X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/5f1ee5fb0e8f9422650b380f8bdd7299618a99fa..refs/pull/2734/head:/tests/Auth/LdapTest.php diff --git a/tests/Auth/LdapTest.php b/tests/Auth/LdapTest.php index df3fd8d21..840dfd630 100644 --- a/tests/Auth/LdapTest.php +++ b/tests/Auth/LdapTest.php @@ -4,6 +4,7 @@ use BookStack\Auth\Access\LdapService; use BookStack\Auth\Role; use BookStack\Auth\Access\Ldap; use BookStack\Auth\User; +use BookStack\Exceptions\LdapException; use Mockery\MockInterface; use Tests\BrowserKitTest; @@ -40,6 +41,14 @@ class LdapTest extends BrowserKitTest $this->mockUser = factory(User::class)->make(); } + protected function runFailedAuthLogin() + { + $this->commonLdapMocks(1, 1, 1, 1, 1); + $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1) + ->andReturn(['count' => 0]); + $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']); + } + protected function mockEscapes($times = 1) { $this->mockLdap->shouldReceive('escape')->times($times)->andReturnUsing(function($val) { @@ -550,6 +559,22 @@ class LdapTest extends BrowserKitTest ]); } + public function test_start_tls_called_if_option_set() + { + config()->set(['services.ldap.start_tls' => true]); + $this->mockLdap->shouldReceive('startTls')->once()->andReturn(true); + $this->runFailedAuthLogin(); + } + + public function test_connection_fails_if_tls_fails() + { + config()->set(['services.ldap.start_tls' => true]); + $this->mockLdap->shouldReceive('startTls')->once()->andReturn(false); + $this->commonLdapMocks(1, 1, 0, 0, 0); + $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']); + $this->assertResponseStatus(500); + } + public function test_ldap_attributes_can_be_binary_decoded_if_marked() { config()->set(['services.ldap.id_attribute' => 'BIN;uid']); @@ -594,16 +619,53 @@ class LdapTest extends BrowserKitTest $this->see('A user with the email tester@example.com already exists but with different credentials'); } + public function test_login_with_email_confirmation_required_maps_groups_but_shows_confirmation_screen() + { + $roleToReceive = factory(Role::class)->create(['display_name' => 'LdapTester']); + $user = factory(User::class)->make(); + setting()->put('registration-confirmation', 'true'); + + app('config')->set([ + 'services.ldap.user_to_groups' => true, + 'services.ldap.group_attribute' => 'memberOf', + 'services.ldap.remove_from_groups' => true, + ]); + + $this->commonLdapMocks(1, 1, 3, 4, 3, 2); + $this->mockLdap->shouldReceive('searchAndGetEntries') + ->times(3) + ->andReturn(['count' => 1, 0 => [ + 'uid' => [$user->name], + 'cn' => [$user->name], + 'dn' => ['dc=test' . config('services.ldap.base_dn')], + 'mail' => [$user->email], + 'memberof' => [ + 'count' => 1, + 0 => "cn=ldaptester,ou=groups,dc=example,dc=com", + ] + ]]); + + $this->mockUserLogin()->seePageIs('/register/confirm'); + $this->seeInDatabase('users', [ + 'email' => $user->email, + 'email_confirmed' => false, + ]); + + $user = User::query()->where('email', '=', $user->email)->first(); + $this->seeInDatabase('role_user', [ + 'user_id' => $user->id, + 'role_id' => $roleToReceive->id + ]); + + $homePage = $this->get('/'); + $homePage->assertRedirectedTo('/register/confirm/awaiting'); + } + public function test_failed_logins_are_logged_when_message_configured() { $log = $this->withTestLogger(); config()->set(['logging.failed_login.message' => 'Failed login for %u']); - - $this->commonLdapMocks(1, 1, 1, 1, 1); - $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1) - ->andReturn(['count' => 0]); - - $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']); + $this->runFailedAuthLogin(); $this->assertTrue($log->hasWarningThatContains('Failed login for timmyjenkins')); } }