5 use BookStack\Auth\Access\Ldap\LdapConfig;
6 use BookStack\Auth\Access\Ldap\LdapConnection;
7 use BookStack\Auth\Access\Ldap\LdapConnectionManager;
8 use BookStack\Auth\Access\Ldap\LdapService;
9 use BookStack\Auth\Role;
10 use BookStack\Auth\User;
11 use Illuminate\Testing\TestResponse;
12 use Mockery\MockInterface;
15 class LdapTest extends TestCase
23 protected $resourceId = 'resource-test';
25 protected function setUp(): void
29 if (!defined('LDAP_OPT_REFERRALS')) {
30 define('LDAP_OPT_REFERRALS', 1);
34 'auth.method' => 'ldap',
35 'auth.defaults.guard' => 'ldap',
36 'services.ldap.server' => 'ldap.example.com',
37 'services.ldap.base_dn' => 'dc=ldap,dc=local',
38 'services.ldap.email_attribute' => 'mail',
39 'services.ldap.display_name_attribute' => 'cn',
40 'services.ldap.id_attribute' => 'uid',
41 'services.ldap.user_to_groups' => false,
42 'services.ldap.version' => '3',
43 'services.ldap.user_filter' => '(&(uid=${user}))',
44 'services.ldap.follow_referrals' => false,
45 'services.ldap.tls_insecure' => false,
46 'services.ldap.thumbnail_attribute' => null,
49 $this->mockLdap = \Mockery::mock(LdapConnection::class);
50 $this->app[LdapConnection::class] = $this->mockLdap;
51 $this->mockUser = User::factory()->make();
54 protected function runFailedAuthLogin()
56 $this->commonLdapMocks(1, 1, 1);
57 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
58 ->andReturn(['count' => 0]);
59 $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']);
62 protected function mockUserLogin(?string $email = null): TestResponse
64 return $this->post('/login', [
65 'username' => $this->mockUser->name,
66 'password' => $this->mockUser->password,
67 ] + ($email ? ['email' => $email] : []));
71 * Set LDAP method mocks for things we commonly call without altering.
73 protected function commonLdapMocks(int $versions = 1, int $options = 2, int $binds = 4)
75 $this->mockLdap->shouldReceive('setVersion')->times($versions);
76 $this->mockLdap->shouldReceive('setOption')->times($options);
77 $this->mockLdap->shouldReceive('bind')->times($binds)->andReturn(true);
80 public function test_login()
82 $this->commonLdapMocks(1, 2, 4);
83 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
84 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
85 ->andReturn(['count' => 1, 0 => [
86 'uid' => [$this->mockUser->name],
87 'cn' => [$this->mockUser->name],
88 'dn' => 'dc=test' . config('services.ldap.base_dn'),
91 $resp = $this->mockUserLogin();
92 $resp->assertRedirect('/login');
93 $resp = $this->followRedirects($resp);
94 $resp->assertSee('Please enter an email to use for this account.');
95 $resp->assertSee($this->mockUser->name);
97 $resp = $this->followingRedirects()->mockUserLogin($this->mockUser->email);
98 $this->withHtml($resp)->assertElementExists('#home-default');
99 $resp->assertSee($this->mockUser->name);
100 $this->assertDatabaseHas('users', [
101 'email' => $this->mockUser->email,
102 'email_confirmed' => false,
103 'external_auth_id' => $this->mockUser->name,
107 public function test_email_domain_restriction_active_on_new_ldap_login()
110 'registration-restrict' => 'testing.com',
113 $this->commonLdapMocks(1, 2, 4);
114 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
115 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
116 ->andReturn(['count' => 1, 0 => [
117 'uid' => [$this->mockUser->name],
118 'cn' => [$this->mockUser->name],
119 'dn' => 'dc=test' . config('services.ldap.base_dn'),
122 $resp = $this->mockUserLogin();
123 $resp->assertRedirect('/login');
124 $this->followRedirects($resp)->assertSee('Please enter an email to use for this account.');
127 $resp = $this->mockUserLogin($email);
128 $resp->assertRedirect('/login');
129 $this->followRedirects($resp)->assertSee('That email domain does not have access to this application');
131 $this->assertDatabaseMissing('users', ['email' => $email]);
134 public function test_login_works_when_no_uid_provided_by_ldap_server()
136 $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
138 $this->commonLdapMocks(1, 1, 2);
139 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
140 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
141 ->andReturn(['count' => 1, 0 => [
142 'cn' => [$this->mockUser->name],
144 'mail' => [$this->mockUser->email],
