You are here

simple_ldap_role.test in Simple LDAP 7

Same filename and directory in other branches
  1. 7.2 simple_ldap_role/simple_ldap_role.test

Tests for Simple LDAP Role module.

File

simple_ldap_role/simple_ldap_role.test
View source
<?php

/**
 * @file
 * Tests for Simple LDAP Role module.
 */
abstract class SimpleLdapRoleTestCase extends SimpleLdapUserTestCase {
  protected $ldapGroup;

  /**
   * Inherited parent::setUp().
   */
  public function setUp() {

    // Get the live simple_ldap_role configuration.
    $basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
    $scope = simple_ldap_role_variable_get('simple_ldap_role_scope');
    $objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
    $attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    $attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
    $attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
    $attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');
    $filter = simple_ldap_role_variable_get('simple_ldap_role_filter');
    $source = simple_ldap_role_variable_get('simple_ldap_role_source');
    $sync = simple_ldap_role_variable_get('simple_ldap_role_sync');

    // Create the simpletest sandbox.
    $modules = func_get_args();
    if (isset($modules[0]) && is_array($modules[0])) {
      $modules = $modules[0];
    }
    parent::setUp($modules);

    // Enable the simple_ldap_role module.
    $modules = array(
      'simple_ldap_role',
    );
    $success = module_enable($modules);
    $this
      ->assertTrue($success, t('Enabled modules: %modules', array(
      '%modules' => implode(', ', $modules),
    )));

    // Configure the sandbox simple_ldap_role instance.
    variable_set('simple_ldap_role_basedn', $basedn);
    variable_set('simple_ldap_role_scope', $scope);
    variable_set('simple_ldap_role_objectclass', $objectclass);
    variable_set('simple_ldap_role_attribute_name', $attribute_name);
    variable_set('simple_ldap_role_attribute_member', $attribute_member);
    variable_set('simple_ldap_role_attribute_member_format', $attribute_member_format);
    variable_set('simple_ldap_role_attribute_member_default', $attribute_member_default);
    variable_set('simple_ldap_role_filter', $filter);
    variable_set('simple_ldap_role_source', $source);
    variable_set('simple_ldap_role_sync', $sync);

    // Create an LDAP group entry to use during testing.
    $name = $this
      ->randomName();
    $this->ldapGroup = new SimpleLdapRole($name);
    $this->ldapGroup
      ->addUser($this->ldapUser[0]);
    $this->ldapGroup
      ->save();

    // If now exception is thrown by save(), then the save was successful, but
    // reload the object and show the DN to make the tester feel better.
    $this->ldapGroup = new SimpleLdapRole($name);
    $this
      ->assertTrue($this->ldapGroup->exists, t(':dn was added to LDAP', array(
      ':dn' => $this->ldapGroup->dn,
    )));
  }

  /**
   * Inherited parent::tearDown().
   */
  protected function tearDown() {
    $this->ldapGroup
      ->delete();
    parent::tearDown();
  }

}
class SimpleLdapRoleCreateDrupalRoleTestCase extends SimpleLdapRoleTestCase {

  /**
   * Inherited parent::getInfo().
   */
  public static function getInfo() {
    return array(
      'name' => 'Create Drupal Role',
      'description' => 'Tests that LDAP groups are created appropriately when a Drupal role is created.',
      'group' => 'Simple LDAP Role',
    );
  }

  /**
   * Creates a drupal role, and verifies LDAP.
   */
  public function testCreateRole() {

    // Get module configurations.
    $objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
    $attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
    $attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');

    // Generate a randome group name.
    $name = $this
      ->randomName();

    // Log in as User 1.
    $this
      ->drupalUser1Login();

    // Submit the form to add a new Drupal role.
    $edit = array(
      'name' => $name,
    );
    $this
      ->drupalPost('admin/people/permissions/roles', $edit, t('Add role'));
    $this
      ->assertText(t('The role has been added'), t('The @role role was added to Drupal', array(
      '@role' => $name,
    )));

    // Load the LDAP group.
    $ldap_group = new SimpleLdapRole($name);
    $members = $ldap_group->{$attribute_member};

