Browse Source

Remove unneeded testing / vagrant stuff.

Thomas Buck 5 years ago
parent
commit
472dd068c2

+ 3
- 3
.gitignore View File

@@ -1,4 +1,4 @@
1
-.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
2
-.vagrant/machines
3
-tests.pyc
1
+.DS_Store
4 2
 secret
3
+*.pyc
4
+site.retry

+ 0
- 11
.travis.yml View File

@@ -1,11 +0,0 @@
1
-language: python
2
-python: "2.7"
3
-cache:
4
-  directories:
5
-    - $HOME/.cache/pip
6
-install:
7
-  - pip install -r requirements.txt
8
-  - pip install -r test-requirements.txt
9
-script:
10
-  - ansible-playbook --syntax-check -i hosts site.yml
11
-  - ansible-lint site.yml

+ 0
- 1
.vagrant/provisioners/ansible/inventory/secret/db_admin_password View File

@@ -1 +0,0 @@
1
-postgres

+ 0
- 1
.vagrant/provisioners/ansible/inventory/secret/mail_db_opendmarc_password View File

@@ -1 +0,0 @@
1
-testPassword

+ 0
- 1
.vagrant/provisioners/ansible/inventory/secret/mail_db_password View File

@@ -1 +0,0 @@
1
-testPassword

+ 0
- 1
.vagrant/provisioners/ansible/inventory/secret/owncloud_db_password View File

@@ -1 +0,0 @@
1
-testPassword

+ 0
- 1
.vagrant/provisioners/ansible/inventory/secret/selfoss_db_password View File

@@ -1 +0,0 @@
1
-testPassword

+ 0
- 1
.vagrant/provisioners/ansible/inventory/secret/selfoss_password_hash View File

@@ -1 +0,0 @@
1
-f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7

+ 0
- 7
AUTHORS.md View File

@@ -1,7 +0,0 @@
1
-# Authors
2
-
3
-Originated by [Alex Payne](https://al3x.net) ([@al3x](https://github.com/al3x)).
4
-
5
-Major contributions from [Luke Cyca](http://lukecyca.com/) ([@lukecyca](https://github.com/lukecyca)).
6
-
7
-Other talented and generous contributors to Sovereign can be viewed [on GitHub](https://github.com/sovereign/sovereign/graphs/contributors).

+ 0
- 3
README.md View File

@@ -1,6 +1,3 @@
1
-[![Build Status](https://travis-ci.org/sovereign/sovereign.svg?branch=master)](https://travis-ci.org/sovereign/sovereign)
2
-[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/460/badge)](https://bestpractices.coreinfrastructure.org/projects/460)
3
-
4 1
 Introduction
5 2
 ============
6 3
 

+ 0
- 46
Vagrantfile View File

@@ -1,46 +0,0 @@
1
-# -*- mode: ruby -*-
2
-
3
-Vagrant.configure('2') do |config|
4
-  config.vm.hostname = 'sovereign.local'
5
-  config.vm.network 'private_network', ip: '172.16.100.2'
6
-
7
-  config.vm.provision :ansible do |ansible|
8
-    ansible.playbook = 'site.yml'
9
-    ansible.host_key_checking = false
10
-    ansible.extra_vars = { ansible_ssh_user: 'vagrant', testing: true }
11
-    ansible.groups = {
12
-      "testing" => ["jessie"]
13
-    }
14
-
15
-    # ansible.tags = ['blog']
16
-    # ansible.skip_tags = ['openvpn']
17
-    # ansible.verbose = 'vvvv'
18
-  end
19
-
20
-  config.vm.provider :virtualbox do |v|
21
-    v.memory = 512
22
-  end
23
-
24
-  config.vm.provider :vmware_fusion do |v|
25
-    v.vmx['memsize'] = '512'
26
-  end
27
-
28
-  # vagrant-cachier
29
-  #
30
-  # Install the plugin by running: vagrant plugin install vagrant-cachier
31
-  # More information: https://github.com/fgrehm/vagrant-cachier
32
-  if Vagrant.has_plugin? 'vagrant-cachier'
33
-    config.cache.enable :apt
34
-    config.cache.scope = :box
35
-  end
36
-
37
-  # Debian 8 64-bit (officially supported)
38
-  config.vm.define 'jessie', primary: true do |jessie|
39
-    jessie.vm.box = 'box-cutter/debian8'
40
-  end
41
-
42
-  # Ubuntu 16.04 (LTS) 64-bit (currently unavailable)
43
-  config.vm.define 'xenial', autostart: false do |xenial|
44
-    xenial.vm.box = 'box-cutter/ubuntu1604'
45
-  end
46
-end

+ 0
- 67
group_vars/testing View File

@@ -1,67 +0,0 @@
1
----
2
-###############################################################################
3
-# Variables used when testing with Vagrant.  Secrets are stored in
4
-# `.vagrant/provisioners/ansible/inventory/secret.
5
-#
6
-# selfoss_password_hash is the SHA512 hash of `foo`
7
-# 
8
-###############################################################################
9
-
10
-# common
11
-domain: sovereign.local
12
-main_user_name: sovereign
13
-organization: testing
14
-friendly_networks:
15
-  - "172.16.100.0/24"
16
-
17
-# admin email
18
-# fail2ban reports will be sent to this address
19
-admin_email: "{{ main_user_name }}@{{ domain }}"
20
-
21
-# mailserver
22
-mail_virtual_domains:
23
-  - name: "{{ domain }}"
24
-    pk_id: 1
25
-mail_virtual_users:
26
-  - account: "{{ main_user_name }}"
27
-    domain: "{{ domain }}"
28
-    password: "foo"
29
-    domain_pk_id: 1
30
-mail_virtual_aliases:
31
-  - source: "root@{{ domain }}"
32
-    destination: "{{ admin_email }}"
33
-    domain_pk_id: 1
34
-  - source: "postmaster@{{ domain }}"
35
-    destination: "{{ admin_email }}"
36
-    domain_pk_id: 1
37
-  - source: "webmaster@{{ domain }}"
38
-    destination: "{{ admin_email }}"
39
-    domain_pk_id: 1
40
-
41
-# timezone
42
-# common_timezone will be used in the common and mailserver roles
43
-common_timezone: 'Etc/UTC'
44
-
45
-# znc
46
-irc_nick: sovereign
47
-irc_ident: sovereign
48
-irc_realname: Mr. Sovereign
49
-irc_quitmsg: Bye
50
-irc_password: "foo"
51
-irc_timezone: "America/New_York" #Example: "America/New_York"
52
-
53
-# xmpp
54
-prosody_accounts:
55
-  - name: "{{ main_user_name }}"
56
-    password: foo
57
-
58
-# openvpn
59
-openvpn_key_country:  "US"
60
-openvpn_key_province: "California"
61
-openvpn_key_city: "Beverly Hills"
62
-openvpn_key_org: "ACME CORPORATION"
63
-openvpn_key_ou: "Anvil Department"
64
-openvpn_clients:
65
-  - laptop
66
-  - phone
67
-  - tablet

