Página Principal Explorar Ajuda
Iniciar Sessão
RISCI_ATOM
/
nextcloud-server
mirror de https://github.com/nextcloud/server.git
1
0
Fork 0
Ficheiros Problemas 23 Wiki
Árvore: 58c51599f4
Ramos Etiquetas
nextcloud-serve...
/
apps
/
user_ldap
/
tests
/
AccessTest.php

AccessTest.php 19 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.
    4. 

  4.  * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>
    5. 

  5.  *
    6. 

  6.  * @author Andreas Fischer <bantu@owncloud.com>
    7. 

  7.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
    8. 

  8.  * @author Joas Schilling <coding@schilljs.com>
    9. 

  9.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>
    10. 

  10.  * @author Lukas Reschke <lukas@statuscode.ch>
    11. 

  11.  * @author Morris Jobke <hey@morrisjobke.de>
    12. 

  12.  * @author Roeland Jago Douma <roeland@famdouma.nl>
    13. 

  13.  * @author Roger Szabo <roger.szabo@web.de>
    14. 

  14.  * @author root <root@localhost.localdomain>
    15. 

  15.  * @author Thomas Müller <thomas.mueller@tmit.eu>
    16. 

  16.  * @author Victor Dubiniuk <dubiniuk@owncloud.com>
    17. 

  17.  *
    18. 

  18.  * @license AGPL-3.0
    19. 

  19.  *
    20. 

  20.  * This code is free software: you can redistribute it and/or modify
    21. 

  21.  * it under the terms of the GNU Affero General Public License, version 3,
    22. 

  22.  * as published by the Free Software Foundation.
    23. 

  23.  *
    24. 

  24.  * This program is distributed in the hope that it will be useful,
    25. 

  25.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    26. 

  26.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    27. 

  27.  * GNU Affero General Public License for more details.
    28. 

  28.  *
    29. 

  29.  * You should have received a copy of the GNU Affero General Public License, version 3,
    30. 

  30.  * along with this program.  If not, see <http://www.gnu.org/licenses/>
    31. 

  31.  *
    32. 

  32.  */
    33. 

  33. 

  34. namespace OCA\User_LDAP\Tests;
    35. 

  35. 

  36. use OCA\User_LDAP\Access;
    37. 

  37. use OCA\User_LDAP\Connection;
    38. 

  38. use OCA\User_LDAP\Exceptions\ConstraintViolationException;
    39. 

  39. use OCA\User_LDAP\FilesystemHelper;
    40. 

  40. use OCA\User_LDAP\Helper;
    41. 

  41. use OCA\User_LDAP\ILDAPWrapper;
    42. 

  42. use OCA\User_LDAP\LDAP;
    43. 

  43. use OCA\User_LDAP\LogWrapper;
    44. 

  44. use OCA\User_LDAP\Mapping\UserMapping;
    45. 

  45. use OCA\User_LDAP\User\Manager;
    46. 

  46. use OCA\User_LDAP\User\OfflineUser;
    47. 

  47. use OCA\User_LDAP\User\User;
    48. 

  48. use OCP\IAvatarManager;
    49. 

  49. use OCP\IConfig;
    50. 

  50. use OCP\IDBConnection;
    51. 

  51. use OCP\Image;
    52. 

  52. use OCP\IUserManager;
    53. 

  53. use OCP\Notification\IManager as INotificationManager;
    54. 

  54. use Test\TestCase;
    55. 

  55. 

  56. /**
    57. 

  57.  * Class AccessTest
    58. 

  58.  *
    59. 

  59.  * @group DB
    60. 

  60.  *
    61. 

  61.  * @package OCA\User_LDAP\Tests
    62. 

  62.  */
    63. 

  63. class AccessTest extends TestCase {
    64. 

  64. 	/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject */
    65. 

  65. 	protected $userMapper;
    66. 

  66. 	/** @var Connection|\PHPUnit_Framework_MockObject_MockObject */
    67. 

  67. 	private $connection;
    68. 

  68. 	/** @var LDAP|\PHPUnit_Framework_MockObject_MockObject */
    69. 

  69. 	private $ldap;
    70. 

  70. 	/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
    71. 

  71. 	private $userManager;
    72. 

  72. 	/** @var Helper|\PHPUnit_Framework_MockObject_MockObject */
    73. 

  73. 	private $helper;
    74. 

