thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
761 Commits
1 Branch
Tree: 06f43905c9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '06f43905c9'
${ noResults }
sovereign/tests.py

tests.py 13KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398 
  1. import unittest

  2. from time import sleep

  3. import uuid

  4. import socket

  5. import requests

  6. import os

  7. 

  8. TEST_SERVER = 'sovereign.local'

  9. TEST_ADDRESS = 'sovereign@sovereign.local'

  10. TEST_PASSWORD = 'foo'

  11. CA_BUNDLE = 'roles/common/files/wildcard_ca.pem'

  12. 

  13. socket.setdefaulttimeout(5)

  14. os.environ['REQUESTS_CA_BUNDLE'] = CA_BUNDLE

  15. 

  16. class SSHTests(unittest.TestCase):

  17.     def test_ssh_banner(self):

  18.         """SSH is responding with its banner"""

  19.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  20.         s.connect((TEST_SERVER, 22))

  21.         data = s.recv(1024)

  22.         s.close()

  23. 

  24.         self.assertRegexpMatches(data, '^SSH-2.0-OpenSSH')

  25. 

  26. 

  27. class WebTests(unittest.TestCase):

  28.     def test_blog_http(self):

  29.         """Blog is redirecting to https"""

  30.         # FIXME: requests won't verify sovereign.local with *.sovereign.local cert

  31.         r = requests.get('http://' + TEST_SERVER, verify=False)

  32. 

  33.         # We should be redirected to https

  34.         self.assertEquals(r.history[0].status_code, 301)

  35.         self.assertEquals(r.url, 'https://' + TEST_SERVER + '/')

  36. 

  37.         # 403 - Since there is no documents in the blog directory

  38.         self.assertEquals(r.status_code, 403)

  39. 

  40.     def test_mail_autoconfig_http_and_https(self):

  41.         """Email autoconfiguration XML file is accessible over both HTTP and HTTPS"""

  42. 

  43.         # Test getting the file over HTTP and HTTPS

  44.         for proto in ['http', 'https']:

  45.             r = requests.get(proto + '://autoconfig.' + TEST_SERVER + '/mail/config-v1.1.xml')

  46. 

  47.             # 200 - We should see the XML file

  48.             self.assertEquals(r.status_code, 200)

  49.             self.assertIn('application/xml', r.headers['Content-Type'])

  50.             self.assertIn('clientConfig version="1.1"', r.content)

  51. 

  52.     def test_webmail_http(self):

  53.         """Webmail is redirecting to https and displaying login page"""

  54.         r = requests.get('http://mail.' + TEST_SERVER)

  55. 

  56.         # We should be redirected to https

  57.         self.assertEquals(r.history[0].status_code, 301)

  58.         self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/')

  59. 

  60.         # 200 - We should be at the login page

  61.         self.assertEquals(r.status_code, 200)

  62.         self.assertIn(

  63.             'Welcome to Roundcube Webmail',

  64.             r.content

  65.         )

  66. 

  67.     def test_zpush_http_unauthorized(self):

  68.         r = requests.get('http://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync')

  69. 

  70.         # We should be redirected to https

  71.         self.assertEquals(r.history[0].status_code, 301)

  72.         self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync')

  73. 

  74.         # Unauthorized

  75.         self.assertEquals(r.status_code, 401)

  76. 

  77.     def test_zpush_https(self):

  78.         r = requests.post('https://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync',

  79.                           auth=('sovereign@sovereign.local', 'foo'),

  80.                           params={

  81.                               'DeviceId': '1234',

  82.                               'DeviceType': 'testbot',

  83.                               'Cmd': 'Ping',

  84.                           })

  85. 

  86.         self.assertEquals(r.headers['content-type'],

  87.                           'application/vnd.ms-sync.wbxml')

  88.         self.assertEquals(r.headers['ms-server-activesync'],

  89.                           '14.0')

  90. 

