Separate miab and miab-ldap migrations

Add tests for migrating from miab w/totp (migration 13) to miab-ldap
2026-03-05 15:57:23 +01:00 · 2020-09-16 09:00:27 -04:00
parent b3e789a4e2
commit 7c29628530
10 changed files with 169 additions and 18 deletions
--- a/tests/system-setup/populate/totpuser-data.sh
+++ b/tests/system-setup/populate/totpuser-data.sh
@@ -0,0 +1,9 @@
+#
+# requires:
+#    lib scripts: [ misc.sh ]
+#    system-setup scripts: [ setup-defaults.sh ]
+#
+
+TEST_USER="totp_admin@$(email_domainpart "$EMAIL_ADDR")"
+TEST_USER_PASS="$(static_qa_password)"
+TEST_USER_TOTP_SECRET="6VXVWOSCY7JLU4VBZ6LQEJSBN6WYWECU"
--- a/tests/system-setup/populate/totpuser-populate.sh
+++ b/tests/system-setup/populate/totpuser-populate.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+. "$(dirname "$0")/../setup-defaults.sh" || exit 1
+. "$(dirname "$0")/../../lib/all.sh" "$(dirname "$0")/../../lib" || exit 1
+. "$(dirname "$0")/totpuser-data.sh" || exit 1
+
+
+url=""
+admin_email="$EMAIL_ADDR"
+admin_pass="$EMAIL_PW"
+
+
+#
+# Add user
+#
+if ! populate_miab_users "$url" "$admin_email" "$admin_pass" "${TEST_USER}:${TEST_USER_PASS}"
+then
+    echo "Unable to add user"
+    exit 1
+fi
+
+# make the user an admin
+if ! rest_urlencoded POST "${url%/}/admin/mail/users/privileges/add" "$admin_email" "$admin_pass" --insecure -- "email=$TEST_USER" "privilege=admin" 2>/dev/null
+then
+    echo "Unable to add 'admin' privilege. err=$REST_ERROR" 1>&2
+    exit 1
+fi
+
+# enable totp
+if ! rest_urlencoded POST "${url%/}/admin/mfa/totp/enable" "$TEST_USER" "$TEST_USER_PASS" --insecure "secret=$TEST_USER_TOTP_SECRET" "token=$(totp_current_token "$TEST_USER_TOTP_SECRET")" 2>/dev/null; then
+    echo "Unable to enable TOTP. err=$REST_ERROR" 1>&2
+    exit 1
+fi
+
+
+exit 0
+
--- a/tests/system-setup/populate/totpuser-verify.sh
+++ b/tests/system-setup/populate/totpuser-verify.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+. "$(dirname "$0")/../setup-defaults.sh" || exit 1
+. "$(dirname "$0")/../../lib/all.sh" "$(dirname "$0")/../../lib" || exit 1
+. "$(dirname "$0")/totpuser-data.sh" || exit 1
+
+. /etc/mailinabox.conf || exit 1
+. "${STORAGE_ROOT}/ldap/miab_ldap.conf" || exit 1
+
+
+die() {
+    echo "$1"
+    exit 1
+}
+
+. "$MIAB_DIR/setup/functions-ldap.sh" || exit 1
+
+
+# the user's ldap entry contains the TOTP secret
+# 
+# other tests verify the functioning of totp - just make sure the totp
+# secret was migrated
+#
+get_attribute "$LDAP_USERS_BASE" "(&(mail=$TEST_USER)(objectClass=totpUser))" "totpSecret"
+if [ -z "$ATTR_DN" ]; then
+	echo "totpUser objectClass and secret not present"
+    exit 1
+fi
+
+if [ "$ATTR_VALUE" != "$TEST_USER_TOTP_SECRET" ]; then
+    echo "totpSecret mismatch"
+    exit 1
+fi
+
+echo "OK totpuser-verify passed"
+exit 0