make ldap tests pass
This commit is contained in:
Girish Ramakrishnan
@@ -21,7 +21,7 @@ const appdb = require('../appdb.js'),
|
||||
tasks = require('../tasks.js'),
|
||||
users = require('../users.js');
|
||||
|
||||
const MANIFEST = {
|
||||
const manifest = {
|
||||
'id': 'io.cloudron.test',
|
||||
'author': 'The Presidents Of the United States Of America',
|
||||
'title': 'test title',
|
||||
@@ -103,7 +103,7 @@ const app = {
|
||||
location: 'applocation',
|
||||
domain: domain.domain,
|
||||
fqdn: domain.domain + '.' + 'applocation',
|
||||
manifest: MANIFEST,
|
||||
manifest,
|
||||
containerId: 'someid',
|
||||
portBindings: null,
|
||||
accessRestriction: null,
|
||||
@@ -122,21 +122,21 @@ exports = module.exports = {
|
||||
clearMailQueue,
|
||||
|
||||
mockApiServerOrigin: 'http://localhost:6060',
|
||||
DASHBOARD_DOMAIN: 'test.example.com',
|
||||
DASHBOARD_FQDN: 'my.test.example.com',
|
||||
dashboardDomain: 'test.example.com',
|
||||
dashboardFqdn: 'my.test.example.com',
|
||||
|
||||
app,
|
||||
admin,
|
||||
auditSource,
|
||||
domain,
|
||||
MANIFEST,
|
||||
manifest,
|
||||
user,
|
||||
appstoreToken: 'atoken',
|
||||
|
||||
MAILBOX_NAME: 'support',
|
||||
MAILBOX: `support@${domain.domain}`,
|
||||
ALIAS_NAME: 'alsosupport',
|
||||
ALIAS: `alsosupport@${domain.domain}`
|
||||
mailboxName: 'support',
|
||||
mailbox: `support@${domain.domain}`,
|
||||
mailAliasName: 'alsosupport',
|
||||
mailAlias: `alsosupport@${domain.domain}`
|
||||
};
|
||||
|
||||
function createTree(root, obj) {
|
||||
@@ -168,7 +168,7 @@ function domainSetup(done) {
|
||||
database.initialize,
|
||||
database._clear,
|
||||
settings._setApiServerOrigin.bind(null, exports.mockApiServerOrigin),
|
||||
settings.setDashboardLocation.bind(null, exports.DASHBOARD_DOMAIN, exports.DASHBOARD_FQDN),
|
||||
settings.setDashboardLocation.bind(null, exports.dashboardDomain, exports.dashboardFqdn),
|
||||
settings.initCache,
|
||||
blobs.initSecrets,
|
||||
domains.add.bind(null, domain.domain, domain, auditSource),
|
||||
@@ -188,8 +188,8 @@ function setup(done) {
|
||||
const result = await users.add(user.email, user, auditSource);
|
||||
user.id = result;
|
||||
},
|
||||
(done) => mailboxdb.addMailbox(exports.MAILBOX_NAME, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }, done),
|
||||
(done) => mailboxdb.setAliasesForName(exports.MAILBOX_NAME, domain.domain, [ { name: exports.ALIAS_NAME, domain: domain.domain} ], done),
|
||||
(done) => mailboxdb.addMailbox(exports.mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }, done),
|
||||
(done) => mailboxdb.setAliasesForName(exports.mailboxName, domain.domain, [ { name: exports.mailAliasName, domain: domain.domain} ], done),
|
||||
|
||||
tasks.stopAllTasks,
|
||||
], done);
|
||||
|
||||
@@ -5,103 +5,19 @@
|
||||
|
||||
'use strict';
|
||||
|
||||
var appdb = require('../appdb.js'),
|
||||
apps = require('../apps.js'),
|
||||
async = require('async'),
|
||||
database = require('../database.js'),
|
||||
const common = require('./common.js'),
|
||||
domains = require('../domains.js'),
|
||||
expect = require('expect.js'),
|
||||
js2xml = require('js2xmlparser').parse,
|
||||
nock = require('nock'),
|
||||
settings = require('../settings.js');
|
||||
|
||||
const DOMAIN_0 = {
|
||||
domain: 'example.com',
|
||||
zoneName: 'example.com',
|
||||
provider: 'route53',
|
||||
config: {
|
||||
accessKeyId: 'accessKeyId',
|
||||
secretAccessKey: 'secretAccessKey',
|
||||
endpoint: 'http://localhost:5353'
|
||||
},
|
||||
fallbackCertificate: null,
|
||||
tlsConfig: { provider: 'letsencrypt-staging' },
|
||||
wellKnown: null
|
||||
};
|
||||
|
||||
let AUDIT_SOURCE = { ip: '1.2.3.4' };
|
||||
|
||||
var MANIFEST = {
|
||||
'id': 'io.cloudron.test',
|
||||
'author': 'The Presidents Of the United States Of America',
|
||||
'title': 'test title',
|
||||
'description': 'test description',
|
||||
'tagline': 'test rocks',
|
||||
'website': 'http://test.cloudron.io',
|
||||
'contactEmail': 'test@cloudron.io',
|
||||
'version': '0.1.0',
|
||||
'manifestVersion': 1,
|
||||
'dockerImage': 'cloudron/test:25.2.0',
|
||||
'healthCheckPath': '/',
|
||||
'httpPort': 7777,
|
||||
'tcpPorts': {
|
||||
'ECHO_SERVER_PORT': {
|
||||
'title': 'Echo Server Port',
|
||||
'description': 'Echo server',
|
||||
'containerPort': 7778
|
||||
}
|
||||
},
|
||||
'addons': {
|
||||
'oauth': { },
|
||||
'redis': { },
|
||||
'mysql': { },
|
||||
'postgresql': { }
|
||||
}
|
||||
};
|
||||
|
||||
var APP = {
|
||||
id: 'appid',
|
||||
appStoreId: 'appStoreId',
|
||||
