Fournisseur d'identité issue de l'annuaire Ldap : tests unitaires ; modifs cosmétiques.

src/UnicaenAuth/Provider/Identity/LdapPeople.php

@@ -7,9 +7,18 @@ use Zend\Authentication\AuthenticationService;
 use Zend\Permissions\Acl\Role\RoleInterface;
 use Zend\ServiceManager\ServiceLocatorAwareInterface;
 use Zend\ServiceManager\ServiceLocatorInterface;
+use Zend\Permissions\Acl\Exception\InvalidArgumentException;
+use UnicaenApp\Entity\Ldap\People as LdapPeopleEntity;
+use UnicaenApp\Exception;
+use UnicaenAuth\Acl\NamedRole;
 
 /**
- * Description of LdapGroupProviderInterface
+ * Classe de fournisseur d'identité issue de l'annuaire Ldap.
+ * 
+ * Retourne les rôles correspondant aux groupes LDAP auxquels appartient l'entité LDAP authentifiée.
+ * NB : 
+ * - Les ACL sont fournies par le service d'authorisation du module BjyAuthorize
+ * - L'identité authentifiée est fournie par le service d'authentification.
  *
  * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
  */
@@ -49,15 +58,16 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
         
         $identity = $this->authService->getIdentity();
         
-        if ($identity instanceof \UnicaenApp\Entity\Ldap\People) {
-            /* @var $identity \UnicaenApp\Entity\Ldap\People */
+        if ($identity instanceof LdapPeopleEntity) {
+            /* @var $identity LdapPeopleEntity */
             $authorizeService = $this->getServiceLocator()->get('BjyAuthorize\Service\Authorize');
             /* @var $authorizeService \BjyAuthorize\Service\Authorize */ 
             foreach ($identity->getMemberOf() as $group) {
+                // vérifie si le groupe LDAP est un rôle connu des ACL
                 try {
                     $role = $authorizeService->getAcl()->getRole($group);
-                } 
-                catch (\Zend\Permissions\Acl\Exception\InvalidArgumentException $exc) {
+                }
+                catch (InvalidArgumentException $exc) {
                     continue;
                 }
                 if ($role->getRoleId() === $group) {
@@ -72,7 +82,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
 
         return $roles;
     }
-
+    
     /**
      * Get the rule that's used if you're not authenticated
      *
@@ -81,7 +91,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
     public function getDefaultRole()
     {
         if (null === $this->defaultRole) {
-            $this->defaultRole = new \UnicaenAuth\Acl\NamedRole('guest', null, "Invité");
+            $this->defaultRole = new NamedRole('guest', null, "Invité");
         }
         return $this->defaultRole;
     }
@@ -91,12 +101,12 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
      *
      * @param $defaultRole
      *
-     * @throws \BjyAuthorize\Exception\InvalidRoleException
+     * @throws InvalidRoleException
      */
     public function setDefaultRole($defaultRole)
     {
-        if ( ! ($defaultRole instanceof RoleInterface || is_string($defaultRole))) {
-            throw InvalidRoleException::invalidRoleInstance($defaultRole);
+        if (!($defaultRole instanceof RoleInterface || is_string($defaultRole))) {
+            throw new Exception("Rôle pr défaut fourni invalide.", null, InvalidRoleException::invalidRoleInstance($defaultRole));
         }
         $this->defaultRole = $defaultRole;
     }
@@ -104,7 +114,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
     /**
      * Set service locator
      *
-     * @param \Zend\ServiceManager\ServiceLocatorInterface $serviceLocator
+     * @param ServiceLocatorInterface $serviceLocator
      * @return self
      */
     public function setServiceLocator(ServiceLocatorInterface $serviceLocator)
@@ -116,7 +126,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
     /**
      * Get service locator
      *
-     * @return \Zend\ServiceManager\ServiceLocatorInterface
+     * @return ServiceLocatorInterface
      */
     public function getServiceLocator()
     {

