diff --git a/src/test/common.js b/src/test/common.js index dd6d2db0f..434a2a36a 100644 --- a/src/test/common.js +++ b/src/test/common.js @@ -21,7 +21,7 @@ const appdb = require('../appdb.js'), tasks = require('../tasks.js'), users = require('../users.js'); -const MANIFEST = { +const manifest = { 'id': 'io.cloudron.test', 'author': 'The Presidents Of the United States Of America', 'title': 'test title', @@ -103,7 +103,7 @@ const app = { location: 'applocation', domain: domain.domain, fqdn: domain.domain + '.' + 'applocation', - manifest: MANIFEST, + manifest, containerId: 'someid', portBindings: null, accessRestriction: null, @@ -122,21 +122,21 @@ exports = module.exports = { clearMailQueue, mockApiServerOrigin: 'http://localhost:6060', - DASHBOARD_DOMAIN: 'test.example.com', - DASHBOARD_FQDN: 'my.test.example.com', + dashboardDomain: 'test.example.com', + dashboardFqdn: 'my.test.example.com', app, admin, auditSource, domain, - MANIFEST, + manifest, user, appstoreToken: 'atoken', - MAILBOX_NAME: 'support', - MAILBOX: `support@${domain.domain}`, - ALIAS_NAME: 'alsosupport', - ALIAS: `alsosupport@${domain.domain}` + mailboxName: 'support', + mailbox: `support@${domain.domain}`, + mailAliasName: 'alsosupport', + mailAlias: `alsosupport@${domain.domain}` }; function createTree(root, obj) { @@ -168,7 +168,7 @@ function domainSetup(done) { database.initialize, database._clear, settings._setApiServerOrigin.bind(null, exports.mockApiServerOrigin), - settings.setDashboardLocation.bind(null, exports.DASHBOARD_DOMAIN, exports.DASHBOARD_FQDN), + settings.setDashboardLocation.bind(null, exports.dashboardDomain, exports.dashboardFqdn), settings.initCache, blobs.initSecrets, domains.add.bind(null, domain.domain, domain, auditSource), @@ -188,8 +188,8 @@ function setup(done) { const result = await users.add(user.email, user, auditSource); user.id = result; }, - (done) => mailboxdb.addMailbox(exports.MAILBOX_NAME, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }, done), - (done) => mailboxdb.setAliasesForName(exports.MAILBOX_NAME, domain.domain, [ { name: exports.ALIAS_NAME, domain: domain.domain} ], done), + (done) => mailboxdb.addMailbox(exports.mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }, done), + (done) => mailboxdb.setAliasesForName(exports.mailboxName, domain.domain, [ { name: exports.mailAliasName, domain: domain.domain} ], done), tasks.stopAllTasks, ], done); diff --git a/src/test/domains-test.js b/src/test/domains-test.js index 6f10b603b..e266ec0d6 100644 --- a/src/test/domains-test.js +++ b/src/test/domains-test.js @@ -5,103 +5,19 @@ 'use strict'; -var appdb = require('../appdb.js'), - apps = require('../apps.js'), - async = require('async'), - database = require('../database.js'), +const common = require('./common.js'), domains = require('../domains.js'), expect = require('expect.js'), js2xml = require('js2xmlparser').parse, - nock = require('nock'), - settings = require('../settings.js'); - -const DOMAIN_0 = { - domain: 'example.com', - zoneName: 'example.com', - provider: 'route53', - config: { - accessKeyId: 'accessKeyId', - secretAccessKey: 'secretAccessKey', - endpoint: 'http://localhost:5353' - }, - fallbackCertificate: null, - tlsConfig: { provider: 'letsencrypt-staging' }, - wellKnown: null -}; - -let AUDIT_SOURCE = { ip: '1.2.3.4' }; - -var MANIFEST = { - 'id': 'io.cloudron.test', - 'author': 'The Presidents Of the United States Of America', - 'title': 'test title', - 'description': 'test description', - 'tagline': 'test rocks', - 'website': 'http://test.cloudron.io', - 'contactEmail': 'test@cloudron.io', - 'version': '0.1.0', - 'manifestVersion': 1, - 'dockerImage': 'cloudron/test:25.2.0', - 'healthCheckPath': '/', - 'httpPort': 7777, - 'tcpPorts': { - 'ECHO_SERVER_PORT': { - 'title': 'Echo Server Port', - 'description': 'Echo server', - 'containerPort': 7778 - } - }, - 'addons': { - 'oauth': { }, - 'redis': { }, - 'mysql': { }, - 'postgresql': { } - } -}; - -var APP = { - id: 'appid', - appStoreId: 'appStoreId', - installationState: apps.ISTATE_PENDING_INSTALL, - runState: 'running', - location: 'applocation', - domain: DOMAIN_0.domain, - fqdn: DOMAIN_0.domain + '.' + 'applocation', - manifest: MANIFEST, - containerId: 'someid', - portBindings: null, - accessRestriction: null, - memoryLimit: 0, - mailboxDomain: DOMAIN_0.domain, - alternateDomains: [], - aliasDomains: [] -}; + nock = require('nock'); describe('Domains', function () { - before(function (done) { - async.series([ - database.initialize, - database._clear, - settings.setDashboardLocation.bind(null, DOMAIN_0.domain, 'my.' + DOMAIN_0.domain), - domains.add.bind(null, DOMAIN_0.domain, DOMAIN_0, AUDIT_SOURCE), - appdb.add.bind(null, APP.id, APP.appStoreId, APP.manifest, APP.location, APP.domain, APP.portBindings, APP) - ], done); - }); + const { setup, cleanup, app, domain } = common; - after(function (done) { - async.series([ - database._clear, - database.uninitialize - ], done); - }); + before(setup); + after(cleanup); describe('validateHostname', function () { - const domain = { - domain: 'example.com', - zoneName: 'example.com', - config: {} - }; - it('does not allow admin subdomain', function () { expect(domains.validateHostname('my', domain)).to.be.an(Error); }); @@ -142,91 +58,93 @@ describe('Domains', function () { describe('getName', function () { it('works with zoneName==domain', function () { - const domain = { + const d = { domain: 'example.com', zoneName: 'example.com', config: {} }; - expect(domains.getName(domain, '', 'A')).to.be(''); - expect(domains.getName(domain, 'www', 'A')).to.be('www'); - expect(domains.getName(domain, 'www.dev', 'A')).to.be('www.dev'); + expect(domains.getName(d, '', 'A')).to.be(''); + expect(domains.getName(d, 'www', 'A')).to.be('www'); + expect(domains.getName(d, 'www.dev', 'A')).to.be('www.dev'); - expect(domains.getName(domain, '', 'MX')).to.be(''); + expect(domains.getName(d, '', 'MX')).to.be(''); - expect(domains.getName(domain, '', 'TXT')).to.be(''); - expect(domains.getName(domain, 'www', 'TXT')).to.be('www'); - expect(domains.getName(domain, 'www.dev', 'TXT')).to.be('www.dev'); + expect(domains.getName(d, '', 'TXT')).to.be(''); + expect(domains.getName(d, 'www', 'TXT')).to.be('www'); + expect(domains.getName(d, 'www.dev', 'TXT')).to.be('www.dev'); }); it('works when zoneName!=domain', function () { - const domain = { + const d = { domain: 'dev.example.com', zoneName: 'example.com', config: {} }; - expect(domains.getName(domain, '', 'A')).to.be('dev'); - expect(domains.getName(domain, 'www', 'A')).to.be('www.dev'); - expect(domains.getName(domain, 'www.dev', 'A')).to.be('www.dev.dev'); + expect(domains.getName(d, '', 'A')).to.be('dev'); + expect(domains.getName(d, 'www', 'A')).to.be('www.dev'); + expect(domains.getName(d, 'www.dev', 'A')).to.be('www.dev.dev'); - expect(domains.getName(domain, '', 'MX')).to.be('dev'); + expect(domains.getName(d, '', 'MX')).to.be('dev'); - expect(domains.getName(domain, '', 'TXT')).to.be('dev'); - expect(domains.getName(domain, 'www', 'TXT')).to.be('www.dev'); - expect(domains.getName(domain, 'www.dev', 'TXT')).to.be('www.dev.dev'); + expect(domains.getName(d, '', 'TXT')).to.be('dev'); + expect(domains.getName(d, 'www', 'TXT')).to.be('www.dev'); + expect(domains.getName(d, 'www.dev', 'TXT')).to.be('www.dev.dev'); }); }); - var awsHostedZones; + describe('register', function () { + let awsHostedZones; - it('registers subdomain', function (done) { - awsHostedZones = { - HostedZones: [{ - Id: '/hostedzone/ZONEID', - Name: `${DOMAIN_0.domain}.`, - CallerReference: '305AFD59-9D73-4502-B020-F4E6F889CB30', - ResourceRecordSetCount: 2, - ChangeInfo: { - Id: '/change/CKRTFJA0ANHXB', - Status: 'INSYNC' - } - }], - IsTruncated: false, - MaxItems: '100' - }; + it('registers subdomain', function (done) { + awsHostedZones = { + HostedZones: [{ + Id: '/hostedzone/ZONEID', + Name: `${domain.domain}.`, + CallerReference: '305AFD59-9D73-4502-B020-F4E6F889CB30', + ResourceRecordSetCount: 2, + ChangeInfo: { + Id: '/change/CKRTFJA0ANHXB', + Status: 'INSYNC' + } + }], + IsTruncated: false, + MaxItems: '100' + }; - nock.cleanAll(); + nock.cleanAll(); - var awsScope = nock('http://localhost:5353') - .get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1') - .times(2) - .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} })) - .get('/2013-04-01/hostedzone/ZONEID/rrset?maxitems=1&name=applocation.' + DOMAIN_0.domain + '.&type=A') - .reply(200, js2xml('ListResourceRecordSetsResponse', { ResourceRecordSets: [ ] }, { 'Content-Type': 'application/xml' })) - .post('/2013-04-01/hostedzone/ZONEID/rrset/') - .