haraka 0.0.33 → 3.3.0

package/test/plugins/auth/auth_vpopmaild.js

@@ -0,0 +1,81 @@
+'use strict'
+
+const assert = require('node:assert/strict')
+const path = require('node:path')
+const { describe, it, beforeEach } = require('node:test')
+
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
+
+const _set_up = () => {
+    this.backup = {}
+
+    this.plugin = makePlugin('auth/auth_vpopmaild', { register: false })
+    this.plugin.inherits('auth/auth_base')
+
+    // reset the config/root_path
+    this.plugin.config.root_path = path.resolve(__dirname, '../../../config')
+    this.plugin.cfg = this.plugin.config.get('auth_vpopmaild.ini')
+
+    this.connection = makeConnection()
+    this.connection.capabilities = null
+}
+
+describe('hook_capabilities', () => {
+    beforeEach(_set_up)
+
+    it('no TLS', (t, done) => {
+        this.plugin.hook_capabilities((rc, msg) => {
+            assert.equal(undefined, rc)
+            assert.equal(undefined, msg)
+            assert.equal(null, this.connection.capabilities)
+            done()
+        }, this.connection)
+    })
+
+    it('with TLS', (t, done) => {
+        this.connection.tls.enabled = true
+        this.connection.capabilities = []
+        this.plugin.hook_capabilities((rc, msg) => {
+            assert.equal(undefined, rc)
+            assert.equal(undefined, msg)
+            assert.ok(this.connection.capabilities.length)
+            done()
+        }, this.connection)
+    })
+
+    it('with TLS, sysadmin', (t, done) => {
+        this.connection.tls.enabled = true
+        this.connection.capabilities = []
+        this.plugin.hook_capabilities((rc, msg) => {
+            assert.equal(undefined, rc)
+            assert.equal(undefined, msg)
+            assert.ok(this.connection.capabilities.length)
+            done()
+        }, this.connection)
+    })
+})
+
+describe('get_vpopmaild_socket', () => {
+    beforeEach(_set_up)
+
+    it('any', () => {
+        const socket = this.plugin.get_vpopmaild_socket('foo@localhost.com')
+        assert.ok(socket)
+        socket.destroy()
+    })
+})
+
+describe('get_plain_passwd', () => {
+    beforeEach(_set_up)
+
+    it('matt@example.com', (t, done) => {
+        if (this.plugin.cfg['example.com'].sysadmin) {
+            this.plugin.get_plain_passwd('matt@example.com', (pass) => {
+                assert.ok(pass)
+                done()
+            })
+        } else {
+            done()
+        }
+    })
+})

