3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test
::More tests
=> 4;
24 use t
::lib
::TestBuilder
;
34 my $schema = Koha
::Database
->new->schema;
35 $schema->storage->txn_begin();
37 my $builder = t
::lib
::TestBuilder
->new();
39 # Variables controlling LDAP server config
43 my $anonymous_bind = 1;
44 my $user = 'cn=Manager,dc=metavore,dc=com';
45 my $pass = 'metavore';
47 # Variables controlling LDAP behaviour
48 my $desired_authentication_result = 'success';
49 my $desired_connection_result = 'error';
50 my $desired_admin_bind_result = 'error';
51 my $desired_search_result = 'error';
52 my $desired_count_result = 1;
53 my $desired_bind_result = 'error';
54 my $remaining_entry = 1;
57 # Mock the context module
58 my $context = Test
::MockModule
->new('C4::Context');
59 $context->mock( 'config', \
&mockedC4Config
);
61 # Mock the Net::LDAP module
62 my $net_ldap = Test
::MockModule
->new('Net::LDAP');
67 if ( $desired_connection_result eq 'error' ) {
69 # We were asked to fail the LDAP conexion
73 # Return a mocked Net::LDAP object (Test::MockObject)
74 return mock_net_ldap
();
79 my $categorycode = $builder->build( { source
=> 'Category' } )->{categorycode
};
80 my $branchcode = $builder->build( { source
=> 'Branch' } )->{branchcode
};
81 my $attr_type = $builder->build(
83 source
=> 'BorrowerAttributeType',
85 category_code
=> $categorycode
89 my $attr_type2 = $builder->build(
91 source
=> 'BorrowerAttributeType',
93 category_code
=> $categorycode
98 my $borrower = $builder->build(
100 source
=> 'Borrower',
103 branchcode
=> $branchcode,
104 categorycode
=> $categorycode
111 source
=> 'BorrowerAttribute',
113 borrowernumber
=> $borrower->{borrowernumber
},
114 code
=> $attr_type->{code
},
120 # C4::Auth_with_ldap needs several stuff set first ^^^
121 use_ok
('C4::Auth_with_ldap');
123 'C4::Auth_with_ldap', qw
/
128 subtest
'checkpw_ldap tests' => sub {
132 my $dbh = C4
::Context
->dbh;
133 ## Connection fail tests
134 $desired_connection_result = 'error';
137 C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola', password
=> 'hey' );
139 'LDAP connexion failed',
140 'checkpw_ldap prints correct warning if LDAP conexion fails';
141 is
( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
143 ## Connection success tests
144 $desired_connection_result = 'success';
146 subtest
'auth_by_bind = 1 tests' => sub {
152 $desired_authentication_result = 'success';
154 $desired_admin_bind_result = 'error';
155 $desired_search_result = 'error';
156 reload_ldap_module
();
159 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
162 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
163 'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
164 is
( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
169 reload_ldap_module
();
172 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
175 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
176 'checkpw_ldap prints correct warning if LDAP bind_by_auth fails';
177 is
( $ret, 0, 'checkpw_ldap returns 0 if LDAP bind_by_auth fails' );
179 $desired_authentication_result = 'success';
181 $desired_admin_bind_result = 'success';
182 $desired_search_result = 'success';
183 $desired_count_result = 1;
184 $desired_bind_result = 'success';
186 reload_ldap_module
();
188 t
::lib
::Mocks
::mock_preference
( 'ExtendedPatronAttributes', 1 );
189 my $auth = Test
::MockModule
->new('C4::Auth_with_ldap');
193 return $borrower->{cardnumber
};
200 $attr_type2->{code
}, 'BAR'
205 C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola', password
=> 'hey' );
208 C4
::Members
::Attributes
::GetBorrowerAttributes
(
209 $borrower->{borrowernumber
}
212 'Extended attributes are not deleted'
215 is
( C4
::Members
::Attributes
::GetBorrowerAttributeValue
($borrower->{borrowernumber
}, $attr_type2->{code
}), 'BAR', 'Mapped attribute is BAR' );
216 $auth->unmock('update_local');
217 $auth->unmock('ldap_entry_2_hash');
220 $desired_count_result = 0; # user auth problem
221 Koha
::Patrons
->find( $borrower->{borrowernumber
} )->delete;
222 reload_ldap_module
();
224 C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola', password
=> 'hey' ),
226 'checkpw_ldap returns 0 if user lookup returns 0'
