Inicio Explorar Axuda
Iniciar sesión
RISCI_ATOM
/
nextcloud-server
réplica de https://github.com/nextcloud/server.git
1
0
Fork 0
Ficheiros Incidencias 23 Wiki
Árbore: 0d9f73a814
Ramas Etiquetas
nextcloud-serve...
/
apps
/
user_ldap
/
tests
/
AccessTest.php

AccessTest.php 17 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.
    4. 

  4.  * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>
    5. 

  5.  *
    6. 

  6.  * @author Andreas Fischer <bantu@owncloud.com>
    7. 

  7.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
    8. 

  8.  * @author Joas Schilling <coding@schilljs.com>
    9. 

  9.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>
    10. 

  10.  * @author Lukas Reschke <lukas@statuscode.ch>
    11. 

  11.  * @author Morris Jobke <hey@morrisjobke.de>
    12. 

  12.  * @author Roeland Jago Douma <roeland@famdouma.nl>
    13. 

  13.  * @author Roger Szabo <roger.szabo@web.de>
    14. 

  14.  * @author root <root@localhost.localdomain>
    15. 

  15.  * @author Thomas Müller <thomas.mueller@tmit.eu>
    16. 

  16.  * @author Victor Dubiniuk <dubiniuk@owncloud.com>
    17. 

  17.  *
    18. 

  18.  * @license AGPL-3.0
    19. 

  19.  *
    20. 

  20.  * This code is free software: you can redistribute it and/or modify
    21. 

  21.  * it under the terms of the GNU Affero General Public License, version 3,
    22. 

  22.  * as published by the Free Software Foundation.
    23. 

  23.  *
    24. 

  24.  * This program is distributed in the hope that it will be useful,
    25. 

  25.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    26. 

  26.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    27. 

  27.  * GNU Affero General Public License for more details.
    28. 

  28.  *
    29. 

  29.  * You should have received a copy of the GNU Affero General Public License, version 3,
    30. 

  30.  * along with this program.  If not, see <http://www.gnu.org/licenses/>
    31. 

  31.  *
    32. 

  32.  */
    33. 

  33. 

  34. namespace OCA\User_LDAP\Tests;
    35. 

  35. 

  36. use OCA\User_LDAP\Access;
    37. 

  37. use OCA\User_LDAP\Connection;
    38. 

  38. use OCA\User_LDAP\Exceptions\ConstraintViolationException;
    39. 

  39. use OCA\User_LDAP\FilesystemHelper;
    40. 

  40. use OCA\User_LDAP\Helper;
    41. 

  41. use OCA\User_LDAP\ILDAPWrapper;
    42. 

  42. use OCA\User_LDAP\LDAP;
    43. 

  43. use OCA\User_LDAP\LogWrapper;
    44. 

  44. use OCA\User_LDAP\Mapping\UserMapping;
    45. 

  45. use OCA\User_LDAP\User\Manager;
    46. 

  46. use OCA\User_LDAP\User\User;
    47. 

  47. use OCP\IAvatarManager;
    48. 

  48. use OCP\IConfig;
    49. 

  49. use OCP\IDBConnection;
    50. 

  50. use OCP\Image;
    51. 

  51. use OCP\IUserManager;
    52. 

  52. use OCP\Notification\IManager as INotificationManager;
    53. 

  53. use Test\TestCase;
    54. 

  54. 

  55. /**
    56. 

  56.  * Class AccessTest
    57. 

  57.  *
    58. 

  58.  * @group DB
    59. 

  59.  *
    60. 

  60.  * @package OCA\User_LDAP\Tests
    61. 

  61.  */
    62. 

  62. class AccessTest extends TestCase {
    63. 

  63. 	/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject */
    64. 

  64. 	protected $userMapper;
    65. 

  65. 	/** @var Connection|\PHPUnit_Framework_MockObject_MockObject */
    66. 

  66. 	private $connection;
    67. 