  91.     def test_owncloud_http(self):

  92.         """ownCloud is redirecting to https and displaying login page"""

  93.         r = requests.get('http://cloud.' + TEST_SERVER)

  94. 

  95.         # We should be redirected to https

  96.         self.assertEquals(r.history[0].status_code, 301)

  97.         self.assertEquals(r.url, 'https://cloud.' + TEST_SERVER + '/')

  98. 

  99.         # 200 - We should be at the login page

  100.         self.assertEquals(r.status_code, 200)

  101.         self.assertIn(

  102.             'ownCloud',

  103.             r.content

  104.         )

  105. 

  106.     def test_selfoss_http(self):

  107.         """selfoss is redirecting to https and displaying login page"""

  108.         r = requests.get('http://news.' + TEST_SERVER)

  109. 

  110.         # We should be redirected to https

  111.         self.assertEquals(r.history[0].status_code, 301)

  112.         self.assertEquals(r.url, 'https://news.' + TEST_SERVER + '/')

  113. 

  114.         # 200 - We should be at the login page

  115.         self.assertEquals(r.status_code, 200)

  116.         self.assertIn(

  117.             'selfoss',

  118.             r.content

  119.         )

  120.         self.assertIn(

  121.             'login',

  122.             r.content

  123.         )

  124. 

  125.     def test_cgit_http(self):

  126.         """CGit web interface is displaying home page"""

  127.         r = requests.get('http://git.' + TEST_SERVER, verify=False)

  128. 

  129.         # We should be redirected to https

  130.         self.assertEquals(r.history[0].status_code, 301)

  131.         self.assertEquals(r.url, 'https://git.' + TEST_SERVER + '/')

  132. 

  133.         # 200 - We should be at the repository page

  134.         self.assertEquals(r.status_code, 200)

  135.         self.assertIn(

  136.             'git repository',

  137.             r.content

  138.         )

  139. 

  140. 

  141. class IRCTests(unittest.TestCase):

  142.     def test_irc_auth(self):

  143.         """ZNC is accepting encrypted logins"""

  144.         import ssl

  145.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  146.         ssl_sock = ssl.wrap_socket(s, ca_certs=CA_BUNDLE, cert_reqs=ssl.CERT_REQUIRED)

  147.         ssl_sock.connect((TEST_SERVER, 6697))

  148. 

  149.         # Check the encryption parameters

  150.         cipher, version, bits = ssl_sock.cipher()

  151.         self.assertEquals(cipher, 'AES256-GCM-SHA384')

  152.         self.assertEquals(version, 'TLSv1/SSLv3')

  153.         self.assertEquals(bits, 256)

  154. 

  155.         # Login

  156.         ssl_sock.send('CAP REQ sasl multi-prefix\r\n')

  157.         ssl_sock.send('PASS foo\r\n')

  158.         ssl_sock.send('NICK sovereign\r\n')

  159.         ssl_sock.send('USER sovereign 0 * Sov\r\n')

  160. 

  161.         # Read until we see the ZNC banner (or timeout)

  162.         while 1:

  163.             r = ssl_sock.recv(1024)

  164.             if 'Connected to ZNC' in r:

  165.                 break

  166. 

  167. 

  168. def new_message(from_email, to_email):

  169.     """Creates an email (headers & body) with a random subject"""

  170.     from email.mime.text import MIMEText

  171.     msg = MIMEText('Testing')

  172.     msg['Subject'] = uuid.uuid4().hex[:8]

  173.     msg['From'] = from_email

  174.     msg['To'] = to_email

  175.     return msg.as_string(), msg['subject']

  176. 

  177. 

  178. class MailTests(unittest.TestCase):

  179.     def assertIMAPReceived(self, subject):

  180.         """Connects with IMAP and asserts the existence of an email, then deletes it"""

  181.         import imaplib

  182. 

  183.         sleep(1)

  184. 

  185.         # Login to IMAP

  186.         m = imaplib.IMAP4_SSL(TEST_SERVER, 993)

  187.         m.login(TEST_ADDRESS, TEST_PASSWORD)

  188.         m.select()

  189. 

  190.         # Assert the message exists

  191.         typ, data = m.search(None, '(SUBJECT \"{}\")'.format(subject))

  192.         self.assertTrue(len(data[0].split()), 1)

  193. 

  194.         # Delete it & logout

  195.         m.store(data[0].strip(), '+FLAGS', '\\Deleted')

  196.         m.expunge()

  197.         m.close()

  198.         m.logout()

  199. 

  200.     def assertPOP3Received(self, subject):

  201.         """Connects with POP3S and asserts the existence of an email, then deletes it"""

  202.         import poplib

  203. 

  204.         sleep(1)

  205. 

  206.         # Login to POP3

  207.         mail = poplib.POP3_SSL(TEST_SERVER, 995)

  208.         mail.user(TEST_ADDRESS)

  209.         mail.pass_(TEST_PASSWORD)

  210. 

  211.         # Assert the message exists

  212.         num = len(mail.list()[1])

  213.         resp, text, octets = mail.retr(num)

  214.         self.assertTrue("Subject: " + subject in text)

  215. 

  216.         # Delete it and log out

  217.         mail.dele(num)

  218.         mail.quit()

  219. 

  220.     def test_imap_requires_ssl(self):

  221.         """IMAP without SSL is NOT available"""

  222.         import imaplib

  223. 

  224.         with self.assertRaisesRegexp(socket.timeout, 'timed out'):

  225.             imaplib.IMAP4(TEST_SERVER, 143)

  226. 

  227.     def test_pop3_requires_ssl(self):

  228.         """POP3 without SSL is NOT available"""

  229.         import poplib

  230. 

  231.         with self.assertRaisesRegexp(socket.timeout, 'timed out'):

  232.             poplib.POP3(TEST_SERVER, 110)

  233. 

  234.     def test_smtps(self):

  235.         """Email sent from an MUA via SMTPS is delivered"""

  236.         import smtplib

  237.         msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')

  238.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  239.         s.login(TEST_ADDRESS, TEST_PASSWORD)

  240.         s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)

  241.         s.quit()

  242.         self.assertIMAPReceived(subject)

  243. 

  244.     def test_smtps_delimiter_to(self):

  245.         """Email sent to address with delimiter is delivered"""

  246.         import smtplib

  247.         msg, subject = new_message(TEST_ADDRESS, 'root+foo@sovereign.local')

  248.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  249.         s.login(TEST_ADDRESS, TEST_PASSWORD)

  250.         s.sendmail(TEST_ADDRESS, ['root+foo@sovereign.local'], msg)

  251.         s.quit()

  252.         self.assertIMAPReceived(subject)

  253. 

  254.     def test_smtps_requires_auth(self):

  255.         """SMTPS with no authentication is rejected"""

  256.         import smtplib

  257.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  258. 

  259.         with self.assertRaisesRegexp(smtplib.SMTPRecipientsRefused, 'Access denied'):

  260.             s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], 'Test')

  261. 

  262.         s.quit()

  263. 

  264.     def test_smtp(self):

  265.         """Email sent from an MTA is delivered"""

  266.         import smtplib

  267.         msg, subject = new_message('someone@example.com', TEST_ADDRESS)

  268.         s = smtplib.SMTP(TEST_SERVER, 25)

  269.         s.sendmail('someone@example.com', [TEST_ADDRESS], msg)

  270.         s.quit()

  271.         self.assertIMAPReceived(subject)

  272. 

  273.     def test_smtp_tls(self):

  274.         """Email sent from an MTA via SMTP+TLS is delivered"""

  275.         import smtplib

  276.         msg, subject = new_message('someone@example.com', TEST_ADDRESS)

  277.         s = smtplib.SMTP(TEST_SERVER, 25)

  278.         s.starttls()

  279.         s.sendmail('someone@example.com', [TEST_ADDRESS], msg)

  280.         s.quit()

  281.         self.assertIMAPReceived(subject)

  282. 