147 $resp = $this->mockUserLogin();
148 $resp->assertRedirect('/');
149 $this->followRedirects($resp)->assertSee($this->mockUser->name);
150 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => $ldapDn]);
153 public function test_a_custom_uid_attribute_can_be_specified_and_is_used_properly()
155 config()->set(['services.ldap.id_attribute' => 'my_custom_id']);
157 $this->commonLdapMocks(1, 1, 2);
158 $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
159 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
160 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
161 ->andReturn(['count' => 1, 0 => [
162 'cn' => [$this->mockUser->name],
164 'my_custom_id' => ['cooluser456'],
165 'mail' => [$this->mockUser->email],
168 $resp = $this->mockUserLogin();
169 $resp->assertRedirect('/');
170 $this->followRedirects($resp)->assertSee($this->mockUser->name);
171 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => 'cooluser456']);
174 public function test_initial_incorrect_credentials()
176 $this->commonLdapMocks(1, 1, 0);
177 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
178 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
179 ->andReturn(['count' => 1, 0 => [
180 'uid' => [$this->mockUser->name],
181 'cn' => [$this->mockUser->name],
182 'dn' => 'dc=test' . config('services.ldap.base_dn'),
184 $this->mockLdap->shouldReceive('bind')->times(2)->andReturn(true, false);
186 $resp = $this->mockUserLogin();
187 $resp->assertRedirect('/login');
188 $this->followRedirects($resp)->assertSee('These credentials do not match our records.');
189 $this->assertDatabaseMissing('users', ['external_auth_id' => $this->mockUser->name]);
192 public function test_login_not_found_username()
194 $this->commonLdapMocks(1, 1, 1);
195 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
196 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
197 ->andReturn(['count' => 0]);
199 $resp = $this->mockUserLogin();
200 $resp->assertRedirect('/login');
201 $this->followRedirects($resp)->assertSee('These credentials do not match our records.');
202 $this->assertDatabaseMissing('users', ['external_auth_id' => $this->mockUser->name]);
205 public function test_create_user_form()
207 $userForm = $this->asAdmin()->get('/settings/users/create');
208 $userForm->assertDontSee('Password');
210 $save = $this->post('/settings/users/create', [
211 'name' => $this->mockUser->name,
212 'email' => $this->mockUser->email,
214 $save->assertSessionHasErrors(['external_auth_id' => 'The external auth id field is required.']);
216 $save = $this->post('/settings/users/create', [
217 'name' => $this->mockUser->name,
218 'email' => $this->mockUser->email,
219 'external_auth_id' => $this->mockUser->name,
221 $save->assertRedirect('/settings/users');
222 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'external_auth_id' => $this->mockUser->name, 'email_confirmed' => true]);
225 public function test_user_edit_form()
227 $editUser = $this->getNormalUser();
228 $editPage = $this->asAdmin()->get("/settings/users/{$editUser->id}");
229 $editPage->assertSee('Edit User');
230 $editPage->assertDontSee('Password');
232 $update = $this->put("/settings/users/{$editUser->id}", [
233 'name' => $editUser->name,
234 'email' => $editUser->email,
235 'external_auth_id' => 'test_auth_id',
237 $update->assertRedirect('/settings/users');
238 $this->assertDatabaseHas('users', ['email' => $editUser->email, 'external_auth_id' => 'test_auth_id']);
241 public function test_registration_disabled()
243 $resp = $this->followingRedirects()->get('/register');
244 $this->withHtml($resp)->assertElementContains('#content', 'Log In');
247 public function test_non_admins_cannot_change_auth_id()
249 $testUser = $this->getNormalUser();
250 $this->actingAs($testUser)
251 ->get('/settings/users/' . $testUser->id)
252 ->assertDontSee('External Authentication');
255 public function test_login_maps_roles_and_retains_existing_roles()
257 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
258 $roleToReceive2 = Role::factory()->create(['display_name' => 'LdapTester Second']);
259 $existingRole = Role::factory()->create(['display_name' => 'ldaptester-existing']);
260 $this->mockUser->forceFill(['external_auth_id' => $this->mockUser->name])->save();
261 $this->mockUser->attachRole($existingRole);
