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', $this
        ->testId($api_function_name . ' unchanged'));
    }
    $this
      ->assertTrue(drupal_cron_run(), t('Cron can run with ldap user enabled.'), $this
      ->testId('cron works'));

    // test user token functions
    $entity = new stdClass();
    $entity->lname['und'][0]['value'] = 'potter';
    $entity->house['und'][0]['value'] = 'Gryffindor';
    $entity->house['und'][1]['value'] = 'Privet Drive';
    $account = new stdClass();
    $account->mail = 'hpotter@hogwarts.edu';
    $mail = ldap_user_token_replace('[property.mail]', $account, $entity);
    $this
      ->assertTrue($mail == $account->mail, t('[property.mail] token worked on ldap_user_token_replace().'), $this
      ->testId('tokens.property'));
    $lname = ldap_user_token_replace('[field.lname]', $account, $entity);
    $this
      ->assertTrue($lname == $entity->lname['und'][0]['value'], t('[field.lname] token worked on ldap_user_token_replace().'), $this
      ->testId('tokens.property.field'));
    $house1 = ldap_user_token_replace('[field.house:1]', $account, $entity);
    $this
      ->assertTrue($house1 == $entity->house['und'][1]['value'], t('[field.house:1] token worked on ldap_user_token_replace().'), $this
      ->testId('tokens.property.field.ordinal'));

    //@todo need tests for :last and a multivalued attribute.  see http://drupal.org/node/1245736
    $sids = array(
      'activedirectory1',
    );
    $this
      ->prepTestData('hogwarts', $sids, 'default');

    // prepTestData($sids, 'provisionToDrupal', 'default');
    $ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
    $ldap_user_conf = ldap_user_conf('admin', TRUE);
    $this
      ->assertTrue(is_object($ldap_user_conf), t('ldap_conf class instantiated'), $this
      ->testId('construct ldapUserConf object'));
    $user_edit = array();
    $ldap_user = ldap_servers_get_user_ldap_data('hpotter', $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
    $desired_result = array(
      'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
      'mail' => 'hpotter@hogwarts.edu',
      'attr' => $ldap_server->entries['cn=hpotter,ou=people,dc=hogwarts,dc=edu'],
      'sid' => 'activedirectory1',
    );
    $array_diff = array_diff($ldap_user, $desired_result);
    $this
      ->assertTrue(count($array_diff) == 0, t('ldap_servers_get_user_ldap_data retrieved correct attributes and values'), $this
      ->testId('ldap_servers_get_user_ldap_data'));
    if (count($array_diff) != 0) {
      debug('ldap_servers_get_user_ldap_data failed.  resulting ldap data array:');
      debug($ldap_user);
      debug('desired result:');
      debug($desired_result);
      debug('array_diff:');
      debug($array_diff);
    }
    $ldap_todrupal_prov_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, 'all', TRUE);
    $ldap_user_conf
      ->entryToUserEdit($ldap_user, $user_edit, $ldap_todrupal_prov_server);
    unset($user_edit['pass']);
    $desired_result = array(
      'mail' => 'hpotter@hogwarts.edu',
      'name' => 'hpotter',
      'init' => 'hpotter@hogwarts.edu',
      'status' => 1,
      'signature' => '',
      'data' => array(
        'ldap_authentication' => array(
          'init' => array(
            'sid' => 'activedirectory1',
            'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
            'mail' => 'hpotter@hogwarts.edu',
          ),
        ),
      ),
      'ldap_user_puid' => array(
        'und' => array(
          0 => array(
            'value' => '101',
          ),
        ),
      ),
      'ldap_user_puid_property' => array(
        'und' => array(
          0 => array(
            'value' => 'guid',
          ),
        ),
      ),
      'ldap_user_puid_sid' => array(
        'und' => array(
          0 => array(
            'value' => 'activedirectory1',
          ),
        ),
      ),
      'ldap_user_current_dn' => array(
        'und' => array(
          0 => array(
            'value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
          ),
        ),
      ),
    );
    $array_diff = array_diff($user_edit, $desired_result);

    //@todo need better diff, this will give false positives in most cases

    //  debug('user_edit,desired_result,diff'); debug( array($user_edit, $desired_result, $array_diff));
    $this
      ->assertTrue(count($array_diff) == 0, t('ldapUserConf::entryToUserEdit retrieved correct property, field, and data values.'), $this
      ->testId('ldapUserConf::entryToUserEdit'));
    if (count($array_diff) != 0) {
      debug('ldapUserConf::entryToUserEdit failed.  resulting user edit array:');
      debug($user_edit);
      debug('desired result:');
      debug($desired_result);
      debug('array_diff:');
      debug($array_diff);
    }
    $is_synched_tests = array(
      LDAP_USER_EVENT_CREATE_DRUPAL_USER => array(
        0 => array(
          '[property.fake]',
          '[property.data]',
          '[property.uid]',
        ),
        1 => array(
          '[property.mail]',
          '[property.name]',
          '[field.ldap_user_puid]',
          '[field.ldap_user_puid_property]',
          '[field.ldap_user_puid_sid]',
          '[field.ldap_user_current_dn]',
        ),
      ),
      LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER => array(
        0 => array(
          '[property.fake]',
          '[property.data]',
          '[property.uid]',
          '[field.ldap_user_puid]',
          '[field.ldap_user_puid_property]',
          '[field.ldap_user_puid_sid]',
        ),
        1 => array(
          '[property.mail]',
          '[property.name]',
          '[field.ldap_user_current_dn]',
        ),
      ),
    );
    $debug = array();
    $fail = FALSE;
    foreach ($is_synched_tests as $prov_event => $tests) {
      foreach ($tests as $boolean_result => $attribute_tokens) {
        foreach ($attribute_tokens as $attribute_token) {
          $is_synched = $ldap_user_conf
            ->isSynched($attribute_token, array(
            $prov_event,
          ), LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER);

