Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/NGINXTest.php
- This file was added.
<?php | |||||
namespace Tests\Feature\Controller; | |||||
use Tests\TestCase; | |||||
class NGINXTest extends TestCase | |||||
{ | |||||
/** | |||||
* {@inheritDoc} | |||||
*/ | |||||
public function setUp(): void | |||||
{ | |||||
parent::setUp(); | |||||
$john = $this->getTestUser('john@kolab.org'); | |||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | |||||
\App\AuthAttempt::where('user_id', $john->id)->delete(); | |||||
$john->setSettings( | |||||
[ | |||||
// 'limit_geo' => json_encode(["CH"]), | |||||
'guam_enabled' => false, | |||||
'2fa_enabled' => false | |||||
] | |||||
); | |||||
$this->useServicesUrl(); | |||||
} | |||||
public function tearDown(): void | |||||
{ | |||||
$john = $this->getTestUser('john@kolab.org'); | |||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | |||||
\App\AuthAttempt::where('user_id', $john->id)->delete(); | |||||
$john->setSettings( | |||||
[ | |||||
// 'limit_geo' => json_encode(["CH"]), | |||||
'guam_enabled' => false, | |||||
'2fa_enabled' => false | |||||
machniak: 2fa_enabled = true in the seeder. So, change it here or there. | |||||
Done Inline ActionsWe're now using ned in the seeder. mollekopf: We're now using ned in the seeder. | |||||
] | |||||
); | |||||
parent::tearDown(); | |||||
} | |||||
/** | |||||
* Test the webhook | |||||
*/ | |||||
public function testNGINXWebhook(): void | |||||
Done Inline ActionsI miss tests for error conditions, i.e. all byebye() cases. machniak: I miss tests for error conditions, i.e. all byebye() cases. | |||||
{ | |||||
$john = $this->getTestUser('john@kolab.org'); | |||||
$response = $this->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
$pass = \App\Utils::generatePassphrase(); | |||||
$headers = [ | |||||
'Auth-Login-Attempt' => '1', | |||||
'Auth-Method' => 'plain', | |||||
Done Inline ActionsPlease use \App\Utils::generatePassphrase(), which in development and with APP_PASSPHRASE creates predictable passwords. vanmeeuwen: Please use \App\Utils::generatePassphrase(), which in development and with APP_PASSPHRASE… | |||||
'Auth-Pass' => $pass, | |||||
'Auth-Protocol' => 'imap', | |||||
'Auth-Ssl' => 'on', | |||||
'Auth-User' => 'john@kolab.org', | |||||
'Client-Ip' => '127.0.0.1', | |||||
'Host' => '127.0.0.1', | |||||
'Auth-SSL' => 'on', | |||||
'Auth-SSL-Verify' => 'SUCCESS', | |||||
'Auth-SSL-Subject' => '/CN=example.com', | |||||
'Auth-SSL-Issuer' => '/CN=example.com', | |||||
'Auth-SSL-Serial' => 'C07AD56B846B5BFF', | |||||
'Auth-SSL-Fingerprint' => '29d6a80a123d13355ed16b4b04605e29cb55a5ad' | |||||
]; | |||||
// Pass | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'OK'); | |||||
$response->assertHeader('auth-port', '12143'); | |||||
// Invalid Password | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Auth-Pass'] = "Invalid"; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// Empty Password | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Auth-Pass'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// Empty User | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Auth-User'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// Invalid User | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Auth-User'] = "foo@kolab.org"; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// Empty Ip | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Client-Ip'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// SMTP Auth Protocol | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Auth-Protocol'] = "smtp"; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'OK'); | |||||
$response->assertHeader('auth-server', '127.0.0.1'); | |||||
$response->assertHeader('auth-port', '10465'); | |||||
$response->assertHeader('auth-pass', $pass); | |||||
// Empty Auth Protocol | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Auth-Protocol'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// Guam | |||||
$john->setSettings( | |||||
[ | |||||
'guam_enabled' => true, | |||||
] | |||||
); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'OK'); | |||||
$response->assertHeader('auth-server', '127.0.0.1'); | |||||
$response->assertHeader('auth-port', '9143'); | |||||
// 2-FA without device | |||||
$john->setSettings( | |||||
[ | |||||
'2fa_enabled' => true, | |||||
] | |||||
); | |||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// 2-FA with accepted auth attempt | |||||
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | |||||
$authAttempt->accept(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'OK'); | |||||
} | |||||
} |
2fa_enabled = true in the seeder. So, change it here or there.