3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 4;
27 my $dbh = C4::Context->dbh;
29 $dbh->{ AutoCommit } = 0;
30 $dbh->{ RaiseError } = 1;
32 # Variables controlling LDAP server config
36 my $anonymous_bind = 1;
37 # Variables controlling LDAP behaviour
38 my $desired_authentication_result = 'success';
39 my $desired_connection_result = 'error';
40 my $desired_bind_result = 'error';
41 my $desired_compare_result = 'error';
42 my $desired_search_result = 'error';
43 my $desired_count_result = 1;
44 my $non_anonymous_bind_result = 'error';
47 # Mock the context module
48 my $context = new Test::MockModule( 'C4::Context' );
49 $context->mock( 'config', \&mockedC4Config );
51 # Mock the Net::LDAP module
52 my $ldap = new Test::MockModule( 'Net::LDAP' );
54 $ldap->mock( 'new', sub {
55 if ( $desired_connection_result eq 'error' ) {
56 # We were asked to fail the LDAP conexion
59 # Return a mocked Net::LDAP object (Test::MockObject)
60 return mock_net_ldap();
65 # C4::Auth_with_ldap needs several stuff set first ^^^
66 use_ok( 'C4::Auth_with_ldap' );
67 can_ok( 'C4::Auth_with_ldap', qw/
71 subtest "checkpw_ldap tests" => sub {
75 ## Connection fail tests
76 $desired_connection_result = 'error';
77 warning_is { $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' ) }
78 "LDAP connexion failed",
79 "checkpw_ldap prints correct warning if LDAP conexion fails";
80 is( $ret, 0, "checkpw_ldap returns 0 if LDAP conexion fails");
82 ## Connection success tests
83 $desired_connection_result = 'success';
85 subtest "auth_by_bind = 1 tests" => sub {
91 $desired_authentication_result = 'success';
93 $desired_bind_result = 'error';
94 $desired_search_result = 'error';
98 warning_like { $ret = C4::Auth_with_ldap::checkpw_ldap(
99 $dbh, 'hola', password => 'hey' ) }
100 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
101 "checkpw_ldap prints correct warning if LDAP anonymous bind fails";
102 is( $ret, 0, "checkpw_ldap returns 0 if LDAP anonymous bind fails");
104 $desired_authentication_result = 'success';
106 $desired_bind_result = 'success';
107 $desired_search_result = 'success';
108 $desired_count_result = 0; # user auth problem
109 $non_anonymous_bind_result = 'success';
110 reload_ldap_module();
111 is ( C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' ),
112 0, "checkpw_ldap returns 0 if user lookup returns 0");
114 $non_anonymous_bind_result = 'error';
115 reload_ldap_module();
117 warning_like { $ret = C4::Auth_with_ldap::checkpw_ldap(
118 $dbh, 'hola', password => 'hey' ) }
119 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
120 "checkpw_ldap prints correct warning if LDAP bind fails";
121 is ( $ret, -1, "checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)");
124 subtest "auth_by_bind = 0 tests" => sub {
132 $desired_bind_result = 'error';
133 $non_anonymous_bind_result = 'error';
134 reload_ldap_module();
136 warning_like { $ret = C4::Auth_with_ldap::checkpw_ldap(
137 $dbh, 'hola', password => 'hey' ) }
138 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
139 "checkpw_ldap prints correct warning if LDAP bind fails";
140 is ( $ret, 0, "checkpw_ldap returns 0 if bind fails");
143 $desired_bind_result = 'success';
144 $non_anonymous_bind_result = 'success';
145 $desired_compare_result = 'error';
146 reload_ldap_module();
148 warning_like { $ret = C4::Auth_with_ldap::checkpw_ldap(
149 $dbh, 'hola', password => 'hey' ) }
150 qr/LDAP Auth rejected : invalid password for user 'hola'. LDAP error #1: error_name/,
151 "checkpw_ldap prints correct warning if LDAP bind fails";
152 is ( $ret, -1, "checkpw_ldap returns -1 if bind fails (Bug 8148)");
156 $desired_bind_result = 'success';
157 $non_anonymous_bind_result = 'error';
158 $desired_compare_result = 'dont care';
159 reload_ldap_module();
161 warning_like { $ret = C4::Auth_with_ldap::checkpw_ldap(
162 $dbh, 'hola', password => 'hey' ) }
163 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
164 "checkpw_ldap prints correct warning if LDAP bind fails";
165 is ( $ret, 0, "checkpw_ldap returns 0 if bind fails");
168 $desired_bind_result = 'success';
169 $non_anonymous_bind_result = 'success';
170 $desired_compare_result = 'error';
171 reload_ldap_module();
173 warning_like { $ret = C4::Auth_with_ldap::checkpw_ldap(
174 $dbh, 'hola', password => 'hey' ) }
175 qr/LDAP Auth rejected : invalid password for user 'hola'. LDAP error #1: error_name/,
176 "checkpw_ldap prints correct warning if LDAP bind fails";
177 is ( $ret, -1, "checkpw_ldap returns -1 if bind fails (Bug 8148)");
182 subtest "search_method tests" => sub {
