getMessage())); } } }); test('url validator accepts only configured mx login url', function (): void { $settings = Settings::fromArray(['MAIL_LOGIN_TARGET_BASE_URL' => 'https://mx1.domena.pl:2222']); $url = 'https://mx1.domena.pl:2222/api/login/url?key=SECRET'; assert_same($url, UrlValidator::assertGeneratedLoginUrl($url, $settings)); foreach ([ 'https://mx1.domena.pl:2222/CMD_LOGIN?key=SECRET', 'https://evil.domena.pl:2222/api/login/url?key=SECRET', 'http://mx1.domena.pl:2222/api/login/url?key=SECRET', 'https://mx1.domena.pl:2222/api/login/url', ] as $bad) { try { UrlValidator::assertGeneratedLoginUrl($bad, $settings); throw new RuntimeException('Expected bad generated URL to fail: ' . $bad); } catch (InvalidArgumentException $e) { assert_contains('login url', strtolower($e->getMessage())); } } });