  67. 	/** @var LDAP|\PHPUnit_Framework_MockObject_MockObject */
    68. 

  68. 	private $ldap;
    69. 

  69. 	/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
    70. 

  70. 	private $userManager;
    71. 

  71. 	/** @var Helper|\PHPUnit_Framework_MockObject_MockObject */
    72. 

  72. 	private $helper;
    73. 

  73. 	/** @var  IConfig|\PHPUnit_Framework_MockObject_MockObject */
    74. 

  74. 	private $config;
    75. 

  75. 	/** @var Access */
    76. 

  76. 	private $access;
    77. 

  77. 

  78. 	public function setUp() {
    79. 

  79. 		$this->connection = $this->createMock(Connection::class);
    80. 

  80. 		$this->ldap = $this->createMock(LDAP::class);
    81. 

  81. 		$this->userManager = $this->createMock(Manager::class);
    82. 

  82. 		$this->helper = $this->createMock(Helper::class);
    83. 

  83. 		$this->config  = $this->createMock(IConfig::class);
    84. 

  84. 		$this->userMapper = $this->createMock(UserMapping::class);
    85. 

  85. 

  86. 		$this->access = new Access(
    87. 

  87. 			$this->connection,
    88. 

  88. 			$this->ldap,
    89. 

  89. 			$this->userManager,
    90. 

  90. 			$this->helper,
    91. 

  91. 			$this->config
    92. 

  92. 		);
    93. 

  93. 		$this->access->setUserMapper($this->userMapper);
    94. 

  94. 	}
    95. 

  95. 

  96. 	private function getConnectorAndLdapMock() {
    97. 

  97. 		$lw  = $this->createMock(ILDAPWrapper::class);
    98. 

  98. 		$connector = $this->getMockBuilder(Connection::class)
    99. 

  99. 			->setConstructorArgs([$lw, null, null])
    100. 

  100. 			->getMock();
    101. 

  101. 		$um = $this->getMockBuilder(Manager::class)
    102. 

  102. 			->setConstructorArgs([
    103. 

  103. 				$this->createMock(IConfig::class),
    104. 

  104. 				$this->createMock(FilesystemHelper::class),
    105. 

  105. 				$this->createMock(LogWrapper::class),
    106. 

  106. 				$this->createMock(IAvatarManager::class),
    107. 

  107. 				$this->createMock(Image::class),
    108. 

  108. 				$this->createMock(IDBConnection::class),
    109. 

  109. 				$this->createMock(IUserManager::class),
    110. 

  110. 				$this->createMock(INotificationManager::class)])
    111. 

  111. 			->getMock();
    112. 

  112. 		$helper = new Helper(\OC::$server->getConfig());
    113. 

  113. 

  114. 		return array($lw, $connector, $um, $helper);
    115. 

  115. 	}
    116. 

  116. 

  117. 	public function testEscapeFilterPartValidChars() {
    118. 

  118. 		$input = 'okay';
    119. 

  119. 		$this->assertTrue($input === $this->access->escapeFilterPart($input));
    120. 

  120. 	}
    121. 

  121. 

  122. 	public function testEscapeFilterPartEscapeWildcard() {
    123. 

  123. 		$input = '*';
    124. 

  124. 		$expected = '\\\\*';
    125. 

  125. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));
    126. 

  126. 	}
    127. 

  127. 

  128. 	public function testEscapeFilterPartEscapeWildcard2() {
    129. 

  129. 		$input = 'foo*bar';
    130. 

  130. 		$expected = 'foo\\\\*bar';
    131. 

  131. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));
    132. 

  132. 	}
    133. 

  133. 

  134. 	/**
    135. 

  135. 	 * @dataProvider convertSID2StrSuccessData
    136. 

  136. 	 * @param array $sidArray
    137. 

  137. 	 * @param $sidExpected
    138. 

  138. 	 */
    139. 

  139. 	public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
    140. 

