haraka 0.0.33 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (309) hide show
  1. package/.claude/settings.local.json +28 -0
  2. package/.githooks/pre-commit +41 -0
  3. package/.prettierignore +6 -0
  4. package/.qlty/.gitignore +7 -0
  5. package/.qlty/configs/.shellcheckrc +1 -0
  6. package/.qlty/qlty.toml +15 -0
  7. package/CHANGELOG.md +1894 -0
  8. package/CLAUDE.md +40 -0
  9. package/CONTRIBUTORS.md +34 -0
  10. package/Dockerfile +50 -0
  11. package/GEMINI.md +38 -0
  12. package/LICENSE +22 -0
  13. package/Plugins.md +227 -0
  14. package/README.md +119 -4
  15. package/SECURITY.md +178 -0
  16. package/TODO +22 -0
  17. package/address.js +53 -0
  18. package/bin/haraka +593 -0
  19. package/bin/haraka_grep +32 -0
  20. package/config/aliases +2 -0
  21. package/config/auth_flat_file.ini +7 -0
  22. package/config/auth_vpopmaild.ini +9 -0
  23. package/config/connection.ini +79 -0
  24. package/config/delay_deny.ini +7 -0
  25. package/config/dhparams.pem +8 -0
  26. package/config/host_list +3 -0
  27. package/config/host_list_regex +6 -0
  28. package/config/http.ini +11 -0
  29. package/config/lmtp.ini +7 -0
  30. package/config/log.ini +11 -0
  31. package/config/me +1 -0
  32. package/config/outbound.bounce_message +18 -0
  33. package/config/outbound.bounce_message_html +36 -0
  34. package/config/outbound.bounce_message_image +106 -0
  35. package/config/outbound.ini +24 -0
  36. package/config/plugins +67 -0
  37. package/config/smtp.ini +37 -0
  38. package/config/smtp_bridge.ini +4 -0
  39. package/config/smtp_forward.ini +31 -0
  40. package/config/smtp_proxy.ini +27 -0
  41. package/config/tarpit.timeout +1 -0
  42. package/config/tls.ini +83 -0
  43. package/config/tls_cert.pem +23 -0
  44. package/config/tls_key.pem +28 -0
  45. package/config/watch.ini +12 -0
  46. package/config/xclient.hosts +2 -0
  47. package/connection.js +1863 -0
  48. package/contrib/Haraka.cf +6 -0
  49. package/contrib/Haraka.pm +35 -0
  50. package/contrib/bad_smtp_server.pl +25 -0
  51. package/contrib/bsd-rc.d/haraka +61 -0
  52. package/contrib/debian-init.d/haraka +87 -0
  53. package/contrib/haraka.init +96 -0
  54. package/contrib/haraka.service +23 -0
  55. package/contrib/plugin2npm.sh +81 -0
  56. package/contrib/ubuntu-upstart/haraka.conf +27 -0
  57. package/coverage/coverage-final.json +2 -0
  58. package/coverage/coverage-summary.json +33 -0
  59. package/coverage/tmp/coverage-79131-1779241025146-0.json +1 -0
  60. package/coverage/tmp/coverage-79132-1779240999690-0.json +1 -0
  61. package/coverage/tmp/coverage-79172-1779241000095-0.json +1 -0
  62. package/coverage/tmp/coverage-79210-1779241000156-0.json +1 -0
  63. package/coverage/tmp/coverage-79211-1779241000209-0.json +1 -0
  64. package/coverage/tmp/coverage-79212-1779241000266-0.json +1 -0
  65. package/coverage/tmp/coverage-79213-1779241000441-0.json +1 -0
  66. package/coverage/tmp/coverage-79214-1779241000626-0.json +1 -0
  67. package/coverage/tmp/coverage-79215-1779241000795-0.json +1 -0
  68. package/coverage/tmp/coverage-79216-1779241000965-0.json +1 -0
  69. package/coverage/tmp/coverage-79218-1779241001013-0.json +1 -0
  70. package/coverage/tmp/coverage-79219-1779241001179-0.json +1 -0
  71. package/coverage/tmp/coverage-79220-1779241006249-0.json +1 -0
  72. package/coverage/tmp/coverage-79227-1779241011453-0.json +1 -0
  73. package/coverage/tmp/coverage-79229-1779241011537-0.json +1 -0
  74. package/coverage/tmp/coverage-79230-1779241011647-0.json +1 -0
  75. package/coverage/tmp/coverage-79231-1779241011765-0.json +1 -0
  76. package/coverage/tmp/coverage-79232-1779241011841-0.json +1 -0
  77. package/coverage/tmp/coverage-79233-1779241011909-0.json +1 -0
  78. package/coverage/tmp/coverage-79234-1779241011984-0.json +1 -0
  79. package/coverage/tmp/coverage-79235-1779241012055-0.json +1 -0
  80. package/coverage/tmp/coverage-79236-1779241012230-0.json +1 -0
  81. package/coverage/tmp/coverage-79237-1779241012300-0.json +1 -0
  82. package/coverage/tmp/coverage-79238-1779241012368-0.json +1 -0
  83. package/coverage/tmp/coverage-79239-1779241012438-0.json +1 -0
  84. package/coverage/tmp/coverage-79240-1779241012511-0.json +1 -0
  85. package/coverage/tmp/coverage-79241-1779241012582-0.json +1 -0
  86. package/coverage/tmp/coverage-79242-1779241012652-0.json +1 -0
  87. package/coverage/tmp/coverage-79243-1779241012814-0.json +1 -0
  88. package/coverage/tmp/coverage-79244-1779241012931-0.json +1 -0