  74. 	/** @var  IConfig|\PHPUnit_Framework_MockObject_MockObject */
    75. 

  75. 	private $config;
    76. 

  76. 	/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
    77. 

  77. 	private $ncUserManager;
    78. 

  78. 	/** @var Access */
    79. 

  79. 	private $access;
    80. 

  80. 

  81. 	public function setUp() {
    82. 

  82. 		$this->connection = $this->createMock(Connection::class);
    83. 

  83. 		$this->ldap = $this->createMock(LDAP::class);
    84. 

  84. 		$this->userManager = $this->createMock(Manager::class);
    85. 

  85. 		$this->helper = $this->createMock(Helper::class);
    86. 

  86. 		$this->config  = $this->createMock(IConfig::class);
    87. 

  87. 		$this->userMapper = $this->createMock(UserMapping::class);
    88. 

  88. 		$this->ncUserManager = $this->createMock(IUserManager::class);
    89. 

  89. 

  90. 		$this->access = new Access(
    91. 

  91. 			$this->connection,
    92. 

  92. 			$this->ldap,
    93. 

  93. 			$this->userManager,
    94. 

  94. 			$this->helper,
    95. 

  95. 			$this->config,
    96. 

  96. 			$this->ncUserManager
    97. 

  97. 		);
    98. 

  98. 		$this->access->setUserMapper($this->userMapper);
    99. 

  99. 	}
    100. 

  100. 

  101. 	private function getConnectorAndLdapMock() {
    102. 

  102. 		$lw  = $this->createMock(ILDAPWrapper::class);
    103. 

  103. 		$connector = $this->getMockBuilder(Connection::class)
    104. 

  104. 			->setConstructorArgs([$lw, null, null])
    105. 

  105. 			->getMock();
    106. 

  106. 		$um = $this->getMockBuilder(Manager::class)
    107. 

  107. 			->setConstructorArgs([
    108. 

  108. 				$this->createMock(IConfig::class),
    109. 

  109. 				$this->createMock(FilesystemHelper::class),
    110. 

  110. 				$this->createMock(LogWrapper::class),
    111. 

  111. 				$this->createMock(IAvatarManager::class),
    112. 

  112. 				$this->createMock(Image::class),
    113. 

  113. 				$this->createMock(IDBConnection::class),
    114. 

  114. 				$this->createMock(IUserManager::class),
    115. 

  115. 				$this->createMock(INotificationManager::class)])
    116. 

  116. 			->getMock();
    117. 

  117. 		$helper = new Helper(\OC::$server->getConfig());
    118. 

  118. 

  119. 		return array($lw, $connector, $um, $helper);
    120. 

  120. 	}
    121. 

  121. 

  122. 	public function testEscapeFilterPartValidChars() {
    123. 

  123. 		$input = 'okay';
    124. 

  124. 		$this->assertTrue($input === $this->access->escapeFilterPart($input));
    125. 

  125. 	}
    126. 

  126. 

  127. 	public function testEscapeFilterPartEscapeWildcard() {
    128. 

  128. 		$input = '*';
    129. 

  129. 		$expected = '\\\\*';
    130. 

  130. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));
    131. 

  131. 	}
    132. 

  132. 

  133. 	public function testEscapeFilterPartEscapeWildcard2() {
    134. 

  134. 		$input = 'foo*bar';
    135. 

  135. 		$expected = 'foo\\\\*bar';
    136. 

  136. 		$this->assertTrue($expected === $this->access->escapeFilterPart($input));
    137. 

  137. 	}
    138. 

  138. 

  139. 	/**
    140. 

  140. 	 * @dataProvider convertSID2StrSuccessData
    141. 

  141. 	 * @param array $sidArray
    142. 

  142. 	 * @param $sidExpected
    143. 

  143. 	 */
    144. 

  144. 	public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
    145. 

  145. 		$sidBinary = implode('', $sidArray);
    146. 

  146. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary));
    147. 

  147. 	}
    148. 

  148. 

  149. 	public function convertSID2StrSuccessData() {
    150. 

  150. 		return array(
    151. 

  151. 			array(
    152. 

  152. 				array(
    153. 

  153. 					"\x01",
    154. 

  154. 					"\x04",
    155. 

  155. 					"\x00\x00\x00\x00\x00\x05",
    156. 

  156. 					"\x15\x00\x00\x00",
    157. 

