首页 发现 帮助
登录
RISCI_ATOM
/
nextcloud-server
镜像自地址 https://github.com/nextcloud/server.git
1
0
派生 0
文件 工单管理 23 Wiki
目录树: be36513819
分支列表 标签列表
nextcloud-serve...
/
apps
/
user_ldap
/
tests
/
AccessTest.php

AccessTest.php 12 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.
    4. 

  4.  * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>
    5. 

  5.  *
    6. 

  6.  * @author Andreas Fischer <bantu@owncloud.com>
    7. 

  7.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
    8. 

  8.  * @author Joas Schilling <coding@schilljs.com>
    9. 

  9.  * @author Morris Jobke <hey@morrisjobke.de>
    10. 

  10.  * @author Thomas Müller <thomas.mueller@tmit.eu>
    11. 

  11.  * @author Lukas Reschke <lukas@statuscode.ch>
    12. 

  12.  *
    13. 

  13.  * @license AGPL-3.0
    14. 

  14.  *
    15. 

  15.  * This code is free software: you can redistribute it and/or modify
    16. 

  16.  * it under the terms of the GNU Affero General Public License, version 3,
    17. 

  17.  * as published by the Free Software Foundation.
    18. 

  18.  *
    19. 

  19.  * This program is distributed in the hope that it will be useful,
    20. 

  20.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    21. 

  21.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    22. 

  22.  * GNU Affero General Public License for more details.
    23. 

  23.  *
    24. 

  24.  * You should have received a copy of the GNU Affero General Public License, version 3,
    25. 

  25.  * along with this program.  If not, see <http://www.gnu.org/licenses/>
    26. 

  26.  *
    27. 

  27.  */
    28. 

  28. 

  29. namespace OCA\User_LDAP\Tests;
    30. 

  30. 

  31. use OCA\User_LDAP\Access;
    32. 

  32. use OCA\User_LDAP\Connection;
    33. 

  33. use OCA\User_LDAP\Exceptions\ConstraintViolationException;
    34. 

  34. use OCA\User_LDAP\FilesystemHelper;
    35. 

  35. use OCA\User_LDAP\Helper;
    36. 

  36. use OCA\User_LDAP\ILDAPWrapper;
    37. 

  37. use OCA\User_LDAP\LDAP;
    38. 

  38. use OCA\User_LDAP\LogWrapper;
    39. 

  39. use OCA\User_LDAP\User\Manager;
    40. 

  40. use OCP\IAvatarManager;
    41. 

  41. use OCP\IConfig;
    42. 

  42. use OCP\IDBConnection;
    43. 

  43. use OCP\Image;
    44. 

  44. use OCP\IUserManager;
    45. 

  45. 

  46. /**
    47. 

  47.  * Class AccessTest
    48. 

  48.  *
    49. 

  49.  * @group DB
    50. 

  50.  *
    51. 

  51.  * @package OCA\User_LDAP\Tests
    52. 

  52.  */
    53. 

  53. class AccessTest extends \Test\TestCase {
    54. 

  54. 	/** @var Connection|\PHPUnit_Framework_MockObject_MockObject */
    55. 

  55. 	private $connection;
    56. 

  56. 	/** @var LDAP|\PHPUnit_Framework_MockObject_MockObject */
    57. 

  57. 	private $ldap;
    58. 

  58. 	/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
    59. 

  59. 	private $userManager;
    60. 

  60. 	/** @var Helper|\PHPUnit_Framework_MockObject_MockObject */
    61. 

  61. 	private $helper;
    62. 

  62. 	/** @var Access */
    63. 

  63. 	private $access;
    64. 

  64. 

  65. 	public function setUp() {
    66. 

  66. 		$this->connection = $this->createMock(Connection::class);
    67. 

  67. 		$this->ldap = $this->createMock(LDAP::class);
    68. 

  68. 		$this->userManager = $this->createMock(Manager::class);
    69. 

  69. 		$this->helper = $this->createMock(Helper::class);
    70. 

  70. 

  71. 		$this->access = new Access(
    72. 

  72. 			$this->connection,
    73. 

  73. 			$this->ldap,
    74. 

  74. 			$this->userManager,
    75. 

