add test for creating group and creating a new user with that membership

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
nextcloud · Jun 27, 2019 · f9e2464 · f9e2464
1 parent 0660d97
commit f9e2464
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 56 deletions.
diff --git a/appinfo/app.php b/appinfo/app.php
@@ -4,4 +4,3 @@
 
 $app = new Application();
 $app->registerLDAPPlugins();
-$app->registerHooks();
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
@@ -60,18 +60,25 @@ public function registerLDAPPlugins(): void {
 			throw $e;
 		}
 
+		$ldapConnect = new LDAPConnect($s->query(Helper::class), $s->getLogger());
+
 		// resolving LDAP provider fails indeed
 		$this->ldapUserManager = new LDAPUserManager(
 			$s->getUserManager(),
 			$s->getUserSession(),
-			new LDAPConnect($s->query(Helper::class), $s->getLogger()),
+			$ldapConnect,
 			$provider,
 			$c->query(Configuration::class),
 			$s->getL10N(self::APP_ID),
 			$s->getLogger()
 		);
 
-		$this->ldapGroupManager = $c->query(LDAPGroupManager::class);
+		$this->ldapGroupManager = new LDAPGroupManager(
+			$s->getGroupManager(),
+			$ldapConnect,
+			$s->getLogger(),
+			$provider
+		);
 
 		/** @var UserPluginManager $userPluginManager */
 		$userPluginManager = OC::$server->query('LDAPUserPluginManager');
@@ -82,23 +89,4 @@ public function registerLDAPPlugins(): void {
 		$groupPluginManager->register($this->ldapGroupManager);
 	}
 
-	public function registerHooks(): void {
-		if(!$this->ldapEnabled || $this->ldapUserManager === null) {
-			return;
-		}
-
-		$subAdmin = OC::$server->getGroupManager()->getSubAdmin();
-
-		$subAdmin->listen('\OC\SubAdmin', 'postCreateSubAdmin', function (User $user, Group $group) {
-			if ($user->getBackendClassName() === "LDAP" and $this->ldapGroupManager->isLDAPGroup($group->getGID())) {
-				$this->ldapGroupManager->addToGroup($user->getUID(), $group->getGID());
-			}
-		});
-
-		$subAdmin->listen('\OC\SubAdmin', 'postDeleteSubAdmin', function (User $user, Group $group) {
-			if ($user->getBackendClassName() === "LDAP" and $this->ldapGroupManager->isLDAPGroup($group->getGID())) {
-				$this->ldapGroupManager->removeFromGroup($user->getUID(), $group->getGID());
-			}
-		});
-	}
 }
diff --git a/lib/LDAPGroupManager.php b/lib/LDAPGroupManager.php
@@ -49,12 +49,13 @@ class LDAPGroupManager implements ILDAPGroupPlugin {
 	/** @var ILogger */
 	private $logger;
 
-	public function __construct(IGroupManager $groupManager, LDAPConnect $ldapConnect, ILogger $logger) {
+	public function __construct(IGroupManager $groupManager, LDAPConnect $ldapConnect, ILogger $logger, ILDAPProvider $ldapProvider) {
 		$this->groupManager = $groupManager;
 		$this->ldapConnect = $ldapConnect;
 
 		$this->makeLdapBackendFirst();
 		$this->logger = $logger;
+		$this->ldapProvider = $ldapProvider;
 	}
 
 	/**
@@ -86,7 +87,8 @@ public function createGroup($gid) {
 
 		$newGroupEntry = $this->buildNewEntry($gid);
 		$connection = $this->ldapConnect->getLDAPConnection();
-		$newGroupDN = "cn=$gid," . $this->ldapConnect->getLDAPBaseGroups();
+		$newGroupDN = "cn=$gid," . $this->ldapConnect->getLDAPBaseGroups()[0];
+		$newGroupDN = $this->ldapProvider->sanitizeDN([$newGroupDN])[0];
 
 		if ($ret = ldap_add($connection, $newGroupDN, $newGroupEntry)) {
 			$message = "Create LDAP group '$gid' ($newGroupDN)";
@@ -106,9 +108,8 @@ public function createGroup($gid) {
 	 * @throws Exception
 	 */
 	public function deleteGroup($gid) {
-		$provider = $this->getLDAPProvider();
-		$connection = $provider->getGroupLDAPConnection($gid);
-		$groupDN = $provider->getGroupDN($gid);
+		$connection = $this->ldapProvider->getGroupLDAPConnection($gid);
+		$groupDN = $this->ldapProvider->getGroupDN($gid);
 