  140. 		$sidBinary = implode('', $sidArray);
    141. 

  141. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary));
    142. 

  142. 	}
    143. 

  143. 

  144. 	public function convertSID2StrSuccessData() {
    145. 

  145. 		return array(
    146. 

  146. 			array(
    147. 

  147. 				array(
    148. 

  148. 					"\x01",
    149. 

  149. 					"\x04",
    150. 

  150. 					"\x00\x00\x00\x00\x00\x05",
    151. 

  151. 					"\x15\x00\x00\x00",
    152. 

  152. 					"\xa6\x81\xe5\x0e",
    153. 

  153. 					"\x4d\x6c\x6c\x2b",
    154. 

  154. 					"\xca\x32\x05\x5f",
    155. 

  155. 				),
    156. 

  156. 				'S-1-5-21-249921958-728525901-1594176202',
    157. 

  157. 			),
    158. 

  158. 			array(
    159. 

  159. 				array(
    160. 

  160. 					"\x01",
    161. 

  161. 					"\x02",
    162. 

  162. 					"\xFF\xFF\xFF\xFF\xFF\xFF",
    163. 

  163. 					"\xFF\xFF\xFF\xFF",
    164. 

  164. 					"\xFF\xFF\xFF\xFF",
    165. 

  165. 				),
    166. 

  166. 				'S-1-281474976710655-4294967295-4294967295',
    167. 

  167. 			),
    168. 

  168. 		);
    169. 

  169. 	}
    170. 

  170. 

  171. 	public function testConvertSID2StrInputError() {
    172. 

  172. 		$sidIllegal = 'foobar';
    173. 

  173. 		$sidExpected = '';
    174. 

  174. 

  175. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal));
    176. 

  176. 	}
    177. 

  177. 

  178. 	public function testGetDomainDNFromDNSuccess() {
    179. 

  179. 		$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
    180. 

  180. 		$domainDN = 'dc=my,dc=server,dc=com';
    181. 

  181. 

  182. 		$this->ldap->expects($this->once())
    183. 

  183. 			->method('explodeDN')
    184. 

  184. 			->with($inputDN, 0)
    185. 

  185. 			->will($this->returnValue(explode(',', $inputDN)));
    186. 

  186. 

  187. 		$this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN));
    188. 

  188. 	}
    189. 

  189. 

  190. 	public function testGetDomainDNFromDNError() {
    191. 

  191. 		$inputDN = 'foobar';
    192. 

  192. 		$expected = '';
    193. 

  193. 

  194. 		$this->ldap->expects($this->once())
    195. 

  195. 			->method('explodeDN')
    196. 

  196. 			->with($inputDN, 0)
    197. 

  197. 			->will($this->returnValue(false));
    198. 

  198. 

  199. 		$this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN));
    200. 

  200. 	}
    201. 

  201. 

  202. 	public function dnInputDataProvider() {
    203. 

  203. 		return  [[
    204. 

  204. 			[
    205. 

  205. 				'input' => 'foo=bar,bar=foo,dc=foobar',
    206. 

  206. 				'interResult' => array(
    207. 

  207. 					'count' => 3,
    208. 

  208. 					0 => 'foo=bar',
    209. 

  209. 					1 => 'bar=foo',
    210. 

  210. 					2 => 'dc=foobar'
    211. 

  211. 				),
    212. 

  212. 				'expectedResult' => true
    213. 

  213. 			],
    214. 

  214. 			[
    215. 

  215. 				'input' => 'foobarbarfoodcfoobar',
    216. 

  216. 				'interResult' => false,
    217. 

  217. 				'expectedResult' => false
    218. 

  218. 			]
    219. 

  219. 		]];
    220. 

  220. 	}
    221. 

  221. 

  222. 	/**
    223. 

  223. 	 * @dataProvider dnInputDataProvider
    224. 

  224. 	 * @param array $case
    225. 

  225. 	 */
    226. 

