1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441 |
- <?php
- /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- * @author Vincent Petry <vincent@nextcloud.com>
- * @author Vinicius Cubas Brand <vinicius@eita.org.br>
- * @author Xuanwo <xuanwo@yunify.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OCA\User_LDAP\Tests;
- use OCA\User_LDAP\Access;
- use OCA\User_LDAP\Connection;
- use OCA\User_LDAP\Group_LDAP as GroupLDAP;
- use OCA\User_LDAP\GroupPluginManager;
- use OCA\User_LDAP\ILDAPWrapper;
- use OCA\User_LDAP\Mapping\GroupMapping;
- use OCA\User_LDAP\User\Manager;
- use OCP\GroupInterface;
- use PHPUnit\Framework\MockObject\MockObject;
- use Test\TestCase;
- /**
- * Class GroupLDAPTest
- *
- * @group DB
- *
- * @package OCA\User_LDAP\Tests
- */
- class Group_LDAPTest extends TestCase {
- public function testCountEmptySearchString() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $groupDN = 'cn=group,dc=foo,dc=bar';
- $this->enableGroups($access);
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturn($groupDN);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturnCallback(function ($dn) use ($groupDN) {
- if ($dn === $groupDN) {
- return [
- 'uid=u11,ou=users,dc=foo,dc=bar',
- 'uid=u22,ou=users,dc=foo,dc=bar',
- 'uid=u33,ou=users,dc=foo,dc=bar',
- 'uid=u34,ou=users,dc=foo,dc=bar'
- ];
- }
- return [];
- });
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- // for primary groups
- $access->expects($this->once())
- ->method('countUsers')
- ->willReturn(2);
- $access->userManager->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['displayName', 'mail']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $users = $groupBackend->countUsersInGroup('group');
- $this->assertSame(6, $users);
- }
- /**
- * @return MockObject|Access
- */
- private function getAccessMock() {
- static $conMethods;
- static $accMethods;
- if (is_null($conMethods) || is_null($accMethods)) {
- $conMethods = get_class_methods(Connection::class);
- $accMethods = get_class_methods(Access::class);
- }
- $lw = $this->createMock(ILDAPWrapper::class);
- $connector = $this->getMockBuilder(Connection::class)
- ->setMethods($conMethods)
- ->setConstructorArgs([$lw, '', null])
- ->getMock();
- $access = $this->createMock(Access::class);
- $access->connection = $connector;
- $access->userManager = $this->createMock(Manager::class);
- return $access;
- }
- /**
- * @return MockObject|GroupPluginManager
- */
- private function getPluginManagerMock() {
- return $this->createMock(GroupPluginManager::class);
- }
- private function enableGroups(Access $access) {
- $access->connection = $this->createMock(Connection::class);
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function ($name) {
- if ($name === 'ldapDynamicGroupMemberURL') {
- return '';
- } elseif ($name === 'ldapBaseGroups') {
- return [];
- }
- return 1;
- });
- }
- public function testCountWithSearchString() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturn('cn=group,dc=foo,dc=bar');
- $access->expects($this->any())
- ->method('fetchListOfUsers')
- ->willReturn([]);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturnCallback(function ($name) {
- //the search operation will call readAttribute, thus we need
- //to analyze the "dn". All other times we just need to return
- //something that is neither null or false, but once an array
- //with the users in the group – so we do so all other times for
- //simplicity.
