mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-08 23:28:39 +03:00
configs: add ACME section
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
@@ -568,6 +568,17 @@ func TestInitialization(t *testing.T) {
|
||||
if assert.Error(t, err) {
|
||||
assert.Contains(t, err.Error(), "no login method available for WebClient UI")
|
||||
}
|
||||
err = dataprovider.Close()
|
||||
assert.NoError(t, err)
|
||||
err = httpdConf.Initialize(configDir, isShared)
|
||||
if assert.Error(t, err) {
|
||||
assert.Contains(t, err.Error(), "unable to load config from provider")
|
||||
}
|
||||
err = config.LoadConfig(configDir, "")
|
||||
assert.NoError(t, err)
|
||||
providerConf := config.GetProviderConf()
|
||||
err = dataprovider.Initialize(providerConf, configDir, true)
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestBasicUserHandling(t *testing.T) {
|
||||
@@ -12322,15 +12333,16 @@ func TestWebConfigsMock(t *testing.T) {
|
||||
form.Set("smtp_username", defaultUsername)
|
||||
form.Set("smtp_password", defaultPassword)
|
||||
form.Set("smtp_domain", "localdomain")
|
||||
form.Set("smtp_auth", "100")
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
assert.Contains(t, rr.Body.String(), "Validation error") // port is not passed so 0
|
||||
assert.Contains(t, rr.Body.String(), "Validation error") // invalid smtp_auth
|
||||
// set valid parameters
|
||||
form.Set("smtp_port", "465")
|
||||
form.Set("smtp_port", "a") // converted to 587
|
||||
form.Set("smtp_auth", "1")
|
||||
form.Set("smtp_encryption", "2")
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
@@ -12348,7 +12360,7 @@ func TestWebConfigsMock(t *testing.T) {
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||
assert.Equal(t, "mail.example.net", configs.SMTP.Host)
|
||||
assert.Equal(t, 465, configs.SMTP.Port)
|
||||
assert.Equal(t, 587, configs.SMTP.Port)
|
||||
assert.Equal(t, "Example <info@example.net>", configs.SMTP.From)
|
||||
assert.Equal(t, defaultUsername, configs.SMTP.User)
|
||||
err = configs.SMTP.Password.Decrypt()
|
||||
@@ -12359,6 +12371,8 @@ func TestWebConfigsMock(t *testing.T) {
|
||||
assert.Equal(t, "localdomain", configs.SMTP.Domain)
|
||||
// set a redacted password, the current password must be preserved
|
||||
form.Set("smtp_password", redactedSecret)
|
||||
form.Set("smtp_auth", "")
|
||||
configs.SMTP.AuthType = 0 // empty will be converted to 0
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
@@ -12385,6 +12399,76 @@ func TestWebConfigsMock(t *testing.T) {
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
assert.Contains(t, rr.Body.String(), "Configurations updated")
|
||||
// test ACME configs, set a fake callback to avoid Let's encrypt calls
|
||||
httpd.SetCertificatesGetter(func(a *dataprovider.ACMEConfigs, s string) error { return nil })
|
||||
form.Set("form_action", "acme_submit")
|
||||
form.Set("acme_port", "") // on error will be set to 80
|
||||
form.Set("acme_protocols", "1")
|
||||
form.Add("acme_protocols", "2")
|
||||
form.Add("acme_protocols", "3")
|
||||
form.Set("acme_domain", "example.com")
|
||||
// no email set, validation will fail
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
assert.Contains(t, rr.Body.String(), "Validation error")
|
||||
form.Set("acme_domain", "")
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
assert.Contains(t, rr.Body.String(), "Configurations updated")
|
||||
// check
|
||||
configs, err = dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||
assert.Equal(t, 80, configs.ACME.HTTP01Challenge.Port)
|
||||
assert.Equal(t, 7, configs.ACME.Protocols)
|
||||
assert.Empty(t, configs.ACME.Domain)
|
||||
assert.Empty(t, configs.ACME.Email)
|
||||
assert.True(t, configs.ACME.HasProtocol(common.ProtocolFTP))
|
||||
assert.True(t, configs.ACME.HasProtocol(common.ProtocolWebDAV))
|
||||
assert.True(t, configs.ACME.HasProtocol(common.ProtocolHTTP))
|
||||
|
||||
form.Set("acme_port", "402")
|
||||
form.Set("acme_protocols", "1")
|
||||
form.Add("acme_protocols", "1000")
|
||||
form.Set("acme_domain", "acme.example.com")
|
||||
form.Set("acme_email", "email@example.com")
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
assert.Contains(t, rr.Body.String(), "Configurations updated")
|
||||
configs, err = dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
||||
assert.Equal(t, 402, configs.ACME.HTTP01Challenge.Port)
|
||||
assert.Equal(t, 1, configs.ACME.Protocols)
|
||||
assert.Equal(t, "acme.example.com", configs.ACME.Domain)
|
||||
assert.Equal(t, "email@example.com", configs.ACME.Email)
|
||||
assert.False(t, configs.ACME.HasProtocol(common.ProtocolFTP))
|
||||
assert.False(t, configs.ACME.HasProtocol(common.ProtocolWebDAV))
|
||||
assert.True(t, configs.ACME.HasProtocol(common.ProtocolHTTP))
|
||||
// updates will fail, the get certificate fn will return error with nil callback
|
||||
httpd.SetCertificatesGetter(nil)
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
assert.Contains(t, rr.Body.String(), "unable to get TLS certificates")
|
||||
|
||||
err = dataprovider.UpdateConfigs(nil, "", "", "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
Reference in New Issue
Block a user