Group_LDAPTest.php 39 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Morris Jobke <hey@morrisjobke.de>
  9. * @author Roeland Jago Douma <roeland@famdouma.nl>
  10. * @author Thomas Müller <thomas.mueller@tmit.eu>
  11. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  12. * @author Vincent Petry <vincent@nextcloud.com>
  13. * @author Vinicius Cubas Brand <vinicius@eita.org.br>
  14. * @author Xuanwo <xuanwo@yunify.com>
  15. *
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. namespace OCA\User_LDAP\Tests;
  32. use OCA\User_LDAP\Access;
  33. use OCA\User_LDAP\Connection;
  34. use OCA\User_LDAP\Group_LDAP as GroupLDAP;
  35. use OCA\User_LDAP\GroupPluginManager;
  36. use OCA\User_LDAP\ILDAPWrapper;
  37. use OCA\User_LDAP\Mapping\GroupMapping;
  38. use OCA\User_LDAP\User\Manager;
  39. use OCP\GroupInterface;
  40. use PHPUnit\Framework\MockObject\MockObject;
  41. use Test\TestCase;
  42. /**
  43. * Class GroupLDAPTest
  44. *
  45. * @group DB
  46. *
  47. * @package OCA\User_LDAP\Tests
  48. */
  49. class Group_LDAPTest extends TestCase {
  50. public function testCountEmptySearchString() {
  51. $access = $this->getAccessMock();
  52. $pluginManager = $this->getPluginManagerMock();
  53. $groupDN = 'cn=group,dc=foo,dc=bar';
  54. $this->enableGroups($access);
  55. $access->expects($this->any())
  56. ->method('groupname2dn')
  57. ->willReturn($groupDN);
  58. $access->expects($this->any())
  59. ->method('readAttribute')
  60. ->willReturnCallback(function ($dn) use ($groupDN) {
  61. if ($dn === $groupDN) {
  62. return [
  63. 'uid=u11,ou=users,dc=foo,dc=bar',
  64. 'uid=u22,ou=users,dc=foo,dc=bar',
  65. 'uid=u33,ou=users,dc=foo,dc=bar',
  66. 'uid=u34,ou=users,dc=foo,dc=bar'
  67. ];
  68. }
  69. return [];
  70. });
  71. $access->expects($this->any())
  72. ->method('isDNPartOfBase')
  73. ->willReturn(true);
  74. // for primary groups
  75. $access->expects($this->once())
  76. ->method('countUsers')
  77. ->willReturn(2);
  78. $access->userManager->expects($this->any())
  79. ->method('getAttributes')
  80. ->willReturn(['displayName', 'mail']);
  81. $groupBackend = new GroupLDAP($access, $pluginManager);
  82. $users = $groupBackend->countUsersInGroup('group');
  83. $this->assertSame(6, $users);
  84. }
  85. /**
  86. * @return MockObject|Access
  87. */
  88. private function getAccessMock() {
  89. static $conMethods;
  90. static $accMethods;
  91. if (is_null($conMethods) || is_null($accMethods)) {
  92. $conMethods = get_class_methods(Connection::class);
  93. $accMethods = get_class_methods(Access::class);
  94. }
  95. $lw = $this->createMock(ILDAPWrapper::class);
  96. $connector = $this->getMockBuilder(Connection::class)
  97. ->setMethods($conMethods)
  98. ->setConstructorArgs([$lw, '', null])
  99. ->getMock();
  100. $access = $this->createMock(Access::class);
  101. $access->connection = $connector;
  102. $access->userManager = $this->createMock(Manager::class);
  103. return $access;
  104. }
  105. /**
  106. * @return MockObject|GroupPluginManager
  107. */
  108. private function getPluginManagerMock() {
  109. return $this->createMock(GroupPluginManager::class);
  110. }
  111. private function enableGroups(Access $access) {
  112. $access->connection = $this->createMock(Connection::class);
  113. $access->connection->expects($this->any())
  114. ->method('__get')
  115. ->willReturnCallback(function ($name) {
  116. if ($name === 'ldapDynamicGroupMemberURL') {
  117. return '';
  118. } elseif ($name === 'ldapBaseGroups') {
  119. return [];
  120. }
  121. return 1;
  122. });
  123. }
  124. public function testCountWithSearchString() {
  125. $access = $this->getAccessMock();
  126. $pluginManager = $this->getPluginManagerMock();
  127. $this->enableGroups($access);
  128. $access->expects($this->any())
  129. ->method('groupname2dn')
  130. ->willReturn('cn=group,dc=foo,dc=bar');
  131. $access->expects($this->any())
  132. ->method('fetchListOfUsers')
  133. ->willReturn([]);
  134. $access->expects($this->any())
  135. ->method('readAttribute')
  136. ->willReturnCallback(function ($name) {
  137. //the search operation will call readAttribute, thus we need
  138. //to analyze the "dn". All other times we just need to return
  139. //something that is neither null or false, but once an array
  140. //with the users in the group – so we do so all other times for
  141. //simplicity.
  142. if (str_starts_with($name, 'u')) {
  143. return strpos($name, '3');
  144. }
  145. return ['u11', 'u22', 'u33', 'u34'];
  146. });
  147. $access->expects($this->any())
  148. ->method('dn2username')
  149. ->willReturnCallback(function () {
  150. return 'foobar' . \OC::$server->getSecureRandom()->generate(7);
  151. });
  152. $access->expects($this->any())
  153. ->method('isDNPartOfBase')
  154. ->willReturn(true);
  155. $access->expects($this->any())
  156. ->method('escapeFilterPart')
  157. ->willReturnArgument(0);
  158. $access->userManager->expects($this->any())
  159. ->method('getAttributes')
  160. ->willReturn(['displayName', 'mail']);
  161. $groupBackend = new GroupLDAP($access, $pluginManager);
  162. $users = $groupBackend->countUsersInGroup('group', '3');
  163. $this->assertSame(2, $users);
  164. }
  165. public function testCountUsersWithPlugin() {
  166. /** @var GroupPluginManager|MockObject $pluginManager */
  167. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  168. ->setMethods(['implementsActions', 'countUsersInGroup'])
  169. ->getMock();
  170. $pluginManager->expects($this->once())
  171. ->method('implementsActions')
  172. ->with(GroupInterface::COUNT_USERS)
  173. ->willReturn(true);
  174. $pluginManager->expects($this->once())
  175. ->method('countUsersInGroup')
  176. ->with('gid', 'search')
  177. ->willReturn(42);
  178. $access = $this->getAccessMock();
  179. $access->connection = $this->createMock(Connection::class);
  180. $ldap = new GroupLDAP($access, $pluginManager);
  181. $this->assertEquals($ldap->countUsersInGroup('gid', 'search'), 42);
  182. }
  183. public function testGidNumber2NameSuccess() {
  184. $access = $this->getAccessMock();
  185. $pluginManager = $this->getPluginManagerMock();
  186. $this->enableGroups($access);
  187. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  188. $access->expects($this->once())
  189. ->method('searchGroups')
  190. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  191. $access->expects($this->once())
  192. ->method('dn2groupname')
  193. ->with('cn=foo,dc=barfoo,dc=bar')
  194. ->willReturn('MyGroup');
  195. $groupBackend = new GroupLDAP($access, $pluginManager);
  196. $group = $groupBackend->gidNumber2Name('3117', $userDN);
  197. $this->assertSame('MyGroup', $group);
  198. }
  199. public function testGidNumberID2NameNoGroup() {
  200. $access = $this->getAccessMock();
  201. $pluginManager = $this->getPluginManagerMock();
  202. $this->enableGroups($access);
  203. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  204. $access->expects($this->once())
  205. ->method('searchGroups')
  206. ->willReturn([]);
  207. $access->expects($this->never())
  208. ->method('dn2groupname');
  209. $groupBackend = new GroupLDAP($access, $pluginManager);
  210. $group = $groupBackend->gidNumber2Name('3117', $userDN);
  211. $this->assertSame(false, $group);
  212. }
  213. public function testGidNumberID2NameNoName() {
  214. $access = $this->getAccessMock();
  215. $pluginManager = $this->getPluginManagerMock();
  216. $this->enableGroups($access);
  217. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  218. $access->expects($this->once())
  219. ->method('searchGroups')
  220. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  221. $access->expects($this->once())
  222. ->method('dn2groupname')
  223. ->willReturn(false);
  224. $groupBackend = new GroupLDAP($access, $pluginManager);
  225. $group = $groupBackend->gidNumber2Name('3117', $userDN);
  226. $this->assertSame(false, $group);
  227. }
  228. public function testGetEntryGidNumberValue() {
  229. $access = $this->getAccessMock();
  230. $pluginManager = $this->getPluginManagerMock();
  231. $this->enableGroups($access);
  232. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  233. $attr = 'gidNumber';
  234. $access->expects($this->once())
  235. ->method('readAttribute')
  236. ->with($dn, $attr)
  237. ->willReturn(['3117']);
  238. $groupBackend = new GroupLDAP($access, $pluginManager);
  239. $gid = $groupBackend->getGroupGidNumber($dn);
  240. $this->assertSame('3117', $gid);
  241. }
  242. public function testGetEntryGidNumberNoValue() {
  243. $access = $this->getAccessMock();
  244. $pluginManager = $this->getPluginManagerMock();
  245. $this->enableGroups($access);
  246. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  247. $attr = 'gidNumber';
  248. $access->expects($this->once())
  249. ->method('readAttribute')
  250. ->with($dn, $attr)
  251. ->willReturn(false);
  252. $groupBackend = new GroupLDAP($access, $pluginManager);
  253. $gid = $groupBackend->getGroupGidNumber($dn);
  254. $this->assertSame(false, $gid);
  255. }
  256. public function testPrimaryGroupID2NameSuccessCache() {
  257. $access = $this->getAccessMock();
  258. $pluginManager = $this->getPluginManagerMock();
  259. $this->enableGroups($access);
  260. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  261. $gid = '3117';
  262. $groupDN = 'cn=foo,dc=barfoo,dc=bar';
  263. /** @var MockObject $connection */
  264. $connection = $access->connection;
  265. $connection->expects($this->once())
  266. ->method('getFromCache')
  267. ->with('primaryGroupIDtoName_' . $gid)
  268. ->willReturn('MyGroup');
  269. $access->expects($this->never())
  270. ->method('getSID');
  271. $access->expects($this->never())
  272. ->method('searchGroups');
  273. $access->expects($this->never())
  274. ->method('dn2groupname');
  275. $groupBackend = new GroupLDAP($access, $pluginManager);
  276. $group = $groupBackend->primaryGroupID2Name($gid, $userDN);
  277. $this->assertSame('MyGroup', $group);
  278. }
  279. public function testPrimaryGroupID2NameSuccess() {
  280. $access = $this->getAccessMock();
  281. $pluginManager = $this->getPluginManagerMock();
  282. $this->enableGroups($access);
  283. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  284. $access->expects($this->once())
  285. ->method('getSID')
  286. ->with($userDN)
  287. ->willReturn('S-1-5-21-249921958-728525901-1594176202');
  288. $access->expects($this->once())
  289. ->method('searchGroups')
  290. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  291. $access->expects($this->once())
  292. ->method('dn2groupname')
  293. ->with('cn=foo,dc=barfoo,dc=bar')
  294. ->willReturn('MyGroup');
  295. $groupBackend = new GroupLDAP($access, $pluginManager);
  296. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  297. $this->assertSame('MyGroup', $group);
  298. }
  299. public function testPrimaryGroupID2NameNoSID() {
  300. $access = $this->getAccessMock();
  301. $pluginManager = $this->getPluginManagerMock();
  302. $this->enableGroups($access);
  303. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  304. $access->expects($this->once())
  305. ->method('getSID')
  306. ->with($userDN)
  307. ->willReturn(false);
  308. $access->expects($this->never())
  309. ->method('searchGroups');
  310. $access->expects($this->never())
  311. ->method('dn2groupname');
  312. $groupBackend = new GroupLDAP($access, $pluginManager);
  313. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  314. $this->assertSame(false, $group);
  315. }
  316. public function testPrimaryGroupID2NameNoGroup() {
  317. $access = $this->getAccessMock();
  318. $pluginManager = $this->getPluginManagerMock();
  319. $this->enableGroups($access);
  320. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  321. $access->expects($this->once())
  322. ->method('getSID')
  323. ->with($userDN)
  324. ->willReturn('S-1-5-21-249921958-728525901-1594176202');
  325. $access->expects($this->once())
  326. ->method('searchGroups')
  327. ->willReturn([]);
  328. $access->expects($this->never())
  329. ->method('dn2groupname');
  330. $groupBackend = new GroupLDAP($access, $pluginManager);
  331. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  332. $this->assertSame(false, $group);
  333. }
  334. public function testPrimaryGroupID2NameNoName() {
  335. $access = $this->getAccessMock();
  336. $pluginManager = $this->getPluginManagerMock();
  337. $this->enableGroups($access);
  338. $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
  339. $access->expects($this->once())
  340. ->method('getSID')
  341. ->with($userDN)
  342. ->willReturn('S-1-5-21-249921958-728525901-1594176202');
  343. $access->expects($this->once())
  344. ->method('searchGroups')
  345. ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
  346. $access->expects($this->once())
  347. ->method('dn2groupname')
  348. ->willReturn(false);
  349. $groupBackend = new GroupLDAP($access, $pluginManager);
  350. $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
  351. $this->assertSame(false, $group);
  352. }
  353. public function testGetEntryGroupIDValue() {
  354. //tests getEntryGroupID via getGroupPrimaryGroupID
  355. //which is basically identical to getUserPrimaryGroupIDs
  356. $access = $this->getAccessMock();
  357. $pluginManager = $this->getPluginManagerMock();
  358. $this->enableGroups($access);
  359. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  360. $attr = 'primaryGroupToken';
  361. $access->expects($this->once())
  362. ->method('readAttribute')
  363. ->with($dn, $attr)
  364. ->willReturn(['3117']);
  365. $groupBackend = new GroupLDAP($access, $pluginManager);
  366. $gid = $groupBackend->getGroupPrimaryGroupID($dn);
  367. $this->assertSame('3117', $gid);
  368. }
  369. public function testGetEntryGroupIDNoValue() {
  370. //tests getEntryGroupID via getGroupPrimaryGroupID
  371. //which is basically identical to getUserPrimaryGroupIDs
  372. $access = $this->getAccessMock();
  373. $pluginManager = $this->getPluginManagerMock();
  374. $this->enableGroups($access);
  375. $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
  376. $attr = 'primaryGroupToken';
  377. $access->expects($this->once())
  378. ->method('readAttribute')
  379. ->with($dn, $attr)
  380. ->willReturn(false);
  381. $groupBackend = new GroupLDAP($access, $pluginManager);
  382. $gid = $groupBackend->getGroupPrimaryGroupID($dn);
  383. $this->assertSame(false, $gid);
  384. }
  385. /**
  386. * tests whether Group Backend behaves correctly when cache with uid and gid
  387. * is hit
  388. */
  389. public function testInGroupHitsUidGidCache() {
  390. $access = $this->getAccessMock();
  391. $pluginManager = $this->getPluginManagerMock();
  392. $this->enableGroups($access);
  393. $uid = 'someUser';
  394. $gid = 'someGroup';
  395. $cacheKey = 'inGroup' . $uid . ':' . $gid;
  396. $access->connection->expects($this->once())
  397. ->method('getFromCache')
  398. ->with($cacheKey)
  399. ->willReturn(true);
  400. $access->expects($this->never())
  401. ->method('username2dn');
  402. $groupBackend = new GroupLDAP($access, $pluginManager);
  403. $groupBackend->inGroup($uid, $gid);
  404. }
  405. public function groupWithMembersProvider() {
  406. return [
  407. [
  408. 'someGroup',
  409. 'cn=someGroup,ou=allTheGroups,ou=someDepartment,dc=someDomain,dc=someTld',
  410. [
  411. 'uid=oneUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
  412. 'uid=someUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
  413. 'uid=anotherUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
  414. 'uid=differentUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
  415. ],
  416. ],
  417. ];
  418. }
  419. /**
  420. * @dataProvider groupWithMembersProvider
  421. */
  422. public function testInGroupMember(string $gid, string $groupDn, array $memberDNs) {
  423. $access = $this->getAccessMock();
  424. $pluginManager = $this->getPluginManagerMock();
  425. $access->connection = $this->createMock(Connection::class);
  426. $uid = 'someUser';
  427. $userDn = $memberDNs[0];
  428. $access->connection->expects($this->any())
  429. ->method('__get')
  430. ->willReturnCallback(function ($name) {
  431. switch ($name) {
  432. case 'ldapGroupMemberAssocAttr':
  433. return 'member';
  434. case 'ldapDynamicGroupMemberURL':
  435. return '';
  436. case 'hasPrimaryGroups':
  437. case 'ldapNestedGroups':
  438. return 0;
  439. default:
  440. return 1;
  441. }
  442. });
  443. $access->connection->expects($this->any())
  444. ->method('getFromCache')
  445. ->willReturn(null);
  446. $access->expects($this->once())
  447. ->method('username2dn')
  448. ->with($uid)
  449. ->willReturn($userDn);
  450. $access->expects($this->once())
  451. ->method('groupname2dn')
  452. ->willReturn($groupDn);
  453. $access->expects($this->any())
  454. ->method('readAttribute')
  455. ->willReturn($memberDNs);
  456. $groupBackend = new GroupLDAP($access, $pluginManager);
  457. $this->assertTrue($groupBackend->inGroup($uid, $gid));
  458. }
  459. /**
  460. * @dataProvider groupWithMembersProvider
  461. */
  462. public function testInGroupMemberNot(string $gid, string $groupDn, array $memberDNs) {
  463. $access = $this->getAccessMock();
  464. $pluginManager = $this->getPluginManagerMock();
  465. $access->connection = $this->createMock(Connection::class);
  466. $uid = 'unelatedUser';
  467. $userDn = 'uid=unrelatedUser,ou=unrelatedTeam,ou=unrelatedDepartment,dc=someDomain,dc=someTld';
  468. $access->connection->expects($this->any())
  469. ->method('__get')
  470. ->willReturnCallback(function ($name) {
  471. switch ($name) {
  472. case 'ldapGroupMemberAssocAttr':
  473. return 'member';
  474. case 'ldapDynamicGroupMemberURL':
  475. return '';
  476. case 'hasPrimaryGroups':
  477. case 'ldapNestedGroups':
  478. return 0;
  479. default:
  480. return 1;
  481. }
  482. });
  483. $access->connection->expects($this->any())
  484. ->method('getFromCache')
  485. ->willReturn(null);
  486. $access->expects($this->once())
  487. ->method('username2dn')
  488. ->with($uid)
  489. ->willReturn($userDn);
  490. $access->expects($this->once())
  491. ->method('groupname2dn')
  492. ->willReturn($groupDn);
  493. $access->expects($this->any())
  494. ->method('readAttribute')
  495. ->willReturn($memberDNs);
  496. $groupBackend = new GroupLDAP($access, $pluginManager);
  497. $this->assertFalse($groupBackend->inGroup($uid, $gid));
  498. }
  499. /**
  500. * @dataProvider groupWithMembersProvider
  501. */
  502. public function testInGroupMemberUid(string $gid, string $groupDn, array $memberDNs) {
  503. $access = $this->getAccessMock();
  504. $pluginManager = $this->getPluginManagerMock();
  505. $memberUids = [];
  506. $userRecords = [];
  507. foreach ($memberDNs as $dn) {
  508. $memberUids[] = ldap_explode_dn($dn, false)[0];
  509. $userRecords[] = ['dn' => [$dn]];
  510. }
  511. $access->connection = $this->createMock(Connection::class);
  512. $uid = 'someUser';
  513. $userDn = $memberDNs[0];
  514. $access->connection->expects($this->any())
  515. ->method('__get')
  516. ->willReturnCallback(function ($name) {
  517. switch ($name) {
  518. case 'ldapGroupMemberAssocAttr':
  519. return 'memberUid';
  520. case 'ldapDynamicGroupMemberURL':
  521. return '';
  522. case 'ldapLoginFilter':
  523. return 'uid=%uid';
  524. case 'hasPrimaryGroups':
  525. case 'ldapNestedGroups':
  526. return 0;
  527. default:
  528. return 1;
  529. }
  530. });
  531. $access->connection->expects($this->any())
  532. ->method('getFromCache')
  533. ->willReturn(null);
  534. $access->userManager->expects($this->any())
  535. ->method('getAttributes')
  536. ->willReturn(['uid', 'mail', 'displayname']);
  537. $access->expects($this->once())
  538. ->method('username2dn')
  539. ->with($uid)
  540. ->willReturn($userDn);
  541. $access->expects($this->once())
  542. ->method('groupname2dn')
  543. ->willReturn($groupDn);
  544. $access->expects($this->any())
  545. ->method('readAttribute')
  546. ->willReturn($memberUids);
  547. $access->expects($this->any())
  548. ->method('fetchListOfUsers')
  549. ->willReturn($userRecords);
  550. $access->expects($this->any())
  551. ->method('combineFilterWithOr')
  552. ->willReturn('(|(pseudo=filter)(filter=pseudo))');
  553. $groupBackend = new GroupLDAP($access, $pluginManager);
  554. $this->assertTrue($groupBackend->inGroup($uid, $gid));
  555. }
  556. public function testGetGroupsWithOffset() {
  557. $access = $this->getAccessMock();
  558. $pluginManager = $this->getPluginManagerMock();
  559. $this->enableGroups($access);
  560. $access->expects($this->once())
  561. ->method('nextcloudGroupNames')
  562. ->willReturn(['group1', 'group2']);
  563. $groupBackend = new GroupLDAP($access, $pluginManager);
  564. $groups = $groupBackend->getGroups('', 2, 2);
  565. $this->assertSame(2, count($groups));
  566. }
  567. /**
  568. * tests that a user listing is complete, if all its members have the group
  569. * as their primary.
  570. */
  571. public function testUsersInGroupPrimaryMembersOnly() {
  572. $access = $this->getAccessMock();
  573. $pluginManager = $this->getPluginManagerMock();
  574. $this->enableGroups($access);
  575. $access->connection->expects($this->any())
  576. ->method('getFromCache')
  577. ->willReturn(null);
  578. $access->expects($this->any())
  579. ->method('readAttribute')
  580. ->willReturnCallback(function ($dn, $attr) {
  581. if ($attr === 'primaryGroupToken') {
  582. return [1337];
  583. } elseif ($attr === 'gidNumber') {
  584. return [4211];
  585. }
  586. return [];
  587. });
  588. $access->expects($this->any())
  589. ->method('groupname2dn')
  590. ->willReturn('cn=foobar,dc=foo,dc=bar');
  591. $access->expects($this->exactly(2))
  592. ->method('nextcloudUserNames')
  593. ->willReturnOnConsecutiveCalls(['lisa', 'bart', 'kira', 'brad'], ['walle', 'dino', 'xenia']);
  594. $access->expects($this->any())
  595. ->method('isDNPartOfBase')
  596. ->willReturn(true);
  597. $access->expects($this->any())
  598. ->method('combineFilterWithAnd')
  599. ->willReturn('pseudo=filter');
  600. $access->userManager->expects($this->any())
  601. ->method('getAttributes')
  602. ->willReturn(['displayName', 'mail']);
  603. $groupBackend = new GroupLDAP($access, $pluginManager);
  604. $users = $groupBackend->usersInGroup('foobar');
  605. $this->assertSame(7, count($users));
  606. }
  607. /**
  608. * tests that a user listing is complete, if all its members have the group
  609. * as their primary.
  610. */
  611. public function testUsersInGroupPrimaryAndUnixMembers() {
  612. $access = $this->getAccessMock();
  613. $pluginManager = $this->getPluginManagerMock();
  614. $this->enableGroups($access);
  615. $access->connection->expects($this->any())
  616. ->method('getFromCache')
  617. ->willReturn(null);
  618. $access->expects($this->any())
  619. ->method('readAttribute')
  620. ->willReturnCallback(function ($dn, $attr) {
  621. if ($attr === 'primaryGroupToken') {
  622. return [1337];
  623. }
  624. return [];
  625. });
  626. $access->expects($this->any())
  627. ->method('groupname2dn')
  628. ->willReturn('cn=foobar,dc=foo,dc=bar');
  629. $access->expects($this->once())
  630. ->method('nextcloudUserNames')
  631. ->willReturn(['lisa', 'bart', 'kira', 'brad']);
  632. $access->expects($this->any())
  633. ->method('isDNPartOfBase')
  634. ->willReturn(true);
  635. $access->expects($this->any())
  636. ->method('combineFilterWithAnd')
  637. ->willReturn('pseudo=filter');
  638. $access->userManager->expects($this->any())
  639. ->method('getAttributes')
  640. ->willReturn(['displayName', 'mail']);
  641. $groupBackend = new GroupLDAP($access, $pluginManager);
  642. $users = $groupBackend->usersInGroup('foobar');
  643. $this->assertSame(4, count($users));
  644. }
  645. /**
  646. * tests that a user counting is complete, if all its members have the group
  647. * as their primary.
  648. */
  649. public function testCountUsersInGroupPrimaryMembersOnly() {
  650. $access = $this->getAccessMock();
  651. $pluginManager = $this->getPluginManagerMock();
  652. $this->enableGroups($access);
  653. $access->connection->expects($this->any())
  654. ->method('getFromCache')
  655. ->willReturn(null);
  656. $access->expects($this->any())
  657. ->method('readAttribute')
  658. ->willReturnCallback(function ($dn, $attr) {
  659. if ($attr === 'primaryGroupToken') {
  660. return [1337];
  661. }
  662. return [];
  663. });
  664. $access->expects($this->any())
  665. ->method('groupname2dn')
  666. ->willReturn('cn=foobar,dc=foo,dc=bar');
  667. $access->expects($this->once())
  668. ->method('countUsers')
  669. ->willReturn(4);
  670. $access->expects($this->any())
  671. ->method('isDNPartOfBase')
  672. ->willReturn(true);
  673. $access->userManager->expects($this->any())
  674. ->method('getAttributes')
  675. ->willReturn(['displayName', 'mail']);
  676. $groupBackend = new GroupLDAP($access, $pluginManager);
  677. $users = $groupBackend->countUsersInGroup('foobar');
  678. $this->assertSame(4, $users);
  679. }
  680. public function testGetUserGroupsMemberOf() {
  681. $access = $this->getAccessMock();
  682. $pluginManager = $this->getPluginManagerMock();
  683. $this->enableGroups($access);
  684. $dn = 'cn=userX,dc=foobar';
  685. $access->connection->hasPrimaryGroups = false;
  686. $access->connection->hasGidNumber = false;
  687. $access->expects($this->any())
  688. ->method('username2dn')
  689. ->willReturn($dn);
  690. $access->expects($this->exactly(5))
  691. ->method('readAttribute')
  692. ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], [], [], []));
  693. $access->expects($this->any())
  694. ->method('dn2groupname')
  695. ->willReturnArgument(0);
  696. $access->expects($this->any())
  697. ->method('groupname2dn')
  698. ->willReturnArgument(0);
  699. $access->expects($this->any())
  700. ->method('isDNPartOfBase')
  701. ->willReturn(true);
  702. $groupBackend = new GroupLDAP($access, $pluginManager);
  703. $groups = $groupBackend->getUserGroups('userX');
  704. $this->assertSame(2, count($groups));
  705. }
  706. public function testGetUserGroupsMemberOfDisabled() {
  707. $access = $this->getAccessMock();
  708. $pluginManager = $this->getPluginManagerMock();
  709. $access->connection = $this->createMock(Connection::class);
  710. $access->connection->expects($this->any())
  711. ->method('__get')
  712. ->willReturnCallback(function ($name) {
  713. if ($name === 'useMemberOfToDetectMembership') {
  714. return 0;
  715. } elseif ($name === 'ldapDynamicGroupMemberURL') {
  716. return '';
  717. }
  718. return 1;
  719. });
  720. $dn = 'cn=userX,dc=foobar';
  721. $access->connection->hasPrimaryGroups = false;
  722. $access->connection->hasGidNumber = false;
  723. $access->expects($this->once())
  724. ->method('username2dn')
  725. ->willReturn($dn);
  726. $access->expects($this->never())
  727. ->method('readAttribute')
  728. ->with($dn, 'memberOf');
  729. $access->expects($this->once())
  730. ->method('nextcloudGroupNames')
  731. ->willReturn([]);
  732. $groupBackend = new GroupLDAP($access, $pluginManager);
  733. $groupBackend->getUserGroups('userX');
  734. }
  735. public function nestedGroupsProvider(): array {
  736. return [
  737. [true],
  738. [false],
  739. ];
  740. }
  741. /**
  742. * @dataProvider nestedGroupsProvider
  743. */
  744. public function testGetGroupsByMember(bool $nestedGroups) {
  745. $access = $this->getAccessMock();
  746. $pluginManager = $this->getPluginManagerMock();
  747. $groupFilter = '(&(objectclass=nextcloudGroup)(nextcloudEnabled=TRUE))';
  748. $access->connection = $this->createMock(Connection::class);
  749. $access->connection->expects($this->any())
  750. ->method('__get')
  751. ->willReturnCallback(function (string $name) use ($nestedGroups, $groupFilter) {
  752. switch ($name) {
  753. case 'useMemberOfToDetectMembership':
  754. return 0;
  755. case 'ldapDynamicGroupMemberURL':
  756. return '';
  757. case 'ldapNestedGroups':
  758. return (int)$nestedGroups;
  759. case 'ldapGroupMemberAssocAttr':
  760. return 'member';
  761. case 'ldapGroupFilter':
  762. return $groupFilter;
  763. case 'ldapBaseGroups':
  764. return [];
  765. case 'ldapGroupDisplayName':
  766. return 'cn';
  767. }
  768. return 1;
  769. });
  770. $dn = 'cn=userX,dc=foobar';
  771. $access->connection->hasPrimaryGroups = false;
  772. $access->connection->hasGidNumber = false;
  773. $access->expects($this->exactly(2))
  774. ->method('username2dn')
  775. ->willReturn($dn);
  776. $access->expects($this->any())
  777. ->method('readAttribute')
  778. ->willReturn([]);
  779. $access->expects($this->any())
  780. ->method('combineFilterWithAnd')
  781. ->willReturnCallback(function (array $filterParts) {
  782. // ⚠ returns a pseudo-filter only, not real LDAP Filter syntax
  783. return implode('&', $filterParts);
  784. });
  785. $group1 = [
  786. 'cn' => 'group1',
  787. 'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'],
  788. 'member' => [$dn],
  789. ];
  790. $group2 = [
  791. 'cn' => 'group2',
  792. 'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'],
  793. 'member' => [$dn],
  794. ];
  795. $group3 = [
  796. 'cn' => 'group3',
  797. 'dn' => ['cn=group3,ou=groups,dc=domain,dc=com'],
  798. 'member' => [$group2['dn'][0]],
  799. ];
  800. $expectedGroups = ($nestedGroups ? [$group1, $group2, $group3] : [$group1, $group2]);
  801. $expectedGroupsNames = ($nestedGroups ? ['group1', 'group2', 'group3'] : ['group1', 'group2']);
  802. $access->expects($this->any())
  803. ->method('nextcloudGroupNames')
  804. ->with($expectedGroups)
  805. ->willReturn($expectedGroupsNames);
  806. $access->expects($nestedGroups ? $this->atLeastOnce() : $this->once())
  807. ->method('fetchListOfGroups')
  808. ->willReturnCallback(function ($filter, $attr, $limit, $offset) use ($nestedGroups, $groupFilter, $group1, $group2, $group3, $dn) {
  809. static $firstRun = true;
  810. if (!$nestedGroups) {
  811. // When nested groups are enabled, groups cannot be filtered early as it would
  812. // exclude intermediate groups. But we can, and should, when working with flat groups.
  813. $this->assertTrue(str_contains($filter, $groupFilter));
  814. }
  815. [$memberFilter] = explode('&', $filter);
  816. if ($memberFilter === 'member='.$dn) {
  817. return [$group1, $group2];
  818. return [];
  819. } elseif ($memberFilter === 'member='.$group2['dn'][0]) {
  820. return [$group3];
  821. } else {
  822. return [];
  823. }
  824. });
  825. $access->expects($this->any())
  826. ->method('dn2groupname')
  827. ->willReturnCallback(function (string $dn) {
  828. return ldap_explode_dn($dn, 1)[0];
  829. });
  830. $access->expects($this->any())
  831. ->method('groupname2dn')
  832. ->willReturnCallback(function (string $gid) use ($group1, $group2, $group3) {
  833. if ($gid === $group1['cn']) {
  834. return $group1['dn'][0];
  835. }
  836. if ($gid === $group2['cn']) {
  837. return $group2['dn'][0];
  838. }
  839. if ($gid === $group3['cn']) {
  840. return $group3['dn'][0];
  841. }
  842. });
  843. $access->expects($this->any())
  844. ->method('isDNPartOfBase')
  845. ->willReturn(true);
  846. $groupBackend = new GroupLDAP($access, $pluginManager);
  847. $groups = $groupBackend->getUserGroups('userX');
  848. $this->assertEquals($expectedGroupsNames, $groups);
  849. $groupsAgain = $groupBackend->getUserGroups('userX');
  850. $this->assertEquals($expectedGroupsNames, $groupsAgain);
  851. }
  852. public function testCreateGroupWithPlugin() {
  853. /** @var GroupPluginManager|MockObject $pluginManager */
  854. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  855. ->setMethods(['implementsActions', 'createGroup'])
  856. ->getMock();
  857. $pluginManager->expects($this->once())
  858. ->method('implementsActions')
  859. ->with(GroupInterface::CREATE_GROUP)
  860. ->willReturn(true);
  861. $pluginManager->expects($this->once())
  862. ->method('createGroup')
  863. ->with('gid')
  864. ->willReturn('result');
  865. $access = $this->getAccessMock();
  866. $access->connection = $this->createMock(Connection::class);
  867. $ldap = new GroupLDAP($access, $pluginManager);
  868. $this->assertEquals($ldap->createGroup('gid'), true);
  869. }
  870. public function testCreateGroupFailing() {
  871. $this->expectException(\Exception::class);
  872. /** @var GroupPluginManager|MockObject $pluginManager */
  873. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  874. ->setMethods(['implementsActions', 'createGroup'])
  875. ->getMock();
  876. $pluginManager->expects($this->once())
  877. ->method('implementsActions')
  878. ->with(GroupInterface::CREATE_GROUP)
  879. ->willReturn(false);
  880. $access = $this->getAccessMock();
  881. $access->connection = $this->createMock(Connection::class);
  882. $ldap = new GroupLDAP($access, $pluginManager);
  883. $ldap->createGroup('gid');
  884. }
  885. public function testDeleteGroupWithPlugin() {
  886. /** @var GroupPluginManager|MockObject $pluginManager */
  887. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  888. ->setMethods(['implementsActions', 'deleteGroup'])
  889. ->getMock();
  890. $pluginManager->expects($this->once())
  891. ->method('implementsActions')
  892. ->with(GroupInterface::DELETE_GROUP)
  893. ->willReturn(true);
  894. $pluginManager->expects($this->once())
  895. ->method('deleteGroup')
  896. ->with('gid')
  897. ->willReturn(true);
  898. $mapper = $this->getMockBuilder(GroupMapping::class)
  899. ->setMethods(['unmap'])
  900. ->disableOriginalConstructor()
  901. ->getMock();
  902. $access = $this->getAccessMock();
  903. $access->expects($this->any())
  904. ->method('getGroupMapper')
  905. ->willReturn($mapper);
  906. $access->connection = $this->createMock(Connection::class);
  907. $ldap = new GroupLDAP($access, $pluginManager);
  908. $this->assertTrue($ldap->deleteGroup('gid'));
  909. }
  910. public function testDeleteGroupFailing() {
  911. $this->expectException(\Exception::class);
  912. /** @var GroupPluginManager|MockObject $pluginManager */
  913. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  914. ->setMethods(['implementsActions', 'deleteGroup'])
  915. ->getMock();
  916. $pluginManager->expects($this->once())
  917. ->method('implementsActions')
  918. ->with(GroupInterface::DELETE_GROUP)
  919. ->willReturn(false);
  920. $access = $this->getAccessMock();
  921. $access->connection = $this->createMock(Connection::class);
  922. $ldap = new GroupLDAP($access, $pluginManager);
  923. $ldap->deleteGroup('gid');
  924. }
  925. public function testAddToGroupWithPlugin() {
  926. /** @var GroupPluginManager|MockObject $pluginManager */
  927. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  928. ->setMethods(['implementsActions', 'addToGroup'])
  929. ->getMock();
  930. $pluginManager->expects($this->once())
  931. ->method('implementsActions')
  932. ->with(GroupInterface::ADD_TO_GROUP)
  933. ->willReturn(true);
  934. $pluginManager->expects($this->once())
  935. ->method('addToGroup')
  936. ->with('uid', 'gid')
  937. ->willReturn('result');
  938. $access = $this->getAccessMock();
  939. $access->connection = $this->createMock(Connection::class);
  940. $ldap = new GroupLDAP($access, $pluginManager);
  941. $this->assertEquals($ldap->addToGroup('uid', 'gid'), 'result');
  942. }
  943. public function testAddToGroupFailing() {
  944. $this->expectException(\Exception::class);
  945. /** @var GroupPluginManager|MockObject $pluginManager */
  946. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  947. ->setMethods(['implementsActions', 'addToGroup'])
  948. ->getMock();
  949. $pluginManager->expects($this->once())
  950. ->method('implementsActions')
  951. ->with(GroupInterface::ADD_TO_GROUP)
  952. ->willReturn(false);
  953. $access = $this->getAccessMock();
  954. $access->connection = $this->createMock(Connection::class);
  955. $ldap = new GroupLDAP($access, $pluginManager);
  956. $ldap->addToGroup('uid', 'gid');
  957. }
  958. public function testRemoveFromGroupWithPlugin() {
  959. /** @var GroupPluginManager|MockObject $pluginManager */
  960. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  961. ->setMethods(['implementsActions', 'removeFromGroup'])
  962. ->getMock();
  963. $pluginManager->expects($this->once())
  964. ->method('implementsActions')
  965. ->with(GroupInterface::REMOVE_FROM_GROUP)
  966. ->willReturn(true);
  967. $pluginManager->expects($this->once())
  968. ->method('removeFromGroup')
  969. ->with('uid', 'gid')
  970. ->willReturn('result');
  971. $access = $this->getAccessMock();
  972. $access->connection = $this->createMock(Connection::class);
  973. $ldap = new GroupLDAP($access, $pluginManager);
  974. $this->assertEquals($ldap->removeFromGroup('uid', 'gid'), 'result');
  975. }
  976. public function testRemoveFromGroupFailing() {
  977. $this->expectException(\Exception::class);
  978. /** @var GroupPluginManager|MockObject $pluginManager */
  979. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  980. ->setMethods(['implementsActions', 'removeFromGroup'])
  981. ->getMock();
  982. $pluginManager->expects($this->once())
  983. ->method('implementsActions')
  984. ->with(GroupInterface::REMOVE_FROM_GROUP)
  985. ->willReturn(false);
  986. $access = $this->getAccessMock();
  987. $access->connection = $this->createMock(Connection::class);
  988. $ldap = new GroupLDAP($access, $pluginManager);
  989. $ldap->removeFromGroup('uid', 'gid');
  990. }
  991. public function testGetGroupDetailsWithPlugin() {
  992. /** @var GroupPluginManager|MockObject $pluginManager */
  993. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  994. ->setMethods(['implementsActions', 'getGroupDetails'])
  995. ->getMock();
  996. $pluginManager->expects($this->once())
  997. ->method('implementsActions')
  998. ->with(GroupInterface::GROUP_DETAILS)
  999. ->willReturn(true);
  1000. $pluginManager->expects($this->once())
  1001. ->method('getGroupDetails')
  1002. ->with('gid')
  1003. ->willReturn('result');
  1004. $access = $this->getAccessMock();
  1005. $access->connection = $this->createMock(Connection::class);
  1006. $ldap = new GroupLDAP($access, $pluginManager);
  1007. $this->assertEquals($ldap->getGroupDetails('gid'), 'result');
  1008. }
  1009. public function testGetGroupDetailsFailing() {
  1010. $this->expectException(\Exception::class);
  1011. /** @var GroupPluginManager|MockObject $pluginManager */
  1012. $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
  1013. ->setMethods(['implementsActions', 'getGroupDetails'])
  1014. ->getMock();
  1015. $pluginManager->expects($this->once())
  1016. ->method('implementsActions')
  1017. ->with(GroupInterface::GROUP_DETAILS)
  1018. ->willReturn(false);
  1019. $access = $this->getAccessMock();
  1020. $access->connection = $this->createMock(Connection::class);
  1021. $ldap = new GroupLDAP($access, $pluginManager);
  1022. $ldap->getGroupDetails('gid');
  1023. }
  1024. public function groupMemberProvider() {
  1025. $base = 'dc=species,dc=earth';
  1026. $birdsDn = [
  1027. 'uid=3723,' . $base,
  1028. 'uid=8372,' . $base,
  1029. 'uid=8427,' . $base,
  1030. 'uid=2333,' . $base,
  1031. 'uid=4754,' . $base,
  1032. ];
  1033. $birdsUid = [
  1034. '3723',
  1035. '8372',
  1036. '8427',
  1037. '2333',
  1038. '4754',
  1039. ];
  1040. $animalsDn = [
  1041. 'uid=lion,' . $base,
  1042. 'uid=tiger,' . $base,
  1043. ];
  1044. $plantsDn = [
  1045. 'uid=flower,' . $base,
  1046. 'uid=tree,' . $base,
  1047. ];
  1048. $thingsDn = [
  1049. 'uid=thing1,' . $base,
  1050. 'uid=thing2,' . $base,
  1051. ];
  1052. return [
  1053. [ #0 – test DNs
  1054. ['cn=Birds,' . $base => $birdsDn],
  1055. ['cn=Birds,' . $base => $birdsDn]
  1056. ],
  1057. [ #1 – test uids
  1058. ['cn=Birds,' . $base => $birdsUid],
  1059. ['cn=Birds,' . $base => $birdsUid]
  1060. ],
  1061. [ #2 – test simple nested group
  1062. ['cn=Animals,' . $base => array_merge($birdsDn, $animalsDn)],
  1063. [
  1064. 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base], $animalsDn),
  1065. 'cn=Birds,' . $base => $birdsDn,
  1066. ]
  1067. ],
  1068. [ #3 – test recursive nested group
  1069. [
  1070. 'cn=Animals,' . $base => array_merge($birdsDn, $animalsDn),
  1071. 'cn=Birds,' . $base => array_merge($birdsDn, $animalsDn),
  1072. ],
  1073. [
  1074. 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base,'cn=Birds,' . $base,'cn=Animals,' . $base], $animalsDn),
  1075. 'cn=Birds,' . $base => array_merge(['cn=Animals,' . $base,'cn=Birds,' . $base], $birdsDn),
  1076. ]
  1077. ],
  1078. [ #4 – Complicated nested group
  1079. ['cn=Things,' . $base => array_merge($birdsDn, $animalsDn, $thingsDn, $plantsDn)],
  1080. [
  1081. 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base], $animalsDn),
  1082. 'cn=Birds,' . $base => $birdsDn,
  1083. 'cn=Plants,' . $base => $plantsDn,
  1084. 'cn=Things,' . $base => array_merge(['cn=Animals,' . $base,'cn=Plants,' . $base], $thingsDn),
  1085. ]
  1086. ],
  1087. ];
  1088. }
  1089. /**
  1090. * @param string[] $expectedMembers
  1091. * @dataProvider groupMemberProvider
  1092. */
  1093. public function testGroupMembers(array $expectedResult, array $groupsInfo = null) {
  1094. $access = $this->getAccessMock();
  1095. $access->expects($this->any())
  1096. ->method('readAttribute')
  1097. ->willReturnCallback(function ($group) use ($groupsInfo) {
  1098. if (isset($groupsInfo[$group])) {
  1099. return $groupsInfo[$group];
  1100. }
  1101. return [];
  1102. });
  1103. $access->connection = $this->createMock(Connection::class);
  1104. $access->connection->expects($this->any())
  1105. ->method('__get')
  1106. ->willReturnCallback(function (string $name) {
  1107. if ($name === 'ldapNestedGroups') {
  1108. return 1;
  1109. } elseif ($name === 'ldapGroupMemberAssocAttr') {
  1110. return 'attr';
  1111. }
  1112. return null;
  1113. });
  1114. /** @var GroupPluginManager $pluginManager */
  1115. $pluginManager = $this->createMock(GroupPluginManager::class);
  1116. $ldap = new GroupLDAP($access, $pluginManager);
  1117. foreach ($expectedResult as $groupDN => $expectedMembers) {
  1118. $resultingMembers = $this->invokePrivate($ldap, '_groupMembers', [$groupDN]);
  1119. $this->assertEqualsCanonicalizing($expectedMembers, $resultingMembers);
  1120. }
  1121. }
  1122. public function displayNameProvider() {
  1123. return [
  1124. ['Graphic Novelists', ['Graphic Novelists']],
  1125. ['', false],
  1126. ];
  1127. }
  1128. /**
  1129. * @dataProvider displayNameProvider
  1130. */
  1131. public function testGetDisplayName(string $expected, $ldapResult) {
  1132. $gid = 'graphic_novelists';
  1133. $access = $this->getAccessMock();
  1134. $access->expects($this->atLeastOnce())
  1135. ->method('readAttribute')
  1136. ->willReturn($ldapResult);
  1137. $access->connection = $this->createMock(Connection::class);
  1138. $access->connection->expects($this->any())
  1139. ->method('__get')
  1140. ->willReturnCallback(function ($name) {
  1141. if ($name === 'ldapGroupMemberAssocAttr') {
  1142. return 'member';
  1143. } elseif ($name === 'ldapGroupFilter') {
  1144. return 'objectclass=nextcloudGroup';
  1145. } elseif ($name === 'ldapGroupDisplayName') {
  1146. return 'cn';
  1147. }
  1148. return null;
  1149. });
  1150. $access->expects($this->any())
  1151. ->method('groupname2dn')
  1152. ->willReturn('fakedn');
  1153. /** @var GroupPluginManager $pluginManager */
  1154. $pluginManager = $this->createMock(GroupPluginManager::class);
  1155. $ldap = new GroupLDAP($access, $pluginManager);
  1156. $this->assertSame($expected, $ldap->getDisplayName($gid));
  1157. }
  1158. }