2015-08-12 15:00:38 +02:00
|
|
|
/* jslint node:true */
|
|
|
|
|
/* global it:false */
|
2018-01-20 18:56:17 -08:00
|
|
|
/* global describe:false */
|
2015-08-12 15:00:38 +02:00
|
|
|
/* global before:false */
|
|
|
|
|
/* global after:false */
|
|
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
2021-08-19 21:39:27 -07:00
|
|
|
const addonConfigs = require('../addonconfigs.js'),
|
2015-08-12 15:00:38 +02:00
|
|
|
async = require('async'),
|
2021-07-07 12:59:17 -07:00
|
|
|
common = require('./common.js'),
|
2019-07-25 15:33:34 -07:00
|
|
|
constants = require('../constants.js'),
|
2016-02-18 17:40:53 +01:00
|
|
|
expect = require('expect.js'),
|
2016-09-27 15:56:02 -07:00
|
|
|
groups = require('../groups.js'),
|
2016-02-18 17:40:53 +01:00
|
|
|
ldap = require('ldapjs'),
|
2021-07-07 12:59:17 -07:00
|
|
|
ldapServer = require('../ldap.js'),
|
2020-11-12 23:25:33 -08:00
|
|
|
mail = require('../mail.js'),
|
2021-08-19 21:39:27 -07:00
|
|
|
safe = require('safetydance');
|
2016-04-04 16:36:42 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
async function ldapBind(dn, password) {
|
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
|
const client = ldap.createClient({ url: 'ldap://127.0.0.1:' + constants.LDAP_PORT });
|
2017-03-13 11:01:11 +01:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
client.on('error', reject);
|
2017-03-13 11:01:11 +01:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
client.bind(dn, password, function (error) {
|
|
|
|
|
client.unbind();
|
2019-08-20 11:45:00 -07:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
if (error) reject(error);
|
|
|
|
|
resolve();
|
|
|
|
|
});
|
|
|
|
|
});
|
2015-08-12 15:00:38 +02:00
|
|
|
}
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
// ldapsearch -LLL -E pr=10/noprompt -x -h localhost -p 3002 -b cn=userName0@example.com,ou=mailboxes,dc=cloudron objectclass=mailbox
|
|
|
|
|
async function ldapSearch(dn, opts) {
|
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
|
const client = ldap.createClient({ url: 'ldap://127.0.0.1:' + constants.LDAP_PORT });
|
2015-08-12 15:00:38 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
client.search(dn, opts, function (error, result) {
|
|
|
|
|
if (error) return reject(error);
|
2015-08-12 15:00:38 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
let entries = [];
|
2015-08-12 15:00:38 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
result.on('searchEntry', function (entry) { entries.push(entry.object); });
|
2015-08-12 15:00:38 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
result.on('error', function (error) {
|
2019-03-23 10:23:19 -07:00
|
|
|
client.unbind();
|
2021-07-07 12:59:17 -07:00
|
|
|
reject(error);
|
2015-08-12 15:00:38 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
result.on('end', function (result) {
|
|
|
|
|
if (result.status !== 0) return reject(new Error(`Unexpected status: ${result.status}`));
|
|
|
|
|
resolve(entries);
|
2016-04-05 16:32:12 +02:00
|
|
|
});
|
|
|
|
|
});
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
2016-04-05 16:32:12 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
}
|
2016-04-05 16:32:12 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
describe('Ldap', function () {
|
2021-08-17 15:45:57 -07:00
|
|
|
const { setup, cleanup, admin, user, app, domain, auditSource } = common;
|
2021-07-07 12:59:17 -07:00
|
|
|
let group;
|
2021-08-20 09:19:44 -07:00
|
|
|
const mockApp = Object.assign({}, app);
|
2021-07-07 12:59:17 -07:00
|
|
|
|
2021-08-17 15:45:57 -07:00
|
|
|
const mailboxName = 'support';
|
|
|
|
|
const mailbox = `support@${domain.domain}`;
|
|
|
|
|
const mailAliasName = 'alsosupport';
|
|
|
|
|
const mailAlias = `alsosupport@${domain.domain}`;
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
before(function (done) {
|
|
|
|
|
async.series([
|
|
|
|
|
setup,
|
2021-08-17 15:45:57 -07:00
|
|
|
async () => await mail.addMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }, auditSource),
|
|
|
|
|
async () => await mail.setAliases(mailboxName, domain.domain, [ { name: mailAliasName, domain: domain.domain} ], auditSource),
|
2021-07-07 12:59:17 -07:00
|
|
|
ldapServer.start.bind(null),
|
|
|
|
|
async () => {
|
|
|
|
|
group = await groups.add({ name: 'ldap-test' });
|
2021-08-13 15:49:59 -07:00
|
|
|
await groups.setMembers(group.id, [ admin.id, user.id ]);
|
2021-07-07 12:59:17 -07:00
|
|
|
}
|
|
|
|
|
], done);
|
|
|
|
|
|
2021-08-20 09:19:44 -07:00
|
|
|
ldapServer._MOCK_APP = mockApp;
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
2016-02-18 17:40:53 +01:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
after(function (done) {
|
|
|
|
|
async.series([
|
|
|
|
|
ldapServer.stop,
|
|
|
|
|
cleanup
|
|
|
|
|
], done);
|
|
|
|
|
});
|
2016-03-24 21:03:04 +01:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
describe('admin bind', function () {
|
|
|
|
|
it('cn= fails for nonexisting user', async function () {
|
|
|
|
|
const [error] = await safe(ldapBind('cn=doesnotexist,ou=users,dc=cloudron', 'password'));
|
|
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-03-24 21:03:04 +01:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cn= fails with wrong password', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, 'wrongpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
2016-09-27 16:22:39 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cn= succeeds with id', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, admin.password);
