5 use BookStack\Auth\Access\Ldap;
6 use BookStack\Auth\Access\LdapService;
7 use BookStack\Auth\Role;
8 use BookStack\Auth\User;
9 use Mockery\MockInterface;
11 use Tests\TestResponse;
13 class LdapTest extends TestCase
21 protected $resourceId = 'resource-test';
23 protected function setUp(): void
26 if (!defined('LDAP_OPT_REFERRALS')) {
27 define('LDAP_OPT_REFERRALS', 1);
30 'auth.method' => 'ldap',
31 'auth.defaults.guard' => 'ldap',
32 'services.ldap.base_dn' => 'dc=ldap,dc=local',
33 'services.ldap.email_attribute' => 'mail',
34 'services.ldap.display_name_attribute' => 'cn',
35 'services.ldap.id_attribute' => 'uid',
36 'services.ldap.user_to_groups' => false,
37 'services.ldap.version' => '3',
38 'services.ldap.user_filter' => '(&(uid=${user}))',
39 'services.ldap.follow_referrals' => false,
40 'services.ldap.tls_insecure' => false,
41 'services.ldap.thumbnail_attribute' => null,
43 $this->mockLdap = \Mockery::mock(Ldap::class);
44 $this->app[Ldap::class] = $this->mockLdap;
45 $this->mockUser = User::factory()->make();
48 protected function runFailedAuthLogin()
50 $this->commonLdapMocks(1, 1, 1, 1, 1);
51 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
52 ->andReturn(['count' => 0]);
53 $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']);
56 protected function mockEscapes($times = 1)
58 $this->mockLdap->shouldReceive('escape')->times($times)->andReturnUsing(function ($val) {
59 return ldap_escape($val);
63 protected function mockExplodes($times = 1)
65 $this->mockLdap->shouldReceive('explodeDn')->times($times)->andReturnUsing(function ($dn, $withAttrib) {
66 return ldap_explode_dn($dn, $withAttrib);
70 protected function mockUserLogin(?string $email = null): TestResponse
72 return $this->post('/login', [
73 'username' => $this->mockUser->name,
74 'password' => $this->mockUser->password,
75 ] + ($email ? ['email' => $email] : []));
79 * Set LDAP method mocks for things we commonly call without altering.
81 protected function commonLdapMocks(int $connects = 1, int $versions = 1, int $options = 2, int $binds = 4, int $escapes = 2, int $explodes = 0)
83 $this->mockLdap->shouldReceive('connect')->times($connects)->andReturn($this->resourceId);
84 $this->mockLdap->shouldReceive('setVersion')->times($versions);
85 $this->mockLdap->shouldReceive('setOption')->times($options);
86 $this->mockLdap->shouldReceive('bind')->times($binds)->andReturn(true);
87 $this->mockEscapes($escapes);
88 $this->mockExplodes($explodes);
91 public function test_login()
93 $this->commonLdapMocks(1, 1, 2, 4, 2);
94 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
95 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
96 ->andReturn(['count' => 1, 0 => [
97 'uid' => [$this->mockUser->name],
98 'cn' => [$this->mockUser->name],
99 'dn' => ['dc=test' . config('services.ldap.base_dn')],
102 $resp = $this->mockUserLogin();
103 $resp->assertRedirect('/login');
104 $resp = $this->followRedirects($resp);
105 $resp->assertSee('Please enter an email to use for this account.');
106 $resp->assertSee($this->mockUser->name);
108 $resp = $this->followingRedirects()->mockUserLogin($this->mockUser->email);
109 $resp->assertElementExists('#home-default');
110 $resp->assertSee($this->mockUser->name);
111 $this->assertDatabaseHas('users', [
112 'email' => $this->mockUser->email,
113 'email_confirmed' => false,
114 'external_auth_id' => $this->mockUser->name,
118 public function test_email_domain_restriction_active_on_new_ldap_login()
121 'registration-restrict' => 'testing.com',
124 $this->commonLdapMocks(1, 1, 2, 4, 2);
125 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
126 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
127 ->andReturn(['count' => 1, 0 => [
128 'uid' => [$this->mockUser->name],
129 'cn' => [$this->mockUser->name],
130 'dn' => ['dc=test' . config('services.ldap.base_dn')],
133 $resp = $this->mockUserLogin();
