simple_ldap_sso.test in Simple LDAP 7.2
Same filename and directory in other branches
Simple LDAP SSO module tests.
File
simple_ldap_sso/simple_ldap_sso.testView source
<?php
/**
* @file
* Simple LDAP SSO module tests.
*/
class SimpleLdapSSOTestCase extends SimpleLdapUserTestCase {
/**
* Display information about this test case.
*/
public static function getInfo() {
return array(
'name' => 'Single Sign-On',
'description' => 'Single-Sign-On Tests',
'group' => 'Simple LDAP SSO',
);
}
/**
* Set up the modules and any other.
*/
public function setUp() {
// Get the live simple_ldap_sso configuration.
$binddn = variable_get('simple_ldap_sso_binddn');
$bindpw = variable_get('simple_ldap_sso_bindpw');
$encryption_key = variable_get('simple_ldap_sso_encryption_key');
$attribute_sid = variable_get('simple_ldap_sso_attribute_sid');
$hashing_algorithm = variable_get('simple_ldap_sso_hashing_algorithm');
$flood_limit = variable_get('simple_ldap_sso_flood_limit');
$flood_window = variable_get('simple_ldap_sso_flood_window');
// Get a list of modules passed as parameters.
$modules = func_get_args();
if (isset($modules[0]) && is_array($modules[0])) {
$modules = $modules[0];
}
if (empty($modules)) {
$modules = array();
}
// Create the simpletest sandbox.
parent::setUp(array(
'simple_ldap_sso',
) + $modules);
// Configure the sandbox simple_ldap_sso instance.
variable_set('simple_ldap_sso_binddn', $binddn);
variable_set('simple_ldap_sso_bindpw', $bindpw);
variable_set('simple_ldap_sso_encryption_key', $encryption_key);
variable_set('simple_ldap_sso_attribute_sid', $attribute_sid);
variable_set('simple_ldap_sso_hashing_algorithm', $hashing_algorithm);
variable_set('simple_ldap_sso_flood_limit', $flood_limit);
variable_set('simple_ldap_sso_flood_window', $flood_window);
$test_user = variable_get('simple_ldap_test_user');
$attribute_name = variable_get('simple_ldap_user_attribute_name');
// Initialize a user account object.
$account = new stdClass();
$account->name = $test_user[$attribute_name];
$account->pass_raw = $test_user['pass'];
$this->testUser = $account;
}
/**
* Test Simple LDAP SSO.
*/
public function testSimpleLdapSSO() {
// Assert module is configured.
drupal_static_reset('simple_ldap_sso_configured');
$this
->assertTrue(simple_ldap_sso_configured(), t('Simple LDAP SSO is configured.'));
// Verify that for user 1, no SSO cookie is set.
$this
->drupalUser1Login();
$this
->assertFalse(isset($this->cookies[SIMPLE_LDAP_SSO_COOKIE]['value']), 'No SSO Cookie set for User 1.');
$this
->drupalLogin($this->testUser);
// Verify for other user, SSO cookie is set.
$data = $this
->getSSOCookieData();
$this
->assertEqual($data['name'], $this->testUser->name, t('SSO Cookie has valid data.'));
$this
->deleteSessions($data['uid']);
$this
->drupalGet('user');
$sessions = (bool) $this
->getSessions($data['uid']);
$this
->assertTrue($sessions, t('The session was recreated from the SSO cookie.'));
$this
->assertText($data['name'], t('The user was logged in from the SSO cookie.'));
// Verify that session id matches what is stored in LDAP.
$data = $this
->getSSOCookieData();
$sso = new SimpleLdapSSO($data['name']);
$sid = $this->cookies[$this->session_name]['value'];
$this
->assertTrue($sso
->validateSid($sid), t('Session id was stored in LDAP.'));
$this
->drupalLogout();
// Assert SSO cookie is deleted.
$this
->assertEqual('deleted', $this->cookies[SIMPLE_LDAP_SSO_COOKIE]['value'], t('The SSO cookie was deleted.'));
// Assert sid was deleted from LDAP.
$sso = new SimpleLdapSSO($data['name']);
$this
->assertFalse($sso
->validateSid($sid), t('Session id was deleted from LDAP.'));
// Assert the user is created in Drupal if there is a valid SSO cookie.
// First, delete the user. We can't user user_delete() as that will delete
// the account from LDAP as well.
$this
->drupalLogin($this->testUser);
db_delete('users')
->condition('uid', $data['uid'])
->execute();
db_delete('sessions')
->condition('uid', $data['uid'])
->execute();
// Ensure the user has been deleted.