          // debug("is_synched_tests: is_synched=$is_synched, attribute_token=$attribute_token, prov_event=$prov_event");
          if ((int) $is_synched !== (int) $boolean_result) {
            $fail = TRUE;
            $debug[$attribute_token] = "isSynched({$attribute_token}, array({$prov_event}),\n              LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) returned {$is_synched} when it should have returned " . (int) $boolean_result;
          }
        }
      }
    }
    $this
      ->assertFalse($fail, t('ldapUserConf::isSynched works'), $this
      ->testId('ldapUserConf::isSynched'));
    if ($fail) {
      debug('ldapUserConf::isSynched failures:');
      debug($debug);
    }
    $this
      ->assertTrue($ldap_user_conf
      ->isDrupalAcctProvisionServer('activedirectory1'), t('isDrupalAcctProvisionServer works'), $this
      ->testId('isDrupalAcctProvisionServer'));
    $this
      ->assertFalse($ldap_user_conf
      ->isLdapEntryProvisionServer('activedirectory1'), t('isLdapEntryProvisionServer works'), $this
      ->testId('isLdapEntryProvisionServer'));
    $ldap_user_required_attributes = $ldap_user_conf
      ->getLdapUserRequiredAttributes(LDAP_USER_PROV_DIRECTION_ALL);
    $provision_enabled_truth = (bool) ($ldap_user_conf
      ->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE) && $ldap_user_conf
      ->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE) && !$ldap_user_conf
      ->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE));
    $this
      ->assertTrue($provision_enabled_truth, t('provisionEnabled works'), $this
      ->testId('provisionEnabled.1'));
    $provision_enabled_false = $ldap_user_conf
      ->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE) || $ldap_user_conf
      ->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE) || $ldap_user_conf
      ->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE);
    $this
      ->assertFalse($provision_enabled_false, t('provisionEnabled works'), $this
      ->testId('provisionEnabled.2'));
    $account = new stdClass();
    $account->name = 'hpotter';
    $params = array(
      'ldap_context' => 'ldap_user_prov_to_drupal',
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
    );
    list($ldap_entry, $error) = $ldap_user_conf
      ->drupalUserToLdapEntry($account, 'activedirectory1', $params);

    //  debug('ldap_entry'); debug($ldap_entry);
    $account = NULL;
    $user_edit = array(
      'name' => 'hpotter',
    );

    // test method provisionDrupalAccount()
    $hpotter = $ldap_user_conf
      ->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
    $hpotter = user_load_by_name('hpotter');
    $properties_set = $hpotter->name == 'hpotter' && $hpotter->mail == 'hpotter@hogwarts.edu' && $hpotter->init == 'hpotter@hogwarts.edu' && $hpotter->status == 1;
    $this
      ->assertTrue($properties_set, t('user name, mail, init, and status correctly populated for hpotter'), $this
      ->testId());
    $fields_set = isset($hpotter->ldap_user_puid['und'][0]['value']) && $hpotter->ldap_user_puid['und'][0]['value'] == '101' && isset($hpotter->ldap_user_puid_property['und'][0]['value']) && $hpotter->ldap_user_puid_property['und'][0]['value'] == 'guid' && isset($hpotter->ldap_user_puid_sid['und'][0]['value']) && $hpotter->ldap_user_puid_sid['und'][0]['value'] == 'activedirectory1' && isset($hpotter->ldap_user_current_dn['und'][0]['value']) && $hpotter->ldap_user_current_dn['und'][0]['value'] == 'cn=hpotter,ou=people,dc=hogwarts,dc=edu';
    $this
      ->assertTrue($fields_set, t('user ldap_user_puid, ldap_user_puid_property, ldap_user_puid_sid, and  ldap_user_current_dn correctly populated for hpotter'), $this
      ->testId('provisionDrupalAccount function test 3'));
    $data_diff = array_diff($hpotter->data['ldap_user'], array(
      'init' => array(
        'sid' => 'activedirectory1',
        'dn' => NULL,
        'mail' => 'hpotter@hogwarts.edu',
      ),
    ));
    $this
      ->assertTrue(count($data_diff) == 0, t('user->data array correctly populated for hpotter'), $this
      ->testId());

    // test account exists with correct username, mail, fname, puid, puidfield, dn
    // change some user mock ldap data first, (mail and fname) then synch
    $account = user_load_by_name('hpotter');
    $user_edit = NULL;
    $ldap_user_conf->ldapUserSynchMappings = array();
    $sid = 'activedirectory1';
    $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['[property.mail]'] = array(
      'sid' => $sid,
      'ldap_attr' => '[mail]',
      'user_attr' => '[property.mail]',
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'ldap_contexts' => array(
        'ldap_user_insert_drupal_user',
        'ldap_user_update_drupal_user',
        'ldap_authentication_authenticate',
      ),
      'prov_events' => array(
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ),
      'name' => 'Property: Mail',
      'enabled' => TRUE,
      'config_module' => 'ldap_servers',
      'prov_module' => 'ldap_user',
      'user_tokens' => '',
    );
    $ldap_user_conf
      ->save();
    $this->testFunctions
      ->setFakeServerUserAttribute($sid, 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'mail', 'hpotter@owlcarriers.com', 0);
    $ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);

    // clear server cache;
    $user = $ldap_user_conf
      ->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, NULL, TRUE);
    $hpotter = user_load_by_name('hpotter');
    $hpotter_uid = $hpotter->uid;
    $success = $hpotter->mail == 'hpotter@owlcarriers.com';
    $this
      ->assertTrue($success, t('synchToDrupalAccount worked for property (mail) for hpotter'), $this
      ->testId());
    if (!$success) {
      debug("hpotter mail after synchToDrupalAccount :" . $hpotter->mail);
      $ldap_server = ldap_servers_get_servers($sid, NULL, TRUE, TRUE);
      debug('ldap_server');
      debug($ldap_server);
    }

    /**
     * test for username change and provisioning with puid conflict
     * hpotter drupal user already exists and has correct puid
     * change samaccountname value (puid field) of hpotter ldap entry and attempt to provision account with new username (hpotterbrawn)
     * return should be old drupal account (same uid)
     */
    $this->testFunctions
      ->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'samaccountname', 'hpotter-granger', 0);
    $account = NULL;
    $user_edit = array(
      'name' => 'hpotter-granger',
    );
    $hpottergranger = $ldap_user_conf
      ->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
    $this->testFunctions
      ->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'samaccountname', 'hpotter', 0);
    $pass = is_object($hpottergranger) && is_object($hpotter) && $hpotter->uid == $hpottergranger->uid;
    $this
      ->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and synched instead of creating a conflicted drupal account.'), $this
      ->testId('provisionDrupalAccount function test with existing user with same puid'));
    if (!$pass) {
      debug('hpotter');
      debug($hpotter);
      debug('hpottergranger');
      debug($hpottergranger);
    }
    $authmaps = user_get_authmaps('hpotter-granger');
    $pass = $authmaps['ldap_user'] == 'hpotter-granger';
    $this
      ->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and fixed authmap.'), $this
      ->testId());
    $pass = is_object($hpottergranger) && $hpottergranger->name == 'hpotter-granger';
    $this
      ->assertTrue($pass, t('provisionDrupalAccount recognized PUID conflict and fixed username.'), $this
      ->testId());
    $user_edit = array(
      'name' => 'hpotter',
    );
    $hpotter = user_save($hpottergranger, $user_edit, 'ldap_user');