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } })); + let awsScope = nock('http://localhost:5353') + .get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1') + .times(2) + .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} })) + .get('/2013-04-01/hostedzone/ZONEID/rrset?maxitems=1&name=applocation.' + domain.domain + '.&type=A') + .reply(200, js2xml('ListResourceRecordSetsResponse', { ResourceRecordSets: [ ] }, { 'Content-Type': 'application/xml' })) + .post('/2013-04-01/hostedzone/ZONEID/rrset/') + .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } })); - domains.registerLocations([ { subdomain: APP.location, domain: APP.domain } ], { overwriteDns: true }, (/*progress*/) => {}, function (error) { - expect(error).to.be(null); - expect(awsScope.isDone()).to.be.ok(); - done(); + domains.registerLocations([ { subdomain: app.location, domain: app.domain } ], { overwriteDns: true }, (/*progress*/) => {}, function (error) { + expect(error).to.be(null); + expect(awsScope.isDone()).to.be.ok(); + done(); + }); }); - }); - it('unregisters subdomain', function (done) { - nock.cleanAll(); + it('unregisters subdomain', function (done) { + nock.cleanAll(); - var awsScope = nock('http://localhost:5353') - .get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1') - .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} })) - .post('/2013-04-01/hostedzone/ZONEID/rrset/') - .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } })); + let awsScope = nock('http://localhost:5353') + .get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1') + .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} })) + .post('/2013-04-01/hostedzone/ZONEID/rrset/') + .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } })); - domains.unregisterLocations([ { subdomain: APP.location, domain: APP.domain } ], (/*progress*/) => {}, function (error) { - expect(error).to.be(null); - expect(awsScope.isDone()).to.be.ok(); - done(); + domains.unregisterLocations([ { subdomain: app.location, domain: app.domain } ], (/*progress*/) => {}, function (error) { + expect(error).to.be(null); + expect(awsScope.isDone()).to.be.ok(); + done(); + }); }); }); }); diff --git a/src/test/groups-test.js b/src/test/groups-test.js index b0ef7f17a..30d90a981 100644 --- a/src/test/groups-test.js +++ b/src/test/groups-test.js @@ -123,7 +123,7 @@ describe('Groups', function () { it('can list users of group', async function () { const result = await groups.getMembers(group0Object.id); - expect(result).to.eql([ admin.id, user.id ]); + expect(result.sort()).to.eql([ admin.id, user.id ].sort()); }); it('cannot list members of non-existent group', async function () { @@ -194,6 +194,5 @@ describe('Groups', function () { await groups.setMembers(group0Object.id, [ admin.id, user.id ]); // ensure group has some members await groups.remove(group0Object.id); }); - }); }); diff --git a/src/test/ldap-test.js b/src/test/ldap-test.js index 07f671297..5e117cc84 100644 --- a/src/test/ldap-test.js +++ b/src/test/ldap-test.js @@ -61,7 +61,7 @@ async function ldapSearch(dn, opts) { } describe('Ldap', function () { - const { setup, cleanup, ADMIN, USER, APP, DOMAIN, MAILBOX, ALIAS, MAILBOX_NAME } = common; + const { setup, cleanup, admin, user, app, domain, mailbox, mailAlias, mailboxName } = common; let group; before(function (done) { @@ -70,11 +70,11 @@ describe('Ldap', function () { ldapServer.start.bind(null), async () => { group = await groups.add({ name: 'ldap-test' }); - await groups.setMembers(group.id, [ ADMIN.id, USER.id ]); + await groups.setMembers(group.id, [ admin.id, user.id ]); } ], done); - ldapServer._MOCK_APP = APP; + ldapServer._MOCK_APP = app; }); after(function (done) { @@ -91,53 +91,53 @@ describe('Ldap', function () { }); it('cn= fails with wrong password', async function () { - const [error] = await safe(ldapBind(`cn=${ADMIN.id},ou=users,dc=cloudron`, 'wrongpassword')); + const [error] = await safe(ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, 'wrongpassword')); expect(error).to.be.a(ldap.InvalidCredentialsError); }); it('cn= succeeds with id', async function () { - await ldapBind(`cn=${ADMIN.id},ou=users,dc=cloudron`, ADMIN.password); + await ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, admin.password); }); it('cn= succeeds with username', async function () { - await ldapBind(`cn=${ADMIN.username},ou=users,dc=cloudron`, ADMIN.password); + await