+ 0
- 20
roles/common/files/wildcard_ca.pem View File

@@ -1,20 +0,0 @@
1
------BEGIN CERTIFICATE-----
2
-MIIDPjCCAiYCCQCIBIL0qFYY5DANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJB
3
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
4
-cyBQdHkgTHRkMRowGAYDVQQDDBEqLnNvdmVyZWlnbi5sb2NhbDAeFw0xNjAxMDkw
5
-OTU4MzNaFw0xNzAxMDgwOTU4MzNaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApT
6
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
7
-BgNVBAMMESouc292ZXJlaWduLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8
-MIIBCgKCAQEA1Z12KXbGOq70H9rxgH+uBF2MSil5xTcxQKFpUhFOu0kIVoQ7Sa2n
9
-FPKYDC5aTKE7ajgO4cER44WgtBnEXGs7MHQEJL2tT0ETiDfTqSEhTpsXSzCxl7bo
10
-AZIrw9ntJKvTm4Ot04MXsUqeZyr6gk5XMOilluZWTLzbunigKOJItyM3VBRnLWZi
11
-ScznIkbKLGt2WjGIaENOR4cw+wwzOmH0UVxGtGWo/jklGtBZG8mb+fF8rH6L6VBa
12
-nIYHBGlg8Gy0eK430jMD/y2zqlOzY4gE5/BlwaxEupuzL+jtiYGyr7G1tUksQ49v
13
-UNimlAzUINB6bYnIk0MwpIxB0xECj0nz2wIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
14
-AQCEVVrT1ktgvA3CwuIr+/BWRfILIHyayy3FxIwF8wBymAwQiT/09JuNDsLuI2/t
15
-eOY9BZsaJ9BtGA7dajbwKDX83Z+WXcv2AwxbAhxUnpBCQF0MNT9Vh7ixE0rXbXeg
16
-bvy5D4n1MWTBaPK+MpuEEV5m/dRZOFIgf6AWDCB7QixWm7N2BGjqni5kr2EuqYw8
17
-JqxXXtTDTBA8BKMLxPRER+w39zD8fQouTn1pI8nVba/WdX1NlchzFrex6ByvKWQG
18
-joSPd39d68NNyytwmv5LWOQ2Shsk0d0UV9eoFrctPJh8cL4BPfNS7NQR12u55zn0
19
-NR+SN5v9/7fn+/KF1UZq5Jao
20
------END CERTIFICATE-----

+ 0
- 28
roles/common/files/wildcard_private.key View File

@@ -1,28 +0,0 @@
1
------BEGIN PRIVATE KEY-----
2
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDVnXYpdsY6rvQf
3
-2vGAf64EXYxKKXnFNzFAoWlSEU67SQhWhDtJracU8pgMLlpMoTtqOA7hwRHjhaC0
4
-GcRcazswdAQkva1PQROIN9OpISFOmxdLMLGXtugBkivD2e0kq9Obg63TgxexSp5n
5
-KvqCTlcw6KWW5lZMvNu6eKAo4ki3IzdUFGctZmJJzOciRsosa3ZaMYhoQ05HhzD7
6
-DDM6YfRRXEa0Zaj+OSUa0FkbyZv58XysfovpUFqchgcEaWDwbLR4rjfSMwP/LbOq
7
-U7NjiATn8GXBrES6m7Mv6O2JgbKvsbW1SSxDj29Q2KaUDNQg0HpticiTQzCkjEHT
8
-EQKPSfPbAgMBAAECggEBAMcozbgO4vZnk3f3u13grK+pQFkMnll/Ac6OLxGyzULT
9
-7pArLNOesb5YB+ajeNElKa34ofdc+H62YYRI2ciIuWCNaiePKHxR4hIIarCvEMym
10
-0Grr9UfL4jdEvsUU84JTKTE+7dvbx0UmmtT5PyIqRCR3Y5tzGVbmZb5PJJO5la4X
11
-1Q8ZQHYvdFh52VXVpetp66yFpCu/EI8u9VSEBakvILpZ3yxjhskEXD18E304wn1e
12
-Ky+sBde6zUtXRc1rKxAzeQ/JyF1+1+xr8nI1kGryqXdNl/4S3JsdB5nL54U0pHaL
13
-XfLMZvRTVqKAsyjqLQzYE0bRnJz9sev85nu0J1sp/GECgYEA8Gi2izJmxpb3oDC7
14
-Eu388TeFOYrdg6AsXFkmKT5ssTRRT4ju03RrGWC8NlOJRhQxJloCICgmBWHLFWBG
15
-2OVGgOYhUr7/V12f/D2GICUcJ9SKkDbzKe0ACDPq9tzauVd9H8fY9gQfvhn0AA0v
16
-qG0+guGElxS+holIpbDP7VV0PykCgYEA43fp3VtneBHL4E4iZVBQaIBGMYOmE8v3
17
-cKSTCBgCU3jnbio85NHybI1Fw15cAXDOIsOlKescLyTw/IgRb3PbObNvpD8STS8d
18
-wVqen2Ir/mrsxWVn57jlSV5viGnIoI873YVJ9fl5pr/KbJ5A8//EnJwQLDq6MmQR
19
-zPMovp51L2MCgYEA0/rQ8t4HR5Z4VDSDz8YvYZaeD0YF2nkShH9LKdTUTFAgXiwU
20
-wjkF8oOckZ6JDVTinbmB5E7ib55yTq/s6HUJ/MBuo6KsTaHNXsH1EUUHlYtQfqcl
21
-NFO40oLM7M2CwyiEuNAj25F5V8tUnfMCkdV56DfoDLuK3+APQaItRU0zSjkCgYAW
22
-KGgvl+fMWm9xuiq/k8NBar1rtVdINmY0ItPvxeb0GqLwqEymPY1P5bMWBOsReNub
23
-p1M/checwAx5jQelw7NnO4N0jHBL9HsBisJI5FdEwUWvNOGaQPiU3Q4gS62vdkRu
24
-n71EqLig9a3SRtgs7I1KdClfJZldr0HMpSMi7myb4QKBgQDgeh5oDgypNBdMY4un
25
-Wpax1Mxse49T883Z3lIlVq+U7ZwnWLWfohSZK/kXUrolbdmo4z8yAlNKUO421sAF
26
-SWUWFAabEMnLq2ilv6WIG4i1ubFr4/DBV4fGcaYNMOxIENRDItn7RacddZ1EQVfC
27
-WBcstgic1QXyMJ+2LoC0LHdgCQ==
28
------END PRIVATE KEY-----