    // delete and recreate test account to make sure account is in correct state
    $ldap_user_conf
      ->deleteDrupalAccount('hpotter');
    $this
      ->assertFalse(user_load($hpotter_uid, TRUE), t('deleteDrupalAccount deleted hpotter successfully'), $this
      ->testId());
    $ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE, TRUE);
    $ldap_server
      ->refreshFakeData();
    $account = NULL;
    $user_edit = array(
      'name' => 'hpotter',
    );
    $hpotter = $ldap_user_conf
      ->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
  }
  function testProvisionToDrupal() {

    /**
     * test that $ldap_user_conf->synchToDrupalAccount() works for various contexts.
     * make sure changing when a given field/property is flagged for a particular context, everything works
     * tests one property (property.mail) and one field (field.field_lname) as well as username, puid
     */

    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
    $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && config('ldap_test.settings')
      ->get('simpletest') > 0;
    $this
      ->assertTrue($setup_success, ' ldap_user setup successful', $this
      ->testId("setup"));
    $sid = 'activedirectory1';
    $sids = array(
      $sid,
    );
    $this
      ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
    $tests = array();
    $tests[] = array(
      'disabled' => 0,
      'user' => 'hpotter',
      'field_name' => 'field_lname',
      'field_values' => array(
        array(
          'sn' => 'Potter',
        ),
        array(
          'sn' => 'Pottery-Chard',
        ),
      ),
      'field_results' => array(
        'Potter',
        'Pottery-Chard',
      ),
      // first value is what is desired on synch, second if no sycn
      'mapping' => array(
        'sid' => $sid,
        'name' => 'Field: Last Name',
        'ldap_attr' => '[SN]',
        'user_attr' => '[field.field_lname]',
        'convert' => 0,
        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_DRUPAL_USER,
          LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
        ),
        'user_tokens' => '',
        'config_module' => 'ldap_user',
        'prov_module' => 'ldap_user',
        'enabled' => TRUE,
      ),
    );

    // test for compound tokens
    $tests[] = array(
      'disabled' => 0,
      'user' => 'hpotter',
      'field_name' => 'field_display_name',
      'field_values' => array(
        array(
          'givenname' => 'Harry',
          'sn' => 'Potter',
        ),
        array(
          'givenname' => 'Sir Harry',
          'sn' => 'Potter',
        ),
      ),
      'field_results' => array(
        'Harry Potter',
        'Sir Harry Potter',
      ),
      // desired results
      'mapping' => array(
        'sid' => $sid,
        'ldap_attr' => '[givenName] [sn]',
        'user_attr' => '[field.field_display_name]',
        'convert' => 0,
        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_DRUPAL_USER,
          LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
        ),
        'name' => 'Field: Display Name',
        'enabled' => TRUE,
        'config_module' => 'ldap_user',
        'prov_module' => 'ldap_user',
        'user_tokens' => '',
      ),
    );

    // test for constants in use (e.g. "Smith" and "0") instead of tokens e.g. "[sn]" and "[enabled]"
    $tests[] = array(
      'disabled' => 0,
      'user' => 'hpotter',
      'field_name' => 'field_lname',
      'field_values' => array(
        array(
          'sn' => 'Potter1',
        ),
        array(
          'sn' => 'Potter2',
        ),
      ),
      'field_results' => array(
        'Smith',
        'Smith',
      ),
      'mapping' => array(
        'sid' => $sid,
        'name' => 'Field: Last Name',
        'ldap_attr' => 'Smith',
        // testing of a constant mapped to a field.  that is everyone should have last name smith
        'user_attr' => '[field.field_lname]',
        'convert' => 0,
        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_DRUPAL_USER,
          LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
        ),
        'user_tokens' => '',
        'config_module' => 'ldap_user',
        'prov_module' => 'ldap_user',
        'enabled' => TRUE,
      ),
    );

    // test for compound tokens
    $tests[] = array(
      'disabled' => 0,
      'user' => 'hpotter',
      'property_name' => 'signature',
      'property_values' => array(
        array(
          'cn' => 'hpotter',
        ),
        array(
          'cn' => 'hpotter2',
        ),
      ),
      'property_results' => array(
        'hpotter@hogwarts.edu',
        'hpotter2@hogwarts.edu',
      ),
      'mapping' => array(
        'sid' => $sid,
        'ldap_attr' => '[cn]@hogwarts.edu',
        'user_attr' => '[property.signature]',
        'convert' => 0,
        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_DRUPAL_USER,
          LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
        ),
        'name' => 'Property: Signature',
        'enabled' => TRUE,
        'config_module' => 'ldap_servers',
        'prov_module' => 'ldap_user',
        'user_tokens' => '',
      ),
    );
    $tests[] = array(
      'disabled' => 0,
      'user' => 'hpotter',
      'property_name' => 'mail',
      'property_values' => array(
        array(
          'mail' => 'hpotter@hogwarts.edu',
        ),
        array(
          'mail' => 'hpotter@owlmail.com',
        ),
      ),
      'property_results' => array(
        'hpotter@hogwarts.edu',
        'hpotter@owlmail.com',
      ),
      'mapping' => array(
        'sid' => $sid,
        'ldap_attr' => '[mail]',
        'user_attr' => '[property.mail]',
        'convert' => 0,
        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_DRUPAL_USER,
          LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
        ),
        'name' => 'Property: Mail',
        'enabled' => TRUE,
        'config_module' => 'ldap_servers',
        'prov_module' => 'ldap_user',
        'user_tokens' => '',
      ),
    );
    $tests[] = array(
      'disabled' => 0,
      'user' => 'hpotter',
      'property_name' => 'status',
      'property_values' => array(
        array(
          0 => 'z',
        ),
        array(
          0 => 'z',
        ),
      ),
      'property_results' => array(
        0,
        0,
      ),
      'mapping' => array(
        'sid' => $sid,
        'ldap_attr' => '0',
        'user_attr' => '[property.status]',
        // testing of a constant mapped to property
        'convert' => 0,
        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_DRUPAL_USER,
        ),
        'name' => 'Property: Status',
        'enabled' => TRUE,
        'config_module' => 'ldap_servers',
        'prov_module' => 'ldap_user',
        'user_tokens' => '',
      ),
    );

    // @todo test with binary field
    // @todo case sensitivity in tokens and user_attr in mappings
    $test_prov_events = array(
      LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER => array(
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
      ),
      LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY => array(
        LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
        LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
      ),
    );
    $this->privileged_user = $this
      ->drupalCreateUser(array(
      'administer site configuration',
      'administer users',
    ));

