zimbra_wall 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5ff4ea8a8bac60edb0c0844ea3f9b193b9fc788f
+  data.tar.gz: 348cf17d109ecb33bfb164cf0be7bb74822ff48d
+SHA512:
+  metadata.gz: 92421e69edb13bb1542f16486f6b2d45e83475fab0299f33bcdc0b98b70b5bae7297e27b6d3143c48275123fc85bc60048cd2ccfcddc4c74f5559bd60ca8902b
+  data.tar.gz: ce7808dcb42bcce1c7bb0c82b8ba07506fa45dd3ee0a89e9f1f17daa48ae405c340a608ca74e4c945ec7d071ccbd207c193dae2c2e2469bf206d1c7b1e1a2bf1

data/.gitignore

@@ -0,0 +1,23 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/fixtures/*.org
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in zimbra_intercepting_proxy.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Patricio Bruna
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,147 @@
+# Zimbra Wall
+A server for blocking users to access Zimbra CS.
+
+This software is used to intercept and apply modifications to the traffic between a Zimbra Proxy and Zimbra Mailboxes.
+If you don't know what a Zimbra Proxy is, You can read about it here: [https://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide](https://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide)
+
+This work for all kind of client access:
+
+* POP3
+* IMAP
+* Webmail
+* ActiveSync
+* Zimbra Outlook Connector
+
+## Use cases
+You need to deny access to some users from Internet.
+
+
+### How it works
+Zimbra Wall reads a map file, a `YAML` file, in which you indicate the pair `email:zimbraID` of the users you want to block
+
+Based on this information, `Zimbra Wall` tell the Zimbra Proxy to deny access to the user.
+
+## Instalation and configuration
+
+### Requirements
+This has been tested with:
+
+* Zimbra >= 8.5
+* Ruby >= 1.93
+* Bundler >= 1.3
+* Zimbra Proxy
+
+**You need to have direct access to the `7072` port of both Mailboxes**.
+
+### Installation
+It's recommended to install it on the same Zimbra Proxy server. All you need to do is run:
+
+```bash
+$ gem install bundler
+$ gem install zimbra_wall
+```
+
+### Zimbra Proxy Modification
+
+**Important Note**
+You are going to modify Zimbra template files, used to build the configuration files of Nginx. **Take some backups!!**
+
+* All the files are located in `/opt/zimbra/conf/nginx/templates`.
+* `<`, config being replaced
+* `>`, new config
+
+You have to make this modifications
+
+```diff
+ # nginx.conf.web.template
+<     ${web.login.upstream.disable} ${web.upstream.loginserver.:servers}
+<     ${web.login.upstream.disable} ${web.ssl.upstream.loginserver.:servers}
+---
+>
+>     ${web.login.upstream.disable} server localhost:9292 fail_timeout=60s version=8.6.0_GA_1153;
+>     ${web.login.upstream.disable} server localhost:9292 fail_timeout=60s version=8.6.0_GA_1153;
+```
+
+```diff
+ # nginx.conf.zmlookup.template
+<         zm_lookup_handlers  ${zmlookup.:handlers};
+---
+>         zm_lookup_handlers localhost:9292/service/extension/nginx-lookup;
+```
+
+Next restart. You should restart memcached and nginx, but just to be sure:
+
+```bash
+$ zmcontrol restart
+```
+
+### Starting Zimbra Wall
+
+```bash
+$ bundle exec bin/zimbra_wall -d zboxapp.dev -f /tmp/users.yml -m 192.168.50.10 -a 0.0.0.0 -p 9292 --mailbox-port 8080
+```
+
+#### Options
+
+* `-d`, the domain, in case the user only enters the username,
+* `-m`, One of the mailboxes,
+* `-f`, the `YAML` map file, with the list of users on the `--newmailbox`,
+* `-p`, the bind port
+* `-a`, the bind address
+* `--mailbox-port`, the mailbox port
+
+#### The Map File
+
+It's a simple YAML file with a `email:zimbraId` pair, like
+
+```yaml
+max@example.com: "7b562c60-be97-0132-9a66-482a1423458f"
+moliery@example.com: "7b562ce0-be97-0132-9a66-482a1423458f"
+watson@example.com: "251b1902-2250-4477-bdd1-8a101f7e7e4e"
+sherlock@example.com: "7b562dd0-be97-0132-9a66-482a1423458f"
+```
+
+Updating the file does **not require** a restart.
+
+You can get the `zimbraId` with:
+
+```
+$ zmprov ga watson@example.com zimbraId
+```
+
+##### Error in Map File
+If you have an error in your file, `Zimbra Wall` will return the on memory Map, this way we can keep the service up. In this event you should see this on `STDOUT`:
+
+```shel
+ERROR Yaml File: (./test/fixtures/users.yml): could not find expected ':' while scanning a simple key at line 7
+```
+
+## Init scripts
+
+In the `examples` directory you have the following files:
+
+* `zimbra_wall`, to start the server on port 9292
+
+Copy the file to the `/etc/init.d/` directory and then enable the services like this:
+
+```bash
+$ chkconfig --add zimbra_wall
+```
+
+### Monit
+It may be posible that this crash for some reason, it's a new software after all. To reduce the down time we recomend to use [Monit](http://mmonit.com/monit/) to monitor and restart `Zimbra Wall` in case of trouble.
+
+Check the examples directory for config files.
+
+## Thanks
+
+* To the Zimbra folks for a great product, and
+* [@igrigorik](http://twitter.com/igrigorik) for [em-proxy](https://github.com/igrigorik/em-proxy)
+
+## Contributing
+
+1. Fork it ( https://github.com/pbruna/zimbra_intercepting_proxy/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |task|
+  task.libs << %w(test lib)
+  task.pattern = 'test/test_*.rb'
+end
+
+task :default => :test