  75. 			$this->helper
    76. 

  76. 		);
    77. 

  77. 	}
    78. 

  78. 

  79. 	private function getConnectorAndLdapMock() {
    80. 

  80. 		$lw  = $this->createMock(ILDAPWrapper::class);
    81. 

  81. 		$connector = $this->getMockBuilder(Connection::class)
    82. 

  82. 			->setConstructorArgs([$lw, null, null])
    83. 

  83. 			->getMock();
    84. 

  84. 		$um = $this->getMockBuilder(Manager::class)
    85. 

  85. 			->setConstructorArgs([
    86. 

  86. 				$this->createMock(IConfig::class),
    87. 

  87. 				$this->createMock(FilesystemHelper::class),
    88. 

  88. 				$this->createMock(LogWrapper::class),
    89. 

  89. 				$this->createMock(IAvatarManager::class),
    90. 

  90. 				$this->createMock(Image::class),
    91. 

  91. 				$this->createMock(IDBConnection::class),
    92. 

  92. 				$this->createMock(IUserManager::class)])
    93. 

  93. 			->getMock();
    94. 

  94. 		$helper = new Helper(\OC::$server->getConfig());
    95. 

  95. 

  96. 		return array($lw, $connector, $um, $helper);
    97. 

  97. 	}
    98. 

  98. 

  99. 	public function testEscapeFilterPartValidChars() {
    100. 

  100. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    101. 

  101. 		$access = new Access($con, $lw, $um, $helper);
    102. 

  102. 

  103. 		$input = 'okay';
    104. 

  104. 		$this->assertTrue($input === $access->escapeFilterPart($input));
    105. 

  105. 	}
    106. 

  106. 

  107. 	public function testEscapeFilterPartEscapeWildcard() {
    108. 

  108. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    109. 

  109. 		$access = new Access($con, $lw, $um, $helper);
    110. 

  110. 

  111. 		$input = '*';
    112. 

  112. 		$expected = '\\\\*';
    113. 

  113. 		$this->assertTrue($expected === $access->escapeFilterPart($input));
    114. 

  114. 	}
    115. 

  115. 

  116. 	public function testEscapeFilterPartEscapeWildcard2() {
    117. 

  117. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    118. 

  118. 		$access = new Access($con, $lw, $um, $helper);
    119. 

  119. 

  120. 		$input = 'foo*bar';
    121. 

  121. 		$expected = 'foo\\\\*bar';
    122. 

  122. 		$this->assertTrue($expected === $access->escapeFilterPart($input));
    123. 

  123. 	}
    124. 

  124. 

  125. 	/** @dataProvider convertSID2StrSuccessData */
    126. 

  126. 	public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
    127. 

  127. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    128. 

  128. 		$access = new Access($con, $lw, $um, $helper);
    129. 

  129. 

  130. 		$sidBinary = implode('', $sidArray);
    131. 

  131. 		$this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
    132. 

  132. 	}
    133. 

  133. 

  134. 	public function convertSID2StrSuccessData() {
    135. 

  135. 		return array(
    136. 

  136. 			array(
    137. 

  137. 				array(
    138. 

  138. 					"\x01",
    139. 

  139. 					"\x04",
    140. 

  140. 					"\x00\x00\x00\x00\x00\x05",
    141. 

  141. 					"\x15\x00\x00\x00",
    142. 

  142. 					"\xa6\x81\xe5\x0e",
    143. 

  143. 					"\x4d\x6c\x6c\x2b",
    144. 

  144. 					"\xca\x32\x05\x5f",
    145. 

  145. 				),
    146. 

  146. 				'S-1-5-21-249921958-728525901-1594176202',
    147. 

  147. 			),
    148. 

  148. 			array(
    149. 

  149. 				array(
    150. 

  150. 					"\x01",
    151. 

  151. 					"\x02",
    152. 

  152. 					"\xFF\xFF\xFF\xFF\xFF\xFF",
    153. 

  153. 					"\xFF\xFF\xFF\xFF",
    154. 

  154. 					"\xFF\xFF\xFF\xFF",
    155. 

  155. 				),
    156. 

