Add test to verify issue #250

When users change their groups in LDAP that is not followed up in WordPress. THis newly added test verifies that. Next up is fixing this problem
heiglandreas · Mar 16, 2024 · 2f2e440 · 2f2e440
1 parent 3aa04e0
commit 2f2e440
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 2 deletions.
diff --git a/.github/workflows/behat.yml b/.github/workflows/behat.yml
@@ -48,7 +48,7 @@ jobs:
       - name: install tools
         run: |
           mkdir -p tools
-          curl -o tools/behat https://github.com/Behat/Behat/releases/download/v3.13.0/behat.phar
+          curl -Lo tools/behat https://github.com/Behat/Behat/releases/download/v3.13.0/behat.phar
           chmod 755 tools/behat
       - name: run behat
         run: docker compose exec wp bash -c "cd wp-content/plugins/authldap && ./tools/behat"

diff --git a/features/bootstrap/FeatureContext.php b/features/bootstrap/FeatureContext.php
@@ -284,6 +284,25 @@ public function theWordpressUserIsNotMemberOfRole($arg1, $arg2)
 			return trim($item);
 		}, explode(',', $user['roles']));
 		Assert::false(in_array($arg2, $roles));
-
 	}
+
+	/**
+	 * @Given LDAP user :arg1 is not member of LDAP group :arg2
+	 */
+	public function ldapUserIsNotMemberOfLdapGroup($arg1, $arg2)
+	{
+		exec(sprintf(
+			'ldapmodify -x -H %1$s -D "%2$s" -w %3$s 2>&1 <<LDIF
+%4$s
+LDIF',
+			'ldap://openldap',
+			'cn=admin,dc=example,dc=org',
+			'insecure',
+			<<<LDIF
+			dn: cn=$arg2,dc=example,dc=org
+			changetype: modify
+			delete: uniqueMember
+			uniqueMember: uid=$arg1,dc=example,dc=org
+			LDIF
+		));	}
 }
diff --git a/features/log in using no groups at all.feature b/features/log in using no groups at all.feature
@@ -61,3 +61,25 @@ Feature: Log in without group assignment
 		And the WordPress user "ldapuser" is member of role "wordpressrole"
 		And the WordPress user "ldapuser" is not member of role "editor"
 		And the WordPress user "ldapuser" is not member of role "subscriber"
+
+	Scenario: Second Login with group assignment that changes between first and second login
+		Given a default configuration
+		And configuration value "GroupEnable" is set to "true"
+		And configuration value "DefaultRole" is set to "subscriber"
+		And configuration value "Groups" is set to "administrator=ldapgroup1" and "editor=ldapgroup2"
+		And configuration value "GroupAttr" is set to "cn"
+		And configuration value "GroupFilter" is set to "uniquemember=%dn%"
+		And configuration value "GroupOverUser" is set to "false"
+		And an LDAP user "ldapuser" with name "LDAP User", password "P@ssw0rd" and email "[email protected]" exists
+		And an LDAP group "ldapgroup1" exists
+		And an LDAP group "ldapgroup2" exists
+		And LDAP user "ldapuser" is member of LDAP group "ldapgroup1"
+		And LDAP user "ldapuser" logs in with password "P@ssw0rd"
+		And LDAP user "ldapuser" is member of LDAP group "ldapgroup2"
+		And LDAP user "ldapuser" is not member of LDAP group "ldapgroup1"
+		When LDAP user "ldapuser" logs in with password "P@ssw0rd"
+		Then the login suceeds
+		And the WordPress user "ldapuser" is member of role "editor"
+		And the WordPress user "ldapuser" is member of role "wordpressrole"
+		And the WordPress user "ldapuser" is not member of role "administrator"
+		And the WordPress user "ldapuser" is not member of role "subscriber"