ipcauthpipe 0.2.7

data/README

@@ -0,0 +1,13 @@
+This is implementation of Courier's authpipe protocol over Invision Power Board
+and Converge.
+
+This gem acts as an interface between Courier's authlib with Invision's members
+database and allows to authenticate with authlib against Invision's DB.
+
+To run it you have to take sample config file included in the gem sources and
+modify it to match your environment. Then configure your courier-authlib
+to run ipcauthpipe with full path to your config file as a parameter, i.e.:
+/usr/local/ipcauthpipe /etc/ipcauthpipe-config.yml
+
+See more about Courier's authpipe authentication module and protocol at:
+http://www.courier-mta.org/authlib/README_authlib.html#authpipe

data/bin/ipcauthpipe

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require File.dirname(__FILE__) + '/../lib/ipcauthpipe'
+
+# Start IpcAuthpipe with config from the first CLI argument of with ../config.yml as a default one
+IpcAuthpipe.start( ARGV[0] || "#{File.dirname(__FILE__)}/../config.yml" )

data/config.yml

@@ -0,0 +1,21 @@
+database:
+  adapter: mysql
+  database: pokerru_mail
+  username: toor
+  password: Awycehe2iS
+  socket: /tmp/mysql.sock
+
+log:
+  level: debug
+  file: ipcauthpipe.log
+
+invision:
+  tables_prefix: ibf_
+
+mail:
+  address_format: %s@poker.ru
+  owner_uid: 2001
+  owner_name: vmail
+  owner_gid: 1000
+  owner_group: virtualusers
+  home_dir: /tmp/%s

data/ipcauthpipe.gemspec

@@ -0,0 +1,46 @@
+Gem::Specification.new do |s|
+  s.name     = "ipcauthpipe"
+  s.version  = "0.2.7"
+  s.date     = "2011-06-11"
+  s.summary  = "Implementation of Courier's authpipe protocol over Invision Power Board / Converge."
+  s.description = "ipcauthpipe gem implements Courier's authpipe protocol to interface Courier POP/IMAP server with Invision Power Board / Converge members database."
+  s.has_rdoc = false
+
+  s.author  = "Oleg Ivanov"
+  s.email = "morhekil@morhekil.net"
+  s.homepage = "http://morhekil.net"
+
+  s.files = ['lib/ipcauthpipe/handler/auth.rb',
+    'lib/ipcauthpipe/handler/enumerate.rb',
+    'lib/ipcauthpipe/handler/passwd.rb',
+    'lib/ipcauthpipe/handler/pre.rb',
+    'lib/ipcauthpipe/handler.rb',
+    'lib/ipcauthpipe/log.rb',
+    'lib/ipcauthpipe/processor.rb',
+    'lib/ipcauthpipe/reader.rb',
+    'lib/models/member.rb',
+    'lib/models/member_converge.rb',
+    'lib/ipcauthpipe.rb',
+    'bin/ipcauthpipe',
+    'ipcauthpipe.gemspec',
+    'README',
+    'config.yml'
+  ]
+
+  s.test_files = ['test/ipcauthpipe/handler/auth_spec.rb',
+    'test/ipcauthpipe/handler/pre_spec.rb',
+    'test/ipcauthpipe/log_spec.rb',
+    'test/ipcauthpipe/processor_spec.rb',
+    'test/models/member_spec.rb',
+    'test/models/member_converge_spec.rb',
+    'test/spec_helper.rb',
+    'test/config.yml'
+  ]
+
+  s.bindir = 'bin'
+  s.executables = ['ipcauthpipe']
+
+  s.require_path = 'lib'
+
+  s.add_dependency("activerecord", "~> 2.3.8")
+end

