LdapTest.php 13.1 KB
Newer Older
1
<?php
2

3
4
namespace UnicaenAuthTest\Authentication\Adapter;

5
use PHPUnit_Framework_TestCase;
6
use UnicaenApp\Mapper\Ldap\People;
7
8
use UnicaenAuth\Authentication\Adapter\Ldap;
use Zend\Authentication\Result;
9
10
use Zend\Authentication\Storage\StorageInterface;
use Zend\EventManager\EventInterface;
11
12
use Zend\EventManager\EventManager;
use Zend\Http\Request;
13
use Zend\ServiceManager\ServiceManager;
14
15
16
17
18
19
20
21
use Zend\Stdlib\Parameters;
use ZfcUser\Authentication\Adapter\AdapterChainEvent;

/**
 * Description of LdapTest
 *
 * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
 */
22
class LdapTest extends PHPUnit_Framework_TestCase
23
{
24
    /**
25
     * @var Ldap|\PHPUnit_Framework_MockObject_MockObject
26
     */
27
    protected $adapter;
28
29
30
31
32
33
34
35
36

    /**
     * @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject
     */
    protected $zendAuthLdapAdapter;

    /**
     * @var \UnicaenApp\Options\ModuleOptions
     */
37
    protected $appModuleOptions;
38
39
40
41

    /**
     * @var \UnicaenAuth\Options\ModuleOptions
     */
42
    protected $authModuleOptions;
43

44
45
46
47
48
49
    /**
     * Sets up the fixture, for example, open a network connection.
     * This method is called before a test is executed.
     */
    protected function setUp()
    {
50
51
52
53
54
        $this->appModuleOptions = $appModuleOptions = new \UnicaenApp\Options\ModuleOptions([
            'ldap' => [
                'connection' => [
                    'default' => [
                        'params' => [
55
56
57
58
59
60
                            'host'                => 'host.domain.fr',
                            'username'            => "uid=xxxxxxxxx,ou=xxxxxxxxxx,dc=domain,dc=fr",
                            'password'            => "xxxxxxxxxxxx",
                            'baseDn'              => "ou=xxxxxxxxxxx,dc=domain,dc=fr",
                            'bindRequiresDn'      => true,
                            'accountFilterFormat' => "(&(objectClass=posixAccount)(supannAliasLogin=%s))",
61
62
63
64
65
66
67
68
69
                        ]
                    ]
                ]
            ],
        ]);
        $this->authModuleOptions = $authModuleOptions = new \UnicaenAuth\Options\ModuleOptions([
            'usurpation_allowed_usernames' => ['usurpateur'],
        ]);

70
71
        /** @var ServiceManager|\PHPUnit_Framework_MockObject_MockObject $serviceManager */
        $serviceManager = $this->createMock('Zend\ServiceManager\ServiceManager'/*, ['get']*/);
72
73
        $serviceManager->expects($this->any())
                       ->method('get')
74
                       ->will($this->returnCallback(function($serviceName) use ($authModuleOptions, $appModuleOptions) {
75
76
77
78
79
80
81
82
83
84
85
                           if ('zfcuser_module_options' === $serviceName) {
                               return new \ZfcUser\Options\ModuleOptions();
                           }
                           if ('unicaen-app_module_options' === $serviceName) {
                               return $appModuleOptions;
                           }
                           if ('unicaen-auth_module_options' === $serviceName) {
                               return $authModuleOptions;
                           }
                           return null;
                       }));
86

87
        $this->adapter = new Ldap();
88
        $this->adapter//->setServiceManager($serviceManager)
89
90
                      ->setEventManager(new EventManager());
    }
91

92
93
    public function testCanProvideDefaultLdapAuthAdapter()
    {
94
95
        $this->adapter->setAppModuleOptions($this->appModuleOptions);

96
97
        $adapter = $this->adapter->getLdapAuthAdapter();
        $this->assertInstanceOf('Zend\Authentication\Adapter\Ldap', $adapter);
98

99
100
101
102
103
        $appModuleLdapOptions = $this->appModuleOptions->getLdap();
        $connectionNames = array_keys($appModuleLdapOptions['connection']);
        $connectionParams = array_map(function($connection) { return $connection['params']; }, $appModuleLdapOptions['connection']);
        $this->assertEquals(array_combine($connectionNames, $connectionParams), $adapter->getOptions());
    }
104

105
106
    public function testAuthenticatingReturnsNullIfAlreadyStatisfied()
    {
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
        /** @var AdapterChainEvent|\PHPUnit_Framework_MockObject_MockObject $adapterChainEvent */
        $adapterChainEvent = $this->createMock(AdapterChainEvent::class);
        $adapterChainEvent
            ->expects($this->once())
            ->method('setIdentity')
            ->with('IDENTITY')
            ->willReturnSelf();
        $adapterChainEvent
            ->expects($this->once())
            ->method('setCode')
            ->with(Result::SUCCESS)
            ->willReturnSelf();