  226. 	public function testStringResemblesDN($case) {
    227. 

  227. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    228. 

  228. 		/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
    229. 

  229. 		$config = $this->createMock(IConfig::class);
    230. 

  230. 		$access = new Access($con, $lw, $um, $helper, $config);
    231. 

  231. 

  232. 		$lw->expects($this->exactly(1))
    233. 

  233. 			->method('explodeDN')
    234. 

  234. 			->will($this->returnCallback(function ($dn) use ($case) {
    235. 

  235. 				if($dn === $case['input']) {
    236. 

  236. 					return $case['interResult'];
    237. 

  237. 				}
    238. 

  238. 				return null;
    239. 

  239. 			}));
    240. 

  240. 

  241. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
    242. 

  242. 	}
    243. 

  243. 

  244. 	/**
    245. 

  245. 	 * @dataProvider dnInputDataProvider
    246. 

  246. 	 * @param $case
    247. 

  247. 	 */
    248. 

  248. 	public function testStringResemblesDNLDAPmod($case) {
    249. 

  249. 		list(, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    250. 

  250. 		/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
    251. 

  251. 		$config = $this->createMock(IConfig::class);
    252. 

  252. 		$lw = new LDAP();
    253. 

  253. 		$access = new Access($con, $lw, $um, $helper, $config);
    254. 

  254. 

  255. 		if(!function_exists('ldap_explode_dn')) {
    256. 

  256. 			$this->markTestSkipped('LDAP Module not available');
    257. 

  257. 		}
    258. 

  258. 

  259. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
    260. 

  260. 	}
    261. 

  261. 

  262. 	public function testCacheUserHome() {
    263. 

  263. 		$this->connection->expects($this->once())
    264. 

  264. 			->method('writeToCache');
    265. 

  265. 

  266. 		$this->access->cacheUserHome('foobar', '/foobars/path');
    267. 

  267. 	}
    268. 

  268. 

  269. 	public function testBatchApplyUserAttributes() {
    270. 

  270. 		$this->ldap->expects($this->any())
    271. 

  271. 			->method('isResource')
    272. 

  272. 			->willReturn(true);
    273. 

  273. 

  274. 		$this->ldap->expects($this->any())
    275. 

  275. 			->method('getAttributes')
    276. 

  276. 			->willReturn(['displayname' => ['bar', 'count' => 1]]);
    277. 

  277. 

  278. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    279. 

  279. 		$mapperMock = $this->createMock(UserMapping::class);
    280. 

  280. 		$mapperMock->expects($this->any())
    281. 

  281. 			->method('getNameByDN')
    282. 

  282. 			->willReturn(false);
    283. 

  283. 		$mapperMock->expects($this->any())
    284. 

  284. 			->method('map')
    285. 

  285. 			->willReturn(true);
    286. 

  286. 

  287. 		$userMock = $this->createMock(User::class);
    288. 

  288. 

  289. 		// also returns for userUuidAttribute
    290. 

  290. 		$this->access->connection->expects($this->any())
    291. 

  291. 			->method('__get')
    292. 

  292. 			->will($this->returnValue('displayName'));
    293. 

  293. 

  294. 		$this->access->setUserMapper($mapperMock);
    295. 

  295. 

  296. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
    297. 

  297. 		$data = [
    298. 

  298. 			[
    299. 

  299. 				'dn' => ['foobar'],
    300. 

  300. 				$displayNameAttribute => 'barfoo'
    301. 

  301. 			],
    302. 

  302. 			[
    303. 

  303. 				'dn' => ['foo'],
    304. 

  304. 				$displayNameAttribute => 'bar'
    305. 

  305. 			],
    306. 

  306. 			[
    307. 

  307. 				'dn' => ['raboof'],
    308. 

  308. 				$displayNameAttribute => 'oofrab'
    309. 

  309. 			]
    310. 

  310. 		];
    311. 

  311. 

