package main import ( "os" "strings" "testing" . "github.com/onsi/gomega" ) type ValidatorTest struct { authEmailFileName string done chan bool updateSeen bool } func NewValidatorTest(t *testing.T) *ValidatorTest { vt := &ValidatorTest{} var err error f, err := os.CreateTemp("", "test_auth_emails_") if err != nil { t.Fatalf("failed to create temp file: %v", err) } if err := f.Close(); err != nil { t.Fatalf("failed to close temp file: %v", err) } vt.authEmailFileName = f.Name() vt.done = make(chan bool, 1) return vt } func (vt *ValidatorTest) TearDown() { vt.done <- true os.Remove(vt.authEmailFileName) } func (vt *ValidatorTest) NewValidator(domains []string, updated chan<- bool) func(string) bool { return newValidatorImpl(domains, vt.authEmailFileName, vt.done, func() { if vt.updateSeen == false { updated <- true vt.updateSeen = true } }) } func (vt *ValidatorTest) WriteEmails(t *testing.T, emails []string) { f, err := os.OpenFile(vt.authEmailFileName, os.O_WRONLY, 0600) if err != nil { t.Fatalf("failed to open auth email file: %v", err) } if _, err := f.WriteString(strings.Join(emails, "\n")); err != nil { t.Fatalf("failed to write emails to auth email file: %v", err) } if err := f.Close(); err != nil { t.Fatalf("failed to close auth email file: %v", err) } } func TestValidatorOverwriteEmailListDirectly(t *testing.T) { testCasesPreUpdate := []struct { name string email string expectedAuthZ bool }{ { name: "FirstEmailInList", email: "[email protected]", expectedAuthZ: true, }, { name: "SecondEmailInList", email: "[email protected]", expectedAuthZ: true, }, { name: "EmailNotInListThatMatchesNoDomains", email: "[email protected]", expectedAuthZ: false, }, } testCasesPostUpdate := []struct { name string email string expectedAuthZ bool }{ { name: "email removed from list", email: "[email protected]", expectedAuthZ: false, }, { name: "email retained in list", email: "[email protected]", expectedAuthZ: true, }, { name: "email added to list", email: "[email protected]", expectedAuthZ: true, }, } vt := NewValidatorTest(t) defer vt.TearDown() vt.WriteEmails(t, []string{ "[email protected]", "[email protected]", }) updated := make(chan bool) validator := vt.NewValidator([]string(nil), updated) for _, tc := range testCasesPreUpdate { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) authorized := validator(tc.email) g.Expect(authorized).To(Equal(tc.expectedAuthZ)) }) } vt.WriteEmails(t, []string{ "[email protected]", "[email protected]", }) <-updated for _, tc := range testCasesPostUpdate { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) authorized := validator(tc.email) g.Expect(authorized).To(Equal(tc.expectedAuthZ)) }) } } func TestValidatorCases(t *testing.T) { testCases := []struct { name string allowedEmails []string allowedDomains []string email string expectedAuthZ bool }{ { name: "EmailNotInCorrect1stSubDomainsNotInEmails", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "EmailNotInCorrect1stSubDomainsNotInEmailsWildcard", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"*.example0.com", "*.example1.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "EmailInFirstDomain", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailInFirstDomainWildcard", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"*.example0.com", "*.example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailNotInCorrect2ndSubDomainsNotInEmails", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "EmailInSecondDomain", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailInSecondDomainWildcard", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"*.example0.com", "*.example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailInFirstEmailList", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailInFirstEmailListWildcard", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"*.example0.com", "*.example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailNotInDomainsNotInEmails", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "EmailInLastEmailList", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{".example0.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailIn1stSubdomain", allowedEmails: nil, allowedDomains: []string{"us.example.com", "de.example.com", "example.