229 $desired_bind_result = 'error';
230 reload_ldap_module
();
233 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
236 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
237 'checkpw_ldap prints correct warning if LDAP bind fails';
239 'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
241 # regression tests for bug 12831
242 $desired_authentication_result = 'error';
244 $desired_admin_bind_result = 'error';
245 $desired_search_result = 'success';
246 $desired_count_result = 0; # user auth problem
247 $desired_bind_result = 'error';
248 reload_ldap_module
();
251 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
254 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
255 'checkpw_ldap prints correct warning if LDAP bind fails';
257 'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
261 subtest
'auth_by_bind = 0 tests' => sub {
269 $user = 'cn=Manager,dc=metavore,dc=com';
271 $desired_admin_bind_result = 'error';
272 $desired_bind_result = 'error';
273 reload_ldap_module
();
276 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
279 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
280 'checkpw_ldap prints correct warning if LDAP bind fails';
281 is
( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
284 $desired_admin_bind_result = 'success';
285 $desired_bind_result = 'error';
286 $desired_search_result = 'success';
287 $desired_count_result = 1;
288 reload_ldap_module
();
291 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
294 qr/LDAP Auth rejected : invalid password for user 'hola'./,
295 'checkpw_ldap prints correct warning if LDAP bind fails';
296 is
( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
300 $desired_admin_bind_result = 'error';
301 $desired_bind_result = 'error';
302 reload_ldap_module
();
305 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
308 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
309 'checkpw_ldap prints correct warning if LDAP bind fails';
310 is
( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
313 $desired_admin_bind_result = 'success';
314 $desired_bind_result = 'error';
315 reload_ldap_module
();
318 $ret = C4
::Auth_with_ldap
::checkpw_ldap
( $dbh, 'hola',
321 qr/LDAP Auth rejected : invalid password for user 'hola'./,
322 'checkpw_ldap prints correct warning if LDAP bind fails';
323 is
( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
328 subtest
'search_method tests' => sub {
332 my $ldap = mock_net_ldap
();
335 is
( C4
::Auth_with_ldap
::search_method
( $ldap, undef ),
336 undef, 'search_method returns undef on undefined userid' );
337 is
( C4
::Auth_with_ldap
::search_method
( undef, 'undef' ),
338 undef, 'search_method returns undef on undefined ldap object' );
340 # search ->code and !->code
341 $desired_search_result = 'error';
342 reload_ldap_module
();
344 eval { $ret = C4
::Auth_with_ldap
::search_method
( $ldap, 'undef' ); };
347 qr/LDAP search failed to return object : 1/,
348 'search_method prints correct warning when db->search returns error code'
352 # Function that mocks the call to C4::Context->config(param)
357 if ( $param eq 'useshibboleth' ) {
360 if ( $param eq 'ldapserver' ) {
362 firstname
=> { is
=> 'givenname' },
363 surname
=> { is
=> 'sn' },
364 address
=> { is
=> 'postaladdress' },
365 city
=> { is
=> 'l' },
366 zipcode
=> { is
=> 'postalcode' },
367 branchcode
=> { is
=> 'branch' },
368 userid
=> { is
=> 'uid' },
369 password
=> { is
=> 'userpassword' },
370 email
=> { is
=> 'mail' },
371 categorycode
=> { is
=> 'employeetype' },
372 phone
=> { is
=> 'telephonenumber' },
376 anonymous_bind
=> $anonymous_bind,
377 auth_by_bind
=> $auth_by_bind,
378 base
=> 'dc=metavore,dc=com',
379 hostname
=> 'localhost',
380 mapping
=> \
%ldap_mapping,
382 principal_name
=> '%s@my_domain.com',
383 replicate
=> $replicate,
387 return \
%ldap_config;
389 if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
392 if ( ref $class eq 'HASH' ) {
393 return $class->{$param};
398 # Function that mocks the call to Net::LDAP
401 my $mocked_ldap = Test
::MockObject
->new();
403 $mocked_ldap->mock( 'bind', sub {
404 if (is_admin_bind
(@_)) {
405 return mock_net_ldap_message
(
406 ($desired_admin_bind_result eq 'error' ) ?