  312. 		$userMock->expects($this->exactly(count($data)))
    313. 

  313. 			->method('processAttributes');
    314. 

  314. 

  315. 		$this->userManager->expects($this->exactly(count($data)))
    316. 

  316. 			->method('get')
    317. 

  317. 			->will($this->returnValue($userMock));
    318. 

  318. 

  319. 		$this->access->batchApplyUserAttributes($data);
    320. 

  320. 	}
    321. 

  321. 

  322. 	public function testBatchApplyUserAttributesSkipped() {
    323. 

  323. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    324. 

  324. 		$mapperMock = $this->createMock(UserMapping::class);
    325. 

  325. 		$mapperMock->expects($this->any())
    326. 

  326. 			->method('getNameByDN')
    327. 

  327. 			->will($this->returnValue('a_username'));
    328. 

  328. 

  329. 		$userMock = $this->createMock(User::class);
    330. 

  330. 

  331. 		$this->access->connection->expects($this->any())
    332. 

  332. 			->method('__get')
    333. 

  333. 			->will($this->returnValue('displayName'));
    334. 

  334. 

  335. 		$this->access->setUserMapper($mapperMock);
    336. 

  336. 

  337. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
    338. 

  338. 		$data = [
    339. 

  339. 			[
    340. 

  340. 				'dn' => ['foobar'],
    341. 

  341. 				$displayNameAttribute => 'barfoo'
    342. 

  342. 			],
    343. 

  343. 			[
    344. 

  344. 				'dn' => ['foo'],
    345. 

  345. 				$displayNameAttribute => 'bar'
    346. 

  346. 			],
    347. 

  347. 			[
    348. 

  348. 				'dn' => ['raboof'],
    349. 

  349. 				$displayNameAttribute => 'oofrab'
    350. 

  350. 			]
    351. 

  351. 		];
    352. 

  352. 

  353. 		$userMock->expects($this->never())
    354. 

  354. 			->method('processAttributes');
    355. 

  355. 

  356. 		$this->userManager->expects($this->any())
    357. 

  357. 			->method('get')
    358. 

  358. 			->willReturn($this->createMock(User::class));
    359. 

  359. 

  360. 		$this->access->batchApplyUserAttributes($data);
    361. 

  361. 	}
    362. 

  362. 

  363. 	public function testBatchApplyUserAttributesDontSkip() {
    364. 

  364. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    365. 

  365. 		$mapperMock = $this->createMock(UserMapping::class);
    366. 

  366. 		$mapperMock->expects($this->any())
    367. 

  367. 			->method('getNameByDN')
    368. 

  368. 			->will($this->returnValue('a_username'));
    369. 

  369. 

  370. 		$userMock = $this->createMock(User::class);
    371. 

  371. 

  372. 		$this->access->connection->expects($this->any())
    373. 

  373. 			->method('__get')
    374. 

  374. 			->will($this->returnValue('displayName'));
    375. 

  375. 

  376. 		$this->access->setUserMapper($mapperMock);
    377. 

  377. 

  378. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
    379. 

  379. 		$data = [
    380. 

  380. 			[
    381. 

  381. 				'dn' => ['foobar'],
    382. 

  382. 				$displayNameAttribute => 'barfoo'
    383. 

  383. 			],
    384. 

  384. 			[
    385. 

  385. 				'dn' => ['foo'],
    386. 

  386. 				$displayNameAttribute => 'bar'
    387. 

  387. 			],
    388. 

  388. 			[
    389. 

  389. 				'dn' => ['raboof'],
    390. 

  390. 				$displayNameAttribute => 'oofrab'
    391. 

  391. 			]
    392. 

  392. 		];
    393. 

  393. 

  394. 		$userMock->expects($this->exactly(count($data)))
    395. 

  395. 			->method('processAttributes');
    396. 

  396. 

  397. 		$this->userManager->expects($this->exactly(count($data)))
    398. 

  398. 			->method('get')
    399. 

