1
0

ConnectionTest.php 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\User_LDAP\Tests;
  8. use OC\ServerNotAvailableException;
  9. use OCA\User_LDAP\Connection;
  10. use OCA\User_LDAP\ILDAPWrapper;
  11. /**
  12. * Class Test_Connection
  13. *
  14. * @group DB
  15. *
  16. * @package OCA\User_LDAP\Tests
  17. */
  18. class ConnectionTest extends \Test\TestCase {
  19. /** @var ILDAPWrapper|\PHPUnit\Framework\MockObject\MockObject */
  20. protected $ldap;
  21. /** @var Connection */
  22. protected $connection;
  23. protected function setUp(): void {
  24. parent::setUp();
  25. $this->ldap = $this->createMock(ILDAPWrapper::class);
  26. // we use a mock here to replace the cache mechanism, due to missing DI in LDAP backend.
  27. $this->connection = $this->getMockBuilder('OCA\User_LDAP\Connection')
  28. ->setMethods(['getFromCache', 'writeToCache'])
  29. ->setConstructorArgs([$this->ldap, '', null])
  30. ->getMock();
  31. $this->ldap->expects($this->any())
  32. ->method('areLDAPFunctionsAvailable')
  33. ->willReturn(true);
  34. }
  35. public function testOriginalAgentUnchangedOnClone(): void {
  36. //background: upon login a bind is done with the user credentials
  37. //which is valid for the whole LDAP resource. It needs to be reset
  38. //to the agent's credentials
  39. $lw = $this->createMock(ILDAPWrapper::class);
  40. $connection = new Connection($lw, '', null);
  41. $agent = [
  42. 'ldapAgentName' => 'agent',
  43. 'ldapAgentPassword' => '123456',
  44. ];
  45. $connection->setConfiguration($agent);
  46. $testConnection = clone $connection;
  47. $user = [
  48. 'ldapAgentName' => 'user',
  49. 'ldapAgentPassword' => 'password',
  50. ];
  51. $testConnection->setConfiguration($user);
  52. $agentName = $connection->ldapAgentName;
  53. $agentPawd = $connection->ldapAgentPassword;
  54. $this->assertSame($agentName, $agent['ldapAgentName']);
  55. $this->assertSame($agentPawd, $agent['ldapAgentPassword']);
  56. }
  57. public function testUseBackupServer(): void {
  58. $mainHost = 'ldap://nixda.ldap';
  59. $backupHost = 'ldap://fallback.ldap';
  60. $config = [
  61. 'ldapConfigurationActive' => true,
  62. 'ldapHost' => $mainHost,
  63. 'ldapPort' => 389,
  64. 'ldapBackupHost' => $backupHost,
  65. 'ldapBackupPort' => 389,
  66. 'ldapAgentName' => 'uid=agent',
  67. 'ldapAgentPassword' => 'SuchASecret'
  68. ];
  69. $this->connection->setIgnoreValidation(true);
  70. $this->connection->setConfiguration($config);
  71. $this->ldap->expects($this->any())
  72. ->method('isResource')
  73. ->willReturn(true);
  74. $this->ldap->expects($this->any())
  75. ->method('setOption')
  76. ->willReturn(true);
  77. $this->ldap->expects($this->exactly(3))
  78. ->method('connect')
  79. ->willReturn(ldap_connect('ldap://example.com'));
  80. $this->ldap->expects($this->any())
  81. ->method('errno')
  82. ->willReturn(0);
  83. // Not called often enough? Then, the fallback to the backup server is broken.