    // Get a list of required attributes for the configured objectclass.
    $server = SimpleLdapServer::singleton();
    $must = array();
    foreach ($objectclass as $o) {
      foreach ($server->schema
        ->must($o, TRUE) as $m) {
        if (!in_array($m, $must)) {
          $must[] = strtolower($m);
        }
      }
    }

    // The LDAP group should have only been created if either there is a default
    // member configured, or the member attribute is not required (allowing an
    // empty group).
    if (!in_array($attribute_member, $must)) {

      // Test that the LDAP entry was created.
      $this
        ->assertTrue($ldap_group->exists, t(':dn is present in the LDAP directory', array(
        ':dn' => $ldap_group->dn,
      )));
      if (!empty($attribute_member_default)) {

        // Test that the default user was added to the LDAP group.
        $this
          ->assertTrue(in_array($attribute_member_default, $members, TRUE), t('The default user, :default, was added as a member of :dn', array(
          ':default' => $attribute_member_default,
          ':dn' => $ldap_group->dn,
        )));
      }
    }
    else {

      // The member attribute is required, whether the group was created depends
      // on if there is a default group configured.
      if (!empty($attribute_member_default)) {

        // Test that the group was created, and the default user was added.
        $this
          ->assertTrue($ldap_group->exists, t(':dn is present in the LDAP directory', array(
          ':dn' => $ldap_group->dn,
        )));
        $this
          ->assertTrue(in_array($attribute_member_default, $members, TRUE), t('The default user, :default, was added as a member of :dn', array(
          ':default' => $attribute_member_default,
          ':dn' => $ldap_group->dn,
        )));
      }
      else {

        // Test that the group was not created.
        $this
          ->assertFalse($ldap_group->exists, t(':dn is not present in the LDAP directory', array(
          ':dn' => $ldap_group->dn,
        )));
      }
    }

    // Cleanup.
    $ldap_group
      ->delete();
  }

}
class SimpleLdapRoleUpdateDrupalRoleTestCase extends SimpleLdapRoleTestCase {

  /**
   * Inherited parent::getInfo().
   */
  public static function getInfo() {
    return array(
      'name' => 'Update Drupal Role',
      'description' => 'Tests that LDAP groups are modified when a Drupal role is updated.',
      'group' => 'Simple LDAP Role',
    );
  }

  /**
   * Updates a Drupal role, and verifies LDAP.
   */
  public function testUpdateRole() {

    // Get module configurations.
    $attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    $attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');

    // Load/Create a Drupal role with the same name as the test LDAP group.
    $drupal_role = user_role_load_by_name($this->ldapGroup->{$attribute_name}[0]);
    if (!$drupal_role) {
      $rid = $this
        ->drupalCreateRole(array(), $this->ldapGroup->{$attribute_name}[0]);
      $drupal_role = user_role_load($rid);
    }

    // Log in as user 1.
    $this
      ->drupalUser1Login();

    // Populate the role edit form variables.
    $edit = array(
      'name' => $drupal_role->name . ' modified',
    );

    // Submit the role edit form.
    $this
      ->drupalPost('admin/people/permissions/roles/edit/' . $drupal_role->rid, $edit, t('Save role'));
    $this
      ->assertText('The role has been renamed.', t('The drupal role was updated'));

    // Load the group from LDAP and check that it was updated.
    $ldap_group = new SimpleLdapRole($drupal_role->name . ' modified');
    $this
      ->assertTrue($ldap_group->exists, t('The :dn test group exists in LDAP.', array(
      ':dn' => $ldap_group->dn,
    )));

    // Repopulate the role edit form variables.
    $edit = array(
      'name' => $this->ldapGroup->{$attribute_name}[0],
    );

    // Submit the role edit form to restore the group to its original value.
    $this
      ->drupalPost('admin/people/permissions/roles/edit/' . $drupal_role->rid, $edit, t('Save role'));

    // Verify that the group was restored.
    $ldap_group = new SimpleLdapRole($this->ldapGroup->{$attribute_name}[0]);
    $this
      ->assertTrue($ldap_group->exists, t('The :dn test group was restored in LDAP.', array(
      ':dn' => $ldap_group->dn,
    )));
  }

