mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 01:25:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow X500 attributes for user info and added some tests

Browse source
This commit is contained in:
Jan Böhmer 2023-02-21 23:41:02 +01:00
parent 91fb861fd3
commit 586a57c2c9
7 changed files with 193 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
config/services_test.yaml Normal file
View file

@ -0,0 +1,9 @@
# Service overrides for the test environment
services:
saml_user_factory:
class: App\Security\SamlUserFactory
public: true
App\Security\SamlUserFactory:
public: true

11
src/Entity/UserSystem/User.php
View file

@ -912,5 +912,16 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
if (isset($attributes['department'])) {
$this->setDepartment($attributes['department'][0]);
}
//Use X500 attributes as userinfo
if (isset($attributes['urn:oid:2.5.4.42'])) {
$this->setFirstName($attributes['urn:oid:2.5.4.42'][0]);
}
if (isset($attributes['urn:oid:2.5.4.4'])) {
$this->setLastName($attributes['urn:oid:2.5.4.4'][0]);
}
if (isset($attributes['urn:oid:1.2.840.113549.1.9.1'])) {
$this->setEmail($attributes['urn:oid:1.2.840.113549.1.9.1'][0]);
}
}
}

2
src/Security/EnsureSAMLUserForSAMLLoginChecker.php
View file

@ -44,7 +44,7 @@ class EnsureSAMLUserForSAMLLoginChecker implements EventSubscriberInterface
];
}
public function onAuthenticationSuccess(AuthenticationSuccessEvent $event)
public function onAuthenticationSuccess(AuthenticationSuccessEvent $event): void
{
$token = $event->getAuthenticationToken();
$user = $token->getUser();

3
src/Security/SamlUserFactory.php
View file

@ -31,13 +31,12 @@ class SamlUserFactory implements SamlUserFactoryInterface
$user = new User();
$user->setName($username);
$user->setNeedPwChange(false);
$user->setPassword('$$SAML$$');
$user->setPassword('!!SAML!!');
//This is a SAML user now!
$user->setSamlUser(true);
$user->setSamlAttributes($attributes);
return $user;
}
}

36
tests/Entity/UserSystem/UserTest.php
View file

@ -148,4 +148,40 @@ class UserTest extends TestCase
}
$this->assertFalse($user->isWebAuthnAuthenticatorEnabled());
}
public function testSetSAMLAttributes(): void
{
$data = [
'firstName' => ['John'],
'lastName' => ['Doe'],
'email' => ['j.doe@invalid.invalid'],
'department' => ['Test Department'],
];
$user = new User();
$user->setSAMLAttributes($data);
//Test if the data was set correctly
$this->assertSame('John', $user->getFirstName());
$this->assertSame('Doe', $user->getLastName());
$this->assertSame('j.doe@invalid.invalid', $user->getEmail());
$this->assertSame('Test Department', $user->getDepartment());
//Test that it works for X500 attributes
$data = [
'urn:oid:2.5.4.42' => ['Jane'],
'urn:oid:2.5.4.4' => ['Dane'],
'urn:oid:1.2.840.113549.1.9.1' => ['mail@invalid.invalid'],
];
$user->setSAMLAttributes($data);
//Data must be changed
$this->assertSame('Jane', $user->getFirstName());
$this->assertSame('Dane', $user->getLastName());
$this->assertSame('mail@invalid.invalid', $user->getEmail());
//Department must not be changed
$this->assertSame('Test Department', $user->getDepartment());
}
}

70
tests/Security/EnsureSAMLUserForSAMLLoginCheckerTest.php Normal file
View file

@ -0,0 +1,70 @@
<?php
/*
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace App\Tests\Security;
use App\Entity\UserSystem\User;
use App\Security\EnsureSAMLUserForSAMLLoginChecker;
use Hslavich\OneloginSamlBundle\Security\Http\Authenticator\Token\SamlToken;
use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
class EnsureSAMLUserForSAMLLoginCheckerTest extends WebTestCase
{
/** @var EnsureSAMLUserForSAMLLoginChecker */
protected $service;
protected function setUp(): void
{
self::bootKernel();
$this->service = self::getContainer()->get('saml_user_factory');
}
public function testOnAuthenticationSuccessFailsOnSSOLoginWithLocalUser(): void
{
$local_user = new User();
$saml_token = $this->createMock(SamlToken::class);
$saml_token->method('getUser')->willReturn($local_user);
$event = new AuthenticationSuccessEvent($saml_token);
$this->expectException(CustomUserMessageAccountStatusException::class);
$this->service->onAuthenticationSuccess($event);
}
public function testOnAuthenticationSuccessFailsOnLocalLoginWithSAMLUser(): void
{
$saml_user = (new User())->setSamlUser(true);
$saml_token = $this->createMock(UsernamePasswordToken::class);
$saml_token->method('getUser')->willReturn($saml_user);
$event = new AuthenticationSuccessEvent($saml_token);
$this->expectException(CustomUserMessageAccountStatusException::class);
$this->service->onAuthenticationSuccess($event);
}
}

65
tests/Security/SamlUserFactoryTest.php Normal file
View file

@ -0,0 +1,65 @@
<?php
/*
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace App\Tests\Security;
use App\Entity\UserSystem\User;
use App\Security\SamlUserFactory;
use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
class SamlUserFactoryTest extends WebTestCase
{
/** @var SamlUserFactory */
protected $service;
protected function setUp(): void
{
self::bootKernel();
$this->service = self::getContainer()->get(SamlUserFactory::class);
}
public function testCreateUser()
{
$user = $this->service->createUser('sso_user', [
'email' => ['j.doe@invalid.invalid'],
'urn:oid:2.5.4.42' => ['John'],
'urn:oid:2.5.4.4' => ['Doe'],
'department' => ['IT']
]);
$this->assertInstanceOf(User::class, $user);
$this->assertEquals('sso_user', $user->getUsername());
//User must not change his password
$this->assertFalse($user->isNeedPwChange());
//And must not be disabled
$this->assertFalse($user->isDisabled());
//Password should not be set
$this->assertSame('!!SAML!!', $user->getPassword());
//Info should be set
$this->assertEquals('John', $user->getFirstName());
$this->assertEquals('Doe', $user->getLastName());
$this->assertEquals('IT', $user->getDepartment());
$this->assertEquals('j.doe@invalid.invalid', $user->getEmail());
}
}