diff --git a/resources/init.php b/resources/init.php index 6bc098de..e2d85bd3 100644 --- a/resources/init.php +++ b/resources/init.php @@ -37,19 +37,24 @@ ); // Creates LDAP service -$LDAP = new UnityLDAP( - $CONFIG["ldap"]["uri"], - $CONFIG["ldap"]["user"], - $CONFIG["ldap"]["pass"], - __DIR__ . "/../deployment/custom_user_mappings", - $CONFIG["ldap"]["user_ou"], - $CONFIG["ldap"]["group_ou"], - $CONFIG["ldap"]["pigroup_ou"], - $CONFIG["ldap"]["orggroup_ou"], - $CONFIG["ldap"]["admin_group"], - $CONFIG["ldap"]["user_group"], - $CONFIG["ldap"]["def_user_shell"] -); +if (isset($GLOBALS["ldapconn"])) { + $LDAP = $GLOBALS["ldapconn"]; +} else { + $LDAP = new UnityLDAP( + $CONFIG["ldap"]["uri"], + $CONFIG["ldap"]["user"], + $CONFIG["ldap"]["pass"], + __DIR__ . "/../deployment/custom_user_mappings", + $CONFIG["ldap"]["user_ou"], + $CONFIG["ldap"]["group_ou"], + $CONFIG["ldap"]["pigroup_ou"], + $CONFIG["ldap"]["orggroup_ou"], + $CONFIG["ldap"]["admin_group"], + $CONFIG["ldap"]["user_group"], + $CONFIG["ldap"]["def_user_shell"] + ); + $GLOBALS["ldapconn"] = $LDAP; +} // Creates SQL service $SQL = new UnitySQL( diff --git a/test/functional/NewUserTest.php b/test/functional/NewUserTest.php index 4da13cce..7edabcfc 100644 --- a/test/functional/NewUserTest.php +++ b/test/functional/NewUserTest.php @@ -50,6 +50,43 @@ private function cancelAllRequests() ); } + private function approveUserByAdmin($gid, $uid) + { + http_post( + __DIR__ . "/../../webroot/admin/pi-mgmt.php", + [ + "form_type" => "reqChild", + "action" => "Approve", + "pi" => $gid, + "uid" => $uid, + ] + ); + } + + private function approveUserByPI($uid) + { + http_post( + __DIR__ . "/../../webroot/panel/pi.php", + [ + "form_type" => "userReq", + "action" => "Approve", + "uid" => $uid, + ] + ); + } + + private function approveGroup($uid) + { + http_post( + __DIR__ . "/../../webroot/admin/pi-mgmt.php", + [ + "form_type" => "req", + "action" => "Approve", + "uid" => $uid, + ] + ); + } + // delete requests made by that user // delete user entry // remove user from org group @@ -109,13 +146,80 @@ private function ensurePIGroupDoesNotExist() } } - public function testCreateUserByJoinGoup() + public function testCreateUserByJoinGoupByPI() + { + global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; + $pi_user_args = getUserIsPIHasNoMembersNoMemberRequests(); + switchUser(...$pi_user_args); + $pi_group = $USER->getPIGroup(); + $gid = $pi_group->gid; + $user_to_create_args = getNonExistentUser(); + switchUser(...$user_to_create_args); + $this->assertTrue(!$USER->exists()); + $newOrg = new UnityOrg($SSO["org"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); + $this->assertTrue(!$newOrg->exists()); + $this->assertTrue($pi_group->exists()); + $this->assertTrue(!$pi_group->userExists($USER)); + $this->assertRequestedMembership(false, $gid); + try { + $this->requestGroupMembership($pi_group->gid); + $this->assertRequestedMembership(true, $gid); + + // $second_request_failed = false; + // try { + $this->requestGroupMembership($pi_group->gid); + // } catch(Exception) { + // $second_request_failed = true; + // } + // $this->assertTrue($second_request_failed); + $this->assertRequestedMembership(true, $gid); + + $this->cancelAllRequests(); + $this->assertRequestedMembership(false, $gid); + + $this->requestGroupMembership($pi_group->gid); + $this->assertTrue($pi_group->requestExists($USER)); + $this->assertRequestedMembership(true, $gid); + + $REDIS->flushAll(); // regression test: flush used to break requests + + $approve_uid = $SSO["user"]; + switchUser(...$pi_user_args); + $this->approveUserByPI($approve_uid); + switchUser(...$user_to_create_args); + + $this->assertTrue(!$pi_group->requestExists($USER)); + $this->assertRequestedMembership(false, $gid); + $this->assertTrue($pi_group->userExists($USER)); + $this->assertTrue($USER->exists()); + $this->assertTrue($newOrg->exists()); + + // $third_request_failed = false; + // try { + $this->requestGroupMembership($pi_group->gid); + // } catch(Exception) { + // $third_request_failed = true; + // } + // $this->assertTrue($third_request_failed); + $this->assertRequestedMembership(false, $gid); + $this->assertTrue(!$pi_group->requestExists($USER)); + } finally { + switchUser(...$user_to_create_args); + $this->ensureOrgGroupDoesNotExist(); + $this->ensureUserNotInPIGroup($pi_group); + $this->ensureUserDoesNotExist(); + } + } + + + public function testCreateUserByJoinGoupByAdmin() { global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; switchUser(...getUserIsPIHasNoMembersNoMemberRequests()); $pi_group = $USER->getPIGroup(); $gid = $pi_group->gid; - switchUser(...getNonExistentUser()); + $user_to_create_args = getNonExistentUser(); + switchUser(...$user_to_create_args); $this->assertTrue(!$USER->exists()); $newOrg = new UnityOrg($SSO["org"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); $this->assertTrue(!$newOrg->exists()); @@ -144,7 +248,11 @@ public function testCreateUserByJoinGoup() $REDIS->flushAll(); // regression test: flush used to break requests - $pi_group->approveUser($USER); + $approve_uid = $SSO["user"]; + switchUser(...getAdminUser()); + $this->approveUserByAdmin($gid, $approve_uid); + switchUser(...$user_to_create_args); + $this->assertTrue(!$pi_group->requestExists($USER)); $this->assertRequestedMembership(false, $gid); $this->assertTrue($pi_group->userExists($USER)); @@ -161,16 +269,19 @@ public function testCreateUserByJoinGoup() $this->assertRequestedMembership(false, $gid); $this->assertTrue(!$pi_group->requestExists($USER)); } finally { + switchUser(...$user_to_create_args); $this->ensureOrgGroupDoesNotExist(); $this->ensureUserNotInPIGroup($pi_group); $this->ensureUserDoesNotExist(); } } + public function testCreateUserByCreateGroup() { global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; - switchuser(...getNonExistentUser()); + $user_to_create_args = getNonExistentUser(); + switchuser(...$user_to_create_args); $pi_group = $USER->getPIGroup(); $this->assertTrue(!$USER->exists()); $this->assertTrue(!$pi_group->exists()); @@ -197,7 +308,11 @@ public function testCreateUserByCreateGroup() $REDIS->flushAll(); // regression test: flush used to break requests - $pi_group->approveGroup(); + $approve_uid = $SSO["user"]; + switchUser(...getAdminUser()); + $this->approveGroup($approve_uid); + switchUser(...$user_to_create_args); + $this->assertRequestedPIGroup(false); $this->assertTrue($pi_group->exists()); $this->assertTrue($USER->exists()); diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php index 3fe94e98..ff16572e 100644 --- a/webroot/admin/pi-mgmt.php +++ b/webroot/admin/pi-mgmt.php @@ -31,11 +31,6 @@ case "reqChild": $parent_group = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); if ($_POST["action"] == "Approve") { - // initialize user if not initialized - if (!$form_user->exists()) { - $form_user->init(); - } - // approve request button clicked $parent_group->approveUser($form_user); // Add to group (ldap and slurm) } elseif ($_POST["action"] == "Deny") {