data/lib/ipcauthpipe.rb

@@ -0,0 +1,60 @@
+$:.unshift File.dirname(__FILE__)
+
+require 'rubygems'
+require 'active_record'
+require 'ostruct'
+
+require 'fileutils'
+
+require 'ipcauthpipe/processor'
+require 'ipcauthpipe/handler'
+require 'ipcauthpipe/reader'
+require 'ipcauthpipe/log'
+
+module IpcAuthpipe
+
+  # Failed authentication (unknown username/password) exception class
+  class AuthenticationFailed < StandardError
+  end
+
+  class << self
+    attr_reader :config
+
+    # Starts the processing - initializes the configuration and feeds incoming requests
+    # to request processor
+    def start(cfgfile)
+      init cfgfile
+      Log::info 'ipcauthpipe is started'
+
+      ipc = IpcAuthpipe::Processor.new
+      while (line = IpcAuthpipe::Reader.getline) do
+        reply = ipc.process(line.strip) unless line.strip.empty?
+        Log::debug "Reply is: #{reply.inspect}"
+        STDOUT.puts reply
+        STDOUT.flush
+      end
+    end
+
+    # Reads and stores config file and uses it's data to initialize ActiveRecord connection
+    def init(cfgfile)
+      # Read and parse YAML config
+      cfgdata = YAML::load_file(cfgfile)
+
+      # Create the global config object
+      @config = OpenStruct.new cfgdata
+
+      # Init logger - set up it's level and log file
+      IpcAuthpipe::Log.init(@config.log['file'], @config.log['level'])
+
+      # And init the ActiveRecord
+      ActiveRecord::Base.establish_connection(@config.database)
+      ActiveRecord::Base.logger = IpcAuthpipe::Log.logger
+
+      # and require model classes (we can't do it before as we need initialized config to be available)
+      require 'models/member_converge'
+      require 'models/member'
+    end
+
+  end
+
+end

data/lib/ipcauthpipe/handler.rb

@@ -0,0 +1,23 @@
+module IpcAuthpipe
+  module Handler
+
+    # A basic class that outlines handlers' API.
+    # Right now it features only the single process method that accepts command's parameters
+    # as an argument and goes on with processing the specific handler's command.
+    class Base
+
+      # Every handler access command's parameters as a string argument
+      # and should return as a string it's answer that will be returned back (to STDOUT generally)
+      def process(request)
+        raise NotImplementedError, 'request processing should be overriden by concrete handlers'
+      end
+
+    end
+  end
+end
+
+# Concrete handlers are following
+require 'ipcauthpipe/handler/auth'
+require 'ipcauthpipe/handler/pre'
+require 'ipcauthpipe/handler/passwd'
+require 'ipcauthpipe/handler/enumerate'

data/lib/ipcauthpipe/handler/auth.rb

@@ -0,0 +1,81 @@
+module IpcAuthpipe
+  module Handler
+
+    # AUTH command handler performs actual authentication of user's data.
+    # It gets authentication type and parameters from the input stream and
+    # responds with FAIL on failure or user data on success
+    class Auth < IpcAuthpipe::Handler::Base
+
+      # Main point of entry - accepts additional command's parameters
+      # (in case of AUTH - number of data bytes following the command)
+      # and proceeds with processing the command
+      def self.process(request)
+        Log.debug "Processing request [#{request}] in AUTH handler"
+        auth = Auth.new
+        auth.validate auth.getdata(request.to_i)
+      end
+
+      # Reads the given number of bytes from the input stream and splits
+      # them up into a hash of parameters ready for further processing
+      def getdata(count)
+        Log.debug "Reading [#{count}] bytes from input stream"
+        payload = Reader::getbytes(count)
+        Log.debug "AUTH payload is #{payload}"
+        splits = payload.strip.split(/\s+/m)
+        raise ArgumentError, 'Invalid AUTH payload' unless splits.size == 4
+
+        Log.debug "Analyzing splits [#{splits.inspect}]"
+        auth_method(splits)
+      end
+
+      # Analyzes splitted AUTH payload and converts splits into hash
+      # of :method, :username and :password for LOGIN authentication and
+      # :method, :challenge and :response for CRAM-style authentications
+      def auth_method(splits)
+        result = { :method => splits[1].strip.downcase }
+        result.merge!(
+          result[:method] == 'login' ?
+            { :username => splits[2].strip.split(/\@/)[0], :password => splits[3].strip } :
+            { :challenge => splits[2].strip, :response => splits[3].strip }
+        )
+        
+        Log.debug "Converted splits into [#{result.inspect}]"
+        result
+      end
+
+      # Accepts analyzed AUTH payload hash and delegated processing onto the
+      # specific authentication method's handler. In case of not implemented
+      # auth method raises NotImplementedError
+      def validate(authdata)
+        Log.debug "Validating #{authdata.inspect}"
+        begin
+          # convert auth type name to a handler's symbol
+          method_sym = ( 'validate_with_'+authdata[:method].gsub( /[- ]/, '_' ) ).to_sym
+          # and raise an error if it's not implemented
+          raise NotImplementedError, "Authentication type #{authdata[:method]} is not supported" unless
+            self.respond_to?(method_sym)
+          # or delegate processing to the handler if it's here
+          Log.debug "Delegating validation to #{method_sym.to_s}"
+          self.send(method_sym, authdata)
+
+        rescue NotImplementedError
+          # requested authentication type is not supported
+          Log.error "Unsupported authentication type requested with #{authdata.inspect}"
+          "FAIL\n"
+        rescue AuthenticationFailed
+          Log.info "Authentication failed for #{authdata.inspect}"
+          "FAIL\n"
+        end
+      end
+
+      # LOGIN type authentication handler
+      def validate_with_login(authdata)
+        Log.debug "Authenticating through type LOGIN with #{authdata.inspect}"
+        member = Member.find_by_name_and_password(authdata[:username], authdata[:password])
+        member.create_homedir # make sure that homedir is created
+        member.to_authpipe # and return the details
+      end
+    end
+
+  end
+end

