function LdapUserUnitTests::testProvisionToDrupal in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches

1. 7.2 ldap_user/tests/ldap_user.test \LdapUserUnitTests::testProvisionToDrupal()

File

ldap_user/tests/ldap_user.test, line 371

Class

LdapUserUnitTests

Code

function testProvisionToDrupal() {

  /**
   * test that $ldap_user_conf->synchToDrupalAccount() works for various contexts.
   * make sure changing when a given field/property is flagged for a particular context, everything works
   * tests one property (property.mail) and one field (field.field_lname) as well as username, puid
   */

  // just to give warning if setup doesn't succeed.  may want to take these out at some point.
  $setup_success = module_exists('ldap_user') && module_exists('ldap_servers') && config('ldap_test.settings')
    ->get('simpletest') > 0;
  $this
    ->assertTrue($setup_success, ' ldap_user setup successful', $this
    ->testId("setup"));
  $sid = 'activedirectory1';
  $sids = array(
    $sid,
  );
  $this
    ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
  $tests = array();
  $tests[] = array(
    'disabled' => 0,
    'user' => 'hpotter',
    'field_name' => 'field_lname',
    'field_values' => array(
      array(
        'sn' => 'Potter',
      ),
      array(
        'sn' => 'Pottery-Chard',
      ),
    ),
    'field_results' => array(
      'Potter',
      'Pottery-Chard',
    ),
    // first value is what is desired on synch, second if no sycn
    'mapping' => array(
      'sid' => $sid,
      'name' => 'Field: Last Name',
      'ldap_attr' => '[SN]',
      'user_attr' => '[field.field_lname]',
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'prov_events' => array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ),
      'user_tokens' => '',
      'config_module' => 'ldap_user',
      'prov_module' => 'ldap_user',
      'enabled' => TRUE,
    ),
  );

  // test for compound tokens
  $tests[] = array(
    'disabled' => 0,
    'user' => 'hpotter',
    'field_name' => 'field_display_name',
    'field_values' => array(
      array(
        'givenname' => 'Harry',
        'sn' => 'Potter',
      ),
      array(
        'givenname' => 'Sir Harry',
        'sn' => 'Potter',
      ),
    ),
    'field_results' => array(
      'Harry Potter',
      'Sir Harry Potter',
    ),
    // desired results
    'mapping' => array(
      'sid' => $sid,
      'ldap_attr' => '[givenName] [sn]',
      'user_attr' => '[field.field_display_name]',
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'prov_events' => array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ),
      'name' => 'Field: Display Name',
      'enabled' => TRUE,
      'config_module' => 'ldap_user',
      'prov_module' => 'ldap_user',
      'user_tokens' => '',
    ),
  );

  // test for constants in use (e.g. "Smith" and "0") instead of tokens e.g. "[sn]" and "[enabled]"
  $tests[] = array(
    'disabled' => 0,
    'user' => 'hpotter',
    'field_name' => 'field_lname',
    'field_values' => array(
      array(
        'sn' => 'Potter1',
      ),
      array(
        'sn' => 'Potter2',
      ),
    ),
    'field_results' => array(
      'Smith',
      'Smith',
    ),
    'mapping' => array(
      'sid' => $sid,
      'name' => 'Field: Last Name',
      'ldap_attr' => 'Smith',
      // testing of a constant mapped to a field.  that is everyone should have last name smith
      'user_attr' => '[field.field_lname]',
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'prov_events' => array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ),
      'user_tokens' => '',
      'config_module' => 'ldap_user',
      'prov_module' => 'ldap_user',
      'enabled' => TRUE,
    ),
  );