    /** Tests for various synch contexts **/
    foreach ($tests as $j => $test) {
      $field_name = isset($test['field_name']) ? $test['field_name'] : FALSE;
      $property_name = isset($test['property_name']) ? $test['property_name'] : FALSE;
      $direction = $property_name ? $test['mapping']['direction'] : $test['mapping']['direction'];
      foreach ($test_prov_events[$direction] as $i => $prov_event) {

        // test for each provision event
        // 1. set fake ldap values for field and property in fake ldap server
        // and clear out mappings and set to provision account with test field and prop[0] on provision
        $ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE);
        $this
          ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
        $ldap_user_conf = ldap_user_conf('admin', TRUE);
        if ($property_name) {
          $token_attributes = array();
          ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);
          foreach ($token_attributes as $attr_name => $attr_parts) {
            $this->testFunctions
              ->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', $attr_name, $test['property_values'][0][$attr_name], 0);
          }
          $property_token = '[property.' . $property_name . ']';
          $ldap_user_conf->ldapUserSynchMappings[$direction][$property_token] = $test['mapping'];
        }
        if ($field_name) {
          $token_attributes = array();
          ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);

          //debug('token_attributes'); debug($token_attributes);
          foreach ($token_attributes as $attr_name => $attr_parts) {
            $this->testFunctions
              ->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', $attr_name, $test['field_values'][0][drupal_strtolower($attr_name)], 0);
          }
          $field_token = '[field.' . $field_name . ']';
          $ldap_user_conf->ldapUserSynchMappings[$direction][$field_token] = $test['mapping'];
        }
        $ldap_user_conf
          ->save();
        $ldap_user_conf = ldap_user_conf('admin', TRUE);

        // debug("ldap_user_conf in prep field_token=$field_token"); debug($ldap_user_conf->synchMapping); debug($ldap_user_conf->ldapUserSynchMappings);
        ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
        ldap_servers_flush_server_cache();

        // 2. delete user
        $username = $test['user'];
        $user_object = user_load_by_name($username);
        if (is_object($user_object)) {
          user_delete($user_object->uid);

          // watch out for this.
        }

        // 3. create new user with provisionDrupalAccount
        $account = NULL;
        $user_edit = array(
          'name' => $username,
        );

        // $this->ldapTestId = $this->module_name . ': provisionDrupalAccount function test';
        $result = $ldap_user_conf
          ->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
        list($user_object, $user_entity) = ldap_user_load_user_acct_and_entity($username);
        if ($property_name) {
          if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$property_token]['prov_events'])) {

            // if intended to synch
            $property_success = $user_object->{$property_name} == $test['property_results'][0];
            $this
              ->assertTrue($property_success, t("provisionDrupalAccount worked for property {$property_name}"), $this
              ->testId(":provisionDrupalAccount.i={$j}.prov_event={$prov_event}"));
            if (!$property_success) {
              debug('field fail,' . $property_name);
              debug($user_entity->{$property_name});
              debug($test['property_results'][0]);

              //debug($user_entity);
            }
          }
          else {

            // debug("property_name=$property_name not configured to provisionDrupalAccount on drupal user create for direction=$direction and prov_event=$prov_event");
          }
        }
        if ($field_name) {

          // debug("property_name=$property_name, prov_event=$prov_event, direction=$direction, field_token=$field_token, sid=$sid, ldap_user_conf->ldapUserSynchMappings $direction - $sid"); debug($ldap_user_conf->ldapUserSynchMappings[$direction][$sid]);
          if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$field_token]['prov_events'])) {

            // if intended to synch
            $field_success = isset($user_entity->{$field_name}['und'][0]['value']) && $user_entity->{$field_name}['und'][0]['value'] == $test['field_results'][0];
            $this
              ->assertTrue($field_success, t("provisionDrupalAccount worked for field {$field_name}"), $this
              ->testId(":provisionDrupalAccount.i={$j}.prov_event={$prov_event}"));
            if (!$field_success) {
              debug('field fail,' . $field_name);
              debug($user_entity->{$field_name});
              debug($test['field_results'][0]);

              //debug($user_entity);
            }
          }
          else {
            debug("field_name={$field_name} not configured to provisionDrupalAccount on drupal user create for direction={$direction} and prov_event={$prov_event}");
          }
        }
        ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
      }

      /**
       * manually create drupal user with option of not ldap associated checked
       */
      if ($hpotter = user_load_by_name('hpotter')) {
        user_delete($hpotter->uid);
      }
      $this
        ->assertFalse(user_load_by_name('hpotter'), t('hpotter removed before manual account creation test'), $this
        ->testId('manual non ldap account created'));
      $this
        ->drupalLogout();
      $this
        ->drupalLogin($this->privileged_user);
      $this
        ->drupalGet('admin/people/create');
      $edit = array(
        'name' => 'hpotter',
        'mail' => 'hpotter@hogwarts.edu',
        'pass[pass1]' => 'goodpwd',
        'pass[pass2]' => 'goodpwd',
        'notify' => FALSE,
        'ldap_user_association' => LDAP_USER_MANUAL_ACCT_CONFLICT_NO_LDAP_ASSOCIATE,
      );
      $this
        ->drupalPost('admin/people/create', $edit, t('Create new account'));
      $hpotter = user_load_by_name('hpotter');
      $this
        ->assertTrue($hpotter, t('hpotter created via ui form'), $this
        ->testId('manual non ldap account created'));
      $this
        ->assertTrue($hpotter && !ldap_user_is_ldap_associated($hpotter), t('hpotter not ldap associated'), $this
        ->testId('manual non ldap account created'));
    }

    /**
     * $entry = $servers['activedirectory1']->dnExists($desired_dn, 'ldap_entry');
     * $this->assertFalse($entry, t("Corresponding LDAP entry deleted when Drupal Account deleted for " . $username), $this->ldapTestId);
     */
  }

}
class LdapUserIntegrationTests extends LdapTestCase {
  public static function getInfo() {
    return array(
      'name' => 'LDAP User Integration Tests',
      'description' => 'Test provisioning and synching in real contexts such as account creation on logon, synching on user edit, etc.',
      'group' => 'LDAP User',
    );
  }
  function __construct($test_id = NULL) {
    parent::__construct($test_id);
  }
  public $module_name = 'ldap_user';
  protected $ldap_test_data;

  /**
   *  create one or more server configurations in such as way
   *  that this setUp can be a prerequisite for ldap_authentication and ldap_authorization
   */
  function setUp() {
    parent::setUp(array(
      'ldap_user',
      'ldap_test',
    ));
    variable_set('ldap_simpletest', 2);
  }
  function tearDown() {
    parent::tearDown();
    variable_del('ldap_help_watchdog_detail');
    variable_del('ldap_simpletest');
  }

  /**
   * integration tests for provisioning to ldap
   */
  function testProvisionToLdap() {

