Skip to content

Commit c68d154

Browse files
ssddanbrownssddanbrown
committed
LDAP: Updated tests for recursive group changes
1 parent 1b4ed69 commit c68d154

File tree

2 files changed

+43
-25
lines changed

2 files changed

+43
-25
lines changed

app/Access/LdapService.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -334,7 +334,7 @@ public function getUserGroups(string $userName): array
334334
]);
335335
}
336336

337-
return $allGroups;
337+
return $formattedGroups;
338338
}
339339

340340
protected function extractGroupNamesFromLdapGroupDns(array $groupDNs): array

tests/Auth/LdapTest.php

Lines changed: 42 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -76,14 +76,21 @@ protected function mockUserLogin(?string $email = null): TestResponse
7676
/**
7777
* Set LDAP method mocks for things we commonly call without altering.
7878
*/
79-
protected function commonLdapMocks(int $connects = 1, int $versions = 1, int $options = 2, int $binds = 4, int $escapes = 2, int $explodes = 0)
79+
protected function commonLdapMocks(int $connects = 1, int $versions = 1, int $options = 2, int $binds = 4, int $escapes = 2, int $explodes = 0, int $groups = 0)
8080
{
8181
$this->mockLdap->shouldReceive('connect')->times($connects)->andReturn($this->resourceId);
8282
$this->mockLdap->shouldReceive('setVersion')->times($versions);
8383
$this->mockLdap->shouldReceive('setOption')->times($options);
8484
$this->mockLdap->shouldReceive('bind')->times($binds)->andReturn(true);
8585
$this->mockEscapes($escapes);
8686
$this->mockExplodes($explodes);
87+
$this->mockGroupLookups($groups);
88+
}
89+
90+
protected function mockGroupLookups(int $times = 1): void
91+
{
92+
$this->mockLdap->shouldReceive('read')->times($times)->andReturn(['count' => 0]);
93+
$this->mockLdap->shouldReceive('getEntries')->times($times)->andReturn(['count' => 0]);
8794
}
8895

8996
public function test_login()
@@ -307,8 +314,8 @@ public function test_login_maps_roles_and_retains_existing_roles()
307314
'services.ldap.remove_from_groups' => false,
308315
]);
309316

310-
$this->commonLdapMocks(1, 1, 4, 5, 4, 6);
311-
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
317+
$this->commonLdapMocks(1, 1, 4, 5, 2, 2, 2);
318+
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
312319
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
313320
->andReturn(['count' => 1, 0 => [
314321
'uid' => [$this->mockUser->name],
@@ -352,8 +359,8 @@ public function test_login_maps_roles_and_removes_old_roles_if_set()
352359
'services.ldap.remove_from_groups' => true,
353360
]);
354361

355-
$this->commonLdapMocks(1, 1, 3, 4, 3, 2);
356-
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
362+
$this->commonLdapMocks(1, 1, 3, 4, 2, 1, 1);
363+
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
357364
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
358365
->andReturn(['count' => 1, 0 => [
359366
'uid' => [$this->mockUser->name],
@@ -394,22 +401,26 @@ public function test_dump_user_groups_shows_group_related_details_as_json()
394401
'dn' => 'dc=test,' . config('services.ldap.base_dn'),
395402
'mail' => [$this->mockUser->email],
396403
]];
397-
$this->commonLdapMocks(1, 1, 4, 5, 4, 2);
398-
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
404+
$this->commonLdapMocks(1, 1, 4, 5, 2, 2, 0);
405+
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
399406
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
400407
->andReturn($userResp, ['count' => 1,
401-
0 => [
402-
'dn' => 'dc=test,' . config('services.ldap.base_dn'),
408+
0 => [
409+
'dn' => 'dc=test,' . config('services.ldap.base_dn'),
403410
'memberof' => [
404411
'count' => 1,
405-
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
412+
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
406413
],
407414
],
408-
], [
415+
]);
416+
417+
$this->mockLdap->shouldReceive('read')->times(2);
418+
$this->mockLdap->shouldReceive('getEntries')->times(2)
419+
->andReturn([
409420
'count' => 1,
410-
0 => [
411-
'dn' => 'cn=ldaptester,ou=groups,dc=example,dc=com',
412-
'memberof' => [
421+
0 => [
422+
'dn' => 'cn=ldaptester,ou=groups,dc=example,dc=com',
423+
'memberof' => [
413424
'count' => 1,
414425
0 => 'cn=monsters,ou=groups,dc=example,dc=com',
415426
],
@@ -426,9 +437,13 @@ public function test_dump_user_groups_shows_group_related_details_as_json()
426437
],
427438
],
428439
'parsed_direct_user_groups' => [
429-
'ldaptester',
440+
'cn=ldaptester,ou=groups,dc=example,dc=com',
430441
],
431442
'parsed_recursive_user_groups' => [
443+
'cn=ldaptester,ou=groups,dc=example,dc=com',
444+
'cn=monsters,ou=groups,dc=example,dc=com',
445+
],
446+
'parsed_resulting_group_names' => [
432447
'ldaptester',
433448
'monsters',
434449
],
@@ -458,15 +473,18 @@ public function test_recursive_group_search_queries_via_full_dn()
458473
],
459474
];
460475

