diff --git a/_test/mock/AuthCreatePlugin.php b/_test/mock/AuthCreatePlugin.php deleted file mode 100644 index 38d93a1a8..000000000 --- a/_test/mock/AuthCreatePlugin.php +++ /dev/null @@ -1,36 +0,0 @@ -cando['addUser'] = $canAddUser; - } - - public function checkPass($user, $pass) { - return $pass == 'password'; - } - - public function createUser($user, $pwd, $name, $mail, $grps = null) { - if (isset($this->users[$user])) { - return false; - } - $pass = md5($pwd); - $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); - return true; - } - - public function logoff() { - $this->loggedOff = true; - } - -} diff --git a/_test/tests/Remote/ApiCoreCreateUserTest.php b/_test/tests/Remote/ApiCoreCreateUserTest.php deleted file mode 100644 index cffeac06c..000000000 --- a/_test/tests/Remote/ApiCoreCreateUserTest.php +++ /dev/null @@ -1,193 +0,0 @@ -oldAuthAcl = $AUTH_ACL; - $this->userinfo = $USERINFO; - $auth = new AuthPlugin(); - - $conf['remote'] = 1; - $conf['remoteuser'] = '@user'; - $conf['useacl'] = 0; - - $this->remote = new Api(); - } - - public function tearDown(): void - { - parent::tearDown(); - - global $USERINFO; - global $AUTH_ACL; - - $USERINFO = $this->userinfo; - $AUTH_ACL = $this->oldAuthAcl; - } - - public function testCreateUser() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - - $auth = new AuthCreatePlugin(); - // $user, $pwd, $name, $mail, $grps = null - $params = [ - [ - 'user' => 'user1', - 'password' => 'password1', - 'name' => 'user1', - 'mail' => 'user1@localhost', - 'groups' => [ - 'user', - 'test' - ], - 'notify' => false - ] - ]; - - $actualCallResult = $this->remote->call('dokuwiki.createUser', $params); - $this->assertTrue($actualCallResult); - - // if the user exists, no data is overwritten - $actualCallResult = $this->remote->call('dokuwiki.createUser', $params); - $this->assertFalse($actualCallResult); - } - - public function testCreateUserAuthPlain() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => 'user1', - 'password' => 'password1', - 'name' => 'user1', - 'mail' => 'user1@localhost', - 'groups' => [ - 'user', - 'test' - ], - 'notify' => false - ] - - ]; - - $callResult = $this->remote->call('dokuwiki.createUser', $params); - $this->assertTrue($callResult); - } - - public function testCreateUserAuthPlainUndefinedUser() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => '' - ], - ]; - - $this->expectException(RemoteException::class); - $this->expectExceptionCode(401); - $this->remote->call('dokuwiki.createUser', $params); - } - - public function testCreateUserAuthPlainUndefinedName() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => 'hello' - ], - ]; - - $this->expectException(RemoteException::class); - $this->expectExceptionCode(402); - $this->remote->call('dokuwiki.createUser', $params); - } - - public function testCreateUserAuthPlainBadEmail() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => 'hello', - 'name' => 'A new user', - 'mail' => 'this is not an email address' - ], - ]; - - $this->expectException(RemoteException::class); - $this->expectExceptionCode(403); - $this->remote->call('dokuwiki.createUser', $params); - } - - public function testCreateUserAuthCanNotDoAddUser() - { - $this->expectException(AccessDeniedException::class); - $this->expectExceptionMessageMatches('/can\'t do addUser/'); - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - - $auth = new AuthCreatePlugin(false); - $params = [ - [ - 'user' => 'user1', - 'password' => 'password1', - 'name' => 'user1', - 'mail' => 'user1@localhost', - 'groups' => [ - 'user', - 'test' - ], - 'notify' => false - ], - ]; - $this->remote->call('dokuwiki.createUser', $params); - } - -} diff --git a/_test/tests/Remote/ApiCoreTest.php b/_test/tests/Remote/ApiCoreTest.php index 1f57f8483..7da1007e0 100644 --- a/_test/tests/Remote/ApiCoreTest.php +++ b/_test/tests/Remote/ApiCoreTest.php @@ -2,12 +2,10 @@ namespace dokuwiki\test\Remote; -use dokuwiki\Extension\Event; use dokuwiki\Remote\AccessDeniedException; use dokuwiki\Remote\Api; use dokuwiki\Remote\ApiCore; use dokuwiki\Remote\RemoteException; -use dokuwiki\test\mock\AuthDeletePlugin; use dokuwiki\test\mock\AuthPlugin; diff --git a/lib/plugins/usermanager/_test/AuthPlugin.php b/lib/plugins/usermanager/_test/AuthPlugin.php new file mode 100644 index 000000000..99805fa8c --- /dev/null +++ b/lib/plugins/usermanager/_test/AuthPlugin.php @@ -0,0 +1,54 @@ +cando['addUser'] = true; + $this->cando['delUser'] = true; + + // merge in given capabilities for testing + $this->cando = array_merge($this->cando, $cando); + } + + /** @inheritdoc */ + public function createUser($user, $pwd, $name, $mail, $grps = null) { + if (isset($this->users[$user])) { + return false; + } + $pass = md5($pwd); + $grps = (array) $grps; + $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); + return true; + } + + /** @inheritdoc */ + public function deleteUsers($users) + { + $deleted = 0; + foreach ($users as $user) { + if (isset($this->users[$user])) { + unset($this->users[$user]); + $deleted++; + } + + } + return $deleted; + } +} diff --git a/lib/plugins/usermanager/_test/RemoteApiTest.php b/lib/plugins/usermanager/_test/RemoteApiTest.php new file mode 100644 index 000000000..d24b34dbe --- /dev/null +++ b/lib/plugins/usermanager/_test/RemoteApiTest.php @@ -0,0 +1,241 @@ +remote = new Api(); + } + + public function setUp(): void + { + parent::setUp(); + + global $conf; + $conf['remote'] = 1; + $conf['remoteuser'] = 'testuser, admin'; + $conf['superuser'] = 'admin'; + } + + public function testCreateUserSuccess() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + $this->assertTrue( + $this->remote->call('plugin.usermanager.createUser', $params) + ); + $this->assertArrayHasKey('user1', $auth->users); + + // try again should fail, because user already exists + $this->assertFalse( + $this->remote->call('plugin.usermanager.createUser', $params) + ); + } + + public function testCreateUserFailAccess() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'testuser'; + + $this->expectException(AccessDeniedException::class); + $this->expectExceptionCode(114); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailMissingUser() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => '', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(RemoteException::class); + $this->expectExceptionCode(401); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailMissingName() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => '', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(RemoteException::class); + $this->expectExceptionCode(402); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailBadEmail() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'This is not an email', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(RemoteException::class); + $this->expectExceptionCode(403); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailAuthCapability() + { + global $auth; + $auth = new AuthPlugin(['addUser' => false]); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(AccessDeniedException::class); + $this->expectExceptionCode(404); + $this->expectExceptionMessageMatches('/can\'t do addUser/'); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testDeleteUserSuccess() + { + global $auth; + $auth = new AuthPlugin(); + $auth->users = [ + 'user1' => [ + 'pass' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'grps' => [ + 'user', + 'test' + ] + ], + 'user2' => [ + 'pass' => 'password2', + 'name' => 'user two', + 'mail' => 'user2@localhost', + 'grps' => [ + 'user', + 'test' + ] + ], + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->assertTrue($this->remote->call('plugin.usermanager.deleteUser', ['user' => 'user1'])); + $this->assertArrayNotHasKey('user1', $auth->users); + $this->assertArrayHasKey('user2', $auth->users); + } + + public function testDeleteUserFailNoExist() + { + global $auth; + $auth = new AuthPlugin(); + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->assertFalse($this->remote->call('plugin.usermanager.deleteUser', ['user' => 'user1'])); + } + + public function testDeleteUserFailAuthCapability() + { + global $auth; + $auth = new AuthPlugin(['delUser' => false]); + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(AccessDeniedException::class); + $this->expectExceptionCode(404); + $this->expectExceptionMessageMatches('/can\'t do delUser/'); + $this->remote->call('plugin.usermanager.deleteUser', ['user' => 'user1']); + } +} diff --git a/lib/plugins/usermanager/remote.php b/lib/plugins/usermanager/remote.php index 5db4a54f9..c2b61f361 100644 --- a/lib/plugins/usermanager/remote.php +++ b/lib/plugins/usermanager/remote.php @@ -46,7 +46,7 @@ class remote_plugin_usermanager extends RemotePlugin if (!$auth->canDo('addUser')) { throw new AccessDeniedException( sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()), - 114 + 404 ); } @@ -62,7 +62,7 @@ class remote_plugin_usermanager extends RemotePlugin try { $password = auth_pwgen($user); } catch (\Exception $e) { - throw new RemoteException('Could not generate password', 404); // FIXME adjust code + throw new RemoteException('Could not generate password', 405); } } @@ -95,6 +95,15 @@ class remote_plugin_usermanager extends RemotePlugin if (!auth_isadmin()) { throw new AccessDeniedException('Only admins are allowed to delete users', 114); } + + global $auth; + if (!$auth->canDo('delUser')) { + throw new AccessDeniedException( + sprintf('Authentication backend %s can\'t do delUser', $auth->getPluginName()), + 404 + ); + } + /** @var AuthPlugin $auth */ global $auth; return (bool)$auth->triggerUserMod('delete', [[$user]]);