3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 4;
24 use t::lib::TestBuilder;
32 my $schema = Koha::Database->new->schema;
33 $schema->storage->txn_begin();
35 my $builder = t::lib::TestBuilder->new();
37 # Variables controlling LDAP server config
41 my $anonymous_bind = 1;
42 my $user = 'cn=Manager,dc=metavore,dc=com';
43 my $pass = 'metavore';
45 # Variables controlling LDAP behaviour
46 my $desired_authentication_result = 'success';
47 my $desired_connection_result = 'error';
48 my $desired_admin_bind_result = 'error';
49 my $desired_search_result = 'error';
50 my $desired_count_result = 1;
51 my $desired_bind_result = 'error';
52 my $remaining_entry = 1;
55 # Mock the context module
56 my $context = Test::MockModule->new('C4::Context');
57 $context->mock( 'config', \&mockedC4Config );
59 # Mock the Net::LDAP module
60 my $net_ldap = Test::MockModule->new('Net::LDAP');
65 if ( $desired_connection_result eq 'error' ) {
67 # We were asked to fail the LDAP conexion
71 # Return a mocked Net::LDAP object (Test::MockObject)
72 return mock_net_ldap();
77 my $categorycode = $builder->build( { source => 'Category' } )->{categorycode};
78 my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode};
79 my $attr_type = $builder->build(
81 source => 'BorrowerAttributeType',
83 category_code => $categorycode
87 my $attr_type2 = $builder->build(
89 source => 'BorrowerAttributeType',
91 category_code => $categorycode
96 my $borrower = $builder->build(
101 branchcode => $branchcode,
102 categorycode => $categorycode
109 source => 'BorrowerAttribute',
111 borrowernumber => $borrower->{borrowernumber},
112 code => $attr_type->{code},
118 my $patron = Koha::Patrons->find($borrower->{borrowernumber});
120 # C4::Auth_with_ldap needs several stuff set first ^^^
121 use_ok('C4::Auth_with_ldap', qw( checkpw_ldap ));
123 'C4::Auth_with_ldap', qw/
128 subtest 'checkpw_ldap tests' => sub {
132 ## Connection fail tests
133 $desired_connection_result = 'error';
136 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' );
138 'LDAP connexion failed',
139 'checkpw_ldap prints correct warning if LDAP conexion fails';
140 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
142 ## Connection success tests
143 $desired_connection_result = 'success';
145 subtest 'auth_by_bind = 1 tests' => sub {
151 $desired_authentication_result = 'success';
153 $desired_admin_bind_result = 'error';
154 $desired_search_result = 'error';
155 reload_ldap_module();
158 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
161 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
162 'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
163 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
168 reload_ldap_module();
171 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
174 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
175 'checkpw_ldap prints correct warning if LDAP bind_by_auth fails';
176 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP bind_by_auth fails' );
178 $desired_authentication_result = 'success';
180 $desired_admin_bind_result = 'success';
181 $desired_search_result = 'success';
182 $desired_count_result = 1;
183 $desired_bind_result = 'success';
185 reload_ldap_module();
187 t::lib::Mocks::mock_preference( 'ExtendedPatronAttributes', 1 );
188 my $auth = Test::MockModule->new('C4::Auth_with_ldap');
192 return $borrower->{cardnumber};
199 $attr_type2->{code}, 'BAR'
204 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' );
206 Koha::Patrons->find($borrower->{borrowernumber})->extended_attributes->count,
207 'Extended attributes are not deleted'
210 is( $patron->get_extended_attribute( $attr_type2->{code} )->attribute, 'BAR', 'Mapped attribute is BAR' );
211 $auth->unmock('update_local');
212 $auth->unmock('ldap_entry_2_hash');
215 $desired_count_result = 0; # user auth problem
217 reload_ldap_module();
219 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' ),
221 'checkpw_ldap returns 0 if user lookup returns 0'
224 $desired_bind_result = 'error';
225 reload_ldap_module();
228 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
231 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
232 'checkpw_ldap prints correct warning if LDAP bind fails';
234 'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
236 # regression tests for bug 12831
237 $desired_authentication_result = 'error';
239 $desired_admin_bind_result = 'error';
240 $desired_search_result = 'success';
241 $desired_count_result = 0; # user auth problem
242 $desired_bind_result = 'error';
243 reload_ldap_module();
246 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
249 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
250 'checkpw_ldap prints correct warning if LDAP bind fails';
252 'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
256 subtest 'auth_by_bind = 0 tests' => sub {
264 $user = 'cn=Manager,dc=metavore,dc=com';
266 $desired_admin_bind_result = 'error';
267 $desired_bind_result = 'error';
268 reload_ldap_module();
271 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
274 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
275 'checkpw_ldap prints correct warning if LDAP bind fails';
276 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
279 $desired_admin_bind_result = 'success';
280 $desired_bind_result = 'error';
281 $desired_search_result = 'success';
282 $desired_count_result = 1;