264 'services.ldap.user_to_groups' => true,
265 'services.ldap.group_attribute' => 'memberOf',
266 'services.ldap.remove_from_groups' => false,
269 $this->commonLdapMocks(1, 4, 5);
270 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
271 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
272 ->andReturn(['count' => 1, 0 => [
273 'uid' => [$this->mockUser->name],
274 'cn' => [$this->mockUser->name],
275 'dn' => 'dc=test' . config('services.ldap.base_dn'),
276 'mail' => [$this->mockUser->email],
279 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
280 1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
284 $this->mockUserLogin()->assertRedirect('/');
286 $user = User::where('email', $this->mockUser->email)->first();
287 $this->assertDatabaseHas('role_user', [
288 'user_id' => $user->id,
289 'role_id' => $roleToReceive->id,
291 $this->assertDatabaseHas('role_user', [
292 'user_id' => $user->id,
293 'role_id' => $roleToReceive2->id,
295 $this->assertDatabaseHas('role_user', [
296 'user_id' => $user->id,
297 'role_id' => $existingRole->id,
301 public function test_login_maps_roles_and_removes_old_roles_if_set()
303 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
304 $existingRole = Role::factory()->create(['display_name' => 'ldaptester-existing']);
305 $this->mockUser->forceFill(['external_auth_id' => $this->mockUser->name])->save();
306 $this->mockUser->attachRole($existingRole);
309 'services.ldap.user_to_groups' => true,
310 'services.ldap.group_attribute' => 'memberOf',
311 'services.ldap.remove_from_groups' => true,
314 $this->commonLdapMocks(1, 3, 4);
315 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
316 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
317 ->andReturn(['count' => 1, 0 => [
318 'uid' => [$this->mockUser->name],
319 'cn' => [$this->mockUser->name],
320 'dn' => 'dc=test' . config('services.ldap.base_dn'),
321 'mail' => [$this->mockUser->email],
324 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
328 $this->mockUserLogin()->assertRedirect('/');
330 $user = User::query()->where('email', $this->mockUser->email)->first();
331 $this->assertDatabaseHas('role_user', [
332 'user_id' => $user->id,
333 'role_id' => $roleToReceive->id,
335 $this->assertDatabaseMissing('role_user', [
336 'user_id' => $user->id,
337 'role_id' => $existingRole->id,
341 public function test_dump_user_groups_shows_group_related_details_as_json()
344 'services.ldap.user_to_groups' => true,
345 'services.ldap.group_attribute' => 'memberOf',
346 'services.ldap.remove_from_groups' => true,
347 'services.ldap.dump_user_groups' => true,
350 $userResp = ['count' => 1, 0 => [
351 'uid' => [$this->mockUser->name],
352 'cn' => [$this->mockUser->name],
353 'dn' => 'dc=test,' . config('services.ldap.base_dn'),
354 'mail' => [$this->mockUser->email],
356 $this->commonLdapMocks(1, 4, 5);
357 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
358 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
359 ->andReturn($userResp, ['count' => 1,
361 'dn' => 'dc=test,' . config('services.ldap.base_dn'),
364 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
370 'dn' => 'cn=ldaptester,ou=groups,dc=example,dc=com',
373 0 => 'cn=monsters,ou=groups,dc=example,dc=com',
378 $resp = $this->mockUserLogin();
380 'details_from_ldap' => [
381 'dn' => 'dc=test,' . config('services.ldap.base_dn'),
383 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
387 'parsed_direct_user_groups' => [
390 'parsed_recursive_user_groups' => [
397 public function test_external_auth_id_visible_in_roles_page_when_ldap_active()
399 $role = Role::factory()->create(['display_name' => 'ldaptester', 'external_auth_id' => 'ex-auth-a, test-second-param']);
400 $this->asAdmin()->get('/settings/roles/' . $role->id)
401 ->assertSee('ex-auth-a');
404 public function test_login_maps_roles_using_external_auth_ids_if_set()
406 $roleToReceive = Role::factory()->create(['display_name' => 'ldaptester', 'external_auth_id' => 'test-second-param, ex-auth-a']);
407 $roleToNotReceive = Role::factory()->create(['display_name' => 'ex-auth-a', 'external_auth_id' => 'test-second-param']);
410 'services.ldap.user_to_groups' => true,
411 'services.ldap.group_attribute' => 'memberOf',
412 'services.ldap.remove_from_groups' => true,
415 $this->commonLdapMocks(1, 3, 4);