  157. 					"\xa6\x81\xe5\x0e",
    158. 

  158. 					"\x4d\x6c\x6c\x2b",
    159. 

  159. 					"\xca\x32\x05\x5f",
    160. 

  160. 				),
    161. 

  161. 				'S-1-5-21-249921958-728525901-1594176202',
    162. 

  162. 			),
    163. 

  163. 			array(
    164. 

  164. 				array(
    165. 

  165. 					"\x01",
    166. 

  166. 					"\x02",
    167. 

  167. 					"\xFF\xFF\xFF\xFF\xFF\xFF",
    168. 

  168. 					"\xFF\xFF\xFF\xFF",
    169. 

  169. 					"\xFF\xFF\xFF\xFF",
    170. 

  170. 				),
    171. 

  171. 				'S-1-281474976710655-4294967295-4294967295',
    172. 

  172. 			),
    173. 

  173. 		);
    174. 

  174. 	}
    175. 

  175. 

  176. 	public function testConvertSID2StrInputError() {
    177. 

  177. 		$sidIllegal = 'foobar';
    178. 

  178. 		$sidExpected = '';
    179. 

  179. 

  180. 		$this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal));
    181. 

  181. 	}
    182. 

  182. 

  183. 	public function testGetDomainDNFromDNSuccess() {
    184. 

  184. 		$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
    185. 

  185. 		$domainDN = 'dc=my,dc=server,dc=com';
    186. 

  186. 

  187. 		$this->ldap->expects($this->once())
    188. 

  188. 			->method('explodeDN')
    189. 

  189. 			->with($inputDN, 0)
    190. 

  190. 			->will($this->returnValue(explode(',', $inputDN)));
    191. 

  191. 

  192. 		$this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN));
    193. 

  193. 	}
    194. 

  194. 

  195. 	public function testGetDomainDNFromDNError() {
    196. 

  196. 		$inputDN = 'foobar';
    197. 

  197. 		$expected = '';
    198. 

  198. 

  199. 		$this->ldap->expects($this->once())
    200. 

  200. 			->method('explodeDN')
    201. 

  201. 			->with($inputDN, 0)
    202. 

  202. 			->will($this->returnValue(false));
    203. 

  203. 

  204. 		$this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN));
    205. 

  205. 	}
    206. 

  206. 

  207. 	public function dnInputDataProvider() {
    208. 

  208. 		return  [[
    209. 

  209. 			[
    210. 

  210. 				'input' => 'foo=bar,bar=foo,dc=foobar',
    211. 

  211. 				'interResult' => array(
    212. 

  212. 					'count' => 3,
    213. 

  213. 					0 => 'foo=bar',
    214. 

  214. 					1 => 'bar=foo',
    215. 

  215. 					2 => 'dc=foobar'
    216. 

  216. 				),
    217. 

  217. 				'expectedResult' => true
    218. 

  218. 			],
    219. 

  219. 			[
    220. 

  220. 				'input' => 'foobarbarfoodcfoobar',
    221. 

  221. 				'interResult' => false,
    222. 

  222. 				'expectedResult' => false
    223. 

  223. 			]
    224. 

  224. 		]];
    225. 

  225. 	}
    226. 

  226. 

  227. 	/**
    228. 

  228. 	 * @dataProvider dnInputDataProvider
    229. 

  229. 	 * @param array $case
    230. 

  230. 	 */
    231. 

  231. 	public function testStringResemblesDN($case) {
    232. 

  232. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    233. 

  233. 		/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
    234. 

  234. 		$config = $this->createMock(IConfig::class);
    235. 

  235. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
    236. 

  236. 

  237. 		$lw->expects($this->exactly(1))
    238. 

  238. 			->method('explodeDN')
    239. 

  239. 			->will($this->returnCallback(function ($dn) use ($case) {
    240. 

  240. 				if($dn === $case['input']) {
    241. 

  241. 					return $case['interResult'];
    242. 

  242. 				}
    243. 

  243. 				return null;
    244. 

  244. 			}));
    245. 

  245. 

  246. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
    247. 

  247. 	}
    248. 

  248. 

  249. 	/**
    250. 

  250. 	 * @dataProvider dnInputDataProvider
    251. 

  251. 	 * @param $case
    252. 

  252. 	 */
    253. 

  253. 	public function testStringResemblesDNLDAPmod($case) {
    254. 