  399. 			->will($this->returnValue($userMock));
    400. 

  400. 

  401. 		$this->access->batchApplyUserAttributes($data);
    402. 

  402. 	}
    403. 

  403. 

  404. 	public function dNAttributeProvider() {
    405. 

  405. 		// corresponds to Access::resemblesDN()
    406. 

  406. 		return array(
    407. 

  407. 			'dn' => array('dn'),
    408. 

  408. 			'uniqueMember' => array('uniquemember'),
    409. 

  409. 			'member' => array('member'),
    410. 

  410. 			'memberOf' => array('memberof')
    411. 

  411. 		);
    412. 

  412. 	}
    413. 

  413. 

  414. 	/**
    415. 

  415. 	 * @dataProvider dNAttributeProvider
    416. 

  416. 	 * @param $attribute
    417. 

  417. 	 */
    418. 

  418. 	public function testSanitizeDN($attribute) {
    419. 

  419. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    420. 

  420. 		/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
    421. 

  421. 		$config = $this->createMock(IConfig::class);
    422. 

  422. 

  423. 		$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
    424. 

  424. 

  425. 		$lw->expects($this->any())
    426. 

  426. 			->method('isResource')
    427. 

  427. 			->will($this->returnValue(true));
    428. 

  428. 		$lw->expects($this->any())
    429. 

  429. 			->method('getAttributes')
    430. 

  430. 			->will($this->returnValue(array(
    431. 

  431. 				$attribute => array('count' => 1, $dnFromServer)
    432. 

  432. 			)));
    433. 

  433. 

  434. 		$access = new Access($con, $lw, $um, $helper, $config);
    435. 

  435. 		$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
    436. 

  436. 		$this->assertSame($values[0], strtolower($dnFromServer));
    437. 

  437. 	}
    438. 

  438. 

  439. 	/**
    440. 

  440. 	 * @expectedException \Exception
    441. 

  441. 	 * @expectedExceptionMessage LDAP password changes are disabled
    442. 

  442. 	 */
    443. 

  443. 	public function testSetPasswordWithDisabledChanges() {
    444. 

  444. 		$this->connection
    445. 

  445. 			->method('__get')
    446. 

  446. 			->willReturn(false);
    447. 

  447. 

  448. 		/** @noinspection PhpUnhandledExceptionInspection */
    449. 

  449. 		$this->access->setPassword('CN=foo', 'MyPassword');
    450. 

  450. 	}
    451. 

  451. 

  452. 	public function testSetPasswordWithLdapNotAvailable() {
    453. 

  453. 		$this->connection
    454. 

  454. 			->method('__get')
    455. 

  455. 			->willReturn(true);
    456. 

  456. 		$connection = $this->createMock(LDAP::class);
    457. 

  457. 		$this->connection
    458. 

  458. 			->expects($this->once())
    459. 

  459. 			->method('getConnectionResource')
    460. 

  460. 			->willReturn($connection);
    461. 

  461. 		$this->ldap
    462. 

  462. 			->expects($this->once())
    463. 

  463. 			->method('isResource')
    464. 

  464. 			->with($connection)
    465. 

  465. 			->willReturn(false);
    466. 

  466. 

  467. 		/** @noinspection PhpUnhandledExceptionInspection */
    468. 

  468. 		$this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword'));
    469. 

  469. 	}
    470. 

  470. 

  471. 	/**
    472. 

  472. 	 * @expectedException \OC\HintException
    473. 

  473. 	 * @expectedExceptionMessage Password change rejected.
    474. 

  474. 	 */
    475. 

  475. 	public function testSetPasswordWithRejectedChange() {
    476. 

  476. 		$this->connection
    477. 

  477. 			->method('__get')
    478. 

  478. 			->willReturn(true);
    479. 

  479. 		$connection = $this->createMock(LDAP::class);
    480. 

  480. 		$this->connection
    481. 

  481. 			->expects($this->once())
    482. 