installationState: apps.ISTATE_PENDING_INSTALL,
|
||||
runState: 'running',
|
||||
location: 'applocation',
|
||||
domain: DOMAIN_0.domain,
|
||||
fqdn: DOMAIN_0.domain + '.' + 'applocation',
|
||||
manifest: MANIFEST,
|
||||
containerId: 'someid',
|
||||
portBindings: null,
|
||||
accessRestriction: null,
|
||||
memoryLimit: 0,
|
||||
mailboxDomain: DOMAIN_0.domain,
|
||||
alternateDomains: [],
|
||||
aliasDomains: []
|
||||
};
|
||||
nock = require('nock');
|
||||
|
||||
describe('Domains', function () {
|
||||
before(function (done) {
|
||||
async.series([
|
||||
database.initialize,
|
||||
database._clear,
|
||||
settings.setDashboardLocation.bind(null, DOMAIN_0.domain, 'my.' + DOMAIN_0.domain),
|
||||
domains.add.bind(null, DOMAIN_0.domain, DOMAIN_0, AUDIT_SOURCE),
|
||||
appdb.add.bind(null, APP.id, APP.appStoreId, APP.manifest, APP.location, APP.domain, APP.portBindings, APP)
|
||||
], done);
|
||||
});
|
||||
const { setup, cleanup, app, domain } = common;
|
||||
|
||||
after(function (done) {
|
||||
async.series([
|
||||
database._clear,
|
||||
database.uninitialize
|
||||
], done);
|
||||
});
|
||||
before(setup);
|
||||
after(cleanup);
|
||||
|
||||
describe('validateHostname', function () {
|
||||
const domain = {
|
||||
domain: 'example.com',
|
||||
zoneName: 'example.com',
|
||||
config: {}
|
||||
};
|
||||
|
||||
it('does not allow admin subdomain', function () {
|
||||
expect(domains.validateHostname('my', domain)).to.be.an(Error);
|
||||
});
|
||||
@@ -142,91 +58,93 @@ describe('Domains', function () {
|
||||
|
||||
describe('getName', function () {
|
||||
it('works with zoneName==domain', function () {
|
||||
const domain = {
|
||||
const d = {
|
||||
domain: 'example.com',
|
||||
zoneName: 'example.com',
|
||||
config: {}
|
||||
};
|
||||
|
||||
expect(domains.getName(domain, '', 'A')).to.be('');
|
||||
expect(domains.getName(domain, 'www', 'A')).to.be('www');
|
||||
expect(domains.getName(domain, 'www.dev', 'A')).to.be('www.dev');
|
||||
expect(domains.getName(d, '', 'A')).to.be('');
|
||||
expect(domains.getName(d, 'www', 'A')).to.be('www');
|
||||
expect(domains.getName(d, 'www.dev', 'A')).to.be('www.dev');
|
||||
|
||||
expect(domains.getName(domain, '', 'MX')).to.be('');
|
||||
expect(domains.getName(d, '', 'MX')).to.be('');
|
||||
|
||||
expect(domains.getName(domain, '', 'TXT')).to.be('');
|
||||
expect(domains.getName(domain, 'www', 'TXT')).to.be('www');
|
||||
expect(domains.getName(domain, 'www.dev', 'TXT')).to.be('www.dev');
|
||||
expect(domains.getName(d, '', 'TXT')).to.be('');
|
||||
expect(domains.getName(d, 'www', 'TXT')).to.be('www');
|
||||
expect(domains.getName(d, 'www.dev', 'TXT')).to.be('www.dev');
|
||||
});
|
||||
|
||||
it('works when zoneName!=domain', function () {
|
||||
const domain = {
|
||||
const d = {
|
||||
domain: 'dev.example.com',
|
||||
zoneName: 'example.com',
|
||||
config: {}
|
||||
};
|
||||
|
||||
expect(domains.getName(domain, '', 'A')).to.be('dev');
|
||||
expect(domains.getName(domain, 'www', 'A')).to.be('www.dev');
|
||||
expect(domains.getName(domain, 'www.dev', 'A')).to.be('www.dev.dev');
|
||||
expect(domains.getName(d, '', 'A')).to.be('dev');
|
||||
expect(domains.getName(d, 'www', 'A')).to.be('www.dev');
|
||||
expect(domains.getName(d, 'www.dev', 'A')).to.be('www.dev.dev');
|
||||
|
||||
expect(domains.getName(domain, '', 'MX')).to.be('dev');
|
||||
expect(domains.getName(d, '', 'MX')).to.be('dev');
|
||||
|
||||
expect(domains.getName(domain, '', 'TXT')).to.be('dev');
|
||||
expect(domains.getName(domain, 'www', 'TXT')).to.be('www.dev');
|
||||
expect(domains.getName(domain, 'www.dev', 'TXT')).to.be('www.dev.dev');
|
||||
expect(domains.getName(d, '', 'TXT')).to.be('dev');
|
||||
expect(domains.getName(d, 'www', 'TXT')).to.be('www.dev');
|
||||
expect(domains.getName(d, 'www.dev', 'TXT')).to.be('www.dev.dev');
|
||||
});
|
||||
});
|
||||
|
||||
var awsHostedZones;
|
||||
describe('register', function () {
|
||||
let awsHostedZones;
|
||||
|
||||
it('registers subdomain', function (done) {
|
||||
awsHostedZones = {
|
||||
HostedZones: [{
|
||||
Id: '/hostedzone/ZONEID',
|
||||
Name: `${DOMAIN_0.domain}.`,
|
||||
CallerReference: '305AFD59-9D73-4502-B020-F4E6F889CB30',
|
||||
ResourceRecordSetCount: 2,
|
||||
ChangeInfo: {
|
||||
Id: '/change/CKRTFJA0ANHXB',
|
||||
Status: 'INSYNC'
|
||||
}
|
||||
}],
|
||||
IsTruncated: false,
|
||||
MaxItems: '100'
|
||||
};
|
||||
it('registers subdomain', function (done) {
|
||||
awsHostedZones = {
|
||||
HostedZones: [{
|
||||
Id: '/hostedzone/ZONEID',
|