  254. 		list(, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    255. 

  255. 		/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
    256. 

  256. 		$config = $this->createMock(IConfig::class);
    257. 

  257. 		$lw = new LDAP();
    258. 

  258. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
    259. 

  259. 

  260. 		if(!function_exists('ldap_explode_dn')) {
    261. 

  261. 			$this->markTestSkipped('LDAP Module not available');
    262. 

  262. 		}
    263. 

  263. 

  264. 		$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
    265. 

  265. 	}
    266. 

  266. 

  267. 	public function testCacheUserHome() {
    268. 

  268. 		$this->connection->expects($this->once())
    269. 

  269. 			->method('writeToCache');
    270. 

  270. 

  271. 		$this->access->cacheUserHome('foobar', '/foobars/path');
    272. 

  272. 	}
    273. 

  273. 

  274. 	public function testBatchApplyUserAttributes() {
    275. 

  275. 		$this->ldap->expects($this->any())
    276. 

  276. 			->method('isResource')
    277. 

  277. 			->willReturn(true);
    278. 

  278. 

  279. 		$this->ldap->expects($this->any())
    280. 

  280. 			->method('getAttributes')
    281. 

  281. 			->willReturn(['displayname' => ['bar', 'count' => 1]]);
    282. 

  282. 

  283. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    284. 

  284. 		$mapperMock = $this->createMock(UserMapping::class);
    285. 

  285. 		$mapperMock->expects($this->any())
    286. 

  286. 			->method('getNameByDN')
    287. 

  287. 			->willReturn(false);
    288. 

  288. 		$mapperMock->expects($this->any())
    289. 

  289. 			->method('map')
    290. 

  290. 			->willReturn(true);
    291. 

  291. 

  292. 		$userMock = $this->createMock(User::class);
    293. 

  293. 

  294. 		// also returns for userUuidAttribute
    295. 

  295. 		$this->access->connection->expects($this->any())
    296. 

  296. 			->method('__get')
    297. 

  297. 			->will($this->returnValue('displayName'));
    298. 

  298. 

  299. 		$this->access->setUserMapper($mapperMock);
    300. 

  300. 

  301. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
    302. 

  302. 		$data = [
    303. 

  303. 			[
    304. 

  304. 				'dn' => ['foobar'],
    305. 

  305. 				$displayNameAttribute => 'barfoo'
    306. 

  306. 			],
    307. 

  307. 			[
    308. 

  308. 				'dn' => ['foo'],
    309. 

  309. 				$displayNameAttribute => 'bar'
    310. 

  310. 			],
    311. 

  311. 			[
    312. 

  312. 				'dn' => ['raboof'],
    313. 

  313. 				$displayNameAttribute => 'oofrab'
    314. 

  314. 			]
    315. 

  315. 		];
    316. 

  316. 

  317. 		$userMock->expects($this->exactly(count($data)))
    318. 

  318. 			->method('processAttributes');
    319. 

  319. 

  320. 		$this->userManager->expects($this->exactly(count($data) * 2))
    321. 

  321. 			->method('get')
    322. 

  322. 			->will($this->returnValue($userMock));
    323. 

  323. 

  324. 		$this->access->batchApplyUserAttributes($data);
    325. 

  325. 	}
    326. 

  326. 

  327. 	public function testBatchApplyUserAttributesSkipped() {
    328. 

  328. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    329. 

  329. 		$mapperMock = $this->createMock(UserMapping::class);
    330. 

  330. 		$mapperMock->expects($this->any())
    331. 

  331. 			->method('getNameByDN')
    332. 

  332. 			->will($this->returnValue('a_username'));
    333. 

  333. 

  334. 		$userMock = $this->createMock(User::class);
    335. 

  335. 

  336. 		$this->access->connection->expects($this->any())
    337. 

  337. 			->method('__get')
    338. 

  338. 			->will($this->returnValue('displayName'));
    339. 

  339. 

  340. 		$this->access->setUserMapper($mapperMock);
    341. 

  341. 

  342. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
    343. 

  343. 		$data = [
    344. 

  344. 			[
    345. 

  345. 				'dn' => ['foobar'],
    346. 

  346. 				$displayNameAttribute => 'barfoo'
    347. 

  347. 			],
    348. 

  348. 			[
    349. 

  349. 				'dn' => ['foo'],
    350. 