  89. package/coverage/tmp/coverage-79245-1779241013007-0.json +1 -0
  90. package/coverage/tmp/coverage-79246-1779241013106-0.json +1 -0
  91. package/coverage/tmp/coverage-79247-1779241013178-0.json +1 -0
  92. package/coverage/tmp/coverage-79248-1779241013244-0.json +1 -0
  93. package/coverage/tmp/coverage-79249-1779241013409-0.json +1 -0
  94. package/coverage/tmp/coverage-79250-1779241013697-0.json +1 -0
  95. package/coverage/tmp/coverage-79251-1779241013847-0.json +1 -0
  96. package/coverage/tmp/coverage-79252-1779241014288-0.json +1 -0
  97. package/coverage/tmp/coverage-79253-1779241014378-0.json +1 -0
  98. package/coverage/tmp/coverage-79254-1779241014428-0.json +1 -0
  99. package/coverage/tmp/coverage-79255-1779241021774-0.json +1 -0
  100. package/coverage/tmp/coverage-80382-1779241021949-0.json +1 -0
  101. package/coverage/tmp/coverage-80383-1779241025019-0.json +1 -0
  102. package/coverage/tmp/coverage-80384-1779241025133-0.json +1 -0
  103. package/docs/Body.md +1 -0
  104. package/docs/Config.md +1 -0
  105. package/docs/Connection.md +153 -0
  106. package/docs/CoreConfig.md +96 -0
  107. package/docs/CustomReturnCodes.md +3 -0
  108. package/docs/HAProxy.md +62 -0
  109. package/docs/Header.md +1 -0
  110. package/docs/Logging.md +129 -0
  111. package/docs/Outbound.md +210 -0
  112. package/docs/Plugins.md +372 -0
  113. package/docs/Results.md +7 -0
  114. package/docs/Transaction.md +135 -0
  115. package/docs/Tutorial.md +183 -0
  116. package/docs/deprecated/access.md +3 -0
  117. package/docs/deprecated/backscatterer.md +9 -0
  118. package/docs/deprecated/connect.rdns_access.md +53 -0
  119. package/docs/deprecated/data.headers.md +3 -0
  120. package/docs/deprecated/data.nomsgid.md +7 -0
  121. package/docs/deprecated/data.noreceived.md +11 -0
  122. package/docs/deprecated/data.rfc5322_header_checks.md +11 -0
  123. package/docs/deprecated/dkim_sign.md +97 -0
  124. package/docs/deprecated/dkim_verify.md +28 -0
  125. package/docs/deprecated/dnsbl.md +80 -0
  126. package/docs/deprecated/dnswl.md +73 -0
  127. package/docs/deprecated/lookup_rdns.strict.md +67 -0
  128. package/docs/deprecated/mail_from.access.md +52 -0
  129. package/docs/deprecated/mail_from.blocklist.md +18 -0
  130. package/docs/deprecated/mail_from.nobounces.md +8 -0
  131. package/docs/deprecated/rcpt_to.access.md +53 -0
  132. package/docs/deprecated/rcpt_to.blocklist.md +18 -0
  133. package/docs/deprecated/rcpt_to.routes.md +3 -0
  134. package/docs/deprecated/rdns.regexp.md +30 -0
  135. package/docs/plugins/aliases.md +3 -0
  136. package/docs/plugins/auth/auth_bridge.md +34 -0
  137. package/docs/plugins/auth/auth_ldap.md +4 -0
  138. package/docs/plugins/auth/auth_proxy.md +36 -0
  139. package/docs/plugins/auth/auth_vpopmaild.md +33 -0
  140. package/docs/plugins/auth/flat_file.md +40 -0
  141. package/docs/plugins/block_me.md +18 -0
  142. package/docs/plugins/data.signatures.md +11 -0
  143. package/docs/plugins/delay_deny.md +23 -0
  144. package/docs/plugins/max_unrecognized_commands.md +6 -0
  145. package/docs/plugins/prevent_credential_leaks.md +22 -0
  146. package/docs/plugins/process_title.md +42 -0
  147. package/docs/plugins/queue/deliver.md +3 -0
  148. package/docs/plugins/queue/discard.md +32 -0
  149. package/docs/plugins/queue/lmtp.md +24 -0
  150. package/docs/plugins/queue/qmail-queue.md +16 -0
  151. package/docs/plugins/queue/quarantine.md +87 -0
  152. package/docs/plugins/queue/smtp_bridge.md +32 -0
  153. package/docs/plugins/queue/smtp_forward.md +127 -0
  154. package/docs/plugins/queue/smtp_proxy.md +68 -0
  155. package/docs/plugins/queue/test.md +7 -0
  156. package/docs/plugins/rcpt_to.in_host_list.md +34 -0
  157. package/docs/plugins/rcpt_to.max_count.md +3 -0
  158. package/docs/plugins/record_envelope_addresses.md +20 -0
  159. package/docs/plugins/relay.md +3 -0
  160. package/docs/plugins/reseed_rng.md +16 -0
  161. package/docs/plugins/status.md +41 -0
  162. package/docs/plugins/tarpit.md +50 -0
  163. package/docs/plugins/tls.md +235 -0
  164. package/docs/plugins/toobusy.md +27 -0
  165. package/docs/plugins/xclient.md +10 -0
  166. package/docs/tutorials/Migrating_from_v1_to_v2.md +96 -0
  167. package/docs/tutorials/SettingUpOutbound.md +62 -0
  168. package/eslint.config.mjs +2 -0
  169. package/haraka.js +74 -0
  170. package/haraka.sh +2 -0
  171. package/http/html/404.html +58 -0
  172. package/http/html/index.html +47 -0