134 $resp->assertRedirect('/login');
135 $this->followRedirects($resp)->assertSee('Please enter an email to use for this account.');
138 $resp = $this->mockUserLogin($email);
139 $resp->assertRedirect('/login');
140 $this->followRedirects($resp)->assertSee('That email domain does not have access to this application');
142 $this->assertDatabaseMissing('users', ['email' => $email]);
145 public function test_login_works_when_no_uid_provided_by_ldap_server()
147 $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
149 $this->commonLdapMocks(1, 1, 1, 2, 1);
150 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
151 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
152 ->andReturn(['count' => 1, 0 => [
153 'cn' => [$this->mockUser->name],
155 'mail' => [$this->mockUser->email],
158 $resp = $this->mockUserLogin();
159 $resp->assertRedirect('/');
160 $this->followRedirects($resp)->assertSee($this->mockUser->name);
161 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => $ldapDn]);
164 public function test_a_custom_uid_attribute_can_be_specified_and_is_used_properly()
166 config()->set(['services.ldap.id_attribute' => 'my_custom_id']);
168 $this->commonLdapMocks(1, 1, 1, 2, 1);
169 $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
170 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
171 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
172 ->andReturn(['count' => 1, 0 => [
173 'cn' => [$this->mockUser->name],
175 'my_custom_id' => ['cooluser456'],
176 'mail' => [$this->mockUser->email],
179 $resp = $this->mockUserLogin();
180 $resp->assertRedirect('/');
181 $this->followRedirects($resp)->assertSee($this->mockUser->name);
182 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => 'cooluser456']);
185 public function test_initial_incorrect_credentials()
187 $this->commonLdapMocks(1, 1, 1, 0, 1);
188 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
189 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
190 ->andReturn(['count' => 1, 0 => [
191 'uid' => [$this->mockUser->name],
192 'cn' => [$this->mockUser->name],
193 'dn' => ['dc=test' . config('services.ldap.base_dn')],
195 $this->mockLdap->shouldReceive('bind')->times(2)->andReturn(true, false);
197 $resp = $this->mockUserLogin();
198 $resp->assertRedirect('/login');
199 $this->followRedirects($resp)->assertSee('These credentials do not match our records.');
200 $this->assertDatabaseMissing('users', ['external_auth_id' => $this->mockUser->name]);
203 public function test_login_not_found_username()
205 $this->commonLdapMocks(1, 1, 1, 1, 1);
206 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
207 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
208 ->andReturn(['count' => 0]);
210 $resp = $this->mockUserLogin();
211 $resp->assertRedirect('/login');
212 $this->followRedirects($resp)->assertSee('These credentials do not match our records.');
213 $this->assertDatabaseMissing('users', ['external_auth_id' => $this->mockUser->name]);
216 public function test_create_user_form()
218 $userForm = $this->asAdmin()->get('/settings/users/create');
219 $userForm->assertDontSee('Password');
221 $save = $this->post('/settings/users/create', [
222 'name' => $this->mockUser->name,
223 'email' => $this->mockUser->email,
225 $save->assertSessionHasErrors(['external_auth_id' => 'The external auth id field is required.']);
227 $save = $this->post('/settings/users/create', [
228 'name' => $this->mockUser->name,
229 'email' => $this->mockUser->email,
230 'external_auth_id' => $this->mockUser->name,
232 $save->assertRedirect('/settings/users');
233 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'external_auth_id' => $this->mockUser->name, 'email_confirmed' => true]);
236 public function test_user_edit_form()
238 $editUser = $this->getNormalUser();
239 $editPage = $this->asAdmin()->get("/settings/users/{$editUser->id}");
240 $editPage->assertSee('Edit User');
