feat: support default login url expiry

This commit is contained in:
Marek Miklewicz
2026-06-30 20:21:53 +02:00
parent e2814fd81c
commit 4a1c9d0db4
7 changed files with 35 additions and 11 deletions
+1 -1
View File
@@ -8,7 +8,7 @@ test('plugin metadata and packaging docs match project rules', function (): void
assert_contains('name=mail-login', $conf);
assert_contains('id=mail-login', $conf);
assert_contains('type=user', $conf);
assert_contains('version=1.0.11', $conf);
assert_contains('version=1.0.12', $conf);
assert_contains('user_run_as=root', $conf);
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/src', $packing);
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/archives/X.Y.Z/mail-login.tar.gz', $packing);
+14
View File
@@ -51,6 +51,20 @@ test('remote login url client builds helper ssh command when mode is helper', fu
assert_same('1782810000', $command[$pos + 8]);
});
test('remote login url client omits expiry when ttl is zero', function (): void {
$settings = Settings::fromArray([
'MAIL_LOGIN_TARGET_BASE_URL' => 'https://mx1.domena.pl:2222',
'MAIL_LOGIN_SSH_HOST' => 'mx1.domena.pl',
'MAIL_LOGIN_SSH_IDENTITY' => '/secure/key',
'MAIL_LOGIN_SSH_KNOWN_HOSTS' => '/secure/known_hosts',
'LOGIN_KEY_TTL' => '0',
]);
$request = new LoginUrlRequest('mxtest', 'h4.domena.pl', 'h4', 0, true, '198.51.100.10', '/', 1782810000);
$command = RemoteLoginUrlClient::buildCommand($settings, $request);
assert_not_contains('--expiry=', implode(' ', $command));
});
test('remote login url client validates helper output before returning it', function (): void {
$settings = Settings::fromArray(['MAIL_LOGIN_TARGET_BASE_URL' => 'https://mx1.domena.pl:2222']);
$request = new LoginUrlRequest('mxtest', 'h4.domena.pl', 'h4', 30, true, '198.51.100.10', '/', 1782810000);
+8 -2
View File
@@ -6,7 +6,7 @@ require_once PLUGIN_ROOT . '/exec/lib/Settings.php';
test('settings expose secure defaults from plugin-settings.conf', function (): void {
$settings = Settings::fromArray([]);
assert_same(30, $settings->loginKeyTtl());
assert_same(14400, $settings->loginKeyTtl());
assert_true($settings->userIpBound());
assert_true($settings->ipMask());
assert_same('MASKED', $settings->auditClientIp('198.51.100.10'));
@@ -22,7 +22,7 @@ test('settings runtime file is the directadmin plugin settings file', function (
});
test('settings reject login key ttl outside production range', function (): void {
foreach (['4', '301', 'abc'] as $ttl) {
foreach (['4', '86401', 'abc'] as $ttl) {
try {
Settings::fromArray(['LOGIN_KEY_TTL' => $ttl]);
throw new RuntimeException('Expected invalid TTL to fail: ' . $ttl);
@@ -47,6 +47,12 @@ test('settings accept explicit ttl and user ip binding toggle', function (): voi
assert_same(2, $settings->mxLoginMode());
});
test('settings accept zero login key ttl as directadmin default expiry', function (): void {
$settings = Settings::fromArray(['LOGIN_KEY_TTL' => '0']);
assert_same(0, $settings->loginKeyTtl());
});
test('settings reject unsupported ip mask values', function (): void {
foreach (['yes', '2', ''] as $mask) {
try {