|
2016-03-24 21:03:04 +01:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cn= succeeds with username', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await ldapBind(`cn=${admin.username},ou=users,dc=cloudron`, admin.password);
|
2016-02-18 17:40:53 +01:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cn= succeeds with email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await ldapBind(`cn=${admin.email},ou=users,dc=cloudron`, admin.password);
|
2016-02-18 17:40:53 +01:00
|
|
|
});
|
2015-08-12 15:31:54 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('mail= fails with bad email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapBind('mail=random,ou=users,dc=cloudron', admin.password));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2015-08-12 15:31:54 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('mail= succeeds with email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await ldapBind(`mail=${admin.email},ou=users,dc=cloudron`, admin.password);
|
2015-08-12 15:31:54 +02:00
|
|
|
});
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
2015-08-12 15:31:54 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
describe('non-admin bind', function () {
|
|
|
|
|
it('succeeds with null accessRestriction', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = null;
|
2021-08-13 15:49:59 -07:00
|
|
|
await ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password);
|
2017-10-27 01:25:07 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('fails without accessRestriction', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = { users: [], groups: [] };
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-27 16:22:39 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('succeeds with accessRestriction', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = { users: [ user.id ], groups: [] };
|
2021-08-13 15:49:59 -07:00
|
|
|
await ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password);
|
2015-08-12 15:31:54 +02:00
|
|
|
});
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
2015-08-12 15:31:54 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
describe('search users', function () {
|
|
|
|
|
it('fails for non existing tree', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch('o=example', { filter: '(&(l=Seattle)(email=*@' + domain.domain + '))' }));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2015-08-12 15:31:54 +02:00
|
|
|
});
|
2017-03-13 11:01:11 +01:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('succeeds with basic filter', async function () {
|
|
|
|
|
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
entries.sort(function (a, b) { return a.username > b.username; });
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
|
|
|
|
expect(entries[0].mail).to.equal(admin.email.toLowerCase());
|
|
|
|
|
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
|
|
|
|
expect(entries[1].mail).to.equal(user.email.toLowerCase());
|
2017-03-13 11:01:11 +01:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('succeeds with pagination', async function () {
|
|
|
|
|
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person', paged: true });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
entries.sort(function (a, b) { return a.username > b.username; });
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
|
|
|
|
expect(entries[0].mail).to.equal(admin.email.toLowerCase());
|
|
|
|
|
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
|
|
|
|
expect(entries[1].mail).to.equal(user.email.toLowerCase());
|
2017-03-13 11:01:11 +01:00
|
|
|
});
|
2015-08-12 17:38:31 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('succeeds with username wildcard filter', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=*)' });
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
entries.sort(function (a, b) { return a.username > b.username; });
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
|
|
|
|
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
2015-08-12 17:38:31 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('succeeds with username filter', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=' + admin.username + ')' });
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries.length).to.equal(1);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries[0].memberof.length).to.equal(2);
|
2015-08-12 17:38:31 +02:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('can always lists admins', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = { users: [], groups: [] };
|
2021-07-07 12:59:17 -07:00
|
|
|
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' });
|
|
|
|
|
expect(entries.length).to.equal(1);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries[0].memberof.length).to.equal(2);
|
2015-08-12 17:38:31 +02:00
|
|
|
});
|
2017-03-13 11:06:27 +01:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it ('does only list users who have access', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = { users: [], groups: [ group.id ] };
|
2021-07-07 12:59:17 -07:00
|
|
|
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
entries.sort(function (a, b) { return a.username > b.username; });
|
2017-03-13 11:06:27 +01:00
|
|
|
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
|
|
|
|
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
2017-03-13 11:06:27 +01:00
|