241 $editPage->assertDontSee('Password');
243 $update = $this->put("/settings/users/{$editUser->id}", [
244 'name' => $editUser->name,
245 'email' => $editUser->email,
246 'external_auth_id' => 'test_auth_id',
248 $update->assertRedirect('/settings/users');
249 $this->assertDatabaseHas('users', ['email' => $editUser->email, 'external_auth_id' => 'test_auth_id']);
252 public function test_registration_disabled()
254 $this->followingRedirects()->get('/register')->assertElementContains('#content', 'Log In');
257 public function test_non_admins_cannot_change_auth_id()
259 $testUser = $this->getNormalUser();
260 $this->actingAs($testUser)
261 ->get('/settings/users/' . $testUser->id)
262 ->assertDontSee('External Authentication');
265 public function test_login_maps_roles_and_retains_existing_roles()
267 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
268 $roleToReceive2 = Role::factory()->create(['display_name' => 'LdapTester Second']);
269 $existingRole = Role::factory()->create(['display_name' => 'ldaptester-existing']);
270 $this->mockUser->forceFill(['external_auth_id' => $this->mockUser->name])->save();
271 $this->mockUser->attachRole($existingRole);
274 'services.ldap.user_to_groups' => true,
275 'services.ldap.group_attribute' => 'memberOf',
276 'services.ldap.remove_from_groups' => false,
279 $this->commonLdapMocks(1, 1, 4, 5, 4, 6);
280 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
281 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
282 ->andReturn(['count' => 1, 0 => [
283 'uid' => [$this->mockUser->name],
284 'cn' => [$this->mockUser->name],
285 'dn' => ['dc=test' . config('services.ldap.base_dn')],
286 'mail' => [$this->mockUser->email],
289 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
290 1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
294 $this->mockUserLogin()->assertRedirect('/');
296 $user = User::where('email', $this->mockUser->email)->first();
297 $this->assertDatabaseHas('role_user', [
298 'user_id' => $user->id,
299 'role_id' => $roleToReceive->id,
301 $this->assertDatabaseHas('role_user', [
302 'user_id' => $user->id,
303 'role_id' => $roleToReceive2->id,
305 $this->assertDatabaseHas('role_user', [
306 'user_id' => $user->id,
307 'role_id' => $existingRole->id,
311 public function test_login_maps_roles_and_removes_old_roles_if_set()
313 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
314 $existingRole = Role::factory()->create(['display_name' => 'ldaptester-existing']);
315 $this->mockUser->forceFill(['external_auth_id' => $this->mockUser->name])->save();
316 $this->mockUser->attachRole($existingRole);
319 'services.ldap.user_to_groups' => true,
320 'services.ldap.group_attribute' => 'memberOf',
321 'services.ldap.remove_from_groups' => true,
324 $this->commonLdapMocks(1, 1, 3, 4, 3, 2);
325 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
326 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
327 ->andReturn(['count' => 1, 0 => [
328 'uid' => [$this->mockUser->name],
329 'cn' => [$this->mockUser->name],
330 'dn' => ['dc=test' . config('services.ldap.base_dn')],
331 'mail' => [$this->mockUser->email],
334 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
338 $this->mockUserLogin()->assertRedirect('/');
340 $user = User::query()->where('email', $this->mockUser->email)->first();
341 $this->assertDatabaseHas('role_user', [
342 'user_id' => $user->id,
343 'role_id' => $roleToReceive->id,
345 $this->assertDatabaseMissing('role_user', [
346 'user_id' => $user->id,
347 'role_id' => $existingRole->id,
351 public function test_external_auth_id_visible_in_roles_page_when_ldap_active()
353 $role = Role::factory()->create(['display_name' => 'ldaptester', 'external_auth_id' => 'ex-auth-a, test-second-param']);
354 $this->asAdmin()->get('/settings/roles/' . $role->id)
355 ->assertSee('ex-auth-a');
358 public function test_login_maps_roles_using_external_auth_ids_if_set()
