jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ldap: use service ids when auth'ing email

Browse Source
This commit is contained in:
Girish Ramakrishnan
2021-09-20 19:30:00 -07:00
parent e13c5c8e1a
commit 92c712ea75
3 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/test/ldap-test.js
View File

@@ -423,52 +423,52 @@ describe('Ldap', function () {
});
});
describe('user recvmail bind', function () {
describe('user imap bind', function () {
it('email disabled - cannot find domain email', async function () {
await mail._updateDomain(domain.domain, { enabled: false });
const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword'));
const [error] = await safe(ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, 'badpassword'));
expect(error).to.be.a(ldap.NoSuchObjectError);
});
it('email enabled - allows with valid email', async function () {
await mail._updateDomain(domain.domain, { enabled: true });
await ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, user.password);
await ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, user.password);
});
it('email enabled - does not allow with invalid password', async function () {
await mail._updateDomain(domain.domain, { enabled: true });
const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword'));
const [error] = await safe(ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, 'badpassword'));
expect(error).to.be.a(ldap.InvalidCredentialsError);
});
it('does not allow for inactive mailbox', async function () {
await mail._updateDomain(domain.domain, { enabled: true });
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: false }, auditSource);
const [error] = await safe(ldapBind(`cn=${mailbox},ou=recvmail,dc=cloudron`, 'badpassword'));
const [error] = await safe(ldapBind(`cn=${mailbox},ou=imap,dc=cloudron`, 'badpassword'));
expect(error).to.be.a(ldap.NoSuchObjectError);
await mail._updateDomain(domain.domain, { enabled: false });
await mail.updateMailbox(mailboxName, domain.domain, { ownerId: user.id, ownerType: mail.OWNERTYPE_USER, active: true }, auditSource);
});
});
describe('app recvmail bind', function () {
describe('app imap bind', function () {
before(async function () {
await mail._updateDomain(domain.domain, { enabled: true });
});
it('does not allow with invalid app', async function () {
const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=recvmail,dc=cloudron`, 'nope'));
const [error] = await safe(ldapBind(`cn=hacker.app@${domain.domain},ou=imap,dc=cloudron`, 'nope'));
expect(error).to.be.a(ldap.NoSuchObjectError);
});
it('does not allow with invalid password', async function () {
const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=recvmail,dc=cloudron`, 'nope'));
const [error] = await safe(ldapBind(`cn=${app.location}.app@${domain.domain},ou=imap,dc=cloudron`, 'nope'));
expect(error).to.be.a(ldap.NoSuchObjectError);
});
it('allows with valid password', async function () {
await addonConfigs.set(app.id, 'recvmail', [{ name: 'MAIL_IMAP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'recvmailpassword' }]),
await ldapBind(`cn=${app.location}.app@${domain.domain},ou=recvmail,dc=cloudron`, 'recvmailpassword');
await addonConfigs.set(app.id, 'imap', [{ name: 'MAIL_IMAP_USERNAME', value : `${app.location}.app@${domain.domain}` }, { name: 'MAIL_IMAP_PASSWORD', value : 'imappassword' }]),
await ldapBind(`cn=${app.location}.app@${domain.domain},ou=imap,dc=cloudron`, 'imappassword');
});
});
});