Add tests for PlainAuth and LoginAuth without encryption

Introduced new test functions TestAuthPlainNoEnc and TestAuthLoginNoEnc in smtp_test.go to verify behaviors of PlainAuth and LoginAuth without TLS encryption. These tests ensure that authentication mechanisms handle non-encrypted and diverse server configurations correctly.
2024-11-14 18:02:55 +01:00 · 2024-10-22 15:50:18 +02:00 · 2024-10-22 15:50:18 +02:00 · e2ed5b747a
commit e2ed5b747a
parent 2bd950469a
1 changed files with 84 additions and 0 deletions
--- a/smtp/smtp_test.go
+++ b/smtp/smtp_test.go
@ -265,6 +265,46 @@ func TestAuthPlain(t *testing.T) {
 	}
 }

+func TestAuthPlainNoEnc(t *testing.T) {
+	tests := []struct {
+		authName string
+		server   *ServerInfo
+		err      string
+	}{
+		{
+			authName: "servername",
+			server:   &ServerInfo{Name: "servername", TLS: true},
+		},
+		{
+			// OK to use PlainAuth on localhost without TLS
+			authName: "localhost",
+			server:   &ServerInfo{Name: "localhost", TLS: false},
+		},
+		{
+			// Also OK on non-TLS secured connections. The NoEnc mechanism is meant to allow
+			// non-encrypted connections.
+			authName: "servername",
+			server:   &ServerInfo{Name: "servername", Auth: []string{"PLAIN"}},
+		},
+		{
+			authName: "servername",
+			server:   &ServerInfo{Name: "attacker", TLS: true},
+			err:      "wrong host name",
+		},
+	}
+	for i, tt := range tests {
+		auth := PlainAuth("foo", "bar", "baz", tt.authName, true)
+		_, _, err := auth.Start(tt.server)
+		got := ""
+		if err != nil {
+			got = err.Error()
+		}
+		if got != tt.err {
+			t.Errorf("%d. got error = %q; want %q", i, got, tt.err)
+		}
+	}
+}
+
 func TestAuthLogin(t *testing.T) {
 	tests := []struct {
 		authName string
@ -311,6 +351,50 @@ func TestAuthLogin(t *testing.T) {
 	}
 }

+func TestAuthLoginNoEnc(t *testing.T) {
+	tests := []struct {
+		authName string
+		server   *ServerInfo
+		err      string
+	}{
+		{
+			authName: "servername",
+			server:   &ServerInfo{Name: "servername", TLS: true},
+		},
+		{
+			// OK to use LoginAuth on localhost without TLS
+			authName: "localhost",
+			server:   &ServerInfo{Name: "localhost", TLS: false},
+		},
+		{
+			// Also OK on non-TLS secured connections. The NoEnc mechanism is meant to allow
+			// non-encrypted connections.
+			authName: "servername",
+			server:   &ServerInfo{Name: "servername", Auth: []string{"LOGIN"}},
+		},
+		{
+			authName: "servername",
+			server:   &ServerInfo{Name: "servername", Auth: []string{"CRAM-MD5"}},
+		},
+		{
+			authName: "servername",
+			server:   &ServerInfo{Name: "attacker", TLS: true},
+			err:      "wrong host name",
+		},
+	}
+	for i, tt := range tests {
+		auth := LoginAuth("foo", "bar", tt.authName, true)
+		_, _, err := auth.Start(tt.server)
+		got := ""
+		if err != nil {
+			got = err.Error()
+		}
+		if got != tt.err {
+			t.Errorf("%d. got error = %q; want %q", i, got, tt.err)
+		}
+	}
+}
+
 func TestXOAuth2OK(t *testing.T) {
 	server := []string{
 		"220 Fake server ready ESMTP",