5 use Catalyst::Exception;
8 use Test::MockObject::Extends;
13 eval "use Catalyst::Model::LDAP";
14 plan skip_all => "Catalyst::Model::LDAP not installed" if $@;
16 use_ok("Catalyst::Authentication::Store::LDAP::Backend");
18 my (@searches, @binds);
21 my $back = Catalyst::Authentication::Store::LDAP::Backend->new({
22 'ldap_server' => 'ldap://127.0.0.1:555',
23 'binddn' => 'anonymous',
24 'bindpw' => 'dontcarehow',
26 'user_basedn' => 'ou=foobar',
27 'user_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))',
28 'user_scope' => 'one',
29 'user_field' => 'uid',
31 'role_basedn' => 'ou=roles',
32 'role_filter' => '(&(objectClass=posixGroup)(memberUid=%s))',
33 'role_scope' => 'one',
34 'role_field' => 'userinrole',
36 'role_search_as_user' => $i,
38 $back = Test::MockObject::Extends->new($back);
39 my $bind_msg = Test::MockObject->new;
40 $bind_msg->mock(is_error => sub {}); # Cause bind call to always succeed
41 my $ldap = Test::MockObject->new;
42 $ldap->mock('bind', sub { shift; push (@binds, [@_]); return $bind_msg});
43 $ldap->mock('unbind' => sub {});
44 $ldap->mock('disconnect' => sub {});
45 my $search_res = Test::MockObject->new();
46 my $search_is_error = 0;
47 $search_res->mock(is_error => sub { $search_is_error });
48 $search_res->mock(entries => sub {
51 Test::MockObject->new->mock(
52 get_value => sub { "quux$id" }
58 $search_res->mock(pop_entry => sub { return pop @user_entries });
59 $ldap->mock('search', sub { shift; push(@searches, [@_]); return $search_res; });
60 $back->mock('ldap_connect' => sub { $ldap });
61 my $user_entry = Net::LDAP::Entry->new;
62 push(@user_entries, $user_entry);
63 $user_entry->dn('ou=foobar');
68 my $user = $back->find_user( { username => 'somebody' } );
69 isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" );
70 $user->check_password('password');
71 is_deeply( [sort $user->roles],
72 [sort qw/quuxone quuxtwo/],
73 "User has the expected set of roles" );
77 ok !$back->find_user( { username => 'doesnotexist' } ),
78 'Nonexistent user returns undef';
79 } 'No exception thrown for nonexistent user';
82 is_deeply(\@searches, [
83 ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=somebody))', 'scope', 'one'],
84 ['base', 'ou=roles', 'filter', '(&(objectClass=posixGroup)(memberUid=test))', 'scope', 'one', 'attrs', [ 'userinrole' ]],
85 ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=doesnotexist))', 'scope', 'one'],
86 ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=somebody))', 'scope', 'one'],
87 ['base', 'ou=roles', 'filter', '(&(objectClass=posixGroup)(memberUid=test))', 'scope', 'one', 'attrs', [ 'userinrole' ]],
88 ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=doesnotexist))', 'scope', 'one'],
89 ], 'User searches as expected');
91 [ undef ], # First user search
96 ], # Rebind to confirm user
99 ], # Rebind with initial credentials to find roles
100 [ undef ], # Second user search
101 # 2nd pass round main loop
102 [ undef ], # First user search
107 ], # Rebind to confirm user _and_ lookup roles;
108 [ undef ], # Second user search
109 ], 'Binds as expected');