feat: implement mail-login directadmin plugin
This commit is contained in:
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once PLUGIN_ROOT . '/exec/lib/Settings.php';
|
||||
require_once PLUGIN_ROOT . '/exec/lib/UrlValidator.php';
|
||||
|
||||
test('url validator accepts local redirect paths only', function (): void {
|
||||
assert_same('/', UrlValidator::assertSafeRedirectPath('/'));
|
||||
assert_same('/user/email/accounts', UrlValidator::assertSafeRedirectPath('/user/email/accounts'));
|
||||
|
||||
foreach (['', 'https://evil.example/', '//evil.example/', '/\\evil', '/mail;id', '/mail&x=1', '/mail path'] as $bad) {
|
||||
try {
|
||||
UrlValidator::assertSafeRedirectPath($bad);
|
||||
throw new RuntimeException('Expected bad redirect to fail: ' . $bad);
|
||||
} catch (InvalidArgumentException $e) {
|
||||
assert_contains('redirect', strtolower($e->getMessage()));
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
test('url validator accepts only configured mx login url', function (): void {
|
||||
$settings = Settings::fromArray(['MAIL_LOGIN_TARGET_BASE_URL' => 'https://mx1.domena.pl:2222']);
|
||||
$url = 'https://mx1.domena.pl:2222/api/login/url?key=SECRET';
|
||||
|
||||
assert_same($url, UrlValidator::assertGeneratedLoginUrl($url, $settings));
|
||||
|
||||
foreach ([
|
||||
'https://mx1.domena.pl:2222/CMD_LOGIN?key=SECRET',
|
||||
'https://evil.domena.pl:2222/api/login/url?key=SECRET',
|
||||
'http://mx1.domena.pl:2222/api/login/url?key=SECRET',
|
||||
'https://mx1.domena.pl:2222/api/login/url',
|
||||
] as $bad) {
|
||||
try {
|
||||
UrlValidator::assertGeneratedLoginUrl($bad, $settings);
|
||||
throw new RuntimeException('Expected bad generated URL to fail: ' . $bad);
|
||||
} catch (InvalidArgumentException $e) {
|
||||
assert_contains('login url', strtolower($e->getMessage()));
|
||||
}
|
||||
}
|
||||
});
|
||||
Reference in New Issue
Block a user