||||
Name: `${domain.domain}.`,
|
||||
CallerReference: '305AFD59-9D73-4502-B020-F4E6F889CB30',
|
||||
ResourceRecordSetCount: 2,
|
||||
ChangeInfo: {
|
||||
Id: '/change/CKRTFJA0ANHXB',
|
||||
Status: 'INSYNC'
|
||||
}
|
||||
}],
|
||||
IsTruncated: false,
|
||||
MaxItems: '100'
|
||||
};
|
||||
|
||||
nock.cleanAll();
|
||||
nock.cleanAll();
|
||||
|
||||
var awsScope = nock('http://localhost:5353')
|
||||
.get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1')
|
||||
.times(2)
|
||||
.reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }))
|
||||
.get('/2013-04-01/hostedzone/ZONEID/rrset?maxitems=1&name=applocation.' + DOMAIN_0.domain + '.&type=A')
|
||||
.reply(200, js2xml('ListResourceRecordSetsResponse', { ResourceRecordSets: [ ] }, { 'Content-Type': 'application/xml' }))
|
||||
.post('/2013-04-01/hostedzone/ZONEID/rrset/')
|
||||
.reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } }));
|
||||
let awsScope = nock('http://localhost:5353')
|
||||
.get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1')
|
||||
.times(2)
|
||||
.reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }))
|
||||
.get('/2013-04-01/hostedzone/ZONEID/rrset?maxitems=1&name=applocation.' + domain.domain + '.&type=A')
|
||||
.reply(200, js2xml('ListResourceRecordSetsResponse', { ResourceRecordSets: [ ] }, { 'Content-Type': 'application/xml' }))
|
||||
.post('/2013-04-01/hostedzone/ZONEID/rrset/')
|
||||
.reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } }));
|
||||
|
||||
domains.registerLocations([ { subdomain: APP.location, domain: APP.domain } ], { overwriteDns: true }, (/*progress*/) => {}, function (error) {
|
||||
expect(error).to.be(null);
|
||||
expect(awsScope.isDone()).to.be.ok();
|
||||
done();
|
||||
domains.registerLocations([ { subdomain: app.location, domain: app.domain } ], { overwriteDns: true }, (/*progress*/) => {}, function (error) {
|
||||
expect(error).to.be(null);
|
||||
expect(awsScope.isDone()).to.be.ok();
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('unregisters subdomain', function (done) {
|
||||
nock.cleanAll();
|
||||
it('unregisters subdomain', function (done) {
|
||||
nock.cleanAll();
|
||||
|
||||
var awsScope = nock('http://localhost:5353')
|
||||
.get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1')
|
||||
.reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }))
|
||||
.post('/2013-04-01/hostedzone/ZONEID/rrset/')
|
||||
.reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } }));
|
||||
let awsScope = nock('http://localhost:5353')
|
||||
.get('/2013-04-01/hostedzonesbyname?dnsname=example.com.&maxitems=1')
|
||||
.reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }))
|
||||
.post('/2013-04-01/hostedzone/ZONEID/rrset/')
|
||||
.reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } }));
|
||||
|
||||
domains.unregisterLocations([ { subdomain: APP.location, domain: APP.domain } ], (/*progress*/) => {}, function (error) {
|
||||
expect(error).to.be(null);
|
||||
expect(awsScope.isDone()).to.be.ok();
|
||||
done();
|
||||
domains.unregisterLocations([ { subdomain: app.location, domain: app.domain } ], (/*progress*/) => {}, function (error) {
|
||||
expect(error).to.be(null);
|
||||
expect(awsScope.isDone()).to.be.ok();
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -123,7 +123,7 @@ describe('Groups', function () {
|
||||
|
||||
it('can list users of group', async function () {
|
||||
const result = await groups.getMembers(group0Object.id);
|
||||
expect(result).to.eql([ admin.id, user.id ]);
|
||||
expect(result.sort()).to.eql([ admin.id, user.id ].sort());
|
||||
});
|
||||
|
||||
it('cannot list members of non-existent group', async function () {
|
||||
@@ -194,6 +194,5 @@ describe('Groups', function () {
|
||||
await groups.setMembers(group0Object.id, [ admin.id, user.id ]); // ensure group has some members
|
||||
await groups.remove(group0Object.id);
|
||||
});
|
||||
|
||||
});
|
||||
});
|
||||
|
||||
@@ -61,7 +61,7 @@ async function ldapSearch(dn, opts) {
|
||||
}
|
||||
|
||||
describe('Ldap', function () {
|
||||
const { setup, cleanup, ADMIN, USER, APP, DOMAIN, MAILBOX, ALIAS, MAILBOX_NAME } = common;
|
||||
const { setup, cleanup, admin, user, app, domain, mailbox, mailAlias, mailboxName } = common;
|
||||
let group;
|
||||
|
||||
before(function (done) {
|
||||
@@ -70,11 +70,11 @@ describe('Ldap', function () {
|
||||
ldapServer.start.bind(null),
|
||||
async () => {
|
||||
group = await groups.add({ name: 'ldap-test' });
|
||||
await groups.setMembers(group.id, [ ADMIN.id, USER.id ]);