data/bin/zimbra_wall

@@ -0,0 +1,52 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'zimbra_wall'
+require 'optparse'
+
+# host, port
+ARGV << '-h' if ARGV.empty?
+
+options = {}
+
+optparse = OptionParser.new do |opts|
+
+  opts.banner = "Usage: zimbra_wall [options]"
+
+  opts.on("-dDOMAIN", "--domain=DOMAIN", "Email domain of the mailboxes") do |o|
+    options[:domain] = o
+  end
+
+  opts.on("-fFILE", "--usersfile=FILE", "YAML file with the list of blocked users") do |o|
+    options[:blocked_users_file] = o
+  end
+
+  opts.on("-mSERVER", "--mailbox=SERVER", "Hostname or IP of the mailbox to where we are migrating") do |o|
+    options[:backend] = o
+  end
+
+  opts.on("-zSERVERPORT", "--mailbox-port=SERVERPORT", "Hostname or IP of the mailbox to where we are migrating") do |o|
+    options[:backend_port] = o
+  end
+
+  opts.on("-aADDRESS", "--bindaddress=ADDRESS", "The IP Address to bind to. Default 0.0.0.0") do |o|
+    options[:bind_address] = o
+  end
+
+  opts.on("-pPORT", "--bindport=PORT", "The Port to bind to. Default 0.0.0.0") do |o|
+    options[:bind_port] = o
+  end
+
+  opts.on("-v", "--verbose", "Save logs information to /var/log/zimbra_wall.log") do |o|
+    options[:debug] = true
+  end
+
+  opts.on("-h", "--help", "Prints this help") do
+   puts opts
+   exit
+  end
+
+end
+
+optparse.parse!
+ZimbraWall.start options

data/examples/monit_zimbra_wall

@@ -0,0 +1,5 @@
+check process zimbra_wall with pidfile /var/run/zimbra_wall.pid
+   start program = "/etc/init.d/zimbra_wall start"
+   stop program = "/etc/init.d/zimbra_wall stop"
+   if failed host 127.0.0.1 port 9292 then restart
+   alert email@example.com

