PR: create unit tests for existing functions (#8)

.github/workflows/unittests.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on: [push]
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install dependencies
+      uses: php-actions/composer@v6
+      with:
+        php_version: 8.3
+        command: update
+        php_extensions: ldap xdebug
+    - name: PHPUnit Tests for php8.3
+      uses: php-actions/phpunit@v3
+      env:
+        XDEBUG_MODE: coverage
+      with:
+        configuration: phpunit.xml
+        version: latest
+        php_version: 8.3
+        php_extensions: ldap xdebug
+        args: --coverage-text
+

README.md

@@ -51,3 +51,51 @@ if (!$result) {
     exit 1;
 }
 ```
+
+## Tests
+
+
+### Unit tests
+
+Get composer dependencies:
+
+```
+composer update
+```
+
+Run the tests:
+
+```
+vendor/bin/phpunit tests/Ltb
+```
+
+If you want coverage analysis, make sure to install `xdebug` PHP extension, and run:
+
+```
+XDEBUG_MODE=coverage vendor/bin/phpunit --coverage-text --configuration phpunit.xml
+```
+
+
+### Integration tests
+
+Make sure you have docker or podman installed
+
+Get composer dependencies:
+
+```
+composer update
+```
+
+Run the tests (requires an internet connection for donwloading the openldap docker image):
+
+```
+./runIntegrationTests.sh
+```
+
+If you already have an openldap server, you can also adapt the tests in tests/ directory, and run them with:
+
+```
+vendor/bin/phpunit tests/IntegrationTests
+```
+
+

composer.json

@@ -12,5 +12,9 @@
         "php": ">=7.4",
         "ext-ldap": ">=7.4",
         "phpmailer/phpmailer": "^6.5.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "*",
+        "mockery/mockery": "*"
     }
 }

phpunit.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" colors="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/11.0/phpunit.xsd">
+  <testsuites>
+    <testsuite name="main">
+      <directory suffix="Test.php">tests/Ltb</directory>
+    </testsuite>
+  </testsuites>
+  <logging/>
+  <source>
+    <include>
+      <directory suffix=".php">src</directory>
+    </include>
+  </source>
+</phpunit>

run/ENVVAR.example

@@ -0,0 +1,23 @@
+ACCCONFIGROOTPW=secret
+ACCDATAROOTPW=secret
+ADMIN_LDAP_PASSWORD=secret
+CUSTOMERID=acme
+FUSIONDIRECTORY_LDAP_PASSWORD=secret
+FUSIONDIRECTORY_LDAP_USERNAME=fd
+LSC_LDAP_PASSWORD=secret
+LSC_LDAP_USERNAME=lsc
+LDAP_PROTO=ldap
+LDAP_HOST=ltb-directory-server
+LDAP_PORT=33389
+LDAP_SUFFIX=dc=fusioniam,dc=org
+LEMONLDAP2_LDAP_PASSWORD=secret
+LEMONLDAP2_LDAP_USERNAME=lemonldapng
+SERVICEDESK_LDAP_PASSWORD=secret
+SERVICEDESK_LDAP_USERNAME=sd
+WHITEPAGES_LDAP_PASSWORD=secret
+WHITEPAGES_LDAP_USERNAME=wp
+LDAP_TLS=
+LDAP_CERTIFICATE_FILE=/usr/local/openldap/etc/openldap/tls/cert.pem
+LDAP_CERTIFICATE_KEY=/usr/local/openldap/etc/openldap/tls/key.pem
+LDAP_TLS_PROTOCOL_MIN=3.4
+LDAP_TLS_CIPHER_SUITE=HIGH

runIntegrationTests.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Which container to choose: podman by default, else docker
+CTN="docker"
+PWD=$( pwd )
+
+
+ID=$( id -u )
+# fusioniam default user id in container
+MYUID=1000
+# fusioniam default group id in container
+MYGID=1000
+# uidmap format: rootless user: container_uid:intermediate_uid:amount
+#                rootful user: container_uid:host_uid:amount
+# rootless user:
+# map podman user uid (0) to fusioniam container uid (1000) + map lowest user uid in /etc/subuid (1) to root container uid (0)
+# rootful user:
+# map root (0) to fusioniam container uid (1000) + map user uid 100000 to root container uid (0)
+UIDMAP=$( [ "$CTN" = "podman" ] && if [ $(ID) -eq 0 ]; then echo "--uidmap $MYUID:0:1 --uidmap 0:100000:1"; else echo "--uidmap $MYUID:0:1 --uidmap 0:1:1"; fi || echo "" )
+GIDMAP=$( [ "$CTN" = "podman" ] && if [ $(ID) -eq 0 ]; then echo "--gidmap $MYGID:0:1 --gidmap 0:100000:1"; else echo "--gidmap $MYGID:0:1 --gidmap 0:1:1"; fi || echo "" )
+
+
+
+# Get OpenLDAP-LTB docker image before running tests
+$CTN pull gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-openldap-ltb:snapshot
+
+# run docker image
+mkdir -p run/volumes/ldap-data run/volumes/ldap-config
+$CTN run \
+        --env-file=./run/ENVVAR.example \
+        -v $PWD/run/volumes/ldap-data:/usr/local/openldap/var/openldap-data \
+        -v $PWD/run/volumes/ldap-config:/usr/local/openldap/etc/openldap/slapd.d \
+        -v $PWD/run/volumes/ldap-tls:/usr/local/openldap/etc/openldap/tls \