|
||||
await groups.setMembers(group.id, [ admin.id, user.id ]);
|
||||
}
|
||||
], done);
|
||||
|
||||
ldapServer._MOCK_APP = APP;
|
||||
ldapServer._MOCK_APP = app;
|
||||
});
|
||||
|
||||
after(function (done) {
|
||||
@@ -91,53 +91,53 @@ describe('Ldap', function () {
|
||||
});
|
||||
|
||||
it('cn= fails with wrong password', async function () {
|
||||
const [error] = await safe(ldapBind(`cn=${ADMIN.id},ou=users,dc=cloudron`, 'wrongpassword'));
|
||||
const [error] = await safe(ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, 'wrongpassword'));
|
||||
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
||||
});
|
||||
|
||||
it('cn= succeeds with id', async function () {
|
||||
await ldapBind(`cn=${ADMIN.id},ou=users,dc=cloudron`, ADMIN.password);
|
||||
await ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, admin.password);
|
||||
});
|
||||
|
||||
it('cn= succeeds with username', async function () {
|
||||
await ldapBind(`cn=${ADMIN.username},ou=users,dc=cloudron`, ADMIN.password);
|
||||
await ldapBind(`cn=${admin.username},ou=users,dc=cloudron`, admin.password);
|
||||
});
|
||||
|
||||
it('cn= succeeds with email', async function () {
|
||||
await ldapBind(`cn=${ADMIN.email},ou=users,dc=cloudron`, ADMIN.password);
|
||||
await ldapBind(`cn=${admin.email},ou=users,dc=cloudron`, admin.password);
|
||||
});
|
||||
|
||||
it('mail= fails with bad email', async function () {
|
||||
const [error] = await safe(ldapBind('mail=random,ou=users,dc=cloudron', ADMIN.password));
|
||||
const [error] = await safe(ldapBind('mail=random,ou=users,dc=cloudron', admin.password));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('mail= succeeds with email', async function () {
|
||||
await ldapBind(`mail=${ADMIN.email},ou=users,dc=cloudron`, ADMIN.password);
|
||||
await ldapBind(`mail=${admin.email},ou=users,dc=cloudron`, admin.password);
|
||||
});
|
||||
});
|
||||
|
||||
describe('non-admin bind', function () {
|
||||
it('succeeds with null accessRestriction', async function () {
|
||||
APP.accessRestriction = null;
|
||||
await ldapBind(`cn=${USER.id},ou=users,dc=cloudron`, USER.password);
|
||||
app.accessRestriction = null;
|
||||
await ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password);
|
||||
});
|
||||
|
||||
it('fails without accessRestriction', async function () {
|
||||
APP.accessRestriction = { users: [], groups: [] };
|
||||
const [error] = await safe(ldapBind(`cn=${USER.id},ou=users,dc=cloudron`, USER.password));
|
||||
app.accessRestriction = { users: [], groups: [] };
|
||||
const [error] = await safe(ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('succeeds with accessRestriction', async function () {
|
||||
APP.accessRestriction = { users: [ USER.id ], groups: [] };
|
||||
await ldapBind(`cn=${USER.id},ou=users,dc=cloudron`, USER.password);
|
||||
app.accessRestriction = { users: [ user.id ], groups: [] };
|
||||
await ldapBind(`cn=${user.id},ou=users,dc=cloudron`, user.password);
|
||||
});
|
||||
});
|
||||
|
||||
describe('search users', function () {
|
||||
it('fails for non existing tree', async function () {
|
||||
const [error] = await safe(ldapSearch('o=example', { filter: '(&(l=Seattle)(email=*@' + DOMAIN.domain + '))' }));
|
||||
const [error] = await safe(ldapSearch('o=example', { filter: '(&(l=Seattle)(email=*@' + domain.domain + '))' }));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
@@ -145,53 +145,53 @@ describe('Ldap', function () {
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' });
|
||||
expect(entries.length).to.equal(2);
|
||||
entries.sort(function (a, b) { return a.username > b.username; });
|
||||
expect(entries[0].username).to.equal(ADMIN.username.toLowerCase());
|
||||
expect(entries[0].mail).to.equal(ADMIN.email.toLowerCase());
|
||||
expect(entries[1].username).to.equal(USER.username.toLowerCase());
|
||||
expect(entries[1].mail).to.equal(USER.email.toLowerCase());
|
||||
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
||||
expect(entries[0].mail).to.equal(admin.email.toLowerCase());
|
||||
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
||||
expect(entries[1].mail).to.equal(user.email.toLowerCase());
|
||||
});
|
||||
|
||||
it('succeeds with pagination', async function () {
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person', paged: true });
|
||||
expect(entries.length).to.equal(2);
|
||||
entries.sort(function (a, b) { return a.username > b.username; });
|
||||
expect(entries[0].username).to.equal(ADMIN.username.toLowerCase());
|
||||