  173. package/http/package.json +21 -0
  174. package/line_socket.js +24 -0
  175. package/logger.js +322 -0
  176. package/outbound/client_pool.js +59 -0
  177. package/outbound/config.js +134 -0
  178. package/outbound/hmail.js +1504 -0
  179. package/outbound/index.js +349 -0
  180. package/outbound/qfile.js +93 -0
  181. package/outbound/queue.js +399 -0
  182. package/outbound/tls.js +85 -0
  183. package/outbound/todo.js +17 -0
  184. package/package.json +99 -4
  185. package/plugins/.eslintrc.yaml +3 -0
  186. package/plugins/auth/auth_base.js +261 -0
  187. package/plugins/auth/auth_bridge.js +20 -0
  188. package/plugins/auth/auth_proxy.js +227 -0
  189. package/plugins/auth/auth_vpopmaild.js +162 -0
  190. package/plugins/auth/flat_file.js +44 -0
  191. package/plugins/block_me.js +88 -0
  192. package/plugins/data.signatures.js +30 -0
  193. package/plugins/delay_deny.js +153 -0
  194. package/plugins/prevent_credential_leaks.js +61 -0
  195. package/plugins/process_title.js +197 -0
  196. package/plugins/profile.js +11 -0
  197. package/plugins/queue/deliver.js +12 -0
  198. package/plugins/queue/discard.js +27 -0
  199. package/plugins/queue/lmtp.js +45 -0
  200. package/plugins/queue/qmail-queue.js +93 -0
  201. package/plugins/queue/quarantine.js +133 -0
  202. package/plugins/queue/smtp_bridge.js +45 -0
  203. package/plugins/queue/smtp_forward.js +371 -0
  204. package/plugins/queue/smtp_proxy.js +142 -0
  205. package/plugins/queue/test.js +15 -0
  206. package/plugins/rcpt_to.host_list_base.js +65 -0
  207. package/plugins/rcpt_to.in_host_list.js +56 -0
  208. package/plugins/record_envelope_addresses.js +17 -0
  209. package/plugins/reseed_rng.js +7 -0
  210. package/plugins/status.js +274 -0
  211. package/plugins/tarpit.js +45 -0
  212. package/plugins/tls.js +164 -0
  213. package/plugins/toobusy.js +47 -0
  214. package/plugins/xclient.js +124 -0
  215. package/plugins.js +604 -0
  216. package/queue/1772642154987_1775581346001_4_82235_TGwgfd_2_mattbook-m3.home.simerson.net +0 -0
  217. package/run_tests +11 -0
  218. package/server.js +827 -0
  219. package/smtp_client.js +504 -0
  220. package/test/.eslintrc.yaml +11 -0
  221. package/test/config/auth_flat_file.ini +5 -0
  222. package/test/config/block_me.recipient +1 -0
  223. package/test/config/block_me.senders +1 -0
  224. package/test/config/dhparams.pem +8 -0
  225. package/test/config/host_list +2 -0
  226. package/test/config/outbound_tls_cert.pem +1 -0
  227. package/test/config/outbound_tls_key.pem +1 -0
  228. package/test/config/plugins +7 -0
  229. package/test/config/smtp.ini +11 -0
  230. package/test/config/smtp_forward.ini +30 -0
  231. package/test/config/tls/example.com/_.example.com.key +28 -0
  232. package/test/config/tls/example.com/example.com.crt +25 -0
  233. package/test/config/tls/haraka.local.pem +51 -0
  234. package/test/config/tls.ini +45 -0
  235. package/test/config/tls_cert.pem +21 -0
  236. package/test/config/tls_key.pem +28 -0
  237. package/test/connection.js +817 -0
  238. package/test/fixtures/haproxy_allowed/config/connection.ini +3 -0
  239. package/test/fixtures/haproxy_disabled/config/connection.ini +3 -0
  240. package/test/fixtures/haproxy_untrusted/config/connection.ini +3 -0
  241. package/test/fixtures/line_socket.js +21 -0
  242. package/test/fixtures/todo_qfile.txt +0 -0
  243. package/test/fixtures/util_hmailitem.js +156 -0
  244. package/test/installation/config/test-plugin-flat +1 -0
  245. package/test/installation/config/test-plugin.ini +10 -0
  246. package/test/installation/config/tls.ini +1 -0
  247. package/test/installation/node_modules/load_first/index.js +5 -0
  248. package/test/installation/node_modules/load_first/package.json +11 -0
  249. package/test/installation/node_modules/test-plugin/config/test-plugin-flat +1 -0
  250. package/test/installation/node_modules/test-plugin/config/test-plugin.ini +9 -0
  251. package/test/installation/node_modules/test-plugin/package.json +5 -0
  252. package/test/installation/node_modules/test-plugin/test-plugin.js +5 -0
  253. package/test/installation/plugins/base_plugin.js +3 -0
  254. package/test/installation/plugins/folder_plugin/index.js +3 -0
  255. package/test/installation/plugins/folder_plugin/package.json +11 -0
  256. package/test/installation/plugins/inherits.js +7 -0
  257. package/test/installation/plugins/load_first.js +3 -0
  258. package/test/installation/plugins/plugin.js +1 -0