data/examples/zimbra_wall

@@ -0,0 +1,91 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start daemon at boot time
+# Description:       Enable service provided by daemon.
+### END INIT INFO
+
+dir=""
+user=""
+cmd="zimbra_wall -d zboxapp.dev -f /tmp/users.yml -m 192.168.50.10 -a 0.0.0.0 -p 9292 --mailbox-port 8080"
+
+name=`basename $0`
+pid_file="/var/run/$name.pid"
+stdout_log="/var/log/$name.log"
+stderr_log="/var/log/$name.err"
+
+get_pid() {
+    cat "$pid_file"
+}
+
+is_running() {
+    [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1
+}
+
+case "$1" in
+    start)
+    if is_running; then
+        echo "Already started"
+    else
+        echo "Starting $name"
+        $cmd >> "$stdout_log" 2>> "$stderr_log" &
+        echo $! > "$pid_file"
+        if ! is_running; then
+            echo "Unable to start, see $stdout_log and $stderr_log"
+            exit 1
+        fi
+    fi
+    ;;
+    stop)
+    if is_running; then
+        echo -n "Stopping $name.."
+        kill `get_pid`
+        for i in {1..10}
+        do
+            if ! is_running; then
+                break
+            fi
+
+            echo -n "."
+            sleep 1
+        done
+        echo
+
+        if is_running; then
+            echo "Not stopped; may still be shutting down or shutdown may have failed"
+            exit 1
+        else
+            echo "Stopped"
+            if [ -f "$pid_file" ]; then
+                rm "$pid_file"
+            fi
+        fi
+    else
+        echo "Not running"
+    fi
+    ;;
+    restart)
+    $0 stop
+    if is_running; then
+        echo "Unable to stop, will not attempt to start"
+        exit 1
+    fi
+    $0 start
+    ;;
+    status)
+    if is_running; then
+        echo "Running"
+    else
+        echo "Stopped"
+        exit 1
+    fi
+    ;;
+    *)
+    echo "Usage: $0 {start|stop|restart|status}"
+    exit 1
+    ;;
+esac
+
+exit 0

data/lib/zimbra_wall.rb

@@ -0,0 +1,36 @@
+require "yaml"
+require "uuid"
+require 'em-proxy'
+require 'http/parser'
+require "addressable/uri"
+require 'logger'
+require 'cgi'
+require 'xmlsimple'
+require "zimbra_wall/version"
+require "zimbra_wall/user"
+require "zimbra_wall/config"
+require "zimbra_wall/backend"
+require "zimbra_wall/request"
+require "zimbra_wall/server"
+require "zimbra_wall/debug"
+require "zimbra_wall/connection"
+require "zimbra_wall/yamler"
+
+module ZimbraWall
+
+  def self.start(options)
+    config!(options)
+    ZimbraWall::Server.run
+  end
+
+  def self.config!(options)
+    ZimbraWall::Config.domain = options[:domain]
+    ZimbraWall::Config.blocked_users_file = options[:blocked_users_file]
+    ZimbraWall::Config.backend = options[:backend]
+    ZimbraWall::Config.backend_port = options[:backend_port]
+    ZimbraWall::Config.bind_address = options[:bind_address] || "0.0.0.0"
+    ZimbraWall::Config.bind_port = options[:bind_port]
+    ZimbraWall::Config.debug = options[:debug]
+  end
+
+end

data/lib/zimbra_wall/backend.rb

@@ -0,0 +1,10 @@
+module ZimbraWall
+  module Backend
+   
+    def self.for_user(user)
+      return ZimbraWall::Config.new_backend if user.migrated?
+      ZimbraWall::Config.old_backend
+    end
+    
+  end
+end

data/lib/zimbra_wall/config.rb

@@ -0,0 +1,65 @@
+module ZimbraWall
+  module Config
+
+    ROUTE_URL = "/service/extension/nginx-lookup"
+    ROUTE_REQUEST_PORT = 7072
+    AUTH_REQUEST_PORT = 80
+
+    def self.domain=(domain)
+      @domain = domain
+    end
+
+    def self.domain
+      @domain
+    end
+
+    def self.blocked_users_file=(file)
+      @blocked_users_file = file
+    end
+
+    def self.blocked_users_file
+      @blocked_users_file
+    end
+
+    def self.backend=(backend)
+      @backend = backend
+    end
+
+    def self.backend
+      @backend
+    end
+
+    def self.backend_port=(port)
+      @backend_port = port
+    end
+
+    def self.backend_port
+      @backend_port
+    end
+
+    def self.bind_port=(bind_port)
+      @bind_port = bind_port
+    end
+
+    def self.bind_port
+      @bind_port
+    end
+
+    def self.bind_address=(bind_address)
+      @bind_address = bind_address
+    end
+
+    def self.bind_address
+      @bind_address
+    end
+
+    def self.debug=(debug)
+      @debug = debug
+    end
+
+    def self.debug
+      @debug
+    end
+
+  end
+end