$account = user_load_multiple(array(), array(
'name' => $data['name'],
), TRUE);
$this
->assertFalse((bool) $account, t('The user account was deleted.'));
// Then access the user page again.
$this
->drupalGet('user');
// Check for the existence of the user.
$account = user_load_multiple(array(), array(
'name' => $data['name'],
), TRUE);
$this
->assertTrue((bool) $account, t('The user has been recreated from a valid SSO cookie.'));
// Check for an existing session. Start by reloading the SSO cookie data.
$data = $this
->getSSOCookieData();
$sessions = (bool) $this
->getSessions($data['uid']);
$this
->assertTrue($sessions, t('The session was created from the SSO cookie.'));
$this
->assertText($data['name'], t('The user was logged in from the SSO cookie.'));
// Assert that the user can't log in if the session id in the cookie doesn't
// match what is stored in LDAP.
$this
->deleteSessions($data['uid']);
$sso = new SimpleLdapSSO($data['name']);
$sso
->saveSid('test');
// Assert the sid was saved to LDAP.
$this
->assertTrue($sso
->validateSid('test'), t('Session ID saved to LDAP successfully.'));
// Now access the site.
$this
->drupalGet('user');
$this
->assertText(t('A problem was encountered when attempting to sign you in on this site.'), t('The user cannot log in with a mismatching session id.'));
// Assert that the cookies have been deleted.
$this
->assertEqual('deleted', $this->cookies[SIMPLE_LDAP_SSO_COOKIE]['value'], t('The SSO cookie was deleted.'));
$this
->assertEqual('deleted', $this->cookies[$this->session_name]['value'], t('The session cookie was deleted.'));
// Assert that the session id was deleted from LDAP also.
$sso = new SimpleLdapSSO($data['name']);
$this
->assertFalse($sso
->validateSid('test'), t('Invalid Session ID was deleted from LDAP.'));
// Log the user in anew.
$this
->prepareSSO();
// Assert that if the encryption key changes, SSO will fail.
variable_set('simple_ldap_sso_encryption_key', 'testkey1');
$this
->drupalGet('user');
$this
->assertEqual('deleted', $this->cookies[SIMPLE_LDAP_SSO_COOKIE]['value'], t('If the SSO cookie cannot be decrypted, it is deleted.'));
$this
->assertText(t('Log in'), t('Single Sign On fails if SSO cookie decryption fails.'));
}
/**
* Mimick an SSO login.
*
* Logs in a user so that an SSO cookie is set, then deletes the session from
* the session table, essentially mimicking SSO.
*
* @param array $account
* Optional, the account to pass to drupalLogin().
*
* @return array
* The session data from the SSO cookie.
*/
protected function prepareSSO(array $account = NULL) {
if (!isset($account)) {
$account = $this->testUser;
}
$this
->drupalLogin($account);
$data = $this
->getSSOCookieData();
$this
->deleteSessions($data['uid']);
return $data;
}
/**
* Delete a session from the database.
*
* This effectively logs out the user without deleting any cookies.
*
* @param int $uid
* The user id to delete.
*/
protected function deleteSessions($uid) {
// Delete the session from the session table, and then see if it gets
// created again after accessing a page, to test SSO.
$num_deleted = db_delete('sessions')
->condition('uid', $uid)
->execute();
$sessions = $this
->getSessions($uid);
$this
->assertFalse($sessions, t('The sessions were deleted from the database.'));
}
/**
* Looks up sessions in the sessions table for a particular uid.
*
* @param int $uid
* The user id to search.
*/
protected function getSessions($uid) {
$sql = "SELECT * FROM {sessions} WHERE uid = :uid";
$args = array(
':uid' => $uid,
);
return db_query($sql, $args)
->fetch();
}
/**
* Get the SSO cookie data from the current SSO cookie.
*
* @return array
* The data array.
*/
protected function getSSOCookieData() {
$this
->assertTrue(isset($this->cookies[SIMPLE_LDAP_SSO_COOKIE]['value']), 'SSO Cookie is set.');
// Verify that cookie is readable.
$cookie_val = urldecode($this->cookies[SIMPLE_LDAP_SSO_COOKIE]['value']);
$this
->verbose($cookie_val);
drupal_static_reset('simple_ldap_sso_get_cookie_data');
$data = simple_ldap_sso_get_cookie_data($cookie_val);
$this
->assertTrue(isset($data['name']), t('SSO Cookie can be decrypted.'));
return $data;
}
}
Classes
Name | Description |
---|---|
SimpleLdapSSOTestCase | @file Simple LDAP SSO module tests. |