  259. package/test/installation/plugins/tls.js +3 -0
  260. package/test/logger.js +217 -0
  261. package/test/loud/config/dhparams.pem +0 -0
  262. package/test/loud/config/tls/goobered.pem +45 -0
  263. package/test/loud/config/tls.ini +43 -0
  264. package/test/mail_specimen/base64-root-part.txt +23 -0
  265. package/test/mail_specimen/varied-fold-lengths-preserve-data.txt +283 -0
  266. package/test/outbound/bounce_net_errors.js +133 -0
  267. package/test/outbound/bounce_rfc3464.js +226 -0
  268. package/test/outbound/hmail.js +210 -0
  269. package/test/outbound/index.js +385 -0
  270. package/test/outbound/qfile.js +124 -0
  271. package/test/outbound/queue.js +325 -0
  272. package/test/plugins/auth/auth_base.js +620 -0
  273. package/test/plugins/auth/auth_bridge.js +80 -0
  274. package/test/plugins/auth/auth_vpopmaild.js +81 -0
  275. package/test/plugins/auth/flat_file.js +123 -0
  276. package/test/plugins/block_me.js +141 -0
  277. package/test/plugins/data.signatures.js +111 -0
  278. package/test/plugins/delay_deny.js +262 -0
  279. package/test/plugins/prevent_credential_leaks.js +174 -0
  280. package/test/plugins/process_title.js +141 -0
  281. package/test/plugins/queue/deliver.js +98 -0
  282. package/test/plugins/queue/discard.js +78 -0
  283. package/test/plugins/queue/lmtp.js +137 -0
  284. package/test/plugins/queue/qmail-queue.js +98 -0
  285. package/test/plugins/queue/quarantine.js +80 -0
  286. package/test/plugins/queue/smtp_bridge.js +152 -0
  287. package/test/plugins/queue/smtp_forward.js +1023 -0
  288. package/test/plugins/queue/smtp_proxy.js +138 -0
  289. package/test/plugins/rcpt_to.host_list_base.js +102 -0
  290. package/test/plugins/rcpt_to.in_host_list.js +186 -0
  291. package/test/plugins/record_envelope_addresses.js +66 -0
  292. package/test/plugins/reseed_rng.js +34 -0
  293. package/test/plugins/status.js +207 -0
  294. package/test/plugins/tarpit.js +90 -0
  295. package/test/plugins/tls.js +86 -0
  296. package/test/plugins/toobusy.js +21 -0
  297. package/test/plugins/xclient.js +119 -0
  298. package/test/plugins.js +230 -0
  299. package/test/queue/1507509981169_1507509981169_0_61403_e0Y0Ym_1_fixed +0 -0
  300. package/test/queue/1507509981169_1507509981169_0_61403_e0Y0Ym_1_haraka +0 -0
  301. package/test/queue/1508269674999_1508269674999_0_34002_socVUF_1_haraka +0 -0
  302. package/test/queue/1508455115683_1508455115683_0_90253_9Q4o4V_1_haraka +0 -0
  303. package/test/queue/zero-length +0 -0
  304. package/test/server.js +1012 -0
  305. package/test/smtp_client.js +1303 -0
  306. package/test/tls_socket.js +321 -0
  307. package/test/transaction.js +554 -0
  308. package/tls_socket.js +771 -0
  309. package/transaction.js +267 -0
package/test/plugins/auth/auth_base.js ADDED
@@ -0,0 +1,620 @@
1
+ 'use strict'
2
+ const assert = require('node:assert')
3
+ const { describe, it, beforeEach } = require('node:test')
4
+
5
+ const { Address } = require('../../../address')
6
+ const { makeConnection, makePlugin } = require('haraka-test-fixtures')
7
+ const utils = require('haraka-utils')
8
+
9
+ const _set_up = () => {
10
+ this.plugin = makePlugin('auth/auth_base', { register: false })
11
+
12
+ this.plugin.get_plain_passwd = (user, cb) => {
13
+ if (user === 'test') return cb('testpass')
14
+ return cb(null)
15
+ }
16
+
17
+ this.connection = makeConnection()
18
+ this.connection.capabilities = null
19
+ }
20
+
21
+ const _set_up_2 = () => {
22
+ this.plugin = makePlugin('auth/auth_base', { register: false })
23
+
24
+ this.plugin.get_plain_passwd = (user, connection, cb) => {
25
+ connection.notes.auth_custom_note = 'custom_note'
26
+ if (user === 'test') return cb('testpass')
27
+ return cb(null)
28
+ }
29
+
30
+ this.connection = makeConnection()
31
+ this.connection.capabilities = null
32
+ }
33
+
34
+ const _set_up_custom_pwcb_opts = () => {
35
+ this.plugin = makePlugin('auth/auth_base', { register: false })
36
+
37
+ this.plugin.check_plain_passwd = (connection, user, passwd, pwok_cb) => {
38
+ switch (user) {
39
+ case 'legacyok_nomessage':
40
+ return pwok_cb(true)
41
+ case 'legacyfail_nomessage':
42
+ return pwok_cb(false)
43
+ case 'legacyok_message':
44
+ return pwok_cb(true, 'GREAT SUCCESS')
45
+ case 'legacyfail_message':
46
+ return pwok_cb(false, 'FAIL 123')
47
+ case 'newok':
48
+ return pwok_cb(true, { message: 'KOKOKO', code: 215 })
49
+ case 'newfail':
50
+ return pwok_cb(false, { message: 'OHOHOH', code: 555 })
51
+ default:
52
+ throw 'what?!'