461-
$this->commonLdapMocks(1, 1, 3, 4, 3, 1);
476+
$this->commonLdapMocks(1, 1, 3, 4, 2, 1);
462477

463478
$escapedName = ldap_escape($this->mockUser->name);
464479
$this->mockLdap->shouldReceive('searchAndGetEntries')->twice()
465480
->with($this->resourceId, config('services.ldap.base_dn'), "(&(uid={$escapedName}))", \Mockery::type('array'))
466481
->andReturn($userResp, $groupResp);
467482

468-
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
469-
->with($this->resourceId, config('services.ldap.base_dn'), $groupResp[0]['dn'], ['memberof'])
483+
$this->mockLdap->shouldReceive('read')->times(1)
484+
->with($this->resourceId, 'cn=ldaptester,ou=groups,dc=example,dc=com', '(objectClass=*)', ['memberof'])
485+
->andReturn(['count' => 0]);
486+
$this->mockLdap->shouldReceive('getEntries')->times(1)
487+
->with($this->resourceId, ['count' => 0])
470488
->andReturn(['count' => 0]);
471489

472490
$resp = $this->mockUserLogin();
@@ -491,8 +509,8 @@ public function test_login_maps_roles_using_external_auth_ids_if_set()
491509
'services.ldap.remove_from_groups' => true,
492510
]);
493511

494-
$this->commonLdapMocks(1, 1, 3, 4, 3, 2);
495-
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
512+
$this->commonLdapMocks(1, 1, 3, 4, 2, 1, 1);
513+
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
496514
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
497515
->andReturn(['count' => 1, 0 => [
498516
'uid' => [$this->mockUser->name],
@@ -532,8 +550,8 @@ public function test_login_group_mapping_does_not_conflict_with_default_role()
532550
'services.ldap.remove_from_groups' => true,
533551
]);
534552

535-
$this->commonLdapMocks(1, 1, 4, 5, 4, 6);
536-
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
553+
$this->commonLdapMocks(1, 1, 4, 5, 2, 2, 2);
554+
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
537555
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
538556
->andReturn(['count' => 1, 0 => [
539557
'uid' => [$this->mockUser->name],
@@ -772,9 +790,9 @@ public function test_login_with_email_confirmation_required_maps_groups_but_show
772790
'services.ldap.remove_from_groups' => true,
773791
]);
774792

775-
$this->commonLdapMocks(1, 1, 6, 8, 6, 4);
793+
$this->commonLdapMocks(1, 1, 6, 8, 4, 2, 2);
776794
$this->mockLdap->shouldReceive('searchAndGetEntries')
777-
->times(6)
795+
->times(4)
778796
->andReturn(['count' => 1, 0 => [
779797
'uid' => [$user->name],
780798
'cn' => [$user->name],

0 commit comments

Comments
 (0)