- if (str_starts_with($name, 'u')) {
- return strpos($name, '3');
- }
- return ['u11', 'u22', 'u33', 'u34'];
- });
- $access->expects($this->any())
- ->method('dn2username')
- ->willReturnCallback(function () {
- return 'foobar' . \OC::$server->getSecureRandom()->generate(7);
- });
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- $access->expects($this->any())
- ->method('escapeFilterPart')
- ->willReturnArgument(0);
- $access->userManager->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['displayName', 'mail']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $users = $groupBackend->countUsersInGroup('group', '3');
- $this->assertSame(2, $users);
- }
- public function testCountUsersWithPlugin() {
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'countUsersInGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::COUNT_USERS)
- ->willReturn(true);
- $pluginManager->expects($this->once())
- ->method('countUsersInGroup')
- ->with('gid', 'search')
- ->willReturn(42);
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertEquals($ldap->countUsersInGroup('gid', 'search'), 42);
- }
- public function testGidNumber2NameSuccess() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('searchGroups')
- ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
- $access->expects($this->once())
- ->method('dn2groupname')
- ->with('cn=foo,dc=barfoo,dc=bar')
- ->willReturn('MyGroup');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->gidNumber2Name('3117', $userDN);
- $this->assertSame('MyGroup', $group);
- }
- public function testGidNumberID2NameNoGroup() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('searchGroups')
- ->willReturn([]);
- $access->expects($this->never())
- ->method('dn2groupname');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->gidNumber2Name('3117', $userDN);
- $this->assertSame(false, $group);
- }
- public function testGidNumberID2NameNoName() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('searchGroups')
- ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
- $access->expects($this->once())
- ->method('dn2groupname')
- ->willReturn(false);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->gidNumber2Name('3117', $userDN);
- $this->assertSame(false, $group);
- }
- public function testGetEntryGidNumberValue() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
- $attr = 'gidNumber';
- $access->expects($this->once())
- ->method('readAttribute')
- ->with($dn, $attr)
- ->willReturn(['3117']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $gid = $groupBackend->getGroupGidNumber($dn);
- $this->assertSame('3117', $gid);
- }
- public function testGetEntryGidNumberNoValue() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
- $attr = 'gidNumber';
- $access->expects($this->once())
- ->method('readAttribute')
- ->with($dn, $attr)
- ->willReturn(false);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $gid = $groupBackend->getGroupGidNumber($dn);
- $this->assertSame(false, $gid);
- }
- public function testPrimaryGroupID2NameSuccessCache() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $gid = '3117';
- $groupDN = 'cn=foo,dc=barfoo,dc=bar';
- /** @var MockObject $connection */
- $connection = $access->connection;
- $connection->expects($this->once())
- ->method('getFromCache')
- ->with('primaryGroupIDtoName_' . $gid)
- ->willReturn('MyGroup');
- $access->expects($this->never())
- ->method('getSID');
- $access->expects($this->never())
- ->method('searchGroups');
- $access->expects($this->never())
- ->method('dn2groupname');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->primaryGroupID2Name($gid, $userDN);
- $this->assertSame('MyGroup', $group);
- }
- public function testPrimaryGroupID2NameSuccess() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->willReturn('S-1-5-21-249921958-728525901-1594176202');
- $access->expects($this->once())
- ->method('searchGroups')
- ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
- $access->expects($this->once())
- ->method('dn2groupname')
- ->with('cn=foo,dc=barfoo,dc=bar')
- ->willReturn('MyGroup');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
- $this->assertSame('MyGroup', $group);
- }
- public function testPrimaryGroupID2NameNoSID() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->willReturn(false);
- $access->expects($this->never())
- ->method('searchGroups');
- $access->expects($this->never())
- ->method('dn2groupname');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
- $this->assertSame(false, $group);
- }
- public function testPrimaryGroupID2NameNoGroup() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->willReturn('S-1-5-21-249921958-728525901-1594176202');
- $access->expects($this->once())
- ->method('searchGroups')
- ->willReturn([]);
- $access->expects($this->never())
- ->method('dn2groupname');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
- $this->assertSame(false, $group);
- }
- public function testPrimaryGroupID2NameNoName() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $userDN = 'cn=alice,cn=foo,dc=barfoo,dc=bar';
- $access->expects($this->once())
- ->method('getSID')
- ->with($userDN)
- ->willReturn('S-1-5-21-249921958-728525901-1594176202');
- $access->expects($this->once())
- ->method('searchGroups')
- ->willReturn([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]);
- $access->expects($this->once())
- ->method('dn2groupname')
- ->willReturn(false);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $group = $groupBackend->primaryGroupID2Name('3117', $userDN);
- $this->assertSame(false, $group);
- }
- public function testGetEntryGroupIDValue() {
- //tests getEntryGroupID via getGroupPrimaryGroupID
- //which is basically identical to getUserPrimaryGroupIDs
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
- $attr = 'primaryGroupToken';
- $access->expects($this->once())
- ->method('readAttribute')
- ->with($dn, $attr)