data/lib/zimbra_wall/connection.rb

@@ -0,0 +1,26 @@
+module ZimbraWall
+  class Connection
+
+    attr_accessor :headers, :body, :started, :done, :buffer
+
+    def initialize
+      @headers = nil
+      @body = ""
+      @started = false
+      @done = false
+      @buffer = ''
+    end
+
+    def self.parse_lookup_response(resp)
+      array = resp.split("\r\n")
+      array.push("")
+      hash = {}
+      array[1..-1].each do |h|
+        tmp = h.split(/: /)
+        hash[tmp[0]] = tmp[1]
+      end
+      hash
+    end
+
+  end
+end

data/lib/zimbra_wall/debug.rb

@@ -0,0 +1,15 @@
+module ZimbraWall
+  module Debug
+
+    require 'logger'
+
+    def self.logger(data)
+      return unless ZimbraWall::Config.debug
+      return if data.nil?
+      logger = Logger.new(STDOUT)
+      logger.info { data }
+    end
+    
+  end
+end
+    

data/lib/zimbra_wall/request.rb

@@ -0,0 +1,75 @@
+module ZimbraWall
+  class Request
+    require 'pp'
+
+    attr_accessor :body, :headers, :parser
+
+    def initialize(connection, parser = nil)
+      @body = connection.body
+      @headers = connection.headers
+      @parser = parser
+    end
+
+    def auth_request?
+      default_auth_request? || zco_auth_request?
+    end
+
+    # This is the post Auth request sent by Webmail, ActiveSync and POP and IMAP
+    def default_auth_request?
+      @parser.http_method == 'POST' && @parser.request_url == '/' && @headers["Cookie"] = "ZM_TEST=true" && auth_request_params?
+    end
+
+    def zco_auth_request?
+      @parser.http_method == 'POST' && @parser.request_url == "/service/soap/AuthRequest" && @headers["User-Agent"].match(/Zimbra-ZCO/)
+    end
+
+
+    def blank_password_from_body
+      params = CGI::parse(@body)
+      params['password'] = ['']
+      URI.encode_www_form params
+    end
+
+    def auth_request_params?
+      uri = Addressable::URI.parse("#{@headers['Origin']}/?#{@body}")
+      uri.query_values["loginOp"] == "login"
+    end
+
+    def modify_query_field(field, value)
+      uri = Addressable::URI.parse("#{@headers['Referer']}?#{@body}")
+      uri.query_values[field] = value
+      uri.query_values
+    end
+
+    def route_request?
+      @parser.request_url == ZimbraWall::Config::ROUTE_URL
+    end
+
+    def port
+      return ZimbraWall::Config::ROUTE_REQUEST_PORT if route_request?
+      return ZimbraWall::Config::AUTH_REQUEST_PORT if auth_request?
+    end
+
+    def user_token
+      return auth_username if default_auth_request?
+      return auth_zimbraId if route_request?
+      return auth_zco_username if zco_auth_request?
+    end
+
+    def auth_zimbraId
+      headers["Auth-User"]
+    end
+
+    def auth_zco_username
+      # Hold on, we have to dig deeper
+      xml = XmlSimple.xml_in @body
+      xml["Body"].first["AuthRequest"].first["account"].first["content"]
+    end
+
+    def auth_username
+      uri = Addressable::URI.parse("http://localhost/?#{@body}")
+      uri.query_values["username"]
+    end
+
+  end
+end

data/lib/zimbra_wall/server.rb

@@ -0,0 +1,72 @@
+module ZimbraWall
+
+  module Server
+    require 'pp'
+
+
+    def run
+      debug = ZimbraWall::Debug
+      host = ZimbraWall::Config.bind_address
+      port = ZimbraWall::Config.bind_port
+
+      Proxy.start(host: host, port: port) do |conn|
+        debug.logger "Running on #{host}:#{port} - V. #{ZimbraWall::VERSION}"
+
+        @backend = { host: ZimbraWall::Config.backend, port: '7072' }
+        connection = ZimbraWall::Connection.new
+
+        @parser = Http::Parser.new
+        @parser.on_message_begin = proc { connection.started = true }
+        @parser.on_headers_complete = proc { |e| connection.headers = e }
+        @parser.on_body = proc { |chunk| connection.body << chunk }
+        @parser.on_message_complete = proc do
+          request = ZimbraWall::Request.new(connection, @parser)
+          if request.auth_request?
+            @backend[:port] = ZimbraWall::Config.backend_port
+            user = User.new(request.user_token)
+            if user.blocked?
+              connection.buffer.gsub!(/(?<=&password=).*(?=(&|$))/, '')
+              puts "User blocked: #{user.email} - #{user.zimbraId}"
+            end
+            conn.server @backend[:host], host: @backend[:host], port: @backend[:port]
+            conn.relay_to_servers connection.buffer
+          end
+        end
+
+        conn.server @backend[:host], host: @backend[:host], port: @backend[:port]
+        conn.relay_to_servers connection.buffer
+        connection.buffer.clear
+
+        conn.on_connect do |data, b|
+          debug.logger [:on_connect, data, b]
+        end
+
+        conn.on_data do |data|
+          debug.logger [:on_data, data]
+          connection.buffer << data
+          @parser << data if data !~ /\/service\/extension\/nginx-lookup/
+          data
+        end
+
+        conn.on_response do |backend, resp|
+          debug.logger [:on_response, backend, resp]
+          if resp =~ /Auth-Status/i
+            lookup_resp = ZimbraWall::Connection.parse_lookup_response(resp)
+            user = User.new(lookup_resp['Auth-User'])
+            if user.blocked?
+              puts "User blocked: #{user.email} - #{user.zimbraId}"
+              resp.gsub!(/Auth-Status: OK/, 'Auth-Status: ERR')
+            end
+          end
+          resp
+        end
+
+        conn.on_finish do |_, name|
+          debug.logger [:on_finish, name].inspect
+        end
+      end
+    end
+
+    module_function :run
+  end
+end

data/lib/zimbra_wall/user.rb

@@ -0,0 +1,67 @@
+module ZimbraWall
+
+  class User
+    attr_accessor :email, :zimbraId
+
+    @@db = {}
+
+    # user_identifier can be an email address, zimbraId UUID or just the
+    # local part of an email address, like user in user@example.com
+    def initialize(user_identifier)
+      @zimbraId = set_zimbraId user_identifier
+      @email = set_email user_identifier
+      User.load_migrated_users
+    end
+
+    # If user has email (unless email.nil?)
+    def blocked?
+      !find_in_db.nil?
+    end
+
+    def backend
+      ZimbraWall::Config.backend
+    end
+
+    def find_in_db
+      self.zimbraId = User.DB[email] if has_email?
+      self.email = User.DB.invert[zimbraId] if has_zimbraId?
+      User.DB[email] || User.DB.invert[zimbraId]
+    end
+
+    def has_email?
+      !email.nil?
+    end
+
+    def has_zimbraId?
+      !zimbraId.nil?
+    end
+
+    # Return the old DB if the YAML file has error
+    def self.load_migrated_users
+      data = ZimbraWall::Yamler.db
+      return @@db unless data
+      @@db = data
+    end
+
+    def self.DB
+      load_migrated_users
+      @@db
+    end
+
+    private
+    def set_zimbraId user_identifier
+      return user_identifier if UUID.validate user_identifier
+      nil
+    end
+
+    def set_email user_identifier
+      return nil if user_identifier.nil?
+      return user_identifier if user_identifier.match(/@/)
+      return "#{user_identifier}@#{ZimbraWall::Config.domain}" unless UUID.validate user_identifier
+      nil
+    end
+
+
+  end
+
+end

data/lib/zimbra_wall/version.rb

@@ -0,0 +1,3 @@
+module ZimbraWall
+  VERSION = "0.1"
+end

data/lib/zimbra_wall/yamler.rb

@@ -0,0 +1,18 @@
+module ZimbraWall
+
+  module Yamler
+    require 'pp'
+
+    def self.db
+      begin
+        YAML.load_file ZimbraWall::Config.blocked_users_file
+      rescue Psych::SyntaxError => e
+        puts "ERROR Yaml File: #{e}"
+        return false
+      end
+
+    end
+
+  end
+
+end

data/test/fixtures/auth_80.txt

@@ -0,0 +1,14 @@
+POST /zimbra/ HTTP/1.0
+X-Forwarded-For: 186.67.32.114
+Host: 200.91.20.185
+Connection: close
+Content-Type: application/x-www-form-urlencoded
+Origin: http://190.196.208.85
+Cookie: ZM_TEST=true; ZM_TEST=true
+Content-Length: 66
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.5.17 (KHTML, like Gecko) Version/8.0.5 Safari/600.5.17
+Accept-Language: es-es
+Accept-Encoding: gzip, deflate
+
+loginOp=login&username=pbruna&password=5693537374&client=preferred

data/test/fixtures/route_7072.txt

@@ -0,0 +1,9 @@
+GET /service/extension/nginx-lookup HTTP/1.0
+Host: 127.0.0.1
+Auth-Method: zimbraId
+Auth-User: 251b1902-2250-4477-bdd1-8a101f7e7e4e
+Auth-Pass: XXX
+Auth-Salt: SSS
+Auth-Protocol: http
+Auth-Login-Attempt: 0
+X-Proxy-Host: 200.91.20.186

data/test/fixtures/users.yml

@@ -0,0 +1,6 @@
+pato@example.com: "7b562ae0-be97-0132-9a66-482a1423458f"
+max@example.com: "7b562c60-be97-0132-9a66-482a1423458f"
+moliery@example.com: "7b562ce0-be97-0132-9a66-482a1423458f"
+watson@example.com: "251b1902-2250-4477-bdd1-8a101f7e7e4e"
+sherlock@example.com: "7b562dd0-be97-0132-9a66-482a1423458f"
+pbruna@itlinux.cl: "cfd6e914-4f00-440c-9a57-e1a9327128b9"

data/test/fixtures/zco_soap.xml

@@ -0,0 +1 @@
+<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><userAgent name="ZimbraConnectorForOutlook" version="8.5.1.1259"/><nonotify/><noqualify/></context></soap:Header><soap:Body><AuthRequest xmlns="urn:zimbraAccount"><account by="name">watson@example.com</account><password>watson</password><virtualHost>200.91.20.186</virtualHost></AuthRequest></soap:Body></soap:Envelope>

data/test/test_backend.rb

@@ -0,0 +1,32 @@
+require 'test_helper'
+
+class Backend < Minitest::Test
+  
+  def setup
+    @user_migrated_email = ZimbraWall::User.new("watson@example.com")
+    @user_migrated_zimbraId = ZimbraWall::User.new("251b1902-2250-4477-bdd1-8a101f7e7e4e")
+    @user_not_migrated_email = ZimbraWall::User.new("jackbower@example.com")
+    @user_not_migrated_zimbraId = ZimbraWall::User.new("251b1902-2250-4477-bdd1-8a101f7e7333")
+  end
+  
+  def test_should_return_old_backend_if_user_email_is_not_migrated
+    backend = ZimbraWall::Backend.for_user @user_not_migrated_email
+    assert_equal(ZimbraWall::Config.old_backend, backend)
+  end
+
+  def test_should_return_old_backend_if_user_zimbraID_is_not_migrated
+    backend = ZimbraWall::Backend.for_user @user_not_migrated_zimbraId
+    assert_equal(ZimbraWall::Config.old_backend, backend)
+  end
+
+  def test_should_return_new_backend_if_user_email_was_migrated
+    backend = ZimbraWall::Backend.for_user @user_migrated_email
+    assert_equal(ZimbraWall::Config.new_backend, backend)
+  end
+
+  def test_should_return_new_backend_if_user_zimbraID_was_migrated
+    backend = ZimbraWall::Backend.for_user @user_migrated_zimbraId
+    assert_equal(ZimbraWall::Config.new_backend, backend)
+  end
+  
+end

data/test/test_helper.rb

@@ -0,0 +1,29 @@
+require "zimbra_intercepting_proxy"
+require 'ostruct'
+
+require 'minitest/autorun'
+require 'minitest/reporters' # requires the gem
+
+Minitest::Reporters.use! Minitest::Reporters::SpecReporter.new # spec-like progress
+
+ZimbraWall::Config.domain="example.com"
+ZimbraWall::Config.blocked_users_file="./test/fixtures/users.yml"
+ZimbraWall::Config.old_backend = "old-mailbox.example.com"
+ZimbraWall::Config.new_backend = "new-mailbox.zboxapp.com"
+
+def add_error_line
+  f = File.open ZimbraWall::Config.blocked_users_file, "a"
+  f.puts "juan :94949494-9494949-040404"
+  f.close
+end
+
+def restore_map_file
+  backup_file = "./test/fixtures/users.yml.org"
+  FileUtils.cp(backup_file, ZimbraWall::Config.blocked_users_file)
+  FileUtils.rm "./test/fixtures/users.yml.org"
+end
+
+def backup_map_file
+  backup_file = "./test/fixtures/users.yml.org"
+  FileUtils.cp(ZimbraWall::Config.blocked_users_file, backup_file)
+end

data/test/test_request.rb

@@ -0,0 +1,39 @@
+require 'test_helper'
+
+class Request < Minitest::Test
+  
+  def setup
+    @done = false
+    @auth_request = IO.read("./test/fixtures/auth_80.txt")
+    @route_request = IO.read("./test/fixtures/route_7072.txt")
+    @soap_auth_request = IO.read("./test/fixtures/zco_soap.xml")
+    @connection = OpenStruct.new
+    @parser = OpenStruct.new
+  end
+  
+  def test_should_return_user_token_from_auth_request
+    @parser.http_method = "POST"
+    @parser.request_url = "/zimbra/"
+    @connection.headers = {"Cookie" => "ZM_TEST=true"}
+    @connection.body = "loginOp=login&username=pbruna&password=5693537374&client=preferred"
+    request = ZimbraWall::Request.new @connection, @parser
+    assert_equal("pbruna", request.user_token)
+  end
+
+  def test_should_return_user_token_from_route_request
+    @parser.request_url = ZimbraWall::Config::ROUTE_URL
+    @connection.headers = {"Auth-User" => "251b1902-2250-4477-bdd1-8a101f7e7e4e"}
+    request = ZimbraWall::Request.new @connection, @parser
+    assert_equal("251b1902-2250-4477-bdd1-8a101f7e7e4e", request.user_token)
+  end
+
+  def test_should_get_username_from_zco_auth_request
+    @parser.http_method = "POST"
+    @parser.request_url = "/service/soap/AuthRequest"
+    @connection.headers = {"User-Agent" => "Zimbra-ZCO"}
+    @connection.body = @soap_auth_request
+    request = ZimbraWall::Request.new @connection, @parser
+    assert_equal("watson@example.com", request.user_token)
+  end
+
+end

data/test/test_user.rb

@@ -0,0 +1,71 @@
+require 'test_helper'
+
+class User < Minitest::Test
+  
+  def setup
+    @user = {email: "watson@example.com", zimbraId: "251b1902-2250-4477-bdd1-8a101f7e7e4e"}
+  end
+  
+  def test_only_set_zimbraId_when_passed_a_zimbraId
+    u = ZimbraWall::User.new(@user[:zimbraId])
+    assert_equal(u.zimbraId, @user[:zimbraId])
+    assert_nil(u.email)
+  end
+  
+  def test_only_set_email_when_passed_an_email
+    u = ZimbraWall::User.new(@user[:email])
+    assert_equal(u.email, @user[:email])
+    assert_nil(u.zimbraId)
+  end
+  
+  def test_return_email_when_passed_just_an_username
+    u = ZimbraWall::User.new("watson")
+    assert_equal(u.email, @user[:email])
+    assert_nil(u.zimbraId)
+  end
+  
+  def test_should_load_db_user_file_to_global_hash
+    assert_equal(ZimbraWall::User.DB.class, Hash)
+  end
+  
+  def test_db_should_have_emails_when_email_is_passed
+    assert(ZimbraWall::User.DB["watson@example.com"])
+  end
+
+  def test_return_true_if_migrated_user_with_zimbraId
+    u = ZimbraWall::User.new("7b562ce0-be97-0132-9a66-482a1423458f")
+    assert(u.migrated?, "Failure message.")
+  end
+  
+  def test_return_false_if_not_migrated_user_with_zimbraId
+    u = ZimbraWall::User.new("7b562ce0-be97-0132-9a66-482a14234333")
+    assert(!u.migrated?, "Failure message.")
+  end
+  
+  def test_return_true_if_migrated_user_with_email
+    u = ZimbraWall::User.new(@user[:email])
+    assert(u.migrated?, "Failure message.")
+  end
+  
+  def test_return_false_if_no_migrated_user_with_email
+    u = ZimbraWall::User.new("pbruna")
+    assert(!u.migrated?, "Failure message.")
+  end
+  
+  def test_migrated_false_if_email_nil
+    u = ZimbraWall::User.new(nil)
+    assert(!u.migrated?, "Failure message.")
+  end
+  
+  
+  def test_return_old_db_if_yamler_db_is_false
+    backup_map_file # backup users.yml
+    yaml_1 = ZimbraWall::User.DB.inspect
+    add_error_line
+    yaml_2 = ZimbraWall::User.DB.inspect
+    restore_map_file
+    assert_equal(Digest::MD5.digest(yaml_1), Digest::MD5.digest(yaml_2))
+  end
+  
+    
+end

