1
0

Group_LDAPTest.php 30 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Frédéric Fortier <frederic.fortier@oronospolytechnique.com>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. * @author Roland Tapken <roland@bitarbeiter.net>
  12. * @author Thomas Müller <thomas.mueller@tmit.eu>
  13. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  14. * @author Vincent Petry <pvince81@owncloud.com>
  15. * @author Vinicius Cubas Brand <vinicius@eita.org.br>
  16. * @author Xuanwo <xuanwo@yunify.com>
  17. *
  18. * @license AGPL-3.0
  19. *
  20. * This code is free software: you can redistribute it and/or modify
  21. * it under the terms of the GNU Affero General Public License, version 3,
  22. * as published by the Free Software Foundation.
  23. *
  24. * This program is distributed in the hope that it will be useful,
  25. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  26. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  27. * GNU Affero General Public License for more details.
  28. *
  29. * You should have received a copy of the GNU Affero General Public License, version 3,
  30. * along with this program. If not, see <http://www.gnu.org/licenses/>
  31. *
  32. */
  33. namespace OCA\User_LDAP\Tests;
  34. use OCA\User_LDAP\Access;
  35. use OCA\User_LDAP\Connection;
  36. use OCA\User_LDAP\Group_LDAP as GroupLDAP;
  37. use OCA\User_LDAP\GroupPluginManager;
  38. use OCA\User_LDAP\ILDAPWrapper;
  39. use OCA\User_LDAP\User\Manager;
  40. use OCP\GroupInterface;
  41. use Test\TestCase;
  42. /**
  43. * Class GroupLDAPTest
  44. *
  45. * @group DB
  46. *
  47. * @package OCA\User_LDAP\Tests
  48. */
  49. class Group_LDAPTest extends TestCase {
  50. /**
  51. * @return \PHPUnit_Framework_MockObject_MockObject|Access
  52. */
  53. private function getAccessMock() {
  54. static $conMethods;
  55. static $accMethods;
  56. if(is_null($conMethods) || is_null($accMethods)) {
  57. $conMethods = get_class_methods('\OCA\User_LDAP\Connection');
  58. $accMethods = get_class_methods('\OCA\User_LDAP\Access');
  59. }
  60. $lw = $this->createMock(ILDAPWrapper::class);
  61. $connector = $this->getMockBuilder('\OCA\User_LDAP\Connection')
  62. ->setMethods($conMethods)
  63. ->setConstructorArgs([$lw, null, null])
  64. ->getMock();
  65. $access = $this->createMock(Access::class);
  66. $access->expects($this->any())
  67. ->method('getConnection')
  68. ->willReturn($connector);
  69. return $access;
  70. }
  71. private function getPluginManagerMock() {
  72. return $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')->getMock();
  73. }
  74. /**
  75. * @param Access|\PHPUnit_Framework_MockObject_MockObject $access
  76. */
  77. private function enableGroups($access) {
  78. $access->connection = $this->createMock(Connection::class);
  79. $access->connection->expects($this->any())
  80. ->method('__get')
  81. ->willReturnCallback(function($name) {
  82. if($name === 'ldapDynamicGroupMemberURL') {
  83. return '';
  84. }
  85. return 1;
  86. });
  87. }
  88. public function testCountEmptySearchString() {
  89. $access = $this->getAccessMock();
  90. $pluginManager = $this->getPluginManagerMock();
  91. $groupDN = 'cn=group,dc=foo,dc=bar';
  92. $this->enableGroups($access);
  93. $access->expects($this->any())
  94. ->method('groupname2dn')
  95. ->willReturn($groupDN);
  96. $access->expects($this->any())
  97. ->method('readAttribute')
  98. ->willReturnCallback(function($dn) use ($groupDN) {
  99. if($dn === $groupDN) {
  100. return [
  101. 'uid=u11,ou=users,dc=foo,dc=bar',
  102. 'uid=u22,ou=users,dc=foo,dc=bar',
  103. 'uid=u33,ou=users,dc=foo,dc=bar',
  104. 'uid=u34,ou=users,dc=foo,dc=bar'
  105. ];
  106. }
  107. return [];
  108. });
  109. // for primary groups
  110. $access->expects($this->once())
  111. ->method('countUsers')
  112. ->willReturn(2);
  113. $groupBackend = new GroupLDAP($access, $pluginManager);
  114. $users = $groupBackend->countUsersInGroup('group');
  115. $this->assertSame(6, $users);
  116. }
  117. public function testCountWithSearchString() {
  118. $access = $this->getAccessMock();
  119. $pluginManager = $this->getPluginManagerMock();
  120. $this->enableGroups($access);
  121. $access->expects($this->any())
  122. ->method('groupname2dn')
  123. ->willReturn('cn=group,dc=foo,dc=bar');
  124. $access->expects($this->any())
  125. ->method('fetchListOfUsers')
  126. ->willReturn([]);
  127. $access->expects($this->any())
  128. ->method('readAttribute')
  129. ->willReturnCallback(function($name) {
  130. //the search operation will call readAttribute, thus we need
  131. //to anaylze the "dn". All other times we just need to return
  132. //something that is neither null or false, but once an array
  133. //with the users in the group – so we do so all other times for
  134. //simplicicity.
