From ea53feb44a399442b934ee2da0dbc20403454197 Mon Sep 17 00:00:00 2001
From: Andreas Heigl <andreas@heigl.org>
Date: Sun, 31 Dec 2023 22:07:24 +0100
Subject: [PATCH] Add one more test

ANd fixing some stuff along the way
---
 docker-compose.yml                            |  2 +-
 dockersetup/Dockerfile_wordpress              | 11 ++++-
 features/bootstrap/FeatureContext.php         | 46 +++++++++++++++++--
 .../log in using no groups at all.feature     | 25 +++++++++-
 4 files changed, 77 insertions(+), 7 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 0c37511..587cb7b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,7 +19,7 @@ services:
       WORDPRESS_DB_NAME: "wordpress"
       WORDPRESS_DB_USER: root
       WORDPRESS_DB_PASSWORD: "wppasswd"
-      WORDPRESS_DEBUG: 1
+      WORDPRESS_DEBUG: 0
     depends_on:
       - db
     links:
diff --git a/dockersetup/Dockerfile_wordpress b/dockersetup/Dockerfile_wordpress
index e3e79a2..72d5536 100644
--- a/dockersetup/Dockerfile_wordpress
+++ b/dockersetup/Dockerfile_wordpress
@@ -3,11 +3,20 @@ ARG PHP_VERSION=$PHP_VERSION
 
 FROM wordpress:$WORDPRESS_VERSION-php$PHP_VERSION
 
+ARG TARGETOS
+ARG TARGETARCH
+
 RUN set -x \
     && apt-get update \
     && apt-get install -y libldap2-dev ldap-utils\
     && rm -rf /var/lib/apt/lists/* \
-    && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
+    && ls -al /usr/lib/ \
+    && echo $TARGETOS $TARGETARCH \
+    && case "$TARGETARCH" in \
+         arm64) export ARCH='aarch64';; \
+         *) export ARCH=$TARGETARCH;; \
+       esac \
+    && docker-php-ext-configure ldap --with-libdir=lib/$ARCH-$TARGETOS-gnu/ \
     && docker-php-ext-install ldap \
     && pecl install xdebug${XDEBUG_VERSION} \
     && docker-php-ext-enable xdebug \
diff --git a/features/bootstrap/FeatureContext.php b/features/bootstrap/FeatureContext.php
index 78ad56c..8d76d40 100644
--- a/features/bootstrap/FeatureContext.php
+++ b/features/bootstrap/FeatureContext.php
@@ -25,7 +25,7 @@ class FeatureContext implements Context
 	 */
 	public function __construct()
 	{
-		exec('wp --allow-root core install --url=localhost --title=Example --admin_user=lccaladmin --admin_password=P@ssw0rd --admin_email=info@example.com');
+		exec('wp --allow-root core install --url=localhost --title=Example --admin_user=localadmin --admin_password=P@ssw0rd --admin_email=info@example.com');
 		exec('wp --allow-root plugin activate authldap');
 	}
 
@@ -57,7 +57,7 @@ public function configurationValueIsSetTo($arg1, $arg2)
 		exec(sprintf(
 			'wp --allow-root option patch update authLDAPOptions %1$s %2$s --format=json',
 			$arg1,
-			$arg2
+			"'" . json_encode($arg2) . "'"
 		));
 	}
 
@@ -225,7 +225,7 @@ public function theWordpressUserIsMemberOfRole($arg1, $arg2)
     public function ldapUserIsMemberOfLdapGroup($arg1, $arg2)
     {
 	    exec(sprintf(
-		    'ldapmodify -x -H %1$s -D "%2$s" -w %3$s <<LDIF
+		    'ldapmodify -x -H %1$s -D "%2$s" -w %3$s 2>&1 <<LDIF
 %4$s
 LDIF',
 		    'ldap://openldap',
@@ -237,7 +237,8 @@ public function ldapUserIsMemberOfLdapGroup($arg1, $arg2)
 			add: uniqueMember
 			uniqueMember: uid=$arg1,dc=example,dc=org
 			LDIF
-	    ));    }
+	    ));
+	}
 