+ 0
- 20
roles/common/files/wildcard_public_cert.crt View File

@@ -1,20 +0,0 @@
1
------BEGIN CERTIFICATE-----
2
-MIIDPjCCAiYCCQCIBIL0qFYY5DANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJB
3
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
4
-cyBQdHkgTHRkMRowGAYDVQQDDBEqLnNvdmVyZWlnbi5sb2NhbDAeFw0xNjAxMDkw
5
-OTU4MzNaFw0xNzAxMDgwOTU4MzNaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApT
6
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
7
-BgNVBAMMESouc292ZXJlaWduLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8
-MIIBCgKCAQEA1Z12KXbGOq70H9rxgH+uBF2MSil5xTcxQKFpUhFOu0kIVoQ7Sa2n
9
-FPKYDC5aTKE7ajgO4cER44WgtBnEXGs7MHQEJL2tT0ETiDfTqSEhTpsXSzCxl7bo
10
-AZIrw9ntJKvTm4Ot04MXsUqeZyr6gk5XMOilluZWTLzbunigKOJItyM3VBRnLWZi
11
-ScznIkbKLGt2WjGIaENOR4cw+wwzOmH0UVxGtGWo/jklGtBZG8mb+fF8rH6L6VBa
12
-nIYHBGlg8Gy0eK430jMD/y2zqlOzY4gE5/BlwaxEupuzL+jtiYGyr7G1tUksQ49v
13
-UNimlAzUINB6bYnIk0MwpIxB0xECj0nz2wIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
14
-AQCEVVrT1ktgvA3CwuIr+/BWRfILIHyayy3FxIwF8wBymAwQiT/09JuNDsLuI2/t
15
-eOY9BZsaJ9BtGA7dajbwKDX83Z+WXcv2AwxbAhxUnpBCQF0MNT9Vh7ixE0rXbXeg
16
-bvy5D4n1MWTBaPK+MpuEEV5m/dRZOFIgf6AWDCB7QixWm7N2BGjqni5kr2EuqYw8
17
-JqxXXtTDTBA8BKMLxPRER+w39zD8fQouTn1pI8nVba/WdX1NlchzFrex6ByvKWQG
18
-joSPd39d68NNyytwmv5LWOQ2Shsk0d0UV9eoFrctPJh8cL4BPfNS7NQR12u55zn0
19
-NR+SN5v9/7fn+/KF1UZq5Jao
20
------END CERTIFICATE-----

+ 0
- 45
roles/common/tasks/letsencrypt.yml View File

@@ -59,51 +59,6 @@
59 59
 
60 60
 - name: Get an SSL certificate for {{ domain }} from Let's Encrypt
61 61
   script: letsencrypt-gencert {{ domain }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
62
-  when: ansible_ssh_user != "vagrant"
63 62
 
