docker-postfix/unit-tests/007_xoauth2_support.bats

#!/usr/bin/env bats

load /code/scripts/common.sh
load /code/scripts/common-run.sh

@test "check sentive variables are unset" {
	local RELAYHOST_PASSWORD="password"
	local XOAUTH2_CLIENT_ID="client_id"
	local XOAUTH2_SECRET="secret"
	local XOAUTH2_INITIAL_ACCESS_TOKEN="access_token"
	local XOAUTH2_INITIAL_REFRESH_TOKEN="refres_token"

	unset_sensitive_variables

	[ -z "$RELAYHOST_PASSWORD" ]
	[ -z "$XOAUTH2_CLIENT_ID" ]
	[ -z "$XOAUTH2_SECRET" ]
	[ -z "$XOAUTH2_INITIAL_ACCESS_TOKEN" ]
	[ -z "$XOAUTH2_INITIAL_REFRESH_TOKEN" ]
}

@test "reading sensitive values from environment or from file" {
	local RELAYHOST_PASSWORD="password"

	local tmp_file=$(mktemp)
	echo "password" > $tmp_file
	local XOAUTH2_CLIENT_ID_FILE="$tmp_file"

	file_env 'RELAYHOST_PASSWORD'
	file_env 'XOAUTH2_CLIENT_ID'

	[ -n "$RELAYHOST_PASSWORD" ]
	[ -n "$XOAUTH2_CLIENT_ID" ]
}

@test "pre-configure xoauth2 in postfix only if relayhost is configured" {
	local RELAYHOST="[smtp.example.org]:597"
	local RELAYHOST_USERNAME="your.acount@example.org"
	local XOAUTH2_CLIENT_ID="client_id"
	local XOAUTH2_SECRET="secret"
	local XOAUTH2_SYSLOG_ON_FAILURE="no"
	local XOAUTH2_FULL_TRACE="yes"
	local XOAUTH2_INITIAL_ACCESS_TOKEN="access_token"
	local XOAUTH2_INITIAL_REFRESH_TOKEN="refresh_token"

	postfix_setup_xoauth2_pre_setup

	[ -f "/etc/sasl-xoauth2.conf" ]
	result=$(cat /etc/sasl-xoauth2.conf | grep -e 'client_id' | sed -r 's/\s*"[^"]+"\s*:\s*"([^,]*)"\s*,?/\1/')
	[ "$result" == "$XOAUTH2_CLIENT_ID" ]
	result=$(cat /etc/sasl-xoauth2.conf | grep -e 'client_secret' | sed -r 's/\s*"[^"]+"\s*:\s*"([^,]*)"\s*,?/\1/')
	[ "$result" == "$XOAUTH2_SECRET" ]
	result=$(cat /etc/sasl-xoauth2.conf | grep -e 'log_to_syslog_on_failure' | sed -r 's/\s*"[^"]+"\s*:\s*"([^,]*)"\s*,?/\1/')
	[ "$result" == "$XOAUTH2_SYSLOG_ON_FAILURE" ]
	result=$(cat /etc/sasl-xoauth2.conf | grep -e 'log_full_trace_on_failure' | sed -r 's/\s*"[^"]+"\s*:\s*"([^,]*)"\s*,?/\1/')
	[ "$result" == "$XOAUTH2_FULL_TRACE" ]
	[ "$RELAYHOST_PASSWORD" == "/var/spool/postfix/xoauth2-tokens/${RELAYHOST_USERNAME}" ]
	result=$(cat "${RELAYHOST_PASSWORD}" | grep -e 'access_token' | sed -r 's/\s*"[^"]+"\s*:\s*"([^,]*)"\s*,?/\1/')
	[ "$result" == "$XOAUTH2_INITIAL_ACCESS_TOKEN" ]
	result=$(cat "${RELAYHOST_PASSWORD}" | grep -e 'refresh_token' | sed -r 's/\s*"[^"]+"\s*:\s*"([^,]*)"\s*,?/\1/')
	[ "$result" == "$XOAUTH2_INITIAL_REFRESH_TOKEN" ]
}

@test "pre-configure error trying to configure xoauth2 in postfix if relayhost is not configured" {
	local XOAUTH2_CLIENT_ID="client_id"
	local XOAUTH2_SECRET="secret"

	local RELAYHOST="[smtp.example.org]:597"

	run postfix_setup_xoauth2_pre_setup

	[ "$status" -eq 1 ]
	[ "$output" == "‣ ERROR You need to specify RELAYHOST and RELAYHOST_USERNAME otherwise Postfix will not run!" ]

	unset RELAYHOST
	local RELAYHOST_USERNAME="your.acount@example.org"

	run postfix_setup_xoauth2_pre_setup

	[ "$status" -eq 1 ]
	[ "$output" == "‣ ERROR You need to specify RELAYHOST and RELAYHOST_USERNAME otherwise Postfix will not run!" ]
}

@test "post-configure xoauth2 not needed" {
	local XOAUTH2_CLIENT_ID="client_id"

	postfix_setup_xoauth2_post_setup

	postfix check

	result=$(cat /etc/postfix/main.cf | grep -e 'smtp_sasl_mechanism_filter' | sed -r 's/\s*[^\s]+\s*=\s*([^\s]*)/\1/')
	[ "$result" != "xoauth2" ]
}

@test "post-configure xoauth2 required" {
	local XOAUTH2_CLIENT_ID="client_id"
	local XOAUTH2_SECRET="secret"

	postfix_setup_xoauth2_post_setup

	postfix check

	cat /etc/postfix/main.cf | grep -q -E '^\s*smtp_sasl_security_options\s*=\s*$'
	local status=$?
	[ "$status" -eq 0 ]

	cat /etc/postfix/main.cf | grep -q -E '^\s*smtp_sasl_mechanism_filter\s*=\s*xoauth2$'
	local status=$?
	[ "$status" -eq 0 ]

	cat /etc/postfix/main.cf | grep -q -E '^\s*smtp_tls_session_cache_database\s*=\s*lmdb:\$\{data_directory\}/smtp_scache$'
	local status=$?
	[ "$status" -eq 0 ]
}