53
+ }
54
+ }
55
+
56
+ this.connection = makeConnection()
57
+ this.connection.capabilities = null
58
+ this.connection.notes.resp_strings = []
59
+ this.connection.respond = (code, msg, cb) => {
60
+ this.connection.notes.resp_strings.push([code, msg])
61
+ return cb()
62
+ }
63
+ }
64
+
65
+ describe('auth_base', () => {
66
+ describe('hook_capabilities', () => {
67
+ beforeEach(_set_up)
68
+
69
+ it('no TLS, no auth', (t, done) => {
70
+ this.plugin.hook_capabilities((rc, msg) => {
71
+ assert.equal(undefined, rc)
72
+ assert.equal(undefined, msg)
73
+ assert.equal(null, this.connection.capabilities)
74
+ done()
75
+ }, this.connection)
76
+ })
77
+
78
+ it('with TLS, auth is offered', (t, done) => {
79
+ this.connection.tls.enabled = true
80
+ this.connection.capabilities = []
81
+ this.plugin.hook_capabilities((rc, msg) => {
82
+ assert.equal(undefined, rc)
83
+ assert.equal(undefined, msg)
84
+ assert.ok(this.connection.capabilities.length)
85
+ assert.ok(this.connection.capabilities[0] === 'AUTH PLAIN LOGIN CRAM-MD5')
86
+ // console.log(this.connection.capabilities);
87
+ done()
88
+ }, this.connection)
89
+ })
90
+ })
91
+
92
+ describe('get_plain_passwd', () => {
93
+ beforeEach(_set_up)
94
+
95
+ it('get_plain_passwd, no result', (t, done) => {
96
+ this.plugin.get_plain_passwd('user', (pass) => {
97
+ assert.equal(pass, null)
98
+ done()
99
+ })
100
+ })
101
+ it('get_plain_passwd, test user', (t, done) => {
102
+ this.plugin.get_plain_passwd('test', (pass) => {
103
+ assert.equal(pass, 'testpass')
104
+ done()
105
+ })
106
+ })
107
+ })
108
+
109
+ describe('check_plain_passwd', () => {
110
+ beforeEach(_set_up)
111
+
112
+ it('valid password', (t, done) => {
113
+ this.plugin.check_plain_passwd(this.connection, 'test', 'testpass', (pass) => {
114
+ assert.equal(pass, true)
115
+ done()
116
+ })
117
+ })
118
+
119
+ it('wrong password', (t, done) => {
120
+ this.plugin.check_plain_passwd(this.connection, 'test', 'test1pass', (pass) => {
121
+ assert.equal(pass, false)
122
+ done()
123
+ })
124
+ })
125
+
126
+ it('null password', (t, done) => {
127
+ this.plugin.check_plain_passwd(this.connection, 'test', null, (pass) => {
128
+ assert.equal(pass, false)
129
+ done()
130
+ })
131
+ })
132
+ })
133
+
134
+ describe('select_auth_method', () => {
135
+ beforeEach(_set_up)
136
+
137
+ it('no auth methods yield no result', (t, done) => {
138
+ this.plugin.select_auth_method(
139
+ (code) => {
140
+ assert.equal(code, null)
141
+ assert.equal(false, this.connection.relaying)
142
+ done()
143
+ },
144
+ this.connection,
145
+ 'AUTH PLAIN',
146
+ )
147
+ })
148
+
149
+ it('invalid AUTH method, no result', (t, done) => {
150
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN', 'CRAM-MD5']
151
+ this.plugin.select_auth_method(
152
+ (code) => {
153
+ assert.equal(code, null)
154
+ assert.equal(false, this.connection.relaying)
155
+ done()
156
+ },
157
+ this.connection,
158
+ 'AUTH FOO',
159
+ )
160
+ })
161
+
162
+ it('valid AUTH method, valid attempt', (t, done) => {
163
+ const method = `PLAIN ${utils.base64('discard\0test\0testpass')}`
164
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
165
+ this.plugin.select_auth_method(
166
+ (code) => {
167
+ assert.equal(code, OK)
168
+ assert.ok(this.connection.relaying)
169
+ done()
170
+ },
171
+ this.connection,
172
+ method,
173
+ )
174
+ })
175
+ })
176
+
177
+ describe('auth_plain', () => {
178
+ beforeEach(_set_up)
179
+
180
+ it('params type=string returns OK', (t, done) => {
181
+ this.plugin.auth_plain(
182
+ (rc) => {
183
+ assert.equal(rc, OK)
184
+ assert.equal(false, this.connection.relaying)
185
+ done()
186
+ },
187
+ this.connection,
188
+ 'AUTH FOO',
189
+ )
190
+ })
191
+
192
+ it('params type=empty array, returns OK', (t, done) => {
193
+ this.plugin.auth_plain(
194
+ (rc) => {
195
+ assert.equal(rc, OK)
196
+ assert.equal(false, this.connection.relaying)
197
+ done()
198
+ },
199
+ this.connection,
200
+ [],
201
+ )
202
+ })
203
+
204
+ it('params type=array, successful auth', (t, done) => {
205
+ const method = utils.base64('discard\0test\0testpass')
206
+ this.plugin.auth_plain(
207
+ (rc) => {
208
+ assert.equal(rc, OK)
209
+ assert.ok(this.connection.relaying)
210
+ done()
211
+ },
212
+ this.connection,
213
+ [method],
214
+ )
215
+ })
216
+
217
+ it('params type=with two line login', (t, done) => {
218
+ this.plugin.auth_plain(
219
+ (rc) => {
220
+ assert.equal(this.connection.notes.auth_plain_asked_login, true)
221