  135. if(strpos($name, 'u') === 0) {
  136. return strpos($name, '3');
  137. }
  138. return ['u11', 'u22', 'u33', 'u34'];
  139. });
  140. $access->expects($this->any())
  141. ->method('dn2username')
  142. ->willReturnCallback(function() {
  143. return 'foobar' . \OC::$server->getSecureRandom()->generate(7);
  144. });
  145. $groupBackend = new GroupLDAP($access,$pluginManager);
  146. $users = $groupBackend->countUsersInGroup('group', '3');
  147. $this->assertSame(2, $users);
  148. }
  149. public function testCountUsersWithPlugin() {
  150. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  151. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  152. ->setMethods(['implementsActions','countUsersInGroup'])
  153. ->getMock();
  154. $pluginManager->expects($this->once())
  155. ->method('implementsActions')
  156. ->with(GroupInterface::COUNT_USERS)
  157. ->willReturn(true);
  158. $pluginManager->expects($this->once())
  159. ->method('countUsersInGroup')
  160. ->with('gid', 'search')
  161. ->willReturn(42);
  162. $access = $this->getAccessMock();
  163. $access->connection = $this->createMock(Connection::class);
  164. $ldap = new GroupLDAP($access, $pluginManager);
  165. $this->assertEquals($ldap->countUsersInGroup('gid', 'search'),42);
  166. }
  167. public function testGidNumber2NameSuccess() {
  168. $access = $this->getAccessMock();
  169. $pluginManager = $this->getPluginManagerMock();
  170. $this->enableGroups($access);
  171. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  172. $access->expects($this->once())
  173. ->method('searchGroups')
  174. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  175. $access->expects($this->once())
  176. ->method('dn2groupname')
  177. ->with('cn=foo,dc=barfoo,dc=bar')
  178. ->willReturn('MyGroup');
  179. $groupBackend = new GroupLDAP($access, $pluginManager);
  180. $group = $groupBackend->gidNumber2Name('3117', $userDN);
  181. $this->assertSame('MyGroup', $group);
  182. }
  183. public function testGidNumberID2NameNoGroup() {
  184. $access = $this->getAccessMock();
  185. $pluginManager = $this->getPluginManagerMock();
  186. $this->enableGroups($access);
  187. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  188. $access->expects($this->once())
  189. ->method('searchGroups')
  190. ->willReturn([]);
  191. $access->expects($this->never())
  192. ->method('dn2groupname');
  193. $groupBackend = new GroupLDAP($access, $pluginManager);
  194. $group = $groupBackend->gidNumber2Name('3117', $userDN);
  195. $this->assertSame(false, $group);
  196. }
  197. public function testGidNumberID2NameNoName() {
  198. $access = $this->getAccessMock();
  199. $pluginManager = $this->getPluginManagerMock();
  200. $this->enableGroups($access);
  201. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  202. $access->expects($this->once())
  203. ->method('searchGroups')
  204. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  205. $access->expects($this->once())
  206. ->method('dn2groupname')
  207. ->willReturn(false);
  208. $groupBackend = new GroupLDAP($access, $pluginManager);
  209. $group = $groupBackend->gidNumber2Name('3117', $userDN);
  210. $this->assertSame(false, $group);
  211. }
  212. public function testGetEntryGidNumberValue() {
  213. $access = $this->getAccessMock();
  214. $pluginManager = $this->getPluginManagerMock();
  215. $this->enableGroups($access);
  216. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  217. $attr = 'gidNumber';
  218. $access->expects($this->once())
  219. ->method('readAttribute')
  220. ->with($dn, $attr)
  221. ->willReturn(['3117']);
  222. $groupBackend = new GroupLDAP($access, $pluginManager);
  223. $gid = $groupBackend->getGroupGidNumber($dn);
  224. $this->assertSame('3117', $gid);
  225. }
