DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add LDAP as 'recommended' requirement; flesh out LDAP tests

Browse source
This commit is contained in:
Brady Wetherington 2023-11-30 14:00:20 +00:00
parent 2a00dc2d28
commit 16da994e28
3 changed files with 105 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
composer.json
View file

@ -74,6 +74,9 @@
"unicodeveloper/laravel-password": "^1.0", "unicodeveloper/laravel-password": "^1.0",
"watson/validating": "^6.1" "watson/validating": "^6.1"
}, },
"suggest": {
"ext-ldap": "*"
},
"require-dev": { "require-dev": {
"brianium/paratest": "^6.6", "brianium/paratest": "^6.6",
"fakerphp/faker": "^1.16", "fakerphp/faker": "^1.16",

22
tests/Support/Settings.php
View file

@ -79,6 +79,28 @@ class Settings
]); ]);
} }
public function enableAnonymousLdap(): Settings
{
return $this->update([
'ldap_enabled' => 1,
'ldap_server' => 'ldaps://ldap.example.com',
// 'ldap_uname' => 'fake_username',
'ldap_pword' => Crypt::encrypt("fake_password"),
'ldap_basedn' => 'CN=Users,DC=ad,DC=example,Dc=com'
]);
}
public function enableBadPasswordLdap(): Settings
{
return $this->update([
'ldap_enabled' => 1,
'ldap_server' => 'ldaps://ldap.example.com',
'ldap_uname' => 'fake_username',
'ldap_pword' => "badly_encrypted_password!",
'ldap_basedn' => 'CN=Users,DC=ad,DC=example,Dc=com'
]);
}
/** /**
* @param array $attributes Attributes to modify in the application's settings. * @param array $attributes Attributes to modify in the application's settings.
*/ */

80
tests/Unit/LdapTest.php
View file

@ -3,6 +3,7 @@
namespace Tests\Unit; namespace Tests\Unit;
use App\Models\Ldap; use App\Models\Ldap;
use Exception;
use Tests\Support\InteractsWithSettings; use Tests\Support\InteractsWithSettings;
use Tests\TestCase; use Tests\TestCase;
@ -25,4 +26,83 @@ class LdapTest extends TestCase
$blah = Ldap::connectToLdap(); $blah = Ldap::connectToLdap();
$this->assertEquals('hello',$blah,"LDAP_connect should return 'hello'"); $this->assertEquals('hello',$blah,"LDAP_connect should return 'hello'");
} }
// other test cases - with/without client-side certs?
// with/without LDAP version 3?
// with/without ignore cert validation?
// test (and mock) ldap_start_tls() ?
public function testBindAdmin()
{
$this->settings->enableLdap();
$this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(true);
$this->assertNull(Ldap::bindAdminToLdap("dummy"));
}
public function testBindBad()
{
$this->settings->enableLdap();
$this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(false);
$this->getFunctionMock("App\\Models","ldap_error")->expects($this->once())->willReturn("exception");
$this->expectExceptionMessage("Could not bind to LDAP:");
$this->assertNull(Ldap::bindAdminToLdap("dummy"));
}
// other test cases - test donked password?
public function testAnonymousBind()
{
//todo - would be nice to introspect somehow to make sure the right parameters were passed?
$this->settings->enableAnonymousLdap();
$this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(true);
$this->assertNull(Ldap::bindAdminToLdap("dummy"));
}
public function testBadAnonymousBind()
{
$this->settings->enableAnonymousLdap();
$this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(false);
$this->getFunctionMock("App\\Models","ldap_error")->expects($this->once())->willReturn("exception");
$this->expectExceptionMessage("Could not bind to LDAP:");
$this->assertNull(Ldap::bindAdminToLdap("dummy"));
}
public function testBadEncryptedPassword()
{
$this->settings->enableBadPasswordLdap();
$this->expectExceptionMessage("Your app key has changed");
$this->assertNull(Ldap::bindAdminToLdap("dummy"));
}
public function testFindAndBind()
{
$this->settings->enableLdap();
$ldap_connect = $this->getFunctionMock("App\\Models", "ldap_connect");
$ldap_connect->expects($this->once())->willReturn('hello');
$ldap_set_option = $this->getFunctionMock("App\\Models", "ldap_set_option");
$ldap_set_option->expects($this->exactly(3));
$this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(true);
$this->getFunctionMock("App\\Models", "ldap_search")->expects($this->once())->willReturn(true);
$this->getFunctionMock("App\\Models", "ldap_first_entry")->expects($this->once())->willReturn(true);
$this->getFunctionMock("App\\Models", "ldap_get_attributes")->expects($this->once())->willReturn(
[
"count" => 1,
0 => [
'sn' => 'Surname',
'firstName' => 'FirstName'
]
]
);
$results = Ldap::findAndBindUserLdap("username","password");
$this->assertEqualsCanonicalizing(["count" =>1,0 =>['sn' => 'Surname','firstname' => 'FirstName']],$results);
}
} }