416 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
417 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
418 ->andReturn(['count' => 1, 0 => [
419 'uid' => [$this->mockUser->name],
420 'cn' => [$this->mockUser->name],
421 'dn' => 'dc=test' . config('services.ldap.base_dn'),
422 'mail' => [$this->mockUser->email],
425 0 => 'cn=ex-auth-a,ou=groups,dc=example,dc=com',
429 $this->mockUserLogin()->assertRedirect('/');
431 $user = User::query()->where('email', $this->mockUser->email)->first();
432 $this->assertDatabaseHas('role_user', [
433 'user_id' => $user->id,
434 'role_id' => $roleToReceive->id,
436 $this->assertDatabaseMissing('role_user', [
437 'user_id' => $user->id,
438 'role_id' => $roleToNotReceive->id,
442 public function test_login_group_mapping_does_not_conflict_with_default_role()
444 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
445 $roleToReceive2 = Role::factory()->create(['display_name' => 'LdapTester Second']);
446 $this->mockUser->forceFill(['external_auth_id' => $this->mockUser->name])->save();
448 setting()->put('registration-role', $roleToReceive->id);
451 'services.ldap.user_to_groups' => true,
452 'services.ldap.group_attribute' => 'memberOf',
453 'services.ldap.remove_from_groups' => true,
456 $this->commonLdapMocks(1, 4, 5);
457 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
458 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
459 ->andReturn(['count' => 1, 0 => [
460 'uid' => [$this->mockUser->name],
461 'cn' => [$this->mockUser->name],
462 'dn' => 'dc=test' . config('services.ldap.base_dn'),
463 'mail' => [$this->mockUser->email],
466 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
467 1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
471 $this->mockUserLogin()->assertRedirect('/');
473 $user = User::query()->where('email', $this->mockUser->email)->first();
474 $this->assertDatabaseHas('role_user', [
475 'user_id' => $user->id,
476 'role_id' => $roleToReceive->id,
478 $this->assertDatabaseHas('role_user', [
479 'user_id' => $user->id,
480 'role_id' => $roleToReceive2->id,
484 public function test_login_uses_specified_display_name_attribute()
487 'services.ldap.display_name_attribute' => 'displayName',
490 $this->commonLdapMocks(1, 2, 4);
491 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
492 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
493 ->andReturn(['count' => 1, 0 => [
494 'uid' => [$this->mockUser->name],
495 'cn' => [$this->mockUser->name],
496 'dn' => 'dc=test' . config('services.ldap.base_dn'),
497 'displayname' => 'displayNameAttribute',
500 $this->mockUserLogin()->assertRedirect('/login');
501 $this->get('/login')->assertSee('Please enter an email to use for this account.');
503 $resp = $this->mockUserLogin($this->mockUser->email);
504 $resp->assertRedirect('/');
505 $this->get('/')->assertSee('displayNameAttribute');
506 $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => $this->mockUser->name, 'name' => 'displayNameAttribute']);
509 public function test_login_uses_default_display_name_attribute_if_specified_not_present()
512 'services.ldap.display_name_attribute' => 'displayName',
515 $this->commonLdapMocks(1, 2, 4);
516 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
517 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
518 ->andReturn(['count' => 1, 0 => [
519 'uid' => [$this->mockUser->name],
520 'cn' => [$this->mockUser->name],
521 'dn' => 'dc=test' . config('services.ldap.base_dn'),
524 $this->mockUserLogin()->assertRedirect('/login');
525 $this->get('/login')->assertSee('Please enter an email to use for this account.');
527 $resp = $this->mockUserLogin($this->mockUser->email);
528 $resp->assertRedirect('/');
529 $this->get('/')->assertSee($this->mockUser->name);
530 $this->assertDatabaseHas('users', [
531 'email' => $this->mockUser->email,
532 'email_confirmed' => false,
533 'external_auth_id' => $this->mockUser->name,
534 'name' => $this->mockUser->name,
538 protected function checkLdapConfigHostParsing($serverString, ...$expectedHostPortPairs)
540 config()->set(['services.ldap.server' => $serverString]);
541 $ldapConfig = new LdapConfig(config('services.ldap'));
543 $servers = $ldapConfig->getServers();
544 $this->assertCount(count($expectedHostPortPairs), $servers);
545 foreach ($expectedHostPortPairs as $i => $expected) {
