Testing2

.github/workflows/phpunit.yml

@@ -17,4 +17,4 @@ jobs:
     - name: Install dependencies
       run: composer install --prefer-dist --no-progress
     - name: Run PHPUnit tests
-      run: vendor/bin/phpunit --colors=always
+      run: vendor/bin/phpunit --colors=always --testsuite unit

.github/workflows/pre-commit.yml

@@ -0,0 +1,19 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
+    - name: setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: "8.3"
+        tools: composer, phpcs, phpcbf
+    - uses: pre-commit/action@v3.0.1

.pre-commit-config.yaml

@@ -2,11 +2,7 @@
 # pre-commit automatically excludes submodules
 exclude: |
   (?x)^(
-      .*\.dist|
-      roles/ood-head/files/auto-copy/var/www/ood/apps/common/common_attributes.yml|
-      roles/ood-head/files/auto-copy/var/www/ood/apps/sys/dashboard/config/locales/en.yml|
-      inventory.d/ipv4.py|
-      files/shibboleth/filtered-incommon-metadata.xml.j2|
+      test/.*|
   )$
 
 repos:

phpunit.xml

@@ -1,6 +1,6 @@
 <!-- restrictWarnings="true" -->
 <phpunit
-  bootstrap="test/unit/bootstrap.php"
+  bootstrap="test/phpunit-bootstrap.php"
   failOnWarning="true"
   failOnDeprecation="true"
   failOnNotice="true"
@@ -9,5 +9,8 @@
     <testsuite name="unit">
       <directory>test/unit</directory>
     </testsuite>
+    <testsuite name="functional">
+      <directory>test/functional</directory>
+    </testsuite>
   </testsuites>
 </phpunit>

resources/lib/UnityUser.php

@@ -446,6 +446,8 @@ public function getSSHKeys($ignorecache = false)
      */
     public function setLoginShell($shell, $operator = null, $send_mail = true)
     {
+        // FIXME throw error if shell is not ascii
+        // ldap schema syntax is "IA5 String (1.3.6.1.4.1.1466.115.121.1.26)"
         $ldapUser = $this->getLDAPUser();
         if ($ldapUser->exists()) {
             $ldapUser->setAttribute("loginshell", $shell);

test/functional/AccountDeletionRequestTest.php

@@ -0,0 +1,65 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+class AccountDeletionRequestTest extends TestCase
+{
+    private function assertNumberAccountDeletionRequests(int $x)
+    {
+        global $USER, $SQL;
+        if ($x == 0) {
+            $this->assertFalse($USER->hasRequestedAccountDeletion());
+            $this->assertFalse($SQL->accDeletionRequestExists($USER->getUID()));
+        } elseif ($x > 0) {
+            $this->assertTrue($USER->hasRequestedAccountDeletion());
+            $this->assertTrue($SQL->accDeletionRequestExists($USER->getUID()));
+        } else {
+            throw new RuntimeError("x must not be negative");
+        }
+        $this->assertEquals($x, $this->getNumberAccountDeletionRequests());
+    }
+
+    private function getNumberAccountDeletionRequests()
+    {
+        global $USER, $SQL;
+        $stmt = $SQL->getConn()->prepare(
+            "SELECT * FROM account_deletion_requests WHERE uid=:uid"
+        );
+        $uid = $USER->getUID();
+        $stmt->bindParam(":uid", $uid);
+        $stmt->execute();
+        return count($stmt->fetchAll());
+    }
+
+    public function testRequestAccountDeletionUserHasNoGroups()
+    {
+        global $USER, $SQL;
+        switchUser(...getUserHasNotRequestedAccountDeletionHasNoGroups());
+        $this->assertEmpty($USER->getGroups());
+        $this->assertNumberAccountDeletionRequests(0);
+        post(
+            __DIR__ . "/../../webroot/panel/account.php",
+            ["form_type" => "account_deletion_request"]
+        );
+        $this->assertNumberAccountDeletionRequests(1);
+        post(
+            __DIR__ . "/../../webroot/panel/account.php",
+            ["form_type" => "account_deletion_request"]
+        );
+        $this->assertNumberAccountDeletionRequests(1);
+    }
+
+    public function testRequestAccountDeletionUserHasGroup()
+    {
+        // FIXME this should be an error
+        global $USER, $SQL;
+        switchUser(...getUserHasNotRequestedAccountDeletionHasGroup());
+        $this->assertNotEmpty($USER->getGroups());
+        $this->assertNumberAccountDeletionRequests(0);
+        post(
+            __DIR__ . "/../../webroot/panel/account.php",
+            ["form_type" => "account_deletion_request"]
+        );
+        $this->assertNumberAccountDeletionRequests(0);
+    }
+}

