fix(ldap-select): Restrict AuthLdap directories to only those that are active

Author: ccailly

src/Model/Mapper/FormcreatorLdapSelectTypeMapper.php

@@ -33,6 +33,7 @@
 
 namespace GlpiPlugin\Advancedforms\Model\Mapper;
 
+use AuthLDAP;
 use Glpi\Form\Migration\FormQuestionDataConverterInterface;
 use GlpiPlugin\Advancedforms\Model\QuestionType\LdapQuestion;
 use GlpiPlugin\Advancedforms\Model\QuestionType\LdapQuestionConfig;
@@ -63,8 +64,16 @@ public function convertExtraData(array $rawData): array
 
         /** @var array{ldap_auth: int, ldap_filter: string, ldap_attribute: int} $data */
         $data = json_decode($rawData['values'], associative: true);
+
+        // Ensure LDAP auth exists and is active
+        $authLdap = new AuthLDAP();
+        $authLdapId = 0;
+        if ($authLdap->getFromDB($data['ldap_auth']) && $authLdap->fields['is_active']) {
+            $authLdapId = $authLdap->getId();
+        }
+
         return [
-            LdapQuestionConfig::AUTHLDAP_ID       => $data['ldap_auth'],
+            LdapQuestionConfig::AUTHLDAP_ID       => $authLdapId,
             LdapQuestionConfig::LDAP_FILTER       => $data['ldap_filter'],
             LdapQuestionConfig::LDAP_ATTRIBUTE_ID => $data['ldap_attribute'],
         ];

templates/editor/question_types/ldap_select_config.html.twig

@@ -67,6 +67,7 @@
             'is_horizontal'      : false,
             'init'               : question is not null ? true : false,
             'on_change'          : 'plugin_advancedforms_on_ldap_change(this)',
+            'condition'          : {'is_active': 1},
         }
     ) }}
 

tests/Model/Mapper/FormcreatorLdapSelectTypeMapperTest.php

@@ -33,31 +33,58 @@
 
 namespace GlpiPlugin\Advancedforms\Tests\Model\Mapper;
 
+use AuthLDAP;
 use Glpi\Form\AccessControl\FormAccessControlManager;
 use Glpi\Form\Migration\FormMigration;
 use Glpi\Form\Question;
-use GlpiPlugin\Advancedforms\Model\QuestionType\IpAddressQuestion;
 use GlpiPlugin\Advancedforms\Model\QuestionType\LdapQuestion;
 use GlpiPlugin\Advancedforms\Model\QuestionType\LdapQuestionConfig;
 use LogicException;
 use RuntimeException;
 
 final class FormcreatorLdapSelectTypeMapperTest extends MapperTestCase
 {
-    public function testIpTypeMigrationWhenEnabled(): void
+    public function testLdapSelectTypeMigrationWhenEnabledWithValidAuthLDAP(): void
     {
         /** @var \DBmysql $DB */
         global $DB;
 
-        // Arrange: enable ip question type and add some fomrcreator data
+        // Arrange: create a valid AuthLDAP
+        $authldap = $this->createItem(AuthLDAP::class, [
+            'name'      => 'My LDAP server',
+            'is_active' => 1,
+        ]);
+
+        // Act & Assert: test migration with the valid AuthLDAP
+        $this->testLdapSelectTypeMigrationWhenEnabled(
+            authldap_id: $authldap->getId(),
+            expected_authldap_id: null,
+        );
+    }
+
+    public function testLdapSelectTypeMigrationWhenEnabledWithInvalidAuthLDAP(): void
+    {
+        // Act & Assert: test migration with an invalid AuthLDAP
+        $this->testLdapSelectTypeMigrationWhenEnabled(
+            authldap_id: 123,
+            expected_authldap_id: 0,
+        );
+    }
+
+    private function testLdapSelectTypeMigrationWhenEnabled(int $authldap_id, ?int $expected_authldap_id): void
+    {
+        /** @var \DBmysql $DB */
+        global $DB;
+
+        // Arrange: enable ldap select question type and add some formcreator data
         $this->enableConfigurableItem(LdapQuestion::class);
         $this->createSimpleFormcreatorForm(
             name: "My form",
             questions: [
                 [
                     'name'      => 'My LDAP question',
                     'fieldtype' => 'ldapselect',
-                    'values'    => '{"ldap_auth":"123","ldap_attribute":"456","ldap_filter":"(& (uid=*) (objectClass=inetOrgPerson))"}',
+                    'values'    => '{"ldap_auth":"' . $authldap_id . '","ldap_attribute":"456","ldap_filter":"(& (uid=*) (objectClass=inetOrgPerson))"}',
                 ],
             ],
         );
@@ -80,27 +107,31 @@ public function testIpTypeMigrationWhenEnabled(): void
         if (!$config instanceof LdapQuestionConfig) {
             throw new LogicException();
         }
-        $this->assertEquals(123, $config->getAuthLdapId());
+        $this->assertEquals($expected_authldap_id ?? $authldap_id, $config->getAuthLdapId());
         $this->assertEquals(456, $config->getLdapAttributeId());
         $this->assertEquals(
             "(& (uid=*) (objectClass=inetOrgPerson))",
             $config->getLdapFilter(),
         );
     }
 
-    public function testIpTypeMigrationWhenDisabled(): void
+    public function testLdapSelectTypeMigrationWhenDisabled(): void
     {
         /** @var \DBmysql $DB */
         global $DB;
 
-        // Arrange: add some fomrcreator data
+        // Arrange: add some formcreator data
+        $authldap = $this->createItem(AuthLDAP::class, [
+            'name'      => 'My LDAP server',
+            'is_active' => 1,
+        ]);
         $this->createSimpleFormcreatorForm(
             name: "My form",
             questions: [
                 [
                     'name'      => 'My LDAP question',
                     'fieldtype' => 'ldapselect',
-                    'values'    => '{"ldap_auth":"123","ldap_attribute":"456","ldap_filter":"(& (uid=*) (objectClass=inetOrgPerson))"}',
+                    'values'    => '{"ldap_auth":"' . $authldap->getId() . '","ldap_attribute":"456","ldap_filter":"(& (uid=*) (objectClass=inetOrgPerson))"}',
                 ],
             ],
         );

tests/Model/QuestionType/QuestionTypeTestCase.php

@@ -101,7 +101,7 @@ final public function testQuestionIsAvailableInTypeDropdownWhenEnabled(): void
         $this->assertContains($item->getName(), $options);
     }
 
-    final public function testIpAddressIsNotAvailableInTypeDropdownWhenDisabled(): void
+    final public function testQuestionIsNotAvailableInTypeDropdownWhenDisabled(): void
     {
         $item = $this->getTestedQuestionType();