LdapTest.php 7.89 KB
Newer Older
1
2
3
<?php
namespace UnicaenAuthTest\Authentication\Adapter;

4
use PHPUnit\Framework\TestCase;
5
6
7
8
9
10
11
12
13
14
15
16
use UnicaenAuth\Authentication\Adapter\Ldap;
use Zend\Authentication\Result;
use Zend\EventManager\EventManager;
use Zend\Http\Request;
use Zend\Stdlib\Parameters;
use ZfcUser\Authentication\Adapter\AdapterChainEvent;

/**
 * Description of LdapTest
 *
 * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
 */
17
class LdapTest extends TestCase
18
19
20
21
22
{
    protected $adapter;
    protected $appModuleOptions;
    protected $authModuleOptions;
    protected $mapper;
23

24
25
26
27
28
29
    /**
     * Sets up the fixture, for example, open a network connection.
     * This method is called before a test is executed.
     */
    protected function setUp()
    {
30
31
32
33
34
        $this->appModuleOptions = $appModuleOptions = new \UnicaenApp\Options\ModuleOptions([
            'ldap' => [
                'connection' => [
                    'default' => [
                        'params' => [
35
36
37
38
39
40
                            'host'                => 'host.domain.fr',
                            'username'            => "uid=xxxxxxxxx,ou=xxxxxxxxxx,dc=domain,dc=fr",
                            'password'            => "xxxxxxxxxxxx",
                            'baseDn'              => "ou=xxxxxxxxxxx,dc=domain,dc=fr",
                            'bindRequiresDn'      => true,
                            'accountFilterFormat' => "(&(objectClass=posixAccount)(supannAliasLogin=%s))",
41
42
43
44
45
46
47
48
49
50
51
52
                        ]
                    ]
                ]
            ],
        ]);
        $this->authModuleOptions = $authModuleOptions = new \UnicaenAuth\Options\ModuleOptions([
            'usurpation_allowed_usernames' => ['usurpateur'],
        ]);

        $this->mapper = $mapper = $this->getMock('ZfcUser\Mapper\User', ['findByUsername', 'findByEmail']);

        $serviceManager = $this->getMock('Zend\ServiceManager\ServiceManager', ['get']);
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
        $serviceManager->expects($this->any())
                       ->method('get')
                       ->will($this->returnCallback(function($serviceName) use ($authModuleOptions, $appModuleOptions, $mapper) {
                           if ('zfcuser_module_options' === $serviceName) {
                               return new \ZfcUser\Options\ModuleOptions();
                           }
                           if ('unicaen-app_module_options' === $serviceName) {
                               return $appModuleOptions;
                           }
                           if ('unicaen-auth_module_options' === $serviceName) {
                               return $authModuleOptions;
                           }
                           if ('zfcuser_user_mapper' === $serviceName) {
                               return $mapper;
                           }
                           return null;
                       }));
70

71
        $this->adapter = new Ldap();
72
        $this->adapter->setServiceLocator($serviceManager)
73
74
                      ->setEventManager(new EventManager());
    }
75

76
77
78
79
    public function testCanProvideDefaultLdapAuthAdapter()
    {
        $adapter = $this->adapter->getLdapAuthAdapter();
        $this->assertInstanceOf('Zend\Authentication\Adapter\Ldap', $adapter);
80

81
82
83
84
85
        $appModuleLdapOptions = $this->appModuleOptions->getLdap();
        $connectionNames = array_keys($appModuleLdapOptions['connection']);
        $connectionParams = array_map(function($connection) { return $connection['params']; }, $appModuleLdapOptions['connection']);
        $this->assertEquals(array_combine($connectionNames, $connectionParams), $adapter->getOptions());
    }
86

87
88
89
90
91
92
93
    public function testAuthenticatingReturnsNullIfAlreadyStatisfied()
    {
        $event = new AdapterChainEvent();
        $this->adapter->setSatisfied();
        $this->assertNull($this->adapter->authenticate($event));
        $this->assertEquals($event->getCode(), Result::SUCCESS);
    }
94

95
96
    public function testUsurpationWithAllowedUsernameAndSuccessfulAuthentication()
    {
97
        $this->authModuleOptions->setUsurpationAllowedUsernames(['usurpateur']);
98
99
        $event = new AdapterChainEvent();
        $result = $this->_authenticateWithUsurpation(Result::SUCCESS, $event);
100