test/functional/LoginShellSetTest.php

@@ -0,0 +1,62 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
+
+class LoginShellSetTest extends TestCase
+{
+    private static $_initialLoginShell;
+
+    public static function setUpBeforeClass(): void
+    {
+        global $USER;
+        switchUser(...getNormalUser());
+        self::$_initialLoginShell = $USER->getLoginShell();
+    }
+
+    public function tearDown(): void
+    {
+        global $USER;
+        $USER->setLoginShell(self::$_initialLoginShell);
+    }
+
+    public static function getShells()
+    {
+        global $HTTP_HEADER_TEST_INPUTS;
+        // phpcs:disable
+        return [["/bin/bash"]] + array_map(function($x){return [$x];}, $HTTP_HEADER_TEST_INPUTS);
+        // phpcs:enable
+    }
+
+    #[DataProvider("getShells")]
+    public function testSetLoginShellCustom(string $shell): void
+    {
+        global $USER;
+        // FIXME add check to avoid warning from ldap_modify
+        if (!mb_check_encoding($shell, 'ASCII')) {
+            $this->expectException("Exception");
+        }
+        // FIXME shell is not validated
+        post(
+            __DIR__ . "/../../webroot/panel/account.php",
+            ["form_type" => "loginshell", "shellSelect" => "custom", "shell" => $shell]
+        );
+        $this->assertEquals($shell, $USER->getLoginShell());
+    }
+
+    #[DataProvider("getShells")]
+    public function testSetLoginShellSelect(string $shell): void
+    {
+        global $USER;
+        // FIXME add check to avoid warning from ldap_modify
+        if (!mb_check_encoding($shell, 'ASCII')) {
+            $this->expectException("Exception");
+        }
+        // FIXME shell is not validated
+        post(
+            __DIR__ . "/../../webroot/panel/account.php",
+            ["form_type" => "loginshell", "shellSelect" => $shell]
+        );
+        $this->assertEquals($shell, $USER->getLoginShell());
+    }
+}

test/phpunit-bootstrap.php

@@ -0,0 +1,90 @@
+<?php
+
+require_once __DIR__ . "/../vendor/autoload.php";
+
+require_once __DIR__ . "/../resources/lib/UnityLDAP.php";
+require_once __DIR__ . "/../resources/lib/UnityUser.php";
+require_once __DIR__ . "/../resources/lib/UnityGroup.php";
+require_once __DIR__ . "/../resources/lib/UnityOrg.php";
+require_once __DIR__ . "/../resources/lib/UnitySQL.php";
+require_once __DIR__ . "/../resources/lib/UnityMailer.php";
+require_once __DIR__ . "/../resources/lib/UnitySSO.php";
+require_once __DIR__ . "/../resources/lib/UnitySite.php";
+require_once __DIR__ . "/../resources/lib/UnityConfig.php";
+require_once __DIR__ . "/../resources/lib/UnityWebhook.php";
+require_once __DIR__ . "/../resources/lib/UnityRedis.php";
+
+global $HTTP_HEADER_TEST_INPUTS;
+$HTTP_HEADER_TEST_INPUTS = [
+    '',
+    'a',
+    'Hello, World!',
+    '  Some text  ',
+    '   ',
+    '12345',
+    'abc123',
+    'Hello@World!',
+    str_repeat('a', 8190), // https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize
+    '<p>This is a paragraph</p>',
+    "'; DROP TABLE users; --",
+    "<script>alert('XSS');</script>",
+    'こんにちは世界',
+    "Hello 👋 World 🌍",
+    "Line 1\nLine 2",
+    "Column1\tColumn2",
+    'MiXeD cAsE',
+    'https://www.example.com',
+    'user@example.com',
+    '{"key": "value"}',
+    'SGVsbG8sIFdvcmxkIQ==',
+    "Hello\x00World",
+    mb_convert_encoding("Hello, World!", "UTF-16")
+];
+
+function switchUser(string $eppn, string $given_name, string $sn, string $mail): void
+{
+    global $CONFIG, $REDIS, $LDAP, $SQL, $MAILER, $WEBHOOK, $SITE, $SSO, $OPERATOR, $USER, $SEND_PIMESG_TO_ADMINS, $LOC_HEADER, $LOC_FOOTER;
+    session_write_close();
+    session_id(str_replace(["_", "@", "."], "-", $eppn));
+    // session_start will be called on the first post()
+    $_SERVER["REMOTE_USER"] = $eppn;
+    $_SERVER["REMOTE_ADDR"] = "127.0.0.1";
+    $_SERVER["eppn"] = $eppn;
+    $_SERVER["givenName"] = $given_name;
+    $_SERVER["sn"] = $sn;
+    include __DIR__ .  "/../resources/autoload.php";
+    assert(!is_null($USER));
+}
+
+function post(string $phpfile, array $post_data): void
+{
+    global $CONFIG, $REDIS, $LDAP, $SQL, $MAILER, $WEBHOOK, $SITE, $SSO, $OPERATOR, $USER, $SEND_PIMESG_TO_ADMINS, $LOC_HEADER, $LOC_FOOTER;
+    $_SERVER["REQUEST_METHOD"] = "POST";
+    $_POST = $post_data;
+    ob_start();
+    try {
+        include $phpfile;
+        ob_get_clean(); // discard output
+    } catch (Throwable $e) {
+        error_log(ob_get_clean()); // don't discard output
+        throw $e;
+    } finally {
+        unset($_POST);
+        unset($_SERVER["REQUEST_METHOD"]);
+    }
+}
+
+function getNormalUser()
+{
+    return ["user1@org1.test", "foo", "bar", "user1@org1.test"];
+}
+
+function getUserHasNotRequestedAccountDeletionHasGroup()
+{
+    return ["user1@org1.test", "foo", "bar", "user1@org1.test"];
+}
+
+function getUserHasNotRequestedAccountDeletionHasNoGroups()
+{
+    return ["user2@org1.test", "foo", "bar", "user2@org1.test"];
+}

tools/docker-dev/identity/bootstrap.ldif

@@ -10609,7 +10609,6 @@ memberuid: user1_org1_test
 memberuid: user3_org1_test
 memberuid: user264_org1_test
 memberuid: user10_org1_test
-memberuid: user2_org1_test
 memberuid: user6_org1_test
 memberuid: user8_org1_test
 memberuid: user5_org2_test

webroot/panel/account.php

@@ -77,7 +77,6 @@
         case "account_deletion_request":
             $hasGroups = count($USER->getGroups()) > 0;
             if ($hasGroups) {
-                die();
                 break;
             }
             if (!$SQL->accDeletionRequestExists($USER->getUID())) {