  482. 			->method('getConnectionResource')
    483. 

  483. 			->willReturn($connection);
    484. 

  484. 		$this->ldap
    485. 

  485. 			->expects($this->once())
    486. 

  486. 			->method('isResource')
    487. 

  487. 			->with($connection)
    488. 

  488. 			->willReturn(true);
    489. 

  489. 		$this->ldap
    490. 

  490. 			->expects($this->once())
    491. 

  491. 			->method('modReplace')
    492. 

  492. 			->with($connection, 'CN=foo', 'MyPassword')
    493. 

  493. 			->willThrowException(new ConstraintViolationException());
    494. 

  494. 

  495. 		/** @noinspection PhpUnhandledExceptionInspection */
    496. 

  496. 		$this->access->setPassword('CN=foo', 'MyPassword');
    497. 

  497. 	}
    498. 

  498. 

  499. 	public function testSetPassword() {
    500. 

  500. 		$this->connection
    501. 

  501. 			->method('__get')
    502. 

  502. 			->willReturn(true);
    503. 

  503. 		$connection = $this->createMock(LDAP::class);
    504. 

  504. 		$this->connection
    505. 

  505. 			->expects($this->once())
    506. 

  506. 			->method('getConnectionResource')
    507. 

  507. 			->willReturn($connection);
    508. 

  508. 		$this->ldap
    509. 

  509. 			->expects($this->once())
    510. 

  510. 			->method('isResource')
    511. 

  511. 			->with($connection)
    512. 

  512. 			->willReturn(true);
    513. 

  513. 		$this->ldap
    514. 

  514. 			->expects($this->once())
    515. 

  515. 			->method('modReplace')
    516. 

  516. 			->with($connection, 'CN=foo', 'MyPassword')
    517. 

  517. 			->willReturn(true);
    518. 

  518. 

  519. 		/** @noinspection PhpUnhandledExceptionInspection */
    520. 

  520. 		$this->assertTrue($this->access->setPassword('CN=foo', 'MyPassword'));
    521. 

  521. 	}
    522. 

  522. 

  523. 	protected function prepareMocksForSearchTests(
    524. 

  524. 		$base,
    525. 

  525. 		$fakeConnection,
    526. 

  526. 		$fakeSearchResultResource,
    527. 

  527. 		$fakeLdapEntries
    528. 

  528. 	) {
    529. 

  529. 		$this->connection
    530. 

  530. 			->expects($this->any())
    531. 

  531. 			->method('getConnectionResource')
    532. 

  532. 			->willReturn($fakeConnection);
    533. 

  533. 		$this->connection->expects($this->any())
    534. 

  534. 			->method('__get')
    535. 

  535. 			->willReturnCallback(function($key) use ($base) {
    536. 

  536. 				if(stripos($key, 'base') !== false) {
    537. 

  537. 					return $base;
    538. 

  538. 				}
    539. 

  539. 				return null;
    540. 

  540. 			});
    541. 

  541. 

  542. 		$this->ldap
    543. 

  543. 			->expects($this->any())
    544. 

  544. 			->method('isResource')
    545. 

  545. 			->willReturnCallback(function ($resource) use ($fakeConnection) {
    546. 

  546. 				return $resource === $fakeConnection;
    547. 

  547. 			});
    548. 

  548. 		$this->ldap
    549. 

  549. 			->expects($this->any())
    550. 

  550. 			->method('errno')
    551. 

  551. 			->willReturn(0);
    552. 

  552. 		$this->ldap
    553. 

  553. 			->expects($this->once())
    554. 

  554. 			->method('search')
    555. 

  555. 			->willReturn([$fakeSearchResultResource]);
    556. 

  556. 		$this->ldap
    557. 

  557. 			->expects($this->exactly(count($base)))
    558. 

  558. 			->method('getEntries')
    559. 

  559. 			->willReturn($fakeLdapEntries);
    560. 

  560. 

