368 lines
10 KiB
PHP
368 lines
10 KiB
PHP
<?php
|
|
/**
|
|
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
|
*
|
|
* @license GNU AGPL version 3 or any later version
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace OCA\User_SAML\Tests\Controller;
|
|
|
|
use OCA\User_SAML\Controller\SAMLController;
|
|
use OCA\User_SAML\Exceptions\NoUserFoundException;
|
|
use OCA\User_SAML\SAMLSettings;
|
|
use OCA\User_SAML\UserBackend;
|
|
use OCA\User_SAML\UserData;
|
|
use OCA\User_SAML\UserResolver;
|
|
use OCP\AppFramework\Http\RedirectResponse;
|
|
use OCP\AppFramework\Http\TemplateResponse;
|
|
use OCP\IConfig;
|
|
use OCP\IL10N;
|
|
use OCP\ILogger;
|
|
use OCP\IRequest;
|
|
use OCP\ISession;
|
|
use OCP\IURLGenerator;
|
|
use OCP\IUser;
|
|
use OCP\IUserSession;
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
|
use OCP\Security\ICrypto;
|
|
use Test\TestCase;
|
|
|
|
class SAMLControllerTest extends TestCase {
|
|
/** @var UserResolver|\PHPUnit\Framework\MockObject\MockObject */
|
|
protected $userResolver;
|
|
/** @var UserData|\PHPUnit\Framework\MockObject\MockObject */
|
|
private $userData;
|
|
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $request;
|
|
/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $session;
|
|
/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $userSession;
|
|
/** @var SAMLSettings|\PHPUnit_Framework_MockObject_MockObject*/
|
|
private $samlSettings;
|
|
/** @var UserBackend|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $userBackend;
|
|
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $config;
|
|
/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $urlGenerator;
|
|
/** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $logger;
|
|
/** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $l;
|
|
/** @var ICrypto|MockObject */
|
|
private $crypto;
|
|
/** @var SAMLController */
|
|
private $samlController;
|
|
|
|
protected function setUp(): void {
|
|
parent::setUp();
|
|
|
|
$this->request = $this->createMock(IRequest::class);
|
|
$this->session = $this->createMock(ISession::class);
|
|
$this->userSession = $this->createMock(IUserSession::class);
|
|
$this->samlSettings = $this->createMock(SAMLSettings::class);
|
|
$this->userBackend = $this->createMock(UserBackend::class);
|
|
$this->config = $this->createMock(IConfig::class);
|
|
$this->urlGenerator = $this->createMock(IURLGenerator::class);
|
|
$this->logger = $this->createMock(ILogger::class);
|
|
$this->l = $this->createMock(IL10N::class);
|
|
$this->userResolver = $this->createMock(UserResolver::class);
|
|
$this->userData = $this->createMock(UserData::class);
|
|
$this->crypto = $this->createMock(ICrypto::class);
|
|
|
|
$this->l->expects($this->any())->method('t')->willReturnCallback(
|
|
function($param) {
|
|
return $param;
|
|
}
|
|
);
|
|
|
|
$this->config->expects($this->any())->method('getSystemValue')
|
|
->willReturnCallback(function($key, $default) {
|
|
return $default;
|
|
});
|
|
|
|
$this->samlController = new SAMLController(
|
|
'user_saml',
|
|
$this->request,
|
|
$this->session,
|
|
$this->userSession,
|
|
$this->samlSettings,
|
|
$this->userBackend,
|
|
$this->config,
|
|
$this->urlGenerator,
|
|
$this->logger,
|
|
$this->l,
|
|
$this->userResolver,
|
|
$this->userData,
|
|
$this->crypto
|
|
);
|
|
|
|
}
|
|
|
|
/**
|
|
* @expectedExceptionMessage Type of "UnknownValue" is not supported for user_saml