101
102
        $this->assertTrue($result);
        $this->assertTrue($this->adapter->isSatisfied());
103
104
        $this->assertEquals(['is_satisfied' => true, 'identity' => 'usurpe'], $this->adapter->getStorage()->read());

105
106
107
108
109
        $this->assertEquals("userAuthenticated", $event->getName());
        $this->assertEquals(Result::SUCCESS, $event->getCode());
        $this->assertEquals('usurpe', $event->getIdentity());
        $this->assertTrue($event->propagationIsStopped());
    }
110

111
112
    public function testUsurpationWithAllowedUsernameAndUnsuccessfulAuthentication()
    {
113
        $this->authModuleOptions->setUsurpationAllowedUsernames(['usurpateur']);
114
115
        $event = new AdapterChainEvent();
        $result = $this->_authenticateWithUsurpation(Result::FAILURE, $event);
116

117
118
        $this->assertFalse($result);
        $this->assertFalse($this->adapter->isSatisfied());
119
120
        $this->assertEquals(['is_satisfied' => false], $this->adapter->getStorage()->read());

121
122
123
124
125
        $this->assertNull($event->getName());
        $this->assertEquals(Result::FAILURE, $event->getCode());
        $this->assertNull($event->getIdentity());
        $this->assertFalse($event->propagationIsStopped());
    }
126

127
128
    public function testUsurpationWithNotAllowedUsernameAndSuccessfulAuthentication()
    {
129
        $this->authModuleOptions->setUsurpationAllowedUsernames([]);
130
131
        $event = new AdapterChainEvent();
        $result = $this->_authenticateWithUsurpation(Result::SUCCESS, $event);
132

133
134
        $this->assertTrue($result);
        $this->assertTrue($this->adapter->isSatisfied());
135
136
        $this->assertEquals(['is_satisfied' => true, 'identity' => 'usurpateur'], $this->adapter->getStorage()->read());

137
138
139
140
        $this->assertEquals("userAuthenticated", $event->getName());
        $this->assertTrue($event->propagationIsStopped());
        $this->assertEquals('usurpateur', $event->getIdentity());
    }
141

142
143
    public function testUsurpationWithNotAllowedUsernameAndUnsuccessfulAuthentication()
    {
144
        $this->authModuleOptions->setUsurpationAllowedUsernames([]);
145
146
        $event = new AdapterChainEvent();
        $result = $this->_authenticateWithUsurpation(Result::FAILURE, $event);
147

148
149
        $this->assertFalse($result);
        $this->assertFalse($this->adapter->isSatisfied());
150
151
        $this->assertEquals(['is_satisfied' => false], $this->adapter->getStorage()->read());

152
153
154
155
156
        $this->assertNull($event->getName());
        $this->assertEquals(Result::FAILURE, $event->getCode());
        $this->assertNull($event->getIdentity());
        $this->assertFalse($event->propagationIsStopped());
    }
157

158
    protected function _authenticateWithUsurpation($authenticationResultCode, AdapterChainEvent &$event)
159
    {
160
161
162
        $usernameUsurpateur = 'usurpateur';
        $usernameUsurpe     = 'usurpe';
        $username           = $usernameUsurpateur . Ldap::USURPATION_USERNAMES_SEP . $usernameUsurpe;
163
164

        $ldapAuthAdapter = $this->getMock('Zend\Authentication\Adapter\Ldap', ['setUsername', 'setPassword', 'authenticate']);
165
166
167
168
169
170
171
172
173
174
175
        $ldapAuthAdapter->expects($this->once())
                        ->method('setUsername')
                        ->with($usernameUsurpateur)
                        ->will($this->returnSelf());
        $ldapAuthAdapter->expects($this->once())
                        ->method('setPassword')
                        ->will($this->returnSelf());
        $ldapAuthAdapter->expects($this->once())
                        ->method('authenticate')
                        ->will($this->returnValue(new Result($authenticationResultCode, $usernameUsurpateur)));
        $this->adapter->setLdapAuthAdapter($ldapAuthAdapter);
176

177
        $request = new Request();
178
        $request->setPost(new Parameters(['identity' => $username, 'credential' => "xxxxx"]));
179
        $event->setRequest($request);
180

181
182
183
        return $this->adapter->authenticate($event);
    }
}