From 18ae57e2da14c6d3b24458b11959cad3cf1843ee Mon Sep 17 00:00:00 2001
From: pixil98 <46978190+pixil98@users.noreply.github.com>
Date: Sun, 4 Aug 2024 23:51:44 -0500
Subject: [PATCH] Add integration tests (#3)

---
 integration-tests/ldap-allow/config.ldif      | 37 ++++++++++++++++
 integration-tests/ldap-allow/data.ldif        |  9 ++++
 .../ldap-allow/docker-compose.yml             | 42 +++++++++++++++++++
 .../ldap-allow/restricted-senders.cf          |  4 ++
 integration-tests/ldap-block/config.ldif      | 37 ++++++++++++++++
 integration-tests/ldap-block/data.ldif        |  9 ++++
 .../ldap-block/docker-compose.yml             | 42 +++++++++++++++++++
 .../ldap-block/restricted-senders.cf          |  4 ++
 integration-tests/ldap-block/test.bats        | 26 ++++++++++++
 9 files changed, 210 insertions(+)
 create mode 100644 integration-tests/ldap-allow/config.ldif
 create mode 100644 integration-tests/ldap-allow/data.ldif
 create mode 100644 integration-tests/ldap-allow/docker-compose.yml
 create mode 100644 integration-tests/ldap-allow/restricted-senders.cf
 create mode 100644 integration-tests/ldap-block/config.ldif
 create mode 100644 integration-tests/ldap-block/data.ldif
 create mode 100644 integration-tests/ldap-block/docker-compose.yml
 create mode 100644 integration-tests/ldap-block/restricted-senders.cf
 create mode 100755 integration-tests/ldap-block/test.bats

diff --git a/integration-tests/ldap-allow/config.ldif b/integration-tests/ldap-allow/config.ldif
new file mode 100644
index 0000000..a641550
--- /dev/null
+++ b/integration-tests/ldap-allow/config.ldif
@@ -0,0 +1,37 @@
+version: 1
+
+# Add the groupType Attribute and group class for MSAD
+# Kept for memory in case we need to enable this again
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcAttributetypes
+# olcAttributetypes: ( 1.2.840.113556.1.4.750 NAME 'groupType'
+#    SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE
+# )
+#
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcObjectClasses
+# olcObjectClasses: ( 1.2.840.113556.1.5.8 NAME 'Group'
+#         DESC 'a group of users'
+#         SUP top STRUCTURAL
+#         MUST ( groupType $ cn)
+#         MAY ( member ) )
+
+# Configure TLS
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
+# Configure loging
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats
diff --git a/integration-tests/ldap-allow/data.ldif b/integration-tests/ldap-allow/data.ldif
new file mode 100644
index 0000000..48bd820
--- /dev/null
+++ b/integration-tests/ldap-allow/data.ldif
@@ -0,0 +1,9 @@
+# demo@example.org
+dn: uid=demo,${LDAP_BASEDN}
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Demo
+sn: allowed
+mail: demo@example.org
diff --git a/integration-tests/ldap-allow/docker-compose.yml b/integration-tests/ldap-allow/docker-compose.yml
new file mode 100644
index 0000000..65424f9
--- /dev/null
+++ b/integration-tests/ldap-allow/docker-compose.yml
@@ -0,0 +1,42 @@
+version: '3.7'
+services:
+  postfix_test_587:
+    hostname: "postfix"
+    image: "boky/postfix"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./restricted-senders.cf:/etc/postfix/conf/restricted-senders.cf"
+    environment:
+      FORCE_COLOR: "1"
+      ALLOWED_SENDER_DOMAINS: "example.org"
+      POSTFIX_smtpd_sender_restrictions: "check_client_access ldap:/etc/postfix/conf/restricted-senders.cf"
+  ldap:
+    hostname: "ldap"
+    image: "thoteam/slapd-server-mock"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 389 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./config.ldif:/bootstrap/config.ldif.TEMPLATE"
+      - "./data.ldif:/bootstrap/data.ldif.TEMPLATE"
+  tests:
+    image: "boky/postfix-integration-test"
+    restart: "no"
+    volumes:
+      - "../tester:/code"
+    build:
+      context: ../tester
+    command: "/" # relative path to /code
+    environment:
+      FROM: "demo@example.org"
+      TO: "test@gmail.com"
