3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 4;
24 use t::lib::TestBuilder;
31 # Hide all the subrouteine redefined warnings when running this test..
32 # We reload the ldap module lots in the test and each reload triggers the
33 # 'Subroutine X redefined at' warning.. disable that to make the test output
35 $SIG{__WARN__} = sub {
37 warn $warning unless $warning =~ /Subroutine .* redefined at/;
41 my $schema = Koha::Database->new->schema;
42 $schema->storage->txn_begin();
44 my $builder = t::lib::TestBuilder->new();
46 # Variables controlling LDAP server config
51 my $anonymous_bind = 1;
52 my $user = 'cn=Manager,dc=metavore,dc=com';
53 my $pass = 'metavore';
55 # Variables controlling LDAP behaviour
56 my $desired_authentication_result = 'success';
57 my $desired_connection_result = 'error';
58 my $desired_admin_bind_result = 'error';
59 my $desired_search_result = 'error';
60 my $desired_count_result = 1;
61 my $desired_bind_result = 'error';
62 my $remaining_entry = 1;
65 # Mock the context module
66 my $context = Test::MockModule->new('C4::Context');
67 $context->mock( 'config', \&mockedC4Config );
69 # Mock the Net::LDAP module
70 my $net_ldap = Test::MockModule->new('Net::LDAP');
75 if ( $desired_connection_result eq 'error' ) {
77 # We were asked to fail the LDAP conexion
81 # Return a mocked Net::LDAP object (Test::MockObject)
82 return mock_net_ldap();
87 my $categorycode = $builder->build( { source => 'Category' } )->{categorycode};
88 my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode};
89 my $attr_type = $builder->build(
91 source => 'BorrowerAttributeType',
93 category_code => $categorycode
97 my $attr_type2 = $builder->build(
99 source => 'BorrowerAttributeType',
101 category_code => $categorycode
106 my $borrower = $builder->build(
108 source => 'Borrower',
111 branchcode => $branchcode,
112 categorycode => $categorycode
119 source => 'BorrowerAttribute',
121 borrowernumber => $borrower->{borrowernumber},
122 code => $attr_type->{code},
128 my $patron = Koha::Patrons->find($borrower->{borrowernumber});
130 # C4::Auth_with_ldap needs several stuff set first ^^^
131 use_ok('C4::Auth_with_ldap', qw( checkpw_ldap ));
133 'C4::Auth_with_ldap', qw/
138 subtest 'checkpw_ldap tests' => sub {
142 ## Connection fail tests
143 $desired_connection_result = 'error';
146 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' );
148 'LDAP connexion failed',
149 'checkpw_ldap prints correct warning if LDAP conexion fails';
150 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
152 ## Connection success tests
153 $desired_connection_result = 'success';
155 subtest 'auth_by_bind = 1 tests' => sub {
161 $desired_authentication_result = 'success';
163 $desired_admin_bind_result = 'error';
164 $desired_search_result = 'error';
165 reload_ldap_module();
168 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
171 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
172 'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
173 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
178 reload_ldap_module();
181 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
184 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
185 'checkpw_ldap prints correct warning if LDAP bind_by_auth fails';
186 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP bind_by_auth fails' );
188 $desired_authentication_result = 'success';
190 $desired_admin_bind_result = 'success';
191 $desired_search_result = 'success';
192 $desired_count_result = 1;
193 $desired_bind_result = 'success';
195 reload_ldap_module();
197 t::lib::Mocks::mock_preference( 'ExtendedPatronAttributes', 1 );
198 my $auth = Test::MockModule->new('C4::Auth_with_ldap');
202 return $borrower->{cardnumber};
209 $attr_type2->{code}, 'BAR'
214 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' );
216 Koha::Patrons->find($borrower->{borrowernumber})->extended_attributes->count,
217 'Extended attributes are not deleted'
220 is( $patron->get_extended_attribute( $attr_type2->{code} )->attribute, 'BAR', 'Mapped attribute is BAR' );