  226. public function testGetEntryGidNumberNoValue() {
  227. $access = $this->getAccessMock();
  228. $pluginManager = $this->getPluginManagerMock();
  229. $this->enableGroups($access);
  230. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  231. $attr = 'gidNumber';
  232. $access->expects($this->once())
  233. ->method('readAttribute')
  234. ->with($dn, $attr)
  235. ->willReturn(false);
  236. $groupBackend = new GroupLDAP($access, $pluginManager);
  237. $gid = $groupBackend->getGroupGidNumber($dn);
  238. $this->assertSame(false, $gid);
  239. }
  240. public function testPrimaryGroupID2NameSuccess() {
  241. $access = $this->getAccessMock();
  242. $pluginManager = $this->getPluginManagerMock();
  243. $this->enableGroups($access);
  244. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  245. $access->expects($this->once())
  246. ->method('getSID')
  247. ->with($userDN)
  248. ->willReturn('S-1-5-21-249921958-728525901-1594176202');
  249. $access->expects($this->once())
  250. ->method('searchGroups')
  251. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  252. $access->expects($this->once())
  253. ->method('dn2groupname')
  254. ->with('cn=foo,dc=barfoo,dc=bar')
  255. ->willReturn('MyGroup');
  256. $groupBackend = new GroupLDAP($access, $pluginManager);
  257. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  258. $this->assertSame('MyGroup', $group);
  259. }
  260. public function testPrimaryGroupID2NameNoSID() {
  261. $access = $this->getAccessMock();
  262. $pluginManager = $this->getPluginManagerMock();
  263. $this->enableGroups($access);
  264. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  265. $access->expects($this->once())
  266. ->method('getSID')
  267. ->with($userDN)
  268. ->willReturn(false);
  269. $access->expects($this->never())
  270. ->method('searchGroups');
  271. $access->expects($this->never())
  272. ->method('dn2groupname');
  273. $groupBackend = new GroupLDAP($access, $pluginManager);
  274. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  275. $this->assertSame(false, $group);
  276. }
  277. public function testPrimaryGroupID2NameNoGroup() {
  278. $access = $this->getAccessMock();
  279. $pluginManager = $this->getPluginManagerMock();
  280. $this->enableGroups($access);
  281. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  282. $access->expects($this->once())
  283. ->method('getSID')
  284. ->with($userDN)
  285. ->willReturn('S-1-5-21-249921958-728525901-1594176202');
  286. $access->expects($this->once())
  287. ->method('searchGroups')
  288. ->willReturn([]);
  289. $access->expects($this->never())
  290. ->method('dn2groupname');
  291. $groupBackend = new GroupLDAP($access, $pluginManager);
  292. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  293. $this->assertSame(false, $group);
  294. }
  295. public function testPrimaryGroupID2NameNoName() {
  296. $access = $this->getAccessMock();
  297. $pluginManager = $this->getPluginManagerMock();
  298. $this->enableGroups($access);
  299. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  300. $access->expects($this->once())
  301. ->method('getSID')
  302. ->with($userDN)
  303. ->willReturn('S-1-5-21-249921958-728525901-1594176202');
  304. $access->expects($this->once())
  305. ->method('searchGroups')
  306. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  307. $access->expects($this->once())
  308. ->method('dn2groupname')
  309. ->willReturn(false);
  310. $groupBackend = new GroupLDAP($access, $pluginManager);
  311. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  312. $this->assertSame(false, $group);
  313. }
  314. public function testGetEntryGroupIDValue() {
  315. //tests getEntryGroupID via getGroupPrimaryGroupID
  316. //which is basically identical to getUserPrimaryGroupIDs