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailIn2ndSubdomain", allowedEmails: nil, allowedDomains: []string{"us.example.com", "de.example.com", "example.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailNotInAnySubdomain", allowedEmails: nil, allowedDomains: []string{"us.example.com", "de.example.com", "example.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "EmailInLastSubdomain", allowedEmails: nil, allowedDomains: []string{"us.example.com", "de.example.com", "example.com"}, email: "[email protected]", expectedAuthZ: true, }, { name: "EmailDomainNotCompletelyMatch", allowedEmails: nil, allowedDomains: []string{".example.com", ".example1.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "HackerExtraDomainPrefix1", allowedEmails: nil, allowedDomains: []string{".mycompany.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "HackerExtraDomainPrefix2", allowedEmails: nil, allowedDomains: []string{".mycompany.com"}, email: "[email protected]", expectedAuthZ: false, }, { name: "EmptyDomainAndEmailList", allowedEmails: []string(nil), allowedDomains: []string(nil), email: "[email protected]", expectedAuthZ: false, }, { name: "EmailMatchWithAllowedEmails", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"example.com"}, expectedAuthZ: true, }, { name: "EmailFromSameDomainButNotInList", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string(nil), expectedAuthZ: false, }, { name: "EmailMatchOnDomain", email: "[email protected]", allowedEmails: []string(nil), allowedDomains: []string{"example.com"}, expectedAuthZ: true, }, { name: "EmailMatchOnDomain2", email: "[email protected]", allowedEmails: []string(nil), allowedDomains: []string{"example.com"}, expectedAuthZ: true, }, { name: "EmailFromFirstDomainShouldValidate", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"example0.com", "example1.com"}, expectedAuthZ: true, }, { name: "EmailFromSecondDomainShouldValidate", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"example0.com", "example1.com"}, expectedAuthZ: true, }, { name: "FirstEmailInListShouldValidate", email: "[email protected]", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"example0.com", "example1.com"}, expectedAuthZ: true, }, { name: "SecondEmailInListShouldValidate", email: "[email protected]", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"example0.com", "example1.com"}, expectedAuthZ: true, }, { name: "EmailNotInListThatMatchesNoDomains ", email: "[email protected]", allowedEmails: []string{"[email protected]", "[email protected]"}, allowedDomains: []string{"example0.com", "example1.com"}, expectedAuthZ: false, }, { name: "LoadedEmailAddressesAreNotLowerCased", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"Frobozz.Com"}, expectedAuthZ: true, }, { name: "ValidatedEmailAddressesAreNotLowerCased", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"Frobozz.Com"}, expectedAuthZ: true, }, { name: "LoadedDomainsAreNotLowerCased", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"Frobozz.Com"}, expectedAuthZ: true, }, { name: "ValidatedDomainsAreNotLowerCased", email: "[email protected]", allowedEmails: []string{"[email protected]"}, allowedDomains: []string{"Frobozz.Com"}, expectedAuthZ: true, }, { name: "IgnoreSpacesInAuthEmails", email: "[email protected]", allowedEmails: []string{" [email protected] "}, allowedDomains: []string(nil), expectedAuthZ: true, }, { name: "IgnorePrefixSpacesInAuthEmails", email: "[email protected]", allowedEmails: []string{" [email protected]"}, allowedDomains: []string(nil), expectedAuthZ: true, }, { name: "CheckForEqualityNotSuffix", email: "[email protected]", allowedEmails: []string(nil), allowedDomains: []string{".company.com"}, expectedAuthZ: false, }, { name: "CheckForEqualityNotSuffix2", email: "[email protected]", allowedEmails: []string(nil), allowedDomains: []string{"company.com"}, expectedAuthZ: false, }, { name: "CheckForEqualityNotSuffixWildcard", email: "[email protected]", allowedEmails: []string(nil), allowedDomains: []string{"*.company.com"}, expectedAuthZ: false, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { vt := NewValidatorTest(t) defer vt.TearDown() g := NewWithT(t) vt.WriteEmails(t, tc.allowedEmails) validator := vt.NewValidator(tc.allowedDomains, nil) authorized := validator(tc.email) g.Expect(authorized).To(Equal(tc.expectedAuthZ)) }) } }