        /** @var EventInterface|\PHPUnit_Framework_MockObject_MockObject $event */
        $event = $this->createMock(EventInterface::class);
        $event
            ->expects($this->once())
            ->method('getTarget')
            ->willReturn($adapterChainEvent);

        /** @var StorageInterface|\PHPUnit_Framework_MockObject_MockObject $storage */
        $storage = $this->createMock(StorageInterface::class);
        $storage
            ->expects($this->exactly(2))
            ->method('read')
            ->willReturn(['is_satisfied' => true, 'identity' => 'IDENTITY']);

        $this->adapter->setStorage($storage);
135
136
        $this->assertNull($this->adapter->authenticate($event));
    }
137

138
139
    public function testUsurpationWithAllowedUsernameAndSuccessfulAuthentication()
    {
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $zendAuthLdapAdapter */
        $this->zendAuthLdapAdapter = $this->createMock('Zend\Authentication\Adapter\Ldap');

        /** @var \Zend\Ldap\Ldap|\PHPUnit_Framework_MockObject_MockObject $ldap */
        $ldap = $this->createMock(\Zend\Ldap\Ldap::class);
        $ldap
            ->expects($this->once())
            ->method('searchEntries')
            ->willReturn(true);

        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $ldapAuthAdapter */
        $this->zendAuthLdapAdapter->expects($this->once())
            ->method('getLdap')
            ->willReturn($ldap);

155
        $this->authModuleOptions->setUsurpationAllowedUsernames(['usurpateur']);
156
        $event = new AdapterChainEvent();
157
        $this->_authenticateWithUsurpation(Result::SUCCESS, $event);
158

159
        $this->assertTrue($this->adapter->isSatisfied());
160
161
        $this->assertEquals(['is_satisfied' => true, 'identity' => 'usurpe'], $this->adapter->getStorage()->read());

162
163
164
165
        $this->assertEquals("userAuthenticated", $event->getName());
        $this->assertEquals(Result::SUCCESS, $event->getCode());
        $this->assertEquals('usurpe', $event->getIdentity());
    }
166

167
168
    public function testUsurpationWithAllowedUsernameAndUnsuccessfulAuthentication()
    {
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $zendAuthLdapAdapter */
        $this->zendAuthLdapAdapter = $this->createMock('Zend\Authentication\Adapter\Ldap');

        /** @var \Zend\Ldap\Ldap|\PHPUnit_Framework_MockObject_MockObject $ldap */
        $ldap = $this->createMock(\Zend\Ldap\Ldap::class);
        $ldap
            ->expects($this->once())
            ->method('searchEntries')
            ->willReturn([]);

        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $ldapAuthAdapter */
        $this->zendAuthLdapAdapter->expects($this->once())
            ->method('getLdap')
            ->willReturn($ldap);

        $this->authModuleOptions->setUsurpationAllowedUsernames(['usurpateur']);
        $event = new AdapterChainEvent();
        $this->_authenticateWithUsurpation(Result::FAILURE, $event);

        $this->assertFalse($this->adapter->isSatisfied());
        $this->assertEquals(['is_satisfied' => false], $this->adapter->getStorage()->read());

        $this->assertNull($event->getName());
        $this->assertEquals(Result::FAILURE, $event->getCode());
        $this->assertNull($event->getIdentity());
        $this->assertFalse($event->propagationIsStopped());
    }

    public function testUsurpationWithAllowedButUnexistingUsername()
    {
        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $zendAuthLdapAdapter */
        $this->zendAuthLdapAdapter = $this->createMock('Zend\Authentication\Adapter\Ldap');

        /** @var \Zend\Ldap\Ldap|\PHPUnit_Framework_MockObject_MockObject $ldap */
        $ldap = $this->createMock(\Zend\Ldap\Ldap::class);
        $ldap
            ->expects($this->once())
            ->method('searchEntries')
            ->willReturn([]);

        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $ldapAuthAdapter */
        $this->zendAuthLdapAdapter->expects($this->once())
            ->method('getLdap')
            ->willReturn($ldap);

214
        $this->authModuleOptions->setUsurpationAllowedUsernames(['usurpateur']);
215
        $event = new AdapterChainEvent();
216
        $this->_authenticateWithUsurpation(Result::FAILURE, $event);
217

218
        $this->assertFalse($this->adapter->isSatisfied());
219
220
        $this->assertEquals(['is_satisfied' => false], $this->adapter->getStorage()->read());