  561. 		$this->helper->expects($this->any())
    562. 

  562. 			->method('sanitizeDN')
    563. 

  563. 			->willReturnArgument(0);
    564. 

  564. 	}
    565. 

  565. 

  566. 	public function testSearchNoPagedSearch() {
    567. 

  567. 		// scenario: no pages search, 1 search base
    568. 

  568. 		$filter = 'objectClass=nextcloudUser';
    569. 

  569. 		$base = ['ou=zombies,dc=foobar,dc=nextcloud,dc=com'];
    570. 

  570. 

  571. 		$fakeConnection = new \stdClass();
    572. 

  572. 		$fakeSearchResultResource = new \stdClass();
    573. 

  573. 		$fakeLdapEntries = [
    574. 

  574. 			'count' => 2,
    575. 

  575. 			[
    576. 

  576. 				'dn' => 'uid=sgarth,' . $base[0],
    577. 

  577. 			],
    578. 

  578. 			[
    579. 

  579. 				'dn' => 'uid=wwilson,' . $base[0],
    580. 

  580. 			]
    581. 

  581. 		];
    582. 

  582. 

  583. 		$expected = $fakeLdapEntries;
    584. 

  584. 		unset($expected['count']);
    585. 

  585. 

  586. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);
    587. 

  587. 

  588. 		/** @noinspection PhpUnhandledExceptionInspection */
    589. 

  589. 		$result = $this->access->search($filter, $base);
    590. 

  590. 		$this->assertSame($expected, $result);
    591. 

  591. 	}
    592. 

  592. 

  593. 	public function testFetchListOfUsers() {
    594. 

  594. 		$filter = 'objectClass=nextcloudUser';
    595. 

  595. 		$base = ['ou=zombies,dc=foobar,dc=nextcloud,dc=com'];
    596. 

  596. 		$attrs = ['dn', 'uid'];
    597. 

  597. 

  598. 		$fakeConnection = new \stdClass();
    599. 

  599. 		$fakeSearchResultResource = new \stdClass();
    600. 

  600. 		$fakeLdapEntries = [
    601. 

  601. 			'count' => 2,
    602. 

  602. 			[
    603. 

  603. 				'dn' => 'uid=sgarth,' . $base[0],
    604. 

  604. 				'uid' => [ 'sgarth' ],
    605. 

  605. 			],
    606. 

  606. 			[
    607. 

  607. 				'dn' => 'uid=wwilson,' . $base[0],
    608. 

  608. 				'uid' => [ 'wwilson' ],
    609. 

  609. 			]
    610. 

  610. 		];
    611. 

  611. 		$expected = $fakeLdapEntries;
    612. 

  612. 		unset($expected['count']);
    613. 

  613. 		array_walk($expected, function(&$v) {
    614. 

  614. 			$v['dn'] = [$v['dn']];	// dn is translated into an array internally for consistency
    615. 

  615. 		});
    616. 

  616. 

  617. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);
    618. 

  618. 

  619. 		$this->connection->expects($this->exactly($fakeLdapEntries['count']))
    620. 

  620. 			->method('writeToCache')
    621. 

  621. 			->with($this->stringStartsWith('userExists'), true);
    622. 

  622. 

  623. 		$this->userMapper->expects($this->exactly($fakeLdapEntries['count']))
    624. 

  624. 			->method('getNameByDN')
    625. 

  625. 			->willReturnCallback(function($fdn) {
    626. 

  626. 				$parts = ldap_explode_dn($fdn, false);
    627. 

  627. 				return $parts[0];
    628. 

  628. 			});
    629. 

  629. 

  630. 		/** @noinspection PhpUnhandledExceptionInspection */
    631. 

  631. 		$list = $this->access->fetchListOfUsers($filter, $attrs);
    632. 

  632. 		$this->assertSame($expected, $list);
    633. 

  633. 	}
    634. 

  634. 

  635. 

  636. }
    637.