+        --rm=true \
+        --network-alias=ltb-directory-server \
+        -p 127.0.0.1:33389:33389 \
+        --name=ltb-directory-server \
+        --detach=true \
+        $UIDMAP \
+        $GIDMAP \
+        gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-openldap-ltb:snapshot
+
+# Check when started
+while ! $CTN logs ltb-directory-server 2>&1 | grep -q "slapd starting";
+do
+    # Wait for docker container to be up and running
+    echo "slapd starting, please wait"
+    sleep 1
+done
+
+
+# Run tests
+echo "Starting tests"
+vendor/bin/phpunit tests/IntegrationTests
+
+# Stop and remove openldap container and volumes
+$CTN stop ltb-directory-server
+rm -rf run/volumes
+

src/Ltb/AttributeValue.php

@@ -41,11 +41,11 @@ public function __construct($attribute, $value) {
     public static function ldap_get_first_available_value($ldap, $entry, $attributes)
     {
         # loop on attributes, stop on first found
-        $entry_attributes = ldap_get_attributes($ldap, $entry);
+        $entry_attributes = \Ltb\PhpLDAP::ldap_get_attributes($ldap, $entry);
         for ($i = 0; $i < sizeof($attributes); $i++) {
             $attribute = $attributes[$i];
             if ( in_array($attribute, $entry_attributes) ) {
-                $values = ldap_get_values($ldap, $entry, $attribute);
+                $values = \Ltb\PhpLDAP::ldap_get_values($ldap, $entry, $attribute);
                 if ( $values && ( $values['count'] > 0 ) ) {
                     return new \Ltb\AttributeValue($attribute,$values[0]);
                 }

src/Ltb/Ldap.php

@@ -8,32 +8,32 @@ final class Ldap {
     static function connect($ldap_url, $ldap_starttls, $ldap_binddn, $ldap_bindpw, $ldap_network_timeout, $ldap_krb5ccname) {
 
         # Connect to LDAP
-        $ldap = \ldap_connect($ldap_url);
-        \ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
-        \ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+        $ldap = \Ltb\PhpLDAP::ldap_connect($ldap_url);
+        \Ltb\PhpLDAP::ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+        \Ltb\PhpLDAP::ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
         if ( isset($ldap_network_timeout) ) {
-            ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, $ldap_network_timeout);
+            \Ltb\PhpLDAP::ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, $ldap_network_timeout);
         }
 
-        if ( $ldap_starttls && !ldap_start_tls($ldap) ) {
+        if ( $ldap_starttls && !\Ltb\PhpLDAP::ldap_start_tls($ldap) ) {
             error_log("LDAP - Unable to use StartTLS");
             return array(false, "ldaperror");
         }
 
         # Bind
         if ( isset($ldap_binddn) && isset($ldap_bindpw) ) {
-            $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
+            $bind = \Ltb\PhpLDAP::ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
         } elseif ( isset($ldap_krb5ccname) ) {
             putenv("KRB5CCNAME=".$ldap_krb5ccname);
-            $bind = ldap_sasl_bind($ldap, NULL, NULL, 'GSSAPI') or error_log('LDAP - GSSAPI Bind failed');
+            $bind = \Ltb\PhpLDAP::ldap_sasl_bind($ldap, NULL, NULL, 'GSSAPI') or error_log('LDAP - GSSAPI Bind failed');
         } else {
-            $bind = ldap_bind($ldap);
+            $bind = \Ltb\PhpLDAP::ldap_bind($ldap);
         }
 
         if ( !$bind ) {
-            $errno = ldap_errno($ldap);
+            $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
             if ( $errno ) {
-                error_log("LDAP - Bind error $errno  (".ldap_error($ldap).")");
+                error_log("LDAP - Bind error $errno  (".\Ltb\PhpLDAP::ldap_error($ldap).")");
             } else {
                 error_log("LDAP - Bind error");
             }
@@ -50,14 +50,14 @@ static function get_list($ldap, $ldap_base, $ldap_filter, $key, $value) {
         if ($ldap) {
 
             # Search entry
-            $search = ldap_search($ldap, $ldap_base, $ldap_filter, array($key, $value) );
+            $search = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_base, $ldap_filter, array($key, $value) );
 
-            $errno = ldap_errno($ldap);
+            $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
 
             if ( $errno ) {
-                error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+                error_log("LDAP - Search error $errno  (".\Ltb\PhpLDAP::ldap_error($ldap).")");