expect(entries[0].mail).to.equal(ADMIN.email.toLowerCase());
|
||||
expect(entries[1].username).to.equal(USER.username.toLowerCase());
|
||||
expect(entries[1].mail).to.equal(USER.email.toLowerCase());
|
||||
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
||||
expect(entries[0].mail).to.equal(admin.email.toLowerCase());
|
||||
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
||||
expect(entries[1].mail).to.equal(user.email.toLowerCase());
|
||||
});
|
||||
|
||||
it('succeeds with username wildcard filter', async function () {
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=*3)' });
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=*)' });
|
||||
expect(entries.length).to.equal(2);
|
||||
entries.sort(function (a, b) { return a.username > b.username; });
|
||||
expect(entries[0].username).to.equal(ADMIN.username.toLowerCase());
|
||||
expect(entries[1].username).to.equal(USER.username.toLowerCase());
|
||||
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
||||
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
||||
});
|
||||
|
||||
it('succeeds with username filter', async function () {
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=' + ADMIN.username + ')' });
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: '&(objectcategory=person)(username=' + admin.username + ')' });
|
||||
expect(entries.length).to.equal(1);
|
||||
expect(entries[0].username).to.equal(ADMIN.username.toLowerCase());
|
||||
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
||||
expect(entries[0].memberof.length).to.equal(2);
|
||||
});
|
||||
|
||||
it('can always lists admins', async function () {
|
||||
APP.accessRestriction = { users: [], groups: [] };
|
||||
app.accessRestriction = { users: [], groups: [] };
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' });
|
||||
expect(entries.length).to.equal(1);
|
||||
expect(entries[0].username).to.equal(ADMIN.username.toLowerCase());
|
||||
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
||||
expect(entries[0].memberof.length).to.equal(2);
|
||||
});
|
||||
|
||||
it ('does only list users who have access', async function () {
|
||||
APP.accessRestriction = { users: [], groups: [ group.id ] };
|
||||
app.accessRestriction = { users: [], groups: [ group.id ] };
|
||||
const entries = await ldapSearch('ou=users,dc=cloudron', { filter: 'objectcategory=person' });
|
||||
expect(entries.length).to.equal(2);
|
||||
entries.sort(function (a, b) { return a.username > b.username; });
|
||||
|
||||
expect(entries[0].username).to.equal(ADMIN.username.toLowerCase());
|
||||
expect(entries[1].username).to.equal(USER.username.toLowerCase());
|
||||
expect(entries[0].username).to.equal(admin.username.toLowerCase());
|
||||
expect(entries[1].username).to.equal(user.username.toLowerCase());
|
||||
});
|
||||
});
|
||||
|
||||
@@ -205,11 +205,11 @@ describe('Ldap', function () {
|
||||
|
||||
expect(entries[0].cn).to.equal('users');
|
||||
expect(entries[0].memberuid.length).to.equal(2);
|
||||
expect(entries[0].memberuid[0]).to.equal(ADMIN.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(USER.id);
|
||||
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(user.id);
|
||||
expect(entries[1].cn).to.equal('admins');
|
||||
// if only one entry, the array becomes a string :-/
|
||||
expect(entries[1].memberuid).to.equal(ADMIN.id);
|
||||
expect(entries[1].memberuid).to.equal(admin.id);
|
||||
});
|
||||
|
||||
it ('succeeds with cn wildcard filter', async function () {
|
||||
@@ -217,35 +217,35 @@ describe('Ldap', function () {
|
||||
expect(entries.length).to.equal(2);
|
||||
expect(entries[0].cn).to.equal('users');
|
||||
expect(entries[0].memberuid.length).to.equal(2);
|
||||
expect(entries[0].memberuid[0]).to.equal(ADMIN.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(USER.id);
|
||||
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(user.id);
|
||||
expect(entries[1].cn).to.equal('admins');
|
||||
// if only one entry, the array becomes a string :-/
|
||||
expect(entries[1].memberuid).to.equal(ADMIN.id);
|
||||
expect(entries[1].memberuid).to.equal(admin.id);
|
||||
});
|
||||
|
||||
it('succeeds with memberuid filter', async function () {
|
||||
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(memberuid=' + USER.id + ')' });
|
||||
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(memberuid=' + user.id + ')' });
|
||||
expect(entries.length).to.equal(1);
|
||||
expect(entries[0].cn).to.equal('users');
|
||||
expect(entries[0].memberuid.length).to.equal(2);
|
||||
});
|
||||
|
||||
