From af8bc6194f964d153dae262f26a026605cae6c15 Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Fri, 25 Oct 2024 11:18:13 +0200 Subject: [PATCH] adding unit tests for openldap account disable functions (#44) --- src/Ltb/Directory/OpenLDAP.php | 9 +- tests/Ltb/DirectoryTest.php | 209 ++++++++++++++++++++++++++++++++- 2 files changed, 209 insertions(+), 9 deletions(-) diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php index ae5f64d..b8f6fb4 100644 --- a/src/Ltb/Directory/OpenLDAP.php +++ b/src/Ltb/Directory/OpenLDAP.php @@ -226,14 +226,13 @@ public function enableAccount($ldap, $dn) : bool { $update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $attrsToDelete); $errno = \Ltb\PhpLDAP::ldap_errno($ldap); - + if ($errno) { error_log("LDAP - Enabling account error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")"); return false; } else { return true; } - return false; } public function disableAccount($ldap, $dn) : bool { @@ -245,15 +244,13 @@ public function disableAccount($ldap, $dn) : bool { $update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $attrs); $errno = \Ltb\PhpLDAP::ldap_errno($ldap); - + if ($errno) { error_log("LDAP - Disabling account error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")"); return false; } else { return true; } - return false; - } public function isAccountEnabled($ldap, $dn) : bool { @@ -263,7 +260,7 @@ public function isAccountEnabled($ldap, $dn) : bool { $errno = \Ltb\PhpLDAP::ldap_errno($ldap); if ( $errno ) { - error_log("LDAP - Search error $errno (".ldap_error($ldap).")"); + error_log("LDAP - Search error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")"); return false; } else { $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search); diff --git a/tests/Ltb/DirectoryTest.php b/tests/Ltb/DirectoryTest.php index e4ce2f4..4620fa1 100644 --- a/tests/Ltb/DirectoryTest.php +++ b/tests/Ltb/DirectoryTest.php @@ -1,6 +1,6 @@ -assertFalse($accountEnabled, "Account should be disabled"); } + public function test_openldap_isenabled_true(): void + { + + $ldap = "ldap_connection"; + $dn = "cn=dummy,dc=my-domain,dc=com"; + $search_result = "search_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_read') + ->with($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled')) + ->andReturn($search_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(false); + + $phpLDAPMock->shouldreceive('ldap_get_entries') + ->with($ldap, $search_result) + ->andReturn([ + 'count' => 1, + 0 => [ + 'count' => 0, + 'dn' => 'uid=test,ou=people,dc=my-domain,dc=com', + ] + ]); + + $accountEnabled = (new Ltb\Directory\OpenLDAP)->isAccountEnabled($ldap, $dn); + $this->assertTrue($accountEnabled, "OpenLDAP account should be enabled"); + } + + public function test_openldap_isenabled_false(): void + { + + $ldap = "ldap_connection"; + $dn = "cn=dummy,dc=my-domain,dc=com"; + $search_result = "search_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_read') + ->with($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled')) + ->andReturn($search_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(false); + + $phpLDAPMock->shouldreceive('ldap_get_entries') + ->with($ldap, $search_result) + ->andReturn( + [ + 'count' => 1, + 0 => + [ + 'pwdaccountdisabled' => + [ + 'count' => 1, + 0 => '00000101000000Z', + ], + 0 => 'pwdaccountdisabled', + 'count' => 1, + 'dn' => 'uid=test,ou=people,dc=my-domain,dc=com', + ], + ] + ); + + $accountEnabled = (new Ltb\Directory\OpenLDAP)->isAccountEnabled($ldap, $dn); + $this->assertFalse($accountEnabled, "OpenLDAP account should be disabled"); + } + + public function test_openldap_isenabled_error(): void + { + + $ldap = "ldap_connection"; + $dn = "invaliddn"; + $search_result = "search_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_read') + ->with($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled')) + ->andReturn($search_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(34); + + $phpLDAPMock->shouldreceive('ldap_error') + ->with($ldap) + ->andReturn("Invalid DN syntax"); + + + $accountEnabled = (new Ltb\Directory\OpenLDAP)->isAccountEnabled($ldap, $dn); + $this->assertFalse($accountEnabled, "OpenLDAP account should be considered disabled while error is encountered"); + } + + public function test_openldap_enable_account_ok(): void + { + $ldap = "ldap_connection"; + $dn = "cn=dummy,dc=my-domain,dc=com"; + $update_result = "update_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_mod_replace') + ->with($ldap, $dn, [ 'pwdAccountDisabled' => [] ]) + ->andReturn($update_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(0); + + $enableAccountResult = (new Ltb\Directory\OpenLDAP)->enableAccount($ldap, $dn); + $this->assertTrue($enableAccountResult, "Error while enabling OpenLDAP account"); + } + + public function test_openldap_enable_account_ko(): void + { + $ldap = "ldap_connection"; + $dn = "cn=dummy,dc=my-domain,dc=com"; + $update_result = "update_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_mod_replace') + ->with($ldap, $dn, [ 'pwdAccountDisabled' => [] ]) + ->andReturn($update_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(50); + + $phpLDAPMock->shouldreceive('ldap_error') + ->with($ldap) + ->andReturn("Insufficient rights"); + + $enableAccountResult = (new Ltb\Directory\OpenLDAP)->enableAccount($ldap, $dn); + $this->assertFalse($enableAccountResult, "Should have encountered error while enabling OpenLDAP account"); + } + + public function test_openldap_disable_account_ok(): void + { + $ldap = "ldap_connection"; + $dn = "cn=dummy,dc=my-domain,dc=com"; + $update_result = "update_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_mod_replace') + ->with( + $ldap, + $dn, + \Mockery::on(function ($mod) { + if( preg_match('/^[0-9]{14}Z$/', $mod['pwdAccountDisabled'][0]) ) + return true; + else + return false; + }) + ) + ->andReturn($update_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(0); + + $disableAccountResult = (new Ltb\Directory\OpenLDAP)->disableAccount($ldap, $dn); + $this->assertTrue($disableAccountResult, "Error while disabling OpenLDAP account"); + } + + public function test_openldap_disable_account_ko(): void + { + $ldap = "ldap_connection"; + $dn = "cn=dummy,dc=my-domain,dc=com"; + $update_result = "update_result"; + + $phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP'); + + $phpLDAPMock->shouldreceive('ldap_mod_replace') + ->with( + $ldap, + $dn, + \Mockery::on(function ($mod) { + if( preg_match('/^[0-9]{14}Z$/', $mod['pwdAccountDisabled'][0]) ) + return true; + else + return false; + }) + ) + ->andReturn($update_result); + + $phpLDAPMock->shouldreceive('ldap_errno') + ->with($ldap) + ->andReturn(50); + + $phpLDAPMock->shouldreceive('ldap_error') + ->with($ldap) + ->andReturn("Insufficient rights"); + + $disableAccountResult = (new Ltb\Directory\OpenLDAP)->disableAccount($ldap, $dn); + $this->assertFalse($disableAccountResult, "Should have encountered error while disabling OpenLDAP account"); + } + }