function it_should_refresh_roles_but_not_attributes_if_specified($query, LdapUser $user)
{
$this->setRefreshAttributes(false);
$query->getResult()->shouldBeCalled();
$user->toArray()->shouldBeCalled()->willReturn(['foo' => 'bar', 'guid' => $this->attr['guid']]);
$user->getType()->shouldBeCalled()->willReturn('user');
$user->getRoles()->shouldNotBeCalled();
$query->getSingleResult()->shouldNotBeCalled();
$this->refreshUser($user)->toArray()->shouldEqual(['foo' => 'bar', 'guid' => $this->attr['guid']]);
}
function it_should_throw_an_account_expired_exception_if_the_user_checker_detects_it()
{
$this->user->isAccountNonExpired()->willReturn(false);
$this->shouldThrow('\\Symfony\\Component\\Security\\Core\\Exception\\AccountExpiredException')->duringAuthenticate($this->token);
}
function it_should_call_a_login_success_event()
{
$credentials = $this->credentials;
$credentials['ldap_domain'] = '';
$user = new LdapUser(new LdapObject(['username' => 'foo']));
$token = new UsernamePasswordToken($user, $credentials['password'], 'ldap-tools', $user->getRoles());
$token->setAttribute('ldap_domain', '');
$this->connection->execute(new AuthenticationOperation('foo', 'bar'))->shouldBeCalled()->willReturn(new AuthenticationResponse(true));
$this->checkCredentials($credentials, $user)->shouldReturn(true);
$this->dispatcher->dispatch('ldap_tools_bundle.login.success', new LdapLoginEvent($user, $token))->shouldBeCalled();
}
/**
* @param LdapUser $user
* @return LdapObjectCollection
*/
protected function getGroupsForUser(LdapUser $user)
{
$select = $this->roleAttrMap;
unset($select['members']);
$query = $this->ldap->buildLdapQuery()->from($this->groupObjectType)->select(array_values($select));
if ($this->checkGroupsRecursively) {
$query->where($query->filter()->hasMemberRecursively($user->getLdapGuid(), $this->roleAttrMap['members']));
} else {
$query->where([$this->roleAttrMap['members'] => $user->getLdapGuid()]);
}
return $query->getLdapQuery()->getResult();
}