  156. 				'S-1-281474976710655-4294967295-4294967295',
    157. 

  157. 			),
    158. 

  158. 		);
    159. 

  159. 	}
    160. 

  160. 

  161. 	public function testConvertSID2StrInputError() {
    162. 

  162. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    163. 

  163. 		$access = new Access($con, $lw, $um, $helper);
    164. 

  164. 

  165. 		$sidIllegal = 'foobar';
    166. 

  166. 		$sidExpected = '';
    167. 

  167. 

  168. 		$this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal));
    169. 

  169. 	}
    170. 

  170. 

  171. 	public function testGetDomainDNFromDNSuccess() {
    172. 

  172. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    173. 

  173. 		$access = new Access($con, $lw, $um, $helper);
    174. 

  174. 

  175. 		$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
    176. 

  176. 		$domainDN = 'dc=my,dc=server,dc=com';
    177. 

  177. 

  178. 		$lw->expects($this->once())
    179. 

  179. 			->method('explodeDN')
    180. 

  180. 			->with($inputDN, 0)
    181. 

  181. 			->will($this->returnValue(explode(',', $inputDN)));
    182. 

  182. 

  183. 		$this->assertSame($domainDN, $access->getDomainDNFromDN($inputDN));
    184. 

  184. 	}
    185. 

  185. 

  186. 	public function testGetDomainDNFromDNError() {
    187. 

  187. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    188. 

  188. 		$access = new Access($con, $lw, $um, $helper);
    189. 

  189. 

  190. 		$inputDN = 'foobar';
    191. 

  191. 		$expected = '';
    192. 

  192. 

  193. 		$lw->expects($this->once())
    194. 

  194. 			->method('explodeDN')
    195. 

  195. 			->with($inputDN, 0)
    196. 

  196. 			->will($this->returnValue(false));
    197. 

  197. 

  198. 		$this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
    199. 

  199. 	}
    200. 

  200. 

  201. 	private function getResemblesDNInputData() {
    202. 

  202. 		return  $cases = array(
    203. 

  203. 			array(
    204. 

  204. 				'input' => 'foo=bar,bar=foo,dc=foobar',
    205. 

  205. 				'interResult' => array(
    206. 

  206. 					'count' => 3,
    207. 

  207. 					0 => 'foo=bar',
    208. 

  208. 					1 => 'bar=foo',
    209. 

  209. 					2 => 'dc=foobar'
    210. 

  210. 				),
    211. 

  211. 				'expectedResult' => true
    212. 

  212. 			),
    213. 

  213. 			array(
    214. 

  214. 				'input' => 'foobarbarfoodcfoobar',
    215. 

  215. 				'interResult' => false,
    216. 

  216. 				'expectedResult' => false
    217. 

  217. 			)
    218. 

  218. 		);
    219. 

  219. 	}
    220. 

  220. 

  221. 	public function testStringResemblesDN() {
    222. 

  222. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    223. 

  223. 		$access = new Access($con, $lw, $um, $helper);
    224. 

  224. 

  225. 		$cases = $this->getResemblesDNInputData();
    226. 

  226. 

  227. 		$lw->expects($this->exactly(2))
    228. 

  228. 			->method('explodeDN')
    229. 

  229. 			->will($this->returnCallback(function ($dn) use ($cases) {
    230. 

  230. 				foreach($cases as $case) {
    231. 

  231. 					if($dn === $case['input']) {
    232. 

  232. 						return $case['interResult'];
    233. 

  233. 					}
    234. 

  234. 				}
    235. 

  235. 				return null;
    236. 

  236. 			}));
    237. 

  237. 

  238. 		foreach($cases as $case) {
    239. 

  239. 			$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
    240. 

  240. 		}
    241. 

  241. 	}
    242. 

  242. 

  243. 	public function testStringResemblesDNLDAPmod() {
    244. 

  244. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    245. 

  245. 		$lw = new \OCA\User_LDAP\LDAP();
    246. 

  246. 		$access = new Access($con, $lw, $um, $helper);
    247. 

  247. 

  248. 		if(!function_exists('ldap_explode_dn')) {
    249. 

  249. 			$this->markTestSkipped('LDAP Module not available');
    250. 

