1#!/bin/sh
2#
3# Test the XOAUTH2 support in send
4#
5
6if test -z "${MH_OBJ_DIR}"; then
7    srcdir=`dirname "$0"`/../..
8    MH_OBJ_DIR=`cd "${srcdir}" && pwd`; export MH_OBJ_DIR
9fi
10
11. "${srcdir}/test/oauth/common.sh"
12
13check_exit '-eq 1' send -
14
15test_send_only_fakehttp() {
16    start_fakehttp
17    test_send_no_servers "$@"
18    check_http_req
19}
20
21#
22# success cases
23#
24
25export XOAUTH
26XOAUTH='dXNlcj1ub2JvZHlAZXhhbXBsZS5jb20BYXV0aD1CZWFyZXIgdGVzdC1hY2Nlc3MBAQ=='
27
28# TEST
29start_test 'access token ready, smtp server accepts message'
30
31setup_draft
32
33fake_creds <<EOF
34access-nobody@example.com: test-access
35refresh-nobody@example.com: test-refresh
36expire-nobody@example.com: 2000000000
37EOF
38
39start_fakesmtp
40run_test "send -draft -server 127.0.0.1 -port ${smtp_port} -sasl -saslmech xoauth2 -authservice test -user nobody@example.com"
41
42# TEST
43start_test 'expired access token, refresh works, smtp server accepts message'
44
45setup_draft
46
47fake_creds <<EOF
48access-nobody@example.com: old-access
49refresh-nobody@example.com: test-refresh
50expire-nobody@example.com: 1414303986
51EOF
52
53expect_http_post_refresh
54
55fake_json_response <<EOF
56{
57  "access_token": "test-access",
58  "token_type": "Bearer",
59  "expires_in": 3600
60}
61EOF
62
63expect_creds <<EOF
64access-nobody@example.com: test-access
65refresh-nobody@example.com: test-refresh
66expire-nobody@example.com:
67EOF
68
69test_send
70
71check_creds_private
72check_creds
73
74# TEST
75start_test 'expired access token, refresh works and gets updated, smtp server accepts message'
76
77setup_draft
78
79fake_creds <<EOF
80access-nobody@example.com: old-access
81refresh-nobody@example.com: old-refresh
82expire-nobody@example.com: 1414303986
83EOF
84
85expect_http_post_old_refresh
86
87fake_json_response <<EOF
88{
89  "access_token": "test-access",
90  "refresh_token": "test-refresh",
91  "token_type": "Bearer"
92}
93EOF
94
95expect_creds <<EOF
96access-nobody@example.com: test-access
97refresh-nobody@example.com: test-refresh
98EOF
99
100test_send
101
102check_creds
103
104# TEST
105start_test 'access token has no expiration, refresh works, smtp server accepts message'
106
107setup_draft
108
109fake_creds <<EOF
110access-nobody@example.com: old-access
111refresh-nobody@example.com: test-refresh
112EOF
113
114expect_http_post_refresh
115
116fake_json_response <<EOF
117{
118  "access_token": "test-access",
119  "token_type": "Bearer"
120}
121EOF
122
123expect_creds <<EOF
124access-nobody@example.com: test-access
125refresh-nobody@example.com: test-refresh
126EOF
127
128test_send
129
130check_creds
131
132# TEST
133start_test 'no access token, refresh works, smtp server accepts message'
134
135setup_draft
136
137fake_creds <<EOF
138refresh-nobody@example.com: test-refresh
139EOF
140
141expect_http_post_refresh
142
143fake_json_response <<EOF
144{
145  "access_token": "test-access",
146  "token_type": "Bearer"
147}
148EOF
149
150expect_creds <<EOF
151access-nobody@example.com: test-access
152refresh-nobody@example.com: test-refresh
153EOF
154
155test_send
156
157check_creds
158
159#
160# fail cases
161#
162
163setup_draft
164
165# TEST
166start_test 'no service definition'
167
168run_test "send -draft -server 127.0.0.1 -port ${smtp_port} -sasl -saslmech xoauth2 -authservice bogus -user nobody@example.com" 'send: Unable to retrieve oauth profile entries: scope is missing'
169
170# TEST
171start_test 'no creds file -- should tell user to mhlogin'
172
173rm -f "${MHTMPDIR}/oauth-test"
174
175test_send_only_fakesmtp 'post: no credentials -- run mhlogin -saslmech xoauth2 -authservice test
176send: message not delivered to anyone'
177
178# TEST
179start_test 'empty creds file -- should tell user to mhlogin'
180
181fake_creds < /dev/null
182
183test_send_only_fakesmtp 'post: user not found in cred file: nobody@example.com
184send: message not delivered to anyone'
185
186# TEST
187start_test 'garbage creds file'
188
189echo bork | fake_creds
190
191test_send_only_fakesmtp 'post: eof encountered in field "bork"
192post: error loading cred file
193send: message not delivered to anyone'
194
195# TEST
196start_test 'unexpected field in creds file'
197
198fake_creds <<EOF
199bork: bork
200access-nobody@example.com: test-access
201EOF
202
203test_send_only_fakesmtp 'post: error loading cred file: unexpected field
204send: message not delivered to anyone'
205
206# TEST
207start_test 'garbage expiration time'
208
209fake_creds <<EOF
210access-nobody@example.com: test-access
211expire-nobody@example.com: 99999999999999999999999999999999
212EOF
213
214test_send_only_fakesmtp 'post: error loading cred file: invalid expiration time
215send: message not delivered to anyone'
216
217# TEST