data/lib/ipcauthpipe/handler/enumerate.rb

@@ -0,0 +1,14 @@
+module IpcAuthpipe
+  module Handler
+
+    # AUTH command handler performs actual authentication of user's data.
+    # It gets authentication type and parameters from the input stream and
+    # responds with FAIL on failure or user data on success
+    class Enumerate < IpcAuthpipe::Handler::Base
+      def self.process(request)
+        Log.warn "Unsupported command ENUMERATE received with request #{request.inspect}"
+        "FAIL\n"
+      end
+    end
+  end
+end

data/lib/ipcauthpipe/handler/passwd.rb

@@ -0,0 +1,14 @@
+module IpcAuthpipe
+  module Handler
+
+    # AUTH command handler performs actual authentication of user's data.
+    # It gets authentication type and parameters from the input stream and
+    # responds with FAIL on failure or user data on success
+    class Passwd < IpcAuthpipe::Handler::Base
+      def self.process(request)
+        Log.warn "Unsupported command PASSWD received with request #{request.inspect}"
+        "FAIL\n"
+      end
+    end
+  end
+end

data/lib/ipcauthpipe/handler/pre.rb

@@ -0,0 +1,31 @@
+module IpcAuthpipe
+  module Handler
+
+    # AUTH command handler performs actual authentication of user's data.
+    # It gets authentication type and parameters from the input stream and
+    # responds with FAIL on failure or user data on success
+    class Pre < IpcAuthpipe::Handler::Base
+      def self.process(request)
+        Log.debug "Processing request [#{request}] in AUTH handler"
+        handler = Pre.new
+        handler.user_details handler.split_request(request)
+      end
+
+      # Splits request into service and username parts, raises
+      # ArgumentError if request string is invalid
+      def split_request(request)
+        raise ArgumentError, "Invalid PRE request #{request.inspect}" unless /^\. (\w+) (\w+)$/.match( request )
+        { :service => $~[1], :username => $~[2] }
+      end
+
+      # Finds member by his username and dumps his details, returns FAIL if not member were found
+      def user_details(request)
+        member = Member.find_by_name(request[:username])
+        member.create_homedir unless member.nil? # make sure the homedir exists
+
+        member.nil? ? "FAIL\n" : member.to_authpipe
+      end
+
+    end
+  end
+end

data/lib/ipcauthpipe/log.rb

@@ -0,0 +1,22 @@
+require 'forwardable'
+require 'logger'
+
+module IpcAuthpipe
+  module Log
+
+    class << self
+      extend Forwardable
+      attr_reader :logger
+      
+      def init(filename, loglevel)
+        @logger = Logger.new(filename)
+        @logger.level = Logger.const_get(loglevel.upcase)
+        @logger.formatter = Logger::Formatter.new
+        @logger.info "Logger is started"
+      end
+
+      def_delegators :@logger, :add, :debug, :info, :warn, :error, :fatal, :unknown, :close
+    end
+
+  end
+end