221 $auth->unmock('update_local');
222 $auth->unmock('ldap_entry_2_hash');
225 $desired_count_result = 0; # user auth problem
227 reload_ldap_module();
229 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' ),
231 'checkpw_ldap returns 0 if user lookup returns 0'
234 # test replicate functionality and welcome notice
235 $desired_authentication_result = 'success';
237 $desired_admin_bind_result = 'success';
238 $desired_search_result = 'success';
239 $desired_count_result = 1;
240 $desired_bind_result = 'success';
243 reload_ldap_module();
250 branchcode => $branchcode,
251 categorycode => $categorycode,
252 email => 'me@myemail.com',
257 C4::Auth_with_ldap::checkpw_ldap( 'hola', password => 'hey' );
258 my $patrons = Koha::Patrons->search( { userid => 'hola' } );
259 is( $patrons->count, 1, 'New patron added with "replicate"' );
261 $patron = $patrons->next;
262 my $queued_notices = Koha::Notice::Messages->search(
263 { borrowernumber => $patron->borrowernumber } );
264 is( $queued_notices->count, 1,
265 "One notice queued when `welcome` is set" );
267 my $THE_notice = $queued_notices->next;
268 is( $THE_notice->status, 'failed', "The notice was sent immediately" );
274 $auth->unmock('ldap_entry_2_hash');
275 # end replicate testing
277 $desired_count_result = 0;
278 $desired_bind_result = 'error';
279 reload_ldap_module();
282 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
285 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
286 'checkpw_ldap prints correct warning if LDAP bind fails';
288 'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
290 # regression tests for bug 12831
291 $desired_authentication_result = 'error';
293 $desired_admin_bind_result = 'error';
294 $desired_search_result = 'success';
295 $desired_count_result = 0; # user auth problem
296 $desired_bind_result = 'error';
297 reload_ldap_module();
300 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
303 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
304 'checkpw_ldap prints correct warning if LDAP bind fails';
306 'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
310 subtest 'auth_by_bind = 0 tests' => sub {
318 $user = 'cn=Manager,dc=metavore,dc=com';
320 $desired_admin_bind_result = 'error';
321 $desired_bind_result = 'error';
322 reload_ldap_module();
325 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
328 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
329 'checkpw_ldap prints correct warning if LDAP bind fails';
330 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
333 $desired_admin_bind_result = 'success';
334 $desired_bind_result = 'error';
335 $desired_search_result = 'success';
336 $desired_count_result = 1;
337 reload_ldap_module();
340 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
343 qr/LDAP Auth rejected : invalid password for user 'hola'./,
344 'checkpw_ldap prints correct warning if LDAP bind fails';
345 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
349 $desired_admin_bind_result = 'error';
350 $desired_bind_result = 'error';
351 reload_ldap_module();
354 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
357 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
358 'checkpw_ldap prints correct warning if LDAP bind fails';
359 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
362 $desired_admin_bind_result = 'success';
363 $desired_bind_result = 'error';
364 reload_ldap_module();
367 $ret = C4::Auth_with_ldap::checkpw_ldap( 'hola',
370 qr/LDAP Auth rejected : invalid password for user 'hola'./,
371 'checkpw_ldap prints correct warning if LDAP bind fails';
372 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
377 subtest 'search_method tests' => sub {
381 my $ldap = mock_net_ldap();
384 is( C4::Auth_with_ldap::search_method( $ldap, undef ),
385 undef, 'search_method returns undef on undefined userid' );
386 is( C4::Auth_with_ldap::search_method( undef, 'undef' ),
387 undef, 'search_method returns undef on undefined ldap object' );
389 # search ->code and !->code
390 $desired_search_result = 'error';
