Commit 8a40fce7 authored by ale's avatar ale

Find email resources by their alias

Aliases and primary email addresses share the same namespace, so they
must be both included in the SearchQuery for the 'email' resource.
parent 907f30f6
Pipeline #1551 passed with stages
in 1 minute and 40 seconds
......@@ -182,7 +182,7 @@ func (h *emailResourceHandler) ToLDAP(rsrc *as.Resource) []ldap.PartialAttribute
func (h *emailResourceHandler) SearchQuery() *queryTemplate {
return &queryTemplate{
Base: joinDN("ou=People", h.baseDN),
Filter: "(&(objectClass=virtualMailUser)(mail=${resource}))",
Filter: "(&(objectClass=virtualMailUser)(|(mail=${resource})(mailAlternateAddress=${resource})))",
Scope: ldap.ScopeWholeSubtree,
}
}
......
......@@ -94,7 +94,7 @@ func (c *testClient) request(uri string, req, out interface{}) error {
return fmt.Errorf("unexpected content-type %s", resp.Header.Get("Content-Type"))
}
log.Printf("response:\n%s\n", string(data))
//log.Printf("response:\n%s\n", string(data))
if out == nil {
return nil
......@@ -125,6 +125,7 @@ func startServiceWithConfig(t testing.TB, svcConfig as.Config) (func(), as.Backe
svcConfig.SSO.Domain = testSSODomain
svcConfig.SSO.Service = testSSOService
svcConfig.SSO.AdminGroup = testAdminGroup
svcConfig.ForbiddenUsernames = []string{"forbidden"}
svcConfig.AvailableDomains = map[string][]string{
as.ResourceTypeEmail: []string{"example.com"},
}
......@@ -536,6 +537,46 @@ func runAccountRecoveryTest(t *testing.T, username string) *as.RawUser {
return checkUserInvariants(t, be, username, newPw)
}
func TestIntegration_AddEmailAlias(t *testing.T) {
stop, _, c := startService(t)
defer stop()
// The following are basically checks for email validation.
testdata := []struct {
addr string
expectedOk bool
}{
{"alias@example.com", false}, // already taken
{"alias@otherdomain.com", false}, // bad domain
{"x@example.com", false}, // too short
{"........@example.com", false}, // malformed
{"due@investici.org", false}, // already taken
{"forbidden@example.com", false}, // reserved
{"alias1@example.com", true},
{"alias2@example.com", true},
{"alias3@example.com", true},
{"alias4@example.com", true},
{"alias5@example.com", false}, // limit of 5 aliases reached
}
for _, td := range testdata {
err := c.request("/api/resource/email/add_alias", &as.AddEmailAliasRequest{
ResourceRequestBase: as.ResourceRequestBase{
RequestBase: as.RequestBase{
SSO: c.ssoTicket("uno@investici.org"),
},
ResourceID: as.NewResourceID(as.ResourceTypeEmail, "uno@investici.org", "uno@investici.org"),
},
Addr: td.addr,
}, nil)
if err == nil && !td.expectedOk {
t.Errorf("AddEmailAlias(%s) should have failed but didn't", td.addr)
} else if err != nil && td.expectedOk {
t.Errorf("AddEmailAlias(%s) failed: %v", td.addr, err)
}
}
}
// Verify that some user authentication invariants are true. Returns
// the RawUser for further checks.
func checkUserInvariants(t *testing.T, be as.Backend, username, primaryPassword string) *as.RawUser {
......
......@@ -32,7 +32,7 @@ userPassword:: JDYkbXBXN1NkdlE4bnY4UlpsTyRJNGZCV2RVSkV5VWxvR2l1WmdibzI1OVVUWkkyL
TjNUTS53YXkyZHZSd1g2YTQ0dVVXZ2tYL1pzbkc4YXdHRFhYVGYwNU1VeE1saWdIMA==
uidNumber: 19475
host: host2
mailAlternateAddress: uno@anche.no
mailAlternateAddress: alias@example.com
recoverAnswer: {crypt}$1$wtEa4TKB$lxeyenkQ1yfxECn7WVQQ0/
gidNumber: 2000
mail: uno@investici.org
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment