simple_ldap_role.test in Simple LDAP 7.2
Same filename and directory in other branches
Tests for Simple LDAP Role module.
File
simple_ldap_role/simple_ldap_role.testView source
<?php
/**
* @file
* Tests for Simple LDAP Role module.
*/
abstract class SimpleLdapRoleTestCase extends SimpleLdapUserTestCase {
protected $ldapGroup;
/**
* Inherited parent::setUp().
*/
public function setUp() {
// Get the live simple_ldap_role configuration.
$basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
$scope = simple_ldap_role_variable_get('simple_ldap_role_scope');
$objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
$attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');
$filter = simple_ldap_role_variable_get('simple_ldap_role_filter');
$source = simple_ldap_role_variable_get('simple_ldap_role_source');
$sync = simple_ldap_role_variable_get('simple_ldap_role_sync');
// Create the simpletest sandbox.
$modules = func_get_args();
if (isset($modules[0]) && is_array($modules[0])) {
$modules = $modules[0];
}
parent::setUp($modules);
// Enable the simple_ldap_role module.
$modules = array(
'simple_ldap_role',
);
$success = module_enable($modules);
$this
->assertTrue($success, t('Enabled modules: %modules', array(
'%modules' => implode(', ', $modules),
)));
// Configure the sandbox simple_ldap_role instance.
variable_set('simple_ldap_role_basedn', $basedn);
variable_set('simple_ldap_role_scope', $scope);
variable_set('simple_ldap_role_objectclass', $objectclass);
variable_set('simple_ldap_role_attribute_name', $attribute_name);
variable_set('simple_ldap_role_attribute_member', $attribute_member);
variable_set('simple_ldap_role_attribute_member_format', $attribute_member_format);
variable_set('simple_ldap_role_attribute_member_default', $attribute_member_default);
variable_set('simple_ldap_role_filter', $filter);
variable_set('simple_ldap_role_source', $source);
variable_set('simple_ldap_role_sync', $sync);
// Create an LDAP group entry to use during testing.
$name = $this
->randomName();
$this->ldapGroup = new SimpleLdapRole($name);
$this->ldapGroup
->addUser($this->ldapUser[0]);
$this->ldapGroup
->save();
// If now exception is thrown by save(), then the save was successful, but
// reload the object and show the DN to make the tester feel better.
$this->ldapGroup = new SimpleLdapRole($name);
$this
->assertTrue($this->ldapGroup->exists, t(':dn was added to LDAP', array(
':dn' => $this->ldapGroup->dn,
)));
}
/**
* Inherited parent::tearDown().
*/
protected function tearDown() {
$this->ldapGroup
->delete();
parent::tearDown();
}
}
class SimpleLdapRoleCreateDrupalRoleTestCase extends SimpleLdapRoleTestCase {
/**
* Inherited parent::getInfo().
*/
public static function getInfo() {
return array(
'name' => 'Create Drupal Role',
'description' => 'Tests that LDAP groups are created appropriately when a Drupal role is created.',
'group' => 'Simple LDAP Role',
);
}
/**
* Creates a drupal role, and verifies LDAP.
*/
public function testCreateRole() {
// Get module configurations.
$objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');
// Generate a randome group name.
$name = $this
->randomName();
// Log in as User 1.
$this
->drupalUser1Login();
// Submit the form to add a new Drupal role.
$edit = array(
'name' => $name,
);
$this
->drupalPost('admin/people/permissions/roles', $edit, t('Add role'));
$this
->assertText(t('The role has been added'), t('The @role role was added to Drupal', array(
'@role' => $name,
)));
// Load the LDAP group.
$ldap_group = new SimpleLdapRole($name);
$members = $ldap_group->{$attribute_member};
// Get a list of required attributes for the configured objectclass.
$server = SimpleLdapServer::singleton();
$must = array();
foreach ($objectclass as $o) {
foreach ($server->schema
->must($o, TRUE) as $m) {
if (!in_array($m, $must)) {
$must[] = strtolower($m);
}
}
}
// The LDAP group should have only been created if either there is a default
// member configured, or the member attribute is not required (allowing an
// empty group).
if (!in_array($attribute_member, $must)) {
// Test that the LDAP entry was created.
$this
->assertTrue($ldap_group->exists, t(':dn is present in the LDAP directory', array(
':dn' => $ldap_group->dn,
)));
if (!empty($attribute_member_default)) {
// Test that the default user was added to the LDAP group.
$this
->assertTrue(in_array($attribute_member_default, $members, TRUE), t('The default user, :default, was added as a member of :dn', array(
':default' => $attribute_member_default,
':dn' => $ldap_group->dn,
)));
}
}
else {
// The member attribute is required, whether the group was created depends
// on if there is a default group configured.
if (!empty($attribute_member_default)) {
// Test that the group was created, and the default user was added.
$this
->assertTrue($ldap_group->exists, t(':dn is present in the LDAP directory', array(
':dn' => $ldap_group->dn,
)));
$this
->assertTrue(in_array($attribute_member_default, $members, TRUE), t('The default user, :default, was added as a member of :dn', array(
':default' => $attribute_member_default,
':dn' => $ldap_group->dn,
)));
}
else {
// Test that the group was not created.
$this
->assertFalse($ldap_group->exists, t(':dn is not present in the LDAP directory', array(
':dn' => $ldap_group->dn,
)));
}
}
// Cleanup.
$ldap_group
->delete();
}
}
class SimpleLdapRoleUpdateDrupalRoleTestCase extends SimpleLdapRoleTestCase {
/**
* Inherited parent::getInfo().
*/
public static function getInfo() {
return array(
'name' => 'Update Drupal Role',
'description' => 'Tests that LDAP groups are modified when a Drupal role is updated.',
'group' => 'Simple LDAP Role',
);
}
/**
* Updates a Drupal role, and verifies LDAP.
*/
public function testUpdateRole() {
// Get module configurations.
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
// Load/Create a Drupal role with the same name as the test LDAP group.
$drupal_role = user_role_load_by_name($this->ldapGroup->{$attribute_name}[0]);
if (!$drupal_role) {
$rid = $this
->drupalCreateRole(array(), $this->ldapGroup->{$attribute_name}[0]);
$drupal_role = user_role_load($rid);
}
// Log in as user 1.
$this
->drupalUser1Login();
// Populate the role edit form variables.
$edit = array(
'name' => $drupal_role->name . ' modified',
);
// Submit the role edit form.
$this
->drupalPost('admin/people/permissions/roles/edit/' . $drupal_role->rid, $edit, t('Save role'));
$this
->assertText('The role has been renamed.', t('The drupal role was updated'));
// Load the group from LDAP and check that it was updated.
$ldap_group = new SimpleLdapRole($drupal_role->name . ' modified');
$this
->assertTrue($ldap_group->exists, t('The :dn test group exists in LDAP.', array(
':dn' => $ldap_group->dn,
)));
// Repopulate the role edit form variables.
$edit = array(
'name' => $this->ldapGroup->{$attribute_name}[0],
);
// Submit the role edit form to restore the group to its original value.
$this
->drupalPost('admin/people/permissions/roles/edit/' . $drupal_role->rid, $edit, t('Save role'));
// Verify that the group was restored.
$ldap_group = new SimpleLdapRole($this->ldapGroup->{$attribute_name}[0]);
$this
->assertTrue($ldap_group->exists, t('The :dn test group was restored in LDAP.', array(
':dn' => $ldap_group->dn,
)));
}
}
class SimpleLdapRoleDeleteDrupalRoleTestCase extends SimpleLdapRoleTestCase {
/**
* Inherited parent::getInfo().
*/
public static function getInfo() {
return array(
'name' => 'Delete Drupal Role',
'description' => 'Tests that LDAP groups are deleted when a Drupal role is deleted.',
'group' => 'Simple LDAP Role',
);
}
/**
* Deletes a Drupal role, and checks LDAP.
*/
public function testDeleteRole() {
// Get module configurations.
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
// Load/Create a drupal role with the same name as the test LDAP group.
$drupal_role = user_role_load_by_name($this->ldapGroup->{$attribute_name}[0]);
if (!$drupal_role) {
$rid = $this
->drupalCreateRole(array(), $this->ldapGroup->{$attribute_name}[0]);
$drupal_role = user_role_load($rid);
}
// Log in as user 1.
$this
->drupalUser1Login();
// Submit the role edit form.
$this
->drupalPost('admin/people/permissions/roles/edit/' . $drupal_role->rid, array(), t('Delete role'));
$this
->assertText('Are you sure you want to delete the role ' . $drupal_role->name, t('Proceed to step 2 of deleting a role.'));
$this
->drupalPost('admin/people/permissions/roles/delete/' . $drupal_role->rid, array(), t('Delete'));
$this
->assertText('The role has been deleted.', t('The Drupal role was deleted'));
// Try to load the group from LDAP, and verify that it was deleted.
$ldap_group = new SimpleLdapRole($this->ldapGroup->{$attribute_name}[0]);
$this
->assertFalse($ldap_group->exists, t('The :dn test group was deleted from LDAP.', array(
':dn' => $ldap_group->dn,
)));
}
}
class SimpleLdapRoleChangeDrupalUserRoleTestCase extends SimpleLdapRoleTestCase {
/**
* Inherited parent::getInfo().
*/
public static function getInfo() {
return array(
'name' => 'Change Drupal roles',
'description' => 'Changes the roles on a Drupal user, and tests that the LDAP is updated appropriately.',
'group' => 'Simple LDAP Role',
);
}
/**
* Changes a user's drupal roles.
*/
public function testChangeDrupalUserRole() {
// Load configuration variables.
$user_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$role_attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$role_attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$role_attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
// Get the member attribute string to use as the comparison.
switch ($role_attribute_member_format) {
case 'name':
$member = $this->ldapUser[1]->{$user_attribute_name}[0];
break;
case 'dn':
default:
$member = $this->ldapUser[1]->dn;
}
// Initialize a user account object.
$account = new stdClass();
$account->name = $this->ldapUser[1]->{$user_attribute_name}[0];
$account->pass_raw = $this->userPassword[1];
// Log in with the test user. This should create/sync an LDAP user.
$this
->drupalLogin($account);
// Run cron to sync the LDAP groups to Drupal roles.
$this
->cronRun();
// Load the Drupal user.
$drupal_user = user_load_by_name($this->ldapUser[1]->{$user_attribute_name}[0]);
$this
->assertNotIdentical($drupal_user, FALSE, t(':name user exists in Drupal', array(
':name' => $this->ldapUser[1]->{$user_attribute_name}[0],
)));
// Load the Drupal role.
$drupal_role = user_role_load_by_name($this->ldapGroup->{$role_attribute_name}[0]);
$this
->assertNotIdentical($drupal_role, FALSE, t(':name role exists in Drupal', array(
':name' => $this->ldapGroup->{$role_attribute_name}[0],
)));
// Log in as user 1.
$this
->drupalUser1Login();
// Populate the user edit form.
$edit = array(
'roles[' . $drupal_role->rid . ']' => TRUE,
);
// Submit the user edit form.
$this
->drupalPost('user/' . $drupal_user->uid . '/edit', $edit, t('Save'));
$this
->assertText(t('The changes have been saved.'), t('The changes have been saved.'));
// Reload the LDAP group.
$ldap_group = new SimpleLdapRole($drupal_role->name);
$members = $ldap_group->{$role_attribute_member};
// Verify that the LDAP user is now a member of the LDAP group.
$this
->assertTrue(in_array($member, $members, TRUE), t(':member is a member of the :group LDAP group', array(
':member' => $member,
':group' => $ldap_group->dn,
)));
// Repopulate the user edit form.
$edit = array(
'roles[' . $drupal_role->rid . ']' => FALSE,
);
// Submit the user edit form.
$this
->drupalPost('user/' . $drupal_user->uid . '/edit', $edit, t('Save'));
$this
->assertText(t('The changes have been saved.'), t('The changes have been saved.'));
// Reload the LDAP group.
$ldap_group = new SimpleLdapRole($drupal_role->name);
$members = $ldap_group->{$role_attribute_member};
// Verify that the LDAP user is no longer a member of the LDAP group.
$this
->assertFalse(in_array($member, $members, TRUE), t(':member was removed from the :group LDAP group', array(
':member' => $member,
':group' => $ldap_group->dn,
)));
// Repopulate the user edit form again.
$edit = array(
'roles[' . $drupal_role->rid . ']' => TRUE,
);
// Submit the user edit form.
$this
->drupalPost('user/' . $drupal_user->uid . '/edit', $edit, t('Save'));
$this
->assertText(t('The changes have been saved.'), t('The changes have been saved.'));
// Reload the LDAP group.
$ldap_group = new SimpleLdapRole($drupal_role->name);
$members = $ldap_group->{$role_attribute_member};
// Verify that the LDAP user is a member of the LDAP group again.
$this
->assertTrue(in_array($member, $members, TRUE), t(':member is a member of the :group LDAP group', array(
':member' => $member,
':group' => $ldap_group->dn,
)));
}
}
class SimpleLdapRoleModifyLdapGroup extends SimpleLdapRoleTestCase {
/**
* Inherited public::getInfo().
*/
public static function getInfo() {
return array(
'name' => 'Modify LDAP Groups',
'description' => 'Modifies LDAP groups, and verifies that drupal roles are updated on cron runs.',
'group' => 'Simple LDAP Role',
);
}
/**
* Tests creating and modifying a group directly in LDAP.
*/
public function testModifyLdapGroup() {
// Load configuration variables.
$role_basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
$role_objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
$role_attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$role_attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$role_attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
$role_attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');
// Generate a new random role name.
$new_role = $this
->randomName();
// Generate a new LDAP object.