  317. $access = $this->getAccessMock();
  318. $pluginManager = $this->getPluginManagerMock();
  319. $this->enableGroups($access);
  320. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  321. $attr = 'primaryGroupToken';
  322. $access->expects($this->once())
  323. ->method('readAttribute')
  324. ->with($dn, $attr)
  325. ->willReturn(['3117']);
  326. $groupBackend = new GroupLDAP($access, $pluginManager);
  327. $gid = $groupBackend->getGroupPrimaryGroupID($dn);
  328. $this->assertSame('3117', $gid);
  329. }
  330. public function testGetEntryGroupIDNoValue() {
  331. //tests getEntryGroupID via getGroupPrimaryGroupID
  332. //which is basically identical to getUserPrimaryGroupIDs
  333. $access = $this->getAccessMock();
  334. $pluginManager = $this->getPluginManagerMock();
  335. $this->enableGroups($access);
  336. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  337. $attr = 'primaryGroupToken';
  338. $access->expects($this->once())
  339. ->method('readAttribute')
  340. ->with($dn, $attr)
  341. ->willReturn(false);
  342. $groupBackend = new GroupLDAP($access, $pluginManager);
  343. $gid = $groupBackend->getGroupPrimaryGroupID($dn);
  344. $this->assertSame(false, $gid);
  345. }
  346. /**
  347. * tests whether Group Backend behaves correctly when cache with uid and gid
  348. * is hit
  349. */
  350. public function testInGroupHitsUidGidCache() {
  351. $access = $this->getAccessMock();
  352. $pluginManager = $this->getPluginManagerMock();
  353. $this->enableGroups($access);
  354. $uid = 'someUser';
  355. $gid = 'someGroup';
  356. $cacheKey = 'inGroup'.$uid.':'.$gid;
  357. $access->connection->expects($this->once())
  358. ->method('getFromCache')
  359. ->with($cacheKey)
  360. ->willReturn(true);
  361. $access->expects($this->never())
  362. ->method('username2dn');
  363. $groupBackend = new GroupLDAP($access, $pluginManager);
  364. $groupBackend->inGroup($uid, $gid);
  365. }
  366. public function testGetGroupsWithOffset() {
  367. $access = $this->getAccessMock();
  368. $pluginManager = $this->getPluginManagerMock();
  369. $this->enableGroups($access);
  370. $access->expects($this->once())
  371. ->method('nextcloudGroupNames')
  372. ->willReturn(['group1', 'group2']);
  373. $groupBackend = new GroupLDAP($access, $pluginManager);
  374. $groups = $groupBackend->getGroups('', 2, 2);
  375. $this->assertSame(2, count($groups));
  376. }
  377. /**
  378. * tests that a user listing is complete, if all it's members have the group
  379. * as their primary.
  380. */
  381. public function testUsersInGroupPrimaryMembersOnly() {
  382. $access = $this->getAccessMock();
  383. $pluginManager = $this->getPluginManagerMock();
  384. $this->enableGroups($access);
  385. $access->connection->expects($this->any())
  386. ->method('getFromCache')
  387. ->willReturn(null);
  388. $access->expects($this->any())
  389. ->method('readAttribute')
  390. ->willReturnCallback(function($dn, $attr) {
  391. if($attr === 'primaryGroupToken') {
  392. return [1337];
  393. } else if($attr === 'gidNumber') {
  394. return [4211];
  395. }
  396. return [];
  397. });
  398. $access->expects($this->any())
  399. ->method('groupname2dn')
  400. ->willReturn('cn=foobar,dc=foo,dc=bar');
  401. $access->expects($this->exactly(2))
  402. ->method('nextcloudUserNames')
  403. ->willReturnOnConsecutiveCalls(['lisa', 'bart', 'kira', 'brad'], ['walle', 'dino', 'xenia']);
  404. $access->userManager = $this->createMock(Manager::class);
  405. $groupBackend = new GroupLDAP($access, $pluginManager);
  406. $users = $groupBackend->usersInGroup('foobar');
  407. $this->assertSame(7, count($users));
  408. }
  409. /**
  410. * tests that a user listing is complete, if all it's members have the group
  411. * as their primary.
