From ea53feb44a399442b934ee2da0dbc20403454197 Mon Sep 17 00:00:00 2001 From: Andreas Heigl <andreas@heigl.org> Date: Sun, 31 Dec 2023 22:07:24 +0100 Subject: [PATCH] Add one more test ANd fixing some stuff along the way --- docker-compose.yml | 2 +- dockersetup/Dockerfile_wordpress | 11 ++++- features/bootstrap/FeatureContext.php | 46 +++++++++++++++++-- .../log in using no groups at all.feature | 25 +++++++++- 4 files changed, 77 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0c37511..587cb7b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,7 @@ services: WORDPRESS_DB_NAME: "wordpress" WORDPRESS_DB_USER: root WORDPRESS_DB_PASSWORD: "wppasswd" - WORDPRESS_DEBUG: 1 + WORDPRESS_DEBUG: 0 depends_on: - db links: diff --git a/dockersetup/Dockerfile_wordpress b/dockersetup/Dockerfile_wordpress index e3e79a2..72d5536 100644 --- a/dockersetup/Dockerfile_wordpress +++ b/dockersetup/Dockerfile_wordpress @@ -3,11 +3,20 @@ ARG PHP_VERSION=$PHP_VERSION FROM wordpress:$WORDPRESS_VERSION-php$PHP_VERSION +ARG TARGETOS +ARG TARGETARCH + RUN set -x \ && apt-get update \ && apt-get install -y libldap2-dev ldap-utils\ && rm -rf /var/lib/apt/lists/* \ - && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \ + && ls -al /usr/lib/ \ + && echo $TARGETOS $TARGETARCH \ + && case "$TARGETARCH" in \ + arm64) export ARCH='aarch64';; \ + *) export ARCH=$TARGETARCH;; \ + esac \ + && docker-php-ext-configure ldap --with-libdir=lib/$ARCH-$TARGETOS-gnu/ \ && docker-php-ext-install ldap \ && pecl install xdebug${XDEBUG_VERSION} \ && docker-php-ext-enable xdebug \ diff --git a/features/bootstrap/FeatureContext.php b/features/bootstrap/FeatureContext.php index 78ad56c..8d76d40 100644 --- a/features/bootstrap/FeatureContext.php +++ b/features/bootstrap/FeatureContext.php @@ -25,7 +25,7 @@ class FeatureContext implements Context */ public function __construct() { - exec('wp --allow-root core install --url=localhost --title=Example --admin_user=lccaladmin --admin_password=P@ssw0rd --admin_email=info@example.com'); + exec('wp --allow-root core install --url=localhost --title=Example --admin_user=localadmin --admin_password=P@ssw0rd --admin_email=info@example.com'); exec('wp --allow-root plugin activate authldap'); } @@ -57,7 +57,7 @@ public function configurationValueIsSetTo($arg1, $arg2) exec(sprintf( 'wp --allow-root option patch update authLDAPOptions %1$s %2$s --format=json', $arg1, - $arg2 + "'" . json_encode($arg2) . "'" )); } @@ -225,7 +225,7 @@ public function theWordpressUserIsMemberOfRole($arg1, $arg2) public function ldapUserIsMemberOfLdapGroup($arg1, $arg2) { exec(sprintf( - 'ldapmodify -x -H %1$s -D "%2$s" -w %3$s <<LDIF + 'ldapmodify -x -H %1$s -D "%2$s" -w %3$s 2>&1 <<LDIF %4$s LDIF', 'ldap://openldap', @@ -237,7 +237,8 @@ public function ldapUserIsMemberOfLdapGroup($arg1, $arg2) add: uniqueMember uniqueMember: uid=$arg1,dc=example,dc=org LDIF - )); } + )); + } /** * @Given a WordPress user :arg1 does not exist @@ -249,4 +250,41 @@ public function aWordpressUserDoesNotExist($arg1) $arg1, )); } + + /** + * @Given configuration value :arg1 is set to :arg2 and :arg3 + */ + public function configurationValueIsSetToAnd($arg1, $arg2, $arg3) + { + $roles = []; + foreach ([$arg2, $arg3] as $arg) { + $access = explode('=', $arg); + $roles[$access[0]] = $access[1]; + } + + exec(sprintf( + 'echo %2$s | wp --allow-root option patch update authLDAPOptions %1$s --format=json', + $arg1, + "'" . json_encode($roles) . "'" + ), $result); + var_dump($result); + } + + /** + * @Then the WordPress user :arg1 is not member of role :arg2 + */ + public function theWordpressUserIsNotMemberOfRole($arg1, $arg2) + { + exec(sprintf( + 'wp --allow-root user get %1$s --format=json 2> /dev/null', + $arg1, + ), $output, $result); + Assert::eq(0, $result); + $user = json_decode($output[0], true); + $roles = array_map(function($item): string { + return trim($item); + }, explode(',', $user['roles'])); + Assert::false(in_array($arg2, $roles)); + + } } diff --git a/features/log in using no groups at all.feature b/features/log in using no groups at all.feature index 61adb38..2d861f5 100644 --- a/features/log in using no groups at all.feature +++ b/features/log in using no groups at all.feature @@ -1,7 +1,8 @@ Feature: Log in without group assignment - Scenario: Login without group assignement with + Scenario: Login without group assignment with Given a default configuration And configuration value "GroupEnable" is set to "false" + And configuration value "DefaultRole" is set to "subscriber" And an LDAP user "ldapuser" with name "LDAP User", password "P@ssw0rd" and email "ldapuser@example.com" exists And an LDAP group "ldapgroup" exists And LDAP user "ldapuser" is member of LDAP group "ldapgroup" @@ -13,3 +14,25 @@ Feature: Log in without group assignment Then the login suceeds And a new WordPress user "ldapuser" was created with name "LDAP User" and email "ldapuser@example.com" And the WordPress user "ldapuser" is member of role "subscriber" + + Scenario: Login with group assignment to one group where only first wordpress group is used + Given a default configuration + And configuration value "GroupEnable" is set to "true" + And configuration value "DefaultRole" is set to "subscriber" + And configuration value "Groups" is set to "administrator=ldapgroup" and "editor=ldapgroup" + And configuration value "GroupAttr" is set to "cn" + And configuration value "GroupFilter" is set to "uniquemember=%dn%" + And configuration value "GroupOverUser" is set to "true" + And an LDAP user "ldapuser" with name "LDAP User", password "P@ssw0rd" and email "ldapuser@example.com" exists + And an LDAP group "ldapgroup" exists + And LDAP user "ldapuser" is member of LDAP group "ldapgroup" + And a WordPress user "wordpressuser" with name "WordPress_User" and email "wordpressuser@example.com" exists + And a WordPress role "wordpressrole" exists + And WordPress user "wordpressuser" has role "wordpressrole" + And a WordPress user "ldapuser" does not exist + When LDAP user "ldapuser" logs in with password "P@ssw0rd" + Then the login suceeds + And a new WordPress user "ldapuser" was created with name "LDAP User" and email "ldapuser@example.com" + And the WordPress user "ldapuser" is member of role "administrator" + And the WordPress user "ldapuser" is not member of role "editor" + And the WordPress user "ldapuser" is not member of role "subscriber"