Add LDAP as 'recommended' requirement; flesh out LDAP tests

2025-02-21 03:15:45 -08:00 · 2023-11-30 14:00:20 +00:00 · 2023-11-30 14:00:20 +00:00 · 16da994e28
parent 2a00dc2d28
commit 16da994e28
3 changed files with 105 additions and 0 deletions
--- a/composer.json
+++ b/composer.json
@ -74,6 +74,9 @@
    "unicodeveloper/laravel-password": "^1.0",
    "watson/validating": "^6.1"
  },
+  "suggest": {
+    "ext-ldap": "*"
+  },
  "require-dev": {
    "brianium/paratest": "^6.6",
    "fakerphp/faker": "^1.16",
--- a/tests/Support/Settings.php
+++ b/tests/Support/Settings.php
@ -79,6 +79,28 @@ class Settings
        ]);
    }

+    public function enableAnonymousLdap(): Settings
+    {
+        return $this->update([
+            'ldap_enabled' => 1,
+            'ldap_server' => 'ldaps://ldap.example.com',
+//            'ldap_uname' => 'fake_username',
+            'ldap_pword' => Crypt::encrypt("fake_password"),
+            'ldap_basedn' => 'CN=Users,DC=ad,DC=example,Dc=com'
+        ]);
+    }
+
+    public function enableBadPasswordLdap(): Settings
+    {
+        return $this->update([
+            'ldap_enabled' => 1,
+            'ldap_server' => 'ldaps://ldap.example.com',
+            'ldap_uname' => 'fake_username',
+            'ldap_pword' => "badly_encrypted_password!",
+            'ldap_basedn' => 'CN=Users,DC=ad,DC=example,Dc=com'
+        ]);
+    }
+
    /**
     * @param array $attributes Attributes to modify in the application's settings.
     */
--- a/tests/Unit/LdapTest.php
+++ b/tests/Unit/LdapTest.php
@ -3,6 +3,7 @@
 namespace Tests\Unit;

 use App\Models\Ldap;
+use Exception;
 use Tests\Support\InteractsWithSettings;
 use Tests\TestCase;

@ -25,4 +26,83 @@ class LdapTest extends TestCase
        $blah = Ldap::connectToLdap();
        $this->assertEquals('hello',$blah,"LDAP_connect should return 'hello'");
    }
+
+    // other test cases - with/without client-side certs?
+    // with/without LDAP version 3?
+    // with/without ignore cert validation?
+    // test (and mock) ldap_start_tls() ?
+
+    public function testBindAdmin()
+    {
+        $this->settings->enableLdap();
+        $this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(true);
+        $this->assertNull(Ldap::bindAdminToLdap("dummy"));
+    }
+
+    public function testBindBad()
+    {
+        $this->settings->enableLdap();
+        $this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(false);
+        $this->getFunctionMock("App\\Models","ldap_error")->expects($this->once())->willReturn("exception");
+        $this->expectExceptionMessage("Could not bind to LDAP:");
+
+        $this->assertNull(Ldap::bindAdminToLdap("dummy"));
+    }
+    // other test cases - test donked password?
+
+    public function testAnonymousBind()
+    {
+        //todo - would be nice to introspect somehow to make sure the right parameters were passed?
+        $this->settings->enableAnonymousLdap();
+        $this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(true);
+        $this->assertNull(Ldap::bindAdminToLdap("dummy"));
+    }
+
+    public function testBadAnonymousBind()
+    {
+        $this->settings->enableAnonymousLdap();
+        $this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(false);
+        $this->getFunctionMock("App\\Models","ldap_error")->expects($this->once())->willReturn("exception");
+        $this->expectExceptionMessage("Could not bind to LDAP:");
+
+        $this->assertNull(Ldap::bindAdminToLdap("dummy"));
+    }
+
+    public function testBadEncryptedPassword()
+    {
+        $this->settings->enableBadPasswordLdap();
+
+        $this->expectExceptionMessage("Your app key has changed");
+        $this->assertNull(Ldap::bindAdminToLdap("dummy"));
+    }
+
+    public function testFindAndBind()
+    {
+        $this->settings->enableLdap();
+
+        $ldap_connect = $this->getFunctionMock("App\\Models", "ldap_connect");
+        $ldap_connect->expects($this->once())->willReturn('hello');
+
+        $ldap_set_option = $this->getFunctionMock("App\\Models", "ldap_set_option");
+        $ldap_set_option->expects($this->exactly(3));
+
+        $this->getFunctionMock("App\\Models", "ldap_bind")->expects($this->once())->willReturn(true);
+
+        $this->getFunctionMock("App\\Models", "ldap_search")->expects($this->once())->willReturn(true);
+
+        $this->getFunctionMock("App\\Models", "ldap_first_entry")->expects($this->once())->willReturn(true);
+
+        $this->getFunctionMock("App\\Models", "ldap_get_attributes")->expects($this->once())->willReturn(
+            [
+                "count" => 1,
+                0 => [
+                    'sn' => 'Surname',
+                    'firstName' => 'FirstName'
+                ]
+            ]
+        );
+
+        $results = Ldap::findAndBindUserLdap("username","password");
+        $this->assertEqualsCanonicalizing(["count" =>1,0 =>['sn' => 'Surname','firstname' => 'FirstName']],$results);
+    }
 }