Add test to verify issue #250

When users change their groups in LDAP that is not followed up in WordPress. THis newly added test verifies that. Next up is fixing this problem
heiglandreas · Mar 6, 2024 · c272594 · c272594
1 parent d9f3a4f
commit c272594
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 1 deletion.
diff --git a/features/bootstrap/FeatureContext.php b/features/bootstrap/FeatureContext.php
@@ -284,6 +284,25 @@ public function theWordpressUserIsNotMemberOfRole($arg1, $arg2)
 			return trim($item);
 		}, explode(',', $user['roles']));
 		Assert::false(in_array($arg2, $roles));
-
 	}
+
+	/**
+	 * @Given LDAP user :arg1 is not member of LDAP group :arg2
+	 */
+	public function ldapUserIsNotMemberOfLdapGroup($arg1, $arg2)
+	{
+		exec(sprintf(
+			'ldapmodify -x -H %1$s -D "%2$s" -w %3$s 2>&1 <<LDIF
+%4$s
+LDIF',
+			'ldap://openldap',
+			'cn=admin,dc=example,dc=org',
+			'insecure',
+			<<<LDIF
+			dn: cn=$arg2,dc=example,dc=org
+			changetype: modify
+			delete: uniqueMember
+			uniqueMember: uid=$arg1,dc=example,dc=org
+			LDIF
+		));	}
 }
diff --git a/features/log in using no groups at all.feature b/features/log in using no groups at all.feature
@@ -61,3 +61,25 @@ Feature: Log in without group assignment
 		And the WordPress user "ldapuser" is member of role "wordpressrole"
 		And the WordPress user "ldapuser" is not member of role "editor"
 		And the WordPress user "ldapuser" is not member of role "subscriber"
+
+	Scenario: Second Login with group assignment that changes between first and second login
+		Given a default configuration
+		And configuration value "GroupEnable" is set to "true"
+		And configuration value "DefaultRole" is set to "subscriber"
+		And configuration value "Groups" is set to "administrator=ldapgroup1" and "editor=ldapgroup2"
+		And configuration value "GroupAttr" is set to "cn"
+		And configuration value "GroupFilter" is set to "uniquemember=%dn%"
+		And configuration value "GroupOverUser" is set to "false"
+		And an LDAP user "ldapuser" with name "LDAP User", password "P@ssw0rd" and email "[email protected]" exists
+		And an LDAP group "ldapgroup1" exists
+		And an LDAP group "ldapgroup2" exists
+		And LDAP user "ldapuser" is member of LDAP group "ldapgroup1"
+		And LDAP user "ldapuser" logs in with password "P@ssw0rd"
+		And LDAP user "ldapuser" is member of LDAP group "ldapgroup2"
+		And LDAP user "ldapuser" is not member of LDAP group "ldapgroup1"
+		When LDAP user "ldapuser" logs in with password "P@ssw0rd"
+		Then the login suceeds
+		And the WordPress user "ldapuser" is member of role "editor"
+		And the WordPress user "ldapuser" is member of role "wordpressrole"
+		And the WordPress user "ldapuser" is not member of role "administrator"
+		And the WordPress user "ldapuser" is not member of role "subscriber"