 		if (!$ret = ldap_delete($connection, $groupDN)) {
 			$message = "Unable to delete LDAP Group: " . $gid;
@@ -131,20 +132,19 @@ public function deleteGroup($gid) {
 	 * @throws Exception
 	 */
 	public function addToGroup($uid, $gid) {
-		$provider = $this->getLDAPProvider();
-		$connection = $provider->getGroupLDAPConnection($gid);
-		$groupDN = $provider->getGroupDN($gid);
+		$connection = $this->ldapProvider->getGroupLDAPConnection($gid);
+		$groupDN = $this->ldapProvider->getGroupDN($gid);
 
 		$entry = [];
-		switch ($provider->getLDAPGroupMemberAssoc($gid)) {
+		switch ($this->ldapProvider->getLDAPGroupMemberAssoc($gid)) {
 			case 'memberUid':
 				$entry['memberuid'] = $uid;
 				break;
 			case 'uniqueMember':
-				$entry['uniquemember'] = $provider->getUserDN($uid);
+				$entry['uniquemember'] = $this->ldapProvider->getUserDN($uid);
 				break;
 			case 'member':
-				$entry['member'] = $provider->getUserDN($uid);
+				$entry['member'] = $this->ldapProvider->getUserDN($uid);
 				break;
 			case 'gidNumber':
 				throw new Exception('Cannot add to group when gidNumber is used as relation');
@@ -172,20 +172,19 @@ public function addToGroup($uid, $gid) {
 	 * @throws Exception
 	 */
 	public function removeFromGroup($uid, $gid) {
-		$provider = $this->getLDAPProvider();
-		$connection = $provider->getGroupLDAPConnection($gid);
-		$groupDN = $provider->getGroupDN($gid);
+		$connection = $this->ldapProvider->getGroupLDAPConnection($gid);
+		$groupDN = $this->ldapProvider->getGroupDN($gid);
 
 		$entry = [];
-		switch ($provider->getLDAPGroupMemberAssoc($gid)) {
+		switch ($this->ldapProvider->getLDAPGroupMemberAssoc($gid)) {
 			case 'memberUid':
 				$entry['memberuid'] = $uid;
 				break;
 			case 'uniqueMember':
-				$entry['uniquemember'] = $provider->getUserDN($uid);
+				$entry['uniquemember'] = $this->ldapProvider->getUserDN($uid);
 				break;
 			case 'member':
-				$entry['member'] = $provider->getUserDN($uid);
+				$entry['member'] = $this->ldapProvider->getUserDN($uid);
 				break;
 			case 'gidNumber':
 				throw new Exception('Cannot remove from group when gidNumber is used as relation');
@@ -213,25 +212,12 @@ public function getGroupDetails($gid) {
 
 	public function isLDAPGroup($gid) {
 		try {
-			return !empty($this->getLDAPProvider()->getGroupDN($gid));
+			return !empty($this->ldapProvider->getGroupDN($gid));
 		} catch (Exception $e) {
 			return false;
 		}
 	}
 
-	/**
-	 * Provides LDAP Provider. Cannot be established in constructor
-	 *
-	 * @return LDAPProvider
-	 * @throws QueryException
-	 */
-	private function getLDAPProvider() {
-		if (!$this->ldapProvider) {
-			$this->ldapProvider = \OC::$server->query('LDAPProvider');
-		}
-		return $this->ldapProvider;
-	}
-
 	private function buildNewEntry($gid) {
 		return [
 			'objectClass' => ['groupOfNames', 'top'],

diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php
@@ -28,15 +28,27 @@
 
 class FeatureContext extends LDAPContext implements Context {
 
+	/** @var string[]  */
 	private $userIdsToCleanUp = [];
+	/** @var string[]  */
+	private $groupIdsToCleanUp = [];
+	/** @var string  */
+	private $recentlyCreatedUser;
 