ldapBind(`cn=${admin.username},ou=users,dc=cloudron`, admin.password); }); it('cn= succeeds with email', async function () { - await ldapBind(`cn=${ADMIN.email},ou=users,dc=cloudron`, ADMIN.password); + await ldapBind(`cn=${admin.email},ou=users,dc=cloudron`, admin.password); }); it('mail= fails with bad email', async function () { - const [error] = await safe(ldapBind('mail=random,ou=users,dc=cloudron', ADMIN.password)); + const [error] = await safe(ldapBind('mail=random,ou=users,dc=cloudron', admin.password)); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('mail= succeeds with email', async function () { - await ldapBind(`mail=${ADMIN.email},ou=users,dc=cloudron`, ADMIN.password); + await ldapBind(`mail=${admin.email},ou=users,dc=cloudron`, admin.password); }); }); describe('non-admin bind', function () { it('succeeds with null accessRestriction', async function () { - APP.accessRestriction = null; - await ldapBind(`cn=${USER.id},ou=users,dc=cloudron`, USER.password); + app.accessRestriction = null; + await ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password); }); it('fails without accessRestriction', async function () { - APP.accessRestriction = { users: [], groups: [] }; - const [error] = await safe(ldapBind(`cn=${USER.id},ou=users,dc=cloudron`, USER.password)); + app.accessRestriction = { users: [], groups: [] }; + const [error] = await safe(ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password)); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('succeeds with accessRestriction', async function () { - APP.accessRestriction = { users: [ USER.id ], groups: [] }; - await ldapBind(`cn=${USER.id},ou=users,dc=cloudron`, USER.password); + app.accessRestriction = { users: [ user.id ], groups: [] }; + await ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password); }); }); describe('search users', function () { it('fails for non existing tree', async function () { - const [error] = await safe(ldapSearch('o=example', { filter: '(&(l=Seattle)(email=*@' + DOMAIN.domain + '))' })); + const [error] = await safe(ldapSearch('o=example', { filter: '(&(l=Seattle)(email=*@' + domain.domain + '))' })); expect(error).to.be.a(ldap.NoSuchObjectError); }); @@ -145,53 +145,53 @@ describe('Ldap', function () { const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' }); expect(entries.length).to.equal(2); entries.sort(function (a, b) { return a.username > b.username; }); - expect(entries[0].username).to.equal(ADMIN.username.toLowerCase()); - expect(entries[0].mail).to.equal(ADMIN.email.toLowerCase()); - expect(entries[1].username).to.equal(USER.username.toLowerCase()); - expect(entries[1].mail).to.equal(USER.email.toLowerCase()); + expect(entries[0].username).to.equal(admin.username.toLowerCase()); + expect(entries[0].mail).to.equal(admin.email.toLowerCase()); + expect(entries[1].username).to.equal(user.username.toLowerCase()); + expect(entries[1].mail).to.equal(user.email.toLowerCase()); }); it('succeeds with pagination', async function () { const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person', paged: true }); expect(entries.length).to.equal(2); entries.sort(function (a, b) { return a.username > b.username; }); - expect(entries[0].username).to.equal(ADMIN.username.toLowerCase()); - expect(entries[0].mail).to.equal(ADMIN.email.toLowerCase()); - expect(entries[1].username).to.equal(USER.username.toLowerCase()); - expect(entries[1].mail).to.equal(USER.email.toLowerCase()); + expect(entries[0].username).to.equal(admin.username.toLowerCase()); + expect(entries[0].mail).to.equal(admin.email.toLowerCase()); + expect(entries[1].username).to.equal(user.username.toLowerCase()); + expect(entries[1].mail).to.equal(user.email.toLowerCase()); }); it('succeeds with username wildcard filter', async function () { - const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=*3)' }); + const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=*)' }); expect(entries.length).to.equal(2); entries.sort(function (a, b) { return a.username > b.username; }); - expect(entries[0].username).to.equal(ADMIN.username.toLowerCase()); - expect(entries[1].username).to.equal(USER.username.toLowerCase()); + expect(entries[0].username).to.equal(admin.username.toLowerCase()); + expect(entries[1].username).to.equal(user.username.toLowerCase()); }); it('succeeds with