  // test for compound tokens
  $tests[] = array(
    'disabled' => 0,
    'user' => 'hpotter',
    'property_name' => 'signature',
    'property_values' => array(
      array(
        'cn' => 'hpotter',
      ),
      array(
        'cn' => 'hpotter2',
      ),
    ),
    'property_results' => array(
      'hpotter@hogwarts.edu',
      'hpotter2@hogwarts.edu',
    ),
    'mapping' => array(
      'sid' => $sid,
      'ldap_attr' => '[cn]@hogwarts.edu',
      'user_attr' => '[property.signature]',
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'prov_events' => array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ),
      'name' => 'Property: Signature',
      'enabled' => TRUE,
      'config_module' => 'ldap_servers',
      'prov_module' => 'ldap_user',
      'user_tokens' => '',
    ),
  );
  $tests[] = array(
    'disabled' => 0,
    'user' => 'hpotter',
    'property_name' => 'mail',
    'property_values' => array(
      array(
        'mail' => 'hpotter@hogwarts.edu',
      ),
      array(
        'mail' => 'hpotter@owlmail.com',
      ),
    ),
    'property_results' => array(
      'hpotter@hogwarts.edu',
      'hpotter@owlmail.com',
    ),
    'mapping' => array(
      'sid' => $sid,
      'ldap_attr' => '[mail]',
      'user_attr' => '[property.mail]',
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'prov_events' => array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ),
      'name' => 'Property: Mail',
      'enabled' => TRUE,
      'config_module' => 'ldap_servers',
      'prov_module' => 'ldap_user',
      'user_tokens' => '',
    ),
  );
  $tests[] = array(
    'disabled' => 0,
    'user' => 'hpotter',
    'property_name' => 'status',
    'property_values' => array(
      array(
        0 => 'z',
      ),
      array(
        0 => 'z',
      ),
    ),
    'property_results' => array(
      0,
      0,
    ),
    'mapping' => array(
      'sid' => $sid,
      'ldap_attr' => '0',
      'user_attr' => '[property.status]',
      // testing of a constant mapped to property
      'convert' => 0,
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
      'prov_events' => array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
      ),
      'name' => 'Property: Status',
      'enabled' => TRUE,
      'config_module' => 'ldap_servers',
      'prov_module' => 'ldap_user',
      'user_tokens' => '',
    ),
  );

  // @todo test with binary field
  // @todo case sensitivity in tokens and user_attr in mappings
  $test_prov_events = array(
    LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER => array(
      LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      LDAP_USER_EVENT_CREATE_DRUPAL_USER,
    ),
    LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY => array(
      LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
      LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
    ),
  );
  $this->privileged_user = $this
    ->drupalCreateUser(array(
    'administer site configuration',
    'administer users',
  ));

  /** Tests for various synch contexts **/
  foreach ($tests as $j => $test) {
    $field_name = isset($test['field_name']) ? $test['field_name'] : FALSE;
    $property_name = isset($test['property_name']) ? $test['property_name'] : FALSE;
    $direction = $property_name ? $test['mapping']['direction'] : $test['mapping']['direction'];
    foreach ($test_prov_events[$direction] as $i => $prov_event) {

      // test for each provision event
      // 1. set fake ldap values for field and property in fake ldap server
      // and clear out mappings and set to provision account with test field and prop[0] on provision
      $ldap_server = ldap_servers_get_servers('activedirectory1', 'enabled', TRUE);
      $this
        ->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
      $ldap_user_conf = ldap_user_conf('admin', TRUE);
      if ($property_name) {
        $token_attributes = array();
        ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);
        foreach ($token_attributes as $attr_name => $attr_parts) {
          $this->testFunctions
            ->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', $attr_name, $test['property_values'][0][$attr_name], 0);
        }
        $property_token = '[property.' . $property_name . ']';
        $ldap_user_conf->ldapUserSynchMappings[$direction][$property_token] = $test['mapping'];
      }
      if ($field_name) {
        $token_attributes = array();
        ldap_servers_token_extract_attributes($token_attributes, $test['mapping']['ldap_attr']);

        //debug('token_attributes'); debug($token_attributes);
        foreach ($token_attributes as $attr_name => $attr_parts) {
          $this->testFunctions
            ->setFakeServerUserAttribute('activedirectory1', 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', $attr_name, $test['field_values'][0][drupal_strtolower($attr_name)], 0);
        }
        $field_token = '[field.' . $field_name . ']';
        $ldap_user_conf->ldapUserSynchMappings[$direction][$field_token] = $test['mapping'];
      }
      $ldap_user_conf
        ->save();
      $ldap_user_conf = ldap_user_conf('admin', TRUE);

