3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Test::More tests => 4;
24 use t::lib::TestBuilder;
34 my $schema = Koha::Database->new->schema;
35 $schema->storage->txn_begin();
37 my $builder = t::lib::TestBuilder->new();
39 # Variables controlling LDAP server config
43 my $anonymous_bind = 1;
44 my $user = 'cn=Manager,dc=metavore,dc=com';
45 my $pass = 'metavore';
47 # Variables controlling LDAP behaviour
48 my $desired_authentication_result = 'success';
49 my $desired_connection_result = 'error';
50 my $desired_admin_bind_result = 'error';
51 my $desired_search_result = 'error';
52 my $desired_count_result = 1;
53 my $desired_bind_result = 'error';
54 my $remaining_entry = 1;
57 # Mock the context module
58 my $context = Test::MockModule->new('C4::Context');
59 $context->mock( 'config', \&mockedC4Config );
61 # Mock the Net::LDAP module
62 my $net_ldap = Test::MockModule->new('Net::LDAP');
67 if ( $desired_connection_result eq 'error' ) {
69 # We were asked to fail the LDAP conexion
73 # Return a mocked Net::LDAP object (Test::MockObject)
74 return mock_net_ldap();
79 my $categorycode = $builder->build( { source => 'Category' } )->{categorycode};
80 my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode};
81 my $attr_type = $builder->build(
83 source => 'BorrowerAttributeType',
85 category_code => $categorycode
89 my $attr_type2 = $builder->build(
91 source => 'BorrowerAttributeType',
93 category_code => $categorycode
98 my $borrower = $builder->build(
100 source => 'Borrower',
103 branchcode => $branchcode,
104 categorycode => $categorycode
111 source => 'BorrowerAttribute',
113 borrowernumber => $borrower->{borrowernumber},
114 code => $attr_type->{code},
120 my $patron = Koha::Patrons->find($borrower->{borrowernumber});
122 # C4::Auth_with_ldap needs several stuff set first ^^^
123 use_ok('C4::Auth_with_ldap');
125 'C4::Auth_with_ldap', qw/
130 subtest 'checkpw_ldap tests' => sub {
134 my $dbh = C4::Context->dbh;
135 ## Connection fail tests
136 $desired_connection_result = 'error';
139 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
141 'LDAP connexion failed',
142 'checkpw_ldap prints correct warning if LDAP conexion fails';
143 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP conexion fails' );
145 ## Connection success tests
146 $desired_connection_result = 'success';
148 subtest 'auth_by_bind = 1 tests' => sub {
154 $desired_authentication_result = 'success';
156 $desired_admin_bind_result = 'error';
157 $desired_search_result = 'error';
158 reload_ldap_module();
161 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
164 qr/Anonymous LDAP bind failed: LDAP error #1: error_name/,
165 'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
166 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
171 reload_ldap_module();
174 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
177 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
178 'checkpw_ldap prints correct warning if LDAP bind_by_auth fails';
179 is( $ret, 0, 'checkpw_ldap returns 0 if LDAP bind_by_auth fails' );
181 $desired_authentication_result = 'success';
183 $desired_admin_bind_result = 'success';
184 $desired_search_result = 'success';
185 $desired_count_result = 1;
186 $desired_bind_result = 'success';
188 reload_ldap_module();
190 t::lib::Mocks::mock_preference( 'ExtendedPatronAttributes', 1 );
191 my $auth = Test::MockModule->new('C4::Auth_with_ldap');
195 return $borrower->{cardnumber};
202 $attr_type2->{code}, 'BAR'
207 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' );
210 C4::Members::Attributes::GetBorrowerAttributes(
211 $borrower->{borrowernumber}
214 'Extended attributes are not deleted'
217 is( $patron->get_extended_attribute_value( $attr_type2->{code} ), 'BAR', 'Mapped attribute is BAR' );
218 $auth->unmock('update_local');
219 $auth->unmock('ldap_entry_2_hash');
222 $desired_count_result = 0; # user auth problem
224 reload_ldap_module();
226 C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola', password => 'hey' ),
228 'checkpw_ldap returns 0 if user lookup returns 0'
231 $desired_bind_result = 'error';
232 reload_ldap_module();
235 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
238 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
239 'checkpw_ldap prints correct warning if LDAP bind fails';
241 'checkpw_ldap returns -1 LDAP bind fails for user (Bug 8148)' );
243 # regression tests for bug 12831
244 $desired_authentication_result = 'error';
246 $desired_admin_bind_result = 'error';
247 $desired_search_result = 'success';
248 $desired_count_result = 0; # user auth problem
249 $desired_bind_result = 'error';
250 reload_ldap_module();
253 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
256 qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
257 'checkpw_ldap prints correct warning if LDAP bind fails';
259 'checkpw_ldap returns 0 LDAP bind fails for user (Bug 12831)' );
263 subtest 'auth_by_bind = 0 tests' => sub {
271 $user = 'cn=Manager,dc=metavore,dc=com';
273 $desired_admin_bind_result = 'error';
274 $desired_bind_result = 'error';
275 reload_ldap_module();
278 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
281 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
282 'checkpw_ldap prints correct warning if LDAP bind fails';
283 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
286 $desired_admin_bind_result = 'success';
287 $desired_bind_result = 'error';
288 $desired_search_result = 'success';