data/lib/ipcauthpipe/processor.rb

@@ -0,0 +1,37 @@
+module IpcAuthpipe
+
+  # This is the main entry point that accepts incoming request strings,
+  # validates and splits them into command/parameters parts and delegates processing
+  # to the command's handler
+  class Processor
+
+    # Accepts request as a single string, splits it into parts goes onto delegating.
+    # Returns handler's response back to the caller
+    def process(request)
+      Log.debug "Processing request: #{request.rstrip}"
+      begin
+        call_handler_for split_request(request)
+      rescue Exception => excp
+        Log.fatal "#{excp.class}, #{excp.message}"
+        raise
+      end
+    end
+
+    # Splits request into a command and it's parameters, validating command on the way.
+    # Raises RuntimeError on invalid command or (that's actually the same thing) unparsable request
+    def split_request(req)
+      raise RuntimeError, 'Invalid request received' unless /^(PRE|AUTH|PASSWD|ENUMERATE)(?:$| (.*)$)/.match(req)
+      {
+        :command => $1,
+        :params => $2.nil? || $2.empty? ? nil : $2
+      }
+    end
+
+    # Delegates processing to a concrete handler of request's command
+    def call_handler_for(request)
+      Log.debug "Calling #{request[:command].capitalize} handler with [#{request[:params]}] as a parameter"
+      IpcAuthpipe::Handler.const_get(request[:command].capitalize).process(request[:params])
+    end
+  end
+  
+end

data/lib/ipcauthpipe/reader.rb

@@ -0,0 +1,22 @@
+require 'readbytes'
+
+module IpcAuthpipe
+
+  # Abstracting read operations to substitute them with mocks in our tests and also
+  # to give potentially a way to replace STDIN operation with something different - file based,
+  # for example
+  class Reader
+
+    # Returns next line waiting on the input
+    def self.getline
+      STDIN.gets("\n")
+    end
+
+    # Returns exactly count number of bytes waiting on the input
+    def self.getbytes(count)
+      STDIN.readbytes(count)
+    end
+
+  end
+
+end

data/lib/models/member.rb

@@ -0,0 +1,70 @@
+class Member < ActiveRecord::Base
+  set_table_name IpcAuthpipe::config.invision['tables_prefix'] + 'members'
+
+  def self.find_by_name_and_password(username, password)
+    member = find_by_name(username)
+    raise(
+        IpcAuthpipe::AuthenticationFailed, 'invalid password'
+      ) unless member.kind_of?(Member) && member.valid_password?(password) && member.has_mail_access?
+
+    member
+  end
+  
+  def has_mail_access?
+    allowed_group = IpcAuthpipe::config.invision['allowed_group']
+    if allowed_group
+      # if allowed_group is defined - make sure that user is in this group
+      # before allowing him to access email
+      groups = [ member_group_id.to_s ] + mgroup_others.split(',')
+      groups.include?(allowed_group.to_s)
+    else
+      # if allowed group is not set - allow all users to use the mail service
+      true
+    end
+  end
+  
+  def homedir
+    (IpcAuthpipe::config.mail['home_dir'] % "#{name[0..0]}/#{name}").downcase
+  end
+  
+  # Create user's home dir if it's not present
+  def create_homedir
+    unless File.exists?(homedir)
+      FileUtils.mkdir_p(homedir, :mode => 0750)
+      FileUtils.mkdir_p("#{homedir}/cur", :mode => 0750)
+      FileUtils.mkdir_p("#{homedir}/new", :mode => 0750)
+      FileUtils.mkdir_p("#{homedir}/tmp", :mode => 0750)
+      FileUtils.chown(IpcAuthpipe::config.mail['owner_name'], IpcAuthpipe::config.mail['owner_group'], "#{homedir}/..")
+      FileUtils.chown_R(IpcAuthpipe::config.mail['owner_name'], IpcAuthpipe::config.mail['owner_group'], homedir)
+    end
+  end
+
+  def to_authpipe
+    IpcAuthpipe::Log.debug "Dumping authpipe string for member data #{inspect}"
+    stringdump = [
+      "UID=#{IpcAuthpipe::config.mail['owner_uid']}",
+      "GID=#{IpcAuthpipe::config.mail['owner_gid']}",
+      "HOME=#{homedir}/",
+      "MAILDIR=#{homedir}/",
+      "ADDRESS=#{(IpcAuthpipe::config.mail['address_format'] % name).downcase}",
+      "."
+    ].join("\n")+"\n"
+    IpcAuthpipe::Log.debug "Authpipe dump: #{stringdump.inspect}"
+
+    stringdump
+  end
+
+  # Verifies if the given clear password matches hash and salt stored in IPB's database,
+  # returns true/false depending on the result
+  def valid_password?(cleartext)
+    return salted_hash(cleartext) == members_pass_hash
+  end
+
+  # Calculates and returns IPB-style salted hash for a given text string
+  def salted_hash(text)
+    return Digest::MD5.hexdigest(
+      Digest::MD5.hexdigest(members_pass_salt) + Digest::MD5.hexdigest(text)
+    )
+  end
+  
+end

