loginKeyTtl()); assert_true($settings->userIpBound()); assert_true($settings->ipMask()); assert_same('MASKED', $settings->auditClientIp('198.51.100.10')); assert_true($settings->defaultEnable()); assert_same('root', $settings->sshUser()); assert_same('https://mx1.mojserwer.pl:2222', $settings->targetBaseUrl()); }); test('settings runtime file is the directadmin plugin settings file', function (): void { assert_same('/usr/local/directadmin/plugins/mxautologin/plugin-settings.conf', Settings::EXTERNAL_SETTINGS); }); test('settings reject login key ttl outside production range', function (): void { foreach (['4', '86401', 'abc'] as $ttl) { try { Settings::fromArray(['LOGIN_KEY_TTL' => $ttl]); throw new RuntimeException('Expected invalid TTL to fail: ' . $ttl); } catch (InvalidArgumentException $e) { assert_contains('LOGIN_KEY_TTL', $e->getMessage()); } } }); test('settings accept explicit ttl and user ip binding toggle', function (): void { $settings = Settings::fromArray([ 'LOGIN_KEY_TTL' => '5', 'USER_IP_BOUND' => '0', 'IP_MASK' => '0', ]); assert_same(5, $settings->loginKeyTtl()); assert_false($settings->userIpBound()); assert_false($settings->ipMask()); assert_same('198.51.100.10', $settings->auditClientIp('198.51.100.10')); }); test('settings accept zero login key ttl as directadmin default expiry', function (): void { $settings = Settings::fromArray(['LOGIN_KEY_TTL' => '0']); assert_same(0, $settings->loginKeyTtl()); }); test('settings reject unsupported ip mask values', function (): void { foreach (['yes', '2', ''] as $mask) { try { Settings::fromArray(['IP_MASK' => $mask]); throw new RuntimeException('Expected invalid IP_MASK to fail: ' . $mask); } catch (InvalidArgumentException $e) { assert_contains('IP_MASK', $e->getMessage()); } } }); test('source plugin settings do not expose local source host allowlist', function (): void { $defaults = Settings::defaults(); $config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: ''; assert_false(array_key_exists('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $defaults)); assert_not_contains('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $config); }); test('settings do not expose mx helper mode', function (): void { $defaults = Settings::defaults(); $config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: ''; assert_false(array_key_exists('MX_LOGIN_MODE', $defaults)); assert_not_contains('MX_LOGIN_MODE', $config); }); test('settings do not expose deprecated mail login method switch', function (): void { $defaults = Settings::defaults(); $config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: ''; assert_false(array_key_exists('MAIL_LOGIN_METHOD', $defaults)); assert_not_contains('MAIL_LOGIN_METHOD', $config); }); test('settings do not expose cosmetic target name setting', function (): void { $defaults = Settings::defaults(); $config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: ''; assert_false(array_key_exists('MAIL_LOGIN_TARGET_NAME', $defaults)); assert_not_contains('MAIL_LOGIN_TARGET_NAME', $config); }); test('settings expose disabled plugin flag through access guard', function (): void { $settings = Settings::fromArray(['DEFAULT_ENABLE' => 'false']); assert_false($settings->defaultEnable()); });