  350. 				$displayNameAttribute => 'bar'
    351. 

  351. 			],
    352. 

  352. 			[
    353. 

  353. 				'dn' => ['raboof'],
    354. 

  354. 				$displayNameAttribute => 'oofrab'
    355. 

  355. 			]
    356. 

  356. 		];
    357. 

  357. 

  358. 		$userMock->expects($this->never())
    359. 

  359. 			->method('processAttributes');
    360. 

  360. 

  361. 		$this->userManager->expects($this->any())
    362. 

  362. 			->method('get')
    363. 

  363. 			->willReturn($this->createMock(User::class));
    364. 

  364. 

  365. 		$this->access->batchApplyUserAttributes($data);
    366. 

  366. 	}
    367. 

  367. 

  368. 	public function testBatchApplyUserAttributesDontSkip() {
    369. 

  369. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    370. 

  370. 		$mapperMock = $this->createMock(UserMapping::class);
    371. 

  371. 		$mapperMock->expects($this->any())
    372. 

  372. 			->method('getNameByDN')
    373. 

  373. 			->will($this->returnValue('a_username'));
    374. 

  374. 

  375. 		$userMock = $this->createMock(User::class);
    376. 

  376. 

  377. 		$this->access->connection->expects($this->any())
    378. 

  378. 			->method('__get')
    379. 

  379. 			->will($this->returnValue('displayName'));
    380. 

  380. 

  381. 		$this->access->setUserMapper($mapperMock);
    382. 

  382. 

  383. 		$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
    384. 

  384. 		$data = [
    385. 

  385. 			[
    386. 

  386. 				'dn' => ['foobar'],
    387. 

  387. 				$displayNameAttribute => 'barfoo'
    388. 

  388. 			],
    389. 

  389. 			[
    390. 

  390. 				'dn' => ['foo'],
    391. 

  391. 				$displayNameAttribute => 'bar'
    392. 

  392. 			],
    393. 

  393. 			[
    394. 

  394. 				'dn' => ['raboof'],
    395. 

  395. 				$displayNameAttribute => 'oofrab'
    396. 

  396. 			]
    397. 

  397. 		];
    398. 

  398. 

  399. 		$userMock->expects($this->exactly(count($data)))
    400. 

  400. 			->method('processAttributes');
    401. 

  401. 

  402. 		$this->userManager->expects($this->exactly(count($data) * 2))
    403. 

  403. 			->method('get')
    404. 

  404. 			->will($this->returnValue($userMock));
    405. 

  405. 

  406. 		$this->access->batchApplyUserAttributes($data);
    407. 

  407. 	}
    408. 

  408. 

  409. 	public function dNAttributeProvider() {
    410. 

  410. 		// corresponds to Access::resemblesDN()
    411. 

  411. 		return array(
    412. 

  412. 			'dn' => array('dn'),
    413. 

  413. 			'uniqueMember' => array('uniquemember'),
    414. 

  414. 			'member' => array('member'),
    415. 

  415. 			'memberOf' => array('memberof')
    416. 

  416. 		);
    417. 

  417. 	}
    418. 

  418. 

  419. 	/**
    420. 

  420. 	 * @dataProvider dNAttributeProvider
    421. 

  421. 	 * @param $attribute
    422. 

  422. 	 */
    423. 

  423. 	public function testSanitizeDN($attribute) {
    424. 

  424. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    425. 

  425. 		/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
    426. 

  426. 		$config = $this->createMock(IConfig::class);
    427. 

  427. 

  428. 		$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
    429. 

  429. 

  430. 		$lw->expects($this->any())
    431. 

  431. 			->method('isResource')
    432. 

  432. 			->will($this->returnValue(true));
    433. 

  433. 		$lw->expects($this->any())
    434. 

  434. 			->method('getAttributes')
    435. 

  435. 			->will($this->returnValue(array(
    436. 

  436. 				$attribute => array('count' => 1, $dnFromServer)
    437. 

  437. 			)));
    438. 

  438. 

  439. 		$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
    440. 

  440. 		$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
    441. 

  441. 		$this->assertSame($values[0], strtolower($dnFromServer));
    442. 

  442. 	}
    443. 

  443. 

  444. 	/**
    445. 

  445. 	 * @expectedException \Exception
    446. 

  446. 	 * @expectedExceptionMessage LDAP password changes are disabled
    447. 

  447. 	 */
    448. 

