loginKeyTtl()); assert_true($settings->userIpBound()); assert_true($settings->ipMask()); assert_same('MASKED', $settings->auditClientIp('198.51.100.10')); assert_true($settings->defaultEnable()); assert_same('login_url', $settings->method()); assert_same(1, $settings->mxLoginMode()); assert_same('root', $settings->sshUser()); assert_same('https://mx1.mojserwer.pl:2222', $settings->targetBaseUrl()); }); test('settings runtime file is the directadmin plugin settings file', function (): void { assert_same('/usr/local/directadmin/plugins/mx_autologin/plugin-settings.conf', Settings::EXTERNAL_SETTINGS); }); test('settings reject login key ttl outside production range', function (): void { foreach (['4', '86401', 'abc'] as $ttl) { try { Settings::fromArray(['LOGIN_KEY_TTL' => $ttl]); throw new RuntimeException('Expected invalid TTL to fail: ' . $ttl); } catch (InvalidArgumentException $e) { assert_contains('LOGIN_KEY_TTL', $e->getMessage()); } } }); test('settings accept explicit ttl and user ip binding toggle', function (): void { $settings = Settings::fromArray([ 'LOGIN_KEY_TTL' => '5', 'USER_IP_BOUND' => '0', 'IP_MASK' => '0', 'MX_LOGIN_MODE' => '2', ]); assert_same(5, $settings->loginKeyTtl()); assert_false($settings->userIpBound()); assert_false($settings->ipMask()); assert_same('198.51.100.10', $settings->auditClientIp('198.51.100.10')); assert_same(2, $settings->mxLoginMode()); }); test('settings accept zero login key ttl as directadmin default expiry', function (): void { $settings = Settings::fromArray(['LOGIN_KEY_TTL' => '0']); assert_same(0, $settings->loginKeyTtl()); }); test('settings reject unsupported ip mask values', function (): void { foreach (['yes', '2', ''] as $mask) { try { Settings::fromArray(['IP_MASK' => $mask]); throw new RuntimeException('Expected invalid IP_MASK to fail: ' . $mask); } catch (InvalidArgumentException $e) { assert_contains('IP_MASK', $e->getMessage()); } } }); test('settings reject unsupported mx login mode values', function (): void { foreach (['0', '3', 'helper', ''] as $mode) { try { Settings::fromArray(['MX_LOGIN_MODE' => $mode]); throw new RuntimeException('Expected invalid MX_LOGIN_MODE to fail: ' . $mode); } catch (InvalidArgumentException $e) { assert_contains('MX_LOGIN_MODE', $e->getMessage()); } } }); test('source plugin settings do not expose local source host allowlist', function (): void { $defaults = Settings::defaults(); $config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: ''; assert_false(array_key_exists('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $defaults)); assert_not_contains('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $config); }); test('settings reject disabled plugin and unsupported methods through access guard', function (): void { try { Settings::fromArray(['MAIL_LOGIN_METHOD' => 'password']); throw new RuntimeException('Expected unsupported method to fail'); } catch (InvalidArgumentException $e) { assert_contains('MAIL_LOGIN_METHOD', $e->getMessage()); } $settings = Settings::fromArray(['DEFAULT_ENABLE' => 'false']); assert_false($settings->defaultEnable()); });