360 $roleToReceive = Role::factory()->create(['display_name' => 'ldaptester', 'external_auth_id' => 'test-second-param, ex-auth-a']);
361 $roleToNotReceive = Role::factory()->create(['display_name' => 'ex-auth-a', 'external_auth_id' => 'test-second-param']);
364 'services.ldap.user_to_groups' => true,
365 'services.ldap.group_attribute' => 'memberOf',
366 'services.ldap.remove_from_groups' => true,
369 $this->commonLdapMocks(1, 1, 3, 4, 3, 2);
370 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
371 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
372 ->andReturn(['count' => 1, 0 => [
373 'uid' => [$this->mockUser->name],
374 'cn' => [$this->mockUser->name],
375 'dn' => ['dc=test' . config('services.ldap.base_dn')],
376 'mail' => [$this->mockUser->email],
379 0 => 'cn=ex-auth-a,ou=groups,dc=example,dc=com',
383 $this->mockUserLogin()->assertRedirect('/');
385 $user = User::query()->where('email', $this->mockUser->email)->first();
386 $this->assertDatabaseHas('role_user', [
387 'user_id' => $user->id,
388 'role_id' => $roleToReceive->id,
390 $this->assertDatabaseMissing('role_user', [
391 'user_id' => $user->id,
392 'role_id' => $roleToNotReceive->id,
396 public function test_login_group_mapping_does_not_conflict_with_default_role()
398 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
399 $roleToReceive2 = Role::factory()->create(['display_name' => 'LdapTester Second']);
400 $this->mockUser->forceFill(['external_auth_id' => $this->mockUser->name])->save();
402 setting()->put('registration-role', $roleToReceive->id);
405 'services.ldap.user_to_groups' => true,
406 'services.ldap.group_attribute' => 'memberOf',
407 'services.ldap.remove_from_groups' => true,
410 $this->commonLdapMocks(1, 1, 4, 5, 4, 6);
411 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
412 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
413 ->andReturn(['count' => 1, 0 => [
414 'uid' => [$this->mockUser->name],
415 'cn' => [$this->mockUser->name],
416 'dn' => ['dc=test' . config('services.ldap.base_dn')],
417 'mail' => [$this->mockUser->email],
420 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
421 1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
425 $this->mockUserLogin()->assertRedirect('/');
427 $user = User::query()->where('email', $this->mockUser->email)->first();
428 $this->assertDatabaseHas('role_user', [
429 'user_id' => $user->id,
430 'role_id' => $roleToReceive->id,
432 $this->assertDatabaseHas('role_user', [
433 'user_id' => $user->id,
434 'role_id' => $roleToReceive2->id,
438 public function test_login_uses_specified_display_name_attribute()
441 'services.ldap.display_name_attribute' => 'displayName',
444 $this->commonLdapMocks(1, 1, 2, 4, 2);
445 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
446 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
447 ->andReturn(['count' => 1, 0 => [
448 'uid' => [$this->mockUser->name],
449 'cn' => [$this->mockUser->name],
450 'dn' => ['dc=test' . config('services.ldap.base_dn')],
451 'displayname' => 'displayNameAttribute',
454 $this->mockUserLogin()->assertRedirect('/login');
455 $this->get('/login')->assertSee('Please enter an email to use for this account.');
457 $resp = $this->mockUserLogin($this->mockUser->email);
458 $resp->assertRedirect('/');
459 $this->get('/')->assertSee('displayNameAttribute');
460 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => $this->mockUser->name, 'name' => 'displayNameAttribute']);
463 public function test_login_uses_default_display_name_attribute_if_specified_not_present()
466 'services.ldap.display_name_attribute' => 'displayName',
469 $this->commonLdapMocks(1, 1, 2, 4, 2);
470 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
471 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
472 ->andReturn(['count' => 1, 0 => [
473 'uid' => [$this->mockUser->name],
474 'cn' => [$this->mockUser->name],
475 'dn' => ['dc=test' . config('services.ldap.base_dn')],