1 : 0, # code
407 ($desired_admin_bind_result eq 'error' ) ?
1 : 0, # error
408 ($desired_admin_bind_result eq 'error' ) ?
'error_name' : 0, # error_name
409 ($desired_admin_bind_result eq 'error' ) ?
'error_text' : 0 # error_text
413 if ( $desired_bind_result eq 'error' ) {
414 return mock_net_ldap_message
(1,1,'error_name','error_text');
416 return mock_net_ldap_message
(0,0,'','');
424 $remaining_entry = 1;
426 return mock_net_ldap_search
(
428 count
=> ($desired_count_result)
429 ?
$desired_count_result
431 code
=> ( $desired_search_result eq 'error' )
434 error
=> ( $desired_search_result eq 'error' ) ?
1
436 error_text
=> ( $desired_search_result eq 'error' )
439 error_name
=> ( $desired_search_result eq 'error' )
442 shift_entry
=> mock_net_ldap_entry
( 'sampledn', 1 )
452 sub mock_net_ldap_search
{
453 my ($parameters) = @_;
455 my $count = $parameters->{count
};
456 my $code = $parameters->{code
};
457 my $error = $parameters->{error
};
458 my $error_text = $parameters->{error_text
};
459 my $error_name = $parameters->{error_name
};
460 my $shift_entry = $parameters->{shift_entry
};
462 my $mocked_search = Test
::MockObject
->new();
463 $mocked_search->mock( 'count', sub { return $count; } );
464 $mocked_search->mock( 'code', sub { return $code; } );
465 $mocked_search->mock( 'error', sub { return $error; } );
466 $mocked_search->mock( 'error_name', sub { return $error_name; } );
467 $mocked_search->mock( 'error_text', sub { return $error_text; } );
468 $mocked_search->mock( 'shift_entry', sub {
469 if ($remaining_entry) {
476 return $mocked_search;
479 sub mock_net_ldap_message
{
480 my ( $code, $error, $error_name, $error_text ) = @_;
482 my $mocked_message = Test
::MockObject
->new();
483 $mocked_message->mock( 'code', sub { $code } );
484 $mocked_message->mock( 'error', sub { $error } );
485 $mocked_message->mock( 'error_name', sub { $error_name } );
486 $mocked_message->mock( 'error_text', sub { $error_text } );
488 return $mocked_message;
491 sub mock_net_ldap_entry
{
492 my ( $dn, $exists ) = @_;
494 my $mocked_entry = Test
::MockObject
->new();
495 $mocked_entry->mock( 'dn', sub { return $dn; } );
496 $mocked_entry->mock( 'exists', sub { return $exists } );
498 return $mocked_entry;
501 # TODO: Once we remove the global variables in C4::Auth_with_ldap
502 # we shouldn't need this...
504 sub reload_ldap_module
{
505 delete $INC{'C4/Auth_with_ldap.pm'};
506 require C4
::Auth_with_ldap
;
507 C4
::Auth_with_ldap
->import;
514 if ($#args <= 1 || $args[1] eq 'cn=Manager,dc=metavore,dc=com') {
521 $schema->storage->txn_rollback();