    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
    $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && config('ldap_test.settings')
      ->get('simpletest') > 0;
    $this
      ->assertTrue($setup_success, ' ldap_user setup successful', $this
      ->testId("setup"));
    foreach (array(
      'activedirectory1',
      'openldap1',
    ) as $test_sid) {
      $sids = array(
        $test_sid,
      );
      $this
        ->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid);

      // this will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc
      $ldap_user_conf = ldap_user_conf('default', TRUE);

      // 9.B. Create and approve new user, populating first and last name.
      $username = 'bhautdeser';
      if ($user = user_load_by_name($username)) {
        user_delete($user->uid);
      }
      $user_edit = array(
        'name' => $username,
        'mail' => $username . '@hogwarts.org',
        'pass' => user_password(),
        'status' => 1,
      );
      $user_acct = new stdClass();
      $user_acct->is_new = TRUE;
      $user_acct->field_fname['und'][0]['value'] = 'Bercilak';
      $user_acct->field_lname['und'][0]['value'] = 'Hautdesert';
      $servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
      $desired_dn = "cn=bhautdeser,ou=people,dc=hogwarts,dc=edu";
      $pre_entry = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $drupal_account = user_save($user_acct, $user_edit);
      $ldap_entry_post = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $ldap_entry_success = $ldap_entry_post && $ldap_entry_post['cn'][0] == 'bhautdeser' && $ldap_entry_post['displayname'][0] == 'Bercilak Hautdesert' && $ldap_entry_post['sn'][0] == 'Hautdesert' && $ldap_entry_post['guid'][0] == '151' && $ldap_entry_post['provisionsource'][0] == 'drupal.hogwarts.edu';
      $this
        ->assertTrue($ldap_entry_success, t("provision of ldap entry on user create succeeded for " . $username), $this
        ->testId("test for provision to ldap on drupal acct create"));
      if (!$ldap_entry_success) {
        debug('drupal_account');
        debug($drupal_account);
        debug("desired_dn={$desired_dn}, ldap_entry_post=");
        debug($ldap_entry_post);
        debug('ldap_user_conf');
        debug($ldap_user_conf);
      }
      ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);

      // need to reset for simpletests
      // Change lastname and first name (in drupal) and save user to test ldapSynch event handler
      // confirm that appropriate attributes were changed in ldap entry
      $ldap_entry_pre = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $user_acct_pre = user_load_by_name('bhautdeser');
      $edit = array();
      $edit['field_fname']['und'][0]['value'] = 'Bredbeddle';
      $edit['field_lname']['und'][0]['value'] = 'Hautdesert';
      $user_acct = user_save($user_acct, $edit);
      $user_acct_post = user_load_by_name('bhautdeser');
      $servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);

      // clear cache
      $ldap_entry_post = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $ldap_entry_success = $ldap_entry_post['givenname'][0] == 'Bredbeddle' && $ldap_entry_post['displayname'][0] == 'Bredbeddle Hautdesert' && $ldap_entry_post['sn'][0] == 'Hautdesert';
      $this
        ->assertTrue($ldap_entry_success, t("synch to ldap entry on user save succeeded for " . $username), $this
        ->testId());
      if (!$ldap_entry_success) {
        debug("dn={$desired_dn}");
        debug('drupal_account pre');
        debug($user_acct_pre);
        debug('drupal_account post');
        debug($user_acct_post);
        debug('ldap_entry_pre');
        debug($ldap_entry_pre);
        debug('ldap_entry_post');
        debug($ldap_entry_post);
        debug('ldap_user_conf');
        debug($ldap_user_conf);
      }

      // Change username and first name (in drupal) and save user to test ldapSynch event handler
      // confirm that appropriate attributes were changed in ldap entry
      $ldap_entry_pre = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $user_acct_pre = user_load_by_name('bhautdeser');
      $edit = array();
      $edit['field_fname']['und'][0]['value'] = 'Bredbeddle';
      $edit['field_lname']['und'][0]['value'] = 'Hautdesert';
      $user_acct = user_save($user_acct, $edit);
      $user_acct_post = user_load_by_name('bhautdeser');
      $servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);

      // clear cache
      $ldap_entry_post = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $ldap_entry_success = $ldap_entry_post['givenname'][0] == 'Bredbeddle' && $ldap_entry_post['displayname'][0] == 'Bredbeddle Hautdesert' && $ldap_entry_post['sn'][0] == 'Hautdesert';
      $this
        ->assertTrue($ldap_entry_success, t("synch to ldap entry on user save succeeded for " . $username), $this
        ->testId());
      if (!$ldap_entry_success) {
        debug("dn={$desired_dn}");
        debug('drupal_account pre');
        debug($user_acct_pre);
        debug('drupal_account post');
        debug($user_acct_post);
        debug('ldap_entry_pre');
        debug($ldap_entry_pre);
        debug('ldap_entry_post');
        debug($ldap_entry_post);
        debug('ldap_user_conf');
        debug($ldap_user_conf);
      }
    }

    /**
     * provisionToLdapEmailVerification
     * use case where a user self creates and confirms a drupal account and
     *  a corresponding ldap entry with password is created
     */
    $password_tests = array(
      '[password.user-random]' => 'goodpwd',
      '[password.random]' => 'random',
    );
    foreach ($password_tests as $password_token => $password_result) {
      $test_id = "provisionToLdapEmailVerification {$password_token}, {$test_sid}";
      ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);

      // need to reset for simpletests

      /**
       * provisionToLdapEmailVerification setup
       */
      $this
        ->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid);

      // this will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc
      $ldap_user_conf = ldap_user_conf('admin', TRUE);
      $ldap_user_conf->drupalAcctProvisionServer = 0;

      // turn off provisioning to drupal
      $ldap_user_conf->ldapEntryProvisionServer = $test_sid;
      $ldap_user_conf->ldapEntryProvisionTriggers = array(
        LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE,
        LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE,
      );
      $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY]['[password]'] = array(
        'sid' => $test_sid,
        'ldap_attr' => '[password]',
        'user_attr' => 'user_tokens',
        'convert' => 0,
        'user_tokens' => $password_token,
        'config_module' => 'ldap_user',
        'synch_module' => 'ldap_user',
        'enabled' => 1,
        'prov_events' => array(
          LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
          LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
        ),
      );
      $ldap_user_conf
        ->save();
      $ldap_user_conf = ldap_user_conf('default', TRUE);

      // debug('ldap_user_conf after provisionToLdapEmailVerification setup'); debug($ldap_user_conf);
      variable_set('user_email_verification', TRUE);
      variable_set('user_register', USER_REGISTER_VISITORS);