package/test/plugins/auth/flat_file.js

@@ -0,0 +1,123 @@
+'use strict'
+
+const assert = require('node:assert')
+const { describe, it, beforeEach } = require('node:test')
+
+const { callHook, makeConnection, makePlugin } = require('haraka-test-fixtures')
+
+describe('auth/flat_file', () => {
+    let plugin
+
+    beforeEach(() => {
+        plugin = makePlugin('auth/flat_file', { register: false })
+        plugin.inherits('auth/auth_base')
+        plugin.load_flat_ini()
+    })
+
+    describe('load_flat_ini', () => {
+        it('populates cfg.users as an object', () => {
+            assert.ok(typeof plugin.cfg.users === 'object')
+        })
+
+        it('cfg.users defaults to empty object when not configured', () => {
+            // default config has no real users
+            assert.deepEqual(plugin.cfg.users, {})
+        })
+    })
+
+    describe('hook_capabilities', () => {
+        let conn
+
+        beforeEach(() => {
+            conn = makeConnection()
+            conn.capabilities = []
+            conn.notes.allowed_auth_methods = []
+            conn.remote.is_private = false
+            conn.tls.enabled = false
+        })
+
+        it('skips for public non-TLS connection', (t, done) => {
+            callHook(plugin, 'hook_capabilities', conn).then(({ rc }) => {
+                assert.equal(rc, undefined)
+                assert.equal(conn.capabilities.length, 0)
+                done()
+            })
+        })
+
+        it('adds AUTH methods for private connection (non-TLS)', (t, done) => {
+            conn.remote.is_private = true
+            plugin.cfg.core.methods = 'PLAIN,LOGIN'
+            callHook(plugin, 'hook_capabilities', conn).then(({ rc }) => {
+                assert.equal(rc, undefined)
+                assert.ok(
+                    conn.capabilities.some((c) => c.startsWith('AUTH ')),
+                    'AUTH capability should be present',
+                )
+                done()
+            })
+        })
+
+        it('adds AUTH methods when TLS is enabled', (t, done) => {
+            conn.tls.enabled = true
+            plugin.cfg.core.methods = 'PLAIN,LOGIN'
+            callHook(plugin, 'hook_capabilities', conn).then(({ rc }) => {
+                assert.equal(rc, undefined)
+                assert.ok(conn.capabilities.some((c) => c.startsWith('AUTH ')))
+                done()
+            })
+        })
+
+        it('sets allowed_auth_methods on connection notes', (t, done) => {
+            conn.tls.enabled = true
+            plugin.cfg.core.methods = 'PLAIN,LOGIN'
+            callHook(plugin, 'hook_capabilities', conn).then(() => {
+                assert.deepEqual(conn.notes.allowed_auth_methods, ['PLAIN', 'LOGIN'])
+                done()
+            })
+        })
+
+        it('does not add AUTH when no methods configured', (t, done) => {
+            conn.tls.enabled = true
+            plugin.cfg.core.methods = null
+            callHook(plugin, 'hook_capabilities', conn).then(() => {
+                assert.equal(conn.capabilities.length, 0)
+                done()
+            })
+        })
+    })
+
+    describe('get_plain_passwd', () => {
+        beforeEach(() => {
+            plugin.cfg.users = { alice: 'secret', bob: 'hunter2' }
+        })
+
+        it('returns password for known user', (t, done) => {
+            plugin.get_plain_passwd('alice', {}, (pw) => {
+                assert.equal(pw, 'secret')
+                done()
+            })
+        })
+
+        it('calls cb with no args for unknown user', (t, done) => {
+            plugin.get_plain_passwd('unknown', {}, (pw) => {
+                assert.equal(pw, undefined)
+                done()
+            })
+        })
+
+        it('handles multiple users', (t, done) => {
+            plugin.get_plain_passwd('bob', {}, (pw) => {
+                assert.equal(pw, 'hunter2')
+                done()
+            })
+        })
+
+        it('coerces password to string via toString()', (t, done) => {
+            plugin.cfg.users.numericuser = 12345
+            plugin.get_plain_passwd('numericuser', {}, (pw) => {
+                assert.equal(pw, '12345')
+                done()
+            })
+        })
+    })
+})

package/test/plugins/block_me.js

@@ -0,0 +1,141 @@
+'use strict'
+
+const fs = require('node:fs')
+const path = require('node:path')
+const assert = require('node:assert/strict')
+const { describe, it, beforeEach, after } = require('node:test')
+
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
+require('haraka-constants').import(global)
+
+// block_me appends to <config>/mail_from.blocklist when a sender is blocked;
+// remove the artifact the 'sets block_me note' test produces.
+after(() => {
+    fs.rmSync(path.resolve('test/config/mail_from.blocklist'), { force: true })
+})
+
+describe('block_me', () => {
+    let plugin
+
+    // Read config (block_me.recipient, block_me.senders) from test/config rather
+    // than the real config dir. block_me also appends matched senders to
+    // mail_from.blocklist; with this override that write lands in test/config too.
+    beforeEach(() => {
+        plugin = makePlugin('block_me', { register: false, configDir: 'test' })
+    })
+
+    describe('hook_data', () => {
+        it('enables body parsing and calls next', (t, done) => {
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.parse_body = false
+            plugin.hook_data((rc) => {
+                assert.equal(rc, undefined)
+                assert.equal(conn.transaction.parse_body, true)
+                done()
+            }, conn)
+        })
+    })
+
+    describe('hook_data_post', () => {
+        it('calls next when not relaying', (t, done) => {
+            const conn = makeConnection({ withTxn: true })
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next when transaction is missing', (t, done) => {
+            const conn = makeConnection()
+            conn.relaying = true
+            conn.transaction = null
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next when more than one recipient', (t, done) => {
+            const conn = makeConnection({
+                relaying: true,
+                rcptTo: ['blocklist@example.com', 'other@example.com'],
+            })
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next when recipient does not match configured address', (t, done) => {
+            const conn = makeConnection({ relaying: true, rcptTo: ['other@example.com'] })
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('denies when sender is not in the allowed senders list', (t, done) => {
+            const conn = makeConnection({
+                relaying: true,
+                mailFrom: 'notallowed@example.com',
+                rcptTo: ['blocklist@example.com'],
+            })
+            plugin.hook_data_post((rc, msg) => {
+                assert.equal(rc, DENY)
+                assert.ok(msg.includes('not allowed'))
+                done()
+            }, conn)
+        })
+
+        it('calls next when no From header found in body', (t, done) => {
+            const conn = makeConnection({
+                relaying: true,
+                mailFrom: 'sender@example.com',
+                rcptTo: ['blocklist@example.com'],
+            })
+            conn.transaction.body = { bodytext: 'No from header here', children: [] }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                // note should not be set since no From header
+                assert.equal(conn.transaction.notes.block_me, undefined)
+                done()
+            }, conn)
+        })
+
+        it('sets block_me note and calls next when From is extracted', (t, done) => {
+            const conn = makeConnection({
+                relaying: true,
+                mailFrom: 'sender@example.com',
+                rcptTo: ['blocklist@example.com'],
+            })
+            conn.transaction.body = {
+                bodytext: 'From: Test User <block_target@example.com>',
+                children: [],
+            }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                assert.equal(conn.transaction.notes.block_me, 1)
+                done()
+            }, conn)
+        })
+    })
+
+    describe('hook_queue', () => {
+        it('returns OK when block_me note is set on transaction', (t, done) => {
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.notes.block_me = 1
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, OK)
+                done()
+            }, conn)
+        })
+
+        it('calls next when block_me note is not set', (t, done) => {
+            const conn = makeConnection({ withTxn: true })
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+    })
+})