+ assert.equal(rc, OK)
222
+ done()
223
+ },
224
+ this.connection,
225
+ '',
226
+ )
227
+ })
228
+ })
229
+
230
+ describe('check_user', () => {
231
+ beforeEach(_set_up_2)
232
+
233
+ it('bad auth', (t, done) => {
234
+ const credentials = ['matt', 'ttam']
235
+ this.plugin.check_user(
236
+ (code) => {
237
+ assert.equal(code, OK)
238
+ assert.equal(this.connection.relaying, false)
239
+ assert.equal(this.connection.notes.auth_custom_note, 'custom_note')
240
+ done()
241
+ },
242
+ this.connection,
243
+ credentials,
244
+ 'PLAIN',
245
+ )
246
+ })
247
+
248
+ it('good auth', (t, done) => {
249
+ const credentials = ['test', 'testpass']
250
+ this.plugin.check_user(
251
+ (code) => {
252
+ assert.equal(code, OK)
253
+ assert.ok(this.connection.relaying)
254
+ assert.equal(this.connection.notes.auth_custom_note, 'custom_note')
255
+ done()
256
+ },
257
+ this.connection,
258
+ credentials,
259
+ 'PLAIN',
260
+ )
261
+ })
262
+ })
263
+
264
+ describe('check_user_custom_opts', () => {
265
+ beforeEach(_set_up_custom_pwcb_opts)
266
+
267
+ it('legacyok_nomessage', (t, done) => {
268
+ this.plugin.check_user(
269
+ (code) => {
270
+ assert.equal(code, OK)
271
+ assert.equal(this.connection.relaying, true)
272
+ assert.deepEqual(this.connection.notes.resp_strings, [[235, '2.7.0 Authentication successful']])
273
+ done()
274
+ },
275
+ this.connection,
276
+ ['legacyok_nomessage', 'any'],
277
+ 'PLAIN',
278
+ )
279
+ })
280
+
281
+ it('legacyfail_nomessage', (t, done) => {
282
+ this.plugin.check_user(
283
+ (code) => {
284
+ assert.equal(code, OK)
285
+ assert.equal(this.connection.relaying, false)
286
+ assert.deepEqual(this.connection.notes.resp_strings, [[535, '5.7.8 Authentication failed']])
287
+ done()
288
+ },
289
+ this.connection,
290
+ ['legacyfail_nomessage', 'any'],
291
+ 'PLAIN',
292
+ )
293
+ })
294
+
295
+ it('legacyok_message', (t, done) => {
296
+ this.plugin.check_user(
297
+ (code) => {
298
+ assert.equal(code, OK)
299
+ assert.equal(this.connection.relaying, true)
300
+ assert.deepEqual(this.connection.notes.resp_strings, [[235, 'GREAT SUCCESS']])
301
+ done()
302
+ },
303
+ this.connection,
304
+ ['legacyok_message', 'any'],
305
+ 'PLAIN',
306
+ )
307
+ })
308
+
309
+ it('legacyfail_message', (t, done) => {
310
+ this.plugin.check_user(
311
+ (code) => {
312
+ assert.equal(code, OK)
313
+ assert.equal(this.connection.relaying, false)
314
+ assert.deepEqual(this.connection.notes.resp_strings, [[535, 'FAIL 123']])
315
+ done()
316
+ },
317
+ this.connection,
318
+ ['legacyfail_message', 'any'],
319
+ 'PLAIN',
320
+ )
321
+ })
322
+
323
+ it('newok', (t, done) => {
324
+ this.plugin.check_user(
325
+ (code) => {
326
+ assert.equal(code, OK)
327
+ assert.equal(this.connection.relaying, true)
328
+ assert.deepEqual(this.connection.notes.resp_strings, [[215, 'KOKOKO']])
329
+ done()
330
+ },
331
+ this.connection,
332
+ ['newok', 'any'],
333
+ 'PLAIN',
334
+ )
335
+ })
336
+
337
+ it('newfail', (t, done) => {
338
+ this.plugin.check_user(
339
+ (code) => {
340
+ assert.equal(code, OK)
341
+ assert.equal(this.connection.relaying, false)
342
+ assert.deepEqual(this.connection.notes.resp_strings, [[555, 'OHOHOH']])
343
+ done()
344
+ },
345
+ this.connection,
346
+ ['newfail', 'any'],
347
+ 'PLAIN',
348
+ )
349
+ })
350
+ })
351
+
352
+ describe('auth_notes_are_set', () => {
353
+ beforeEach(_set_up_2)
354
+
355
+ it('bad auth: no notes should be set', (t, done) => {
356
+ const credentials = ['matt', 'ttam']
357
+ this.plugin.check_user(
358
+ () => {
359
+ assert.equal(this.connection.notes.auth_user, undefined)
360
+ assert.equal(this.connection.notes.auth_passwd, undefined)
361
+ done()
362
+ },
363
+ this.connection,
364
+ credentials,
365
+ 'PLAIN',
366
+ )
367
+ })
368
+
369
+ it('good auth: dont store password', (t, done) => {
370
+ const creds = ['test', 'testpass']
371
+ this.plugin.blankout_password = true
372
+ this.plugin.check_user(
373
+ () => {
374
+ assert.equal(this.connection.notes.auth_user, creds[0])
375
+ assert.equal(this.connection.notes.auth_passwd, undefined)
376
+ done()
377
+ },
378
+ this.connection,
379
+ creds,
380
+ 'PLAIN',
381
+ )
382
+ })
383
+
384
+ it('good auth: store password (default)', (t, done) => {
385
+ const creds = ['test', 'testpass']
386
+ this.plugin.check_user(
387
+ () => {
388
+ assert.equal(this.connection.notes.auth_user, creds[0])
389
+ assert.equal(this.connection.notes.auth_passwd, creds[1])
390
+ done()
391
+ },
392
+ this.connection,
393
