tests: OAuth2 - Minor revisions

Separate test cases and additional comment on creating the same base64 encoded credentials via CLI as an alternative to running Caddy.

Added a simple `compose.yaml` for troubleshooting or running the container for the `/imap/xoauth2` / `/imap/oauthbearer` endpoints.

test/config/oauth2/Caddyfile

@@ -9,7 +9,7 @@
 
 :80 {
   # This is the `/userinfo` endpoint that Dovecot connects to with the OAuth2 setting (default: `introspection_mode = auth`).
-  # Example: curl http://auth.example.test/userinfo -H 'Authorization: Bearer <token here>'
+  # Example: curl http://auth.example.test/userinfo -H 'Authorization: Bearer DMS_YWNjZXNzX3Rva2Vu'
   handle_path /userinfo {
     reverse_proxy localhost:2000
   }
@@ -53,6 +53,9 @@
 
 # /imap/xoauth2
 # Generate IMAP commands for authentication testing
+# Base64 encoded credentials can alternative be done via CLI with:
+# echo -en 'user=${USERNAME}\001auth=Bearer ${ACCESS_TOKEN}\001\001' | base64 -w0; echo
+#
 # Provide `user` and `access_token` values via query string parameters:
 # curl 'http://auth.example.test/imap/xoauth2?user=user1@localhost.localdomain&access_token=DMS_YWNjZXNzX3Rva2Vu'
 # curl 'http://auth.example.test/imap/oauthbearer?user=user1@localhost.localdomain&access_token=DMS_YWNjZXNzX3Rva2Vu'

test/config/oauth2/compose.yaml

@@ -0,0 +1,9 @@
+# Run this with `docker compose up` if needing to use the container outside of tests
+services:
+  caddy-oauth2:
+    image: caddy:2.7
+    container_name: dms-oauth2
+    ports:
+      - "80:80"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro

test/tests/serial/mail_with_oauth2.bats

@@ -28,7 +28,7 @@ function setup_file() {
   # Setup DMS container
   #
 
-  # Add OAUTH2 configuration so that Dovecot can reach out to our mock provider (CONTAINER2)
+  # Add OAuth2 configuration so that Dovecot can query our mocked identity provider (CONTAINER2)
   local ENV_OAUTH2_CONFIG=(
     --env ENABLE_OAUTH2=1
     --env OAUTH2_INTROSPECTION_URL=http://auth.example.test/userinfo
@@ -48,6 +48,9 @@ function setup_file() {
 
   # Set default implicit container fallback for helpers:
   export CONTAINER_NAME=${CONTAINER1_NAME}
+
+  # An initial connection needs to be made first, otherwise the auth attempts fail
+  _run_in_container_bash 'nc -vz 0.0.0.0 143'
 }
 
 function teardown_file() {
@@ -55,13 +58,12 @@ function teardown_file() {
   docker network rm "${DMS_TEST_NETWORK}"
 }
 
-@test "oauth2: imap connect and authentication works" {
+@test "should authenticate with XOAUTH2 over IMAP" {
-  # An initial connection needs to be made first, otherwise the auth attempt fails
-  _run_in_container_bash 'nc -vz 0.0.0.0 143'
-
   _nc_wrapper 'auth/imap-oauth2-xoauth2.txt' '-w 1 0.0.0.0 143'
   __verify_successful_login 'XOAUTH2'
+}
 
+@test "should authenticate with OAUTHBEARER over IMAP" {
   _nc_wrapper 'auth/imap-oauth2-oauthbearer.txt' '-w 1 0.0.0.0 143'
   __verify_successful_login 'OAUTHBEARER'
 }