Koha/t/db_dependent/Auth_with_ldap.t
Jonathan Druart 9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00

521 lines
16 KiB
Perl
Executable file

#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 4;
use Test::MockModule;
use Test::MockObject;
use t::lib::Mocks;
use t::lib::TestBuilder;
use Test::Warn;
use C4::Context;
use Koha::Patrons;
my $dbh = '';
# Start transaction
my $schema = Koha::Database->new->schema;
$schema->storage->txn_begin();
my $builder = t::lib::TestBuilder->new();
# Variables controlling LDAP server config
my $update = 0;
my $replicate = 0;
my $auth_by_bind = 1;
my $anonymous_bind = 1;
my $user = 'cn=Manager,dc=metavore,dc=com';
my $pass = 'metavore';
# Variables controlling LDAP behaviour
my $desired_authentication_result = 'success';
my $desired_connection_result = 'error';
my $desired_admin_bind_result = 'error';
my $desired_search_result = 'error';
my $desired_count_result = 1;
my $desired_bind_result = 'error';
my $remaining_entry = 1;
my $ret;
# Mock the context module
my $context = Test::MockModule->new('C4::Context');
$context->mock( 'config', \&mockedC4Config );
# Mock the Net::LDAP module
my $net_ldap = Test::MockModule->new('Net::LDAP');
$net_ldap->mock(
'new',
sub {
if ( $desired_connection_result eq 'error' ) {
# We were asked to fail the LDAP conexion
return;
}
else {
# Return a mocked Net::LDAP object (Test::MockObject)
return mock_net_ldap();
}
}
);
my $categorycode = $builder->build( { source => 'Category' } )->{categorycode};
my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode};
my $attr_type = $builder->build(
{
source => 'BorrowerAttributeType',
value => {
category_code => $categorycode
}
}
);
my $attr_type2 = $builder->build(
{
source => 'BorrowerAttributeType',
value => {
category_code => $categorycode
}
}
);
my $borrower = $builder->build(
{
source => 'Borrower',
value => {
userid => 'hola',
branchcode => $branchcode,
categorycode => $categorycode
}
}
);
$builder->build(
{
source => 'BorrowerAttribute',
value => {
borrowernumber => $borrower->{borrowernumber},
code => $attr_type->{code},
attribute => 'FOO'
}
}
);
my $patron = Koha::Patrons->find($borrower->{borrowernumber});
# C4::Auth_with_ldap needs several stuff set first ^^^
use_ok('C4::Auth_with_ldap', qw( checkpw_ldap ));
can_ok(
'C4::Auth_with_ldap', qw/
checkpw_ldap
search_method /
);
subtest 'checkpw_ldap tests' => sub {
plan tests => 4;
my $dbh = C4::Context->dbh;
## Connection fail tests
$desired_connection_result = 'error';
warning_is {
$ret =
C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
}
'LDAP connexion failed',
'checkpw_ldap prints correct warning if LDAP conexion fails';
is( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
## Connection success tests
$desired_connection_result = 'success';
subtest 'auth_by_bind = 1 tests' => sub {
plan tests => 11;
$auth_by_bind = 1;
$desired_authentication_result = 'success';
$anonymous_bind = 1;
$desired_admin_bind_result = 'error';
$desired_search_result = 'error';
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
$anonymous_bind = 0;
$user = undef;
$pass = undef;
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
'checkpw_ldap prints correct warning if LDAP bind_by_auth fails';
is( $ret, 0, 'checkpw_ldap returns 0 if LDAP bind_by_auth fails' );
$desired_authentication_result = 'success';
$anonymous_bind = 1;
$desired_admin_bind_result = 'success';
$desired_search_result = 'success';
$desired_count_result = 1;
$desired_bind_result = 'success';
$update = 1;
reload_ldap_module();
t::lib::Mocks::mock_preference( 'ExtendedPatronAttributes', 1 );
my $auth = Test::MockModule->new('C4::Auth_with_ldap');
$auth->mock(
'update_local',
sub {
return $borrower->{cardnumber};