data/lib/models/member_converge.rb

@@ -0,0 +1,19 @@
+require 'digest/md5'
+
+class MemberConverge < ActiveRecord::Base
+  set_table_name IpcAuthpipe::config.invision['tables_prefix'] + 'members_converge'
+  set_primary_key 'converge_id'
+
+  # Verifies if the given clear password matches hash and salt stored in IPB's database,
+  # returns true/false depending on the result
+  def valid_password?(cleartext)
+    return salted_hash(cleartext) == converge_pass_hash
+  end
+
+  # Calculates and returns IPB-style salted hash for a given text string
+  def salted_hash(text)
+    return Digest::MD5.hexdigest(
+      Digest::MD5.hexdigest(converge_pass_salt) + Digest::MD5.hexdigest(text)
+    )
+  end
+end

data/test/config.yml

@@ -0,0 +1,19 @@
+database:
+  adapter: mysql
+  database: pokerru_mail_test
+  username: toor
+  password: Awycehe2iS
+  socket: /tmp/mysql.sock
+
+log:
+  level: debug
+  file: ipcauthpipe_test.log
+
+invision:
+  tables_prefix: ibf_
+
+mail:
+  address_format: %s@poker.ru
+  owner_uid: 2000
+  owner_gid: 1000
+  home_dir: /home/vmail/%s

data/test/ipcauthpipe/handler/auth_spec.rb

@@ -0,0 +1,84 @@
+require File.dirname(__FILE__) + '/../../spec_helper'
+
+require 'ipcauthpipe/handler'
+require 'ipcauthpipe/handler/auth'
+require 'ipcauthpipe/reader'
+require 'models/member'
+
+describe "AUTH handler" do
+
+  before(:all) do
+    IpcAuthpipe::Log.logger = stub_everything
+  end
+  
+  before(:each) do
+    @auth = IpcAuthpipe::Handler::Auth.new
+  end
+
+  it "should read given number of bytes from the input stream and pass them onto the analyzer splitted into an array" do
+    IpcAuthpipe::Reader.should_receive(:getbytes).once.with(29).and_return("imap \nlogin \n vasya \n parol ")
+    # we're expecting array as an argument for auth_method
+    @auth.should_receive(:auth_method).once.with( duck_type(:is_array) )
+    @auth.getdata(29)
+  end
+
+  it "should raise ArgumentError exception on invalid payload" do
+    IpcAuthpipe::Reader.should_receive(:getbytes).once.with(33).and_return("imap \nlogin \n vasya \n parol \n wtf")
+    lambda { @auth.getdata(33) }.should raise_error(ArgumentError)
+  end
+
+  it "should properly handle both CR-delimited and non-CR-delimited payloads" do
+    @auth.should_receive(:auth_method).twice.with(['imap', 'login', 'vasya', 'parol'])
+
+    IpcAuthpipe::Reader.should_receive(:getbytes).once.with(29).and_return("imap \nlogin \n vasya \n parol ")
+    @auth.getdata(29)
+
+    IpcAuthpipe::Reader.should_receive(:getbytes).once.with(30).and_return("imap \nlogin \n vasya \n parol \n")
+    @auth.getdata(30)
+  end
+
+  it "should convert LOGIN's payload into a hash with username and password" do
+    @auth.auth_method( ['imap', 'login', 'vasya', 'parol'] ).should == {
+      :method => 'login', :username => 'vasya', :password => 'parol'
+    }
+  end
+
+  it "should convert CRAM's payload into a hash with challenge and response" do
+    @auth.auth_method( ['imap', 'cram-md5', 'vasya', 'parol'] ).should == {
+      :method => 'cram-md5', :challenge => 'vasya', :response => 'parol'
+    }
+  end
+
+  it "should return FAIL for unsupported authentication types" do
+    @auth.validate(:method => 'foobar').should == "FAIL\n"
+  end
+
+  it "should delegate processing onto a handler for supported authentication types" do
+    authdata = { :method => 'login', :username => 'vasya', :password => 'parol' }
+    @auth.should_receive(:validate_with_login).once.with(authdata).and_return('LOGIN-success')
+    @auth.validate(authdata).should == "LOGIN-success"
+  end
+
+  it "should return FAIL for failed authentication" do
+    authdata = { :method => 'login', :username => 'vasya', :password => 'parol' }
+    @auth.should_receive(:validate_with_login).once.with(authdata).and_raise(IpcAuthpipe::AuthenticationFailed)
+    @auth.validate(authdata).should == "FAIL\n"
+  end
+
+  describe "with LOGIN auth type" do
+
+    it "should find member and return it formatted" do
+      member = mock('member')
+      Member.should_receive(:find_by_name_and_password).with('vasya', 'parol').once.and_return(member)
+      member.should_receive(:to_authpipe).once.and_return("TEXT\nDUMP\nUSER\n.")
+
+      @auth.validate_with_login(:username => 'vasya', :password => 'parol').should == "TEXT\nDUMP\nUSER\n."
+    end
+
+  end
+
+
+#  it "should detect authentication method being used" do
+#    IpcAuthpipe::Handler::Auth.
+#  end
+end

