Skip to content

Commit

Permalink
adding unit tests for openldap account disable functions (#44)
Browse files Browse the repository at this point in the history
  • Loading branch information
David Coutadeur committed Oct 25, 2024
1 parent 0e086bb commit af8bc61
Show file tree
Hide file tree
Showing 2 changed files with 209 additions and 9 deletions.
9 changes: 3 additions & 6 deletions src/Ltb/Directory/OpenLDAP.php
Original file line number Diff line number Diff line change
Expand Up @@ -226,14 +226,13 @@ public function enableAccount($ldap, $dn) : bool {

$update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $attrsToDelete);
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);

if ($errno) {
error_log("LDAP - Enabling account error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")");
return false;
} else {
return true;
}
return false;
}

public function disableAccount($ldap, $dn) : bool {
Expand All @@ -245,15 +244,13 @@ public function disableAccount($ldap, $dn) : bool {

$update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $attrs);
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);

if ($errno) {
error_log("LDAP - Disabling account error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")");
return false;
} else {
return true;
}
return false;

}

public function isAccountEnabled($ldap, $dn) : bool {
Expand All @@ -263,7 +260,7 @@ public function isAccountEnabled($ldap, $dn) : bool {
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);

if ( $errno ) {
error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
error_log("LDAP - Search error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")");
return false;
} else {
$entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
Expand Down
209 changes: 206 additions & 3 deletions tests/Ltb/DirectoryTest.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?php
require __DIR__ . '/../../vendor/autoload.php';
<?php

require __DIR__ . '/../../vendor/autoload.php';
use PHPUnit\Framework\TestCase;

final class DirectoryTest extends \Mockery\Adapter\Phpunit\MockeryTestCase
Expand Down Expand Up @@ -727,4 +727,207 @@ public function test_activedirectory_isenabled_false(): void
$this->assertFalse($accountEnabled, "Account should be disabled");
}

public function test_openldap_isenabled_true(): void
{

$ldap = "ldap_connection";
$dn = "cn=dummy,dc=my-domain,dc=com";
$search_result = "search_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_read')
->with($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled'))
->andReturn($search_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(false);

$phpLDAPMock->shouldreceive('ldap_get_entries')
->with($ldap, $search_result)
->andReturn([
'count' => 1,
0 => [
'count' => 0,
'dn' => 'uid=test,ou=people,dc=my-domain,dc=com',
]
]);

$accountEnabled = (new Ltb\Directory\OpenLDAP)->isAccountEnabled($ldap, $dn);
$this->assertTrue($accountEnabled, "OpenLDAP account should be enabled");
}

public function test_openldap_isenabled_false(): void
{

$ldap = "ldap_connection";
$dn = "cn=dummy,dc=my-domain,dc=com";
$search_result = "search_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_read')
->with($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled'))
->andReturn($search_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(false);

$phpLDAPMock->shouldreceive('ldap_get_entries')
->with($ldap, $search_result)
->andReturn(
[
'count' => 1,
0 =>
[
'pwdaccountdisabled' =>
[
'count' => 1,
0 => '00000101000000Z',
],
0 => 'pwdaccountdisabled',
'count' => 1,
'dn' => 'uid=test,ou=people,dc=my-domain,dc=com',
],
]
);

$accountEnabled = (new Ltb\Directory\OpenLDAP)->isAccountEnabled($ldap, $dn);
$this->assertFalse($accountEnabled, "OpenLDAP account should be disabled");
}

public function test_openldap_isenabled_error(): void
{

$ldap = "ldap_connection";
$dn = "invaliddn";
$search_result = "search_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_read')
->with($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled'))
->andReturn($search_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(34);

$phpLDAPMock->shouldreceive('ldap_error')
->with($ldap)
->andReturn("Invalid DN syntax");


$accountEnabled = (new Ltb\Directory\OpenLDAP)->isAccountEnabled($ldap, $dn);
$this->assertFalse($accountEnabled, "OpenLDAP account should be considered disabled while error is encountered");
}

public function test_openldap_enable_account_ok(): void
{
$ldap = "ldap_connection";
$dn = "cn=dummy,dc=my-domain,dc=com";
$update_result = "update_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_mod_replace')
->with($ldap, $dn, [ 'pwdAccountDisabled' => [] ])
->andReturn($update_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(0);

$enableAccountResult = (new Ltb\Directory\OpenLDAP)->enableAccount($ldap, $dn);
$this->assertTrue($enableAccountResult, "Error while enabling OpenLDAP account");
}

public function test_openldap_enable_account_ko(): void
{
$ldap = "ldap_connection";
$dn = "cn=dummy,dc=my-domain,dc=com";
$update_result = "update_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_mod_replace')
->with($ldap, $dn, [ 'pwdAccountDisabled' => [] ])
->andReturn($update_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(50);

$phpLDAPMock->shouldreceive('ldap_error')
->with($ldap)
->andReturn("Insufficient rights");

$enableAccountResult = (new Ltb\Directory\OpenLDAP)->enableAccount($ldap, $dn);
$this->assertFalse($enableAccountResult, "Should have encountered error while enabling OpenLDAP account");
}

public function test_openldap_disable_account_ok(): void
{
$ldap = "ldap_connection";
$dn = "cn=dummy,dc=my-domain,dc=com";
$update_result = "update_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_mod_replace')
->with(
$ldap,
$dn,
\Mockery::on(function ($mod) {
if( preg_match('/^[0-9]{14}Z$/', $mod['pwdAccountDisabled'][0]) )
return true;
else
return false;
})
)
->andReturn($update_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(0);

$disableAccountResult = (new Ltb\Directory\OpenLDAP)->disableAccount($ldap, $dn);
$this->assertTrue($disableAccountResult, "Error while disabling OpenLDAP account");
}

public function test_openldap_disable_account_ko(): void
{
$ldap = "ldap_connection";
$dn = "cn=dummy,dc=my-domain,dc=com";
$update_result = "update_result";

$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');

$phpLDAPMock->shouldreceive('ldap_mod_replace')
->with(
$ldap,
$dn,
\Mockery::on(function ($mod) {
if( preg_match('/^[0-9]{14}Z$/', $mod['pwdAccountDisabled'][0]) )
return true;
else
return false;
})
)
->andReturn($update_result);

$phpLDAPMock->shouldreceive('ldap_errno')
->with($ldap)
->andReturn(50);

$phpLDAPMock->shouldreceive('ldap_error')
->with($ldap)
->andReturn("Insufficient rights");

$disableAccountResult = (new Ltb\Directory\OpenLDAP)->disableAccount($ldap, $dn);
$this->assertFalse($disableAccountResult, "Should have encountered error while disabling OpenLDAP account");
}

}

0 comments on commit af8bc61

Please sign in to comment.