3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 4;
23 use t::lib::TestBuilder;
33 my $database = Koha::Database->new();
34 my $schema = $database->schema();
35 $schema->storage->txn_begin();
37 my $builder = t::lib::TestBuilder->new();
39 # Variables controlling LDAP server config
43 my $anonymous_bind = 1;
45 # Variables controlling LDAP behaviour
46 my $desired_authentication_result = 'success';
47 my $desired_connection_result = 'error';
48 my $desired_bind_result = 'error';
49 my $desired_compare_result = 'error';
50 my $desired_search_result = 'error';
51 my $desired_count_result = 1;
52 my $non_anonymous_bind_result = 'error';
55 # Mock the context module
56 my $context = Test::MockModule->new('C4::Context');
57 $context->mock( 'config', \&mockedC4Config );
59 # Mock the Net::LDAP module
60 my $net_ldap = Test::MockModule->new('Net::LDAP');
65 if ( $desired_connection_result eq 'error' ) {
67 # We were asked to fail the LDAP conexion
71 # Return a mocked Net::LDAP object (Test::MockObject)
72 return mock_net_ldap();
77 my $categorycode = $builder->build( { source => 'Category' } )->{categorycode};
78 my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode};
79 my $attr_type = $builder->build(
81 source => 'BorrowerAttributeType',
83 category_code => $categorycode
87 my $attr_type2 = $builder->build(
89 source => 'BorrowerAttributeType',
91 category_code => $categorycode
96 my $borrower = $builder->build(
101 branchcode => $branchcode,
102 categorycode => $categorycode
109 source => 'BorrowerAttribute',
111 borrowernumber => $borrower->{borrowernumber},
112 code => $attr_type->{code},
118 # C4::Auth_with_ldap needs several stuff set first ^^^
119 use_ok('C4::Auth_with_ldap');
121 'C4::Auth_with_ldap', qw/
126 subtest 'checkpw_ldap tests' => sub {
130 my $dbh = C4::Context->dbh;
131 ## Connection fail tests
132 $desired_connection_result = 'error';
135 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
137 'LDAP connexion failed',
138 'checkpw_ldap prints correct warning if LDAP conexion fails';
139 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
141 ## Connection success tests
142 $desired_connection_result = 'success';
144 subtest 'auth_by_bind = 1 tests' => sub {
150 $desired_authentication_result = 'success';
152 $desired_bind_result = 'error';
153 $desired_search_result = 'error';
154 reload_ldap_module();
157 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
160 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
161 'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
162 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
164 $desired_authentication_result = 'success';
166 $desired_bind_result = 'success';
167 $desired_search_result = 'success';
168 $desired_count_result = 1;
169 $non_anonymous_bind_result = 'success';
171 reload_ldap_module();
173 my $auth = Test::MockModule->new('C4::Auth_with_ldap');
177 return $borrower->{cardnumber};
184 $attr_type2->{code}, 'BAR'
189 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
192 C4::Members::Attributes::GetBorrowerAttributes(
193 $borrower->{borrowernumber}
196 'Extended attributes are not deleted'
199 is( C4::Members::Attributes::GetBorrowerAttributeValue($borrower->{borrowernumber}, $attr_type2->{code}), 'BAR', 'Mapped attribute is BAR' );
200 $auth->unmock('update_local');
201 $auth->unmock('ldap_entry_2_hash');
204 $desired_count_result = 0; # user auth problem
205 Koha::Patrons->find( $borrower->{borrowernumber} )->delete;
206 reload_ldap_module();
208 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' ),
210 'checkpw_ldap returns 0 if user lookup returns 0'
213 $non_anonymous_bind_result = 'error';
214 reload_ldap_module();
217 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
220 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
221 'checkpw_ldap prints correct warning if LDAP bind fails';
223 'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
225 # regression tests for bug 12831
226 $desired_authentication_result = 'error';
228 $desired_bind_result = 'error';
229 $desired_search_result = 'success';
230 $desired_count_result = 0; # user auth problem
231 $non_anonymous_bind_result = 'error';
232 reload_ldap_module();
235 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
238 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
239 'checkpw_ldap prints correct warning if LDAP bind fails';
241 'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
245 subtest 'auth_by_bind = 0 tests' => sub {
253 $desired_bind_result = 'error';
254 $non_anonymous_bind_result = 'error';
255 reload_ldap_module();
258 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
261 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
262 'checkpw_ldap prints correct warning if LDAP bind fails';
263 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
266 $desired_bind_result = 'success';
267 $non_anonymous_bind_result = 'success';
268 $desired_compare_result = 'error';
269 reload_ldap_module();
272 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
275 qr/LDAP Auth rejected : invalid password for user 'hola'. LDAP error #1: error_name/,
276 'checkpw_ldap prints correct warning if LDAP bind fails';
277 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
281 $desired_bind_result = 'success';
282 $non_anonymous_bind_result = 'error';
283 $desired_compare_result = 'dont care';
284 reload_ldap_module();
287 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