  412. */
  413. public function testUsersInGroupPrimaryAndUnixMembers() {
  414. $access = $this->getAccessMock();
  415. $pluginManager = $this->getPluginManagerMock();
  416. $this->enableGroups($access);
  417. $access->connection->expects($this->any())
  418. ->method('getFromCache')
  419. ->willReturn(null);
  420. $access->expects($this->any())
  421. ->method('readAttribute')
  422. ->willReturnCallback(function($dn, $attr) {
  423. if($attr === 'primaryGroupToken') {
  424. return [1337];
  425. }
  426. return [];
  427. });
  428. $access->expects($this->any())
  429. ->method('groupname2dn')
  430. ->willReturn('cn=foobar,dc=foo,dc=bar');
  431. $access->expects($this->once())
  432. ->method('nextcloudUserNames')
  433. ->willReturn(['lisa', 'bart', 'kira', 'brad']);
  434. $access->userManager = $this->createMock(Manager::class);
  435. $groupBackend = new GroupLDAP($access, $pluginManager);
  436. $users = $groupBackend->usersInGroup('foobar');
  437. $this->assertSame(4, count($users));
  438. }
  439. /**
  440. * tests that a user counting is complete, if all it's members have the group
  441. * as their primary.
  442. */
  443. public function testCountUsersInGroupPrimaryMembersOnly() {
  444. $access = $this->getAccessMock();
  445. $pluginManager = $this->getPluginManagerMock();
  446. $this->enableGroups($access);
  447. $access->connection->expects($this->any())
  448. ->method('getFromCache')
  449. ->willReturn(null);
  450. $access->expects($this->any())
  451. ->method('readAttribute')
  452. ->willReturnCallback(function($dn, $attr) {
  453. if($attr === 'primaryGroupToken') {
  454. return [1337];
  455. }
  456. return [];
  457. });
  458. $access->expects($this->any())
  459. ->method('groupname2dn')
  460. ->willReturn('cn=foobar,dc=foo,dc=bar');
  461. $access->expects($this->once())
  462. ->method('countUsers')
  463. ->willReturn(4);
  464. $groupBackend = new GroupLDAP($access, $pluginManager);
  465. $users = $groupBackend->countUsersInGroup('foobar');
  466. $this->assertSame(4, $users);
  467. }
  468. public function testGetUserGroupsMemberOf() {
  469. $access = $this->getAccessMock();
  470. $pluginManager = $this->getPluginManagerMock();
  471. $this->enableGroups($access);
  472. $dn = 'cn=userX,dc=foobar';
  473. $access->connection->hasPrimaryGroups = false;
  474. $access->connection->hasGidNumber = false;
  475. $access->expects($this->any())
  476. ->method('username2dn')
  477. ->willReturn($dn);
  478. $access->expects($this->exactly(3))
  479. ->method('readAttribute')
  480. ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], []));
  481. $access->expects($this->exactly(2))
  482. ->method('dn2groupname')
  483. ->willReturnArgument(0);
  484. $access->expects($this->exactly(1))
  485. ->method('groupsMatchFilter')
  486. ->willReturnArgument(0);
  487. $groupBackend = new GroupLDAP($access, $pluginManager);
  488. $groups = $groupBackend->getUserGroups('userX');
  489. $this->assertSame(2, count($groups));
  490. }
  491. public function testGetUserGroupsMemberOfDisabled() {
  492. $access = $this->getAccessMock();
  493. $pluginManager = $this->getPluginManagerMock();
  494. $access->connection = $this->createMock(Connection::class);
  495. $access->connection->expects($this->any())
  496. ->method('__get')
  497. ->willReturnCallback(function($name) {
  498. if($name === 'useMemberOfToDetectMembership') {
  499. return 0;
  500. } else if($name === 'ldapDynamicGroupMemberURL') {
  501. return '';
  502. }
  503. return 1;
  504. });
  505. $dn = 'cn=userX,dc=foobar';
  506. $access->connection->hasPrimaryGroups = false;
  507. $access->connection->hasGidNumber = false;
  508. $access->expects($this->once())
  509. ->method('username2dn')
  510. ->willReturn($dn);
  511. $access->expects($this->never())
  512. ->method('readAttribute')
  513. ->with($dn, 'memberOf');
  514. $access->expects($this->once())
  515. ->method('nextcloudGroupNames')
  516. ->willReturn([]);
  517. $access->expects($this->any())
  518. ->method('groupsMatchFilter')
  519. ->willReturnArgument(0);
  520. $groupBackend = new GroupLDAP($access, $pluginManager);
  521. $groupBackend->getUserGroups('userX');