username filter', async function () { - const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=' + ADMIN.username + ')' }); + const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=' + admin.username + ')' }); expect(entries.length).to.equal(1); - expect(entries[0].username).to.equal(ADMIN.username.toLowerCase()); + expect(entries[0].username).to.equal(admin.username.toLowerCase()); expect(entries[0].memberof.length).to.equal(2); }); it('can always lists admins', async function () { - APP.accessRestriction = { users: [], groups: [] }; + app.accessRestriction = { users: [], groups: [] }; const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' }); expect(entries.length).to.equal(1); - expect(entries[0].username).to.equal(ADMIN.username.toLowerCase()); + expect(entries[0].username).to.equal(admin.username.toLowerCase()); expect(entries[0].memberof.length).to.equal(2); }); it ('does only list users who have access', async function () { - APP.accessRestriction = { users: [], groups: [ group.id ] }; + app.accessRestriction = { users: [], groups: [ group.id ] }; const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' }); expect(entries.length).to.equal(2); entries.sort(function (a, b) { return a.username > b.username; }); - expect(entries[0].username).to.equal(ADMIN.username.toLowerCase()); - expect(entries[1].username).to.equal(USER.username.toLowerCase()); + expect(entries[0].username).to.equal(admin.username.toLowerCase()); + expect(entries[1].username).to.equal(user.username.toLowerCase()); }); }); @@ -205,11 +205,11 @@ describe('Ldap', function () { expect(entries[0].cn).to.equal('users'); expect(entries[0].memberuid.length).to.equal(2); - expect(entries[0].memberuid[0]).to.equal(ADMIN.id); - expect(entries[0].memberuid[1]).to.equal(USER.id); + expect(entries[0].memberuid[0]).to.equal(admin.id); + expect(entries[0].memberuid[1]).to.equal(user.id); expect(entries[1].cn).to.equal('admins'); // if only one entry, the array becomes a string :-/ - expect(entries[1].memberuid).to.equal(ADMIN.id); + expect(entries[1].memberuid).to.equal(admin.id); }); it ('succeeds with cn wildcard filter', async function () { @@ -217,35 +217,35 @@ describe('Ldap', function () { expect(entries.length).to.equal(2); expect(entries[0].cn).to.equal('users'); expect(entries[0].memberuid.length).to.equal(2); - expect(entries[0].memberuid[0]).to.equal(ADMIN.id); - expect(entries[0].memberuid[1]).to.equal(USER.id); + expect(entries[0].memberuid[0]).to.equal(admin.id); + expect(entries[0].memberuid[1]).to.equal(user.id); expect(entries[1].cn).to.equal('admins'); // if only one entry, the array becomes a string :-/ - expect(entries[1].memberuid).to.equal(ADMIN.id); + expect(entries[1].memberuid).to.equal(admin.id); }); it('succeeds with memberuid filter', async function () { - const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(memberuid=' + USER.id + ')' }); + const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(memberuid=' + user.id + ')' }); expect(entries.length).to.equal(1); expect(entries[0].cn).to.equal('users'); expect(entries[0].memberuid.length).to.equal(2); }); it ('does only list users who have access', async function () { - APP.accessRestriction = { users: [], groups: [ group.id ] }; + app.accessRestriction = { users: [], groups: [ group.id ] }; const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(cn=*)' }); expect(entries.length).to.equal(2); expect(entries[0].cn).to.equal('users'); expect(entries[0].memberuid.length).to.equal(2); - expect(entries[0].memberuid[0]).to.equal(ADMIN.id); - expect(entries[0].memberuid[1]).to.equal(USER.id); + expect(entries[0].memberuid[0]).to.equal(admin.id); + expect(entries[0].memberuid[1]).to.equal(user.id); expect(entries[1].cn).to.equal('admins'); // if only one entry, the array becomes a string :-/ - expect(entries[1].memberuid).to.equal(ADMIN.id); + expect(entries[1].memberuid).to.equal(admin.id); }); it ('succeeds with pagination', async function () { - APP.accessRestriction = null; + app.accessRestriction = null; const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: 'objectclass=group', paged: true }); expect(entries.length).to.equal(2); @@ -254,78 +254,78 @@ describe('Ldap', function () { expect(entries[0].cn).to.equal('users'); expect(entries[0].memberuid.length).to.equal(2); - expect(entries[0].memberuid[0]).to.equal(ADMIN.id); - expect(entries[0].memberuid[1]).to.equal(USER.id); + expect(entries[0].memberuid[0]).to.equal(admin.id); + expect(entries[0].memberuid[1]).to.equal(user.id); expect(entries[1].cn).to.equal('admins'); // if only one entry, the array becomes a string :-/ - expect(entries[1].memberuid).to.equal(ADMIN.id); + expect(entries[1].memberuid).to.equal(admin.id); }); }); describe('mailbox search', function () { it('get specific mailbox by email', async function () { - const entries = await ldapSearch(`cn=${MAILBOX},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'); + const entries = await ldapSearch(`cn=${mailbox},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'); expect(entries.length).to.equal(1); - expect(entries[0].cn).to.equal(MAILBOX); + expect(entries[0].cn).to.equal(mailbox); }); it('cannot get mailbox with just name', async function () { - const [error] = await safe(ldapSearch(`cn=${MAILBOX_NAME},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); + const [error] = await safe(ldapSearch(`cn=${mailboxName},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('cannot get alias as a mailbox', async function () { - const [error] = await safe(ldapSearch(`cn=${ALIAS},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); + const [error] = await safe(ldapSearch(`cn=${mailAlias},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('non-existent mailbox', async function () { - const [error] = await safe(ldapSearch(`cn=random@${DOMAIN.domain},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); + const [error] = await safe(ldapSearch(`cn=random@${domain.domain},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('cannot get inactive mailbox', async function () { const updateMailbox = util.promisify(mailboxdb.updateMailbox); - await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: false }); - const [error] = await safe(ldapSearch(`cn=${MAILBOX},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); + await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false }); + const [error] = await safe(ldapSearch(`cn=${mailbox},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox')); expect(error).to.be.a(ldap.NoSuchObjectError); - await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: true }); + await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }); }); }); describe('search aliases', function () { it('get specific alias', async function () { - const entries = await ldapSearch(`cn=${ALIAS},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias'); + const entries = await ldapSearch(`cn=${mailAlias},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias'); expect(entries.length).to.equal(1); - expect(entries[0].cn).to.equal(ALIAS); - expect(entries[0].rfc822MailMember).to.equal(MAILBOX); + expect(entries[0].cn).to.equal(mailAlias); + expect(entries[0].rfc822MailMember).to.equal(mailbox); }); it('cannot get mailbox as alias', async function () { - const [error] = await safe(ldapSearch(`cn=${MAILBOX},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias')); + const [error] = await safe(ldapSearch(`cn=${mailbox},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('non-existent alias', async function () { - const [error] = await safe(ldapSearch(`cn=random@${DOMAIN.domain},ou=mailaliases,dc=cloudron`, 'objectclass=mailbox')); + const [error] = await safe(ldapSearch(`cn=random@${domain.domain},ou=mailaliases,dc=cloudron`, 'objectclass=mailbox')); expect(error).to.be.a(ldap.NoSuchObjectError); }); }); describe('search mailing list', function () { - const LIST_NAME = 'devs', LIST = `devs@${DOMAIN.domain}`; + const LIST_NAME = 'devs', LIST = `devs@${domain.domain}`; before(function (done) { - mailboxdb.addList(LIST_NAME, DOMAIN.domain, { members: [ MAILBOX , 'outsider@external.com' ], membersOnly: false, active: true }, done); + mailboxdb.addList(LIST_NAME, domain.domain, { members: [ mailbox , 'outsider@external.com' ], membersOnly: false, active: true }, done); }); it('get specific list', async function () { const entries = await ldapSearch(`cn=${LIST},ou=mailinglists,dc=cloudron`, 'objectclass=mailGroup'); expect(entries.length).to.equal(1); expect(entries[0].cn).to.equal(LIST); - expect(entries[0].mgrpRFC822MailMember).to.eql([ MAILBOX, 'outsider@external.com' ]); + expect(entries[0].mgrpRFC822MailMember).to.eql([ mailbox, 'outsider@external.com' ]); }); it('non-existent list', async function () { @@ -336,7 +336,7 @@ describe('Ldap', function () { it('inactive list', async function () { const updateList = util.promisify(mailboxdb.updateList); - await updateList(LIST_NAME, DOMAIN.domain, { members: [ MAILBOX , 'outsider@external.com' ], membersOnly: false, active: false }); + await updateList(LIST_NAME, domain.domain, { members: [ mailbox , 'outsider@external.com' ], membersOnly: false, active: false }); const [error] = await safe(ldapSearch('cn=devs@example.com,ou=mailinglists,dc=cloudron', 'objectclass=mailGroup')); expect(error).to.be.a(ldap.NoSuchObjectError); }); @@ -344,136 +344,136 @@ describe('Ldap', function () { describe('user mailbox bind', function () { it('email disabled - cannot auth', async function () { - const [error] = await safe(ldapBind(`cn=${MAILBOX},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword')); + const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('email enabled - does not allow with invalid password', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: true }); + const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.InvalidCredentialsError); - await mail._updateDomain(DOMAIN.domain, { enabled: false }); + await mail._updateDomain(domain.domain, { enabled: false }); }); it('email enabled - allows with valid password', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - await ldapBind(`cn=${MAILBOX},domain=example.com,ou=mailboxes,dc=cloudron`, USER.password); - await mail._updateDomain(DOMAIN.domain, { enabled: false }); + await mail._updateDomain(domain.domain, { enabled: true }); + await ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, user.password); + await mail._updateDomain(domain.domain, { enabled: false }); }); it('email enabled - cannot auth with alias', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - const [error] = await safe(ldapBind(`cn=${ALIAS},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: true }); + const [error] = await safe(ldapBind(`cn=${mailAlias},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.NoSuchObjectError); - await mail._updateDomain(DOMAIN.domain, { enabled: false }); + await mail._updateDomain(domain.domain, { enabled: false }); }); }); describe('user sendmail bind', function () { it('email disabled - cannot find domain email', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: false }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: false }); + const [error] = await safe(ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.InvalidCredentialsError); }); it('email enabled - allows with valid email', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - await ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, USER.password); - await mail._updateDomain(DOMAIN.domain, { enabled: false }); + await mail._updateDomain(domain.domain, { enabled: true }); + await ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, user.password); + await mail._updateDomain(domain.domain, { enabled: false }); }); it('email enabled - does not allow with invalid password', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: true }); + const [error] = await safe(ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.InvalidCredentialsError); - await mail._updateDomain(DOMAIN.domain, { enabled: false }); + await mail._updateDomain(domain.domain, { enabled: false }); }); it('does not allow for inactive mailbox', async function () { const updateMailbox = util.promisify(mailboxdb.updateMailbox); - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: false }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: true }); + await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false }); + const [error] = await safe(ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.NoSuchObjectError); - await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: true }); + await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }); }); }); describe('app sendmail bind', function () { // these tests should work even when email is disabled before(async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: false }); + await mail._updateDomain(domain.domain, { enabled: false }); }); it('does not allow with invalid app', async function () { - const [error] = await