+ creds,
394
+ 'PLAIN',
395
+ )
396
+ })
397
+ })
398
+
399
+ describe('hook_unrecognized_command', () => {
400
+ beforeEach(_set_up)
401
+
402
+ it('AUTH type FOO', (t, done) => {
403
+ const params = ['AUTH', 'FOO']
404
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
405
+ this.plugin.hook_unrecognized_command(
406
+ (code) => {
407
+ assert.equal(code, null)
408
+ assert.equal(this.connection.relaying, false)
409
+ done()
410
+ },
411
+ this.connection,
412
+ params,
413
+ )
414
+ })
415
+
416
+ it('AUTH PLAIN', (t, done) => {
417
+ const params = ['AUTH', 'PLAIN', utils.base64('discard\0test\0testpass')]
418
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
419
+ this.plugin.hook_unrecognized_command(
420
+ (code) => {
421
+ assert.equal(code, OK)
422
+ assert.ok(this.connection.relaying)
423
+ done()
424
+ },
425
+ this.connection,
426
+ params,
427
+ )
428
+ })
429
+
430
+ it('AUTH PLAIN, authenticating', (t, done) => {
431
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
432
+ this.connection.notes.authenticating = true
433
+ this.connection.notes.auth_method = 'PLAIN'
434
+ this.plugin.hook_unrecognized_command(
435
+ (code) => {
436
+ assert.equal(code, OK)
437
+ assert.ok(this.connection.relaying)
438
+ done()
439
+ },
440
+ this.connection,
441
+ [utils.base64('discard\0test\0testpass')],
442
+ )
443
+ })
444
+ })
445
+
446
+ describe('auth_login', () => {
447
+ beforeEach(_set_up)
448
+
449
+ it('AUTH LOGIN', (t, done) => {
450
+ const params = ['AUTH', 'LOGIN']
451
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
452
+ this.plugin.hook_unrecognized_command(
453
+ (code) => {
454
+ assert.equal(code, OK)
455
+ assert.equal(this.connection.relaying, false)
456
+ assert.equal(this.connection.notes.auth_login_asked_login, true)
457
+
458
+ this.plugin.hook_unrecognized_command(
459
+ (code) => {
460
+ assert.equal(code, OK)
461
+ assert.equal(this.connection.notes.auth_login_userlogin, 'test')
462
+ assert.equal(this.connection.relaying, false)
463
+ this.plugin.hook_unrecognized_command(
464
+ (code) => {
465
+ assert.equal(code, OK)
466
+ assert.equal(this.connection.relaying, true)
467
+ done()
468
+ },
469
+ this.connection,
470
+ [utils.base64('testpass')],
471
+ )
472
+ },
473
+ this.connection,
474
+ [utils.base64('test')],
475
+ )
476
+ },
477
+ this.connection,
478
+ params,
479
+ )
480
+ })
481
+
482
+ it('AUTH LOGIN <username>', (t, done) => {
483
+ const params = ['AUTH', 'LOGIN', utils.base64('test')]
484
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
485
+ this.plugin.hook_unrecognized_command(
486
+ (code) => {
487
+ assert.equal(code, OK)
488
+ assert.equal(this.connection.relaying, false)
489
+ assert.equal(this.connection.notes.auth_login_userlogin, 'test')
490
+ assert.equal(this.connection.notes.auth_login_asked_login, true)
491
+
492
+ this.plugin.hook_unrecognized_command(
493
+ (code2) => {
494
+ assert.equal(code2, OK)
495
+ assert.equal(this.connection.relaying, true)
496
+ done()
497
+ },
498
+ this.connection,
499
+ [utils.base64('testpass')],
500
+ )
501
+ },
502
+ this.connection,
503
+ params,
504
+ )
505
+ })
506
+
507
+ it('AUTH LOGIN <username>, bad protocol', (t, done) => {
508
+ const params = ['AUTH', 'LOGIN', utils.base64('test')]
509
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
510
+ this.plugin.hook_unrecognized_command(
511
+ (code) => {
512
+ assert.equal(code, OK)
513
+ assert.equal(this.connection.relaying, false)
514
+ assert.equal(this.connection.notes.auth_login_userlogin, 'test')
515
+ assert.equal(this.connection.notes.auth_login_asked_login, true)
516
+
517
+ this.plugin.hook_unrecognized_command(
518
+ (code, msg) => {
519
+ assert.equal(code, DENYDISCONNECT)
520
+ assert.equal(msg, 'bad protocol')
521
+ assert.equal(this.connection.relaying, false)
522
+ done()
523
+ },
524
+ this.connection,
525
+ ['AUTH', 'LOGIN'],
526
+ )
527
+ },
528
+ this.connection,
529
+ params,
530
+ )
531
+ })
532
+
533
+ it('AUTH LOGIN, reauthentication', (t, done) => {
534
+ const params = ['AUTH', 'LOGIN', utils.base64('test')]
535
+ this.connection.notes.allowed_auth_methods = ['PLAIN', 'LOGIN']
536
+ this.plugin.hook_unrecognized_command(
537
+ (code) => {
538
+ assert.equal(code, OK)
539
+ assert.equal(this.connection.relaying, false)
540
+ assert.equal(this.connection.notes.auth_login_userlogin, 'test')
541
+ assert.equal(this.connection.notes.auth_login_asked_login, true)
542
+
543
+ this.plugin.hook_unrecognized_command(
544