it ('does only list users who have access', async function () {
|
||||
APP.accessRestriction = { users: [], groups: [ group.id ] };
|
||||
app.accessRestriction = { users: [], groups: [ group.id ] };
|
||||
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: '&(objectclass=group)(cn=*)' });
|
||||
expect(entries.length).to.equal(2);
|
||||
expect(entries[0].cn).to.equal('users');
|
||||
expect(entries[0].memberuid.length).to.equal(2);
|
||||
expect(entries[0].memberuid[0]).to.equal(ADMIN.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(USER.id);
|
||||
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(user.id);
|
||||
expect(entries[1].cn).to.equal('admins');
|
||||
// if only one entry, the array becomes a string :-/
|
||||
expect(entries[1].memberuid).to.equal(ADMIN.id);
|
||||
expect(entries[1].memberuid).to.equal(admin.id);
|
||||
});
|
||||
|
||||
it ('succeeds with pagination', async function () {
|
||||
APP.accessRestriction = null;
|
||||
app.accessRestriction = null;
|
||||
const entries = await ldapSearch('ou=groups,dc=cloudron', { filter: 'objectclass=group', paged: true });
|
||||
expect(entries.length).to.equal(2);
|
||||
|
||||
@@ -254,78 +254,78 @@ describe('Ldap', function () {
|
||||
|
||||
expect(entries[0].cn).to.equal('users');
|
||||
expect(entries[0].memberuid.length).to.equal(2);
|
||||
expect(entries[0].memberuid[0]).to.equal(ADMIN.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(USER.id);
|
||||
expect(entries[0].memberuid[0]).to.equal(admin.id);
|
||||
expect(entries[0].memberuid[1]).to.equal(user.id);
|
||||
expect(entries[1].cn).to.equal('admins');
|
||||
// if only one entry, the array becomes a string :-/
|
||||
expect(entries[1].memberuid).to.equal(ADMIN.id);
|
||||
expect(entries[1].memberuid).to.equal(admin.id);
|
||||
});
|
||||
});
|
||||
|
||||
describe('mailbox search', function () {
|
||||
it('get specific mailbox by email', async function () {
|
||||
const entries = await ldapSearch(`cn=${MAILBOX},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox');
|
||||
const entries = await ldapSearch(`cn=${mailbox},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox');
|
||||
expect(entries.length).to.equal(1);
|
||||
expect(entries[0].cn).to.equal(MAILBOX);
|
||||
expect(entries[0].cn).to.equal(mailbox);
|
||||
});
|
||||
|
||||
it('cannot get mailbox with just name', async function () {
|
||||
const [error] = await safe(ldapSearch(`cn=${MAILBOX_NAME},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
const [error] = await safe(ldapSearch(`cn=${mailboxName},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('cannot get alias as a mailbox', async function () {
|
||||
const [error] = await safe(ldapSearch(`cn=${ALIAS},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
const [error] = await safe(ldapSearch(`cn=${mailAlias},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('non-existent mailbox', async function () {
|
||||
const [error] = await safe(ldapSearch(`cn=random@${DOMAIN.domain},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
const [error] = await safe(ldapSearch(`cn=random@${domain.domain},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('cannot get inactive mailbox', async function () {
|
||||
const updateMailbox = util.promisify(mailboxdb.updateMailbox);
|
||||
|
||||
await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: false });
|
||||
const [error] = await safe(ldapSearch(`cn=${MAILBOX},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false });
|
||||
const [error] = await safe(ldapSearch(`cn=${mailbox},ou=mailboxes,dc=cloudron`, 'objectclass=mailbox'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
|
||||
await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: true });
|
||||
await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true });
|
||||
});
|
||||
});
|
||||
|
||||
describe('search aliases', function () {
|
||||
it('get specific alias', async function () {
|
||||
const entries = await ldapSearch(`cn=${ALIAS},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias');
|
||||
const entries = await ldapSearch(`cn=${mailAlias},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias');
|
||||
expect(entries.length).to.equal(1);
|
||||
expect(entries[0].cn).to.equal(ALIAS);
|
||||
expect(entries[0].rfc822MailMember).to.equal(MAILBOX);
|
||||
expect(entries[0].cn).to.equal(mailAlias);
|
||||
expect(entries[0].rfc822MailMember).to.equal(mailbox);
|
||||
});
|
||||
|
||||
it('cannot get mailbox as alias', async function () {
|
||||