safe(ldapBind(`cn=hacker.app@${DOMAIN.domain},ou=sendmail,dc=cloudron`, 'nope')); + const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=sendmail,dc=cloudron`, 'nope')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('does not allow with invalid password', async function () { - const [error] = await safe(ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=sendmail,dc=cloudron`, 'nope')); + const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=sendmail,dc=cloudron`, 'nope')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('allows with valid password', async function () { const setAddonConfig = util.promisify(appdb.setAddonConfig); - await setAddonConfig(APP.id, 'sendmail', [{ name: 'MAIL_SMTP_USERNAME', value : `${APP.location}.app@${DOMAIN.domain}` }, { name: 'MAIL_SMTP_PASSWORD', value : 'sendmailpassword' }]), + await setAddonConfig(app.id, 'sendmail', [{ name: 'MAIL_SMTP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_SMTP_PASSWORD', value : 'sendmailpassword' }]), - await ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=sendmail,dc=cloudron`, 'sendmailpassword'); + await ldapBind(`cn=${app.location}.app@${domain.domain},ou=sendmail,dc=cloudron`, 'sendmailpassword'); }); }); describe('user recvmail bind', function () { it('email disabled - cannot find domain email', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: false }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: false }); + const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('email enabled - allows with valid email', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - await ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, USER.password); + await mail._updateDomain(domain.domain, { enabled: true }); + await ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, user.password); }); it('email enabled - does not allow with invalid password', async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: true }); + const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.InvalidCredentialsError); }); it('does not allow for inactive mailbox', async function () { const updateMailbox = util.promisify(mailboxdb.updateMailbox); - await mail._updateDomain(DOMAIN.domain, { enabled: true }); - await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: false }); - const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, 'badpassword')); + await mail._updateDomain(domain.domain, { enabled: true }); + await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false }); + const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword')); expect(error).to.be.a(ldap.NoSuchObjectError); - await mail._updateDomain(DOMAIN.domain, { enabled: false }); - await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: true }); + await mail._updateDomain(domain.domain, { enabled: false }); + await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }); }); }); describe('app recvmail bind', function () { before(async function () { - await mail._updateDomain(DOMAIN.domain, { enabled: true }); + await mail._updateDomain(domain.domain, { enabled: true }); }); it('does not allow with invalid app', async function () { - const [error] = await safe(ldapBind(`cn=hacker.app@${DOMAIN.domain},ou=recvmail,dc=cloudron`, 'nope')); + const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=recvmail,dc=cloudron`, 'nope')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('does not allow with invalid password', async function () { - const [error] = await safe(ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=recvmail,dc=cloudron`, 'nope')); + const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=recvmail,dc=cloudron`, 'nope')); expect(error).to.be.a(ldap.NoSuchObjectError); }); it('allows with valid password', async function () { const setAddonConfig = util.promisify(appdb.setAddonConfig); - await setAddonConfig(APP.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${APP.location}.app@${DOMAIN.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'recvmailpassword' }]), - await ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=recvmail,dc=cloudron`, 'recvmailpassword'); + await setAddonConfig(app.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'recvmailpassword' }]), + await ldapBind(`cn=${app.location}.app@${domain.domain},ou=recvmail,dc=cloudron`, 'recvmailpassword'); }); }); });