  522. }
  523. public function testGetGroupsByMember() {
  524. $access = $this->getAccessMock();
  525. $pluginManager = $this->getPluginManagerMock();
  526. $access->connection = $this->createMock(Connection::class);
  527. $access->connection->expects($this->any())
  528. ->method('__get')
  529. ->willReturnCallback(function($name) {
  530. switch($name) {
  531. case 'useMemberOfToDetectMembership':
  532. return 0;
  533. case 'ldapDynamicGroupMemberURL':
  534. return '';
  535. case 'ldapNestedGroups':
  536. return false;
  537. case 'ldapGroupMemberAssocAttr':
  538. return 'member';
  539. }
  540. return 1;
  541. });
  542. $dn = 'cn=userX,dc=foobar';
  543. $access->connection->hasPrimaryGroups = false;
  544. $access->connection->hasGidNumber = false;
  545. $access->expects($this->exactly(2))
  546. ->method('username2dn')
  547. ->willReturn($dn);
  548. $access->expects($this->never())
  549. ->method('readAttribute')
  550. ->with($dn, 'memberOf');
  551. $group1 = [
  552. 'cn' => 'group1',
  553. 'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'],
  554. ];
  555. $group2 = [
  556. 'cn' => 'group2',
  557. 'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'],
  558. ];
  559. $access->expects($this->once())
  560. ->method('nextcloudGroupNames')
  561. ->with([$group1, $group2])
  562. ->willReturn(['group1', 'group2']);
  563. $access->expects($this->once())
  564. ->method('fetchListOfGroups')
  565. ->willReturn([$group1, $group2]);
  566. $access->expects($this->any())
  567. ->method('groupsMatchFilter')
  568. ->willReturnArgument(0);
  569. $groupBackend = new GroupLDAP($access, $pluginManager);
  570. $groups = $groupBackend->getUserGroups('userX');
  571. $this->assertEquals(['group1', 'group2'], $groups);
  572. $groupsAgain = $groupBackend->getUserGroups('userX');
  573. $this->assertEquals(['group1', 'group2'], $groupsAgain);
  574. }
  575. public function testCreateGroupWithPlugin() {
  576. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  577. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  578. ->setMethods(['implementsActions','createGroup'])
  579. ->getMock();
  580. $pluginManager->expects($this->once())
  581. ->method('implementsActions')
  582. ->with(GroupInterface::CREATE_GROUP)
  583. ->willReturn(true);
  584. $pluginManager->expects($this->once())
  585. ->method('createGroup')
  586. ->with('gid')
  587. ->willReturn('result');
  588. $access = $this->getAccessMock();
  589. $access->connection = $this->createMock(Connection::class);
  590. $ldap = new GroupLDAP($access, $pluginManager);
  591. $this->assertEquals($ldap->createGroup('gid'),true);
  592. }
  593. public function testCreateGroupFailing() {
  594. $this->expectException(\Exception::class);
  595. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  596. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  597. ->setMethods(['implementsActions', 'createGroup'])
  598. ->getMock();
  599. $pluginManager->expects($this->once())
  600. ->method('implementsActions')
  601. ->with(GroupInterface::CREATE_GROUP)
  602. ->willReturn(false);
  603. $access = $this->getAccessMock();
  604. $access->connection = $this->createMock(Connection::class);
  605. $ldap = new GroupLDAP($access, $pluginManager);
  606. $ldap->createGroup('gid');
  607. }
  608. public function testDeleteGroupWithPlugin() {
  609. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  610. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  611. ->setMethods(['implementsActions','deleteGroup'])
  612. ->getMock();
  613. $pluginManager->expects($this->once())
  614. ->method('implementsActions')
  615. ->with(GroupInterface::DELETE_GROUP)
  616. ->willReturn(true);
  617. $pluginManager->expects($this->once())
  618. ->method('deleteGroup')
  619. ->with('gid')
  620. ->willReturn('result');
  621. $mapper = $this->getMockBuilder('\OCA\User_LDAP\Mapping\GroupMapping')
  622. ->setMethods(['unmap'])
  623. ->disableOriginalConstructor()
  624. ->getMock();
  625. $access = $this->getAccessMock();
  626. $access->expects($this->any())
  627. ->method('getGroupMapper')
  628. ->willReturn($mapper);
  629. $access->connection = $this->createMock(Connection::class);