const [error] = await safe(ldapSearch(`cn=${MAILBOX},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias'));
|
||||
const [error] = await safe(ldapSearch(`cn=${mailbox},ou=mailaliases,dc=cloudron`, 'objectclass=nismailalias'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('non-existent alias', async function () {
|
||||
const [error] = await safe(ldapSearch(`cn=random@${DOMAIN.domain},ou=mailaliases,dc=cloudron`, 'objectclass=mailbox'));
|
||||
const [error] = await safe(ldapSearch(`cn=random@${domain.domain},ou=mailaliases,dc=cloudron`, 'objectclass=mailbox'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
});
|
||||
|
||||
describe('search mailing list', function () {
|
||||
const LIST_NAME = 'devs', LIST = `devs@${DOMAIN.domain}`;
|
||||
const LIST_NAME = 'devs', LIST = `devs@${domain.domain}`;
|
||||
|
||||
before(function (done) {
|
||||
mailboxdb.addList(LIST_NAME, DOMAIN.domain, { members: [ MAILBOX , 'outsider@external.com' ], membersOnly: false, active: true }, done);
|
||||
mailboxdb.addList(LIST_NAME, domain.domain, { members: [ mailbox , 'outsider@external.com' ], membersOnly: false, active: true }, done);
|
||||
});
|
||||
|
||||
it('get specific list', async function () {
|
||||
const entries = await ldapSearch(`cn=${LIST},ou=mailinglists,dc=cloudron`, 'objectclass=mailGroup');
|
||||
expect(entries.length).to.equal(1);
|
||||
expect(entries[0].cn).to.equal(LIST);
|
||||
expect(entries[0].mgrpRFC822MailMember).to.eql([ MAILBOX, 'outsider@external.com' ]);
|
||||
expect(entries[0].mgrpRFC822MailMember).to.eql([ mailbox, 'outsider@external.com' ]);
|
||||
});
|
||||
|
||||
it('non-existent list', async function () {
|
||||
@@ -336,7 +336,7 @@ describe('Ldap', function () {
|
||||
it('inactive list', async function () {
|
||||
const updateList = util.promisify(mailboxdb.updateList);
|
||||
|
||||
await updateList(LIST_NAME, DOMAIN.domain, { members: [ MAILBOX , 'outsider@external.com' ], membersOnly: false, active: false });
|
||||
await updateList(LIST_NAME, domain.domain, { members: [ mailbox , 'outsider@external.com' ], membersOnly: false, active: false });
|
||||
const [error] = await safe(ldapSearch('cn=devs@example.com,ou=mailinglists,dc=cloudron', 'objectclass=mailGroup'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
@@ -344,136 +344,136 @@ describe('Ldap', function () {
|
||||
|
||||
describe('user mailbox bind', function () {
|
||||
it('email disabled - cannot auth', async function () {
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('email enabled - does not allow with invalid password', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
});
|
||||
|
||||
it('email enabled - allows with valid password', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
await ldapBind(`cn=${MAILBOX},domain=example.com,ou=mailboxes,dc=cloudron`, USER.password);
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
await ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, user.password);
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
});
|
||||
|
||||
it('email enabled - cannot auth with alias', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${ALIAS},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${mailAlias},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
});
|
||||
});
|
||||
|
||||
describe('user sendmail bind', function () {
|
||||
it('email disabled - cannot find domain email', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
||||
});
|
||||
|
||||
it('email enabled - allows with valid email', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
await ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, USER.password);
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
await ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, user.password);
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
});
|
||||
|
||||
it('email enabled - does not allow with invalid password', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
});
|
||||
|
||||
it('does not allow for inactive mailbox', async function () {
|
||||
const updateMailbox = util.promisify(mailboxdb.updateMailbox);
|
||||
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: false });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=sendmail,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},ou=sendmail,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: true });
|
||||
await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true });
|
||||
});
|
||||
});
|
||||
|
||||
describe('app sendmail bind', function () {
|
||||
