90 lines
2.9 KiB
Go
90 lines
2.9 KiB
Go
package imap
|
|
|
|
import (
|
|
"context"
|
|
"encoding/base64"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/ultisuite/ulti-backend/internal/mail/credentials"
|
|
)
|
|
|
|
func TestResolveCredential_missing(t *testing.T) {
|
|
w := &SyncWorker{credentials: &credentials.Manager{}}
|
|
|
|
_, err := w.resolveCredential(context.Background(), "acc-1", nil)
|
|
if err == nil || err.Error() != "missing credentials" {
|
|
t.Fatalf("resolveCredential(nil) error = %v, want missing credentials", err)
|
|
}
|
|
|
|
_, err = w.resolveCredential(context.Background(), "acc-1", []byte{})
|
|
if err == nil || err.Error() != "missing credentials" {
|
|
t.Fatalf("resolveCredential([]) error = %v, want missing credentials", err)
|
|
}
|
|
}
|
|
|
|
func TestResolveCredential_plaintextForbidden(t *testing.T) {
|
|
w := &SyncWorker{credentials: &credentials.Manager{}}
|
|
|
|
_, err := w.resolveCredential(context.Background(), "acc-1", []byte(`{"username":"alice","password":"secret"}`))
|
|
if err == nil || err.Error() != "plaintext credentials forbidden" {
|
|
t.Fatalf("resolveCredential(plaintext) error = %v, want plaintext credentials forbidden", err)
|
|
}
|
|
}
|
|
|
|
func TestResolveCredential_missingManager(t *testing.T) {
|
|
key := base64.StdEncoding.EncodeToString([]byte("0123456789abcdef0123456789abcdef"))
|
|
manager, err := credentials.NewManager("v1:"+key, "v1")
|
|
if err != nil {
|
|
t.Fatalf("new manager: %v", err)
|
|
}
|
|
blob, err := manager.Encrypt("alice@example.com", "secret")
|
|
if err != nil {
|
|
t.Fatalf("encrypt: %v", err)
|
|
}
|
|
|
|
w := &SyncWorker{credentials: nil}
|
|
_, err = w.resolveCredential(context.Background(), "acc-1", blob)
|
|
if err == nil || err.Error() != "credential manager not configured" {
|
|
t.Fatalf("resolveCredential(no manager) error = %v, want credential manager not configured", err)
|
|
}
|
|
}
|
|
|
|
func TestResolveCredential_encryptedSuccess(t *testing.T) {
|
|
key := base64.StdEncoding.EncodeToString([]byte("0123456789abcdef0123456789abcdef"))
|
|
manager, err := credentials.NewManager("v1:"+key, "v1")
|
|
if err != nil {
|
|
t.Fatalf("new manager: %v", err)
|
|
}
|
|
blob, err := manager.Encrypt("alice@example.com", "secret")
|
|
if err != nil {
|
|
t.Fatalf("encrypt: %v", err)
|
|
}
|
|
|
|
w := &SyncWorker{credentials: manager}
|
|
cred, err := w.resolveCredential(context.Background(), "acc-1", blob)
|
|
if err != nil {
|
|
t.Fatalf("resolveCredential(encrypted) error = %v", err)
|
|
}
|
|
if cred.Username != "alice@example.com" || cred.Password != "secret" {
|
|
t.Fatalf("got %+v, want alice@example.com/secret", cred)
|
|
}
|
|
}
|
|
|
|
func TestResolveCredential_decryptFailure(t *testing.T) {
|
|
key := base64.StdEncoding.EncodeToString([]byte("0123456789abcdef0123456789abcdef"))
|
|
manager, err := credentials.NewManager("v1:"+key, "v1")
|
|
if err != nil {
|
|
t.Fatalf("new manager: %v", err)
|
|
}
|
|
|
|
w := &SyncWorker{credentials: manager}
|
|
_, err = w.resolveCredential(context.Background(), "acc-1", []byte("UMC1|v1|invalid|payload"))
|
|
if err == nil {
|
|
t.Fatal("expected decrypt error")
|
|
}
|
|
if !strings.Contains(err.Error(), "decode nonce") {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
}
|