- ->willReturn(['3117']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $gid = $groupBackend->getGroupPrimaryGroupID($dn);
- $this->assertSame('3117', $gid);
- }
- public function testGetEntryGroupIDNoValue() {
- //tests getEntryGroupID via getGroupPrimaryGroupID
- //which is basically identical to getUserPrimaryGroupIDs
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $dn = 'cn=foobar,cn=foo,dc=barfoo,dc=bar';
- $attr = 'primaryGroupToken';
- $access->expects($this->once())
- ->method('readAttribute')
- ->with($dn, $attr)
- ->willReturn(false);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $gid = $groupBackend->getGroupPrimaryGroupID($dn);
- $this->assertSame(false, $gid);
- }
- /**
- * tests whether Group Backend behaves correctly when cache with uid and gid
- * is hit
- */
- public function testInGroupHitsUidGidCache() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $uid = 'someUser';
- $gid = 'someGroup';
- $cacheKey = 'inGroup' . $uid . ':' . $gid;
- $access->connection->expects($this->once())
- ->method('getFromCache')
- ->with($cacheKey)
- ->willReturn(true);
- $access->expects($this->never())
- ->method('username2dn');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $groupBackend->inGroup($uid, $gid);
- }
- public function groupWithMembersProvider() {
- return [
- [
- 'someGroup',
- 'cn=someGroup,ou=allTheGroups,ou=someDepartment,dc=someDomain,dc=someTld',
- [
- 'uid=oneUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
- 'uid=someUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
- 'uid=anotherUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
- 'uid=differentUser,ou=someTeam,ou=someDepartment,dc=someDomain,dc=someTld',
- ],
- ],
- ];
- }
- /**
- * @dataProvider groupWithMembersProvider
- */
- public function testInGroupMember(string $gid, string $groupDn, array $memberDNs) {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $access->connection = $this->createMock(Connection::class);
- $uid = 'someUser';
- $userDn = $memberDNs[0];
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function ($name) {
- switch ($name) {
- case 'ldapGroupMemberAssocAttr':
- return 'member';
- case 'ldapDynamicGroupMemberURL':
- return '';
- case 'hasPrimaryGroups':
- case 'ldapNestedGroups':
- return 0;
- default:
- return 1;
- }
- });
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->willReturn(null);
- $access->expects($this->once())
- ->method('username2dn')
- ->with($uid)
- ->willReturn($userDn);
- $access->expects($this->once())
- ->method('groupname2dn')
- ->willReturn($groupDn);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturn($memberDNs);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $this->assertTrue($groupBackend->inGroup($uid, $gid));
- }
- /**
- * @dataProvider groupWithMembersProvider
- */
- public function testInGroupMemberNot(string $gid, string $groupDn, array $memberDNs) {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $access->connection = $this->createMock(Connection::class);
- $uid = 'unelatedUser';
- $userDn = 'uid=unrelatedUser,ou=unrelatedTeam,ou=unrelatedDepartment,dc=someDomain,dc=someTld';
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function ($name) {
- switch ($name) {
- case 'ldapGroupMemberAssocAttr':
- return 'member';
- case 'ldapDynamicGroupMemberURL':
- return '';
- case 'hasPrimaryGroups':
- case 'ldapNestedGroups':
- return 0;
- default:
- return 1;
- }
- });
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->willReturn(null);
- $access->expects($this->once())
- ->method('username2dn')
- ->with($uid)
- ->willReturn($userDn);
- $access->expects($this->once())
- ->method('groupname2dn')
- ->willReturn($groupDn);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturn($memberDNs);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $this->assertFalse($groupBackend->inGroup($uid, $gid));
- }
- /**
- * @dataProvider groupWithMembersProvider
- */
- public function testInGroupMemberUid(string $gid, string $groupDn, array $memberDNs) {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $memberUids = [];
- $userRecords = [];
- foreach ($memberDNs as $dn) {
- $memberUids[] = ldap_explode_dn($dn, false)[0];
- $userRecords[] = ['dn' => [$dn]];
- }
- $access->connection = $this->createMock(Connection::class);
- $uid = 'someUser';
- $userDn = $memberDNs[0];
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function ($name) {
- switch ($name) {
- case 'ldapGroupMemberAssocAttr':
- return 'memberUid';
- case 'ldapDynamicGroupMemberURL':
- return '';
- case 'ldapLoginFilter':
- return 'uid=%uid';
- case 'hasPrimaryGroups':
- case 'ldapNestedGroups':
- return 0;
- default:
- return 1;
- }
- });
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->willReturn(null);
- $access->userManager->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['uid', 'mail', 'displayname']);
- $access->expects($this->once())
- ->method('username2dn')
- ->with($uid)
- ->willReturn($userDn);
- $access->expects($this->once())
- ->method('groupname2dn')
- ->willReturn($groupDn);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturn($memberUids);
- $access->expects($this->any())
- ->method('fetchListOfUsers')
- ->willReturn($userRecords);
- $access->expects($this->any())
- ->method('combineFilterWithOr')
- ->willReturn('(|(pseudo=filter)(filter=pseudo))');
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $this->assertTrue($groupBackend->inGroup($uid, $gid));
- }
- public function testGetGroupsWithOffset() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $access->expects($this->once())
- ->method('nextcloudGroupNames')
- ->willReturn(['group1', 'group2']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $groups = $groupBackend->getGroups('', 2, 2);
- $this->assertSame(2, count($groups));
- }
- /**
- * tests that a user listing is complete, if all its members have the group
- * as their primary.
- */
- public function testUsersInGroupPrimaryMembersOnly() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->willReturn(null);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturnCallback(function ($dn, $attr) {
- if ($attr === 'primaryGroupToken') {
- return [1337];
- } elseif ($attr === 'gidNumber') {
- return [4211];
- }
- return [];
- });
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturn('cn=foobar,dc=foo,dc=bar');
- $access->expects($this->exactly(2))
- ->method('nextcloudUserNames')
- ->willReturnOnConsecutiveCalls(['lisa', 'bart', 'kira', 'brad'], ['walle', 'dino', 'xenia']);
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- $access->expects($this->any())
- ->method('combineFilterWithAnd')
- ->willReturn('pseudo=filter');
- $access->userManager->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['displayName', 'mail']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $users = $groupBackend->usersInGroup('foobar');
- $this->assertSame(7, count($users));
- }
- /**
- * tests that a user listing is complete, if all its members have the group
- * as their primary.
- */
- public function testUsersInGroupPrimaryAndUnixMembers() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->willReturn(null);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturnCallback(function ($dn, $attr) {
- if ($attr === 'primaryGroupToken') {
- return [1337];
- }
- return [];
- });
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturn('cn=foobar,dc=foo,dc=bar');
- $access->expects($this->once())
- ->method('nextcloudUserNames')
- ->willReturn(['lisa', 'bart', 'kira', 'brad']);
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- $access->expects($this->any())
- ->method('combineFilterWithAnd')
- ->willReturn('pseudo=filter');
- $access->userManager->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['displayName', 'mail']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $users = $groupBackend->usersInGroup('foobar');
- $this->assertSame(4, count($users));
- }
- /**
- * tests that a user counting is complete, if all its members have the group
- * as their primary.
- */
- public function testCountUsersInGroupPrimaryMembersOnly() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $access->connection->expects($this->any())
- ->method('getFromCache')
- ->willReturn(null);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturnCallback(function ($dn, $attr) {
- if ($attr === 'primaryGroupToken') {
- return [1337];
- }
- return [];
- });
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturn('cn=foobar,dc=foo,dc=bar');
- $access->expects($this->once())
- ->method('countUsers')
- ->willReturn(4);
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- $access->userManager->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['displayName', 'mail']);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $users = $groupBackend->countUsersInGroup('foobar');
- $this->assertSame(4, $users);
- }
- public function testGetUserGroupsMemberOf() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $this->enableGroups($access);
- $dn = 'cn=userX,dc=foobar';
- $access->connection->hasPrimaryGroups = false;
- $access->connection->hasGidNumber = false;
- $access->expects($this->any())
- ->method('username2dn')
- ->willReturn($dn);
- $access->expects($this->exactly(5))
- ->method('readAttribute')
- ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], [], [], []));
- $access->expects($this->any())
- ->method('dn2groupname')
- ->willReturnArgument(0);
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturnArgument(0);
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $groups = $groupBackend->getUserGroups('userX');
- $this->assertSame(2, count($groups));
- }
- public function testGetUserGroupsMemberOfDisabled() {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $access->connection = $this->createMock(Connection::class);
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function ($name) {
- if ($name === 'useMemberOfToDetectMembership') {
- return 0;
- } elseif ($name === 'ldapDynamicGroupMemberURL') {
- return '';
- }
- return 1;
- });
- $dn = 'cn=userX,dc=foobar';
- $access->connection->hasPrimaryGroups = false;
- $access->connection->hasGidNumber = false;
- $access->expects($this->once())
- ->method('username2dn')
- ->willReturn($dn);
- $access->expects($this->never())
- ->method('readAttribute')
- ->with($dn, 'memberOf');
- $access->expects($this->once())
- ->method('nextcloudGroupNames')
- ->willReturn([]);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $groupBackend->getUserGroups('userX');
- }
- public function nestedGroupsProvider(): array {
- return [
- [true],
- [false],
- ];
- }
- /**
- * @dataProvider nestedGroupsProvider
- */
- public function testGetGroupsByMember(bool $nestedGroups) {
- $access = $this->getAccessMock();
- $pluginManager = $this->getPluginManagerMock();
- $groupFilter = '(&(objectclass=nextcloudGroup)(nextcloudEnabled=TRUE))';
- $access->connection = $this->createMock(Connection::class);
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function (string $name) use ($nestedGroups, $groupFilter) {
- switch ($name) {
- case 'useMemberOfToDetectMembership':
- return 0;
- case 'ldapDynamicGroupMemberURL':
- return '';
- case 'ldapNestedGroups':
- return (int)$nestedGroups;
- case 'ldapGroupMemberAssocAttr':
- return 'member';
- case 'ldapGroupFilter':
- return $groupFilter;
- case 'ldapBaseGroups':
- return [];
- case 'ldapGroupDisplayName':
- return 'cn';
- }
- return 1;
- });
- $dn = 'cn=userX,dc=foobar';
- $access->connection->hasPrimaryGroups = false;
- $access->connection->hasGidNumber = false;
- $access->expects($this->exactly(2))
- ->method('username2dn')
- ->willReturn($dn);
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturn([]);
- $access->expects($this->any())
- ->method('combineFilterWithAnd')
- ->willReturnCallback(function (array $filterParts) {
- // ⚠ returns a pseudo-filter only, not real LDAP Filter syntax
- return implode('&', $filterParts);
- });
- $group1 = [
- 'cn' => 'group1',
- 'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'],
- 'member' => [$dn],
- ];
- $group2 = [
- 'cn' => 'group2',
- 'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'],
- 'member' => [$dn],
- ];
- $group3 = [
- 'cn' => 'group3',
- 'dn' => ['cn=group3,ou=groups,dc=domain,dc=com'],
- 'member' => [$group2['dn'][0]],
- ];
- $expectedGroups = ($nestedGroups ? [$group1, $group2, $group3] : [$group1, $group2]);
- $expectedGroupsNames = ($nestedGroups ? ['group1', 'group2', 'group3'] : ['group1', 'group2']);
- $access->expects($this->any())
- ->method('nextcloudGroupNames')
- ->with($expectedGroups)
- ->willReturn($expectedGroupsNames);
- $access->expects($nestedGroups ? $this->atLeastOnce() : $this->once())
- ->method('fetchListOfGroups')
- ->willReturnCallback(function ($filter, $attr, $limit, $offset) use ($nestedGroups, $groupFilter, $group1, $group2, $group3, $dn) {
- static $firstRun = true;
- if (!$nestedGroups) {
- // When nested groups are enabled, groups cannot be filtered early as it would
- // exclude intermediate groups. But we can, and should, when working with flat groups.
- $this->assertTrue(str_contains($filter, $groupFilter));
- }
- [$memberFilter] = explode('&', $filter);
- if ($memberFilter === 'member='.$dn) {
- return [$group1, $group2];
- return [];
- } elseif ($memberFilter === 'member='.$group2['dn'][0]) {
- return [$group3];
- } else {
- return [];
- }
- });
- $access->expects($this->any())
- ->method('dn2groupname')
- ->willReturnCallback(function (string $dn) {
- return ldap_explode_dn($dn, 1)[0];
- });
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturnCallback(function (string $gid) use ($group1, $group2, $group3) {
- if ($gid === $group1['cn']) {
- return $group1['dn'][0];
- }
- if ($gid === $group2['cn']) {
- return $group2['dn'][0];
- }
- if ($gid === $group3['cn']) {
- return $group3['dn'][0];
- }
- });
- $access->expects($this->any())
- ->method('isDNPartOfBase')
- ->willReturn(true);
- $groupBackend = new GroupLDAP($access, $pluginManager);
- $groups = $groupBackend->getUserGroups('userX');
- $this->assertEquals($expectedGroupsNames, $groups);
- $groupsAgain = $groupBackend->getUserGroups('userX');
- $this->assertEquals($expectedGroupsNames, $groupsAgain);
- }
- public function testCreateGroupWithPlugin() {
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'createGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::CREATE_GROUP)
- ->willReturn(true);
- $pluginManager->expects($this->once())
- ->method('createGroup')
- ->with('gid')
- ->willReturn('result');
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertEquals($ldap->createGroup('gid'), true);
- }
- public function testCreateGroupFailing() {
- $this->expectException(\Exception::class);
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'createGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::CREATE_GROUP)
- ->willReturn(false);
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $ldap->createGroup('gid');
- }
- public function testDeleteGroupWithPlugin() {
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'deleteGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::DELETE_GROUP)
- ->willReturn(true);
- $pluginManager->expects($this->once())
- ->method('deleteGroup')
- ->with('gid')
- ->willReturn(true);
- $mapper = $this->getMockBuilder(GroupMapping::class)
- ->setMethods(['unmap'])
- ->disableOriginalConstructor()
- ->getMock();
- $access = $this->getAccessMock();
- $access->expects($this->any())
- ->method('getGroupMapper')
- ->willReturn($mapper);
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertTrue($ldap->deleteGroup('gid'));
- }
- public function testDeleteGroupFailing() {
- $this->expectException(\Exception::class);
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'deleteGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::DELETE_GROUP)
- ->willReturn(false);
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $ldap->deleteGroup('gid');
- }
- public function testAddToGroupWithPlugin() {
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'addToGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::ADD_TO_GROUP)
- ->willReturn(true);
- $pluginManager->expects($this->once())
- ->method('addToGroup')
- ->with('uid', 'gid')
- ->willReturn('result');
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertEquals($ldap->addToGroup('uid', 'gid'), 'result');
- }
- public function testAddToGroupFailing() {
- $this->expectException(\Exception::class);
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'addToGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::ADD_TO_GROUP)
- ->willReturn(false);
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $ldap->addToGroup('uid', 'gid');
- }
- public function testRemoveFromGroupWithPlugin() {
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'removeFromGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::REMOVE_FROM_GROUP)
- ->willReturn(true);
- $pluginManager->expects($this->once())
- ->method('removeFromGroup')
- ->with('uid', 'gid')
- ->willReturn('result');
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertEquals($ldap->removeFromGroup('uid', 'gid'), 'result');
- }
- public function testRemoveFromGroupFailing() {
- $this->expectException(\Exception::class);
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'removeFromGroup'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::REMOVE_FROM_GROUP)
- ->willReturn(false);
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $ldap->removeFromGroup('uid', 'gid');
- }
- public function testGetGroupDetailsWithPlugin() {
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'getGroupDetails'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::GROUP_DETAILS)
- ->willReturn(true);
- $pluginManager->expects($this->once())
- ->method('getGroupDetails')
- ->with('gid')
- ->willReturn('result');
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertEquals($ldap->getGroupDetails('gid'), 'result');
- }
- public function testGetGroupDetailsFailing() {
- $this->expectException(\Exception::class);
- /** @var GroupPluginManager|MockObject $pluginManager */
- $pluginManager = $this->getMockBuilder(GroupPluginManager::class)
- ->setMethods(['implementsActions', 'getGroupDetails'])
- ->getMock();
- $pluginManager->expects($this->once())
- ->method('implementsActions')
- ->with(GroupInterface::GROUP_DETAILS)
- ->willReturn(false);
- $access = $this->getAccessMock();
- $access->connection = $this->createMock(Connection::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $ldap->getGroupDetails('gid');
- }
- public function groupMemberProvider() {
- $base = 'dc=species,dc=earth';
- $birdsDn = [
- 'uid=3723,' . $base,
- 'uid=8372,' . $base,
- 'uid=8427,' . $base,
- 'uid=2333,' . $base,
- 'uid=4754,' . $base,
- ];
- $birdsUid = [
- '3723',
- '8372',
- '8427',
- '2333',
- '4754',
- ];
- $animalsDn = [
- 'uid=lion,' . $base,
- 'uid=tiger,' . $base,
- ];
- $plantsDn = [
- 'uid=flower,' . $base,
- 'uid=tree,' . $base,
- ];
- $thingsDn = [
- 'uid=thing1,' . $base,
- 'uid=thing2,' . $base,
- ];
- return [
- [ #0 – test DNs
- ['cn=Birds,' . $base => $birdsDn],
- ['cn=Birds,' . $base => $birdsDn]
- ],
- [ #1 – test uids
- ['cn=Birds,' . $base => $birdsUid],
- ['cn=Birds,' . $base => $birdsUid]
- ],
- [ #2 – test simple nested group
- ['cn=Animals,' . $base => array_merge($birdsDn, $animalsDn)],
- [
- 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base], $animalsDn),
- 'cn=Birds,' . $base => $birdsDn,
- ]
- ],
- [ #3 – test recursive nested group
- [
- 'cn=Animals,' . $base => array_merge($birdsDn, $animalsDn),
- 'cn=Birds,' . $base => array_merge($birdsDn, $animalsDn),
- ],
- [
- 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base,'cn=Birds,' . $base,'cn=Animals,' . $base], $animalsDn),
- 'cn=Birds,' . $base => array_merge(['cn=Animals,' . $base,'cn=Birds,' . $base], $birdsDn),
- ]
- ],
- [ #4 – Complicated nested group
- ['cn=Things,' . $base => array_merge($birdsDn, $animalsDn, $thingsDn, $plantsDn)],
- [
- 'cn=Animals,' . $base => array_merge(['cn=Birds,' . $base], $animalsDn),
- 'cn=Birds,' . $base => $birdsDn,
- 'cn=Plants,' . $base => $plantsDn,
- 'cn=Things,' . $base => array_merge(['cn=Animals,' . $base,'cn=Plants,' . $base], $thingsDn),
- ]
- ],
- ];
- }
- /**
- * @param string[] $expectedMembers
- * @dataProvider groupMemberProvider
- */
- public function testGroupMembers(array $expectedResult, array $groupsInfo = null) {
- $access = $this->getAccessMock();
- $access->expects($this->any())
- ->method('readAttribute')
- ->willReturnCallback(function ($group) use ($groupsInfo) {
- if (isset($groupsInfo[$group])) {
- return $groupsInfo[$group];
- }
- return [];
- });
- $access->connection = $this->createMock(Connection::class);
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function (string $name) {
- if ($name === 'ldapNestedGroups') {
- return 1;
- } elseif ($name === 'ldapGroupMemberAssocAttr') {
- return 'attr';
- }
- return null;
- });
- /** @var GroupPluginManager $pluginManager */
- $pluginManager = $this->createMock(GroupPluginManager::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- foreach ($expectedResult as $groupDN => $expectedMembers) {
- $resultingMembers = $this->invokePrivate($ldap, '_groupMembers', [$groupDN]);
- $this->assertEqualsCanonicalizing($expectedMembers, $resultingMembers);
- }
- }
- public function displayNameProvider() {
- return [
- ['Graphic Novelists', ['Graphic Novelists']],
- ['', false],
- ];
- }
- /**
- * @dataProvider displayNameProvider
- */
- public function testGetDisplayName(string $expected, $ldapResult) {
- $gid = 'graphic_novelists';
- $access = $this->getAccessMock();
- $access->expects($this->atLeastOnce())
- ->method('readAttribute')
- ->willReturn($ldapResult);
- $access->connection = $this->createMock(Connection::class);
- $access->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function ($name) {
- if ($name === 'ldapGroupMemberAssocAttr') {
- return 'member';
- } elseif ($name === 'ldapGroupFilter') {
- return 'objectclass=nextcloudGroup';
- } elseif ($name === 'ldapGroupDisplayName') {
- return 'cn';
- }
- return null;
- });
- $access->expects($this->any())
- ->method('groupname2dn')
- ->willReturn('fakedn');
- /** @var GroupPluginManager $pluginManager */
- $pluginManager = $this->createMock(GroupPluginManager::class);
- $ldap = new GroupLDAP($access, $pluginManager);
- $this->assertSame($expected, $ldap->getDisplayName($gid));
- }
- }
|