91 lines
3.4 KiB
PHP
91 lines
3.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
require_once PLUGIN_ROOT . '/exec/lib/Settings.php';
|
|
|
|
test('settings expose secure defaults from plugin-settings.conf', function (): void {
|
|
$settings = Settings::fromArray([]);
|
|
|
|
assert_same(14400, $settings->loginKeyTtl());
|
|
assert_true($settings->userIpBound());
|
|
assert_true($settings->ipMask());
|
|
assert_same('MASKED', $settings->auditClientIp('198.51.100.10'));
|
|
assert_true($settings->defaultEnable());
|
|
assert_same('login_url', $settings->method());
|
|
assert_same('root', $settings->sshUser());
|
|
assert_same('https://mx1.mojserwer.pl:2222', $settings->targetBaseUrl());
|
|
});
|
|
|
|
test('settings runtime file is the directadmin plugin settings file', function (): void {
|
|
assert_same('/usr/local/directadmin/plugins/mxautologin/plugin-settings.conf', Settings::EXTERNAL_SETTINGS);
|
|
});
|
|
|
|
test('settings reject login key ttl outside production range', function (): void {
|
|
foreach (['4', '86401', 'abc'] as $ttl) {
|
|
try {
|
|
Settings::fromArray(['LOGIN_KEY_TTL' => $ttl]);
|
|
throw new RuntimeException('Expected invalid TTL to fail: ' . $ttl);
|
|
} catch (InvalidArgumentException $e) {
|
|
assert_contains('LOGIN_KEY_TTL', $e->getMessage());
|
|
}
|
|
}
|
|
});
|
|
|
|
test('settings accept explicit ttl and user ip binding toggle', function (): void {
|
|
$settings = Settings::fromArray([
|
|
'LOGIN_KEY_TTL' => '5',
|
|
'USER_IP_BOUND' => '0',
|
|
'IP_MASK' => '0',
|
|
]);
|
|
|
|
assert_same(5, $settings->loginKeyTtl());
|
|
assert_false($settings->userIpBound());
|
|
assert_false($settings->ipMask());
|
|
assert_same('198.51.100.10', $settings->auditClientIp('198.51.100.10'));
|
|
});
|
|
|
|
test('settings accept zero login key ttl as directadmin default expiry', function (): void {
|
|
$settings = Settings::fromArray(['LOGIN_KEY_TTL' => '0']);
|
|
|
|
assert_same(0, $settings->loginKeyTtl());
|
|
});
|
|
|
|
test('settings reject unsupported ip mask values', function (): void {
|
|
foreach (['yes', '2', ''] as $mask) {
|
|
try {
|
|
Settings::fromArray(['IP_MASK' => $mask]);
|
|
throw new RuntimeException('Expected invalid IP_MASK to fail: ' . $mask);
|
|
} catch (InvalidArgumentException $e) {
|
|
assert_contains('IP_MASK', $e->getMessage());
|
|
}
|
|
}
|
|
});
|
|
|
|
test('source plugin settings do not expose local source host allowlist', function (): void {
|
|
$defaults = Settings::defaults();
|
|
$config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: '';
|
|
|
|
assert_false(array_key_exists('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $defaults));
|
|
assert_not_contains('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $config);
|
|
});
|
|
|
|
test('settings do not expose mx helper mode', function (): void {
|
|
$defaults = Settings::defaults();
|
|
$config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: '';
|
|
|
|
assert_false(array_key_exists('MX_LOGIN_MODE', $defaults));
|
|
assert_not_contains('MX_LOGIN_MODE', $config);
|
|
});
|
|
|
|
test('settings reject disabled plugin and unsupported methods through access guard', function (): void {
|
|
try {
|
|
Settings::fromArray(['MAIL_LOGIN_METHOD' => 'password']);
|
|
throw new RuntimeException('Expected unsupported method to fail');
|
|
} catch (InvalidArgumentException $e) {
|
|
assert_contains('MAIL_LOGIN_METHOD', $e->getMessage());
|
|
}
|
|
|
|
$settings = Settings::fromArray(['DEFAULT_ENABLE' => 'false']);
|
|
assert_false($settings->defaultEnable());
|
|
});
|