3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 4;
23 use t::lib::TestBuilder;
30 my $schema = Koha::Database->new->schema;
31 $schema->storage->txn_begin;
33 my $builder = t::lib::TestBuilder->new();
35 # Variables controlling LDAP server config
39 my $anonymous_bind = 1;
41 # Variables controlling LDAP behaviour
42 my $desired_authentication_result = 'success';
43 my $desired_connection_result = 'error';
44 my $desired_bind_result = 'error';
45 my $desired_compare_result = 'error';
46 my $desired_search_result = 'error';
47 my $desired_count_result = 1;
48 my $non_anonymous_bind_result = 'error';
51 # Mock the context module
52 my $context = Test::MockModule->new('C4::Context');
53 $context->mock( 'config', \&mockedC4Config );
55 # Mock the Net::LDAP module
56 my $net_ldap = Test::MockModule->new('Net::LDAP');
61 if ( $desired_connection_result eq 'error' ) {
63 # We were asked to fail the LDAP conexion
67 # Return a mocked Net::LDAP object (Test::MockObject)
68 return mock_net_ldap();
73 my $categorycode = $builder->build( { source => 'Category' } )->{categorycode};
74 my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode};
75 my $attr_type = $builder->build(
77 source => 'BorrowerAttributeType',
79 category_code => $categorycode
84 my $borrower = $builder->build(
89 branchcode => $branchcode,
90 categorycode => $categorycode
97 source => 'BorrowerAttribute',
99 borrowernumber => $borrower->{borrowernumber},
100 code => $attr_type->{code},
106 # C4::Auth_with_ldap needs several stuff set first ^^^
107 use_ok('C4::Auth_with_ldap');
109 'C4::Auth_with_ldap', qw/
114 subtest 'checkpw_ldap tests' => sub {
118 my $dbh = C4::Context->dbh;
119 ## Connection fail tests
120 $desired_connection_result = 'error';
123 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
125 'LDAP connexion failed',
126 'checkpw_ldap prints correct warning if LDAP conexion fails';
127 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
129 ## Connection success tests
130 $desired_connection_result = 'success';
132 subtest 'auth_by_bind = 1 tests' => sub {
138 $desired_authentication_result = 'success';
140 $desired_bind_result = 'error';
141 $desired_search_result = 'error';
142 reload_ldap_module();
145 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
148 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
149 'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
150 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
152 $desired_authentication_result = 'success';
154 $desired_bind_result = 'success';
155 $desired_search_result = 'success';
156 $desired_count_result = 1;
157 $non_anonymous_bind_result = 'success';
159 reload_ldap_module();
161 my $auth = Test::MockModule->new('C4::Auth_with_ldap');
165 return $borrower->{cardnumber};
169 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
172 C4::Members::Attributes::GetBorrowerAttributes(
173 $borrower->{borrowernumber}
176 'Extended attributes are not deleted'
178 $auth->unmock('update_local');
181 $desired_count_result = 0; # user auth problem
182 Koha::Patrons->find( $borrower->{borrowernumber} )->delete;
183 reload_ldap_module();
185 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' ),
187 'checkpw_ldap returns 0 if user lookup returns 0'
190 $non_anonymous_bind_result = 'error';
191 reload_ldap_module();
194 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
197 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
198 'checkpw_ldap prints correct warning if LDAP bind fails';
200 'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
202 # regression tests for bug 12831
203 $desired_authentication_result = 'error';
205 $desired_bind_result = 'error';
206 $desired_search_result = 'success';
207 $desired_count_result = 0; # user auth problem
208 $non_anonymous_bind_result = 'error';
209 reload_ldap_module();
212 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
215 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
216 'checkpw_ldap prints correct warning if LDAP bind fails';
218 'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
222 subtest 'auth_by_bind = 0 tests' => sub {
230 $desired_bind_result = 'error';
231 $non_anonymous_bind_result = 'error';
232 reload_ldap_module();
235 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
238 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
239 'checkpw_ldap prints correct warning if LDAP bind fails';
240 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
243 $desired_bind_result = 'success';
244 $non_anonymous_bind_result = 'success';
245 $desired_compare_result = 'error';
246 reload_ldap_module();
249 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
252 qr/LDAP Auth rejected : invalid password for user 'hola'. LDAP error #1: error_name/,
253 'checkpw_ldap prints correct warning if LDAP bind fails';
254 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
258 $desired_bind_result = 'success';
259 $non_anonymous_bind_result = 'error';
260 $desired_compare_result = 'dont care';
261 reload_ldap_module();
264 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
267 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
268 'checkpw_ldap prints correct warning if LDAP bind fails';
269 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