218start_test 'refresh response has no access token'
219
220fake_creds <<EOF
221refresh-nobody@example.com: test-refresh
222EOF
223
224expect_http_post_refresh
225
226fake_json_response <<EOF
227{
228  "refresh_token": "refresh-token",
229  "token_type": "Bearer"
230}
231EOF
232
233test_send 'post: error refreshing OAuth2 token
234post: invalid response: no access token
235send: message not delivered to anyone'
236
237# TEST
238start_test 'expired access token, no refresh token -- tell user to mhlogin'
239
240fake_creds <<EOF
241access-nobody@example.com: test-access
242expire-nobody@example.com: 1414303986
243EOF
244
245test_send_only_fakesmtp 'post: no valid credentials -- run mhlogin -saslmech xoauth2 -authservice test
246send: message not delivered to anyone'
247
248# TEST
249start_test 'access token has no expiration, no refresh token -- tell user to mhlogin'
250
251fake_creds <<EOF
252access-nobody@example.com: test-access
253EOF
254
255test_send_only_fakesmtp 'post: no valid credentials -- run mhlogin -saslmech xoauth2 -authservice test
256send: message not delivered to anyone'
257
258# TEST
259start_test 'refresh finds no http server'
260
261fake_creds <<EOF
262access-nobody@example.com: test-access
263refresh-nobody@example.com: test-refresh
264EOF
265
266cat > "${testname}.expected-send-output" <<EOF
267post: error refreshing OAuth2 token
268post: error making HTTP request to OAuth2 authorization endpoint: [details]
269send: message not delivered to anyone
270EOF
271
272start_fakesmtp
273run_prog send -draft -server 127.0.0.1 -port ${smtp_port} \
274  -sasl -saslmech xoauth2 -authservice test -user nobody@example.com > "${testname}.send-output" 2>&1 || true
275# Clear out an error message we get from libcurl on some systems (seen at least
276# 3 different versions of this error message, on FreeBSD 10.1, Ubuntu 12.04, and
277# Ubuntu 14.04).
278f="${testname}.send-output"
279sed 's/\(post: error making HTTP request to OAuth2 authorization endpoint:\).*/\1 [details]/' "$f" > "$f".clean
280check "$f".clean "${testname}.expected-send-output"
281rm "$f"
282
283# TEST
284start_test 'refresh gets bogus 200 response from http server'
285
286expect_http_post_refresh
287
288fake_http_response '200 OK' <<EOF
289Content-Type: text/html
290
291<html>doh!</htmxl>
292EOF
293
294test_send 'post: error refreshing OAuth2 token
295post: invalid response
296send: message not delivered to anyone'
297
298# TEST
299start_test 'refresh gets 500 response from http server'
300
301expect_http_post_refresh
302
303fake_http_response '500 Server Error' <<EOF
304Content-Type: text/html
305
306<html>doh!</html>
307EOF
308
309test_send 'post: error refreshing OAuth2 token
310post: invalid response
311send: message not delivered to anyone'
312
313# TEST
314start_test 'refresh gets proper error from http'
315
316expect_http_post_refresh
317
318fake_http_response '400 Bad Request' <<EOF
319Content-Type: application/json
320
321{
322  "error": "invalid_grant"
323}
324EOF
325
326test_send 'post: credentials rejected -- run mhlogin -saslmech xoauth2 -authservice test
327send: message not delivered to anyone'
328
329# TEST
330start_test 'refresh gets response too big'
331
332fake_creds <<EOF
333refresh-nobody@example.com: test-refresh
334EOF
335
336expect_http_post_refresh
337
338fake_json_response <<EOF
339{
340  "access_token": "test-access",
341  "token_type": "Bearer",
342  "expires_in": 3600
343}
344EOF
345
346awk 'BEGIN { for (i = 0; i < 8192; i++) { print "." } }' \
347    >> "${testname}.http-res"
348
349test_send 'post: error refreshing OAuth2 token
350post: refusing to process response body larger than 8192 bytes
351send: message not delivered to anyone'
352
353# TEST
354start_test 'smtp server rejects token'
355
356XOAUTH='not-that-one'
357
358fake_creds <<EOF
359access-nobody@example.com: test-access
360expire-nobody@example.com: 2000000000
361EOF
362
363test_send_only_fakesmtp 'post: problem initializing server; [BHST] Authentication failed: Not no way, not no how!
364send: message not delivered to anyone'
365
366# TEST
367start_test 'botched json response'
368
369fake_creds <<EOF
370refresh-nobody@example.com: test-refresh
371EOF
372
373expect_http_post_refresh
374
375fake_json_response <<EOF
376{
377  "refresh_token": "refresh-toke
378}
379EOF
380
381test_send 'post: error refreshing OAuth2 token
382post: invalid response
383send: message not delivered to anyone'
384
385# TEST
386start_test "smtp server doesn't support oauth"
387
388unset XOAUTH
389
390test_send_only_fakesmtp 'post: problem initializing server; [BHST] SMTP server does not support SASL
391send: message not delivered to anyone'
392
393clean_fakesmtp
394clean_fakehttp
395finish_test
396
397exit ${failed:-0}
398