+ (code) => {
545
+ assert.equal(code, OK)
546
+ assert.equal(this.connection.relaying, true)
547
+ assert.equal(this.connection.notes.auth_login_userlogin, null)
548
+ assert.equal(this.connection.notes.auth_login_asked_login, false)
549
+
550
+ this.plugin.hook_unrecognized_command(
551
+ (code) => {
552
+ assert.equal(code, OK)
553
+ done()
554
+ },
555
+ this.connection,
556
+ ['AUTH', 'LOGIN'],
557
+ )
558
+ },
559
+ this.connection,
560
+ [utils.base64('testpass')],
561
+ )
562
+ },
563
+ this.connection,
564
+ params,
565
+ )
566
+ })
567
+ })
568
+
569
+ describe('hexi', () => {
570
+ beforeEach(_set_up)
571
+
572
+ it('hexi', () => {
573
+ assert.equal(this.plugin.hexi(512), 200)
574
+ assert.equal(this.plugin.hexi(8), 8)
575
+ })
576
+ })
577
+
578
+ describe('constrain_sender', () => {
579
+ beforeEach(_set_up)
580
+
581
+ it('constrain_sender, domain match', (t, done) => {
582
+ this.mfrom = new Address('user@example.com')
583
+ this.connection.results.add({ name: 'auth' }, { user: 'user@example.com' })
584
+ this.plugin.constrain_sender(
585
+ (resCode) => {
586
+ assert.equal(resCode, undefined)
587
+ done()
588
+ },
589
+ this.connection,
590
+ [this.mfrom],
591
+ )
592
+ })
593
+
594
+ it('constrain_sender, domain mismatch', (t, done) => {
595
+ this.mfrom = new Address('user@example.net')
596
+ this.connection.results.add({ name: 'auth' }, { user: 'user@example.com' })
597
+ this.plugin.constrain_sender(
598
+ (resCode, denyMsg) => {
599
+ assert.equal(resCode, DENY)
600
+ assert.ok(denyMsg)
601
+ done()
602
+ },
603
+ this.connection,
604
+ [this.mfrom],
605
+ )
606
+ })
607
+ it('constrain_sender, no domain', (t, done) => {
608
+ this.mfrom = new Address('user@example.com')
609
+ this.connection.results.add({ name: 'auth' }, { user: 'user' })
610
+ this.plugin.constrain_sender(
611
+ (resCode) => {
612
+ assert.equal(resCode, undefined)
613
+ done()
614
+ },
615
+ this.connection,
616
+ [this.mfrom],
617
+ )
618
+ })
619
+ })
620
+ })
package/test/plugins/auth/auth_bridge.js ADDED
@@ -0,0 +1,80 @@
1
+ 'use strict'
2
+
3
+ const assert = require('node:assert')
4
+ const { describe, it, beforeEach } = require('node:test')
5
+
6
+ const { makeConnection, makePlugin } = require('haraka-test-fixtures')
7
+
8
+ describe('auth/auth_bridge', () => {
9
+ let plugin
10
+
11
+ beforeEach(() => {
12
+ plugin = makePlugin('auth/auth_bridge', { register: false })
13
+ plugin.load_flat_ini()
14
+ })
15
+
16
+ describe('load_flat_ini', () => {
17
+ it('loads smtp_bridge.ini config', () => {
18
+ assert.ok(plugin.cfg)
19
+ assert.ok(plugin.cfg.main)
20
+ })
21
+
22
+ it('cfg.main.host defaults to localhost', () => {
23
+ assert.equal(plugin.cfg.main.host, 'localhost')
24
+ })
25
+ })
26
+
27
+ describe('check_plain_passwd', () => {
28
+ let conn
29
+
30
+ beforeEach(() => {
31
+ conn = makeConnection()
32
+ })
33
+
34
+ it('calls try_auth_proxy with just host when no port configured', (t, done) => {
35
+ plugin.cfg.main = { host: 'mail.example.com' }
36
+ plugin.try_auth_proxy = (connection, host, user, passwd, cb) => {
37
+ assert.equal(host, 'mail.example.com')
38
+ assert.equal(user, 'testuser')
39
+ assert.equal(passwd, 'testpass')
40
+ cb(true)
41
+ }
42
+ plugin.check_plain_passwd(conn, 'testuser', 'testpass', (result) => {
43
+ assert.equal(result, true)
44
+ done()
45
+ })
46
+ })
47
+
48
+ it('calls try_auth_proxy with host:port when port is configured', (t, done) => {
49
+ plugin.cfg.main = { host: 'mail.example.com', port: '587' }
50
+ plugin.try_auth_proxy = (connection, host, user, passwd, cb) => {
51
+ assert.equal(host, 'mail.example.com:587')
52
+ cb(true)
53
+ }
54
+ plugin.check_plain_passwd(conn, 'testuser', 'testpass', (result) => {
55
+ assert.equal(result, true)
56
+ done()
57
+ })
58
+ })
59
+
60
+ it('passes authentication failure through to callback', (t, done) => {
61
+ plugin.cfg.main = { host: 'mail.example.com' }
62
+ plugin.try_auth_proxy = (connection, host, user, passwd, cb) => {
63
+ cb(false)
64
+ }
65
+ plugin.check_plain_passwd(conn, 'baduser', 'badpass', (result) => {
66
+ assert.equal(result, false)
67
+ done()
68
+ })
69
+ })
70
+
71
+ it('passes the connection object to try_auth_proxy', (t, done) => {
72
+ plugin.cfg.main = { host: 'mail.example.com' }
73
+ plugin.try_auth_proxy = (connection, host, user, passwd, cb) => {
74
+ assert.equal(connection, conn)
75
+ cb(true)
76
+ }
77
+ plugin.check_plain_passwd(conn, 'user', 'pass', () => done())
78
+ })
79
+ })
80
+ })