Files
mxautologin/tests/settings_test.php
T
2026-06-30 21:25:36 +02:00

91 lines
3.4 KiB
PHP

<?php
declare(strict_types=1);
require_once PLUGIN_ROOT . '/exec/lib/Settings.php';
test('settings expose secure defaults from plugin-settings.conf', function (): void {
$settings = Settings::fromArray([]);
assert_same(14400, $settings->loginKeyTtl());
assert_true($settings->userIpBound());
assert_true($settings->ipMask());
assert_same('MASKED', $settings->auditClientIp('198.51.100.10'));
assert_true($settings->defaultEnable());
assert_same('root', $settings->sshUser());
assert_same('https://mx1.mojserwer.pl:2222', $settings->targetBaseUrl());
});
test('settings runtime file is the directadmin plugin settings file', function (): void {
assert_same('/usr/local/directadmin/plugins/mxautologin/plugin-settings.conf', Settings::EXTERNAL_SETTINGS);
});
test('settings reject login key ttl outside production range', function (): void {
foreach (['4', '86401', 'abc'] as $ttl) {
try {
Settings::fromArray(['LOGIN_KEY_TTL' => $ttl]);
throw new RuntimeException('Expected invalid TTL to fail: ' . $ttl);
} catch (InvalidArgumentException $e) {
assert_contains('LOGIN_KEY_TTL', $e->getMessage());
}
}
});
test('settings accept explicit ttl and user ip binding toggle', function (): void {
$settings = Settings::fromArray([
'LOGIN_KEY_TTL' => '5',
'USER_IP_BOUND' => '0',
'IP_MASK' => '0',
]);
assert_same(5, $settings->loginKeyTtl());
assert_false($settings->userIpBound());
assert_false($settings->ipMask());
assert_same('198.51.100.10', $settings->auditClientIp('198.51.100.10'));
});
test('settings accept zero login key ttl as directadmin default expiry', function (): void {
$settings = Settings::fromArray(['LOGIN_KEY_TTL' => '0']);
assert_same(0, $settings->loginKeyTtl());
});
test('settings reject unsupported ip mask values', function (): void {
foreach (['yes', '2', ''] as $mask) {
try {
Settings::fromArray(['IP_MASK' => $mask]);
throw new RuntimeException('Expected invalid IP_MASK to fail: ' . $mask);
} catch (InvalidArgumentException $e) {
assert_contains('IP_MASK', $e->getMessage());
}
}
});
test('source plugin settings do not expose local source host allowlist', function (): void {
$defaults = Settings::defaults();
$config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: '';
assert_false(array_key_exists('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $defaults));
assert_not_contains('MAIL_LOGIN_ALLOWED_SOURCE_HOSTS', $config);
});
test('settings do not expose mx helper mode', function (): void {
$defaults = Settings::defaults();
$config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: '';
assert_false(array_key_exists('MX_LOGIN_MODE', $defaults));
assert_not_contains('MX_LOGIN_MODE', $config);
});
test('settings do not expose deprecated mail login method switch', function (): void {
$defaults = Settings::defaults();
$config = file_get_contents(PLUGIN_ROOT . '/plugin-settings.conf') ?: '';
assert_false(array_key_exists('MAIL_LOGIN_METHOD', $defaults));
assert_not_contains('MAIL_LOGIN_METHOD', $config);
});
test('settings expose disabled plugin flag through access guard', function (): void {
$settings = Settings::fromArray(['DEFAULT_ENABLE' => 'false']);
assert_false($settings->defaultEnable());
});