     /**
      * @Given a WordPress user :arg1 does not exist
@@ -249,4 +250,41 @@ public function aWordpressUserDoesNotExist($arg1)
 		    $arg1,
 	    ));
     }
+
+    /**
+     * @Given configuration value :arg1 is set to :arg2 and :arg3
+     */
+    public function configurationValueIsSetToAnd($arg1, $arg2, $arg3)
+    {
+		$roles = [];
+		foreach ([$arg2, $arg3] as $arg) {
+			$access = explode('=', $arg);
+			$roles[$access[0]] = $access[1];
+		}
+
+		exec(sprintf(
+			'echo %2$s | wp --allow-root option patch update authLDAPOptions %1$s --format=json',
+			$arg1,
+			"'" . json_encode($roles) . "'"
+		), $result);
+		var_dump($result);
+    }
+
+    /**
+     * @Then the WordPress user :arg1 is not member of role :arg2
+     */
+    public function theWordpressUserIsNotMemberOfRole($arg1, $arg2)
+    {
+		exec(sprintf(
+			'wp --allow-root user get %1$s --format=json 2> /dev/null',
+			$arg1,
+		), $output, $result);
+		Assert::eq(0, $result);
+		$user = json_decode($output[0], true);
+		$roles = array_map(function($item): string {
+			return trim($item);
+		}, explode(',', $user['roles']));
+		Assert::false(in_array($arg2, $roles));
+
+	}
 }
diff --git a/features/log in using no groups at all.feature b/features/log in using no groups at all.feature
index 61adb38..2d861f5 100644
--- a/features/log in using no groups at all.feature	
+++ b/features/log in using no groups at all.feature	
@@ -1,7 +1,8 @@
 Feature: Log in without group assignment
-	Scenario: Login without group assignement with
+	Scenario: Login without group assignment with
 		Given a default configuration
 		And configuration value "GroupEnable" is set to "false"
+		And configuration value "DefaultRole" is set to "subscriber"
 		And an LDAP user "ldapuser" with name "LDAP User", password "P@ssw0rd" and email "ldapuser@example.com" exists
 		And an LDAP group "ldapgroup" exists
 		And LDAP user "ldapuser" is member of LDAP group "ldapgroup"
@@ -13,3 +14,25 @@ Feature: Log in without group assignment
 		Then the login suceeds
 		And a new WordPress user "ldapuser" was created with name "LDAP User" and email "ldapuser@example.com"
 		And the WordPress user "ldapuser" is member of role "subscriber"
+
+	Scenario: Login with group assignment to one group where only first wordpress group is used
+		Given a default configuration
+		And configuration value "GroupEnable" is set to "true"
+		And configuration value "DefaultRole" is set to "subscriber"
+		And configuration value "Groups" is set to "administrator=ldapgroup" and "editor=ldapgroup"
+		And configuration value "GroupAttr" is set to "cn"
+		And configuration value "GroupFilter" is set to "uniquemember=%dn%"
+		And configuration value "GroupOverUser" is set to "true"
+		And an LDAP user "ldapuser" with name "LDAP User", password "P@ssw0rd" and email "ldapuser@example.com" exists
+		And an LDAP group "ldapgroup" exists
+		And LDAP user "ldapuser" is member of LDAP group "ldapgroup"
+		And a WordPress user "wordpressuser" with name "WordPress_User" and email "wordpressuser@example.com" exists
+		And a WordPress role "wordpressrole" exists
+		And WordPress user "wordpressuser" has role "wordpressrole"
+		And a WordPress user "ldapuser" does not exist
+		When LDAP user "ldapuser" logs in with password "P@ssw0rd"
+		Then the login suceeds
+		And a new WordPress user "ldapuser" was created with name "LDAP User" and email "ldapuser@example.com"
+		And the WordPress user "ldapuser" is member of role "administrator"
+		And the WordPress user "ldapuser" is not member of role "editor"
+		And the WordPress user "ldapuser" is not member of role "subscriber"