}
);
$auth->mock(
'ldap_entry_2_hash',
sub {
return (
$attr_type2->{code}, 'BAR'
);
}
);
C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
ok(
Koha::Patrons->find($borrower->{borrowernumber})->extended_attributes->count,
'Extended attributes are not deleted'
);
is( $patron->get_extended_attribute( $attr_type2->{code} )->attribute, 'BAR', 'Mapped attribute is BAR' );
$auth->unmock('update_local');
$auth->unmock('ldap_entry_2_hash');
$update = 0;
$desired_count_result = 0; # user auth problem
$patron->delete;
reload_ldap_module();
is(
C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' ),
0,
'checkpw_ldap returns 0 if user lookup returns 0'
);
$desired_bind_result = 'error';
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
'checkpw_ldap prints correct warning if LDAP bind fails';
is( $ret, -1,
'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
# regression tests for bug 12831
$desired_authentication_result = 'error';
$anonymous_bind = 0;
$desired_admin_bind_result = 'error';
$desired_search_result = 'success';
$desired_count_result = 0; # user auth problem
$desired_bind_result = 'error';
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
'checkpw_ldap prints correct warning if LDAP bind fails';
is( $ret, 0,
'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
};
subtest 'auth_by_bind = 0 tests' => sub {
plan tests => 8;
$auth_by_bind = 0;
# Anonymous bind
$anonymous_bind = 1;
$user = 'cn=Manager,dc=metavore,dc=com';
$pass = 'metavore';
$desired_admin_bind_result = 'error';
$desired_bind_result = 'error';
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
'checkpw_ldap prints correct warning if LDAP bind fails';
is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
$anonymous_bind = 1;
$desired_admin_bind_result = 'success';
$desired_bind_result = 'error';
$desired_search_result = 'success';
$desired_count_result = 1;
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP Auth rejected : invalid password for user 'hola'./,
'checkpw_ldap prints correct warning if LDAP bind fails';
is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
# Non-anonymous bind
$anonymous_bind = 0;
$desired_admin_bind_result = 'error';
$desired_bind_result = 'error';
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
'checkpw_ldap prints correct warning if LDAP bind fails';
is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
$anonymous_bind = 0;
$desired_admin_bind_result = 'success';
$desired_bind_result = 'error';
reload_ldap_module();
warning_like {
$ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
password => 'hey' );
}
qr/LDAP Auth rejected : invalid password for user 'hola'./,
'checkpw_ldap prints correct warning if LDAP bind fails';
is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
};
};
subtest 'search_method tests' => sub {
plan tests => 3;
my $ldap = mock_net_ldap();
# Null params tests
is( C4::Auth_with_ldap::search_method( $ldap, undef ),
undef, 'search_method returns undef on undefined userid' );
is( C4::Auth_with_ldap::search_method( undef, 'undef' ),
undef, 'search_method returns undef on undefined ldap object' );
# search ->code and !->code
$desired_search_result = 'error';
reload_ldap_module();
my $eval_retval =
eval { $ret = C4::Auth_with_ldap::search_method( $ldap, 'undef' ); };
like(
$@,
qr/LDAP search failed to return object : 1/,
'search_method prints correct warning when db->search returns error code'
);
};
# Function that mocks the call to C4::Context->config(param)
sub mockedC4Config {
my $class = shift;
my $param = shift;
if ( $param eq 'useshibboleth' ) {
return 0;
}
if ( $param eq 'ldapserver' ) {
my %ldap_mapping = (
firstname => { is => 'givenname' },
surname => { is => 'sn' },