tests/UnicaenAuthTest/Provider/Identity/LdapPeopleTest.php

+<?php
+namespace UnicaenAuthTest\Provider\Identity;
+
+use PHPUnit_Framework_TestCase;
+use UnicaenApp\Exception;
+use UnicaenApp\Entity\Ldap\People as LdapPeopleEntity;
+use UnicaenAppTest\Entity\Ldap\TestAsset\People as LdapPeopleTestAsset;
+use UnicaenAuth\Provider\Identity\LdapPeople;
+use UnicaenAuth\Acl\NamedRole;
+use Zend\ServiceManager\ServiceManager;
+use Zend\Permissions\Acl\Role\GenericRole;
+
+/**
+ * Description of LdapPeopleTest
+ *
+ * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
+ */
+class LdapPeopleTest extends PHPUnit_Framework_TestCase
+{
+    protected $provider;
+    protected $authorize;
+    protected $authService;
+    protected $serviceManager;
+    
+    /**
+     * Sets up the fixture, for example, open a network connection.
+     * This method is called before a test is executed.
+     */
+    protected function setUp()
+    {
+        $this->authorize = $this->getMock('BjyAuthorize\Service\Authorize', array('getAcl'), array(), '', false);
+        
+        $this->serviceManager = new ServiceManager();
+        $this->serviceManager->setService('BjyAuthorize\Service\Authorize', $this->authorize);
+        
+        $this->authService = $this->getMock('Zend\Authentication\AuthenticationService', array('getIdentity'));
+        
+        $this->provider = new LdapPeople($this->authService);
+        $this->provider->setServiceLocator($this->serviceManager);
+        
+        $this->defaultRole = $this->provider->getDefaultRole();
+    }
+    
+    public function testCanProvideDefaultRoleWhenNoneIsSet()
+    {
+        $this->assertInstanceOf('UnicaenAuth\Acl\NamedRole', $this->defaultRole);
+        $this->assertEquals('guest', $this->defaultRole->getRoleId());
+        $this->assertEquals("Invité", $this->defaultRole->getRoleName());
+        $this->assertNull($this->defaultRole->getParent());
+    }
+    
+    
+    public function getInvalidDefaultRole()
+    {
+        return array(
+            array(12),
+            array(new \stdClass()),
+            array(array('value')),
+        );
+    }
+    
+    /**
+     * @dataProvider getInvalidDefaultRole
+     * @expectedException Exception
+     * @param mixed $defaultRole
+     */
+    public function testSettingDefaultRoleThrowsExceptionWhenInvalidRoleSpecified($defaultRole)
+    {
+        $this->provider->setDefaultRole($defaultRole);
+    }
+    
+    public function testCanSetDefaultRoleAsString()
+    {
+        $defaultRole = 'role';
+        $this->provider->setDefaultRole($defaultRole);
+        $this->assertSame($defaultRole, $this->provider->getDefaultRole());
+    }
+    
+    public function testCanSetDefaultRoleAsObject()
+    {
+        $defaultRole = new GenericRole('role');
+        $this->provider->setDefaultRole($defaultRole);
+        $this->assertSame($defaultRole, $this->provider->getDefaultRole());
+    }
+    
+    public function getUnexpectedIdentity()
+    {
+        return array(
+            array(null),
+            array(new \stdClass()),
+        );
+    }
+    
+    /**
+     * @dataProvider getUnexpectedIdentity
+     */
+    public function testGettingIdentityRolesReturnsDefaultRoleWhenUnexpectedIdentityAvailable($identity)
+    {
+        // fournisseur de l'identité de l'utilisateur connecté
+        $this->authService->expects($this->once())
+                          ->method('getIdentity')
+                          ->will($this->returnValue($identity));
+        
+        $roles = $this->provider->getIdentityRoles();
+        $this->assertEquals(array($this->defaultRole), $roles);
+    }
+    
+    public function testGettingIdentityRolesReturnsDefaultRoleWhenWhenIdentityIsNotMemberOfAnyLdapGroup()
+    {
+        $data = LdapPeopleTestAsset::$data1;
+        unset($data['memberof']);
+        $identity = new LdapPeopleEntity($data);
+        
+        // fournisseur de l'identité de l'utilisateur connecté
+        $this->authService->expects($this->once())
+                          ->method('getIdentity')
+                          ->will($this->returnValue($identity));
+        
+        $roles = $this->provider->getIdentityRoles();
+        $this->assertEquals(array($this->defaultRole), $roles);
+    }
+    
+    public function testGettingIdentityRolesReturnsDefaultRoleWhenIdentityLdapGroupDoesNotExistInAcl()
+    {
+        // fournisseur de l'identité de l'utilisateur connecté
+        $this->authService->expects($this->once())
+                          ->method('getIdentity')
+                          ->will($this->returnValue($identity = new LdapPeopleEntity(LdapPeopleTestAsset::$data1)));
+        
+        $this->assertNotEmpty($identity->getMemberOf(), "Pré-requis non respecté : memberOf vide.");
+        
+        // fournisseur des ACL
+        $this->authorize->expects($this->any())
+                        ->method('getAcl')
+                        ->will($this->returnValue($acl = new \Zend\Permissions\Acl\Acl()));
+        
+        $roles = $this->provider->getIdentityRoles();
+        $this->assertEquals(array($this->defaultRole), $roles);
+        
+        // NB: le rôle par défaut n'a pas besoin d'être connu des ACL
+        $this->setExpectedException('Zend\Permissions\Acl\Exception\InvalidArgumentException');
+        $acl->getRole($this->defaultRole->getRoleId());
+    }
+    
+    public function testGettingIdentityRolesReturnsIdentityLdapGroupsWhichExistInAcl()
+    {
+        // fournisseur de l'identité de l'utilisateur connecté
+        $this->authService->expects($this->once())
+                          ->method('getIdentity')
+                          ->will($this->returnValue($identity = new LdapPeopleEntity(LdapPeopleTestAsset::$data1)));
+        
+        $this->assertNotEmpty($identity->getMemberOf(), "Pré-requis non respecté : memberOf vide.");
+        
+        // fournisseur des ACL
+        $acl = new \Zend\Permissions\Acl\Acl();
+        $acl->addRole($role = new GenericRole('cn=admin_reseau,ou=groups,dc=unicaen,dc=fr'));
+        $this->authorize->expects($this->any())
+                        ->method('getAcl')
+                        ->will($this->returnValue($acl));
+        
+        $roles = $this->provider->getIdentityRoles();
+        $this->assertEquals(array($role), $roles);
+    }
+}
\ No newline at end of file