From 59862f7175db0f3e46d682f63cc1a34057453a14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Tue, 23 Nov 2021 14:18:02 +0100
Subject: [PATCH] Improve ldap:test-config occ command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Test a search on the base, as the settings wizard is doing.
This is to avoid the wizard saying the base is wrong and the command
 saying everything is fine.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 apps/user_ldap/lib/Command/TestConfig.php | 67 ++++++++++++++++-------
 1 file changed, 46 insertions(+), 21 deletions(-)

diff --git a/apps/user_ldap/lib/Command/TestConfig.php b/apps/user_ldap/lib/Command/TestConfig.php
index fa3d5e83fbb..781af12660d 100644
--- a/apps/user_ldap/lib/Command/TestConfig.php
+++ b/apps/user_ldap/lib/Command/TestConfig.php
@@ -4,6 +4,7 @@
  *
  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @author Côme Chilliet <come.chilliet@nextcloud.com>
  * @author Joas Schilling <coding@schilljs.com>
  * @author Roeland Jago Douma <roeland@famdouma.nl>
  * @author Thomas Müller <thomas.mueller@tmit.eu>
@@ -25,6 +26,7 @@
  */
 namespace OCA\User_LDAP\Command;
 
+use OCA\User_LDAP\AccessFactory;
 use OCA\User_LDAP\Connection;
 use OCA\User_LDAP\Helper;
 use Symfony\Component\Console\Command\Command;
@@ -33,6 +35,19 @@ use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 
 class TestConfig extends Command {
+	protected const SUCCESS = 0;
+	protected const INVALID = 1;
+	protected const BINDFAILURE = 2;
+	protected const SEARCHFAILURE = 3;
+
+	/** @var AccessFactory */
+	protected $accessFactory;
+
+	public function __construct(AccessFactory $accessFactory) {
+		$this->accessFactory = $accessFactory;
+		parent::__construct();
+	}
+
 	protected function configure() {
 		$this
 			->setName('ldap:test-config')
@@ -41,7 +56,7 @@ class TestConfig extends Command {
 					'configID',
 					InputArgument::REQUIRED,
 					'the configuration ID'
-					 )
+				)
 		;
 	}
 
@@ -50,44 +65,54 @@ class TestConfig extends Command {
 		$availableConfigs = $helper->getServerConfigurationPrefixes();
 		$configID = $input->getArgument('configID');
 		if (!in_array($configID, $availableConfigs)) {
-			$output->writeln("Invalid configID");
+			$output->writeln('Invalid configID');
 			return 1;
 		}
 
 		$result = $this->testConfig($configID);
-		if ($result === 0) {
-			$output->writeln('The configuration is valid and the connection could be established!');
-		} elseif ($result === 1) {
-			$output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
-			return 1;
-		} elseif ($result === 2) {
-			$output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
-		} else {
-			$output->writeln('Your LDAP server was kidnapped by aliens.');
+		switch ($result) {
+			case static::SUCCESS:
+				$output->writeln('The configuration is valid and the connection could be established!');
+				return 0;
+			case static::INVALID:
+				$output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
+				break;
+			case static::BINDFAILURE:
+				$output->writeln('The configuration is valid, but the bind failed. Please check the server settings and credentials.');
+				break;
+			case static::SEARCHFAILURE:
+				$output->writeln('The configuration is valid and the bind passed, but a simple search on the base fails. Please check the server base setting.');
+				break;
+			default:
+				$output->writeln('Your LDAP server was kidnapped by aliens.');
+				break;
 		}
-		return 0;
+		return 1;
 	}
 
 	/**
-	 * tests the specified connection
-	 * @param string $configID
-	 * @return int
+	 * Tests the specified connection
 	 */
-	protected function testConfig($configID) {
+	protected function testConfig(string $configID): int {
 		$lw = new \OCA\User_LDAP\LDAP();
 		$connection = new Connection($lw, $configID);
 
-		//ensure validation is run before we attempt the bind
+		// Ensure validation is run before we attempt the bind
 		$connection->getConfiguration();
 
 		if (!$connection->setConfiguration([
 			'ldap_configuration_active' => 1,
 		])) {
-			return 1;
+			return static::INVALID;
+		}
+		if (!$connection->bind()) {
+			return static::BINDFAILURE;
 		}
-		if ($connection->bind()) {
-			return 0;
+		$access = $this->accessFactory->get($connection);
+		$result = $access->countObjects(1);
+		if (!is_int($result) || ($result <= 0)) {
+			return static::SEARCHFAILURE;
 		}
-		return 2;
+		return static::SUCCESS;
 	}
 }