      // or USER_REGISTER_ADMINISTRATORS_ONLY, USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL
      variable_set('user_cancel_method', 'user_cancel_block');

      // user_cancel_block_unpublish, user_cancel_reassign, user_cancel_delete
      $username = 'sstephens';
      $this
        ->drupalLogout();
      if ($sstephens = user_load_by_name($username)) {
        user_delete($sstephens->uid);
      }

      /**
       * provisionToLdapEmailVerification test
       */
      $this
        ->drupalGet('user/register');

      // user register form
      $edit = array(
        'name' => $username,
        'mail' => $username . '@hogwarts.edu',
      );
      $this
        ->createTestUserFields();

      // this will create last and first name fields
      $this
        ->drupalPost('user/register', $edit, t('Create new account'));
      $sstephens = user_load_by_name($username);

      //can't derive login url, must get it from outgoing email because timestamp in hash is not stored in user_mail_tokens()
      $emails = $this
        ->drupalGetMails();
      $email_body = $emails[count($emails) - 1]['body'];

      // most recent email is the one of interest
      $result = array();
      preg_match_all('/(user\\/reset\\/.*)This link can only be/s', $email_body, $result, PREG_PATTERN_ORDER);
      if (count($result == 2)) {
        $login_path = trim($result[1][0]);
        $this
          ->drupalGet($login_path);

        // user login form
        $sstephens = user_load_by_name($username);
        $this
          ->drupalPost($login_path, array(), t('Log in'));
        $sstephens = user_load_by_name($username);
        $edit = array(
          'mail' => $username . '@hogwarts.edu',
          'pass[pass1]' => 'goodpwd',
          'pass[pass2]' => 'goodpwd',
          'field_fname[und][0][value]' => 'Samantha',
          'field_lname[und][0][value]' => 'Stephens',
        );
        $this
          ->drupalPost(NULL, $edit, t('Save'));
        $sstephens = user_load_by_name($username);
        $servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);

        // clear cache
        $desired_dn = "cn={$username},ou=people,dc=hogwarts,dc=edu";
        $ldap_entry_post = $servers[$test_sid]
          ->dnExists($desired_dn, 'ldap_entry');
        $password_success = is_array($ldap_entry_post) && ($password_token == '[password.random]' && $ldap_entry_post['password'][0] && $ldap_entry_post['password'][0] != 'goodpwd' || $password_token == '[password.user-random]' && $ldap_entry_post['password'][0] == $password_result);
        $ldap_entry_success = $password_success && $ldap_entry_post['cn'][0] == $username && $ldap_entry_post['displayname'][0] == 'Samantha Stephens' && $ldap_entry_post['provisionsource'][0] == 'drupal.hogwarts.edu' && $ldap_entry_post['sn'][0] == 'Stephens' && $ldap_entry_post['givenname'][0] == 'Samantha';
      }
      else {
        $ldap_entry_success = FALSE;
      }
      $this
        ->assertTrue($ldap_entry_success, t("correct ldap entry created for " . $username), $this
        ->testId($test_id));
      if (!$ldap_entry_success) {
        debug("password_success={$password_success},password_token,password_result: {$password_token}, {$password_result}");
        debug('ldap_user_conf');
        debug($ldap_user_conf);
        debug('ldap_entry_post');
        debug($ldap_entry_post);
        debug('user');
        debug($sstephens);
      }

      /**
      * @todo functional tests

      do a password reset of some sort
      try to add a drupal user that conflicts with an ldap user
      try a binary fields such as a user profile image
      */
    }

    // test deletion of drupal entry on deletion of drupal user
    foreach (array(
      'activedirectory1',
      'openldap1',
    ) as $test_sid) {
      $test_id = $test_sid;

      // 1. setup
      $sids = array(
        $test_sid,
      );
      $this
        ->prepTestData('hogwarts', $sids, 'provisionToLdap_' . $test_sid);

      // this will create the proper ldap_user configuration from ldap_test/ldap_user.conf.inc
      $ldap_user_conf = ldap_user_conf('admin', TRUE);
      if (!in_array(LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE, $ldap_user_conf->ldapEntryProvisionTriggers)) {
        $ldap_user_conf->ldapEntryProvisionTriggers[] = LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE;
      }
      $ldap_user_conf->provisionsLdapEntriesFromDrupalUsers = TRUE;
      $ldap_user_conf
        ->save();
      $username = 'bhautdeser';
      if ($user = user_load_by_name($username)) {
        user_delete($user->uid);
      }
      $user_edit = array(
        'name' => $username,
        'mail' => $username . '@hogwarts.org',
        'pass' => user_password(),
        'status' => 1,
      );
      $user_acct = new stdClass();
      $user_acct->is_new = TRUE;
      $user_acct->field_fname['und'][0]['value'] = 'Bercilak';
      $user_acct->field_lname['und'][0]['value'] = 'Hautdesert';
      $servers = ldap_servers_get_servers(NULL, NULL, FALSE, TRUE);
      $desired_dn = "cn=bhautdeser,ou=people,dc=hogwarts,dc=edu";
      $pre_entry = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $drupal_account = user_save($user_acct, $user_edit);
      $ldap_entry_pre_delete = $servers[$test_sid]
        ->dnExists($desired_dn, 'ldap_entry');
      $ldap_entry = $ldap_user_conf
        ->getProvisionRelatedLdapEntry($drupal_account);

      // 2. test
      user_delete($drupal_account->uid);
      $ldap_server = ldap_servers_get_servers($test_sid, 'all', TRUE, TRUE);
      $ldap_entry_post_delete = $ldap_server
        ->dnExists($desired_dn, 'ldap_entry');
      $success = !$ldap_entry_post_delete;
      $this
        ->assertTrue($success, t("ldap entry removed for {$username} on drupal user delete with deletion enabled."), $this
        ->testId($test_id));
      if (!$success) {
        debug(" desired_dn={$desired_dn} test_sid={$test_sid}, ldap entry post:");
        debug($ldap_entry_post_delete);
      }
    }
  }

  /**
  * test cron function for dealing with ldap associated users who no longer have
  * ldap entries
  *  - fix search in fake server to deal with general or queries
    *
    *  simpletest approach:
    *  - loop through all options for user_cancel
    *      ldap_user_orphan_email
         user_cancel_block, user_cancel_block_unpublish,
          user_cancel_reassign, user_cancel_delete
    *    - automatically generate 70 ldap users with cns hpotter1-hpotter300
    *    - create 75 corresponding drupal uses that are ldap identified
    *    - delete 10 of the ldap entries
    *    - run cron
    *    - test for drupal accounts being dealt with correctly and or email sent
  */
  function testDrupalAccountsOrphaned() {

