git » chasquid » smarthost » tree

[smarthost] / internal / courier / smarthost_test.go

package courier

import (
	"net/url"
	"strings"
	"testing"
	"time"
)

func newSmartHost(t *testing.T, addr string) *SmartHost {
	return &SmartHost{
		HelloDomain: "hello",
		URL: url.URL{
			Scheme: "smtp",
			Host:   addr,
		},
	}
}

func TestSmartHost(t *testing.T) {
	// Shorten the total timeout, so the test fails quickly if the protocol
	// gets stuck.
	shTotalTimeout = 3 * time.Second

	responses := map[string]string{
		"_welcome":   "220 welcome\n",
		"EHLO hello": "250-ehlo ok\n250 STARTTLS AUTH HELP\n",
		"STARTTLS":   "220 tls ok\n",
		"_STARTTLS":  "ok",

		// Auth corresponds to the user and password below.
		"AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=": "235 auth ok\n",

		"MAIL FROM:<me@me>": "250 mail ok\n",
		"RCPT TO:<to@to>":   "250 rcpt ok\n",
		"DATA":              "354 send data\n",
		"_DATA":             "250 data ok\n",
		"QUIT":              "250 quit ok\n",
	}
	srv := newFakeServer(t, responses)

	sh := newSmartHost(t, srv.addr)
	sh.URL.User = url.UserPassword("user", "password")
	sh.rootCAs = srv.rootCA()
	err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
	if err != nil {
		t.Errorf("deliver failed: %v", err)
	}

	srv.wg.Wait()
}

func TestSmartHostBadAuth(t *testing.T) {
	// Shorten the total timeout, so the test fails quickly if the protocol
	// gets stuck.
	shTotalTimeout = 3 * time.Second

	responses := map[string]string{
		"_welcome":   "220 welcome\n",
		"EHLO hello": "250-ehlo ok\n250-STARTTLS\n250 AUTH PLAIN\n",
		"STARTTLS":   "220 tls ok\n",
		"_STARTTLS":  "ok",

		// Auth corresponds to the user and password below.
		"AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=": "454 auth error\n",

		// The client will use an "*" to abort the auth on errors.
		"*": "501 invalid command\n",

		"QUIT": "250 quit ok\n",
	}
	srv := newFakeServer(t, responses)

	sh := newSmartHost(t, srv.addr)
	sh.URL.User = url.UserPassword("user", "password")
	sh.rootCAs = srv.rootCA()
	err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
	if !strings.HasPrefix(err.Error(), "AUTH error: 454 auth error") {
		t.Errorf("expected error in AUTH, got %q", err)
	}

	srv.wg.Wait()
}

func TestSmartHostBadCert(t *testing.T) {
	// Shorten the total timeout, so the test fails quickly if the protocol
	// gets stuck.
	shTotalTimeout = 3 * time.Second

	responses := map[string]string{
		"_welcome":   "220 welcome\n",
		"EHLO hello": "250-ehlo ok\n250 STARTTLS\n",
		"STARTTLS":   "220 tls ok\n",
		"_STARTTLS":  "ok",
	}
	srv := newFakeServer(t, responses)

	sh := newSmartHost(t, srv.addr)
	// We do NOT set the root CA to our test server's certificate, so we
	// expect the STARTTLS negotiation to fail.
	err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
	if !strings.HasPrefix(err.Error(), "Error in STARTTLS:") {
		t.Errorf("expected error in STARTTLS, got %q", err)
	}

	srv.wg.Wait()
}

func TestSmartHostErrors(t *testing.T) {
	// Shorten the total timeout, so the test fails quickly if the protocol
	// gets stuck.
	shTotalTimeout = 1 * time.Second

	cases := []struct {
		responses map[string]string
		errPrefix string
	}{
		// First test: hang response, should fail due to timeout.
		{
			map[string]string{"_welcome": "220 no newline"},
			"",
		},

		// No STARTTLS support.
		{
			map[string]string{
				"_welcome":   "220 rcpt to not allowed\n",
				"EHLO hello": "250-ehlo ok\n250 HELP\n",
			},
			"Server does not support STARTTLS",
		},

		// MAIL FROM not allowed.
		{
			map[string]string{
				"_welcome":          "220 mail from not allowed\n",
				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
				"STARTTLS":          "220 tls ok\n",
				"_STARTTLS":         "ok",
				"MAIL FROM:<me@me>": "501 mail error\n",
			},
			"MAIL+RCPT 501 mail error",
		},

		// RCPT TO not allowed.
		{
			map[string]string{
				"_welcome":          "220 rcpt to not allowed\n",
				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
				"STARTTLS":          "220 tls ok\n",
				"_STARTTLS":         "ok",
				"MAIL FROM:<me@me>": "250 mail ok\n",
				"RCPT TO:<to@to>":   "501 rcpt error\n",
			},
			"MAIL+RCPT 501 rcpt error",
		},

		// DATA error.
		{
			map[string]string{
				"_welcome":          "220 data error\n",
				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
				"STARTTLS":          "220 tls ok\n",
				"_STARTTLS":         "ok",
				"MAIL FROM:<me@me>": "250 mail ok\n",
				"RCPT TO:<to@to>":   "250 rcpt ok\n",
				"DATA":              "554 data error\n",
			},
			"DATA 554 data error",
		},

		// DATA response error.
		{
			map[string]string{
				"_welcome":          "220 data error\n",
				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
				"STARTTLS":          "220 tls ok\n",
				"_STARTTLS":         "ok",
				"MAIL FROM:<me@me>": "250 mail ok\n",
				"RCPT TO:<to@to>":   "250 rcpt ok\n",
				"DATA":              "354 send data\n",
				"_DATA":             "551 data response error\n",
			},
			"DATA closing 551 data response error",
		},
	}

	for _, c := range cases {
		srv := newFakeServer(t, c.responses)
		sh := newSmartHost(t, srv.addr)
		sh.rootCAs = srv.rootCA()

		err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
		if err == nil {
			t.Errorf("deliver not failed in case %q: %v",
				c.responses["_welcome"], err)
			continue
		}
		t.Logf("failed as expected: %v", err)

		if !strings.HasPrefix(err.Error(), c.errPrefix) {
			t.Errorf("expected error prefix %q, got %q",
				c.errPrefix, err)
		}

		srv.wg.Wait()
	}
}

func TestSmartHostDialError(t *testing.T) {
	sh := newSmartHost(t, "localhost:1")
	err, permanent := sh.Deliver("me@me", "to@to", []byte("data"))
	if err == nil {
		t.Errorf("delivery worked, expected failure")
	}
	if permanent {
		t.Errorf("expected transient failure, got permanent (%v)", err)
	}
	t.Logf("got transient failure, as expected: %v", err)
}