// these tests should work even when email is disabled
|
||||
before(async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
});
|
||||
|
||||
it('does not allow with invalid app', async function () {
|
||||
const [error] = await safe(ldapBind(`cn=hacker.app@${DOMAIN.domain},ou=sendmail,dc=cloudron`, 'nope'));
|
||||
const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=sendmail,dc=cloudron`, 'nope'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('does not allow with invalid password', async function () {
|
||||
const [error] = await safe(ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=sendmail,dc=cloudron`, 'nope'));
|
||||
const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=sendmail,dc=cloudron`, 'nope'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('allows with valid password', async function () {
|
||||
const setAddonConfig = util.promisify(appdb.setAddonConfig);
|
||||
|
||||
await setAddonConfig(APP.id, 'sendmail', [{ name: 'MAIL_SMTP_USERNAME', value : `${APP.location}.app@${DOMAIN.domain}` }, { name: 'MAIL_SMTP_PASSWORD', value : 'sendmailpassword' }]),
|
||||
await setAddonConfig(app.id, 'sendmail', [{ name: 'MAIL_SMTP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_SMTP_PASSWORD', value : 'sendmailpassword' }]),
|
||||
|
||||
await ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=sendmail,dc=cloudron`, 'sendmailpassword');
|
||||
await ldapBind(`cn=${app.location}.app@${domain.domain},ou=sendmail,dc=cloudron`, 'sendmailpassword');
|
||||
});
|
||||
});
|
||||
|
||||
describe('user recvmail bind', function () {
|
||||
it('email disabled - cannot find domain email', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('email enabled - allows with valid email', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
await ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, USER.password);
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
await ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, user.password);
|
||||
});
|
||||
|
||||
it('email enabled - does not allow with invalid password', async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.InvalidCredentialsError);
|
||||
});
|
||||
|
||||
it('does not allow for inactive mailbox', async function () {
|
||||
const updateMailbox = util.promisify(mailboxdb.updateMailbox);
|
||||
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: false });
|
||||
const [error] = await safe(ldapBind(`cn=${MAILBOX},ou=recvmail,dc=cloudron`, 'badpassword'));
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false });
|
||||
const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: false });
|
||||
await updateMailbox(MAILBOX_NAME, DOMAIN.domain, { ownerId: USER.id, ownerType: mail.OWNERTYPE_USER, active: true });
|
||||
await mail._updateDomain(domain.domain, { enabled: false });
|
||||
await updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true });
|
||||
});
|
||||
});
|
||||
|
||||
describe('app recvmail bind', function () {
|
||||
before(async function () {
|
||||
await mail._updateDomain(DOMAIN.domain, { enabled: true });
|
||||
await mail._updateDomain(domain.domain, { enabled: true });
|
||||
});
|
||||
|
||||
it('does not allow with invalid app', async function () {
|
||||
const [error] = await safe(ldapBind(`cn=hacker.app@${DOMAIN.domain},ou=recvmail,dc=cloudron`, 'nope'));
|
||||
const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=recvmail,dc=cloudron`, 'nope'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('does not allow with invalid password', async function () {
|
||||
const [error] = await safe(ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=recvmail,dc=cloudron`, 'nope'));
|
||||
const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=recvmail,dc=cloudron`, 'nope'));
|
||||
expect(error).to.be.a(ldap.NoSuchObjectError);
|
||||
});
|
||||
|
||||
it('allows with valid password', async function () {
|
||||
const setAddonConfig = util.promisify(appdb.setAddonConfig);
|
||||
await setAddonConfig(APP.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${APP.location}.app@${DOMAIN.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'recvmailpassword' }]),
|
||||
await ldapBind(`cn=${APP.location}.app@${DOMAIN.domain},ou=recvmail,dc=cloudron`, 'recvmailpassword');
|
||||
await setAddonConfig(app.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'recvmailpassword' }]),
|
||||
await ldapBind(`cn=${app.location}.app@${domain.domain},ou=recvmail,dc=cloudron`, 'recvmailpassword');
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user