}
class SimpleLdapRoleDeleteDrupalRoleTestCase extends SimpleLdapRoleTestCase {

  /**
   * Inherited parent::getInfo().
   */
  public static function getInfo() {
    return array(
      'name' => 'Delete Drupal Role',
      'description' => 'Tests that LDAP groups are deleted when a Drupal role is deleted.',
      'group' => 'Simple LDAP Role',
    );
  }

  /**
   * Deletes a Drupal role, and checks LDAP.
   */
  public function testDeleteRole() {

    // Get module configurations.
    $attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    $attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');

    // Load/Create a drupal role with the same name as the test LDAP group.
    $drupal_role = user_role_load_by_name($this->ldapGroup->{$attribute_name}[0]);
    if (!$drupal_role) {
      $rid = $this
        ->drupalCreateRole(array(), $this->ldapGroup->{$attribute_name}[0]);
      $drupal_role = user_role_load($rid);
    }

    // Log in as user 1.
    $this
      ->drupalUser1Login();

    // Submit the role edit form.
    $this
      ->drupalPost('admin/people/permissions/roles/edit/' . $drupal_role->rid, array(), t('Delete role'));
    $this
      ->assertText('Are you sure you want to delete the role ' . $drupal_role->name, t('Proceed to step 2 of deleting a role.'));
    $this
      ->drupalPost('admin/people/permissions/roles/delete/' . $drupal_role->rid, array(), t('Delete'));
    $this
      ->assertText('The role has been deleted.', t('The Drupal role was deleted'));

    // Try to load the group from LDAP, and verify that it was deleted.
    $ldap_group = new SimpleLdapRole($this->ldapGroup->{$attribute_name}[0]);
    $this
      ->assertFalse($ldap_group->exists, t('The :dn test group was deleted from LDAP.', array(
      ':dn' => $ldap_group->dn,
    )));
  }

}
class SimpleLdapRoleChangeDrupalUserRoleTestCase extends SimpleLdapRoleTestCase {

  /**
   * Inherited parent::getInfo().
   */
  public static function getInfo() {
    return array(
      'name' => 'Change Drupal roles',
      'description' => 'Changes the roles on a Drupal user, and tests that the LDAP is updated appropriately.',
      'group' => 'Simple LDAP Role',
    );
  }

  /**
   * Changes a user's drupal roles.
   */
  public function testChangeDrupalUserRole() {

    // Load configuration variables.
    $user_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
    $role_attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    $role_attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
    $role_attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');

    // Get the member attribute string to use as the comparison.
    switch ($role_attribute_member_format) {
      case 'name':
        $member = $this->ldapUser[1]->{$user_attribute_name}[0];
        break;
      case 'dn':
      default:
        $member = $this->ldapUser[1]->dn;
    }

    // Initialize a user account object.
    $account = new stdClass();
    $account->name = $this->ldapUser[1]->{$user_attribute_name}[0];
    $account->pass_raw = $this->userPassword[1];

    // Log in with the test user. This should create/sync an LDAP user.
    $this
      ->drupalLogin($account);

    // Run cron to sync the LDAP groups to Drupal roles.
    $this
      ->cronRun();

    // Load the Drupal user.
    $drupal_user = user_load_by_name($this->ldapUser[1]->{$user_attribute_name}[0]);
    $this
      ->assertNotIdentical($drupal_user, FALSE, t(':name user exists in Drupal', array(
      ':name' => $this->ldapUser[1]->{$user_attribute_name}[0],
    )));

    // Load the Drupal role.
    $drupal_role = user_role_load_by_name($this->ldapGroup->{$role_attribute_name}[0]);
    $this
      ->assertNotIdentical($drupal_role, FALSE, t(':name role exists in Drupal', array(
      ':name' => $this->ldapGroup->{$role_attribute_name}[0],
    )));

    // Log in as user 1.
    $this
      ->drupalUser1Login();

    // Populate the user edit form.
    $edit = array(
      'roles[' . $drupal_role->rid . ']' => TRUE,
    );