  630. $ldap = new GroupLDAP($access, $pluginManager);
  631. $this->assertEquals($ldap->deleteGroup('gid'),'result');
  632. }
  633. public function testDeleteGroupFailing() {
  634. $this->expectException(\Exception::class);
  635. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  636. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  637. ->setMethods(['implementsActions', 'deleteGroup'])
  638. ->getMock();
  639. $pluginManager->expects($this->once())
  640. ->method('implementsActions')
  641. ->with(GroupInterface::DELETE_GROUP)
  642. ->willReturn(false);
  643. $access = $this->getAccessMock();
  644. $access->connection = $this->createMock(Connection::class);
  645. $ldap = new GroupLDAP($access, $pluginManager);
  646. $ldap->deleteGroup('gid');
  647. }
  648. public function testAddToGroupWithPlugin() {
  649. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  650. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  651. ->setMethods(['implementsActions','addToGroup'])
  652. ->getMock();
  653. $pluginManager->expects($this->once())
  654. ->method('implementsActions')
  655. ->with(GroupInterface::ADD_TO_GROUP)
  656. ->willReturn(true);
  657. $pluginManager->expects($this->once())
  658. ->method('addToGroup')
  659. ->with('uid', 'gid')
  660. ->willReturn('result');
  661. $access = $this->getAccessMock();
  662. $access->connection = $this->createMock(Connection::class);
  663. $ldap = new GroupLDAP($access, $pluginManager);
  664. $this->assertEquals($ldap->addToGroup('uid', 'gid'),'result');
  665. }
  666. public function testAddToGroupFailing() {
  667. $this->expectException(\Exception::class);
  668. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  669. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  670. ->setMethods(['implementsActions', 'addToGroup'])
  671. ->getMock();
  672. $pluginManager->expects($this->once())
  673. ->method('implementsActions')
  674. ->with(GroupInterface::ADD_TO_GROUP)
  675. ->willReturn(false);
  676. $access = $this->getAccessMock();
  677. $access->connection = $this->createMock(Connection::class);
  678. $ldap = new GroupLDAP($access, $pluginManager);
  679. $ldap->addToGroup('uid', 'gid');
  680. }
  681. public function testRemoveFromGroupWithPlugin() {
  682. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  683. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  684. ->setMethods(['implementsActions','removeFromGroup'])
  685. ->getMock();
  686. $pluginManager->expects($this->once())
  687. ->method('implementsActions')
  688. ->with(GroupInterface::REMOVE_FROM_GROUP)
  689. ->willReturn(true);
  690. $pluginManager->expects($this->once())
  691. ->method('removeFromGroup')
  692. ->with('uid', 'gid')
  693. ->willReturn('result');
  694. $access = $this->getAccessMock();
  695. $access->connection = $this->createMock(Connection::class);
  696. $ldap = new GroupLDAP($access, $pluginManager);
  697. $this->assertEquals($ldap->removeFromGroup('uid', 'gid'),'result');
  698. }
  699. public function testRemoveFromGroupFailing() {
  700. $this->expectException(\Exception::class);
  701. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  702. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  703. ->setMethods(['implementsActions', 'removeFromGroup'])
  704. ->getMock();
  705. $pluginManager->expects($this->once())
  706. ->method('implementsActions')
  707. ->with(GroupInterface::REMOVE_FROM_GROUP)
  708. ->willReturn(false);
  709. $access = $this->getAccessMock();
  710. $access->connection = $this->createMock(Connection::class);
  711. $ldap = new GroupLDAP($access, $pluginManager);
  712. $ldap->removeFromGroup('uid', 'gid');
  713. }
  714. public function testGetGroupDetailsWithPlugin() {
  715. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  716. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  717. ->setMethods(['implementsActions','getGroupDetails'])
  718. ->getMock();
  719. $pluginManager->expects($this->once())
  720. ->method('implementsActions')
  721. ->with(GroupInterface::GROUP_DETAILS)
  722. ->willReturn(true);
  723. $pluginManager->expects($this->once())
  724. ->method('getGroupDetails')
