Refactor and expand TestLoginAuth

Rename and uncomment TestLoginAuth with more test cases, ensuring coverage for successful and failed authentication scenarios, including checks for unencrypted logins and server response errors. This improves test robustness and coverage.
2024-11-15 02:12:55 +01:00 · 2024-11-07 21:14:52 +01:00 · 2024-11-07 21:14:52 +01:00 · 410343496c
commit 410343496c
parent 2391010e3a
1 changed files with 91 additions and 4 deletions
--- a/smtp/smtp_test.go
+++ b/smtp/smtp_test.go
@ -399,6 +399,97 @@ func TestPlainAuth_noEnc(t *testing.T) {
 	})
 }

+func TestLoginAuth(t *testing.T) {
+	tests := []struct {
+		name       string
+		authName   string
+		server     *ServerInfo
+		shouldFail bool
+		wantErr    error
+	}{
+		{
+			name:       "LOGIN auth succeeds",
+			authName:   "servername",
+			server:     &ServerInfo{Name: "servername", TLS: true},
+			shouldFail: false,
+		},
+		{
+			// OK to use PlainAuth on localhost without TLS
+			name:       "LOGIN on localhost is allowed to go unencrypted",
+			authName:   "localhost",
+			server:     &ServerInfo{Name: "localhost", TLS: false},
+			shouldFail: false,
+		},
+		{
+			// NOT OK on non-localhost, even if server says LOGIN is OK.
+			// (We don't know that the server is the real server.)
+			name:       "LOGIN on non-localhost is not allowed to go unencrypted",
+			authName:   "servername",
+			server:     &ServerInfo{Name: "servername", Auth: []string{"LOGIN"}},
+			shouldFail: true,
+			wantErr:    ErrUnencrypted,
+		},
+		{
+			name:       "LOGIN on non-localhost with no LOGIN announcement, is not allowed to go unencrypted",
+			authName:   "servername",
+			server:     &ServerInfo{Name: "servername", Auth: []string{"CRAM-MD5"}},
+			shouldFail: true,
+			wantErr:    ErrUnencrypted,
+		},
+		{
+			name:       "LOGIN with wrong hostname",
+			authName:   "servername",
+			server:     &ServerInfo{Name: "attacker", TLS: true},
+			shouldFail: true,
+			wantErr:    ErrWrongHostname,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			user := "toni.tester@example.com"
+			pass := "v3ryS3Cur3P4ssw0rd"
+			auth := LoginAuth(user, pass, tt.authName, false)
+			method, _, err := auth.Start(tt.server)
+			if err != nil && !tt.shouldFail {
+				t.Errorf("plain authentication failed: %s", err)
+			}
+			if err == nil && tt.shouldFail {
+				t.Error("plain authentication was expected to fail")
+			}
+			if tt.wantErr != nil {
+				if !errors.Is(err, tt.wantErr) {
+					t.Errorf("expected error to be: %s, got: %s", tt.wantErr, err)
+				}
+				return
+			}
+			if method != "LOGIN" {
+				t.Errorf("expected method return to be: %q, got: %q", "LOGIN", method)
+			}
+			resp, err := auth.Next([]byte(user), true)
+			if err != nil {
+				t.Errorf("failed on first server challange: %s", err)
+			}
+			if !bytes.Equal([]byte(user), resp) {
+				t.Errorf("expected response to first challange to be: %q, got: %q", user, resp)
+			}
+			resp, err = auth.Next([]byte(pass), true)
+			if err != nil {
+				t.Errorf("failed on second server challange: %s", err)
+			}
+			if !bytes.Equal([]byte(pass), resp) {
+				t.Errorf("expected response to second challange to be: %q, got: %q", pass, resp)
+			}
+			resp, err = auth.Next([]byte("nonsense"), true)
+			if err == nil {
+				t.Error("expected third server challange to fail, but didn't")
+			}
+			if !errors.Is(err, ErrUnexpectedServerResponse) {
+				t.Errorf("expected error to be: %s, got: %s", ErrUnexpectedServerResponse, err)
+			}
+		})
+	}
+}
+
 /*


@ -408,10 +499,6 @@ func TestAuthLogin(t *testing.T) {
 		server   *ServerInfo
 		err      string
 	}{
-		{
-			authName: "servername",
-			server:   &ServerInfo{Name: "servername", TLS: true},
-		},
 		{
 			// OK to use LoginAuth on localhost without TLS
 			authName: "localhost",