From 2b102097fd702afb85575b3aea0b91b3ee24b953 Mon Sep 17 00:00:00 2001 From: polarathene <5098581+polarathene@users.noreply.github.com> Date: Fri, 19 Jan 2024 17:34:32 +1300 Subject: [PATCH] tests: OAuth2 - Caddyfile `imap/xoauth2` route dynamic via query string This way is more flexible and doesn't require modifying the `Caddyfile` directly, while still easy to use. Additionally simplifies understanding the Caddyfile to maintainers by removing the `route` directive that was required to ensure a deterministic order of vars. --- test/config/oauth2/Caddyfile | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/test/config/oauth2/Caddyfile b/test/config/oauth2/Caddyfile index 68d059ce..56a009d4 100644 --- a/test/config/oauth2/Caddyfile +++ b/test/config/oauth2/Caddyfile @@ -52,16 +52,20 @@ } # /imap/xoauth2 -# Responds with the auth string (base64 encoded) for use with the IMAP `AUTHENTICATE` command: -# curl http://auth.example.test/imap/xoauth2 +# Provide `user` and `access_token` values via query string parameters: +# curl 'http://auth.example.test/imap/xoauth2?user=user1@localhost.localdomain&access_token=DMS_YWNjZXNzX3Rva2Vu' +# # When Dovecot queries /userinfo endpoint, it will be after base64 decoding the IMAP `AUTHENTICATE` value, # and sending the `auth` value from the `credentials` variable as an HTTP Authorization header. :3000 { - route { - vars token "DMS_YWNjZXNzX3Rva2Vu" - vars user "user1@localhost.localdomain" - vars credentials "user={vars.user}\001auth=Bearer {vars.token}\001\001" - } + # The login username + OAuth2 access token prior to Base64 encoding, as per the XOAUTH2 spec: + # https://developers.google.com/gmail/imap/xoauth2-protocol#the_sasl_xoauth2_mechanism + vars credentials "user={query.user}\001auth=Bearer {query.access_token}\001\001" + + # Responds with the auth string (base64 encoded) for use with the IMAP `AUTHENTICATE` command: + templates + respond "{{b64enc \"{vars.credentials}\"}}" +} templates respond "{{b64enc \"{vars.credentials}\"}}"