data/test/ipcauthpipe/handler/pre_spec.rb

@@ -0,0 +1,50 @@
+require File.dirname(__FILE__) + '/../../spec_helper'
+
+require 'ipcauthpipe/handler'
+require 'ipcauthpipe/handler/auth'
+require 'ipcauthpipe/reader'
+require 'models/member'
+
+describe "PRE handler" do
+
+  before(:all) do
+    IpcAuthpipe::Log.logger = stub_everything
+  end
+
+  before(:each) do
+    @pre = IpcAuthpipe::Handler::Pre.new
+  end
+
+  it "should split request and find a member" do
+    request = '. imap tester'
+    splitted_request = { :service => 'imap', :username => 'tester' }
+    @pre.should_receive(:split_request).with(request).once.and_return(splitted_request)
+    @pre.should_receive(:user_details).with(splitted_request).once.and_return("MEMBER\nDUMP\n.")
+    IpcAuthpipe::Handler::Pre.should_receive(:new).once.and_return(@pre)
+
+    IpcAuthpipe::Handler::Pre.process(request)
+  end
+
+  it "should split request into authservice and username parts" do
+    @pre.split_request('. pop3 tester').should == { :service => 'pop3', :username => 'tester' }
+  end
+
+  it "should raise ArgumentError if request string is invalid" do
+    lambda { @pre.split_request('wtfisthis') }.should raise_error(ArgumentError)
+  end
+
+  it "should find and return user's info by his name" do
+    member = mock('member')
+    Member.should_receive(:find_by_name).once.with('tester').and_return(member)
+    member.should_receive(:to_authpipe).once.and_return("MEMBER\nINFO\n.")
+
+    request = { :service => 'pop3', :username => 'tester' }
+    @pre.user_details(request).should == "MEMBER\nINFO\n."
+  end
+
+  it "should return FAIL for invalid username" do
+    Member.should_receive(:find_by_name).once.with('foobar').and_return(nil)
+    request = { :service => 'pop3', :username => 'foobar' }
+    @pre.user_details(request).should == "FAIL\n"
+  end
+end

data/test/ipcauthpipe/log_spec.rb

@@ -0,0 +1,37 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+require 'ipcauthpipe/log'
+
+describe 'Log' do
+
+  before(:each) do
+    # stubbing new instance and returning our mock instead
+    @logger = mock('log_instance', :level= => nil, :info => nil, :formatter= => nil)
+    Logger.should_receive(:new).with('test.log').once.and_return(@logger)
+  end
+
+  it "should init logger with given filename and log level" do
+    # log level should be set to debug
+    @logger.should_receive(:level=).with(Logger::DEBUG).once
+
+    # formatter should be initialized with our mock
+    formatter = mock('log_formatter')
+    Logger::Formatter.should_receive(:new).once.and_return(formatter)
+    @logger.should_receive(:formatter=).once.with(formatter)
+
+    # and info message should be logged
+    @logger.should_receive(:info).once
+    
+    IpcAuthpipe::Log.init('test.log', 'debug')
+  end
+
+  it "should delegate all common logging methods to stdlib's logger" do
+    IpcAuthpipe::Log.init('test.log', 'debug')
+
+    [ :debug, :info, :warn, :error, :fatal, :add, :unknown].each do |msg|
+      @logger.should_receive(msg).with('test').once
+      IpcAuthpipe::Log.send(msg, 'test')
+    end
+  end
+
+end

