summaryrefslogtreecommitdiff
path: root/tests/white-box/mx.rb
diff options
context:
space:
mode:
Diffstat (limited to 'tests/white-box/mx.rb')
-rw-r--r--tests/white-box/mx.rb145
1 files changed, 113 insertions, 32 deletions
diff --git a/tests/white-box/mx.rb b/tests/white-box/mx.rb
index 6c0982ce..e0cb273a 100644
--- a/tests/white-box/mx.rb
+++ b/tests/white-box/mx.rb
@@ -1,5 +1,6 @@
raise SkipTest unless service?(:mx)
+require 'date'
require 'json'
require 'net/smtp'
@@ -38,38 +39,15 @@ class Mx < LeapTest
# using the by_address view for that same document again.
#
def test_03_Can_query_identities_db?
- assert_get(couchdb_url("/identities", couch_url_options)) do |body|
+ ident = pick_random_identity
+ address = ident['address']
+ url_base = %(/identities/_design/Identity/_view/by_address)
+ params = %(?include_docs=true&reduce=false&startkey="#{address}"&endkey="#{address}")
+ assert_get(couchdb_url(url_base+params, couch_url_options)) do |body|
assert response = JSON.parse(body)
- doc_count = response['doc_count'].to_i
- if doc_count <= 1
- # the design document counts as one document.
- skip "There are no identity documents yet."
- else
- # try five times to get a valid doc
- for i in 1..5
- offset = rand(doc_count) # pick a random document
- count_url = couchdb_url("/identities/_all_docs?include_docs=true&limit=1&skip=#{offset}", couch_url_options)
- assert_get(count_url) do |body|
- assert response = JSON.parse(body)
- record = response['rows'].first
- if record['id'] =~ /_design/
- next
- else
- address = record['doc']['address']
- assert address, "Identity document #{record['id']} is missing an address field. #{record['doc'].inspect}"
- url_base = %(/identities/_design/Identity/_view/by_address)
- params = %(?include_docs=true&reduce=false&startkey="#{address}"&endkey="#{address}")
- assert_get(couchdb_url(url_base+params, couch_url_options)) do |body|
- assert response = JSON.parse(body)
- assert record = response['rows'].first
- assert_equal address, record['doc']['address']
- pass
- end
- break
- end
- end
- end
- end
+ assert record = response['rows'].first
+ assert_equal address, record['doc']['address']
+ pass
end
end
@@ -92,12 +70,62 @@ class Mx < LeapTest
end
#
+ # TODO: test to make sure postmap returned the right result
+ #
+ def test_05_Can_postfix_query_leapmx?
+ ident = pick_random_identity(10, :with_public_key => true)
+ address = ident["address"]
+
+ #
+ # virtual alias map:
+ #
+ # user@domain => 41c29a80a44f4775513c64ac9cab91b9@deliver.local
+ #
+ assert_run("postmap -v -q \"#{address}\" tcp:localhost:4242")
+
+ #
+ # recipient access map:
+ #
+ # user@domain => [OK|REJECT|TEMP_FAIL]
+ #
+ # This map is queried by the mail server before delivery to the mail spool
+ # directory, and should check if the address is able to receive messages.
+ # Examples of reasons for denying delivery would be that the user is out of
+ # quota, is user, or have no pgp public key in the server.
+ #
+ # NOTE: in the future, when we support quota, we need to make sure that
+ # we don't randomly pick a user for this test that happens to be over quota.
+ #
+ assert_run("postmap -v -q \"#{address}\" tcp:localhost:2244")
+
+ #
+ # certificate validity map:
+ #
+ # fa:2a:70:1f:d8:16:4e:1a:3b:15:c1:67:00:f0 => [200|500]
+ #
+ # Determines whether a particular SMTP client cert is authorized
+ # to relay mail, based on the fingerprint.
+ #
+ if ident["cert_fingerprints"]
+ not_expired = ident["cert_fingerprints"].select {|key, value|
+ Time.now.utc < DateTime.strptime("2016-01-03", "%F").to_time.utc
+ }
+ if not_expired.any?
+ fingerprint = not_expired.first
+ assert_run("postmap -v -q #{fingerprint} tcp:localhost:2424")
+ end
+ end
+
+ pass
+ end
+
+ #
# The email sent by this test might get bounced back.
# In this case, the test will pass, but the bounce message will
# get sent to root, so the sysadmin will still figure out pretty
# quickly that something is wrong.
#
- def test_05_Can_deliver_email?
+ def test_06_Can_deliver_email?
addr = [TEST_EMAIL_USER, property('domain.full_suffix')].join('@')
bad_addr = [TEST_BAD_USER, property('domain.full_suffix')].join('@')
@@ -123,6 +151,59 @@ class Mx < LeapTest
}
end
+ #
+ # returns a random identity record that also has valid address
+ # and destination fields.
+ #
+ # options:
+ #
+ # * :with_public_key -- searches only for identities with public keys
+ #
+ # note to self: for debugging, here is the curl you want:
+ # curl --netrc "127.0.0.1:5984/identities/_design/Identity/_view/by_address?startkey=\"xxxx@leap.se\"&endkey=\"xxxx@leap.se\"&reduce=false&include_docs=true"
+ #
+ def pick_random_identity(tries=5, options={})
+ assert_get(couchdb_url("/identities", couch_url_options)) do |body|
+ assert response = JSON.parse(body)
+ doc_count = response['doc_count'].to_i
+ if doc_count <= 1
+ # the design document counts as one document.
+ skip "There are no identity documents yet."
+ else
+ # try repeatedly to get a valid doc
+ for i in 1..tries
+ offset = rand(doc_count) # pick a random document
+ url = couchdb_url("/identities/_all_docs?include_docs=true&limit=1&skip=#{offset}", couch_url_options)
+ assert_get(url) do |body|
+ assert response = JSON.parse(body)
+ record = response['rows'].first
+ if record['id'] =~ /_design/
+ next
+ elsif record['doc'] && record['doc']['address']
+ next if record['doc']['destination'].nil? || record['doc']['destination'].empty?
+ next if options[:with_public_key] && !record_has_key?(record)
+ return record['doc']
+ else
+ fail "Identity document #{record['id']} is missing an address field. #{record['doc'].inspect}"
+ end
+ end
+ end
+ if options[:with_public_key]
+ skip "Could not find an Identity document with a public key for testing."
+ else
+ fail "Failed to find a valid Identity document (with address and destination)."
+ end
+ end
+ end
+ end
+
+ def record_has_key?(record)
+ !record['doc']['keys'].nil? &&
+ !record['doc']['keys'].empty? &&
+ !record['doc']['keys']['pgp'].nil? &&
+ !record['doc']['keys']['pgp'].empty?
+ end
+
TEST_EMAIL_PUBLIC_KEY=<<HERE
-----BEGIN PGP PUBLIC KEY BLOCK-----
mI0EVvzIKQEEAN4f8FOGntJGTTD+fFUQS6y/ihn6tYLtyGZZbCOd0t/9kHt/raoR