|
|
* @expectedException \Exception
|
|
*/
|
|
public function testLoginWithInvalidAppValue() {
|
|
$this->config
|
|
->expects($this->once())
|
|
->method('getAppValue')
|
|
->with('user_saml', 'type')
|
|
->willReturn('UnknownValue');
|
|
$this->samlController->login(1);
|
|
}
|
|
|
|
public function samlUserDataProvider() {
|
|
$userNotExisting = 0;
|
|
$userExisting = 1;
|
|
$userLazyExisting = 2;
|
|
|
|
$apDisabled = 0;
|
|
$apEnabled = 1;
|
|
$apEnabledUnsuccessful = 2;
|
|
|
|
return [
|
|
[ # 0 - Not existing uid in settings array
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
],
|
|
'https://nextcloud.com/notProvisioned/',
|
|
$userNotExisting,
|
|
$apDisabled
|
|
],
|
|
[ # 1 - existing user
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
'uid' => 'MyUid',
|
|
],
|
|
'https://nextcloud.com/absolute/',
|
|
$userExisting,
|
|
$apDisabled
|
|
],
|
|
[ # 2 - existing user and uid attribute in array
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
'uid' => ['MyUid'],
|
|
],
|
|
'https://nextcloud.com/absolute/',
|
|
$userExisting,
|
|
$apDisabled
|
|
],
|
|
[ # 3 - Not existing user with provisioning
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
'uid' => 'MyUid',
|
|
],
|
|
'https://nextcloud.com/absolute/',
|
|
$userNotExisting,
|
|
$apEnabled
|
|
],
|
|
[ # 4 - Not existing user with malfunctioning backend
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
'uid' => 'MyUid',
|
|
],
|
|
'https://nextcloud.com/notProvisioned/',
|
|
$userNotExisting,
|
|
$apEnabledUnsuccessful
|
|
],
|
|
[ # 5 - Not existing user without provisioning
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
'uid' => 'MyUid',
|
|
],
|
|
'https://nextcloud.com/notProvisioned/',
|
|
$userNotExisting,
|
|
$apDisabled
|
|
],
|
|
[ # 6 - Not yet mapped user without provisioning
|
|
[
|
|
'foo' => 'bar',
|
|
'bar' => 'foo',
|
|
'uid' => 'MyUid',
|
|
],
|
|
'https://nextcloud.com/absolute/',
|
|
$userLazyExisting,
|
|
$apDisabled
|
|
],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider samlUserDataProvider
|
|
*/
|
|
public function testLoginWithEnvVariable(array $samlUserData, string $redirect, int $userState, int $autoProvision) {
|
|
$this->config->expects($this->any())
|
|
->method('getAppValue')
|
|
->willReturnCallback(function (string $app, string $key) {
|
|
if($app === 'user_saml') {
|
|
if($key === 'type') {
|
|
return 'environment-variable';
|
|
}
|
|
if($key === 'general-uid_mapping') {
|
|
return 'uid';
|
|
}
|
|
}
|
|
return null;
|
|
});
|
|
|
|
$this->session
|
|
->expects($this->once())
|
|
->method('get')
|
|
->with('user_saml.samlUserData')
|
|
->willReturn($samlUserData);
|
|
|
|
$this->userData
|
|
->expects($this->once())
|
|
->method('setAttributes')
|
|
->with($samlUserData);
|
|
$this->userData
|
|
->expects($this->any())
|
|
->method('getAttributes')
|
|
->willReturn($samlUserData);
|
|
$this->userData
|
|
->expects($this->any())
|
|
->method('hasUidMappingAttribute')
|
|
->willReturn(isset($samlUserData['uid']));
|
|
$this->userData
|
|
->expects(isset($samlUserData['uid']) ? $this->any() : $this->never())
|
|
->method('getOriginalUid')
|
|
->willReturn('MyUid');
|
|
$this->userData
|
|
->expects($this->any())
|
|
->method('getEffectiveUid')
|
|
->willReturn($userState > 0 ? 'MyUid' : '');
|
|
|
|
if(strpos($redirect, 'notProvisioned') !== false) {