data/test/ipcauthpipe/processor_spec.rb

@@ -0,0 +1,45 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+require 'ipcauthpipe/processor'
+
+describe 'Request processor' do
+
+  before(:each) do
+    @processor = IpcAuthpipe::Processor.new
+  end
+
+  it "should split a request into a command and it's parameters" do
+    @processor.split_request('PRE . pop3 myname').should == { :command => 'PRE', :params => '. pop3 myname'}
+    @processor.split_request('ENUMERATE').should == { :command => 'ENUMERATE', :params => nil}
+    @processor.split_request('ENUMERATE ').should == { :command => 'ENUMERATE', :params => nil}
+  end
+
+  it "should raise an exception for invalid request and log it" do
+    lambda { @processor.split_request('FOOBAR') }.should raise_error(RuntimeError)
+    lambda { @processor.split_request('NO . COMMAND') }.should raise_error(RuntimeError)
+  end
+
+  it "should log failed requests" do
+    IpcAuthpipe::Log.should_receive(:debug).once
+    IpcAuthpipe::Log.should_receive(:fatal).once
+    lambda { @processor.process('FOOBAR') }.should raise_error(RuntimeError)
+  end
+
+  it "should delegate processing to the command's handler" do
+    # Set up a fake Auth handler
+    module IpcAuthpipe
+      module Handler
+        class Auth
+          def self.process
+          end
+        end
+      end
+    end
+
+    # Expect the action to be logged
+    IpcAuthpipe::Log.should_receive(:debug).once
+    # And try to call it
+    IpcAuthpipe::Handler::Auth.should_receive(:process).with('53').once
+    @processor.call_handler_for(:command => 'AUTH', :params => '53')
+  end
+end

data/test/models/member_converge_spec.rb

@@ -0,0 +1,25 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+require 'active_record'
+require 'models/member_converge'
+
+describe 'Member Converge' do
+
+  before(:each) do
+    salt = '/yU(t'
+    password = 'testtest'
+    @converge = MemberConverge.new(
+      # password is testtest
+      :converge_pass_hash => Digest::MD5.hexdigest(
+          Digest::MD5.hexdigest(salt) + Digest::MD5.hexdigest(password)
+        ),
+      :converge_pass_salt => salt
+    )
+  end
+
+  it "should verify cleartext password against hashed one" do
+    @converge.valid_password?('foobar').should == false
+    @converge.valid_password?('testtest').should == true
+  end
+
+end