64 63
 - name: Modify permissions to allow ssl-cert group access
65 64
   file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750
66
-  when: ansible_ssh_user != "vagrant"
67
-
68
-### Several steps to install a self-signed wildcard key to support offline testing
69
-
70
-- name: Create live directory for testing keys
71
-  file: dest=/etc/letsencrypt/live/{{ domain }} state=directory
72
-    owner=root group=root mode=0755
73
-  when: ansible_ssh_user == "vagrant"
74
-
75
-- name: Copy SSL wildcard private key for testing
76
-  copy: src=wildcard_private.key
77
-    dest=/etc/letsencrypt/live/{{ domain }}/privkey.pem
78
-    owner=root group=ssl-cert mode=0640
79
-  register: private_key
80
-  when: ansible_ssh_user == "vagrant"
81
-
82
-- name: Copy SSL public certificate into place for testing
83
-  copy: src=wildcard_public_cert.crt
84
-    dest=/etc/letsencrypt/live/{{ domain }}/cert.pem
85
-    group=root owner=root mode=0644
86
-  register: certificate
87
-  notify: restart apache
88
-  when: ansible_ssh_user == "vagrant"
89
-
90
-- name: Copy SSL CA combined certificate into place for testing
91
-  copy: src=wildcard_ca.pem
92
-    dest=/etc/letsencrypt/live/{{ domain }}/chain.pem
93
-    group=root owner=root mode=0644
94
-  register: ca_certificate
95
-  notify: restart apache
96
-  when: ansible_ssh_user == "vagrant"
97
-
98
-- name: Create a combined SSL cert for testing
99
-  shell: cat /etc/letsencrypt/live/{{ domain }}/cert.pem
100
-    /etc/letsencrypt/live/{{ domain }}/chain.pem >
101
-    /etc/letsencrypt/live/{{ domain }}/fullchain.pem
102
-  when: (private_key.changed or certificate.changed or ca_certificate.changed) and ansible_ssh_user == "vagrant"
103
-
104
-- name: Set permissions on combined SSL public cert
105
-  file: name=/etc/letsencrypt/live/{{ domain }}/fullchain.pem mode=0644
106
-  notify: restart apache
107
-  when: ansible_ssh_user == "vagrant"
108
-
109
-### Back to normal