    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
    $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && config('ldap_test.settings')
      ->get('simpletest') > 0;
    $this
      ->assertTrue($setup_success, ' ldap_user setup successful', $this
      ->testId('orphaned entries tests'));
    $sids = array(
      'activedirectory1',
    );
    $this
      ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
    $ldap_user_conf = ldap_user_conf('admin');
    $drupal_form = $ldap_user_conf
      ->drupalForm();
    $account_options = $drupal_form['basic_to_drupal']['orphanedDrupalAcctBehavior']['#options'];
    $cn_to_account = array();
    $ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);

    // debug("ldap_server"); debug(is_object($ldap_server));
    foreach ($account_options as $account_option => $account_option_text) {

      // debug("$account_option - $account_option_text");
      $sids = array(
        'activedirectory1',
      );
      $this
        ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
      $ldap_user_conf->orphanedDrupalAcctBehavior = $account_option;
      $ldap_user_conf
        ->save();
      $test_id = "ldap_user.orphans.{$account_option}";
      $test_text = "Test of orphaned Drupal account option: {$account_option_text}";
      $success = FALSE;

      // create 70 drupal accounts (clone0 to clone69) based on corresponding ldap entries
      $first_clone_username = 'clone0';
      $last_clone_username = 'clone' . (LDAP_TEST_USER_ORPHAN_CLONE_COUNT - 1);
      for ($i = 0; $i < LDAP_TEST_USER_ORPHAN_CLONE_COUNT; $i++) {

        // 70
        $name = "clone" . $i;

        //debug("create clone $name, activedirectory1");
        $account = $this
          ->createLdapIdentifiedDrupalAccount($ldap_user_conf, $name, 'activedirectory1');
        $cn_to_account[$name] = $account;

        //debug("new account"); debug($account);
      }

      //  debug($cn_to_account['clone0']);
      //  debug($cn_to_account[$last_clone_username]);
      // delete 10 ldap entries
      $clone_first_uid = $cn_to_account[$first_clone_username]->uid;
      $clone_last_uid = $cn_to_account[$last_clone_username]->uid;
      $clone_first = user_load($clone_first_uid, TRUE);
      $clone_last = user_load($clone_last_uid, TRUE);

      //debug("pre ldap delete, clone0 and cloneN $first_clone_username and $last_clone_username"); debug($clone_first);debug($clone_last); //debug($ldap_server->entries);
      $delete = LDAP_TEST_USER_ORPHAN_CLONE_COUNT - LDAP_TEST_USER_ORPHAN_CLONE_REMOVE_COUNT;
      for ($i = 0; $i < $delete; $i++) {
        $name = "clone" . $i;
        $account = $cn_to_account[$name];

        //debug("delete ldap entry: ". $account->ldap_user_current_dn['und'][0]['value']);

        //  ?? is it possible the ldap delete hook is causing the drupal user to get populated with empty values?
        $ldap_server
          ->delete($account->ldap_user_current_dn['und'][0]['value']);
      }
      $clone_first = user_load($clone_first_uid, TRUE);
      $clone_last = user_load($clone_last_uid, TRUE);

      //debug("post ldap delete and pre cron, clone0 and cloneN"); debug($clone_first->status);debug($clone_last->status);// debug($ldap_server->entries);
      drupal_cron_run();
      $clone_first = user_load($clone_first_uid, TRUE);
      $clone_last = user_load($clone_last_uid, TRUE);

      //debug("post cron, clone0 and cloneN"); debug($clone_first->status);debug($clone_last->status); //debug($ldap_server->entries);
      switch ($account_option) {
        case 'ldap_user_orphan_do_not_check':
          $test_uids = array();
          for ($i = 0; $i < LDAP_TEST_USER_ORPHAN_CLONE_COUNT; $i++) {

            // 70
            $name = "clone" . $i;
            $test_uids[] = @$cn_to_account[$name]->uid;

            //debug($account);
          }
          $success = TRUE;
          $accounts = user_load_multiple($test_uids);

          // debug("accounts for $test_id"); debug($accounts);
          foreach ($accounts as $uid => $account) {
            if ($account->status != 1) {
              $success = FALSE;
              break;
            }
          }
          if ($success) {
            $success = $clone_last && $clone_last->status == 1;
            if (!$success) {

              // debug("success = $success, status=" . $clone_last->status);
            }
          }
          break;
        case 'ldap_user_orphan_email':

          // debug('ldap_user_orphan_email');
          // test is if email has 10 users and was sent
          $emails = $this
            ->drupalGetMails();
          if (count($emails)) {
            $email_body = $emails[count($emails) - 1]['body'];

            // most recent email is the one of interest
            $success = strpos($email_body, "The following {$delete} Drupal users") !== FALSE;
          }
          else {
            $success = FALSE;
          }
          break;
        case 'user_cancel_block':
        case 'user_cancel_block_unpublish':

          //debug('user_cancel_block');

          // test is if clone0-clone9 have a status of 0
          // and clone12,11... have a status of 1
          $test_uids = array();
          for ($i = 0; $i < $delete; $i++) {

            // 70
            $name = "clone" . $i;
            $test_uids[] = @$cn_to_account[$name]->uid;
          }
          $success = TRUE;
          $accounts = user_load_multiple($test_uids);
          foreach ($accounts as $uid => $account) {
            if ($account->status != 0) {
              $success = FALSE;
              break;
            }
          }
          if ($success) {
            $clone_last = user_load($clone_last_uid, TRUE);
            $success = $clone_last && $clone_last->status == 1;
          }
          break;
        case 'user_cancel_reassign':
        case 'user_cancel_delete':

          // test is if clone0-clone9 are deleted
          // and clone12,11... have a status of 1
          $test_uids = array();
          for ($i = 0; $i < $delete; $i++) {

            // 70
            $name = "clone" . $i;
            $test_uids[] = @$cn_to_account[$name]->uid;

            //debug($account);
          }
          $success = TRUE;
          $accounts = user_load_multiple($test_uids);
          $success = count($accounts) == LDAP_TEST_USER_ORPHAN_CLONE_COUNT;
          if ($success) {
            $clone_last = user_load($clone_last_uid, TRUE);
            $success = $clone_last && $clone_last->status == 1;
          }
          break;
      }
      $this
        ->assertTrue($success, $test_id, $test_text);

      // remove all drupal users except 1 for next test
      foreach ($cn_to_account as $cn => $account) {
        @user_delete($account->uid);
      }
    }
  }
  function createLdapIdentifiedDrupalAccount($ldap_user_conf, $name, $sid) {
    $account = NULL;
    $user_edit = array(
      'name' => $name,
    );
    $user = $ldap_user_conf
      ->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
    return user_load($user->uid, TRUE);
  }