data/test/models/member_spec.rb

@@ -0,0 +1,78 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+require 'active_record'
+require 'models/member'
+require 'models/member_converge'
+
+describe Member do
+
+  before(:all) do
+    IpcAuthpipe::Log.logger = stub('stub').as_null_object
+  end
+
+  before(:each) do
+    Member.delete_all
+    @tester = mock('member', :kind_of? => true) #,
+    @member = Member.create(:email => 'test@test.com', :name => 'tester')
+      #:pass_hash => '3a063c7f0d62df2ff444ca22455a7232', :pass_salt => '/yU(t') # password is 'testtest'
+  end
+
+  it "should find a member by his username and cleartext password" do
+    Member.should_receive(:find_by_name).once.with(@member.name).and_return(@tester)
+    @tester.should_receive(:valid_password?).with('testtest').once.and_return(true)
+    @tester.should_receive(:has_mail_access?).once.and_return(true)
+
+    Member.find_by_name_and_password( @member.name, 'testtest' ).should == @tester
+  end
+
+  it "should raise AuthenticationFailed exception on invalid password" do
+    Member.should_receive(:find).once.and_return(@tester)
+    @tester.should_receive(:valid_password?).with('wrongpassword').once.and_return(false)
+
+    lambda { Member.find_by_name_and_password( @member.name, 'wrongpassword' ) }.should raise_error(IpcAuthpipe::AuthenticationFailed)
+  end
+
+  it "should raise AuthenticationFailed exception on invalid username" do
+    MemberConverge.should_receive(:find).never
+    @tester.should_receive(:valid_password?).never
+
+    lambda { Member.find_by_name_and_password( 'foobarname', 'wrongpassword' ) }.should raise_error(IpcAuthpipe::AuthenticationFailed)
+  end
+
+  it "should dump itself into text string for authlib" do
+    member = Member.new(
+      :name => 'Tester'
+    )
+
+    member.to_authpipe.should == [
+      "UID=#{IpcAuthpipe::config.mail['owner_uid']}",
+      "GID=#{IpcAuthpipe::config.mail['owner_gid']}",
+      "HOME=/home/vmail/t/tester/",
+      "MAILDIR=/home/vmail/t/tester/",
+      "ADDRESS=tester@poker.ru",
+      "."
+    ].join("\n") + "\n"
+  end
+
+  describe 'password validation' do
+
+    before(:each) do
+      salt = '/yU(t'
+      password = 'testtest'
+      @member = Member.new(
+        # password is testtest
+        :members_pass_hash => Digest::MD5.hexdigest(
+            Digest::MD5.hexdigest(salt) + Digest::MD5.hexdigest(password)
+          ),
+        :members_pass_salt => salt
+      )
+    end
+
+    it "should verify cleartext password against hashed one" do
+      @member.valid_password?('foobar').should == false
+      @member.valid_password?('testtest').should == true
+    end
+
+  end
+end
+

data/test/spec_helper.rb

@@ -0,0 +1,23 @@
+# $TESTING=true
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')
+#require 'rubygems'
+#require 'bacon'
+#require 'github_post_receive_server'
+
+require 'ipcauthpipe'
+require 'ipcauthpipe/log'
+# stubbing out Log's methods
+module IpcAuthpipe::Log
+  class << self
+    attr_accessor :logger
+  end
+end
+# and init test config
+IpcAuthpipe.init('test/config.yml')
+
+# helper method for Array class to use in rspec's duck_type expectation
+class Array
+  def is_array
+    true
+  end
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification 
+name: ipcauthpipe
+version: !ruby/object:Gem::Version 
+  hash: 25
+  prerelease: 
+  segments: 
+  - 0
+  - 2
+  - 7
+  version: 0.2.7
+platform: ruby
+authors: 
+- Oleg Ivanov
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-06-11 00:00:00 +03:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activerecord
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 2
+        - 3
+        - 8
+        version: 2.3.8
+  type: :runtime
+  version_requirements: *id001
+description: ipcauthpipe gem implements Courier's authpipe protocol to interface Courier POP/IMAP server with Invision Power Board / Converge members database.
+email: morhekil@morhekil.net
+executables: 
+- ipcauthpipe
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/ipcauthpipe/handler/auth.rb
+- lib/ipcauthpipe/handler/enumerate.rb
+- lib/ipcauthpipe/handler/passwd.rb
+- lib/ipcauthpipe/handler/pre.rb
+- lib/ipcauthpipe/handler.rb
+- lib/ipcauthpipe/log.rb
+- lib/ipcauthpipe/processor.rb
+- lib/ipcauthpipe/reader.rb
+- lib/models/member.rb
+- lib/models/member_converge.rb
+- lib/ipcauthpipe.rb
+- bin/ipcauthpipe
+- ipcauthpipe.gemspec
+- README
+- config.yml
+- test/ipcauthpipe/handler/auth_spec.rb
+- test/ipcauthpipe/handler/pre_spec.rb
+- test/ipcauthpipe/log_spec.rb
+- test/ipcauthpipe/processor_spec.rb
+- test/models/member_spec.rb
+- test/models/member_converge_spec.rb
+- test/spec_helper.rb
+- test/config.yml
+has_rdoc: true
+homepage: http://morhekil.net
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Implementation of Courier's authpipe protocol over Invision Power Board / Converge.
+test_files: 
+- test/ipcauthpipe/handler/auth_spec.rb
+- test/ipcauthpipe/handler/pre_spec.rb
+- test/ipcauthpipe/log_spec.rb
+- test/ipcauthpipe/processor_spec.rb
+- test/models/member_spec.rb
+- test/models/member_converge_spec.rb
+- test/spec_helper.rb
+- test/config.yml