data/test/test_yamler.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+require 'digest'
+
+class Yamler < Minitest::Test
+  
+  def setup
+    backup_map_file
+  end
+  
+  def teardown
+    restore_map_file
+  end
+
+  def test_yamler_db_must_return_the_yaml_file_hash
+    db = ZimbraWall::Yamler.db
+    assert_equal("251b1902-2250-4477-bdd1-8a101f7e7e4e", db["watson@example.com"])
+  end
+  
+  def test_return_false_if_updated_files_has_error
+    add_error_line
+    assert(!ZimbraWall::Yamler.db, "Failure message.")
+  end
+  
+end

data/zimbra_wall.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'zimbra_wall/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "zimbra_wall"
+  spec.version       = ZimbraWall::VERSION
+  spec.authors       = ["Patricio Bruna"]
+  spec.email         = ["pbruna@itlinux.cl"]
+  spec.summary       = "An authorization wall for Zimbra"
+  spec.description   = spec.summary
+  spec.homepage      = "https://github.com/pbruna/zimbra_wall"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'em-proxy', "~> 0.1.8"
+  spec.add_dependency 'thor', "~> 0.19"
+  spec.add_dependency 'uuid', "~> 2.3"
+  spec.add_dependency 'http_parser.rb', "~> 0.6"
+  spec.add_dependency 'addressable', "~> 2.3"
+  spec.add_dependency 'xml-simple', "~> 1.1"
+  spec.add_development_dependency "bundler"
+
+
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest-reporters"
+end

metadata

@@ -0,0 +1,208 @@
+--- !ruby/object:Gem::Specification
+name: zimbra_wall
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Patricio Bruna
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-05-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: em-proxy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.8
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: uuid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: http_parser.rb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: xml-simple
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An authorization wall for Zimbra
+email:
+- pbruna@itlinux.cl
+executables:
+- zimbra_wall
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/zimbra_wall
+- examples/monit_zimbra_wall
+- examples/zimbra_wall
+- lib/zimbra_wall.rb
+- lib/zimbra_wall/backend.rb
+- lib/zimbra_wall/config.rb
+- lib/zimbra_wall/connection.rb
+- lib/zimbra_wall/debug.rb
+- lib/zimbra_wall/request.rb
+- lib/zimbra_wall/server.rb
+- lib/zimbra_wall/user.rb
+- lib/zimbra_wall/version.rb
+- lib/zimbra_wall/yamler.rb
+- test/fixtures/auth_80.txt
+- test/fixtures/route_7072.txt
+- test/fixtures/users.yml
+- test/fixtures/zco_soap.xml
+- test/test_backend.rb
+- test/test_helper.rb
+- test/test_request.rb
+- test/test_user.rb
+- test/test_yamler.rb
+- zimbra_wall.gemspec
+homepage: https://github.com/pbruna/zimbra_wall
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: An authorization wall for Zimbra
+test_files:
+- test/fixtures/auth_80.txt
+- test/fixtures/route_7072.txt
+- test/fixtures/users.yml
+- test/fixtures/zco_soap.xml
+- test/test_backend.rb
+- test/test_helper.rb
+- test/test_request.rb
+- test/test_user.rb
+- test/test_yamler.rb