  448. 	public function testSetPasswordWithDisabledChanges() {
    449. 

  449. 		$this->connection
    450. 

  450. 			->method('__get')
    451. 

  451. 			->willReturn(false);
    452. 

  452. 

  453. 		/** @noinspection PhpUnhandledExceptionInspection */
    454. 

  454. 		$this->access->setPassword('CN=foo', 'MyPassword');
    455. 

  455. 	}
    456. 

  456. 

  457. 	public function testSetPasswordWithLdapNotAvailable() {
    458. 

  458. 		$this->connection
    459. 

  459. 			->method('__get')
    460. 

  460. 			->willReturn(true);
    461. 

  461. 		$connection = $this->createMock(LDAP::class);
    462. 

  462. 		$this->connection
    463. 

  463. 			->expects($this->once())
    464. 

  464. 			->method('getConnectionResource')
    465. 

  465. 			->willReturn($connection);
    466. 

  466. 		$this->ldap
    467. 

  467. 			->expects($this->once())
    468. 

  468. 			->method('isResource')
    469. 

  469. 			->with($connection)
    470. 

  470. 			->willReturn(false);
    471. 

  471. 

  472. 		/** @noinspection PhpUnhandledExceptionInspection */
    473. 

  473. 		$this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword'));
    474. 

  474. 	}
    475. 

  475. 

  476. 	/**
    477. 

  477. 	 * @expectedException \OC\HintException
    478. 

  478. 	 * @expectedExceptionMessage Password change rejected.
    479. 

  479. 	 */
    480. 

  480. 	public function testSetPasswordWithRejectedChange() {
    481. 

  481. 		$this->connection
    482. 

  482. 			->method('__get')
    483. 

  483. 			->willReturn(true);
    484. 

  484. 		$connection = $this->createMock(LDAP::class);
    485. 

  485. 		$this->connection
    486. 

  486. 			->expects($this->once())
    487. 

  487. 			->method('getConnectionResource')
    488. 

  488. 			->willReturn($connection);
    489. 

  489. 		$this->ldap
    490. 

  490. 			->expects($this->once())
    491. 

  491. 			->method('isResource')
    492. 

  492. 			->with($connection)
    493. 

  493. 			->willReturn(true);
    494. 

  494. 		$this->ldap
    495. 

  495. 			->expects($this->once())
    496. 

  496. 			->method('modReplace')
    497. 

  497. 			->with($connection, 'CN=foo', 'MyPassword')
    498. 

  498. 			->willThrowException(new ConstraintViolationException());
    499. 

  499. 

  500. 		/** @noinspection PhpUnhandledExceptionInspection */
    501. 

  501. 		$this->access->setPassword('CN=foo', 'MyPassword');
    502. 

  502. 	}
    503. 

  503. 

  504. 	public function testSetPassword() {
    505. 

  505. 		$this->connection
    506. 

  506. 			->method('__get')
    507. 

  507. 			->willReturn(true);
    508. 

  508. 		$connection = $this->createMock(LDAP::class);
    509. 

  509. 		$this->connection
    510. 

  510. 			->expects($this->once())
    511. 

  511. 			->method('getConnectionResource')
    512. 

  512. 			->willReturn($connection);
    513. 

  513. 		$this->ldap
    514. 

  514. 			->expects($this->once())
    515. 

  515. 			->method('isResource')
    516. 

  516. 			->with($connection)
    517. 

  517. 			->willReturn(true);
    518. 

  518. 		$this->ldap
    519. 

  519. 			->expects($this->once())
    520. 

  520. 			->method('modReplace')
    521. 

  521. 			->with($connection, 'CN=foo', 'MyPassword')
    522. 

  522. 			->willReturn(true);
    523. 

  523. 

  524. 		/** @noinspection PhpUnhandledExceptionInspection */
    525. 

  525. 		$this->assertTrue($this->access->setPassword('CN=foo', 'MyPassword'));
    526. 

  526. 	}
    527. 

  527. 

  528. 	protected function prepareMocksForSearchTests(
    529. 

  529. 		$base,
    530. 

  530. 		$fakeConnection,
    531. 

  531. 		$fakeSearchResultResource,
    532. 

  532. 		$fakeLdapEntries
    533. 

  533. 	) {
    534. 

  534. 		$this->connection
    535. 

  535. 			->expects($this->any())
    536. 

