[GitHub] [james-project] quantranhong1999 commented on a change in pull request #788: JAMES-3680 IMAP config support auth.requireSSL

GitBox Wed, 15 Dec 2021 00:52:43 -0800


quantranhong1999 commented on a change in pull request #788:
URL: https://github.com/apache/james-project/pull/788#discussion_r769376804




##########
File path: 
server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
##########
@@ -549,6 +549,65 @@ void capabilityShouldAdvertiseLoginOnUnEncryptedChannel() 
throws Exception {
         }
     }
 
+    @Nested
+    class AuthenticationRequireSSL {
+        IMAPServer imapServer;
+
+        @AfterEach
+        void tearDown() {
+            if (imapServer!=null){
+                imapServer.destroy();
+            }
+        }
+        @Test
+        void loginShouldFailWhenRequireSSLAndPlainAuthNotEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthDisabledAndRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatThrownBy(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS))
+                .hasMessage("Login failed");
+
+        }
+
+        @Test
+        void loginShouldSuccessWhenRequireSSLAndPlainAuthEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthEnabledAndRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatCode(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS)

Review comment:
       I guess we need to modify testIMAPClient a little so it can connect in 
SSL way.

##########
File path: 
server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
##########
@@ -549,6 +549,65 @@ void capabilityShouldAdvertiseLoginOnUnEncryptedChannel() 
throws Exception {
         }
     }
 
+    @Nested
+    class AuthenticationRequireSSL {
+        IMAPServer imapServer;
+
+        @AfterEach
+        void tearDown() {
+            if (imapServer!=null){

Review comment:
       indent

##########
File path: 
server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
##########
@@ -549,6 +549,65 @@ void capabilityShouldAdvertiseLoginOnUnEncryptedChannel() 
throws Exception {
         }
     }
 
+    @Nested
+    class AuthenticationRequireSSL {
+        IMAPServer imapServer;
+
+        @AfterEach
+        void tearDown() {
+            if (imapServer!=null){
+                imapServer.destroy();
+            }
+        }
+        @Test
+        void loginShouldFailWhenRequireSSLAndPlainAuthNotEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthDisabledAndRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatThrownBy(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS))
+                .hasMessage("Login failed");
+
+        }
+
+        @Test
+        void loginShouldSuccessWhenRequireSSLAndPlainAuthEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthEnabledAndRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatCode(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS)
+                    .append("INBOX", SMALL_MESSAGE))
+                .doesNotThrowAnyException();
+        }
+
+        @Test
+        void loginShouldSuccessWhenNOTRequireSSLAndPlainAuthNotEnabled() 
throws Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthDisabledAndNotRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatCode(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS)
+                    .append("INBOX", SMALL_MESSAGE))
+                .doesNotThrowAnyException();
+        }
+
+        @Test
+        void loginShouldSuccessWhenNOTRequireSSLAndPlainAuthEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthEnabledAndNotRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatCode(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS)
+                    .append("INBOX", SMALL_MESSAGE))
+                .doesNotThrowAnyException();
+        }
+    }
+

Review comment:
       I think we should follow test cases Benoit suggested: 
   ```
   -> if authentication.requireSSL is true and I issue a LOGIN command on an 
unencrypted channel it fails
   -> if authentication.requireSSL is true and I issue a LOGIN command on an 
encrypted channel it succeed
   -> if authentication.requireSSL is false and I issue a LOGIN command on an 
unencrypted channel it succeed
   -> if authentication.requireSSL is false and I issue a LOGIN command on an 
encrypted channel it succeed
   ```
   With plainAuthEnabled = true. Do not care about plainAuthEnabled at least 
for these 4 tests I think.

##########
File path: 
server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
##########
@@ -549,6 +549,65 @@ void capabilityShouldAdvertiseLoginOnUnEncryptedChannel() 
throws Exception {
         }
     }
 
+    @Nested
+    class AuthenticationRequireSSL {
+        IMAPServer imapServer;
+
+        @AfterEach
+        void tearDown() {
+            if (imapServer!=null){
+                imapServer.destroy();
+            }
+        }
+        @Test
+        void loginShouldFailWhenRequireSSLAndPlainAuthNotEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthDisabledAndRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatThrownBy(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS))
+                .hasMessage("Login failed");
+
+        }
+
+        @Test
+        void loginShouldSuccessWhenRequireSSLAndPlainAuthEnabled() throws 
Exception {
+            imapServer = 
createImapServer("imapServerPlainAuthEnabledAndRequireSSL.xml");
+            int port = imapServer.getListenAddresses().get(0).getPort();
+
+            assertThatCode(() ->
+                testIMAPClient.connect("127.0.0.1", port)
+                    .login(USER.asString(), USER_PASS)
+                    .append("INBOX", SMALL_MESSAGE))
+                .doesNotThrowAnyException();
+        }
+
+        @Test
+        void loginShouldSuccessWhenNOTRequireSSLAndPlainAuthNotEnabled() 
throws Exception {

Review comment:
       When Not required SSL and Plain Auth not enabled => I think login should 
fail




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [james-project] quantranhong1999 commented on a change in pull request #788: JAMES-3680 IMAP config support auth.requireSSL

Reply via email to