From 9a80059e496acbea4c6e4566ac3e2a522e5b879d Mon Sep 17 00:00:00 2001 From: polarathene <5098581+polarathene@users.noreply.github.com> Date: Fri, 19 Jan 2024 18:31:05 +1300 Subject: [PATCH] tests: OAuth2 - Minor revisions Separate test cases and additional comment on creating the same base64 encoded credentials via CLI as an alternative to running Caddy. Added a simple `compose.yaml` for troubleshooting or running the container for the `/imap/xoauth2` / `/imap/oauthbearer` endpoints. --- test/config/oauth2/Caddyfile | 5 ++++- test/config/oauth2/compose.yaml | 9 +++++++++ test/tests/serial/mail_with_oauth2.bats | 12 +++++++----- 3 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 test/config/oauth2/compose.yaml diff --git a/test/config/oauth2/Caddyfile b/test/config/oauth2/Caddyfile index 63cb4f5e..a63c8bf8 100644 --- a/test/config/oauth2/Caddyfile +++ b/test/config/oauth2/Caddyfile @@ -9,7 +9,7 @@ :80 { # This is the `/userinfo` endpoint that Dovecot connects to with the OAuth2 setting (default: `introspection_mode = auth`). - # Example: curl http://auth.example.test/userinfo -H 'Authorization: Bearer ' + # Example: curl http://auth.example.test/userinfo -H 'Authorization: Bearer DMS_YWNjZXNzX3Rva2Vu' handle_path /userinfo { reverse_proxy localhost:2000 } @@ -53,6 +53,9 @@ # /imap/xoauth2 # Generate IMAP commands for authentication testing +# Base64 encoded credentials can alternative be done via CLI with: +# echo -en 'user=${USERNAME}\001auth=Bearer ${ACCESS_TOKEN}\001\001' | base64 -w0; echo +# # Provide `user` and `access_token` values via query string parameters: # curl 'http://auth.example.test/imap/xoauth2?user=user1@localhost.localdomain&access_token=DMS_YWNjZXNzX3Rva2Vu' # curl 'http://auth.example.test/imap/oauthbearer?user=user1@localhost.localdomain&access_token=DMS_YWNjZXNzX3Rva2Vu' diff --git a/test/config/oauth2/compose.yaml b/test/config/oauth2/compose.yaml new file mode 100644 index 00000000..b6ed2181 --- /dev/null +++ b/test/config/oauth2/compose.yaml @@ -0,0 +1,9 @@ +# Run this with `docker compose up` if needing to use the container outside of tests +services: + caddy-oauth2: + image: caddy:2.7 + container_name: dms-oauth2 + ports: + - "80:80" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro diff --git a/test/tests/serial/mail_with_oauth2.bats b/test/tests/serial/mail_with_oauth2.bats index 373825a0..1aab71dd 100644 --- a/test/tests/serial/mail_with_oauth2.bats +++ b/test/tests/serial/mail_with_oauth2.bats @@ -28,7 +28,7 @@ function setup_file() { # Setup DMS container # - # Add OAUTH2 configuration so that Dovecot can reach out to our mock provider (CONTAINER2) + # Add OAuth2 configuration so that Dovecot can query our mocked identity provider (CONTAINER2) local ENV_OAUTH2_CONFIG=( --env ENABLE_OAUTH2=1 --env OAUTH2_INTROSPECTION_URL=http://auth.example.test/userinfo @@ -48,6 +48,9 @@ function setup_file() { # Set default implicit container fallback for helpers: export CONTAINER_NAME=${CONTAINER1_NAME} + + # An initial connection needs to be made first, otherwise the auth attempts fail + _run_in_container_bash 'nc -vz 0.0.0.0 143' } function teardown_file() { @@ -55,13 +58,12 @@ function teardown_file() { docker network rm "${DMS_TEST_NETWORK}" } -@test "oauth2: imap connect and authentication works" { - # An initial connection needs to be made first, otherwise the auth attempt fails - _run_in_container_bash 'nc -vz 0.0.0.0 143' - +@test "should authenticate with XOAUTH2 over IMAP" { _nc_wrapper 'auth/imap-oauth2-xoauth2.txt' '-w 1 0.0.0.0 143' __verify_successful_login 'XOAUTH2' +} +@test "should authenticate with OAUTHBEARER over IMAP" { _nc_wrapper 'auth/imap-oauth2-oauthbearer.txt' '-w 1 0.0.0.0 143' __verify_successful_login 'OAUTHBEARER' }