  283.     def test_smtps_headers(self):

  284.         """Email sent from an MUA has DKIM and TLS headers"""

  285.         import smtplib

  286.         import imaplib

  287. 

  288.         # Send a message to root

  289.         msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')

  290.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  291.         s.login(TEST_ADDRESS, TEST_PASSWORD)

  292.         s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)

  293.         s.quit()

  294. 

  295.         sleep(1)

  296. 

  297.         # Get the message

  298.         m = imaplib.IMAP4_SSL(TEST_SERVER, 993)

  299.         m.login(TEST_ADDRESS, TEST_PASSWORD)

  300.         m.select()

  301.         _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))

  302.         _, data = m.fetch(res[0], '(RFC822)')

  303. 

  304.         self.assertIn(

  305.             'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sovereign.local;',

  306.             data[0][1]

  307.         )

  308. 

  309.         self.assertIn(

  310.             'ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)',

  311.             data[0][1]

  312.         )

  313. 

  314.         # Clean up

  315.         m.store(res[0].strip(), '+FLAGS', '\\Deleted')

  316.         m.expunge()

  317.         m.close()

  318.         m.logout()

  319. 

  320.     def test_smtp_headers(self):

  321.         """Email sent from an MTA via SMTP+TLS has TLS headers"""

  322.         import smtplib

  323.         import imaplib

  324. 

  325.         # Send a message to root

  326.         msg, subject = new_message('someone@example.com', TEST_ADDRESS)

  327.         s = smtplib.SMTP(TEST_SERVER, 25)

  328.         s.starttls()

  329.         s.sendmail('someone@example.com', [TEST_ADDRESS], msg)

  330.         s.quit()

  331. 

  332.         sleep(1)

  333. 

  334.         # Get the message

  335.         m = imaplib.IMAP4_SSL(TEST_SERVER, 993)

  336.         m.login(TEST_ADDRESS, TEST_PASSWORD)

  337.         m.select()

  338.         _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))

  339.         _, data = m.fetch(res[0], '(RFC822)')

  340. 

  341.         self.assertIn(

  342.             'ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)',

  343.             data[0][1]

  344.         )

  345. 

  346.         # Clean up

  347.         m.store(res[0].strip(), '+FLAGS', '\\Deleted')

  348.         m.expunge()

  349.         m.close()

  350.         m.logout()

  351. 

  352.     def test_pop3s(self):

  353.         """Connects with POP3S and asserts the existance of an email, then deletes it"""

  354.         import smtplib

  355.         msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')

  356.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  357.         s.login(TEST_ADDRESS, TEST_PASSWORD)

  358.         s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)

  359.         s.quit()

  360.         self.assertPOP3Received(subject)

  361. 

  362. 

  363. class XMPPTests(unittest.TestCase):

  364.     def test_xmpp_c2s(self):

  365.         """Prosody is listening on 5222 for clients and requiring TLS"""

  366. 

  367.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  368.         s.connect((TEST_SERVER, 5222))

  369. 

  370.         # Based off http://wiki.xmpp.org/web/Programming_Jabber_Clients

  371.         s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "

  372.                "xmlns='jabber:client' to='sovereign.local' version='1.0'>")

  373. 

  374.         data = s.recv(1024)

  375.         s.close()

  376. 

  377.         self.assertRegexpMatches(

  378.             data,

  379.             "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>"

  380.         )

  381. 

  382.     def test_xmpp_s2s(self):

  383.         """Prosody is listening on 5269 for servers"""

  384. 

  385.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  386.         s.connect((TEST_SERVER, 5269))

  387. 

  388.         # Base off http://xmpp.org/extensions/xep-0114.html

  389.         s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "

  390.                "xmlns='jabber:component:accept' to='sovereign.local'>")

  391. 

  392.         data = s.recv(1024)

  393.         s.close()

  394. 

  395.         self.assertRegexpMatches(

  396.             data,

  397.             "from='sovereign.local'"

  398.         )