Skip to content

Commit

Permalink
Merge pull request #15 from ltb-project/14-restore-default-values-in-…
Browse files Browse the repository at this point in the history 
…modify_attributes_using_ppolicy

fix modify_attributes_using_ppolicy function does not compute correctly its return values (#14)
  • Loading branch information
@coudot
coudot authored Apr 26, 2024
2 parents bd4259e + 482a57a commit 0ca06f8
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 9 deletions.
4 changes: 2 additions & 2 deletions src/Ltb/PhpLDAP.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ public static function ldap_modify_batch(...$args)
return ldap_modify_batch(...$args);
}

public static function ldap_exop_passwd(...$args)
public static function ldap_exop_passwd(&...$args)
{
return ldap_exop_passwd(...$args);
}
Expand All @@ -86,7 +86,7 @@ public static function ldap_mod_replace_ext(...$args)
return ldap_mod_replace_ext(...$args);
}

public static function ldap_parse_result(...$args)
public static function ldap_parse_result(&...$args)
{
return ldap_parse_result(...$args);
}
Expand Down
79 changes: 72 additions & 7 deletions tests/IntegrationTests/IntegrationTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ final class IntegrationTest extends TestCase
public $attributes = array("cn");
public $context = "dc=fusioniam,dc=org";

public $adminDN = "cn=lemonldapng,ou=dsa,o=admin,dc=fusioniam,dc=org";
public $adminPW = "secret";

public $user_branch = "ou=users,o=acme,dc=fusioniam,dc=org";
public $ldap_entry_dn1 = "uid=test,ou=users,o=acme,dc=fusioniam,dc=org";
public $ldap_entry1 = [
Expand All @@ -23,7 +26,18 @@ final class IntegrationTest extends TestCase
"sn" => "test",
"uid" => "test",
"userPassword" => "secret",
"mail" => array("[email protected]", "[email protected]")
"mail" => array("[email protected]", "[email protected]"),
"pwdPolicySubentry" => "cn=ppolicy1,ou=ppolicies,o=acme,dc=fusioniam,dc=org"
];
public $ppolicy_branch = "ou=ppolicies,o=acme,dc=fusioniam,dc=org";
public $ldap_ppolicy_dn1 = "cn=ppolicy1,ou=ppolicies,o=acme,dc=fusioniam,dc=org";
public $ldap_ppolicy1 = [
"objectclass" => array("organizationalRole", "pwdPolicy"),
"cn" => array("ppolicy1"),
"pwdAttribute" => "userPassword",
"pwdAllowUserChange" => "TRUE",
"pwdInHistory" => "5",
"pwdLockout" => "TRUE"
];

/*
Expand All @@ -49,6 +63,7 @@ protected function setUp(): void
if( $info["count"] == 0)
{
// if it does not exist, add the entry
$r = ldap_add($ldap, $this->ldap_ppolicy_dn1, $this->ldap_ppolicy1);
$r = ldap_add($ldap, $this->ldap_entry_dn1, $this->ldap_entry1);
}
}
Expand Down Expand Up @@ -78,6 +93,7 @@ protected function tearDown(): void
{
// if it exists, delete the entry
$r = ldap_delete($ldap, $this->ldap_entry_dn1);
$r = ldap_delete($ldap, $this->ldap_ppolicy_dn1);
}
}

Expand All @@ -92,7 +108,7 @@ public function test_ldap_get_first_available_value(): void
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);

// binding to ldap server
$ldapbind = ldap_bind($ldap, $this->managerDN, $this->managerPW);
$ldapbind = ldap_bind($ldap, $this->adminDN, $this->adminPW);

// search for added entry
$sr = ldap_search($ldap, $this->ldap_entry_dn1, "(objectClass=*)", $this->attributes);
Expand All @@ -112,7 +128,7 @@ public function test_ldap_get_mail_for_notification(): void
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);

// binding to ldap server
$ldapbind = ldap_bind($ldap, $this->managerDN, $this->managerPW);
$ldapbind = ldap_bind($ldap, $this->adminDN, $this->adminPW);

// search for added entry
$sr = ldap_search($ldap, $this->ldap_entry_dn1, "(objectClass=*)", $GLOBALS['mail_attributes']);
Expand All @@ -130,8 +146,8 @@ public function test_connect(): void
$ldapInstance = new \Ltb\Ldap(
$this->host,
false,
$this->managerDN,
$this->managerPW,
$this->adminDN,
$this->adminPW,
10,
null,
null,
Expand All @@ -149,8 +165,8 @@ public function test_get_list(): void
$ldapInstance = new \Ltb\Ldap(
$this->host,
false,
$this->managerDN,
$this->managerPW,
$this->adminDN,
$this->adminPW,
10,
$this->user_branch,
0,
Expand All @@ -167,4 +183,53 @@ public function test_get_list(): void

}

public function test_modify_attributes_using_ppolicy_failure(): void
{

$userdata1 = [ # first modification => accepted
"userPassword" => "secret2",
];
$userdata2 = [ # second modification => refused because already present in history
"userPassword" => "secret",
];


$ldapInstance = new \Ltb\Ldap(
$this->host,
false,
$this->adminDN,
$this->adminPW,
10,
$this->user_branch,
0,
null
);

list($ldap, $msg) = $ldapInstance->connect();


# Modify the password a first time
list($error_code, $error_msg, $ppolicy_error_code) =
$ldapInstance->modify_attributes_using_ppolicy(
$this->ldap_entry_dn1,
$userdata1
);

$this->assertEquals(0, $error_code, 'Weird error code returned while modifying userPassword');
$this->assertEquals('', $error_msg, 'Weird msg returned while modifying userPassword');
$this->assertFalse($ppolicy_error_code, 'Weird ppolicy_error_code returned while modifying userPassword');

# Modify the password a second time with failure
list($error_code, $error_msg, $ppolicy_error_code) =
$ldapInstance->modify_attributes_using_ppolicy(
$this->ldap_entry_dn1,
$userdata2
);

$this->assertEquals(19, $error_code, 'Weird error code returned in modify_attributes_using_ppolicy with failure');
$this->assertEquals('Password is in history of old passwords', $error_msg, 'Weird msg returned in modify_attributes_using_ppolicy with failure');
$this->assertEquals(8, $ppolicy_error_code, 'Weird ppolicy_error_code returned in modify_attributes_using_ppolicy with failure');

}

}

0 comments on commit 0ca06f8

Please sign in to comment.