             } else {
-                $entries = ldap_get_entries($ldap, $search);
+                $entries = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
                 for ($i=0; $i<$entries["count"]; $i++) {
                     if(isset($entries[$i][$key][0])) {
                         $return[$entries[$i][$key][0]] = isset($entries[$i][$value][0]) ? $entries[$i][$value][0] : $entries[$i][$key][0];
@@ -105,28 +105,28 @@ static function sorted_search($ldap, $ldap_base, $ldap_filter, $attributes, $sor
         if (isset($sortby) and $sortby)
         {
             $check_attribute='supportedControl';
-            $check = ldap_read($ldap, '', '(objectClass=*)', [$check_attribute]);
-            $entries=ldap_get_entries($ldap, $check);
+            $check = \Ltb\PhpLDAP::ldap_read($ldap, '', '(objectClass=*)', [$check_attribute]);
+            $entries = \Ltb\PhpLDAP::ldap_get_entries($ldap, $check);
             if (in_array(LDAP_CONTROL_SORTREQUEST, $entries[0]['supportedcontrol'],true)) {
                 # server side sort
                 $controls=[['oid' => LDAP_CONTROL_SORTREQUEST, 'value' => [['attr'=>$sortby]]]];
                 # if $sortby is not in $attributes ? what to do ?
-                $ldap_result = ldap_search($ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit, -1, LDAP_DEREF_NEVER, $controls );
-                $errno = ldap_errno($ldap);
+                $ldap_result = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit, -1, LDAP_DEREF_NEVER, $controls );
+                $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
                 if ( $errno === 0 )
                 {
-                    $entries=ldap_get_entries($ldap, $ldap_result);
+                    $entries=\Ltb\PhpLDAP::ldap_get_entries($ldap, $ldap_result);
                 }
             }
         }
 
         if (!isset($errno))
         {
-            $ldap_result = ldap_search($ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit);
-            $errno = ldap_errno($ldap);
+            $ldap_result = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit);
+            $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
             if ( $errno === 0 )
             {
-                $entries=ldap_get_entries($ldap, $ldap_result);
+                $entries=\Ltb\PhpLDAP::ldap_get_entries($ldap, $ldap_result);
                 Ldap::ldapSort($entries,$sortby);
             }
             else {

src/Ltb/LtbUtil.php

@@ -18,7 +18,7 @@ static function search($ldap_filter,$attributes)
         $size_limit_reached = false;
 
         # Connect to LDAP
-        $ldap_connection = \Ltb\Ldap::connect($ldap_url, $ldap_starttls, $ldap_binddn, $ldap_bindpw, $ldap_network_timeout);
+        $ldap_connection = \Ltb\Ldap::connect($ldap_url, $ldap_starttls, $ldap_binddn, $ldap_bindpw, $ldap_network_timeout, null);
 
         $ldap = $ldap_connection[0];
         $result = $ldap_connection[1];
@@ -32,25 +32,25 @@ static function search($ldap_filter,$attributes)
             $attributes[] = $attributes_map[$search_result_sortby]['attribute'];
 
             # Search for users
-            $search = ldap_search($ldap, $ldap_user_base, $ldap_filter, $attributes, 0, $ldap_size_limit);
+            $search = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_user_base, $ldap_filter, $attributes, 0, $ldap_size_limit);
 
-            $errno = ldap_errno($ldap);
+            $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
 
             if ( $errno == 4) {
                 $size_limit_reached = true;
             }
             if ( $errno != 0 and $errno !=4 ) {
                 $result = "ldaperror";
-                error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+                error_log("LDAP - Search error $errno  (".\Ltb\PhpLDAP::ldap_error($ldap).")");
             } else {
 
                 # Get search results
-                $nb_entries = ldap_count_entries($ldap, $search);
+                $nb_entries = \Ltb\PhpLDAP::ldap_count_entries($ldap, $search);
 
                 if ($nb_entries === 0) {
                     $result = "noentriesfound";
                 } else {
-                    $entries = ldap_get_entries($ldap, $search);
+                    $entries = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
 
                     # Sort entries
                     if (isset($search_result_sortby)) {