mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
242386e279
- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
- disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
- allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
- allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
- writing future test suites and startup checks more easily
- organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
76 lines
1.9 KiB
Go
76 lines
1.9 KiB
Go
package notification
|
|
|
|
import (
|
|
"fmt"
|
|
"net/smtp"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestFullLoginAuth(t *testing.T) {
|
|
username := "john"
|
|
password := "strongpw123"
|
|
serverInfo := &smtp.ServerInfo{
|
|
Name: "mail.authelia.com",
|
|
TLS: true,
|
|
Auth: nil,
|
|
}
|
|
auth := newLoginAuth(username, password, "mail.authelia.com")
|
|
|
|
proto, _, err := auth.Start(serverInfo)
|
|
assert.Equal(t,"LOGIN", proto)
|
|
require.NoError(t, err)
|
|
|
|
toServer, err := auth.Next([]byte("Username:"), true)
|
|
assert.Equal(t,[]byte(username), toServer)
|
|
require.NoError(t, err)
|
|
|
|
toServer, err = auth.Next([]byte("Password:"), true)
|
|
assert.Equal(t, []byte(password), toServer)
|
|
require.NoError(t, err)
|
|
|
|
toServer, err = auth.Next([]byte(nil), false)
|
|
assert.Equal(t,[]byte(nil), toServer)
|
|
require.NoError(t, err)
|
|
|
|
toServer, err = auth.Next([]byte("test"), true)
|
|
assert.Equal(t, []byte(nil), toServer)
|
|
assert.EqualError(t, err, fmt.Sprintf("unexpected server challenge: %s", []byte("test")))
|
|
}
|
|
|
|
func TestShouldHaveUnexpectedHostname(t *testing.T) {
|
|
serverInfo := &smtp.ServerInfo{
|
|
Name: "localhost",
|
|
TLS: true,
|
|
Auth: nil,
|
|
}
|
|
auth := newLoginAuth("john", "strongpw123", "mail.authelia.com")
|
|
_, _, err := auth.Start(serverInfo)
|
|
assert.EqualError(t, err, "unexpected hostname from server")
|
|
}
|
|
|
|
func TestTLSNotNeededForLocalhost(t *testing.T) {
|
|
serverInfo := &smtp.ServerInfo{
|
|
Name: "localhost",
|
|
TLS: false,
|
|
Auth: nil,
|
|
}
|
|
auth := newLoginAuth("john", "strongpw123", "localhost")
|
|
|
|
proto, _, err := auth.Start(serverInfo)
|
|
assert.Equal(t,"LOGIN", proto)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestTLSNeededForNonLocalhost(t *testing.T) {
|
|
serverInfo := &smtp.ServerInfo{
|
|
Name: "mail.authelia.com",
|
|
TLS: false,
|
|
Auth: nil,
|
|
}
|
|
auth := newLoginAuth("john", "strongpw123", "mail.authelia.com")
|
|
_, _, err := auth.Start(serverInfo)
|
|
assert.EqualError(t, err, "connection over plain-text")
|
|
} |