546 $server = $servers[$i];
547 $this->assertEquals($expected[0], $server['host']);
548 $this->assertEquals($expected[1], $server['port']);
552 public function test_ldap_port_provided_on_host_if_host_is_full_uri()
554 $hostName = 'ldaps://bookstack:8080';
555 $this->checkLdapConfigHostParsing($hostName, [$hostName, 389]);
558 public function test_ldap_port_parsed_from_server_if_host_is_not_full_uri()
560 $this->checkLdapConfigHostParsing('ldap.bookstack.com:8080', ['ldap.bookstack.com', 8080]);
563 public function test_default_ldap_port_used_if_not_in_server_string_and_not_uri()
565 $this->checkLdapConfigHostParsing('ldap.bookstack.com', ['ldap.bookstack.com', 389]);
568 public function test_multiple_hosts_parsed_from_config_if_semicolon_seperated()
570 $this->checkLdapConfigHostParsing(
571 'ldap.bookstack.com:8080; l.bookstackapp.com; b.bookstackapp.com:8081',
572 ['ldap.bookstack.com', 8080],
573 ['l.bookstackapp.com', 389],
574 ['b.bookstackapp.com', 8081],
578 public function test_host_fail_over_by_using_semicolon_seperated_hosts()
581 'services.ldap.server' => 'ldap-tiger.example.com;ldap-donkey.example.com:8080',
585 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)->andReturn(['count' => 1, 0 => [
586 'uid' => [$this->mockUser->name],
587 'cn' => [$this->mockUser->name],
588 'dn' => 'dc=test' . config('services.ldap.base_dn'),
591 $this->mockLdap->shouldReceive('bind')->once()->with('ldap-tiger.example.com', 389)->andReturn(false);
592 $this->commonLdapMocks(0, 1, 1);
594 $this->mockLdap->shouldReceive('connect')->once()->with('ldap-donkey.example.com', 8080)->andReturn($this->resourceId);
595 $this->mockUserLogin();
598 public function test_host_fail_over_by_using_semicolon_seperated_hosts_still_throws_error()
601 'services.ldap.server' => 'ldap-tiger.example.com;ldap-donkey.example.com:8080',
604 $this->mockLdap->shouldReceive('connect')->once()->with('ldap-tiger.example.com', 389)->andReturn(false);
605 $this->mockLdap->shouldReceive('connect')->once()->with('ldap-donkey.example.com', 8080)->andReturn(false);
607 $resp = $this->mockUserLogin();
608 $resp->assertStatus(500);
609 $resp->assertSee('Cannot connect to ldap server, Initial connection failed');
612 public function test_forgot_password_routes_inaccessible()
614 $resp = $this->get('/password/email');
615 $this->assertPermissionError($resp);
617 $resp = $this->post('/password/email');
618 $this->assertPermissionError($resp);
620 $resp = $this->get('/password/reset/abc123');
621 $this->assertPermissionError($resp);
623 $resp = $this->post('/password/reset');
624 $this->assertPermissionError($resp);
627 public function test_user_invite_routes_inaccessible()
629 $resp = $this->get('/register/invite/abc123');
630 $this->assertPermissionError($resp);
632 $resp = $this->post('/register/invite/abc123');
633 $this->assertPermissionError($resp);
636 public function test_user_register_routes_inaccessible()
638 $resp = $this->get('/register');
639 $this->assertPermissionError($resp);
641 $resp = $this->post('/register');
642 $this->assertPermissionError($resp);
645 public function test_dump_user_details_option_works()
647 config()->set(['services.ldap.dump_user_details' => true, 'services.ldap.thumbnail_attribute' => 'jpegphoto']);
649 $this->commonLdapMocks(1, 1, 1);
650 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
651 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
652 ->andReturn(['count' => 1, 0 => [
653 'uid' => [$this->mockUser->name],
654 'cn' => [$this->mockUser->name],
655 // Test dumping binary data for avatar responses
656 'jpegphoto' => base64_decode('/9j/4AAQSkZJRg=='),
657 'dn' => 'dc=test' . config('services.ldap.base_dn'),
660 $resp = $this->post('/login', [
661 'username' => $this->mockUser->name,
662 'password' => $this->mockUser->password,
664 $resp->assertJsonStructure([
665 'details_from_ldap' => [],
666 'details_bookstack_parsed' => [],
670 public function test_start_tls_called_if_option_set()
672 config()->set(['services.ldap.start_tls' => true]);
673 $this->mockLdap->shouldReceive('startTls')->once()->andReturn(true);
674 $this->runFailedAuthLogin();
677 public function test_connection_fails_if_tls_fails()
679 config()->set(['services.ldap.start_tls' => true]);
680 $this->mockLdap->shouldReceive('startTls')->once()->andReturn(false);
681 $this->commonLdapMocks(1, 0, 0);
682 $resp = $this->post('/login', ['username' => 'timmyjenkins', 'password' => 'cattreedog']);
683 $resp->assertStatus(500);
686 public function test_ldap_attributes_can_be_binary_decoded_if_marked()
688 config()->set(['services.ldap.id_attribute' => 'BIN;uid']);
689 $ldapService = app()->make(LdapService::class);
690 $this->commonLdapMocks(1, 1, 1);
691 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
692 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), ['cn', 'dn', 'uid', 'mail', 'cn'])
693 ->andReturn(['count' => 1, 0 => [
694 'uid' => [hex2bin('FFF8F7')],
695 'cn' => [$this->mockUser->name],
696 'dn' => 'dc=test' . config('services.ldap.base_dn'),
699 $details = $ldapService->getUserDetails('test');
700 $this->assertEquals('fff8f7', $details['uid']);
703 public function test_new_ldap_user_login_with_already_used_email_address_shows_error_message_to_user()
705 $this->commonLdapMocks(1, 2, 4);
706 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
707 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
708 ->andReturn(['count' => 1, 0 => [
709 'uid' => [$this->mockUser->name],
710 'cn' => [$this->mockUser->name],
711 'dn' => 'dc=test' . config('services.ldap.base_dn'),
713 ]], ['count' => 1, 0 => [
716 'dn' => 'dc=bscott' . config('services.ldap.base_dn'),
721 $this->mockUserLogin()->assertRedirect('/');
725 $resp = $this->followingRedirects()->post('/login', ['username' => 'bscott', 'password' => 'pass']);
726 $resp->assertSee('A user with the email
[email protected] already exists but with different credentials');
729 public function test_login_with_email_confirmation_required_maps_groups_but_shows_confirmation_screen()
731 $roleToReceive = Role::factory()->create(['display_name' => 'LdapTester']);
732 $user = User::factory()->make();
733 setting()->put('registration-confirmation', 'true');
736 'services.ldap.user_to_groups' => true,
737 'services.ldap.group_attribute' => 'memberOf',
738 'services.ldap.remove_from_groups' => true,
741 $this->commonLdapMocks(1, 6, 8);
742 $this->mockLdap->shouldReceive('searchAndGetEntries')
744 ->andReturn(['count' => 1, 0 => [
745 'uid' => [$user->name],
746 'cn' => [$user->name],
747 'dn' => 'dc=test' . config('services.ldap.base_dn'),
748 'mail' => [$user->email],
751 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
755 $login = $this->followingRedirects()->mockUserLogin();
756 $login->assertSee('Thanks for registering!');
757 $this->assertDatabaseHas('users', [
758 'email' => $user->email,
759 'email_confirmed' => false,
762 $user = User::query()->where('email', '=', $user->email)->first();
763 $this->assertDatabaseHas('role_user', [
764 'user_id' => $user->id,
765 'role_id' => $roleToReceive->id,
768 $this->assertNull(auth()->user());
770 $homePage = $this->get('/');
771 $homePage->assertRedirect('/login');
773 $login = $this->followingRedirects()->mockUserLogin();
774 $login->assertSee('Email Address Not Confirmed');
777 public function test_failed_logins_are_logged_when_message_configured()
779 $log = $this->withTestLogger();
780 config()->set(['logging.failed_login.message' => 'Failed login for %u']);
781 $this->runFailedAuthLogin();
782 $this->assertTrue($log->hasWarningThatContains('Failed login for timmyjenkins'));
785 public function test_thumbnail_attribute_used_as_user_avatar_if_configured()
787 config()->set(['services.ldap.thumbnail_attribute' => 'jpegPhoto']);
789 $this->commonLdapMocks(1, 1, 2);
790 $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
791 $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
792 ->with(config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
793 ->andReturn(['count' => 1, 0 => [
794 'cn' => [$this->mockUser->name],
796 'jpegphoto' => [base64_decode('/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8Q
797 EBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=')],
798 'mail' => [$this->mockUser->email],
801 $this->mockUserLogin()
802 ->assertRedirect('/');
804 $user = User::query()->where('email', '=', $this->mockUser->email)->first();
805 $this->assertNotNull($user->avatar);
806 $this->assertEquals('8c90748342f19b195b9c6b4eff742ded', md5_file(public_path($user->avatar->path)));
projects / bookstack / blob