  250. 		}
    251. 

  251. 

  252. 		$cases = $this->getResemblesDNInputData();
    253. 

  253. 

  254. 		foreach($cases as $case) {
    255. 

  255. 			$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
    256. 

  256. 		}
    257. 

  257. 	}
    258. 

  258. 

  259. 	public function testCacheUserHome() {
    260. 

  260. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    261. 

  261. 		$access = new Access($con, $lw, $um, $helper);
    262. 

  262. 

  263. 		$con->expects($this->once())
    264. 

  264. 			->method('writeToCache');
    265. 

  265. 

  266. 		$access->cacheUserHome('foobar', '/foobars/path');
    267. 

  267. 	}
    268. 

  268. 

  269. 	public function testBatchApplyUserAttributes() {
    270. 

  270. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    271. 

  271. 		$access = new Access($con, $lw, $um, $helper);
    272. 

  272. 		$mapperMock = $this->getMockBuilder('\OCA\User_LDAP\Mapping\UserMapping')
    273. 

  273. 			->disableOriginalConstructor()
    274. 

  274. 			->getMock();
    275. 

  275. 

  276. 		$mapperMock->expects($this->any())
    277. 

  277. 			->method('getNameByDN')
    278. 

  278. 			->will($this->returnValue('a_username'));
    279. 

  279. 

  280. 		$userMock = $this->getMockBuilder('\OCA\User_LDAP\User\User')
    281. 

  281. 			->disableOriginalConstructor()
    282. 

  282. 			->getMock();
    283. 

  283. 

  284. 		$access->connection->expects($this->any())
    285. 

  285. 			->method('__get')
    286. 

  286. 			->will($this->returnValue('displayName'));
    287. 

  287. 

  288. 		$access->setUserMapper($mapperMock);
    289. 

  289. 

  290. 		$displayNameAttribute = strtolower($access->connection->ldapUserDisplayName);
    291. 

  291. 		$data = array(
    292. 

  292. 			array(
    293. 

  293. 				'dn' => 'foobar',
    294. 

  294. 				$displayNameAttribute => 'barfoo'
    295. 

  295. 			),
    296. 

  296. 			array(
    297. 

  297. 				'dn' => 'foo',
    298. 

  298. 				$displayNameAttribute => 'bar'
    299. 

  299. 			),
    300. 

  300. 			array(
    301. 

  301. 				'dn' => 'raboof',
    302. 

  302. 				$displayNameAttribute => 'oofrab'
    303. 

  303. 			)
    304. 

  304. 		);
    305. 

  305. 

  306. 		$userMock->expects($this->exactly(count($data)))
    307. 

  307. 			->method('processAttributes');
    308. 

  308. 

  309. 		$um->expects($this->exactly(count($data)))
    310. 

  310. 			->method('get')
    311. 

  311. 			->will($this->returnValue($userMock));
    312. 

  312. 

  313. 		$access->batchApplyUserAttributes($data);
    314. 

  314. 	}
    315. 

  315. 

  316. 	public function dNAttributeProvider() {
    317. 

  317. 		// corresponds to Access::resemblesDN()
    318. 

  318. 		return array(
    319. 

  319. 			'dn' => array('dn'),
    320. 

  320. 			'uniqueMember' => array('uniquemember'),
    321. 

  321. 			'member' => array('member'),
    322. 

  322. 			'memberOf' => array('memberof')
    323. 

  323. 		);
    324. 

  324. 	}
    325. 

  325. 

  326. 	/**
    327. 

  327. 	 * @dataProvider dNAttributeProvider
    328. 

  328. 	 */
    329. 

  329. 	public function testSanitizeDN($attribute) {
    330. 

  330. 		list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
    331. 

  331. 

  332. 

  333. 		$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
    334. 

  334. 

  335. 		$lw->expects($this->any())
    336. 

  336. 			->method('isResource')
    337. 

  337. 			->will($this->returnValue(true));
    338. 

  338. 

  339. 		$lw->expects($this->any())
    340. 

  340. 			->method('getAttributes')
    341. 

  341. 			->will($this->returnValue(array(
    342. 

  342. 				$attribute => array('count' => 1, $dnFromServer)
    343. 