478 $this->mockUserLogin()->assertRedirect('/login');
479 $this->get('/login')->assertSee('Please enter an email to use for this account.');
481 $resp = $this->mockUserLogin($this->mockUser->email);
482 $resp->assertRedirect('/');
483 $this->get('/')->assertSee($this->mockUser->name);
484 $this->assertDatabaseHas('users', [
485 'email' => $this->mockUser->email,
486 'email_confirmed' => false,
487 'external_auth_id' => $this->mockUser->name,
488 'name' => $this->mockUser->name,
492 protected function checkLdapReceivesCorrectDetails($serverString, $expectedHost, $expectedPort)
495 'services.ldap.server' => $serverString,
499 $this->commonLdapMocks(0, 1, 1, 2, 1);
500 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)->andReturn(['count' => 1, 0 => [
501 'uid' => [$this->mockUser->name],
502 'cn' => [$this->mockUser->name],
503 'dn' => ['dc=test' . config('services.ldap.base_dn')],
506 $this->mockLdap->shouldReceive('connect')->once()
507 ->with($expectedHost, $expectedPort)->andReturn($this->resourceId);
508 $this->mockUserLogin();
511 public function test_ldap_port_provided_on_host_if_host_is_full_uri()
513 $hostName = 'ldaps://bookstack:8080';
514 $this->checkLdapReceivesCorrectDetails($hostName, $hostName, 389);
517 public function test_ldap_port_parsed_from_server_if_host_is_not_full_uri()
519 $this->checkLdapReceivesCorrectDetails('ldap.bookstack.com:8080', 'ldap.bookstack.com', 8080);
522 public function test_default_ldap_port_used_if_not_in_server_string_and_not_uri()
524 $this->checkLdapReceivesCorrectDetails('ldap.bookstack.com', 'ldap.bookstack.com', 389);
527 public function test_forgot_password_routes_inaccessible()
529 $resp = $this->get('/password/email');
530 $this->assertPermissionError($resp);
532 $resp = $this->post('/password/email');
533 $this->assertPermissionError($resp);
535 $resp = $this->get('/password/reset/abc123');
536 $this->assertPermissionError($resp);
538 $resp = $this->post('/password/reset');
539 $this->assertPermissionError($resp);
542 public function test_user_invite_routes_inaccessible()
544 $resp = $this->get('/register/invite/abc123');
545 $this->assertPermissionError($resp);
547 $resp = $this->post('/register/invite/abc123');
548 $this->assertPermissionError($resp);
551 public function test_user_register_routes_inaccessible()
553 $resp = $this->get('/register');
554 $this->assertPermissionError($resp);
556 $resp = $this->post('/register');
557 $this->assertPermissionError($resp);
560 public function test_dump_user_details_option_works()
562 config()->set(['services.ldap.dump_user_details' => true]);
564 $this->commonLdapMocks(1, 1, 1, 1, 1);
565 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
566 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
567 ->andReturn(['count' => 1, 0 => [
568 'uid' => [$this->mockUser->name],
569 'cn' => [$this->mockUser->name],
570 'dn' => ['dc=test' . config('services.ldap.base_dn')],
573 $resp = $this->post('/login', [
574 'username' => $this->mockUser->name,
575 'password' => $this->mockUser->password,
577 $resp->assertJsonStructure([
578 'details_from_ldap' => [],
579 'details_bookstack_parsed' => [],
583 public function test_start_tls_called_if_option_set()
585 config()->set(['services.ldap.start_tls' => true]);
586 $this->mockLdap->shouldReceive('startTls')->once()->andReturn(true);
587 $this->runFailedAuthLogin();
590 public function test_connection_fails_if_tls_fails()
592 config()->set(['services.ldap.start_tls' => true]);
593 $this->mockLdap->shouldReceive('startTls')->once()->andReturn(false);
594 $this->commonLdapMocks(1, 1, 0, 0, 0);
595 $resp = $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']);
596 $resp->assertStatus(500);
599 public function test_ldap_attributes_can_be_binary_decoded_if_marked()
601 config()->set(['services.ldap.id_attribute' => 'BIN;uid']);
602 $ldapService = app()->make(LdapService::class);