+ 0
- 1
test-requirements.txt View File

@@ -1 +0,0 @@
1
-ansible-lint>=2.3.9,<3

+ 0
- 383
tests.py View File

@@ -1,383 +0,0 @@
1
-import unittest
2
-from time import sleep
3
-import uuid
4
-import socket
5
-import requests
6
-import os
7
-
8
-TEST_SERVER = 'sovereign.local'
9
-TEST_ADDRESS = 'sovereign@sovereign.local'
10
-TEST_PASSWORD = 'foo'
11
-CA_BUNDLE = 'roles/common/files/wildcard_ca.pem'
12
-
13
-socket.setdefaulttimeout(5)
14
-os.environ['REQUESTS_CA_BUNDLE'] = CA_BUNDLE
15
-
16
-class SSHTests(unittest.TestCase):
17
-    def test_ssh_banner(self):
18
-        """SSH is responding with its banner"""
19
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
20
-        s.connect((TEST_SERVER, 22))
21
-        data = s.recv(1024)
22
-        s.close()
23
-
24
-        self.assertRegexpMatches(data, '^SSH-2.0-OpenSSH')
25
-
26
-
27
-class WebTests(unittest.TestCase):
28
-    def test_blog_http(self):
29
-        """Blog is redirecting to https"""
30
-        # FIXME: requests won't verify sovereign.local with *.sovereign.local cert
31
-        r = requests.get('http://' + TEST_SERVER, verify=False)
32
-
33
-        # We should be redirected to https
34
-        self.assertEquals(r.history[0].status_code, 301)
35
-        self.assertEquals(r.url, 'https://' + TEST_SERVER + '/')
36
-
37
-        # 403 - Since there is no documents in the blog directory
38
-        self.assertEquals(r.status_code, 403)
39
-
40
-    def test_mail_autoconfig_http_and_https(self):
41
-        """Email autoconfiguration XML file is accessible over both HTTP and HTTPS"""
42
-
43
-        # Test getting the file over HTTP and HTTPS
44
-        for proto in ['http', 'https']:
45
-            r = requests.get(proto + '://autoconfig.' + TEST_SERVER + '/mail/config-v1.1.xml')
46
-
47
-            # 200 - We should see the XML file
48
-            self.assertEquals(r.status_code, 200)
49
-            self.assertIn('application/xml', r.headers['Content-Type'])
50
-            self.assertIn('clientConfig version="1.1"', r.content)
51
-
52
-    def test_webmail_http(self):
53
-        """Webmail is redirecting to https and displaying login page"""
54
-        r = requests.get('http://mail.' + TEST_SERVER)
55
-
56
-        # We should be redirected to https
57
-        self.assertEquals(r.history[0].status_code, 301)
58
-        self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/')
59
-
60
-        # 200 - We should be at the login page
61
-        self.assertEquals(r.status_code, 200)
62
-        self.assertIn(
63
-            'Welcome to Roundcube Webmail',
64
-            r.content
65
-        )
66
-
67
-    def test_zpush_http_unauthorized(self):
68
-        r = requests.get('http://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync')
69
-
70
-        # We should be redirected to https
71
-        self.assertEquals(r.history[0].status_code, 301)
72
-        self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync')
73
-
74
-        # Unauthorized
75
-        self.assertEquals(r.status_code, 401)
76
-
77
-    def test_zpush_https(self):
78
-        r = requests.post('https://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync',
79
-                          auth=('sovereign@sovereign.local', 'foo'),
80
-                          params={
81
-                              'DeviceId': '1234',
82
-                              'DeviceType': 'testbot',
83
-                              'Cmd': 'Ping',
84
-                          })
85
-
86
-        self.assertEquals(r.headers['content-type'],
87
-                          'application/vnd.ms-sync.wbxml')
88
-        self.assertEquals(r.headers['ms-server-activesync'],
89
-                          '14.0')
90
-
91
-    def test_owncloud_http(self):
92
-        """ownCloud is redirecting to https and displaying login page"""
93
-        r = requests.get('http://cloud.' + TEST_SERVER)
94
-
95
-        # We should be redirected to https
96
-        self.assertEquals(r.history[0].status_code, 301)
97
-        self.assertEquals(r.url, 'https://cloud.' + TEST_SERVER + '/')
98
-
99
-        # 200 - We should be at the login page
100
-        self.assertEquals(r.status_code, 200)
101
-        self.assertIn(
102
-            'ownCloud',
103
-            r.content
104
-        )
105
-
106
-    def test_selfoss_http(self):
107
-        """selfoss is redirecting to https and displaying login page"""
108
-        r = requests.get('http://news.' + TEST_SERVER)
109
-
110
-        # We should be redirected to https
111
-        self.assertEquals(r.history[0].status_code, 301)
112
-        self.assertEquals(r.url, 'https://news.' + TEST_SERVER + '/')
113
-
114
-        # 200 - We should be at the login page
115
-        self.assertEquals(r.status_code, 200)
116
-        self.assertIn(
117
-            'selfoss',
118
-            r.content
119
-        )
120
-        self.assertIn(
121