  84. $this->connection->expects($this->exactly(2))
  85. ->method('getFromCache')
  86. ->with('overrideMainServer')
  87. ->will($this->onConsecutiveCalls(false, false, true, true));
  88. $this->connection->expects($this->once())
  89. ->method('writeToCache')
  90. ->with('overrideMainServer', true);
  91. $isThrown = false;
  92. $this->ldap->expects($this->exactly(3))
  93. ->method('bind')
  94. ->willReturnCallback(function () use (&$isThrown) {
  95. if (!$isThrown) {
  96. $isThrown = true;
  97. throw new ServerNotAvailableException();
  98. }
  99. return true;
  100. });
  101. $this->connection->init();
  102. $this->connection->resetConnectionResource();
  103. // with the second init() we test whether caching works
  104. $this->connection->init();
  105. }
  106. public function testDontUseBackupServerOnFailedAuth(): void {
  107. $mainHost = 'ldap://nixda.ldap';
  108. $backupHost = 'ldap://fallback.ldap';
  109. $config = [
  110. 'ldapConfigurationActive' => true,
  111. 'ldapHost' => $mainHost,
  112. 'ldapPort' => 389,
  113. 'ldapBackupHost' => $backupHost,
  114. 'ldapBackupPort' => 389,
  115. 'ldapAgentName' => 'uid=agent',
  116. 'ldapAgentPassword' => 'SuchASecret'
  117. ];
  118. $this->connection->setIgnoreValidation(true);
  119. $this->connection->setConfiguration($config);
  120. $this->ldap->expects($this->any())
  121. ->method('isResource')
  122. ->willReturn(true);
  123. $this->ldap->expects($this->any())
  124. ->method('setOption')
  125. ->willReturn(true);
  126. $this->ldap->expects($this->once())
  127. ->method('connect')
  128. ->willReturn(ldap_connect('ldap://example.com'));
  129. $this->ldap->expects($this->any())
  130. ->method('errno')
  131. ->willReturn(49);
  132. $this->connection->expects($this->any())
  133. ->method('getFromCache')
  134. ->with('overrideMainServer')
  135. ->willReturn(false);
  136. $this->connection->expects($this->never())
  137. ->method('writeToCache');
  138. $this->ldap->expects($this->exactly(1))
  139. ->method('bind')
  140. ->willReturn(false);
  141. $this->connection->init();
  142. }
  143. public function testBindWithInvalidCredentials(): void {
  144. // background: Bind with invalid credentials should return false
  145. // and not throw a ServerNotAvailableException.
  146. $host = 'ldap://nixda.ldap';
  147. $config = [
  148. 'ldapConfigurationActive' => true,
  149. 'ldapHost' => $host,
  150. 'ldapPort' => 389,
  151. 'ldapBackupHost' => '',
  152. 'ldapAgentName' => 'user',
  153. 'ldapAgentPassword' => 'password'
  154. ];
  155. $this->connection->setIgnoreValidation(true);
  156. $this->connection->setConfiguration($config);
  157. $this->ldap->expects($this->any())
  158. ->method('isResource')
  159. ->willReturn(true);
  160. $this->ldap->expects($this->any())
  161. ->method('setOption')
  162. ->willReturn(true);
  163. $this->ldap->expects($this->any())
  164. ->method('connect')
  165. ->willReturn(ldap_connect('ldap://example.com'));
  166. $this->ldap->expects($this->once())
  167. ->method('bind')
  168. ->willReturn(false);
  169. // LDAP_INVALID_CREDENTIALS
  170. $this->ldap->expects($this->any())
  171. ->method('errno')
  172. ->willReturn(0x31);
  173. try {
  174. $this->assertFalse($this->connection->bind(), 'Connection::bind() should not return true with invalid credentials.');
  175. } catch (ServerNotAvailableException $e) {
  176. $this->fail('Failed asserting that exception of type "OC\ServerNotAvailableException" is not thrown.');
  177. }
  178. }
  179. public function testStartTlsNegotiationFailure(): void {
  180. // background: If Start TLS negotiation fails,
  181. // a ServerNotAvailableException should be thrown.
  182. $host = 'ldap://nixda.ldap';
  183. $port = 389;
  184. $config = [
  185. 'ldapConfigurationActive' => true,
  186. 'ldapHost' => $host,
  187. 'ldapPort' => $port,
  188. 'ldapTLS' => true,
  189. 'ldapBackupHost' => '',
  190. 'ldapAgentName' => 'user',
  191. 'ldapAgentPassword' => 'password'
  192. ];
  193. $this->connection->setIgnoreValidation(true);
  194. $this->connection->setConfiguration($config);
  195. $this->ldap->expects($this->any())
  196. ->method('isResource')
  197. ->willReturn(true);
  198. $this->ldap->expects($this->any())
  199. ->method('connect')
  200. ->willReturn(ldap_connect('ldap://example.com'));
  201. $this->ldap->expects($this->any())
  202. ->method('setOption')
  203. ->willReturn(true);
  204. $this->ldap->expects($this->any())
  205. ->method('bind')
  206. ->willReturn(true);
  207. $this->ldap->expects($this->any())
  208. ->method('errno')
  209. ->willReturn(0);
  210. $this->ldap->expects($this->any())
  211. ->method('startTls')
  212. ->willReturn(false);
  213. $this->expectException(ServerNotAvailableException::class);
  214. $this->expectExceptionMessage('Start TLS failed, when connecting to LDAP host ' . $host . '.');
  215. $this->connection->init();
  216. }
  217. }