Commit 9d3f3c3c authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Fournisseur d'identité issue de l'annuaire Ldap : tests unitaires ; modifs cosmétiques.

parent 93db7478
...@@ -7,9 +7,18 @@ use Zend\Authentication\AuthenticationService; ...@@ -7,9 +7,18 @@ use Zend\Authentication\AuthenticationService;
use Zend\Permissions\Acl\Role\RoleInterface; use Zend\Permissions\Acl\Role\RoleInterface;
use Zend\ServiceManager\ServiceLocatorAwareInterface; use Zend\ServiceManager\ServiceLocatorAwareInterface;
use Zend\ServiceManager\ServiceLocatorInterface; use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\Permissions\Acl\Exception\InvalidArgumentException;
use UnicaenApp\Entity\Ldap\People as LdapPeopleEntity;
use UnicaenApp\Exception;
use UnicaenAuth\Acl\NamedRole;
/** /**
* Description of LdapGroupProviderInterface * Classe de fournisseur d'identité issue de l'annuaire Ldap.
*
* Retourne les rôles correspondant aux groupes LDAP auxquels appartient l'entité LDAP authentifiée.
* NB :
* - Les ACL sont fournies par le service d'authorisation du module BjyAuthorize
* - L'identité authentifiée est fournie par le service d'authentification.
* *
* @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr> * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
*/ */
...@@ -49,15 +58,16 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface ...@@ -49,15 +58,16 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
$identity = $this->authService->getIdentity(); $identity = $this->authService->getIdentity();
if ($identity instanceof \UnicaenApp\Entity\Ldap\People) { if ($identity instanceof LdapPeopleEntity) {
/* @var $identity \UnicaenApp\Entity\Ldap\People */ /* @var $identity LdapPeopleEntity */
$authorizeService = $this->getServiceLocator()->get('BjyAuthorize\Service\Authorize'); $authorizeService = $this->getServiceLocator()->get('BjyAuthorize\Service\Authorize');
/* @var $authorizeService \BjyAuthorize\Service\Authorize */ /* @var $authorizeService \BjyAuthorize\Service\Authorize */
foreach ($identity->getMemberOf() as $group) { foreach ($identity->getMemberOf() as $group) {
// vérifie si le groupe LDAP est un rôle connu des ACL
try { try {
$role = $authorizeService->getAcl()->getRole($group); $role = $authorizeService->getAcl()->getRole($group);
} }
catch (\Zend\Permissions\Acl\Exception\InvalidArgumentException $exc) { catch (InvalidArgumentException $exc) {
continue; continue;
} }
if ($role->getRoleId() === $group) { if ($role->getRoleId() === $group) {
...@@ -72,7 +82,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface ...@@ -72,7 +82,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
return $roles; return $roles;
} }
/** /**
* Get the rule that's used if you're not authenticated * Get the rule that's used if you're not authenticated
* *
...@@ -81,7 +91,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface ...@@ -81,7 +91,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
public function getDefaultRole() public function getDefaultRole()
{ {
if (null === $this->defaultRole) { if (null === $this->defaultRole) {
$this->defaultRole = new \UnicaenAuth\Acl\NamedRole('guest', null, "Invité"); $this->defaultRole = new NamedRole('guest', null, "Invité");
} }
return $this->defaultRole; return $this->defaultRole;
} }
...@@ -91,12 +101,12 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface ...@@ -91,12 +101,12 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
* *
* @param $defaultRole * @param $defaultRole
* *
* @throws \BjyAuthorize\Exception\InvalidRoleException * @throws InvalidRoleException
*/ */
public function setDefaultRole($defaultRole) public function setDefaultRole($defaultRole)
{ {
if ( ! ($defaultRole instanceof RoleInterface || is_string($defaultRole))) { if (!($defaultRole instanceof RoleInterface || is_string($defaultRole))) {
throw InvalidRoleException::invalidRoleInstance($defaultRole); throw new Exception("Rôle pr défaut fourni invalide.", null, InvalidRoleException::invalidRoleInstance($defaultRole));
} }
$this->defaultRole = $defaultRole; $this->defaultRole = $defaultRole;
} }
...@@ -104,7 +114,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface ...@@ -104,7 +114,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
/** /**
* Set service locator * Set service locator
* *
* @param \Zend\ServiceManager\ServiceLocatorInterface $serviceLocator * @param ServiceLocatorInterface $serviceLocator
* @return self * @return self
*/ */
public function setServiceLocator(ServiceLocatorInterface $serviceLocator) public function setServiceLocator(ServiceLocatorInterface $serviceLocator)
...@@ -116,7 +126,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface ...@@ -116,7 +126,7 @@ class LdapPeople implements ProviderInterface, ServiceLocatorAwareInterface
/** /**
* Get service locator * Get service locator
* *
* @return \Zend\ServiceManager\ServiceLocatorInterface * @return ServiceLocatorInterface
*/ */
public function getServiceLocator() public function getServiceLocator()
{ {
......