221
222
223
224
225
        $this->assertNull($event->getName());
        $this->assertEquals(Result::FAILURE, $event->getCode());
        $this->assertNull($event->getIdentity());
        $this->assertFalse($event->propagationIsStopped());
    }
226

227
228
    public function testUsurpationWithNotAllowedUsernameAndSuccessfulAuthentication()
    {
229
230
231
        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $zendAuthLdapAdapter */
        $this->zendAuthLdapAdapter = $this->createMock('Zend\Authentication\Adapter\Ldap');

232
        $this->authModuleOptions->setUsurpationAllowedUsernames([]);
233
        $event = new AdapterChainEvent();
234
        $this->_authenticateWithUsurpation(Result::SUCCESS, $event);
235

236
        $this->assertTrue($this->adapter->isSatisfied());
237
        $this->assertEquals(['is_satisfied' => true, 'identity' => 'usurpateur=usurpe'], $this->adapter->getStorage()->read());
238

239
        $this->assertEquals("userAuthenticated", $event->getName());
240
        $this->assertEquals('usurpateur=usurpe', $event->getIdentity());
241
    }
242

243
244
    public function testUsurpationWithNotAllowedUsernameAndUnsuccessfulAuthentication()
    {
245
246
247
        /** @var \Zend\Authentication\Adapter\Ldap|\PHPUnit_Framework_MockObject_MockObject $zendAuthLdapAdapter */
        $this->zendAuthLdapAdapter = $this->createMock('Zend\Authentication\Adapter\Ldap');

248
        $this->authModuleOptions->setUsurpationAllowedUsernames([]);
249
        $event = new AdapterChainEvent();
250
        $this->_authenticateWithUsurpation(Result::FAILURE, $event);
251

252
        $this->assertFalse($this->adapter->isSatisfied());
253
254
        $this->assertEquals(['is_satisfied' => false], $this->adapter->getStorage()->read());

255
256
257
258
259
        $this->assertNull($event->getName());
        $this->assertEquals(Result::FAILURE, $event->getCode());
        $this->assertNull($event->getIdentity());
        $this->assertFalse($event->propagationIsStopped());
    }
260

261
    protected function _authenticateWithUsurpation($authenticationResultCode, AdapterChainEvent &$adapterChainEvent)
262
    {
263
264
265
        $usernameUsurpateur = 'usurpateur';
        $usernameUsurpe     = 'usurpe';
        $username           = $usernameUsurpateur . Ldap::USURPATION_USERNAMES_SEP . $usernameUsurpe;
266

267
        $this->zendAuthLdapAdapter->expects($this->once())
268
269
270
                        ->method('setUsername')
                        ->with($usernameUsurpateur)
                        ->will($this->returnSelf());
271
        $this->zendAuthLdapAdapter->expects($this->once())
272
273
                        ->method('setPassword')
                        ->will($this->returnSelf());
274
        $this->zendAuthLdapAdapter->expects($this->once())
275
276
                        ->method('authenticate')
                        ->will($this->returnValue(new Result($authenticationResultCode, $usernameUsurpateur)));
277
        $this->adapter->setLdapAuthAdapter($this->zendAuthLdapAdapter);
278

279
280
281
282
283
284
285
286
        $ldapPeopleMapper = $this->createMock(People::class);
        $ldapPeopleMapper
            ->expects($this->once())
            ->method('findOneByUsername')
            ->willReturn('not empty');

        $this->adapter->setLdapPeopleMapper($ldapPeopleMapper);

287
        $request = new Request();
288
        $request->setPost(new Parameters(['identity' => $username, 'credential' => "xxxxx"]));
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
        $adapterChainEvent->setRequest($request);

//        /** @var AdapterChainEvent|\PHPUnit_Framework_MockObject_MockObject $adapterChainEvent */
//        $adapterChainEvent = $this->createMock(AdapterChainEvent::class);
//        $adapterChainEvent
//            ->expects($this->once())
//            ->method('setIdentity')
//            ->with('IDENTITY')
//            ->willReturnSelf();
//        $adapterChainEvent
//            ->expects($this->once())
//            ->method('setCode')
//            ->with(Result::SUCCESS)
//            ->willReturnSelf();

        /** @var EventInterface|\PHPUnit_Framework_MockObject_MockObject $event */
        $event = $this->createMock(EventInterface::class);
        $event
            ->expects($this->once())
            ->method('getTarget')
            ->willReturn($adapterChainEvent);
310

311
        $this->adapter->setOptions($this->authModuleOptions);
312
        $this->adapter->authenticate($event);
313
314
    }
}