Assert that rules are executed when authenticating with SSO middleware

#748

Author: stevebauman

tests/WindowsAuthenticateTest.php

@@ -5,6 +5,8 @@
 use Mockery as m;
 use Adldap\Query\Builder;
 use Adldap\Laravel\Facades\Resolver;
+use Adldap\Laravel\Tests\Models\TestUser;
+use Adldap\Laravel\Validation\Rules\DenyTrashed;
 use Adldap\Laravel\Middleware\WindowsAuthenticate;
 
 class WindowsAuthenticateTest extends DatabaseTestCase
@@ -16,8 +18,6 @@ public function middleware_authenticates_users()
 
         $request->server->set('AUTH_USER', 'jdoe');
 
-        $middleware = app(WindowsAuthenticate::class);
-
         $user = $this->makeLdapUser([
             'objectguid'        => ['cc07cacc-5d9d-fa40-a9fb-3a4d50a172b0'],
             'cn'                => ['John Doe'],
@@ -35,10 +35,9 @@ public function middleware_authenticates_users()
             ->shouldReceive('getDatabaseIdColumn')->twice()->andReturn('objectguid')
             ->shouldReceive('getDatabaseUsernameColumn')->once()->andReturn('email')
             ->shouldReceive('getLdapDiscoveryAttribute')->once()->andReturn('userprincipalname')
-            ->shouldReceive('byModel')->once()->andReturn(($user));
+            ->shouldReceive('byModel')->once()->andReturn($user);
 
-        $middleware->handle($request, function () {
-        });
+        app(WindowsAuthenticate::class)->handle($request, function () {});
 
         $authenticated = auth()->user();
 
@@ -55,8 +54,6 @@ public function middleware_continues_request_when_user_is_not_found()
 
         $request->server->set('AUTH_USER', 'jdoe');
 
-        $middleware = app(WindowsAuthenticate::class);
-
         $query = m::mock(Builder::class);
 
         $query
@@ -65,9 +62,51 @@ public function middleware_continues_request_when_user_is_not_found()
 
         Resolver::shouldReceive('query')->once()->andReturn($query);
 
-        $middleware->handle($request, function () {
+        app(WindowsAuthenticate::class)->handle($request, function () {});
+
+        $this->assertNull(auth()->user());
+    }
+
+    /** @test */
+    public function middleware_validates_authenticating_users()
+    {
+        // Deny deleted users from authenticating.
+        config()->set('ldap_auth.rules', [DenyTrashed::class]);
+
+        // Create the deleted user.
+        tap(new TestUser(), function ($user) {
+            $user->name = 'John Doe';
+            $user->email = '[email protected]';
+            $user->password = 'secret';
+            $user->deleted_at = now();
+
+            $user->save();
         });
 
+        $request = app('request');
+
+        $request->server->set('AUTH_USER', 'jdoe');
+
+        $user = $this->makeLdapUser([
+            'objectguid'        => ['cc07cacc-5d9d-fa40-a9fb-3a4d50a172b0'],
+            'cn'                => ['John Doe'],
+            'userprincipalname' => ['[email protected]'],
+            'samaccountname'    => ['jdoe'],
+        ]);
+
+        $query = m::mock(Builder::class);
+
+        $query
+            ->shouldReceive('whereEquals')->once()->withArgs(['samaccountname', 'jdoe'])->andReturn($query)
+            ->shouldReceive('first')->once()->andReturn($user);
+
+        Resolver::shouldReceive('query')->once()->andReturn($query)
+            ->shouldReceive('getDatabaseIdColumn')->twice()->andReturn('objectguid')
+            ->shouldReceive('getDatabaseUsernameColumn')->once()->andReturn('email')
+            ->shouldReceive('getLdapDiscoveryAttribute')->once()->andReturn('userprincipalname');
+
+        app(WindowsAuthenticate::class)->handle($request, function () {});
+
         $this->assertNull(auth()->user());
     }
 }