-            'login',
122
-            r.content
123
-        )
124
-
125
-
126
-class IRCTests(unittest.TestCase):
127
-    def test_irc_auth(self):
128
-        """ZNC is accepting encrypted logins"""
129
-        import ssl
130
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
131
-        ssl_sock = ssl.wrap_socket(s, ca_certs=CA_BUNDLE, cert_reqs=ssl.CERT_REQUIRED)
132
-        ssl_sock.connect((TEST_SERVER, 6697))
133
-
134
-        # Check the encryption parameters
135
-        cipher, version, bits = ssl_sock.cipher()
136
-        self.assertEquals(cipher, 'AES256-GCM-SHA384')
137
-        self.assertEquals(version, 'TLSv1/SSLv3')
138
-        self.assertEquals(bits, 256)
139
-
140
-        # Login
141
-        ssl_sock.send('CAP REQ sasl multi-prefix\r\n')
142
-        ssl_sock.send('PASS foo\r\n')
143
-        ssl_sock.send('NICK sovereign\r\n')
144
-        ssl_sock.send('USER sovereign 0 * Sov\r\n')
145
-
146
-        # Read until we see the ZNC banner (or timeout)
147
-        while 1:
148
-            r = ssl_sock.recv(1024)
149
-            if 'Connected to ZNC' in r:
150
-                break
151
-
152
-
153
-def new_message(from_email, to_email):
154
-    """Creates an email (headers & body) with a random subject"""
155
-    from email.mime.text import MIMEText
156
-    msg = MIMEText('Testing')
157
-    msg['Subject'] = uuid.uuid4().hex[:8]
158
-    msg['From'] = from_email
159
-    msg['To'] = to_email
160
-    return msg.as_string(), msg['subject']
161
-
162
-
163
-class MailTests(unittest.TestCase):
164
-    def assertIMAPReceived(self, subject):
165
-        """Connects with IMAP and asserts the existence of an email, then deletes it"""
166
-        import imaplib
167
-
168
-        sleep(1)
169
-
170
-        # Login to IMAP
171
-        m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
172
-        m.login(TEST_ADDRESS, TEST_PASSWORD)
173
-        m.select()
174
-
175
-        # Assert the message exists
176
-        typ, data = m.search(None, '(SUBJECT \"{}\")'.format(subject))
177
-        self.assertTrue(len(data[0].split()), 1)
178
-
179
-        # Delete it & logout
180
-        m.store(data[0].strip(), '+FLAGS', '\\Deleted')
181
-        m.expunge()
182
-        m.close()
183
-        m.logout()
184
-
185
-    def assertPOP3Received(self, subject):
186
-        """Connects with POP3S and asserts the existence of an email, then deletes it"""
187
-        import poplib
188
-
189
-        sleep(1)
190
-
191
-        # Login to POP3
192
-        mail = poplib.POP3_SSL(TEST_SERVER, 995)
193
-        mail.user(TEST_ADDRESS)
194
-        mail.pass_(TEST_PASSWORD)
195
-
196
-        # Assert the message exists
197
-        num = len(mail.list()[1])
198
-        resp, text, octets = mail.retr(num)
199
-        self.assertTrue("Subject: " + subject in text)
200
-
201
-        # Delete it and log out
202
-        mail.dele(num)
203
-        mail.quit()
204
-
205
-    def test_imap_requires_ssl(self):
206
-        """IMAP without SSL is NOT available"""
207
-        import imaplib
208
-
209
-        with self.assertRaisesRegexp(socket.timeout, 'timed out'):
210
-            imaplib.IMAP4(TEST_SERVER, 143)
211
-
212
-    def test_pop3_requires_ssl(self):
213
-        """POP3 without SSL is NOT available"""
214
-        import poplib
215
-
216
-        with self.assertRaisesRegexp(socket.timeout, 'timed out'):
217
-            poplib.POP3(TEST_SERVER, 110)
218
-
219
-    def test_smtps(self):
220
-        """Email sent from an MUA via SMTPS is delivered"""
221
-        import smtplib
222
-        msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
223
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
224
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
225
-        s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
226
-        s.quit()
227
-        self.assertIMAPReceived(subject)
228
-
229
-    def test_smtps_delimiter_to(self):
230
-        """Email sent to address with delimiter is delivered"""
231
-        import smtplib
232
-        msg, subject = new_message(TEST_ADDRESS, 'root+foo@sovereign.local')
233
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
234
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
235
-        s.sendmail(TEST_ADDRESS, ['root+foo@sovereign.local'], msg)
236
-        s.quit()
237
-        self.assertIMAPReceived(subject)
238
-
239
-    def test_smtps_requires_auth(self):
240
-        """SMTPS with no authentication is rejected"""
241
-        import smtplib
242
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
243
-
244
-        with self.assertRaisesRegexp(smtplib.SMTPRecipientsRefused, 'Access denied'):
245
-            s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], 'Test')
246
-
247
-        s.quit()
248
-
249
-    def test_smtp(self):
250
-        """Email sent from an MTA is delivered"""
251
-        import smtplib
252