  725. ->with('gid')
  726. ->willReturn('result');
  727. $access = $this->getAccessMock();
  728. $access->connection = $this->createMock(Connection::class);
  729. $ldap = new GroupLDAP($access, $pluginManager);
  730. $this->assertEquals($ldap->getGroupDetails('gid'),'result');
  731. }
  732. public function testGetGroupDetailsFailing() {
  733. $this->expectException(\Exception::class);
  734. /** @var GroupPluginManager|\PHPUnit_Framework_MockObject_MockObject $pluginManager */
  735. $pluginManager = $this->getMockBuilder('\OCA\User_LDAP\GroupPluginManager')
  736. ->setMethods(['implementsActions', 'getGroupDetails'])
  737. ->getMock();
  738. $pluginManager->expects($this->once())
  739. ->method('implementsActions')
  740. ->with(GroupInterface::GROUP_DETAILS)
  741. ->willReturn(false);
  742. $access = $this->getAccessMock();
  743. $access->connection = $this->createMock(Connection::class);
  744. $ldap = new GroupLDAP($access, $pluginManager);
  745. $ldap->getGroupDetails('gid');
  746. }
  747. public function groupMemberProvider() {
  748. $base = 'dc=species,dc=earth';
  749. $groups0 = [
  750. 'uid=3723,' . $base,
  751. 'uid=8372,' . $base,
  752. 'uid=8427,' . $base,
  753. 'uid=2333,' . $base,
  754. 'uid=4754,' . $base,
  755. ];
  756. $groups1 = [
  757. '3723',
  758. '8372',
  759. '8427',
  760. '2333',
  761. '4754',
  762. ];
  763. $groups2Nested = ['6642', '1424'];
  764. $expGroups2 = array_merge($groups1, $groups2Nested);
  765. return [
  766. [ #0 – test DNs
  767. 'cn=Birds,' . $base,
  768. $groups0,
  769. ['cn=Birds,' . $base => $groups0]
  770. ],
  771. [ #1 – test uids
  772. 'cn=Birds,' . $base,
  773. $groups1,
  774. ['cn=Birds,' . $base => $groups1]
  775. ],
  776. ];
  777. }
  778. /**
  779. * @param string $groupDN
  780. * @param string[] $expectedMembers
  781. * @param array $groupsInfo
  782. * @dataProvider groupMemberProvider
  783. */
  784. public function testGroupMembers($groupDN, $expectedMembers, $groupsInfo = null) {
  785. $access = $this->getAccessMock();
  786. $access->expects($this->any())
  787. ->method('readAttribute')
  788. ->willReturnCallback(function($group) use ($groupDN, $expectedMembers, $groupsInfo) {
  789. if(isset($groupsInfo[$group])) {
  790. return $groupsInfo[$group];
  791. }
  792. return [];
  793. });
  794. $access->connection = $this->createMock(Connection::class);
  795. if(count($groupsInfo) > 1) {
  796. $access->connection->expects($this->any())
  797. ->method('__get')
  798. ->willReturnCallback(function($name) {
  799. if($name === 'ldapNestedGroups') {
  800. return 1;
  801. }
  802. return null;
  803. });
  804. }
  805. /** @var GroupPluginManager $pluginManager */
  806. $pluginManager = $this->createMock(GroupPluginManager::class);
  807. $ldap = new GroupLDAP($access, $pluginManager);
  808. $resultingMembers = $this->invokePrivate($ldap, '_groupMembers', [$groupDN]);
  809. $this->assertEqualsCanonicalizing($expectedMembers, $resultingMembers);
  810. }
  811. public function displayNameProvider() {
  812. return [
  813. ['Graphic Novelists', ['Graphic Novelists']],
  814. ['', false],
  815. ];
  816. }
  817. /**
  818. * @dataProvider displayNameProvider
  819. */
  820. public function testGetDisplayName(string $expected, $ldapResult) {
  821. $gid = 'graphic_novelists';
  822. $access = $this->getAccessMock();
  823. $access->expects($this->atLeastOnce())
  824. ->method('readAttribute')
  825. ->willReturn($ldapResult);
  826. $access->connection = $this->createMock(Connection::class);
  827. $access->connection->expects($this->any())
  828. ->method('__get')
  829. ->willReturnCallback(function($name) {
  830. if($name === 'ldapGroupMemberAssocAttr') {
  831. return 'member';
  832. } else if($name === 'ldapGroupFilter') {
  833. return 'objectclass=nextcloudGroup';
  834. } else if($name === 'ldapGroupDisplayName') {
  835. return 'cn';
  836. }
  837. return null;
  838. });
  839. /** @var GroupPluginManager $pluginManager */
  840. $pluginManager = $this->createMock(GroupPluginManager::class);
  841. $ldap = new GroupLDAP($access, $pluginManager);
  842. $this->assertSame($expected, $ldap->getDisplayName($gid));
  843. }
  844. }