|
|
});
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
2017-10-27 01:25:07 +02:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
describe('group search', function () {
|
|
|
|
|
it('succeeds with basic filter', async function () {
|
|
|
|
|
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: 'objectclass=group' });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
|
|
|
|
|
// ensure order for testability
|
|
|
|
|
entries.sort(function (a, b) { return a.username < b.username; });
|
|
|
|
|
|
|
|
|
|
expect(entries[0].cn).to.equal('users');
|
|
|
|
|
expect(entries[0].memberuid.length).to.equal(2);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
|
|
|
|
expect(entries[0].memberuid[1]).to.equal(user.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries[1].cn).to.equal('admins');
|
|
|
|
|
// if only one entry, the array becomes a string :-/
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[1].memberuid).to.equal(admin.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it ('succeeds with cn wildcard filter', async function () {
|
|
|
|
|
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(cn=*)' });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
expect(entries[0].cn).to.equal('users');
|
|
|
|
|
expect(entries[0].memberuid.length).to.equal(2);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
|
|
|
|
expect(entries[0].memberuid[1]).to.equal(user.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries[1].cn).to.equal('admins');
|
|
|
|
|
// if only one entry, the array becomes a string :-/
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[1].memberuid).to.equal(admin.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('succeeds with memberuid filter', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(memberuid=' + user.id + ')' });
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries.length).to.equal(1);
|
|
|
|
|
expect(entries[0].cn).to.equal('users');
|
|
|
|
|
expect(entries[0].memberuid.length).to.equal(2);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it ('does only list users who have access', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = { users: [], groups: [ group.id ] };
|
2021-07-07 12:59:17 -07:00
|
|
|
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(cn=*)' });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
expect(entries[0].cn).to.equal('users');
|
|
|
|
|
expect(entries[0].memberuid.length).to.equal(2);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
|
|
|
|
expect(entries[0].memberuid[1]).to.equal(user.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries[1].cn).to.equal('admins');
|
|
|
|
|
// if only one entry, the array becomes a string :-/
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[1].memberuid).to.equal(admin.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it ('succeeds with pagination', async function () {
|
2021-08-20 09:19:44 -07:00
|
|
|
mockApp.accessRestriction = null;
|
2021-07-07 12:59:17 -07:00
|
|
|
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: 'objectclass=group', paged: true });
|
|
|
|
|
expect(entries.length).to.equal(2);
|
|
|
|
|
|
|
|
|
|
// ensure order for testability
|
|
|
|
|
entries.sort(function (a, b) { return a.username < b.username; });
|
|
|
|
|
|
|
|
|
|
expect(entries[0].cn).to.equal('users');
|
|
|
|
|
expect(entries[0].memberuid.length).to.equal(2);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
|
|
|
|
expect(entries[0].memberuid[1]).to.equal(user.id);
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries[1].cn).to.equal('admins');
|
|
|
|
|
// if only one entry, the array becomes a string :-/
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[1].memberuid).to.equal(admin.id);
|
2017-10-27 01:25:07 +02:00
|
|
|
});
|
2015-08-12 17:38:31 +02:00
|
|
|
});
|
2016-09-26 10:18:58 -07:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
describe('mailbox search', function () {
|
|
|
|
|
it('get specific mailbox by email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const entries = await ldapSearch(`cn=${mailbox},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox');
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries.length).to.equal(1);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].cn).to.equal(mailbox);
|
2016-09-26 10:18:58 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cannot get mailbox with just name', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch(`cn=${mailboxName},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-26 21:03:07 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cannot get alias as a mailbox', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch(`cn=${mailAlias},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-28 10:26:41 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('non-existent mailbox', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch(`cn=random@${domain.domain},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-26 14:38:23 -07:00
|
|
|
});
|
2021-04-21 12:21:06 -07:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cannot get inactive mailbox', async function () {
|
2021-10-11 20:12:35 -07:00
|
|
|
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false, enablePop3: false }, auditSource);
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch(`cn=${mailbox},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
|
|
|
|
|
2021-10-11 20:12:35 -07:00
|
|
|