diff --git a/integration-tests/ldap-allow/restricted-senders.cf b/integration-tests/ldap-allow/restricted-senders.cf
new file mode 100644
index 0000000..03dcda6
--- /dev/null
+++ b/integration-tests/ldap-allow/restricted-senders.cf
@@ -0,0 +1,4 @@
+    server_host = ldap://ldap
+    search_base = dc=ldapmock,dc=local
+    query_filter = (sn=allowed)
+    result_attribute = mail
diff --git a/integration-tests/ldap-block/config.ldif b/integration-tests/ldap-block/config.ldif
new file mode 100644
index 0000000..a641550
--- /dev/null
+++ b/integration-tests/ldap-block/config.ldif
@@ -0,0 +1,37 @@
+version: 1
+
+# Add the groupType Attribute and group class for MSAD
+# Kept for memory in case we need to enable this again
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcAttributetypes
+# olcAttributetypes: ( 1.2.840.113556.1.4.750 NAME 'groupType'
+#    SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE
+# )
+#
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcObjectClasses
+# olcObjectClasses: ( 1.2.840.113556.1.5.8 NAME 'Group'
+#         DESC 'a group of users'
+#         SUP top STRUCTURAL
+#         MUST ( groupType $ cn)
+#         MAY ( member ) )
+
+# Configure TLS
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
+# Configure loging
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats
diff --git a/integration-tests/ldap-block/data.ldif b/integration-tests/ldap-block/data.ldif
new file mode 100644
index 0000000..5d46eec
--- /dev/null
+++ b/integration-tests/ldap-block/data.ldif
@@ -0,0 +1,9 @@
+# demo@example.org
+dn: uid=demo,${LDAP_BASEDN}
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Demo
+sn: blocked
+mail: demo@example.org
diff --git a/integration-tests/ldap-block/docker-compose.yml b/integration-tests/ldap-block/docker-compose.yml
new file mode 100644
index 0000000..65424f9
--- /dev/null
+++ b/integration-tests/ldap-block/docker-compose.yml
@@ -0,0 +1,42 @@
+version: '3.7'
+services:
+  postfix_test_587:
+    hostname: "postfix"
+    image: "boky/postfix"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./restricted-senders.cf:/etc/postfix/conf/restricted-senders.cf"
+    environment:
+      FORCE_COLOR: "1"
+      ALLOWED_SENDER_DOMAINS: "example.org"
+      POSTFIX_smtpd_sender_restrictions: "check_client_access ldap:/etc/postfix/conf/restricted-senders.cf"
+  ldap:
+    hostname: "ldap"
+    image: "thoteam/slapd-server-mock"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 389 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./config.ldif:/bootstrap/config.ldif.TEMPLATE"
+      - "./data.ldif:/bootstrap/data.ldif.TEMPLATE"
+  tests:
+    image: "boky/postfix-integration-test"
+    restart: "no"
+    volumes:
+      - "../tester:/code"
+    build:
+      context: ../tester
+    command: "/" # relative path to /code
+    environment:
+      FROM: "demo@example.org"
+      TO: "test@gmail.com"
diff --git a/integration-tests/ldap-block/restricted-senders.cf b/integration-tests/ldap-block/restricted-senders.cf
new file mode 100644
index 0000000..03dcda6
--- /dev/null
+++ b/integration-tests/ldap-block/restricted-senders.cf
@@ -0,0 +1,4 @@
+    server_host = ldap://ldap
+    search_base = dc=ldapmock,dc=local
+    query_filter = (sn=allowed)
+    result_attribute = mail
diff --git a/integration-tests/ldap-block/test.bats b/integration-tests/ldap-block/test.bats
new file mode 100755
index 0000000..2219952
--- /dev/null
+++ b/integration-tests/ldap-block/test.bats
@@ -0,0 +1,26 @@
+#!/usr/bin/env bats
+
+FROM=$1
+TO=$2
+
+if [ -z "$FROM" ]; then
+    FROM="demo@example.org"
+fi
+
+if [ -z "$TO" ]; then
+    TO="test@gmail.com"
+fi
+
+# Wait for postfix to startup
+wait-for-service -q tcp://postfix_test_587:587
+wait-for-service -q tcp://ldap:389
+
+SMTP_DATA="-smtp postfix_test_587 -port 587"
+
+@test "Make sure postfix rejects the message from us" {
+	! mailsend -debug \
+		-sub "Test email 1" $SMTP_DATA \
+			-from "$FROM" -to "$TO" \
+		body \
+			-msg "Hello world!\nThis is a simple test message!"
+}