  536. 			->method('getConnectionResource')
    537. 

  537. 			->willReturn($fakeConnection);
    538. 

  538. 		$this->connection->expects($this->any())
    539. 

  539. 			->method('__get')
    540. 

  540. 			->willReturnCallback(function($key) use ($base) {
    541. 

  541. 				if(stripos($key, 'base') !== false) {
    542. 

  542. 					return $base;
    543. 

  543. 				}
    544. 

  544. 				return null;
    545. 

  545. 			});
    546. 

  546. 

  547. 		$this->ldap
    548. 

  548. 			->expects($this->any())
    549. 

  549. 			->method('isResource')
    550. 

  550. 			->willReturnCallback(function ($resource) use ($fakeConnection) {
    551. 

  551. 				return $resource === $fakeConnection;
    552. 

  552. 			});
    553. 

  553. 		$this->ldap
    554. 

  554. 			->expects($this->any())
    555. 

  555. 			->method('errno')
    556. 

  556. 			->willReturn(0);
    557. 

  557. 		$this->ldap
    558. 

  558. 			->expects($this->once())
    559. 

  559. 			->method('search')
    560. 

  560. 			->willReturn([$fakeSearchResultResource]);
    561. 

  561. 		$this->ldap
    562. 

  562. 			->expects($this->exactly(count($base)))
    563. 

  563. 			->method('getEntries')
    564. 

  564. 			->willReturn($fakeLdapEntries);
    565. 

  565. 

  566. 		$this->helper->expects($this->any())
    567. 

  567. 			->method('sanitizeDN')
    568. 

  568. 			->willReturnArgument(0);
    569. 

  569. 	}
    570. 

  570. 

  571. 	public function testSearchNoPagedSearch() {
    572. 

  572. 		// scenario: no pages search, 1 search base
    573. 

  573. 		$filter = 'objectClass=nextcloudUser';
    574. 

  574. 		$base = ['ou=zombies,dc=foobar,dc=nextcloud,dc=com'];
    575. 

  575. 

  576. 		$fakeConnection = new \stdClass();
    577. 

  577. 		$fakeSearchResultResource = new \stdClass();
    578. 

  578. 		$fakeLdapEntries = [
    579. 

  579. 			'count' => 2,
    580. 

  580. 			[
    581. 

  581. 				'dn' => 'uid=sgarth,' . $base[0],
    582. 

  582. 			],
    583. 

  583. 			[
    584. 

  584. 				'dn' => 'uid=wwilson,' . $base[0],
    585. 

  585. 			]
    586. 

  586. 		];
    587. 

  587. 

  588. 		$expected = $fakeLdapEntries;
    589. 

  589. 		unset($expected['count']);
    590. 

  590. 

  591. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);
    592. 

  592. 

  593. 		/** @noinspection PhpUnhandledExceptionInspection */
    594. 

  594. 		$result = $this->access->search($filter, $base);
    595. 

  595. 		$this->assertSame($expected, $result);
    596. 

  596. 	}
    597. 

  597. 

  598. 	public function testFetchListOfUsers() {
    599. 

  599. 		$filter = 'objectClass=nextcloudUser';
    600. 

  600. 		$base = ['ou=zombies,dc=foobar,dc=nextcloud,dc=com'];
    601. 

  601. 		$attrs = ['dn', 'uid'];
    602. 

  602. 

  603. 		$fakeConnection = new \stdClass();
    604. 

  604. 		$fakeSearchResultResource = new \stdClass();
    605. 

  605. 		$fakeLdapEntries = [
    606. 

  606. 			'count' => 2,
    607. 

  607. 			[
    608. 

  608. 				'dn' => 'uid=sgarth,' . $base[0],
    609. 

  609. 				'uid' => [ 'sgarth' ],
    610. 

  610. 			],
    611. 

  611. 			[
    612. 

  612. 				'dn' => 'uid=wwilson,' . $base[0],
    613. 

  613. 				'uid' => [ 'wwilson' ],
    614. 

  614. 			]
    615. 

  615. 		];
    616. 

  616. 		$expected = $fakeLdapEntries;
    617. 

  617. 		unset($expected['count']);
    618. 

  618. 		array_walk($expected, function(&$v) {
    619. 

  619. 			$v['dn'] = [$v['dn']];	// dn is translated into an array internally for consistency
    620. 

  620. 		});
    621. 

