Add test harness, write first tests for WP_LDAP::API.

Author: fabacab

.travis.yml

@@ -0,0 +1,28 @@
+language: php
+
+notifications:
+  email:
+    on_success: never
+    on_failure: change
+
+branches:
+  only:
+    - develop
+    - master
+
+php:
+  - 5.3
+  - 5.4
+  - 5.5
+  - 5.6
+  - 7.0
+  - 7.1
+
+env:
+  - WP_VERSION=latest WP_MULTISITE=1
+
+before_script:
+  - bash bin/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION
+  - apt install -y php-ldap slapd
+
+script: phpunit

bin/install-wp-tests.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+
+if [ $# -lt 3 ]; then
+	echo "usage: $0 <db-name> <db-user> <db-pass> [db-host] [wp-version]"
+	exit 1
+fi
+
+DB_NAME=$1
+DB_USER=$2
+DB_PASS=$3
+DB_HOST=${4-localhost}
+WP_VERSION=${5-latest}
+
+WP_TESTS_DIR=${WP_TESTS_DIR-/tmp/wordpress-tests-lib}
+WP_CORE_DIR=${WP_CORE_DIR-/tmp/wordpress/}
+
+download() {
+    if [ `which curl` ]; then
+        curl -s "$1" > "$2";
+    elif [ `which wget` ]; then
+        wget -nv -O "$2" "$1"
+    fi
+}
+
+if [[ $WP_VERSION =~ [0-9]+\.[0-9]+(\.[0-9]+)? ]]; then
+	WP_TESTS_TAG="tags/$WP_VERSION"
+elif [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
+	WP_TESTS_TAG="trunk"
+else
+	# http serves a single offer, whereas https serves multiple. we only want one
+	download http://api.wordpress.org/core/version-check/1.7/ /tmp/wp-latest.json
+	grep '[0-9]+\.[0-9]+(\.[0-9]+)?' /tmp/wp-latest.json
+	LATEST_VERSION=$(grep -o '"version":"[^"]*' /tmp/wp-latest.json | sed 's/"version":"//')
+	if [[ -z "$LATEST_VERSION" ]]; then
+		echo "Latest WordPress version could not be found"
+		exit 1
+	fi
+	WP_TESTS_TAG="tags/$LATEST_VERSION"
+fi
+
+set -ex
+
+install_wp() {
+
+	if [ -d $WP_CORE_DIR ]; then
+		return;
+	fi
+
+	mkdir -p $WP_CORE_DIR
+
+	if [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
+		mkdir -p /tmp/wordpress-nightly
+		download https://wordpress.org/nightly-builds/wordpress-latest.zip  /tmp/wordpress-nightly/wordpress-nightly.zip
+		unzip -q /tmp/wordpress-nightly/wordpress-nightly.zip -d /tmp/wordpress-nightly/
+		mv /tmp/wordpress-nightly/wordpress/* $WP_CORE_DIR
+	else
+		if [ $WP_VERSION == 'latest' ]; then
+			local ARCHIVE_NAME='latest'
+		else
+			local ARCHIVE_NAME="wordpress-$WP_VERSION"
+		fi
+		download https://wordpress.org/${ARCHIVE_NAME}.tar.gz  /tmp/wordpress.tar.gz
+		tar --strip-components=1 -zxmf /tmp/wordpress.tar.gz -C $WP_CORE_DIR
+	fi
+
+	download https://raw.github.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php
+}
+
+install_test_suite() {
+	# portable in-place argument for both GNU sed and Mac OSX sed
+	if [[ $(uname -s) == 'Darwin' ]]; then
+		local ioption='-i .bak'
+	else
+		local ioption='-i'
+	fi
+
+	# set up testing suite if it doesn't yet exist
+	if [ ! -d $WP_TESTS_DIR ]; then
+		# set up testing suite
+		mkdir -p $WP_TESTS_DIR
+		svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/includes/ $WP_TESTS_DIR/includes
+	fi
+
+	cd $WP_TESTS_DIR
+
+	if [ ! -f wp-tests-config.php ]; then
+		download https://develop.svn.wordpress.org/${WP_TESTS_TAG}/wp-tests-config-sample.php "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s:dirname( __FILE__ ) . '/src/':'$WP_CORE_DIR':" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s/yourpasswordhere/$DB_PASS/" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php
+	fi
+
+}
+
+install_db() {
+	# parse DB_HOST for port or socket references
+	local PARTS=(${DB_HOST//\:/ })
+	local DB_HOSTNAME=${PARTS[0]};
+	local DB_SOCK_OR_PORT=${PARTS[1]};
+	local EXTRA=""
+
+	if ! [ -z $DB_HOSTNAME ] ; then
+		if [ $(echo $DB_SOCK_OR_PORT | grep -e '^[0-9]\{1,\}$') ]; then
+			EXTRA=" --host=$DB_HOSTNAME --port=$DB_SOCK_OR_PORT --protocol=tcp"
+		elif ! [ -z $DB_SOCK_OR_PORT ] ; then
+			EXTRA=" --socket=$DB_SOCK_OR_PORT"
+		elif ! [ -z $DB_HOSTNAME ] ; then
+			EXTRA=" --host=$DB_HOSTNAME --protocol=tcp"
+		fi
+	fi
+
+	# create database
+	mysqladmin create $DB_NAME --user="$DB_USER" --password="$DB_PASS"$EXTRA
+}
+
+install_wp
+install_test_suite
+install_db

