Refactor and expand TestLoginAuth

Rename and uncomment TestLoginAuth with more test cases, ensuring coverage for successful and failed authentication scenarios, including checks for unencrypted logins and server response errors. This improves test robustness and coverage.
This commit is contained in:
Winni Neessen 2024-11-07 21:14:52 +01:00
parent 2391010e3a
commit 410343496c
Signed by: wneessen
GPG key ID: 385AC9889632126E

View file

@ -399,6 +399,97 @@ func TestPlainAuth_noEnc(t *testing.T) {
}) })
} }
func TestLoginAuth(t *testing.T) {
tests := []struct {
name string
authName string
server *ServerInfo
shouldFail bool
wantErr error
}{
{
name: "LOGIN auth succeeds",
authName: "servername",
server: &ServerInfo{Name: "servername", TLS: true},
shouldFail: false,
},
{
// OK to use PlainAuth on localhost without TLS
name: "LOGIN on localhost is allowed to go unencrypted",
authName: "localhost",
server: &ServerInfo{Name: "localhost", TLS: false},
shouldFail: false,
},
{
// NOT OK on non-localhost, even if server says LOGIN is OK.
// (We don't know that the server is the real server.)
name: "LOGIN on non-localhost is not allowed to go unencrypted",
authName: "servername",
server: &ServerInfo{Name: "servername", Auth: []string{"LOGIN"}},
shouldFail: true,
wantErr: ErrUnencrypted,
},
{
name: "LOGIN on non-localhost with no LOGIN announcement, is not allowed to go unencrypted",
authName: "servername",
server: &ServerInfo{Name: "servername", Auth: []string{"CRAM-MD5"}},
shouldFail: true,
wantErr: ErrUnencrypted,
},
{
name: "LOGIN with wrong hostname",
authName: "servername",
server: &ServerInfo{Name: "attacker", TLS: true},
shouldFail: true,
wantErr: ErrWrongHostname,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
user := "toni.tester@example.com"
pass := "v3ryS3Cur3P4ssw0rd"
auth := LoginAuth(user, pass, tt.authName, false)
method, _, err := auth.Start(tt.server)
if err != nil && !tt.shouldFail {
t.Errorf("plain authentication failed: %s", err)
}
if err == nil && tt.shouldFail {
t.Error("plain authentication was expected to fail")
}
if tt.wantErr != nil {
if !errors.Is(err, tt.wantErr) {
t.Errorf("expected error to be: %s, got: %s", tt.wantErr, err)
}
return
}
if method != "LOGIN" {
t.Errorf("expected method return to be: %q, got: %q", "LOGIN", method)
}
resp, err := auth.Next([]byte(user), true)
if err != nil {
t.Errorf("failed on first server challange: %s", err)
}
if !bytes.Equal([]byte(user), resp) {
t.Errorf("expected response to first challange to be: %q, got: %q", user, resp)
}
resp, err = auth.Next([]byte(pass), true)
if err != nil {
t.Errorf("failed on second server challange: %s", err)
}
if !bytes.Equal([]byte(pass), resp) {
t.Errorf("expected response to second challange to be: %q, got: %q", pass, resp)
}
resp, err = auth.Next([]byte("nonsense"), true)
if err == nil {
t.Error("expected third server challange to fail, but didn't")
}
if !errors.Is(err, ErrUnexpectedServerResponse) {
t.Errorf("expected error to be: %s, got: %s", ErrUnexpectedServerResponse, err)
}
})
}
}
/* /*
@ -408,10 +499,6 @@ func TestAuthLogin(t *testing.T) {
server *ServerInfo server *ServerInfo
err string err string
}{ }{
{
authName: "servername",
server: &ServerInfo{Name: "servername", TLS: true},
},
{ {
// OK to use LoginAuth on localhost without TLS // OK to use LoginAuth on localhost without TLS
authName: "localhost", authName: "localhost",