603 $this->commonLdapMocks(1, 1, 1, 1, 1);
604 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
605 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), ['cn', 'dn', 'uid', 'mail', 'cn'])
606 ->andReturn(['count' => 1, 0 => [
607 'uid' => [hex2bin('FFF8F7')],
608 'cn' => [$this->mockUser->name],
609 'dn' => ['dc=test' . config('services.ldap.base_dn')],
612 $details = $ldapService->getUserDetails('test');
613 $this->assertEquals('fff8f7', $details['uid']);
616 public function test_new_ldap_user_login_with_already_used_email_address_shows_error_message_to_user()
618 $this->commonLdapMocks(1, 1, 2, 4, 2);
619 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
620 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
621 ->andReturn(['count' => 1, 0 => [
622 'uid' => [$this->mockUser->name],
623 'cn' => [$this->mockUser->name],
624 'dn' => ['dc=test' . config('services.ldap.base_dn')],
626 ]], ['count' => 1, 0 => [
629 'dn' => ['dc=bscott' . config('services.ldap.base_dn')],
634 $this->mockUserLogin()->assertRedirect('/');
638 $resp = $this->followingRedirects()->post('/login', ['username' => 'bscott', 'password' => 'pass']);
639 $resp->assertSee('A user with the email
[email protected] already exists but with different credentials');
642 public function test_login_with_email_confirmation_required_maps_groups_but_shows_confirmation_screen()
644 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
645 $user = User::factory()->make();
646 setting()->put('registration-confirmation', 'true');
649 'services.ldap.user_to_groups' => true,
650 'services.ldap.group_attribute' => 'memberOf',
651 'services.ldap.remove_from_groups' => true,
654 $this->commonLdapMocks(1, 1, 6, 8, 6, 4);
655 $this->mockLdap->shouldReceive('searchAndGetEntries')
657 ->andReturn(['count' => 1, 0 => [
658 'uid' => [$user->name],
659 'cn' => [$user->name],
660 'dn' => ['dc=test' . config('services.ldap.base_dn')],
661 'mail' => [$user->email],
664 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
668 $login = $this->followingRedirects()->mockUserLogin();
669 $login->assertSee('Thanks for registering!');
670 $this->assertDatabaseHas('users', [
671 'email' => $user->email,
672 'email_confirmed' => false,
675 $user = User::query()->where('email', '=', $user->email)->first();
676 $this->assertDatabaseHas('role_user', [
677 'user_id' => $user->id,
678 'role_id' => $roleToReceive->id,
681 $this->assertNull(auth()->user());
683 $homePage = $this->get('/');
684 $homePage->assertRedirect('/login');
686 $login = $this->followingRedirects()->mockUserLogin();
687 $login->assertSee('Email Address Not Confirmed');
690 public function test_failed_logins_are_logged_when_message_configured()
692 $log = $this->withTestLogger();
693 config()->set(['logging.failed_login.message' => 'Failed login for %u']);
694 $this->runFailedAuthLogin();
695 $this->assertTrue($log->hasWarningThatContains('Failed login for timmyjenkins'));
698 public function test_thumbnail_attribute_used_as_user_avatar_if_configured()
700 config()->set(['services.ldap.thumbnail_attribute' => 'jpegPhoto']);
702 $this->commonLdapMocks(1, 1, 1, 2, 1);
703 $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
704 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
705 ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
706 ->andReturn(['count' => 1, 0 => [
707 'cn' => [$this->mockUser->name],
709 'jpegphoto' => [base64_decode('/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8Q
710 EBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=')],
711 'mail' => [$this->mockUser->email],
714 $this->mockUserLogin()
715 ->assertRedirect('/');
717 $user = User::query()->where('email', '=', $this->mockUser->email)->first();
718 $this->assertNotNull($user->avatar);
719 $this->assertEquals('8c90748342f19b195b9c6b4eff742ded', md5_file(public_path($user->avatar->path)));
projects / bookstack / blob