 	/**
 	 * @AfterScenario
 	 */
-	public function deleteCreatedUsers() {
+	public function deleteCreatedObjects() {
+		$this->asAn('admin');
 		while($uid = array_shift($this->userIdsToCleanUp)) {
+			error_log("deleting user $uid");
 			$this->deletingTheUser($uid);
 		}
+
+		while($gid = array_shift($this->groupIdsToCleanUp)) {
+			error_log("deleting group $gid");
+			$this->sendingTo('DELETE', '/cloud/groups/' . $gid);
+		}
 	}
 
 	public function resetAppConfigs() {
@@ -60,6 +72,28 @@ public function creatingAUserWith(TableNode $args) {
 		$xml = simplexml_load_string($this->getResponse()->getBody()->getContents());
 		if($xml->data && $xml->data->id) {
 			$this->userIdsToCleanUp[(string)$xml->data->id] = (string)$xml->data->id;
+			$this->recentlyCreatedUser = (string)$xml->data->id;
 		}
 	}
+
+	/**
+	 * @Given /^the created users resides on LDAP$/
+	 */
+	public function theCreatedUsersResidesOnLDAP() {
+		$tableNode = new TableNode([['backend', 'LDAP']]);
+		$this->userHasSetting($this->recentlyCreatedUser, $tableNode);
+	}
+
+	/**
+	 * @Given /^creating a group with gid "([^"]*)"$/
+	 */
+	public function creatingAGroupWithGid($gid) {
+		$args = new TableNode([['groupid', $gid]]);
+		$this->sendingToWith('POST', '/cloud/groups', $args);
+		$xml = simplexml_load_string($this->getResponse()->getBody()->getContents());
+		if($this->getOCSResponse($this->getResponse()) === 200) {
+			$this->groupIdsToCleanUp[$gid] = $gid;
+		}
+	}
+
 }
diff --git a/tests/integration/features/user.feature b/tests/integration/features/user.feature
@@ -1,10 +1,15 @@
 Feature: user
+  | ldapBaseGroups                | ou=OtherGroups,dc=nextcloud,dc=ci |
 
   Background:
     Given using api version "2"
     And having a valid LDAP configuration
     And modify LDAP configuration
-      | ldapBaseUsers  | ou=PagingTest,dc=nextcloud,dc=ci |
+      | ldapBaseUsers                 | ou=PagingTest,dc=nextcloud,dc=ci |
+      | ldapBaseGroups                | ou=OtherGroups,dc=nextcloud,dc=ci |
+      | ldapGroupMemberAssocAttr      | member |
+      | ldapGroupFilter               | objectclass=groupOfNames |
+      | useMemberOfToDetectMembership | 1 |
 
   Scenario: create a new user
     Given As an "admin"
@@ -27,6 +32,7 @@ Feature: user
       | password | 123456 |
     Then the OCS status code should be "200"
     And the HTTP status code should be "200"
+    And the created users resides on LDAP
 
   # requires NC 17
   Scenario: create a new user with dynamic user id
@@ -38,10 +44,10 @@ Feature: user
       | displayName | Foo B. Ar |
     And the OCS status code should be "200"
     And the HTTP status code should be "200"
+    And the created users resides on LDAP
     When sending "GET" to "/cloud/users?search=Foo"
     Then it yields "1" result
 
-
   # requires NC 17
   Scenario: create a new user with dynamic user id and required email
     Given As an "admin"
@@ -53,6 +59,7 @@ Feature: user
       | email    | foo@bar.foobar |
     Then the OCS status code should be "109"
     And the HTTP status code should be "400"
+    # because we cannot send email here, we'll get this error === success
 
   # requires NC 17
   Scenario: create a new user with dynamic user id, forgot email
@@ -65,3 +72,23 @@ Feature: user
     Then the OCS status code should be "110"
     And the HTTP status code should be "400"
 
+  Scenario: as subadmin create a user with an assigned group
+    Given As an "admin"
+    And creating a group with gid "working-group"
+    And creating a user with
+      | userid | subadmin |
+      | password | 123456 |
+      | groups[]   | working-group |
+      | subadmin[] | working-group |
+    And the created users resides on LDAP
+    When As an "subadmin"
+    And creating a user with
+      | userid | regular-user |
+      | password | 123456     |
+      | groups[]   | working-group |
+    Then the OCS status code should be "200"
+    And the HTTP status code should be "200"
+    And the created users resides on LDAP
+    And As an "admin"
+    And check that user "regular-user" belongs to group "working-group"
+