  621. 

  622. 		$this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);
    623. 

  623. 

  624. 		$this->connection->expects($this->exactly($fakeLdapEntries['count']))
    625. 

  625. 			->method('writeToCache')
    626. 

  626. 			->with($this->stringStartsWith('userExists'), true);
    627. 

  627. 

  628. 		$this->userMapper->expects($this->exactly($fakeLdapEntries['count']))
    629. 

  629. 			->method('getNameByDN')
    630. 

  630. 			->willReturnCallback(function($fdn) {
    631. 

  631. 				$parts = ldap_explode_dn($fdn, false);
    632. 

  632. 				return $parts[0];
    633. 

  633. 			});
    634. 

  634. 

  635. 		/** @noinspection PhpUnhandledExceptionInspection */
    636. 

  636. 		$list = $this->access->fetchListOfUsers($filter, $attrs);
    637. 

  637. 		$this->assertSame($expected, $list);
    638. 

  638. 	}
    639. 

  639. 

  640. 	public function intUsernameProvider() {
    641. 

  641. 		// system dependent :-/
    642. 

  642. 		$translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';
    643. 

  643. 

  644. 		return [
    645. 

  645. 			['alice', 'alice'],
    646. 

  646. 			['b/ob', 'bob'],
    647. 

  647. 			['charly🐬', 'charly'],
    648. 

  648. 			['debo rah', 'debo_rah'],
    649. 

  649. 			['epost@poste.test', 'epost@poste.test'],
    650. 

  650. 			['fränk', $translitExpected],
    651. 

  651. 			[' gerda ', 'gerda'],
    652. 

  652. 			['🕱🐵🐘🐑', null]
    653. 

  653. 		];
    654. 

  654. 	}
    655. 

  655. 

  656. 	/**
    657. 

  657. 	 * @dataProvider intUsernameProvider
    658. 

  658. 	 *
    659. 

  659. 	 * @param $name
    660. 

  660. 	 * @param $expected
    661. 

  661. 	 */
    662. 

  662. 	public function testSanitizeUsername($name, $expected) {
    663. 

  663. 		if($expected === null) {
    664. 

  664. 			$this->expectException(\InvalidArgumentException::class);
    665. 

  665. 		}
    666. 

  666. 		$sanitizedName = $this->access->sanitizeUsername($name);
    667. 

  667. 		$this->assertSame($expected, $sanitizedName);
    668. 

  668. 	}
    669. 

  669. 

  670. 	public function testUserStateUpdate() {
    671. 

  671. 		$this->connection->expects($this->any())
    672. 

  672. 			->method('__get')
    673. 

  673. 			->willReturnMap([
    674. 

  674. 				[ 'ldapUserDisplayName', 'displayName' ],
    675. 

  675. 				[ 'ldapUserDisplayName2', null],
    676. 

  676. 			]);
    677. 

  677. 

  678. 		$offlineUserMock = $this->createMock(OfflineUser::class);
    679. 

  679. 		$offlineUserMock->expects($this->once())
    680. 

  680. 			->method('unmark');
    681. 

  681. 

  682. 		$regularUserMock = $this->createMock(User::class);
    683. 

  683. 

  684. 		$this->userManager->expects($this->atLeastOnce())
    685. 

  685. 			->method('get')
    686. 

  686. 			->with('detta')
    687. 

  687. 			->willReturnOnConsecutiveCalls($offlineUserMock, $regularUserMock);
    688. 

  688. 

  689. 		/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
    690. 

  690. 		$mapperMock = $this->createMock(UserMapping::class);
    691. 

  691. 		$mapperMock->expects($this->any())
    692. 

  692. 			->method('getNameByDN')
    693. 

  693. 			->with('uid=detta,ou=users,dc=hex,dc=ample')
    694. 

  694. 			->willReturn('detta');
    695. 

  695. 		$this->access->setUserMapper($mapperMock);
    696. 

  696. 

  697. 		$records = [
    698. 

  698. 			[
    699. 

  699. 				'dn' => ['uid=detta,ou=users,dc=hex,dc=ample'],
    700. 

  700. 				'displayName' => ['Detta Detkova'],
    701. 

  701. 			]
    702. 

  702. 		];
    703. 

  703. 		$this->access->nextcloudUserNames($records);
    704. 

  704. 	}
    705. 

  705. 

  706. }
    707.