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true, enablePop3: false }, auditSource);
|
2021-04-21 12:21:06 -07:00
|
|
|
});
|
2016-09-26 14:38:23 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('search aliases', function () {
|
2021-07-07 12:59:17 -07:00
|
|
|
it('get specific alias', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const entries = await ldapSearch(`cn=${mailAlias},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias');
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(entries.length).to.equal(1);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].cn).to.equal(mailAlias);
|
|
|
|
|
expect(entries[0].rfc822MailMember).to.equal(mailbox);
|
2016-09-27 15:56:02 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('cannot get mailbox as alias', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch(`cn=${mailbox},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-26 14:38:23 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('non-existent alias', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapSearch(`cn=random@${domain.domain},ou=mailaliases,dc=cloudron`, 'objectclass=mailbox'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-26 10:18:58 -07:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2016-09-27 16:27:22 -07:00
|
|
|
describe('search mailing list', function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const LIST_NAME = 'devs', LIST = `devs@${domain.domain}`;
|
2021-07-07 12:59:17 -07:00
|
|
|
|
2021-08-17 15:45:57 -07:00
|
|
|
before(async function () {
|
|
|
|
|
await mail.addList(LIST_NAME, domain.domain, { members: [ mailbox , 'outsider@external.com' ], membersOnly: false, active: true }, auditSource);
|
2018-01-29 13:35:22 +01:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('get specific list', async function () {
|
|
|
|
|
const entries = await ldapSearch(`cn=${LIST},ou=mailinglists,dc=cloudron`, 'objectclass=mailGroup');
|
|
|
|
|
expect(entries.length).to.equal(1);
|
|
|
|
|
expect(entries[0].cn).to.equal(LIST);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(entries[0].mgrpRFC822MailMember).to.eql([ mailbox, 'outsider@external.com' ]);
|
2016-09-27 16:27:22 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('non-existent list', async function () {
|
|
|
|
|
const [error] = await safe(ldapSearch('cn=random@example.com,ou=mailinglists,dc=cloudron', 'objectclass=mailGroup'));
|
|
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2016-09-27 16:27:22 -07:00
|
|
|
});
|
2021-04-21 12:21:06 -07:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('inactive list', async function () {
|
2021-08-17 15:45:57 -07:00
|
|
|
await mail.updateList(LIST_NAME, domain.domain, { members: [ mailbox , 'outsider@external.com' ], membersOnly: false, active: false }, auditSource);
|
2021-07-07 12:59:17 -07:00
|
|
|
const [error] = await safe(ldapSearch('cn=devs@example.com,ou=mailinglists,dc=cloudron', 'objectclass=mailGroup'));
|
|
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2021-04-21 12:21:06 -07:00
|
|
|
});
|
2016-09-27 16:27:22 -07:00
|
|
|
});
|
|
|
|
|
|
2018-12-16 18:04:30 -08:00
|
|
|
describe('user mailbox bind', function () {
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email disabled - cannot auth', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2018-12-16 18:04:30 -08:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - does not allow with invalid password', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
|
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2018-12-16 18:04:30 -08:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - allows with valid password', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
|
|
|
|
await ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, user.password);
|
|
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2018-12-16 18:04:30 -08:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - cannot auth with alias', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
|
|
|
|
const [error] = await safe(ldapBind(`cn=${mailAlias},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2018-12-16 18:04:30 -08:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-11 20:12:35 -07:00
|
|
|
describe('user msa bind', function () {
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email disabled - cannot find domain email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2021-10-11 20:12:35 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},ou=msa,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
2016-09-26 10:18:58 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - allows with valid email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2021-10-11 20:12:35 -07:00
|
|
|
await ldapBind(`cn=${mailbox},ou=msa,dc=cloudron`, user.password);
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2016-09-26 10:18:58 -07:00
|
|
|
});
|
2016-09-26 12:03:37 -07:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - does not allow with invalid password', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2021-10-11 20:12:35 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},ou=msa,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2016-09-26 12:03:37 -07:00
|
|
|
});
|
2018-01-18 18:14:31 -08:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('does not allow for inactive mailbox', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2021-10-11 20:12:35 -07:00
|
|
|