}
class LdapUserUITests extends LdapTestCase {
  public static function getInfo() {
    return array(
      'name' => 'LDAP User User Interface',
      'description' => 'Test ldap user admin interface.',
      'group' => 'LDAP User',
    );
  }
  function __construct($test_id = NULL) {
    parent::__construct($test_id);
  }
  public $module_name = 'ldap_user';
  protected $ldap_test_data;

  /**
   *  create one or more server configurations in such as way
   *  that this setUp can be a prerequisite for ldap_authentication and ldap_authorization
   */
  function setUp() {
    parent::setUp(array(
      'ldap_user',
      'ldap_test',
    ));
    variable_set('ldap_simpletest', 2);
  }
  function tearDown() {
    parent::tearDown();
    variable_del('ldap_help_watchdog_detail');
    variable_del('ldap_simpletest');
  }

  /**
   * make sure user admin interface works.  (its a beast)
   */
  function testUI() {

    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
    $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && config('ldap_test.settings')
      ->get('simpletest') > 0;
    $this
      ->assertTrue($setup_success, ' ldap_user setup successful', $this
      ->testId('user interface tests'));
    $sids = array(
      'activedirectory1',
    );
    $this
      ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
    $this->privileged_user = $this
      ->drupalCreateUser(array(
      'administer site configuration',
      'administer users',
    ));
    $this
      ->drupalLogin($this->privileged_user);
    $ldap_user_conf = ldap_user_conf();

    //  debug('ldap_user_conf before form submission'); debug($ldap_user_conf);
    $this
      ->drupalGet('admin/config/people/ldap/user');

    // Populate the field settings with new settings.
    $sid = 'activedirectory1';
    $edit_direct_map = array(
      'manualAccountConflict' => LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE,
      'drupalAcctProvisionServer' => $sid,
      'userConflictResolve' => LDAP_USER_CONFLICT_LOG,
      'acctCreation' => LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT,
      'orphanedDrupalAcctBehavior' => 'ldap_user_orphan_email',
      'orphanedCheckQty' => '50',
      'ldapEntryProvisionServer' => $sid,
    );

    // 'wsEnabled' => TRUE, 'wsKey' => $wsKey,
    // 'wsUserIps' => join("\n", $wsUserIps),
    $edit = $edit_direct_map + array(
      'drupalAcctProvisionTriggers[' . LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE . ']' => TRUE,
      'drupalAcctProvisionTriggers[' . LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE . ']' => TRUE,
      '1__sm__ldap_attr__6' => '[sn]',
      '1__sm__convert__6' => FALSE,
      '1__sm__user_attr__6' => '[field.field_lname]',
      '1__sm__1__6' => TRUE,
      '1__sm__2__6' => TRUE,
      '1__sm__ldap_attr__7' => '[givenname]',
      '1__sm__convert__7' => FALSE,
      '1__sm__user_attr__7' => '[field.field_fname]',
      '1__sm__1__7' => TRUE,
      '1__sm__2__7' => TRUE,
      'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE . ']' => TRUE,
      'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE . ']' => TRUE,
      'ldapEntryProvisionTriggers[' . LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE . ']' => TRUE,
      '2__sm__user_attr__0' => 'user_tokens',
      '2__sm__user_tokens__0' => 'Drupal provisioned account for [property.uid]',
      '2__sm__convert__0' => FALSE,
      '2__sm__ldap_attr__0' => '[description]',
      '2__sm__4__3' => TRUE,
      '2__sm__4__3' => TRUE,
      '2__sm__user_attr__1' => '[property.uid]',
      '2__sm__user_tokens__1' => '',
      '2__sm__convert__1' => TRUE,
      '2__sm__ldap_attr__1' => '[guid]',
      '2__sm__4__1' => TRUE,
      '2__sm__4__1' => TRUE,
      '2__sm__user_attr__2' => 'user_tokens',
      '2__sm__user_tokens__2' => 'cn=[property.name]ou=people,dc=hogwarts,dc=edu',
      '2__sm__convert__2' => FALSE,
      '2__sm__ldap_attr__2' => '[dn]',
      '2__sm__4__2' => TRUE,
      '2__sm__4__2' => TRUE,
    );
    $this
      ->drupalPost('admin/config/people/ldap/user', $edit, t('Save'));
    $ldap_user_conf = ldap_user_conf(NULL, TRUE);

    // debug('edit'); debug($edit); debug('user conf object after save'); debug($ldap_user_conf);
    foreach ($edit_direct_map as $property => $value) {
      $this
        ->assertTrue($ldap_user_conf->{$property} == $value, $property . ' ' . t('field set correctly'), $this
        ->testId('user interface tests'));
    }

    // $this->assertTrue(
    //   ($ldap_user_conf->wsUserIps[0] == $wsUserIps[0] && $ldap_user_conf->wsUserIps[1] == $wsUserIps[1])
    //  , t('webserice ips set correctly'), $this->testId('user interface tests'));
    $this
      ->assertTrue(isset($ldap_user_conf->drupalAcctProvisionTriggers[LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE]) && isset($ldap_user_conf->drupalAcctProvisionTriggers[LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE]), t('drupal provision triggers set correctly'), $this
      ->testId('user interface tests'));
    $this
      ->assertTrue(isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE]) && isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE]) && isset($ldap_user_conf->ldapEntryProvisionTriggers[LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE]), t('ldap provision triggers  set correctly'), $this
      ->testId('user interface tests'));
    $field_token = '[field.field_lname]';
    $field_lname_set_correctly = $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['enabled'] == TRUE && $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['ldap_attr'] == '[sn]';
    $this
      ->assertTrue($field_lname_set_correctly, t('Synch mapping for field.field_lname  field set correctly'), $this
      ->testId('user interface tests'));
    if (!$field_lname_set_correctly) {
      debug('ldap_user_conf->synchMapping[direction][field.field_lname]');
      debug($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['field.field_lname']);
    }
    $field_token = '[field.field_fname]';
    $field_fname_set_correctly = $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['enabled'] == TRUE && $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['direction'] == 1 && $ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER][$field_token]['ldap_attr'] == '[givenname]';
    $this
      ->assertTrue($field_fname_set_correctly, t('Synch mapping for field.field_lname  field set correctly'), $this
      ->testId('user interface tests'));
    if (!$field_fname_set_correctly) {
      debug('ldap_user_conf->synchMapping[direction][field.field_lname]');
      debug($ldap_user_conf->ldapUserSynchMappings[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER]['field.field_lname']);
    }
  }

}

Classes

Namesort descending Description
LdapUserIntegrationTests
LdapUserUITests
LdapUserUnitTests