    // Submit the user edit form.
    $this
      ->drupalPost('user/' . $drupal_user->uid . '/edit', $edit, t('Save'));
    $this
      ->assertText(t('The changes have been saved.'), t('The changes have been saved.'));

    // Reload the LDAP group.
    $ldap_group = new SimpleLdapRole($drupal_role->name);
    $members = $ldap_group->{$role_attribute_member};

    // Verify that the LDAP user is now a member of the LDAP group.
    $this
      ->assertTrue(in_array($member, $members, TRUE), t(':member is a member of the :group LDAP group', array(
      ':member' => $member,
      ':group' => $ldap_group->dn,
    )));

    // Repopulate the user edit form.
    $edit = array(
      'roles[' . $drupal_role->rid . ']' => FALSE,
    );

    // Submit the user edit form.
    $this
      ->drupalPost('user/' . $drupal_user->uid . '/edit', $edit, t('Save'));
    $this
      ->assertText(t('The changes have been saved.'), t('The changes have been saved.'));

    // Reload the LDAP group.
    $ldap_group = new SimpleLdapRole($drupal_role->name);
    $members = $ldap_group->{$role_attribute_member};

    // Verify that the LDAP user is no longer a member of the LDAP group.
    $this
      ->assertFalse(in_array($member, $members, TRUE), t(':member was removed from the :group LDAP group', array(
      ':member' => $member,
      ':group' => $ldap_group->dn,
    )));

    // Repopulate the user edit form again.
    $edit = array(
      'roles[' . $drupal_role->rid . ']' => TRUE,
    );

    // Submit the user edit form.
    $this
      ->drupalPost('user/' . $drupal_user->uid . '/edit', $edit, t('Save'));
    $this
      ->assertText(t('The changes have been saved.'), t('The changes have been saved.'));

    // Reload the LDAP group.
    $ldap_group = new SimpleLdapRole($drupal_role->name);
    $members = $ldap_group->{$role_attribute_member};

    // Verify that the LDAP user is a member of the LDAP group again.
    $this
      ->assertTrue(in_array($member, $members, TRUE), t(':member is a member of the :group LDAP group', array(
      ':member' => $member,
      ':group' => $ldap_group->dn,
    )));
  }

}
class SimpleLdapRoleModifyLdapGroup extends SimpleLdapRoleTestCase {

  /**
   * Inherited public::getInfo().
   */
  public static function getInfo() {
    return array(
      'name' => 'Modify LDAP Groups',
      'description' => 'Modifies LDAP groups, and verifies that drupal roles are updated on cron runs.',
      'group' => 'Simple LDAP Role',
    );
  }

  /**
   * Tests creating and modifying a group directly in LDAP.
   */
  public function testModifyLdapGroup() {

    // Load configuration variables.
    $role_basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
    $role_objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
    $role_attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    $role_attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
    $role_attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
    $role_attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');

    // Generate a new random role name.
    $new_role = $this
      ->randomName();

    // Generate a new LDAP object.
    $ldap_group = new SimpleLdapRole($new_role);
    $ldap_group
      ->addUser($this->ldapUser[0]);
    $ldap_group
      ->save();

    // Verify that the LDAP group exists.
    $this
      ->assertTrue($ldap_group->exists, t(':dn exists in LDAP', array(
      ':dn' => $ldap_group->dn,
    )));

    // Verify that the LDAP group does not exist in Drupal.
    $drupal_role = user_role_load_by_name($new_role);
    $this
      ->assertFalse($drupal_role, t('The :group LDAP group does not exist as a Drupal role.', array(
      ':group' => $new_role,
    )));

    // Run cron.
    $this
      ->cronRun();

    // Verify that the test LDAP group exists in Drupal.
    $drupal_role = user_role_load_by_name($new_role);
    $this
      ->assertTrue($drupal_role, t('The :group LDAP group exists as a Drupal role.', array(
      ':group' => $new_role,
    )));

    // Modify the LDAP object.
    $ldap_group->{$role_attribute_name} = $new_role . $new_role;
    $ldap_group
      ->save();

    // Verify that the original LDAP group does not exist.
    $ldap_group = new SimpleLdapRole($new_role);
    $this
      ->assertFalse($ldap_group->exists, t(':dn does not exist in LDAP', array(
      ':dn' => $ldap_group->dn,
    )));

    // Verify that the updated LDAP group exists.
    $ldap_group = new SimpleLdapRole($new_role . $new_role);
    $this
      ->assertTrue($ldap_group->exists, t(':dn exists in LDAP', array(
      ':dn' => $ldap_group->dn,
    )));

    // Run cron.
    $this
      ->cronRun();

    // Verify that the test LDAP group exists in Drupal.
    $drupal_role = user_role_load_by_name($new_role . $new_role);
    $this
      ->assertTrue($drupal_role, t('The :group LDAP group exists as a Drupal role.', array(
      ':group' => $new_role . $new_role,
    )));

    // Cleanup.
    $ldap_group
      ->delete();
  }

}
class SimpleLdapRoleChangeLdapGroupMembership extends SimpleLdapRoleTestCase {

  /**
   * Inherited parent::getInfo().
   */
  public static function getInfo() {
    return array(
      'name' => 'Change LDAP Group Membership',
      'description' => "Changes an LDAP user's group membership, and verifies that Drupal role membership is updated.",
      'group' => 'Simple LDAP Role',
    );
  }

  /**
   * Test changing group membership directly in LDAP.
   */
  public function testChangeLdapGroupMembership() {

    // Load configuration variables.
    $user_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
    $role_basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
    $role_objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
    $role_attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    $role_attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
    $role_attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');

    // Initialize a user account object.
    $account = new stdClass();
    $account->name = $this->ldapUser[0]->{$user_attribute_name}[0];
    $account->pass_raw = $this->userPassword[0];

    // Log in with the test user. This should create/sync an LDAP user.
    $this
      ->drupalLogin($account);

    // Load the Drupal user.
    $drupal_user = user_load_by_name($this->ldapUser[0]->{$user_attribute_name}[0]);
    $this
      ->assertNotIdentical($drupal_user, FALSE, t(':name user exists in Drupal', array(
      ':name' => $this->ldapUser[0]->{$user_attribute_name}[0],
    )));

    // Verify that the user is assigned to the test role.
    $this
      ->assertTrue(in_array($this->ldapGroup->{$role_attribute_name}[0], $drupal_user->roles), t(':user is assigned to the :role Drupal role.', array(
      ':user' => $drupal_user->name,
      ':role' => $this->ldapGroup->{$role_attribute_name}[0],
    )));

    // Remove the user from the LDAP group.
    $this->ldapGroup
      ->deleteUser($this->ldapUser[0]);
    $this->ldapGroup
      ->save();

    // Reload the drupal user.
    $drupal_user = user_load_multiple(array(), array(
      'name' => $this->ldapUser[0]->{$user_attribute_name}[0],
    ), TRUE);
    $drupal_user = reset($drupal_user);

    // Verify that the user is not assigned to the test role.
    $this
      ->assertFalse(in_array($this->ldapGroup->{$role_attribute_name}[0], $drupal_user->roles), t(':user is no longer assigned to the :role Drupal role.', array(
      ':user' => $drupal_user->name,
      ':role' => $this->ldapGroup->{$role_attribute_name}[0],
    )));

    // Re-add the user to the LDAP group.
    $this->ldapGroup
      ->addUser($this->ldapUser[0]);
    $this->ldapGroup
      ->save();

    // Reload the drupal user.
    $drupal_user = user_load_multiple(array(), array(
      'name' => $this->ldapUser[0]->{$user_attribute_name}[0],
    ), TRUE);
    $drupal_user = reset($drupal_user);

    // Verify that the user is assigned to the test role.
    $this
      ->assertTrue(in_array($this->ldapGroup->{$role_attribute_name}[0], $drupal_user->roles), t(':user is assigned to the :role Drupal role.', array(
      ':user' => $drupal_user->name,
      ':role' => $this->ldapGroup->{$role_attribute_name}[0],
    )));
  }

}