Joseph Doherty
7b0b9c7365
Solution + 23 src projects + 26 test projects renamed; folders, csproj, namespaces, and ScadaLinkDbContext/ScadaBridgeDbContext class updated. ActorSystem "scadalink" → "scadabridge", Akka seed-node URLs migrated. SQL roles/logins, LDAP domains, CLI command name, and CLI config dir (~/.scadalink → ~/.scadabridge) also renamed. Build green; 5 Host.Tests fail awaiting SQL login rename in next commit. Pre-existing StaleTagMonitor timing flakes unchanged. Rename script committed at tools/rename-to-scadabridge.sh.
82 lines
3.5 KiB
C#
82 lines
3.5 KiB
C#
using System.Text;
|
|
using MailKit.Security;
|
|
|
|
namespace ZB.MOM.WW.ScadaBridge.NotificationService.Tests;
|
|
|
|
/// <summary>
|
|
/// NS-016: <see cref="MailKitSmtpClientWrapper.AuthenticateAsync"/> must never
|
|
/// silently skip authentication for a misconfigured SMTP config — a missing
|
|
/// credential, an unrecognised auth type, or an unparseable Basic credential
|
|
/// must be a hard, surfaced error rather than an unauthenticated send.
|
|
/// NS-021: the OAuth2 (XOAUTH2) branch must carry a non-empty user identity
|
|
/// (the SMTP From address) — an empty user is rejected by M365 with `535 5.7.3`.
|
|
/// </summary>
|
|
public class MailKitSmtpClientWrapperTests
|
|
{
|
|
[Fact]
|
|
public async Task Authenticate_EmptyCredentials_Throws()
|
|
{
|
|
// An AuthType of "basic"/"oauth2" with a null/empty Credentials value is a
|
|
// misconfigured row; the wrapper used to "return" and send unauthenticated.
|
|
var wrapper = new MailKitSmtpClientWrapper();
|
|
|
|
await Assert.ThrowsAsync<SmtpPermanentException>(
|
|
() => wrapper.AuthenticateAsync("basic", null));
|
|
await Assert.ThrowsAsync<SmtpPermanentException>(
|
|
() => wrapper.AuthenticateAsync("oauth2", ""));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Authenticate_UnknownAuthType_Throws()
|
|
{
|
|
// The switch had cases only for "basic"/"oauth2" and no default — any other
|
|
// value (typo, future "ntlm") fell through and sent unauthenticated.
|
|
var wrapper = new MailKitSmtpClientWrapper();
|
|
|
|
await Assert.ThrowsAsync<SmtpPermanentException>(
|
|
() => wrapper.AuthenticateAsync("ntlm", "user:pass"));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Authenticate_BasicCredentialWithoutColon_Throws()
|
|
{
|
|
// A "basic" credential string that does not split into exactly two parts was
|
|
// silently skipped — the connection then sent unauthenticated.
|
|
var wrapper = new MailKitSmtpClientWrapper();
|
|
|
|
await Assert.ThrowsAsync<SmtpPermanentException>(
|
|
() => wrapper.AuthenticateAsync("basic", "nocolon"));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Authenticate_OAuth2WithoutUserName_Throws()
|
|
{
|
|
// NS-021: passing an OAuth2 access token but no user identity (FromAddress)
|
|
// used to construct `new SaslMechanismOAuth2("", credentials)`, which M365
|
|
// rejects with `535 5.7.3`. The wrapper now refuses upfront so the caller
|
|
// sees a clean configuration error rather than a confusing server reject.
|
|
var wrapper = new MailKitSmtpClientWrapper();
|
|
|
|
await Assert.ThrowsAsync<SmtpPermanentException>(
|
|
() => wrapper.AuthenticateAsync("oauth2", "access-token", oauth2UserName: null));
|
|
await Assert.ThrowsAsync<SmtpPermanentException>(
|
|
() => wrapper.AuthenticateAsync("oauth2", "access-token", oauth2UserName: ""));
|
|
}
|
|
|
|
[Fact]
|
|
public void XOAuth2InitialResponse_CarriesUserAndBearer()
|
|
{
|
|
// NS-021 regression guard: independent of the wrapper, prove that MailKit's
|
|
// SaslMechanismOAuth2 puts `user=<userName>` into the initial-response bytes
|
|
// — i.e. wiring the wrapper to pass `FromAddress` is sufficient to fix the
|
|
// M365 handshake. If MailKit ever changes the framing this test will catch it.
|
|
var sasl = new SaslMechanismOAuth2("noreply@example.com", "tok-xyz");
|
|
|
|
var initial = sasl.Challenge(string.Empty);
|
|
var asString = Encoding.UTF8.GetString(Convert.FromBase64String(initial));
|
|
|
|
Assert.Contains("user=noreply@example.com", asString);
|
|
Assert.Contains("auth=Bearer tok-xyz", asString);
|
|
}
|
|
}
|