  343. 			)));
    344. 

  344. 

  345. 		$access = new Access($con, $lw, $um, $helper);
    346. 

  346. 		$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
    347. 

  347. 		$this->assertSame($values[0], strtolower($dnFromServer));
    348. 

  348. 	}
    349. 

  349. 

  350. 	/**
    351. 

  351. 	 * @expectedException \Exception
    352. 

  352. 	 * @expectedExceptionMessage LDAP password changes are disabled
    353. 

  353. 	 */
    354. 

  354. 	public function testSetPasswordWithDisabledChanges() {
    355. 

  355. 		$this->connection
    356. 

  356. 			->method('__get')
    357. 

  357. 			->willReturn(false);
    358. 

  358. 

  359. 		$this->access->setPassword('CN=foo', 'MyPassword');
    360. 

  360. 	}
    361. 

  361. 

  362. 	public function testSetPasswordWithLdapNotAvailable() {
    363. 

  363. 		$this->connection
    364. 

  364. 			->method('__get')
    365. 

  365. 			->willReturn(true);
    366. 

  366. 		$connection = $this->createMock(LDAP::class);
    367. 

  367. 		$this->connection
    368. 

  368. 			->expects($this->once())
    369. 

  369. 			->method('getConnectionResource')
    370. 

  370. 			->willReturn($connection);
    371. 

  371. 		$this->ldap
    372. 

  372. 			->expects($this->once())
    373. 

  373. 			->method('isResource')
    374. 

  374. 			->with($connection)
    375. 

  375. 			->willReturn(false);
    376. 

  376. 

  377. 		$this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword'));
    378. 

  378. 	}
    379. 

  379. 

  380. 	/**
    381. 

  381. 	 * @expectedException \OC\HintException
    382. 

  382. 	 * @expectedExceptionMessage Password change rejected.
    383. 

  383. 	 */
    384. 

  384. 	public function testSetPasswordWithRejectedChange() {
    385. 

  385. 		$this->connection
    386. 

  386. 			->method('__get')
    387. 

  387. 			->willReturn(true);
    388. 

  388. 		$connection = $this->createMock(LDAP::class);
    389. 

  389. 		$this->connection
    390. 

  390. 			->expects($this->once())
    391. 

  391. 			->method('getConnectionResource')
    392. 

  392. 			->willReturn($connection);
    393. 

  393. 		$this->ldap
    394. 

  394. 			->expects($this->once())
    395. 

  395. 			->method('isResource')
    396. 

  396. 			->with($connection)
    397. 

  397. 			->willReturn(true);
    398. 

  398. 		$this->ldap
    399. 

  399. 			->expects($this->once())
    400. 

  400. 			->method('modReplace')
    401. 

  401. 			->with($connection, 'CN=foo', 'MyPassword')
    402. 

  402. 			->willThrowException(new ConstraintViolationException());
    403. 

  403. 

  404. 		$this->access->setPassword('CN=foo', 'MyPassword');
    405. 

  405. 	}
    406. 

  406. 

  407. 	public function testSetPassword() {
    408. 

  408. 		$this->connection
    409. 

  409. 			->method('__get')
    410. 

  410. 			->willReturn(true);
    411. 

  411. 		$connection = $this->createMock(LDAP::class);
    412. 

  412. 		$this->connection
    413. 

  413. 			->expects($this->once())
    414. 

  414. 			->method('getConnectionResource')
    415. 

  415. 			->willReturn($connection);
    416. 

  416. 		$this->ldap
    417. 

  417. 			->expects($this->once())
    418. 

  418. 			->method('isResource')
    419. 

  419. 			->with($connection)
    420. 

  420. 			->willReturn(true);
    421. 

  421. 		$this->ldap
    422. 

  422. 			->expects($this->once())
    423. 

  423. 			->method('modReplace')
    424. 

  424. 			->with($connection, 'CN=foo', 'MyPassword')
    425. 

  425. 			->willReturn(true);
    426. 

  426. 

  427. 		$this->assertTrue($this->access->setPassword('CN=foo', 'MyPassword'));
    428. 

  428. 	}
    429. 

  429. }
    430.