-        msg, subject = new_message('someone@example.com', TEST_ADDRESS)
253
-        s = smtplib.SMTP(TEST_SERVER, 25)
254
-        s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
255
-        s.quit()
256
-        self.assertIMAPReceived(subject)
257
-
258
-    def test_smtp_tls(self):
259
-        """Email sent from an MTA via SMTP+TLS is delivered"""
260
-        import smtplib
261
-        msg, subject = new_message('someone@example.com', TEST_ADDRESS)
262
-        s = smtplib.SMTP(TEST_SERVER, 25)
263
-        s.starttls()
264
-        s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
265
-        s.quit()
266
-        self.assertIMAPReceived(subject)
267
-
268
-    def test_smtps_headers(self):
269
-        """Email sent from an MUA has DKIM and TLS headers"""
270
-        import smtplib
271
-        import imaplib
272
-
273
-        # Send a message to root
274
-        msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
275
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
276
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
277
-        s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
278
-        s.quit()
279
-
280
-        sleep(1)
281
-
282
-        # Get the message
283
-        m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
284
-        m.login(TEST_ADDRESS, TEST_PASSWORD)
285
-        m.select()
286
-        _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))
287
-        _, data = m.fetch(res[0], '(RFC822)')
288
-
289
-        self.assertIn(
290
-            'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sovereign.local;',
291
-            data[0][1]
292
-        )
293
-
294
-        self.assertIn(
295
-            'ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)',
296
-            data[0][1]
297
-        )
298
-
299
-        # Clean up
300
-        m.store(res[0].strip(), '+FLAGS', '\\Deleted')
301
-        m.expunge()
302
-        m.close()
303
-        m.logout()
304
-
305
-    def test_smtp_headers(self):
306
-        """Email sent from an MTA via SMTP+TLS has TLS headers"""
307
-        import smtplib
308
-        import imaplib
309
-
310
-        # Send a message to root
311
-        msg, subject = new_message('someone@example.com', TEST_ADDRESS)
312
-        s = smtplib.SMTP(TEST_SERVER, 25)
313
-        s.starttls()
314
-        s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
315
-        s.quit()
316
-
317
-        sleep(1)
318
-
319
-        # Get the message
320
-        m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
321
-        m.login(TEST_ADDRESS, TEST_PASSWORD)
322
-        m.select()
323
-        _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))
324
-        _, data = m.fetch(res[0], '(RFC822)')
325
-
326
-        self.assertIn(
327
-            'ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)',
328
-            data[0][1]
329
-        )
330
-
331
-        # Clean up
332
-        m.store(res[0].strip(), '+FLAGS', '\\Deleted')
333
-        m.expunge()
334
-        m.close()
335
-        m.logout()
336
-
337
-    def test_pop3s(self):
338
-        """Connects with POP3S and asserts the existance of an email, then deletes it"""
339
-        import smtplib
340
-        msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
341
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
342
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
343
-        s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
344
-        s.quit()
345
-        self.assertPOP3Received(subject)
346
-
347
-
348
-class XMPPTests(unittest.TestCase):
349
-    def test_xmpp_c2s(self):
350
-        """Prosody is listening on 5222 for clients and requiring TLS"""
351
-
352
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
353
-        s.connect((TEST_SERVER, 5222))
354
-
355
-        # Based off http://wiki.xmpp.org/web/Programming_Jabber_Clients
356
-        s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "
357
-               "xmlns='jabber:client' to='sovereign.local' version='1.0'>")
358
-
359
-        data = s.recv(1024)
360
-        s.close()
361
-
362
-        self.assertRegexpMatches(
363
-            data,
364
-            "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>"
365
-        )
366
-
367
-    def test_xmpp_s2s(self):
368
-        """Prosody is listening on 5269 for servers"""
369
-
370
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
371
-        s.connect((TEST_SERVER, 5269))
372
-
373
-        # Base off http://xmpp.org/extensions/xep-0114.html
374
-        s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "
375
-               "xmlns='jabber:component:accept' to='sovereign.local'>")
376
-
377
-        data = s.recv(1024)
378
-        s.close()
379
-
380
-        self.assertRegexpMatches(
381
-            data,
382
-            "from='sovereign.local'"
383
-        )

Loading…
Cancel
Save