      // debug("ldap_user_conf in prep field_token=$field_token"); debug($ldap_user_conf->synchMapping); debug($ldap_user_conf->ldapUserSynchMappings);
      ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
      ldap_servers_flush_server_cache();

      // 2. delete user
      $username = $test['user'];
      $user_object = user_load_by_name($username);
      if (is_object($user_object)) {
        user_delete($user_object->uid);

        // watch out for this.
      }

      // 3. create new user with provisionDrupalAccount
      $account = NULL;
      $user_edit = array(
        'name' => $username,
      );

      // $this->ldapTestId = $this->module_name . ': provisionDrupalAccount function test';
      $result = $ldap_user_conf
        ->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
      list($user_object, $user_entity) = ldap_user_load_user_acct_and_entity($username);
      if ($property_name) {
        if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$property_token]['prov_events'])) {

          // if intended to synch
          $property_success = $user_object->{$property_name} == $test['property_results'][0];
          $this
            ->assertTrue($property_success, t("provisionDrupalAccount worked for property {$property_name}"), $this
            ->testId(":provisionDrupalAccount.i={$j}.prov_event={$prov_event}"));
          if (!$property_success) {
            debug('field fail,' . $property_name);
            debug($user_entity->{$property_name});
            debug($test['property_results'][0]);

            //debug($user_entity);
          }
        }
        else {

          // debug("property_name=$property_name not configured to provisionDrupalAccount on drupal user create for direction=$direction and prov_event=$prov_event");
        }
      }
      if ($field_name) {

        // debug("property_name=$property_name, prov_event=$prov_event, direction=$direction, field_token=$field_token, sid=$sid, ldap_user_conf->ldapUserSynchMappings $direction - $sid"); debug($ldap_user_conf->ldapUserSynchMappings[$direction][$sid]);
        if (in_array($prov_event, $ldap_user_conf->ldapUserSynchMappings[$direction][$field_token]['prov_events'])) {

          // if intended to synch
          $field_success = isset($user_entity->{$field_name}['und'][0]['value']) && $user_entity->{$field_name}['und'][0]['value'] == $test['field_results'][0];
          $this
            ->assertTrue($field_success, t("provisionDrupalAccount worked for field {$field_name}"), $this
            ->testId(":provisionDrupalAccount.i={$j}.prov_event={$prov_event}"));
          if (!$field_success) {
            debug('field fail,' . $field_name);
            debug($user_entity->{$field_name});
            debug($test['field_results'][0]);

            //debug($user_entity);
          }
        }
        else {
          debug("field_name={$field_name} not configured to provisionDrupalAccount on drupal user create for direction={$direction} and prov_event={$prov_event}");
        }
      }
      ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE);
    }

    /**
     * manually create drupal user with option of not ldap associated checked
     */
    if ($hpotter = user_load_by_name('hpotter')) {
      user_delete($hpotter->uid);
    }
    $this
      ->assertFalse(user_load_by_name('hpotter'), t('hpotter removed before manual account creation test'), $this
      ->testId('manual non ldap account created'));
    $this
      ->drupalLogout();
    $this
      ->drupalLogin($this->privileged_user);
    $this
      ->drupalGet('admin/people/create');
    $edit = array(
      'name' => 'hpotter',
      'mail' => 'hpotter@hogwarts.edu',
      'pass[pass1]' => 'goodpwd',
      'pass[pass2]' => 'goodpwd',
      'notify' => FALSE,
      'ldap_user_association' => LDAP_USER_MANUAL_ACCT_CONFLICT_NO_LDAP_ASSOCIATE,
    );
    $this
      ->drupalPost('admin/people/create', $edit, t('Create new account'));
    $hpotter = user_load_by_name('hpotter');
    $this
      ->assertTrue($hpotter, t('hpotter created via ui form'), $this
      ->testId('manual non ldap account created'));
    $this
      ->assertTrue($hpotter && !ldap_user_is_ldap_associated($hpotter), t('hpotter not ldap associated'), $this
      ->testId('manual non ldap account created'));
  }

  /**
   * $entry = $servers['activedirectory1']->dnExists($desired_dn, 'ldap_entry');
   * $this->assertFalse($entry, t("Corresponding LDAP entry deleted when Drupal Account deleted for " . $username), $this->ldapTestId);
   */
}