289 $desired_count_result = 1;
290 reload_ldap_module();
293 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
296 qr/LDAP Auth rejected : invalid password for user 'hola'./,
297 'checkpw_ldap prints correct warning if LDAP bind fails';
298 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
302 $desired_admin_bind_result = 'error';
303 $desired_bind_result = 'error';
304 reload_ldap_module();
307 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
310 qr/LDAP bind failed as ldapuser cn=Manager,dc=metavore,dc=com: LDAP error #1: error_name/,
311 'checkpw_ldap prints correct warning if LDAP bind fails';
312 is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
315 $desired_admin_bind_result = 'success';
316 $desired_bind_result = 'error';
317 reload_ldap_module();
320 $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
323 qr/LDAP Auth rejected : invalid password for user 'hola'./,
324 'checkpw_ldap prints correct warning if LDAP bind fails';
325 is( $ret, -1, 'checkpw_ldap returns -1 if bind fails (Bug 8148)' );
330 subtest 'search_method tests' => sub {
334 my $ldap = mock_net_ldap();
337 is( C4::Auth_with_ldap::search_method( $ldap, undef ),
338 undef, 'search_method returns undef on undefined userid' );
339 is( C4::Auth_with_ldap::search_method( undef, 'undef' ),
340 undef, 'search_method returns undef on undefined ldap object' );
342 # search ->code and !->code
343 $desired_search_result = 'error';
344 reload_ldap_module();
346 eval { $ret = C4::Auth_with_ldap::search_method( $ldap, 'undef' ); };
349 qr/LDAP search failed to return object : 1/,
350 'search_method prints correct warning when db->search returns error code'
354 # Function that mocks the call to C4::Context->config(param)
359 if ( $param eq 'useshibboleth' ) {
362 if ( $param eq 'ldapserver' ) {
364 firstname => { is => 'givenname' },
365 surname => { is => 'sn' },
366 address => { is => 'postaladdress' },
367 city => { is => 'l' },
368 zipcode => { is => 'postalcode' },
369 branchcode => { is => 'branch' },
370 userid => { is => 'uid' },
371 password => { is => 'userpassword' },
372 email => { is => 'mail' },
373 categorycode => { is => 'employeetype' },
374 phone => { is => 'telephonenumber' },
378 anonymous_bind => $anonymous_bind,
379 auth_by_bind => $auth_by_bind,
380 base => 'dc=metavore,dc=com',
381 hostname => 'localhost',
382 mapping => \%ldap_mapping,
384 principal_name => '%s@my_domain.com',
385 replicate => $replicate,
389 return \%ldap_config;
391 if ( $param =~ /(intranetdir|opachtdocs|intrahtdocs)/x ) {
394 if ( ref $class eq 'HASH' ) {
395 return $class->{$param};
400 # Function that mocks the call to Net::LDAP
403 my $mocked_ldap = Test::MockObject->new();
405 $mocked_ldap->mock( 'bind', sub {
406 if (is_admin_bind(@_)) {
407 return mock_net_ldap_message(
408 ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # code
409 ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # error
410 ($desired_admin_bind_result eq 'error' ) ? 'error_name' : 0, # error_name
411 ($desired_admin_bind_result eq 'error' ) ? 'error_text' : 0 # error_text
415 if ( $desired_bind_result eq 'error' ) {
416 return mock_net_ldap_message(1,1,'error_name','error_text');
418 return mock_net_ldap_message(0,0,'','');
426 $remaining_entry = 1;
428 return mock_net_ldap_search(
430 count => ($desired_count_result)
431 ? $desired_count_result
433 code => ( $desired_search_result eq 'error' )
436 error => ( $desired_search_result eq 'error' ) ? 1
438 error_text => ( $desired_search_result eq 'error' )
441 error_name => ( $desired_search_result eq 'error' )
444 shift_entry => mock_net_ldap_entry( 'sampledn', 1 )
454 sub mock_net_ldap_search {
455 my ($parameters) = @_;
457 my $count = $parameters->{count};
458 my $code = $parameters->{code};
459 my $error = $parameters->{error};
460 my $error_text = $parameters->{error_text};
461 my $error_name = $parameters->{error_name};
462 my $shift_entry = $parameters->{shift_entry};
464 my $mocked_search = Test::MockObject->new();
465 $mocked_search->mock( 'count', sub { return $count; } );
466 $mocked_search->mock( 'code', sub { return $code; } );
467 $mocked_search->mock( 'error', sub { return $error; } );
468 $mocked_search->mock( 'error_name', sub { return $error_name; } );
469 $mocked_search->mock( 'error_text', sub { return $error_text; } );
470 $mocked_search->mock( 'shift_entry', sub {
471 if ($remaining_entry) {
478 return $mocked_search;
481 sub mock_net_ldap_message {
482 my ( $code, $error, $error_name, $error_text ) = @_;
484 my $mocked_message = Test::MockObject->new();
485 $mocked_message->mock( 'code', sub { $code } );
486 $mocked_message->mock( 'error', sub { $error } );
487 $mocked_message->mock( 'error_name', sub { $error_name } );
488 $mocked_message->mock( 'error_text', sub { $error_text } );
490 return $mocked_message;
493 sub mock_net_ldap_entry {
494 my ( $dn, $exists ) = @_;
496 my $mocked_entry = Test::MockObject->new();
497 $mocked_entry->mock( 'dn', sub { return $dn; } );
498 $mocked_entry->mock( 'exists', sub { return $exists } );
500 return $mocked_entry;
503 # TODO: Once we remove the global variables in C4::Auth_with_ldap
504 # we shouldn't need this...
506 sub reload_ldap_module {
507 delete $INC{'C4/Auth_with_ldap.pm'};
508 require C4::Auth_with_ldap;
509 C4::Auth_with_ldap->import;
516 if ($#args <= 1 || $args[1] eq 'cn=Manager,dc=metavore,dc=com') {
523 $schema->storage->txn_rollback();