272 $desired_bind_result = 'success';
273 $non_anonymous_bind_result = 'success';
274 $desired_compare_result = 'error';
275 reload_ldap_module();
278 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
281 qr/LDAP Auth rejected : invalid password for user 'hola'. LDAP error #1: error_name/,
282 'checkpw_ldap prints correct warning if LDAP bind fails';
283 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
288 subtest 'search_method tests' => sub {
292 my $ldap = mock_net_ldap();
295 is( C4::Auth_with_ldap::search_method( $ldap, undef ),
296 undef, 'search_method returns undef on undefined userid' );
297 is( C4::Auth_with_ldap::search_method( undef, 'undef' ),
298 undef, 'search_method returns undef on undefined ldap object' );
300 # search ->code and !->code
301 $desired_search_result = 'error';
302 reload_ldap_module();
304 eval { $ret = C4::Auth_with_ldap::search_method( $ldap, 'undef' ); };
307 qr/LDAP search failed to return object : 1/,
308 'search_method prints correct warning when db->search returns error code'
311 $desired_search_result = 'success';
312 $desired_count_result = 2;
313 reload_ldap_module();
314 warning_like { $ret = C4::Auth_with_ldap::search_method( $ldap, '123' ) }
315 qr/^LDAP Auth rejected \: \(uid\=123\) gets 2 hits/,
316 'search_method prints correct warning when hits count is not 1';
317 is( $ret, 0, 'search_method returns 0 when hits count is not 1' );
321 # Function that mocks the call to C4::Context->config(param)
326 if ( $param eq 'useshibboleth' ) {
329 if ( $param eq 'ldapserver' ) {
331 firstname => { is => 'givenname' },
332 surname => { is => 'sn' },
333 address => { is => 'postaladdress' },
334 city => { is => 'l' },
335 zipcode => { is => 'postalcode' },
336 branchcode => { is => 'branch' },
337 userid => { is => 'uid' },
338 password => { is => 'userpassword' },
339 email => { is => 'mail' },
340 categorycode => { is => 'employeetype' },
341 phone => { is => 'telephonenumber' },
345 anonymous_bind => $anonymous_bind,
346 auth_by_bind => $auth_by_bind,
347 base => 'dc=metavore,dc=com',
348 hostname => 'localhost',
349 mapping => \%ldap_mapping,
351 principal_name => '%s@my_domain.com',
352 replicate => $replicate,
354 user => 'cn=Manager,dc=metavore,dc=com',
356 return \%ldap_config;
358 if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
361 if ( ref $class eq 'HASH' ) {
362 return $class->{$param};
367 # Function that mocks the call to Net::LDAP
370 my $mocked_ldap = Test::MockObject->new();
381 # Args passed => non-anonymous bind
382 if ( $non_anonymous_bind_result eq 'error' ) {
383 return mock_net_ldap_message( 1, 1, 'error_name',
387 return mock_net_ldap_message( 0, 0, q{}, q{} );
391 $mocked_message = mock_net_ldap_message(
392 ( $desired_bind_result eq 'error' ) ? 1 : 0, # code
393 ( $desired_bind_result eq 'error' ) ? 1 : 0, # error
394 ( $desired_bind_result eq 'error' )
397 ( $desired_bind_result eq 'error' )
403 return $mocked_message;
413 if ( $desired_compare_result eq 'error' ) {
415 mock_net_ldap_message( 1, 1, 'error_name', 'error_text' );
418 # we expect return code 6 for success
419 $mocked_message = mock_net_ldap_message( 6, 0, q{}, q{} );
422 return $mocked_message;
430 return mock_net_ldap_search(
432 count => ($desired_count_result)
433 ? $desired_count_result
435 code => ( $desired_search_result eq 'error' )
438 error => ( $desired_search_result eq 'error' ) ? 1
440 error_text => ( $desired_search_result eq 'error' )
443 error_name => ( $desired_search_result eq 'error' )
446 shift_entry => mock_net_ldap_entry( 'sampledn', 1 )
456 sub mock_net_ldap_search {
457 my ($parameters) = @_;
459 my $count = $parameters->{count};
460 my $code = $parameters->{code};
461 my $error = $parameters->{error};
462 my $error_text = $parameters->{error_text};
463 my $error_name = $parameters->{error_name};
464 my $shift_entry = $parameters->{shift_entry};
466 my $mocked_search = Test::MockObject->new();
467 $mocked_search->mock( 'count', sub { return $count; } );
468 $mocked_search->mock( 'code', sub { return $code; } );
469 $mocked_search->mock( 'error', sub { return $error; } );
470 $mocked_search->mock( 'error_name', sub { return $error_name; } );
471 $mocked_search->mock( 'error_text', sub { return $error_text; } );
472 $mocked_search->mock( 'shift_entry', sub { return $shift_entry; } );
474 return $mocked_search;
477 sub mock_net_ldap_message {
478 my ( $code, $error, $error_name, $error_text ) = @_;
480 my $mocked_message = Test::MockObject->new();
481 $mocked_message->mock( 'code', sub { $code } );
482 $mocked_message->mock( 'error', sub { $error } );
483 $mocked_message->mock( 'error_name', sub { $error_name } );
484 $mocked_message->mock( 'error_text', sub { $error_text } );
486 return $mocked_message;
489 sub mock_net_ldap_entry {
490 my ( $dn, $exists ) = @_;
492 my $mocked_entry = Test::MockObject->new();
493 $mocked_entry->mock( 'dn', sub { return $dn; } );
494 $mocked_entry->mock( 'exists', sub { return $exists } );
496 return $mocked_entry;
499 # TODO: Once we remove the global variables in C4::Auth_with_ldap
500 # we shouldn't need this...
502 sub reload_ldap_module {
503 delete $INC{'C4/Auth_with_ldap.pm'};
504 require C4::Auth_with_ldap;
505 C4::Auth_with_ldap->import;
509 $schema->storage->txn_rollback;