391 reload_ldap_module();
393 eval { $ret = C4::Auth_with_ldap::search_method( $ldap, 'undef' ); };
396 qr/LDAP search failed to return object : 1/,
397 'search_method prints correct warning when db->search returns error code'
401 # Function that mocks the call to C4::Context->config(param)
406 if ( $param eq 'useshibboleth' ) {
409 if ( $param eq 'ldapserver' ) {
411 firstname => { is => 'givenname' },
412 surname => { is => 'sn' },
413 address => { is => 'postaladdress' },
414 city => { is => 'l' },
415 zipcode => { is => 'postalcode' },
416 branchcode => { is => 'branch' },
417 userid => { is => 'uid' },
418 password => { is => 'userpassword' },
419 email => { is => 'mail' },
420 categorycode => { is => 'employeetype' },
421 phone => { is => 'telephonenumber' },
425 anonymous_bind => $anonymous_bind,
426 auth_by_bind => $auth_by_bind,
427 base => 'dc=metavore,dc=com',
428 hostname => 'localhost',
429 mapping => \%ldap_mapping,
431 principal_name => '%s@my_domain.com',
432 replicate => $replicate,
437 return \%ldap_config;
439 if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
442 if ( ref $class eq 'HASH' ) {
443 return $class->{$param};
446 return C4::Context::_common_config($param, 'config');
449 # Function that mocks the call to Net::LDAP
452 my $mocked_ldap = Test::MockObject->new();
454 $mocked_ldap->mock( 'bind', sub {
455 if (is_admin_bind(@_)) {
456 return mock_net_ldap_message(
457 ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # code
458 ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # error
459 ($desired_admin_bind_result eq 'error' ) ? 'error_name' : 0, # error_name
460 ($desired_admin_bind_result eq 'error' ) ? 'error_text' : 0 # error_text
464 if ( $desired_bind_result eq 'error' ) {
465 return mock_net_ldap_message(1,1,'error_name','error_text');
467 return mock_net_ldap_message(0,0,'','');
475 $remaining_entry = 1;
477 return mock_net_ldap_search(
479 count => ($desired_count_result)
480 ? $desired_count_result
482 code => ( $desired_search_result eq 'error' )
485 error => ( $desired_search_result eq 'error' ) ? 1
487 error_text => ( $desired_search_result eq 'error' )
490 error_name => ( $desired_search_result eq 'error' )
493 shift_entry => mock_net_ldap_entry( 'sampledn', 1 )
503 sub mock_net_ldap_search {
504 my ($parameters) = @_;
506 my $count = $parameters->{count};
507 my $code = $parameters->{code};
508 my $error = $parameters->{error};
509 my $error_text = $parameters->{error_text};
510 my $error_name = $parameters->{error_name};
511 my $shift_entry = $parameters->{shift_entry};
513 my $mocked_search = Test::MockObject->new();
514 $mocked_search->mock( 'count', sub { return $count; } );
515 $mocked_search->mock( 'code', sub { return $code; } );
516 $mocked_search->mock( 'error', sub { return $error; } );
517 $mocked_search->mock( 'error_name', sub { return $error_name; } );
518 $mocked_search->mock( 'error_text', sub { return $error_text; } );
519 $mocked_search->mock( 'shift_entry', sub {
520 if ($remaining_entry) {
527 return $mocked_search;
530 sub mock_net_ldap_message {
531 my ( $code, $error, $error_name, $error_text ) = @_;
533 my $mocked_message = Test::MockObject->new();
534 $mocked_message->mock( 'code', sub { $code } );
535 $mocked_message->mock( 'error', sub { $error } );
536 $mocked_message->mock( 'error_name', sub { $error_name } );
537 $mocked_message->mock( 'error_text', sub { $error_text } );
539 return $mocked_message;
542 sub mock_net_ldap_entry {
543 my ( $dn, $exists ) = @_;
545 my $mocked_entry = Test::MockObject->new();
546 $mocked_entry->mock( 'dn', sub { return $dn; } );
547 $mocked_entry->mock( 'exists', sub { return $exists } );
549 return $mocked_entry;
552 # TODO: Once we remove the global variables in C4::Auth_with_ldap
553 # we shouldn't need this...
555 sub reload_ldap_module {
556 delete $INC{'C4/Auth_with_ldap.pm'};
557 require C4::Auth_with_ldap;
558 C4::Auth_with_ldap->import;
565 if ($#args <= 1 || $args[1] eq 'cn=Manager,dc=metavore,dc=com') {
572 $schema->storage->txn_rollback();