283 reload_ldap_module();
286 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
289 qr/LDAP Auth rejected : invalid password for user 'hola'./,
290 'checkpw_ldap prints correct warning if LDAP bind fails';
291 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
295 $desired_admin_bind_result = 'error';
296 $desired_bind_result = 'error';
297 reload_ldap_module();
300 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
303 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
304 'checkpw_ldap prints correct warning if LDAP bind fails';
305 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
308 $desired_admin_bind_result = 'success';
309 $desired_bind_result = 'error';
310 reload_ldap_module();
313 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
316 qr/LDAP Auth rejected : invalid password for user 'hola'./,
317 'checkpw_ldap prints correct warning if LDAP bind fails';
318 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
323 subtest 'search_method tests' => sub {
327 my $ldap = mock_net_ldap();
330 is( C4::Auth_with_ldap::search_method( $ldap, undef ),
331 undef, 'search_method returns undef on undefined userid' );
332 is( C4::Auth_with_ldap::search_method( undef, 'undef' ),
333 undef, 'search_method returns undef on undefined ldap object' );
335 # search ->code and !->code
336 $desired_search_result = 'error';
337 reload_ldap_module();
339 eval { $ret = C4::Auth_with_ldap::search_method( $ldap, 'undef' ); };
342 qr/LDAP search failed to return object : 1/,
343 'search_method prints correct warning when db->search returns error code'
347 # Function that mocks the call to C4::Context->config(param)
352 if ( $param eq 'useshibboleth' ) {
355 if ( $param eq 'ldapserver' ) {
357 firstname => { is => 'givenname' },
358 surname => { is => 'sn' },
359 address => { is => 'postaladdress' },
360 city => { is => 'l' },
361 zipcode => { is => 'postalcode' },
362 branchcode => { is => 'branch' },
363 userid => { is => 'uid' },
364 password => { is => 'userpassword' },
365 email => { is => 'mail' },
366 categorycode => { is => 'employeetype' },
367 phone => { is => 'telephonenumber' },
371 anonymous_bind => $anonymous_bind,
372 auth_by_bind => $auth_by_bind,
373 base => 'dc=metavore,dc=com',
374 hostname => 'localhost',
375 mapping => \%ldap_mapping,
377 principal_name => '%s@my_domain.com',
378 replicate => $replicate,
382 return \%ldap_config;
384 if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
387 if ( ref $class eq 'HASH' ) {
388 return $class->{$param};
391 return C4::Context::_common_config($param, 'config');
394 # Function that mocks the call to Net::LDAP
397 my $mocked_ldap = Test::MockObject->new();
399 $mocked_ldap->mock( 'bind', sub {
400 if (is_admin_bind(@_)) {
401 return mock_net_ldap_message(
402 ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # code
403 ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # error
404 ($desired_admin_bind_result eq 'error' ) ? 'error_name' : 0, # error_name
405 ($desired_admin_bind_result eq 'error' ) ? 'error_text' : 0 # error_text
409 if ( $desired_bind_result eq 'error' ) {
410 return mock_net_ldap_message(1,1,'error_name','error_text');
412 return mock_net_ldap_message(0,0,'','');
420 $remaining_entry = 1;
422 return mock_net_ldap_search(
424 count => ($desired_count_result)
425 ? $desired_count_result
427 code => ( $desired_search_result eq 'error' )
430 error => ( $desired_search_result eq 'error' ) ? 1
432 error_text => ( $desired_search_result eq 'error' )
435 error_name => ( $desired_search_result eq 'error' )
438 shift_entry => mock_net_ldap_entry( 'sampledn', 1 )
448 sub mock_net_ldap_search {
449 my ($parameters) = @_;
451 my $count = $parameters->{count};
452 my $code = $parameters->{code};
453 my $error = $parameters->{error};
454 my $error_text = $parameters->{error_text};
455 my $error_name = $parameters->{error_name};
456 my $shift_entry = $parameters->{shift_entry};
458 my $mocked_search = Test::MockObject->new();
459 $mocked_search->mock( 'count', sub { return $count; } );
460 $mocked_search->mock( 'code', sub { return $code; } );
461 $mocked_search->mock( 'error', sub { return $error; } );
462 $mocked_search->mock( 'error_name', sub { return $error_name; } );
463 $mocked_search->mock( 'error_text', sub { return $error_text; } );
464 $mocked_search->mock( 'shift_entry', sub {
465 if ($remaining_entry) {
472 return $mocked_search;
475 sub mock_net_ldap_message {
476 my ( $code, $error, $error_name, $error_text ) = @_;
478 my $mocked_message = Test::MockObject->new();
479 $mocked_message->mock( 'code', sub { $code } );
480 $mocked_message->mock( 'error', sub { $error } );
481 $mocked_message->mock( 'error_name', sub { $error_name } );
482 $mocked_message->mock( 'error_text', sub { $error_text } );
484 return $mocked_message;
487 sub mock_net_ldap_entry {
488 my ( $dn, $exists ) = @_;
490 my $mocked_entry = Test::MockObject->new();
491 $mocked_entry->mock( 'dn', sub { return $dn; } );
492 $mocked_entry->mock( 'exists', sub { return $exists } );
494 return $mocked_entry;
497 # TODO: Once we remove the global variables in C4::Auth_with_ldap
498 # we shouldn't need this...
500 sub reload_ldap_module {
501 delete $INC{'C4/Auth_with_ldap.pm'};
502 require C4::Auth_with_ldap;
503 C4::Auth_with_ldap->import;
510 if ($#args <= 1 || $args[1] eq 'cn=Manager,dc=metavore,dc=com') {
517 $schema->storage->txn_rollback();