package/test/plugins/data.signatures.js

@@ -0,0 +1,111 @@
+'use strict'
+
+const assert = require('node:assert/strict')
+const { describe, it, beforeEach } = require('node:test')
+
+const { makeConnection, makePlugin } = require('haraka-test-fixtures')
+require('haraka-constants').import(global)
+
+describe('data.signatures', () => {
+    let plugin
+
+    beforeEach(() => {
+        plugin = makePlugin('data.signatures', { register: false })
+    })
+
+    describe('hook_data', () => {
+        it('enables body parsing', (t, done) => {
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.parse_body = false
+            plugin.hook_data((rc) => {
+                assert.equal(rc, undefined)
+                assert.equal(conn.transaction.parse_body, true)
+                done()
+            }, conn)
+        })
+
+        it('calls next when there is no transaction', (t, done) => {
+            const conn = makeConnection()
+            conn.transaction = null
+            plugin.hook_data((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+    })
+
+    describe('hook_data_post', () => {
+        it('calls next when there is no transaction', (t, done) => {
+            const conn = makeConnection()
+            conn.transaction = null
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next when signature list is empty', (t, done) => {
+            plugin.config.get = (name, type) => (type === 'list' ? [] : {})
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'This is some email body text', children: [] }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('denies when body matches a signature', (t, done) => {
+            plugin.config.get = (name, type) => (type === 'list' ? ['spam_signature_text'] : {})
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'Buy cheap meds! spam_signature_text here', children: [] }
+            plugin.hook_data_post((rc, msg) => {
+                assert.equal(rc, DENY)
+                assert.ok(msg.includes('spam'))
+                done()
+            }, conn)
+        })
+
+        it('calls next when body does not match any signature', (t, done) => {
+            plugin.config.get = (name, type) => (type === 'list' ? ['bad_pattern'] : {})
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'Totally normal email body', children: [] }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('denies when a child body part matches a signature', (t, done) => {
+            plugin.config.get = (name, type) => (type === 'list' ? ['spam_in_child'] : {})
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = {
+                bodytext: 'clean parent text',
+                children: [{ bodytext: 'spam_in_child content here', children: [] }],
+            }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, DENY)
+                done()
+            }, conn)
+        })
+
+        it('calls next when multiple signatures do not match', (t, done) => {
+            plugin.config.get = (name, type) => (type === 'list' ? ['sig_one', 'sig_two', 'sig_three'] : {})
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'No matching signatures here at all', children: [] }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('matches the first of multiple signatures', (t, done) => {
+            plugin.config.get = (name, type) => (type === 'list' ? ['no_match', 'buy_cheap_pills'] : {})
+            const conn = makeConnection({ withTxn: true })
+            conn.transaction.body = { bodytext: 'This message has buy_cheap_pills for you', children: [] }
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, DENY)
+                done()
+            }, conn)
+        })
+    })
+})