View source
<?php
namespace Drupal\samlauth\Tests;
use Drupal\samlauth\Controller\SamlController;
use Drupal\Tests\BrowserTestBase;
use Drupal\Component\Serialization\Yaml;
use Drupal\Core\Test\AssertMailTrait;
use Drupal\Core\Url;
use Drupal\user\RoleInterface;
class SamlTest extends BrowserTestBase {
use AssertMailTrait {
getMails as drupalGetMails;
}
public static $modules = [
'samlauth',
];
public static function getInfo() {
return [
'name' => 'Tests SAML authentication',
'description' => 'Functional tests for the samlauth module functionality.',
'group' => 'samlauth',
];
}
protected $defaultTheme = 'stark';
public function setUp() {
parent::setUp();
$config = drupal_get_path('module', 'samlauth') . '/test_resources/samlauth.authentication.yml';
$config = file_get_contents($config);
$config = Yaml::decode($config);
\Drupal::configFactory()
->getEditable('samlauth.authentication')
->setData($config)
->save();
}
public function testAdminPage() {
$web_user = $this
->drupalCreateUser([
'configure saml',
]);
$this
->drupalLogin($web_user);
$this
->drupalGet('admin/config/people/saml');
$this
->assertText('Login / Logout', 'Login / Logout fieldset present');
$this
->assertText('Service Provider', 'SP fieldset present');
$this
->assertText('Identity Provider', 'iDP fieldset present');
$this
->assertText('User Info and Syncing', 'User Info and Syncing fieldset present');
$this
->assertText('SAML Message Construction', 'SAML Message Construction fieldset present');
$this
->assertText('SAML Message Validation', 'SAML Message Validation fieldset present');
}
public function testMetadata() {
$web_user = $this
->drupalCreateUser([
'view sp metadata',
]);
$this
->drupalLogin($web_user);
$this
->drupalGet('saml/metadata');
$this
->assertResponse(200, 'SP metadata is accessible');
$this
->assertRaw('entityID="samlauth"', 'Entity ID found in the metadata');
}
public function testPasswordReset() {
$core_msg_mail_sent = version_compare(\Drupal::VERSION, '9.2.0-dev') >= 0 ? 'an email will be sent with instructions to reset your password.' : 'Further instructions have been sent to your email address.';
$mails = $this
->drupalGetMails();
$initial_count_mails = count($mails);
$config = \Drupal::configFactory()
->getEditable(SamlController::CONFIG_OBJECT_NAME);
$web_user = $this
->drupalCreateUser();
$this
->drupalLogin($web_user);
$this
->assertEquals(FALSE, $config
->get('local_login_saml_error'), "'local_login_saml_error' config is FALSE.");
$this
->drupalGet('user/password');
$this
->submitForm([], 'Submit');
$this
->assertSession()
->responseContains($core_msg_mail_sent);
$mails = $this
->drupalGetMails();
$this
->assertEquals($initial_count_mails + 1, count($mails));
\Drupal::service('externalauth.authmap')
->save($web_user, 'samlauth', $this
->randomString());
$this
->drupalGet('user/password');
$this
->submitForm([], 'Submit');
$this
->assertSession()
->responseContains($core_msg_mail_sent);
$mails = $this
->drupalGetMails();
$this
->assertEquals($initial_count_mails + 1, count($mails));
$config
->set('local_login_saml_error', TRUE)
->save();
$this
->drupalGet('user/password');
$this
->submitForm([], 'Submit');
$this
->assertSession()
->responseContains('This user is only allowed to log in through an external authentication provider.');
$this
->assertSession()
->responseNotContains($core_msg_mail_sent);
$mails = $this
->drupalGetMails();
$this
->assertEquals($initial_count_mails + 1, count($mails));
\Drupal::configFactory()
->getEditable(SamlController::CONFIG_OBJECT_NAME)
->set('drupal_login_roles', [
RoleInterface::AUTHENTICATED_ID,
])
->save();
$this
->submitForm([], 'Submit');
$this
->assertSession()
->responseContains($core_msg_mail_sent);
$mails = $this
->drupalGetMails();
$this
->assertEquals($initial_count_mails + 2, count($mails));
$this
->drupalLogout();
$this
->drupalLogin($web_user);
$this
->drupalLogout();
\Drupal::configFactory()
->getEditable(SamlController::CONFIG_OBJECT_NAME)
->set('drupal_login_roles', [])
->save();
$this
->drupalGet(Url::fromRoute('user.login'));
$this
->submitForm([
'name' => $web_user
->getAccountName(),
'pass' => $web_user->passRaw,
], t('Log in'));
$this
->assertSession()
->responseContains('This user is only allowed to log in through an external authentication provider.');
$config
->set('local_login_saml_error', FALSE)
->save();
$this
->drupalGet(Url::fromRoute('user.login'));
$this
->submitForm([
'name' => $web_user
->getAccountName(),
'pass' => $web_user->passRaw,
], t('Log in'));
$this
->assertSession()
->responseNotContains('This user is only allowed to log in through an external authentication provider.');
$this
->assertSession()
->responseContains('Unrecognized username or password.');
}
}