186 my $ldap = mock_net_ldap();
189 is( C4::Auth_with_ldap::search_method( $ldap, undef), undef,
190 "search_method returns undef on undefined userid");
191 is( C4::Auth_with_ldap::search_method( undef, "undef"), undef,
192 "search_method returns undef on undefined ldap object");
194 # search ->code and !->code
195 $desired_search_result = 'error';
196 reload_ldap_module();
197 eval { $ret = C4::Auth_with_ldap::search_method( $ldap, "undef"); };
198 like( $@, qr/LDAP search failed to return object : 1/,
199 "search_method prints correct warning when db->search returns error code");
201 $desired_search_result = 'success';
202 $desired_count_result = 2;
203 reload_ldap_module();
204 warning_like { $ret = C4::Auth_with_ldap::search_method( $ldap, '123') }
205 qr/^LDAP Auth rejected \: \(uid\=123\) gets 2 hits/,
206 "search_method prints correct warning when hits count is not 1";
207 is( $ret, 0, "search_method returns 0 when hits count is not 1" );
211 # Function that mocks the call to C4::Context->config(param)
217 firstname => { is => 'givenname' },
218 surname => { is => 'sn' },
219 address => { is => 'postaladdress' },
220 city => { is => 'l' },
221 zipcode => { is => 'postalcode' },
222 branchcode => { is => 'branch' },
223 userid => { is => 'uid' },
224 password => { is => 'userpassword' },
225 email => { is => 'mail' },
226 categorycode => { is => 'employeetype' },
227 phone => { is => 'telephonenumber' }
231 anonymous_bind => $anonymous_bind,
232 auth_by_bind => $auth_by_bind,
233 base => 'dc=metavore,dc=com',
234 hostname => 'localhost',
235 mapping => \%ldap_mapping,
237 principal_name => '%s@my_domain.com',
238 replicate => $replicate,
240 user => 'cn=Manager,dc=metavore,dc=com'
243 return \%ldap_config;
246 # Function that mocks the call to Net::LDAP
249 my $mocked_ldap = Test::MockObject->new();
251 $mocked_ldap->mock( 'bind', sub {
257 # Args passed => non-anonymous bind
258 if ( $non_anonymous_bind_result eq 'error' ) {
259 return mock_net_ldap_message(1,1,'error_name','error_text');
261 return mock_net_ldap_message(0,0,'','');
264 $mocked_message = mock_net_ldap_message(
265 ($desired_bind_result eq 'error' ) ? 1 : 0, # code
266 ($desired_bind_result eq 'error' ) ? 1 : 0, # error
267 ($desired_bind_result eq 'error' ) ? 'error_name' : 0, # error_name
268 ($desired_bind_result eq 'error' ) ? 'error_text' : 0 # error_text
272 return $mocked_message;
275 $mocked_ldap->mock( 'compare', sub {
279 if ( $desired_compare_result eq 'error' ) {
280 $mocked_message = mock_net_ldap_message(1,1,'error_name','error_text');
282 # we expect return code 6 for success
283 $mocked_message = mock_net_ldap_message(6,0,'','');
286 return $mocked_message;
289 $mocked_ldap->mock( 'search', sub {
291 return mock_net_ldap_search(
292 ( $desired_count_result ) # count
293 ? $desired_count_result
295 ( $desired_search_result eq 'error' ) # code
298 ( $desired_search_result eq 'error' ) # error
301 ( $desired_search_result eq 'error' ) # error_text
304 ( $desired_search_result eq 'error' ) # error_name
307 mock_net_ldap_entry( 'sampledn', 1 ) # shift_entry
315 sub mock_net_ldap_search {
316 my ( $count, $code, $error, $error_text,
317 $error_name, $shift_entry ) = @_;
319 my $mocked_search = Test::MockObject->new();
320 $mocked_search->mock( 'count', sub { return $count; } );
321 $mocked_search->mock( 'code', sub { return $code; } );
322 $mocked_search->mock( 'error', sub { return $error; } );
323 $mocked_search->mock( 'error_name', sub { return $error_name; } );
324 $mocked_search->mock( 'error_text', sub { return $error_text; } );
325 $mocked_search->mock( 'shift_entry', sub { return $shift_entry; } );
327 return $mocked_search;
330 sub mock_net_ldap_message {
331 my ( $code, $error, $error_name, $error_text ) = @_;
333 my $mocked_message = Test::MockObject->new();
334 $mocked_message->mock( 'code', sub { $code } );
335 $mocked_message->mock( 'error', sub { $error } );
336 $mocked_message->mock( 'error_name', sub { $error_name } );
337 $mocked_message->mock( 'error_text', sub { $error_text } );
339 return $mocked_message;
342 sub mock_net_ldap_entry {
343 my ( $dn, $exists ) = @_;
345 my $mocked_entry = Test::MockObject->new();
346 $mocked_entry->mock( 'dn', sub { return $dn; } );
347 $mocked_entry->mock( 'exists', sub { return $exists } );
349 return $mocked_entry;
352 # TODO: Once we remove the global variables in C4::Auth_with_ldap
353 # we shouldn't need this...
355 sub reload_ldap_module {
356 delete $INC{'C4/Auth_with_ldap.pm'};
357 require C4::Auth_with_ldap;
358 C4::Auth_with_ldap->import;