290 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
291 'checkpw_ldap prints correct warning if LDAP bind fails';
292 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
295 $desired_bind_result = 'success';
296 $non_anonymous_bind_result = 'success';
297 $desired_compare_result = 'error';
298 reload_ldap_module();
301 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
304 qr/LDAP Auth rejected : invalid password for user 'hola'. LDAP error #1: error_name/,
305 'checkpw_ldap prints correct warning if LDAP bind fails';
306 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
311 subtest 'search_method tests' => sub {
315 my $ldap = mock_net_ldap();
318 is( C4::Auth_with_ldap::search_method( $ldap, undef ),
319 undef, 'search_method returns undef on undefined userid' );
320 is( C4::Auth_with_ldap::search_method( undef, 'undef' ),
321 undef, 'search_method returns undef on undefined ldap object' );
323 # search ->code and !->code
324 $desired_search_result = 'error';
325 reload_ldap_module();
327 eval { $ret = C4::Auth_with_ldap::search_method( $ldap, 'undef' ); };
330 qr/LDAP search failed to return object : 1/,
331 'search_method prints correct warning when db->search returns error code'
334 $desired_search_result = 'success';
335 $desired_count_result = 2;
336 reload_ldap_module();
337 warning_like { $ret = C4::Auth_with_ldap::search_method( $ldap, '123' ) }
338 qr/^LDAP Auth rejected \: \(uid\=123\) gets 2 hits/,
339 'search_method prints correct warning when hits count is not 1';
340 is( $ret, 0, 'search_method returns 0 when hits count is not 1' );
344 # Function that mocks the call to C4::Context->config(param)
349 if ( $param eq 'useshibboleth' ) {
352 if ( $param eq 'ldapserver' ) {
354 firstname => { is => 'givenname' },
355 surname => { is => 'sn' },
356 address => { is => 'postaladdress' },
357 city => { is => 'l' },
358 zipcode => { is => 'postalcode' },
359 branchcode => { is => 'branch' },
360 userid => { is => 'uid' },
361 password => { is => 'userpassword' },
362 email => { is => 'mail' },
363 categorycode => { is => 'employeetype' },
364 phone => { is => 'telephonenumber' },
368 anonymous_bind => $anonymous_bind,
369 auth_by_bind => $auth_by_bind,
370 base => 'dc=metavore,dc=com',
371 hostname => 'localhost',
372 mapping => \%ldap_mapping,
374 principal_name => '%s@my_domain.com',
375 replicate => $replicate,
377 user => 'cn=Manager,dc=metavore,dc=com',
379 return \%ldap_config;
381 if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
384 if ( ref $class eq 'HASH' ) {
385 return $class->{$param};
390 # Function that mocks the call to Net::LDAP
393 my $mocked_ldap = Test::MockObject->new();
404 # Args passed => non-anonymous bind
405 if ( $non_anonymous_bind_result eq 'error' ) {
406 return mock_net_ldap_message( 1, 1, 'error_name',
410 return mock_net_ldap_message( 0, 0, q{}, q{} );
414 $mocked_message = mock_net_ldap_message(
415 ( $desired_bind_result eq 'error' ) ? 1 : 0, # code
416 ( $desired_bind_result eq 'error' ) ? 1 : 0, # error
417 ( $desired_bind_result eq 'error' )
420 ( $desired_bind_result eq 'error' )
426 return $mocked_message;
436 if ( $desired_compare_result eq 'error' ) {
438 mock_net_ldap_message( 1, 1, 'error_name', 'error_text' );
441 # we expect return code 6 for success
442 $mocked_message = mock_net_ldap_message( 6, 0, q{}, q{} );
445 return $mocked_message;
453 return mock_net_ldap_search(
455 count => ($desired_count_result)
456 ? $desired_count_result
458 code => ( $desired_search_result eq 'error' )
461 error => ( $desired_search_result eq 'error' ) ? 1
463 error_text => ( $desired_search_result eq 'error' )
466 error_name => ( $desired_search_result eq 'error' )
469 shift_entry => mock_net_ldap_entry( 'sampledn', 1 )
479 sub mock_net_ldap_search {
480 my ($parameters) = @_;
482 my $count = $parameters->{count};
483 my $code = $parameters->{code};
484 my $error = $parameters->{error};
485 my $error_text = $parameters->{error_text};
486 my $error_name = $parameters->{error_name};
487 my $shift_entry = $parameters->{shift_entry};
489 my $mocked_search = Test::MockObject->new();
490 $mocked_search->mock( 'count', sub { return $count; } );
491 $mocked_search->mock( 'code', sub { return $code; } );
492 $mocked_search->mock( 'error', sub { return $error; } );
493 $mocked_search->mock( 'error_name', sub { return $error_name; } );
494 $mocked_search->mock( 'error_text', sub { return $error_text; } );
495 $mocked_search->mock( 'shift_entry', sub { return $shift_entry; } );
497 return $mocked_search;
500 sub mock_net_ldap_message {
501 my ( $code, $error, $error_name, $error_text ) = @_;
503 my $mocked_message = Test::MockObject->new();
504 $mocked_message->mock( 'code', sub { $code } );
505 $mocked_message->mock( 'error', sub { $error } );
506 $mocked_message->mock( 'error_name', sub { $error_name } );
507 $mocked_message->mock( 'error_text', sub { $error_text } );
509 return $mocked_message;
512 sub mock_net_ldap_entry {
513 my ( $dn, $exists ) = @_;
515 my $mocked_entry = Test::MockObject->new();
516 $mocked_entry->mock( 'dn', sub { return $dn; } );
517 $mocked_entry->mock( 'exists', sub { return $exists } );
519 return $mocked_entry;
522 # TODO: Once we remove the global variables in C4::Auth_with_ldap
523 # we shouldn't need this...
525 sub reload_ldap_module {
526 delete $INC{'C4/Auth_with_ldap.pm'};
527 require C4::Auth_with_ldap;
528 C4::Auth_with_ldap->import;
532 $schema->storage->txn_rollback();