$ldap_group = new SimpleLdapRole($new_role);
$ldap_group
->addUser($this->ldapUser[0]);
$ldap_group
->save();
// Verify that the LDAP group exists.
$this
->assertTrue($ldap_group->exists, t(':dn exists in LDAP', array(
':dn' => $ldap_group->dn,
)));
// Verify that the LDAP group does not exist in Drupal.
$drupal_role = user_role_load_by_name($new_role);
$this
->assertFalse($drupal_role, t('The :group LDAP group does not exist as a Drupal role.', array(
':group' => $new_role,
)));
// Run cron.
$this
->cronRun();
// Verify that the test LDAP group exists in Drupal.
$drupal_role = user_role_load_by_name($new_role);
$this
->assertTrue($drupal_role, t('The :group LDAP group exists as a Drupal role.', array(
':group' => $new_role,
)));
// Modify the LDAP object.
$ldap_group->{$role_attribute_name} = $new_role . $new_role;
$ldap_group
->save();
// Verify that the original LDAP group does not exist.
$ldap_group = new SimpleLdapRole($new_role);
$this
->assertFalse($ldap_group->exists, t(':dn does not exist in LDAP', array(
':dn' => $ldap_group->dn,
)));
// Verify that the updated LDAP group exists.
$ldap_group = new SimpleLdapRole($new_role . $new_role);
$this
->assertTrue($ldap_group->exists, t(':dn exists in LDAP', array(
':dn' => $ldap_group->dn,
)));
// Run cron.
$this
->cronRun();
// Verify that the test LDAP group exists in Drupal.
$drupal_role = user_role_load_by_name($new_role . $new_role);
$this
->assertTrue($drupal_role, t('The :group LDAP group exists as a Drupal role.', array(
':group' => $new_role . $new_role,
)));
// Cleanup.
$ldap_group
->delete();
}
}
class SimpleLdapRoleChangeLdapGroupMembership extends SimpleLdapRoleTestCase {
/**
* Inherited parent::getInfo().
*/
public static function getInfo() {
return array(
'name' => 'Change LDAP Group Membership',
'description' => "Changes an LDAP user's group membership, and verifies that Drupal role membership is updated.",
'group' => 'Simple LDAP Role',
);
}
/**
* Test changing group membership directly in LDAP.
*/
public function testChangeLdapGroupMembership() {
// Load configuration variables.
$user_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$role_basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
$role_objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
$role_attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$role_attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$role_attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
// Initialize a user account object.
$account = new stdClass();
$account->name = $this->ldapUser[0]->{$user_attribute_name}[0];
$account->pass_raw = $this->userPassword[0];
// Log in with the test user. This should create/sync an LDAP user.
$this
->drupalLogin($account);
// Load the Drupal user.
$drupal_user = user_load_by_name($this->ldapUser[0]->{$user_attribute_name}[0]);
$this
->assertNotIdentical($drupal_user, FALSE, t(':name user exists in Drupal', array(
':name' => $this->ldapUser[0]->{$user_attribute_name}[0],
)));
// Verify that the user is assigned to the test role.
$this
->assertTrue(in_array($this->ldapGroup->{$role_attribute_name}[0], $drupal_user->roles), t(':user is assigned to the :role Drupal role.', array(
':user' => $drupal_user->name,
':role' => $this->ldapGroup->{$role_attribute_name}[0],
)));
// Remove the user from the LDAP group.
$this->ldapGroup
->deleteUser($this->ldapUser[0]);
$this->ldapGroup
->save();
// Reload the drupal user.
$drupal_user = user_load_multiple(array(), array(
'name' => $this->ldapUser[0]->{$user_attribute_name}[0],
), TRUE);
$drupal_user = reset($drupal_user);
// Verify that the user is not assigned to the test role.
$this
->assertFalse(in_array($this->ldapGroup->{$role_attribute_name}[0], $drupal_user->roles), t(':user is no longer assigned to the :role Drupal role.', array(
':user' => $drupal_user->name,
':role' => $this->ldapGroup->{$role_attribute_name}[0],
)));
// Re-add the user to the LDAP group.
$this->ldapGroup
->addUser($this->ldapUser[0]);
$this->ldapGroup
->save();
// Reload the drupal user.
$drupal_user = user_load_multiple(array(), array(
'name' => $this->ldapUser[0]->{$user_attribute_name}[0],
), TRUE);
$drupal_user = reset($drupal_user);
// Verify that the user is assigned to the test role.
$this
->assertTrue(in_array($this->ldapGroup->{$role_attribute_name}[0], $drupal_user->roles), t(':user is assigned to the :role Drupal role.', array(
':user' => $drupal_user->name,
':role' => $this->ldapGroup->{$role_attribute_name}[0],
)));
}
}