includes/class-wp-ldap-api.php

@@ -145,11 +145,13 @@ public static function sanitize_dn( $dn ) {
      * mechanism that OpenLDAP 2.4 supports.
      *
      * @param string $plain
+     * @param string $salt
      *
      * @return string
      */
-    public static function hashPassword ( $plain ) {
-        $salt = random_bytes( 8 ); // arbitrary, but 8 seems fine
+    public static function hashPassword ( $plain, $salt = '' ) {
+        // Generate 8 bytes of salt if not given any.
+        $salt = ( empty( $salt ) ) ? random_bytes( 8 ): $salt;
         return '{SSHA}' . base64_encode(
             hash( 'sha1', $plain . $salt , true ) . $salt
         );

phpunit.xml

@@ -0,0 +1,14 @@
+<phpunit
+	bootstrap="tests/bootstrap.php"
+	backupGlobals="false"
+	colors="true"
+	convertErrorsToExceptions="true"
+	convertNoticesToExceptions="true"
+	convertWarningsToExceptions="true"
+	>
+	<testsuites>
+		<testsuite>
+			<directory prefix="test-" suffix=".php">./tests/</directory>
+		</testsuite>
+	</testsuites>
+</phpunit>

tests/bootstrap.php

@@ -0,0 +1,40 @@
+<?php
+$_tests_dir = getenv( 'WP_TESTS_DIR' );
+if ( ! $_tests_dir ) {
+	$_tests_dir = '/tmp/wordpress-tests-lib';
+}
+
+require_once $_tests_dir . '/includes/functions.php';
+
+function _manually_load_plugin() {
+	require dirname( dirname( __FILE__ ) ) . '/wp-ldap.php';
+}
+tests_add_filter( 'muplugins_loaded', '_manually_load_plugin' );
+
+require $_tests_dir . '/includes/bootstrap.php';
+
+/**
+ * Custom test case class.
+ *
+ * We use PHPUnit's `@ticket` annotation to refer to GitHub issues,
+ * but still want to use `WP_UnitTestCase` for its various factory
+ * methods, so we subclass it and stub out the Trac-checking part. :)
+ */
+class Plugin_UnitTestCase extends WP_UnitTestCase {
+
+    /**
+     * Empty method to disable integration with WP Core Trac.
+     *
+     * Overrides the parent's method to disable fetching information
+     * from the WordPress Core Trac ticket tracker which causes tests
+     * with the `@ticket` annotation in our own test cases to fail.
+     *
+     * @link https://core.trac.wordpress.org/browser/tags/4.4/tests/phpunit/includes/testcase.php#L434
+     *
+     * @return void
+     */
+    protected function checkRequirements () {
+        // do nothing!
+    }
+
+}

tests/test-wp-ldap-api.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ * Test cases for the WP_LDAP::API class.
+ */
+
+use WP_LDAP\API;
+
+/**
+ * @covers API
+ */
+final class APITest extends Plugin_UnitTestCase {
+
+    /**
+     * Tests the API::hashPassword implementation against the
+     * output of using OpenLDAP's `slappasswd(8)` to create a
+     * password for the same purpose.
+     *
+     * Refer to RFC 2307 § 5.3 for implementation details.
+     *
+     * This raises a test failure if our password hashing
+     * implementation differs in any way from OpenLDAP's.
+     *
+     * @link http://www.faqs.org/rfcs/rfc2307.html
+     */
+    public function testCreateRfc2307UserPassword () {
+        $plain = 'password';
+        $cmd = "slappasswd -h {SSHA} -s $plain";
+        $userPassword = trim( shell_exec( escapeshellcmd( $cmd ) ) );
+        $saltedhash = base64_decode( substr( $userPassword, 6 ) );
+        $salt = substr( $saltedhash, -4 );
+
+        $this->assertSame(
+            $userPassword,
+            API::hashPassword( $plain, $salt )
+        );
+    }
+
+    /**
+     * Tests to ensure that various special characters in an
+     * LDAP DN are sanitized correctly.
+     */
+    public function testCanSanitizeDN () {
+        $arr = array(
+            // Input DN => Sanitized DN
+            'employeeNumber=2+uid=someuser,dc=example,dc=com' => 'employeeNumber=2+uid=someuser,dc=example,dc=com',
+            'somekey=with spaces' => 'somekey=with spaces',
+            'somekey=withequals=init' => 'somekey=withequals\5c3Dinit',
+        );
+        foreach ( $arr as $dn => $cleaned ) {
+            $this->assertSame(
+                $cleaned,
+                API::sanitize_dn( $dn )
+            );
+        }
+    }
+
+}