mirror of
https://github.com/wneessen/go-mail.git
synced 2024-11-15 02:12:55 +01:00
Refactor and expand TestLoginAuth
Rename and uncomment TestLoginAuth with more test cases, ensuring coverage for successful and failed authentication scenarios, including checks for unencrypted logins and server response errors. This improves test robustness and coverage.
This commit is contained in:
parent
2391010e3a
commit
410343496c
1 changed files with 91 additions and 4 deletions
|
@ -399,6 +399,97 @@ func TestPlainAuth_noEnc(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestLoginAuth(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
authName string
|
||||||
|
server *ServerInfo
|
||||||
|
shouldFail bool
|
||||||
|
wantErr error
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "LOGIN auth succeeds",
|
||||||
|
authName: "servername",
|
||||||
|
server: &ServerInfo{Name: "servername", TLS: true},
|
||||||
|
shouldFail: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// OK to use PlainAuth on localhost without TLS
|
||||||
|
name: "LOGIN on localhost is allowed to go unencrypted",
|
||||||
|
authName: "localhost",
|
||||||
|
server: &ServerInfo{Name: "localhost", TLS: false},
|
||||||
|
shouldFail: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// NOT OK on non-localhost, even if server says LOGIN is OK.
|
||||||
|
// (We don't know that the server is the real server.)
|
||||||
|
name: "LOGIN on non-localhost is not allowed to go unencrypted",
|
||||||
|
authName: "servername",
|
||||||
|
server: &ServerInfo{Name: "servername", Auth: []string{"LOGIN"}},
|
||||||
|
shouldFail: true,
|
||||||
|
wantErr: ErrUnencrypted,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "LOGIN on non-localhost with no LOGIN announcement, is not allowed to go unencrypted",
|
||||||
|
authName: "servername",
|
||||||
|
server: &ServerInfo{Name: "servername", Auth: []string{"CRAM-MD5"}},
|
||||||
|
shouldFail: true,
|
||||||
|
wantErr: ErrUnencrypted,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "LOGIN with wrong hostname",
|
||||||
|
authName: "servername",
|
||||||
|
server: &ServerInfo{Name: "attacker", TLS: true},
|
||||||
|
shouldFail: true,
|
||||||
|
wantErr: ErrWrongHostname,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
user := "toni.tester@example.com"
|
||||||
|
pass := "v3ryS3Cur3P4ssw0rd"
|
||||||
|
auth := LoginAuth(user, pass, tt.authName, false)
|
||||||
|
method, _, err := auth.Start(tt.server)
|
||||||
|
if err != nil && !tt.shouldFail {
|
||||||
|
t.Errorf("plain authentication failed: %s", err)
|
||||||
|
}
|
||||||
|
if err == nil && tt.shouldFail {
|
||||||
|
t.Error("plain authentication was expected to fail")
|
||||||
|
}
|
||||||
|
if tt.wantErr != nil {
|
||||||
|
if !errors.Is(err, tt.wantErr) {
|
||||||
|
t.Errorf("expected error to be: %s, got: %s", tt.wantErr, err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if method != "LOGIN" {
|
||||||
|
t.Errorf("expected method return to be: %q, got: %q", "LOGIN", method)
|
||||||
|
}
|
||||||
|
resp, err := auth.Next([]byte(user), true)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("failed on first server challange: %s", err)
|
||||||
|
}
|
||||||
|
if !bytes.Equal([]byte(user), resp) {
|
||||||
|
t.Errorf("expected response to first challange to be: %q, got: %q", user, resp)
|
||||||
|
}
|
||||||
|
resp, err = auth.Next([]byte(pass), true)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("failed on second server challange: %s", err)
|
||||||
|
}
|
||||||
|
if !bytes.Equal([]byte(pass), resp) {
|
||||||
|
t.Errorf("expected response to second challange to be: %q, got: %q", pass, resp)
|
||||||
|
}
|
||||||
|
resp, err = auth.Next([]byte("nonsense"), true)
|
||||||
|
if err == nil {
|
||||||
|
t.Error("expected third server challange to fail, but didn't")
|
||||||
|
}
|
||||||
|
if !errors.Is(err, ErrUnexpectedServerResponse) {
|
||||||
|
t.Errorf("expected error to be: %s, got: %s", ErrUnexpectedServerResponse, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
||||||
|
|
||||||
|
@ -408,10 +499,6 @@ func TestAuthLogin(t *testing.T) {
|
||||||
server *ServerInfo
|
server *ServerInfo
|
||||||
err string
|
err string
|
||||||
}{
|
}{
|
||||||
{
|
|
||||||
authName: "servername",
|
|
||||||
server: &ServerInfo{Name: "servername", TLS: true},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
// OK to use LoginAuth on localhost without TLS
|
// OK to use LoginAuth on localhost without TLS
|
||||||
authName: "localhost",
|
authName: "localhost",
|
||||||
|
|
Loading…
Reference in a new issue