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false, enablePop3: false }, auditSource);
|
|
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},ou=msa,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2021-10-11 20:12:35 -07:00
|
|
|
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true, enablePop3: false }, auditSource);
|
2021-04-21 12:21:06 -07:00
|
|
|
});
|
2016-09-26 10:18:58 -07:00
|
|
|
});
|
2017-03-26 19:14:50 -07:00
|
|
|
|
2021-10-11 20:12:35 -07:00
|
|
|
describe('app msa bind', function () {
|
2018-01-18 18:14:31 -08:00
|
|
|
// these tests should work even when email is disabled
|
2021-07-07 12:59:17 -07:00
|
|
|
before(async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2018-01-18 18:14:31 -08:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('does not allow with invalid app', async function () {
|
2021-10-11 20:12:35 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=msa,dc=cloudron`, 'nope'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2017-03-26 20:42:46 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('does not allow with invalid password', async function () {
|
2021-10-11 20:12:35 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=msa,dc=cloudron`, 'nope'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2017-03-26 20:42:46 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('allows with valid password', async function () {
|
2021-08-19 21:39:27 -07:00
|
|
|
await addonConfigs.set(app.id, 'sendmail', [{ name: 'MAIL_SMTP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_SMTP_PASSWORD', value : 'sendmailpassword' }]),
|
2021-07-07 12:59:17 -07:00
|
|
|
|
2021-10-11 20:12:35 -07:00
|
|
|
await ldapBind(`cn=${app.location}.app@${domain.domain},ou=msa,dc=cloudron`, 'sendmailpassword');
|
2017-03-26 20:42:46 -07:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-20 19:30:00 -07:00
|
|
|
describe('user imap bind', function () {
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email disabled - cannot find domain email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2021-09-20 19:30:00 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2017-03-26 19:14:50 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - allows with valid email', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2021-09-20 19:30:00 -07:00
|
|
|
await ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, user.password);
|
2017-03-26 19:14:50 -07:00
|
|
|
});
|
2018-01-18 18:14:31 -08:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('email enabled - does not allow with invalid password', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2021-09-20 19:30:00 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
2018-01-18 18:14:31 -08:00
|
|
|
});
|
2021-04-21 12:21:06 -07:00
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('does not allow for inactive mailbox', async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2021-10-11 20:12:35 -07:00
|
|
|
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false, enablePop3: false }, auditSource);
|
2021-09-20 19:30:00 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, 'badpassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: false });
|
2021-10-11 20:12:35 -07:00
|
|
|
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true, enablePop3: false }, auditSource);
|
2021-04-21 12:21:06 -07:00
|
|
|
});
|
2017-03-26 19:14:50 -07:00
|
|
|
});
|
|
|
|
|
|
2021-09-20 19:30:00 -07:00
|
|
|
describe('app imap bind', function () {
|
2021-07-07 12:59:17 -07:00
|
|
|
before(async function () {
|
2021-08-13 15:49:59 -07:00
|
|
|
await mail._updateDomain(domain.domain, { enabled: true });
|
2018-01-29 13:35:22 +01:00
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('does not allow with invalid app', async function () {
|
2021-09-20 19:30:00 -07:00
|
|
|
const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=imap,dc=cloudron`, 'nope'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2017-03-26 20:42:46 -07:00
|
|
|
});
|
|
|
|
|
|
2021-10-11 20:12:35 -07:00
|
|
|
it('does not allow with valid password (missing mailbox)', async function () {
|
|
|
|
|
await addonConfigs.set(app.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'imappassword' }]);
|
|
|
|
|
const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=imap,dc=cloudron`, 'imappassword'));
|
2021-07-07 12:59:17 -07:00
|
|
|
expect(error).to.be.a(ldap.NoSuchObjectError);
|
2017-03-26 20:42:46 -07:00
|
|
|
});
|
|
|
|
|
|
2021-10-11 20:12:35 -07:00
|
|
|
it('does not allow with invalid password', async function () {
|
|
|
|
|
await addonConfigs.set(app.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${mailboxName}@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'imappassword' }]);
|
|
|
|
|
const [error] = await safe(ldapBind(`cn=${mailboxName}@${domain.domain},ou=imap,dc=cloudron`, 'nope'));
|
|
|
|
|
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
|
|
|
|
});
|
|
|
|
|
|
2021-07-07 12:59:17 -07:00
|
|
|
it('allows with valid password', async function () {
|
2021-10-11 20:12:35 -07:00
|
|
|
await addonConfigs.set(app.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${mailboxName}@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'imappassword' }]);
|
|
|
|
|
await ldapBind(`cn=${mailboxName}@${domain.domain},ou=imap,dc=cloudron`, 'imappassword');
|
2017-03-26 20:42:46 -07:00
|
|
|
});
|
|
|
|
|
});
|
2015-08-12 15:00:38 +02:00
|
|
|
});
|
