<?php
/*
** Zabbix
** Copyright (C) 2001-2022 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/

require_once dirname(__FILE__).'/../include/CWebTest.php';

/**
 * @backup config
 */
class testFormAdministrationAuthenticationLdap extends CWebTest {

	public function getLdapData() {
		return [
			[
				[
					'error' => 'Incorrect value for field "authentication_type": LDAP is not configured.'
				]
			],
			[
				[
					'ldap_settings' => [
						'Enable LDAP authentication' => true
					],
					'error' => 'Incorrect value for field "ldap_host": cannot be empty.'
				]
			],
			[
				[
					'ldap_settings' => [
						'Enable LDAP authentication' => true,
						'LDAP host' => 'ldap.forumsys.com'
					],
					'error' => 'Incorrect value for field "ldap_base_dn": cannot be empty.'
				]
			],
			[
				[
					'ldap_settings' => [
						'Enable LDAP authentication' => true,
						'LDAP host' => 'ldap.forumsys.com',
						'Base DN' => 'dc=example,dc=com'
					],
					'error' => 'Incorrect value for field "ldap_search_attribute": cannot be empty.'
				]
			],
			[
				[
					'ldap_settings' => [
						'Enable LDAP authentication' => true,
						'LDAP host' => 'ldap.forumsys.com',
						'Base DN' => 'dc=example,dc=com',
						'Search attribute' => 'uid'
					],
					'error' => 'Login name or password is incorrect.'
				]
			],
			[
				[
					'ldap_settings' => [
						'Enable LDAP authentication' => true,
						'LDAP host' => 'ldap.forumsys.com',
						'Base DN' => 'dc=example,dc=com',
						'Search attribute' => 'uid',
						'Login' => 'galieleo'
					],
					'error' => 'Login name or password is incorrect.'
				]
			],
			[
				[
					'ldap_settings' => [
						'Enable LDAP authentication' => true,
						'LDAP host' => 'ldap.forumsys.com',
						'Base DN' => 'dc=example,dc=com',
						'Search attribute' => 'uid',
						'Bind password' => 'password'
					],
					'error' => 'Incorrect value for field "ldap_bind_dn": cannot be empty.'
				]
			],
			[
				[
					'user' => 'Admin',
					'password' => 'zabbix',
					'ldap_settings' => [
						'Enable LDAP authentication' => true,
						'LDAP host' => 'ldap.forumsys.com',
						'Port' => '389',
						'Base DN' => 'dc=example,dc=com',
						'Search attribute' => 'uid',
						'Bind DN' => 'cn=read-only-admin,dc=example,dc=com',
						'Case sensitive login' => true,
						'Bind password' => 'password',
						'Login' => 'galieleo',
						'User password' => 'password'
					],
					'db_check' => [
						'authentication_type' => '1',
						'ldap_host' => 'ldap.forumsys.com',
						'ldap_port' => '389',
						'ldap_base_dn' => 'dc=example,dc=com',
						'ldap_bind_dn' => 'cn=read-only-admin,dc=example,dc=com',
						'ldap_bind_password' => 'password',
						'ldap_search_attribute' => 'uid',
						'http_auth_enabled' => '0',
						'http_login_form' => '0',
						'http_strip_domains' => '',
						'http_case_sensitive' => '1',
						'ldap_configured' => '1',
						'ldap_case_sensitive' => '1'
					]
				]
			]
		];
	}

	/**
	 * @dataProvider getLdapData
	 *
	 * Check authentication with LDAP settings.
	 */
	public function testFormAdministrationAuthenticationLdap_CheckSettings($data) {
		$this->page->login()->open('zabbix.php?action=authentication.edit');
		$this->assertEquals('Authentication', $this->query('tag:h1')->one()->getText());
		$this->page->assertTitle('Configuration of authentication');

		$form = $this->query('name:form_auth')->asForm()->one();
		$form->fill(['Default authentication' => 'LDAP']);

		// Configuration at 'LDAP settings' tab.
		if (array_key_exists('ldap_settings', $data)) {
			$form->selectTab('LDAP settings');
			$form->fill($data['ldap_settings']);
		}

		$form->submit();
		$this->page->acceptAlert();

		$message = CMessageElement::find()->one();
		if (array_key_exists('error', $data)) {
			$this->assertTrue($message->isBad());
			$this->assertEquals($data['error'], $message->getTitle());
		}
		else {
			$this->assertTrue($message->isGood());
			$this->assertEquals('Authentication settings updated', $message->getTitle());
			// Check DB configuration.
			$sql = 'SELECT authentication_type,ldap_host,ldap_port,ldap_base_dn,ldap_bind_dn,ldap_bind_password,'.
					'ldap_search_attribute,http_auth_enabled,http_login_form,http_strip_domains,http_case_sensitive,'.
					'ldap_configured,ldap_case_sensitive'.
					' FROM config';
			$result = CDBHelper::getRow($sql);
			$this->assertEquals($data['db_check'], $result);
		}
	}
}