address => { is => 'postaladdress' },
city => { is => 'l' },
zipcode => { is => 'postalcode' },
branchcode => { is => 'branch' },
userid => { is => 'uid' },
password => { is => 'userpassword' },
email => { is => 'mail' },
categorycode => { is => 'employeetype' },
phone => { is => 'telephonenumber' },
);
my %ldap_config = (
anonymous_bind => $anonymous_bind,
auth_by_bind => $auth_by_bind,
base => 'dc=metavore,dc=com',
hostname => 'localhost',
mapping => \%ldap_mapping,
pass => $pass,
principal_name => '%s@my_domain.com',
replicate => $replicate,
update => $update,
user => $user,
);
return \%ldap_config;
}
if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
return q{};
}
if ( ref $class eq 'HASH' ) {
return $class->{$param};
}
return C4::Context::_common_config($param, 'config');
}
# Function that mocks the call to Net::LDAP
sub mock_net_ldap {
my $mocked_ldap = Test::MockObject->new();
$mocked_ldap->mock( 'bind', sub {
if (is_admin_bind(@_)) {
return mock_net_ldap_message(
($desired_admin_bind_result eq 'error' ) ? 1 : 0, # code
($desired_admin_bind_result eq 'error' ) ? 1 : 0, # error
($desired_admin_bind_result eq 'error' ) ? 'error_name' : 0, # error_name
($desired_admin_bind_result eq 'error' ) ? 'error_text' : 0 # error_text
);
}
else {
if ( $desired_bind_result eq 'error' ) {
return mock_net_ldap_message(1,1,'error_name','error_text');
}
return mock_net_ldap_message(0,0,'','');
}
});
$mocked_ldap->mock(
'search',
sub {
$remaining_entry = 1;
return mock_net_ldap_search(
{
count => ($desired_count_result)
? $desired_count_result
: 1, # default to 1
code => ( $desired_search_result eq 'error' )
? 1
: 0, # 0 == success
error => ( $desired_search_result eq 'error' ) ? 1
: 0,
error_text => ( $desired_search_result eq 'error' )
? 'error_text'
: undef,
error_name => ( $desired_search_result eq 'error' )
? 'error_name'
: undef,
shift_entry => mock_net_ldap_entry( 'sampledn', 1 )
}
);
}
);
return $mocked_ldap;
}
sub mock_net_ldap_search {
my ($parameters) = @_;
my $count = $parameters->{count};
my $code = $parameters->{code};
my $error = $parameters->{error};
my $error_text = $parameters->{error_text};
my $error_name = $parameters->{error_name};
my $shift_entry = $parameters->{shift_entry};
my $mocked_search = Test::MockObject->new();
$mocked_search->mock( 'count', sub { return $count; } );
$mocked_search->mock( 'code', sub { return $code; } );
$mocked_search->mock( 'error', sub { return $error; } );
$mocked_search->mock( 'error_name', sub { return $error_name; } );
$mocked_search->mock( 'error_text', sub { return $error_text; } );
$mocked_search->mock( 'shift_entry', sub {
if ($remaining_entry) {
$remaining_entry--;
return $shift_entry;
}
return '';
});
return $mocked_search;
}
sub mock_net_ldap_message {
my ( $code, $error, $error_name, $error_text ) = @_;
my $mocked_message = Test::MockObject->new();
$mocked_message->mock( 'code', sub { $code } );
$mocked_message->mock( 'error', sub { $error } );
$mocked_message->mock( 'error_name', sub { $error_name } );
$mocked_message->mock( 'error_text', sub { $error_text } );
return $mocked_message;
}
sub mock_net_ldap_entry {
my ( $dn, $exists ) = @_;
my $mocked_entry = Test::MockObject->new();
$mocked_entry->mock( 'dn', sub { return $dn; } );
$mocked_entry->mock( 'exists', sub { return $exists } );
return $mocked_entry;
}
# TODO: Once we remove the global variables in C4::Auth_with_ldap
# we shouldn't need this...
# ... Horrible hack
sub reload_ldap_module {
delete $INC{'C4/Auth_with_ldap.pm'};
require C4::Auth_with_ldap;
C4::Auth_with_ldap->import;
return;
}
sub is_admin_bind {
my @args = @_;
if ($#args <= 1 || $args[1] eq 'cn=Manager,dc=metavore,dc=com') {
return 1;
}
return 0;
}
$schema->storage->txn_rollback();