|
|
$this->urlGenerator
|
|
->expects($this->once())
|
|
->method('linkToRouteAbsolute')
|
|
->with('user_saml.SAML.notProvisioned')
|
|
->willReturn($redirect);
|
|
} else {
|
|
$this->urlGenerator
|
|
->expects($this->once())
|
|
->method('getAbsoluteURL')
|
|
->willReturn($redirect);
|
|
}
|
|
|
|
$this->userResolver
|
|
->expects($this->any())
|
|
->method('userExists')
|
|
->with('MyUid')
|
|
->willReturn($userState === 1);
|
|
|
|
if(isset($samlUserData['uid']) && !($userState === 0 && $autoProvision === 0)) {
|
|
/** @var IUser|MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$im = $this->userResolver
|
|
->expects($this->once())
|
|
->method('findExistingUser')
|
|
->with('MyUid');
|
|
if($autoProvision < 2) {
|
|
$im->willReturn($user);
|
|
} else {
|
|
$im->willThrowException(new NoUserFoundException());
|
|
}
|
|
|
|
$user
|
|
->expects($this->exactly((int)($autoProvision < 2)))
|
|
->method('updateLastLoginTimestamp');
|
|
|
|
if($userState === 0) {
|
|
$this->userResolver
|
|
->expects($this->any())
|
|
->method('findExistingUserId')
|
|
->with('MyUid', true)
|
|
->willThrowException(new NoUserFoundException());
|
|
} else if($userState === 2) {
|
|
$this->userResolver
|
|
->expects($this->any())
|
|
->method('findExistingUserId')
|
|
->with('MyUid', true)
|
|
->willReturn('MyUid');
|
|
}
|
|
}
|
|
$this->userBackend
|
|
->expects($this->any())
|
|
->method('getCurrentUserId')
|
|
->willReturn(isset($samlUserData['uid']) ? 'MyUid' : '');
|
|
$this->userBackend
|
|
->expects($autoProvision > 0 ? $this->once() : $this->any())
|
|
->method('autoprovisionAllowed')
|
|
->willReturn($autoProvision > 0);
|
|
$this->userBackend
|
|
->expects($this->exactly(min(1, $autoProvision)))
|
|
->method('createUserIfNotExists')
|
|
->with('MyUid');
|
|
|
|
|
|
$expected = new RedirectResponse($redirect);
|
|
$result = $this->samlController->login(1);
|
|
$this->assertEquals($expected, $result);
|
|
}
|
|
|
|
public function testNotProvisioned() {
|
|
$expected = new TemplateResponse('user_saml', 'notProvisioned', [], 'guest');
|
|
$this->assertEquals($expected, $this->samlController->notProvisioned());
|
|
}
|
|
|
|
/**
|
|
* @dataProvider dataTestGenericError
|
|
*
|
|
* @param string $messageSend
|
|
* @param string $messageExpected
|
|
*/
|
|
public function testGenericError($messageSend, $messageExpected) {
|
|
$expected = new TemplateResponse('user_saml', 'error', ['message' => $messageExpected], 'guest');
|
|
$this->assertEquals($expected, $this->samlController->genericError($messageSend));
|
|
}
|
|
|
|
public function dataTestGenericError() {
|
|
return [
|
|
['messageSend' => '', 'messageExpected' => 'Unknown error, please check the log file for more details.'],
|
|
['messageSend' => 'test message', 'messageExpected' => 'test message'],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider dataTestGetSSODisplayName
|
|
*
|
|
* @param string $configuredDisplayName
|
|
* @param string $expected
|
|
*/
|
|
public function testGetSSODisplayName($configuredDisplayName, $expected) {
|
|
$result = $this->invokePrivate($this->samlController, 'getSSODisplayName', [$configuredDisplayName]);
|
|
|
|
$this->assertSame($expected, $result);
|
|
}
|
|
|
|
public function dataTestGetSSODisplayName() {
|
|
return [
|
|
['My identity provider', 'My identity provider'],
|
|
['', 'SSO & SAML log in']
|
|
];
|
|
}
|
|
}
|