<?php
namespace UnicaenAuthTest\Provider\Identity;
use PHPUnit_Framework_TestCase;
use UnicaenApp\Exception;
use UnicaenApp\Entity\Ldap\People as LdapPeopleEntity;
use UnicaenAppTest\Entity\Ldap\TestAsset\People as LdapPeopleTestAsset;
use UnicaenAuth\Provider\Identity\LdapPeople;
use UnicaenAuth\Acl\NamedRole;
use Zend\ServiceManager\ServiceManager;
use Zend\Permissions\Acl\Role\GenericRole;
/**
* Description of LdapPeopleTest
*
* @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
*/
class LdapPeopleTest extends PHPUnit_Framework_TestCase
{
protected $provider;
protected $authorize;
protected $authService;
protected $serviceManager;
/**
* Sets up the fixture, for example, open a network connection.
* This method is called before a test is executed.
*/
protected function setUp()
{
$this->authorize = $this->getMock('BjyAuthorize\Service\Authorize', array('getAcl'), array(), '', false);
$this->serviceManager = new ServiceManager();
$this->serviceManager->setService('BjyAuthorize\Service\Authorize', $this->authorize);
$this->authService = $this->getMock('Zend\Authentication\AuthenticationService', array('getIdentity'));
$this->provider = new LdapPeople($this->authService);
$this->provider->setServiceLocator($this->serviceManager);
$this->defaultRole = $this->provider->getDefaultRole();
}
public function testCanProvideDefaultRoleWhenNoneIsSet()
{
$this->assertInstanceOf('UnicaenAuth\Acl\NamedRole', $this->defaultRole);
$this->assertEquals('guest', $this->defaultRole->getRoleId());
$this->assertEquals("Invité", $this->defaultRole->getRoleName());
$this->assertNull($this->defaultRole->getParent());
}
public function getInvalidDefaultRole()
{
return array(
array(12),
array(new \stdClass()),
array(array('value')),
);
}
/**
* @dataProvider getInvalidDefaultRole
* @expectedException Exception
* @param mixed $defaultRole
*/
public function testSettingDefaultRoleThrowsExceptionWhenInvalidRoleSpecified($defaultRole)
{
$this->provider->setDefaultRole($defaultRole);
}
public function testCanSetDefaultRoleAsString()
{
$defaultRole = 'role';
$this->provider->setDefaultRole($defaultRole);
$this->assertSame($defaultRole, $this->provider->getDefaultRole());
}
public function testCanSetDefaultRoleAsObject()
{
$defaultRole = new GenericRole('role');
$this->provider->setDefaultRole($defaultRole);
$this->assertSame($defaultRole, $this->provider->getDefaultRole());
}
public function getUnexpectedIdentity()
{
return array(
array(null),
array(new \stdClass()),
);
}
/**
* @dataProvider getUnexpectedIdentity
*/
public function testGettingIdentityRolesReturnsDefaultRoleWhenUnexpectedIdentityAvailable($identity)
{
// fournisseur de l'identité de l'utilisateur connecté
$this->authService->expects($this->once())
->method('getIdentity')
->will($this->returnValue($identity));
$roles = $this->provider->getIdentityRoles();
$this->assertEquals(array($this->defaultRole), $roles);
}
public function testGettingIdentityRolesReturnsDefaultRoleWhenWhenIdentityIsNotMemberOfAnyLdapGroup()
{
$data = LdapPeopleTestAsset::$data1;
unset($data['memberof']);
$identity = new LdapPeopleEntity($data);
// fournisseur de l'identité de l'utilisateur connecté
$this->authService->expects($this->once())
->method('getIdentity')
->will($this->returnValue($identity));
$roles = $this->provider->getIdentityRoles();
$this->assertEquals(array($this->defaultRole), $roles);
}
public function testGettingIdentityRolesReturnsDefaultRoleWhenIdentityLdapGroupDoesNotExistInAcl()
{
// fournisseur de l'identité de l'utilisateur connecté
$this->authService->expects($this->once())
->method('getIdentity')
->will($this->returnValue($identity = new LdapPeopleEntity(LdapPeopleTestAsset::$data1)));
$this->assertNotEmpty($identity->getMemberOf(), "Pré-requis non respecté : memberOf vide.");
// fournisseur des ACL
$this->authorize->expects($this->any())
->method('getAcl')
->will($this->returnValue($acl = new \Zend\Permissions\Acl\Acl()));
$roles = $this->provider->getIdentityRoles();
$this->assertEquals(array($this->defaultRole), $roles);
// NB: le rôle par défaut n'a pas besoin d'être connu des ACL
$this->setExpectedException('Zend\Permissions\Acl\Exception\InvalidArgumentException');
$acl->getRole($this->defaultRole->getRoleId());
}
public function testGettingIdentityRolesReturnsIdentityLdapGroupsWhichExistInAcl()
{
// fournisseur de l'identité de l'utilisateur connecté
$this->authService->expects($this->once())
->method('getIdentity')
->will($this->returnValue($identity = new LdapPeopleEntity(LdapPeopleTestAsset::$data1)));
$this->assertNotEmpty($identity->getMemberOf(), "Pré-requis non respecté : memberOf vide.");
// fournisseur des ACL
$acl = new \Zend\Permissions\Acl\Acl();
$acl->addRole($role = new GenericRole('cn=admin_reseau,ou=groups,dc=unicaen,dc=fr'));
$this->authorize->expects($this->any())
->method('getAcl')
->will($this->returnValue($acl));
$roles = $this->provider->getIdentityRoles();
$this->assertEquals(array($role), $roles);
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment