]>
Commit | Line | Data |
---|---|---|
84fb5b46 MKG |
1 | # BEGIN BPS TAGGED BLOCK {{{ |
2 | # | |
3 | # COPYRIGHT: | |
4 | # | |
403d7b0b | 5 | # This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC |
84fb5b46 MKG |
6 | # <sales@bestpractical.com> |
7 | # | |
8 | # (Except where explicitly superseded by other copyright notices) | |
9 | # | |
10 | # | |
11 | # LICENSE: | |
12 | # | |
13 | # This work is made available to you under the terms of Version 2 of | |
14 | # the GNU General Public License. A copy of that license should have | |
15 | # been provided with this software, but in any event can be snarfed | |
16 | # from www.gnu.org. | |
17 | # | |
18 | # This work is distributed in the hope that it will be useful, but | |
19 | # WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
21 | # General Public License for more details. | |
22 | # | |
23 | # You should have received a copy of the GNU General Public License | |
24 | # along with this program; if not, write to the Free Software | |
25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
26 | # 02110-1301 or visit their web page on the internet at | |
27 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. | |
28 | # | |
29 | # | |
30 | # CONTRIBUTION SUBMISSION POLICY: | |
31 | # | |
32 | # (The following paragraph is not intended to limit the rights granted | |
33 | # to you to modify and distribute this software under the terms of | |
34 | # the GNU General Public License and is only of importance to you if | |
35 | # you choose to contribute your changes and enhancements to the | |
36 | # community by submitting them to Best Practical Solutions, LLC.) | |
37 | # | |
38 | # By intentionally submitting any modifications, corrections or | |
39 | # derivatives to this work, or any other work intended for use with | |
40 | # Request Tracker, to Best Practical Solutions, LLC, you confirm that | |
41 | # you are the copyright holder for those contributions and you grant | |
42 | # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, | |
43 | # royalty-free, perpetual, license to use, copy, create derivative | |
44 | # works based on those contributions, and sublicense and distribute | |
45 | # those contributions and any derivatives thereof. | |
46 | # | |
47 | # END BPS TAGGED BLOCK }}} | |
48 | ||
49 | package RT::Test::GnuPG; | |
50 | use strict; | |
403d7b0b | 51 | use warnings; |
84fb5b46 MKG |
52 | use Test::More; |
53 | use base qw(RT::Test); | |
54 | use File::Temp qw(tempdir); | |
55 | ||
56 | our @EXPORT = | |
57 | qw(create_a_ticket update_ticket cleanup_headers set_queue_crypt_options | |
58 | check_text_emails send_email_and_check_transaction | |
59 | create_and_test_outgoing_emails | |
60 | ); | |
61 | ||
62 | sub import { | |
63 | my $class = shift; | |
64 | my %args = @_; | |
65 | my $t = $class->builder; | |
66 | ||
67 | $t->plan( skip_all => 'GnuPG required.' ) | |
68 | unless eval { require GnuPG::Interface; 1 }; | |
69 | $t->plan( skip_all => 'gpg executable is required.' ) | |
70 | unless RT::Test->find_executable('gpg'); | |
71 | ||
84fb5b46 | 72 | $class->SUPER::import(%args); |
403d7b0b | 73 | require RT::Crypt::GnuPG; |
c36a7e1d MKG |
74 | return $class->export_to_level(1) |
75 | if $^C; | |
84fb5b46 MKG |
76 | |
77 | RT::Test::diag "GnuPG --homedir " . RT->Config->Get('GnuPGOptions')->{'homedir'}; | |
78 | ||
79 | $class->set_rights( | |
80 | Principal => 'Everyone', | |
81 | Right => ['CreateTicket', 'ShowTicket', 'SeeQueue', 'ReplyToTicket', 'ModifyTicket'], | |
82 | ); | |
83 | ||
84 | $class->export_to_level(1); | |
85 | } | |
86 | ||
87 | sub bootstrap_more_config { | |
88 | my $self = shift; | |
89 | my $handle = shift; | |
90 | my $args = shift; | |
91 | ||
92 | $self->SUPER::bootstrap_more_config($handle, $args, @_); | |
93 | ||
94 | my %gnupg_options = ( | |
95 | 'no-permission-warning' => undef, | |
96 | $args->{gnupg_options} ? %{ $args->{gnupg_options} } : (), | |
97 | ); | |
98 | $gnupg_options{homedir} ||= scalar tempdir( CLEANUP => 1 ); | |
99 | ||
100 | use Data::Dumper; | |
101 | local $Data::Dumper::Terse = 1; # "{...}" instead of "$VAR1 = {...};" | |
102 | my $dumped_gnupg_options = Dumper(\%gnupg_options); | |
103 | ||
104 | print $handle qq{ | |
105 | Set(\%GnuPG, ( | |
106 | Enable => 1, | |
107 | OutgoingMessagesFormat => 'RFC', | |
108 | )); | |
109 | Set(\%GnuPGOptions => \%{ $dumped_gnupg_options }); | |
110 | Set(\@MailPlugins => qw(Auth::MailFrom Auth::GnuPG)); | |
111 | }; | |
112 | ||
113 | } | |
114 | ||
115 | sub create_a_ticket { | |
116 | my $queue = shift; | |
117 | my $mail = shift; | |
118 | my $m = shift; | |
119 | my %args = (@_); | |
120 | ||
121 | RT::Test->clean_caught_mails; | |
122 | ||
123 | $m->goto_create_ticket( $queue ); | |
124 | $m->form_name('TicketCreate'); | |
125 | $m->field( Subject => 'test' ); | |
126 | $m->field( Requestors => 'rt-test@example.com' ); | |
127 | $m->field( Content => 'Some content' ); | |
128 | ||
129 | foreach ( qw(Sign Encrypt) ) { | |
130 | if ( $args{ $_ } ) { | |
131 | $m->tick( $_ => 1 ); | |
132 | } else { | |
133 | $m->untick( $_ => 1 ); | |
134 | } | |
135 | } | |
136 | ||
137 | $m->submit; | |
138 | is $m->status, 200, "request successful"; | |
139 | ||
140 | $m->content_lacks("unable to sign outgoing email messages"); | |
141 | ||
142 | ||
143 | my @mail = RT::Test->fetch_caught_mails; | |
144 | check_text_emails(\%args, @mail ); | |
145 | categorize_emails($mail, \%args, @mail ); | |
146 | } | |
147 | ||
148 | sub update_ticket { | |
149 | my $tid = shift; | |
150 | my $mail = shift; | |
151 | my $m = shift; | |
152 | my %args = (@_); | |
153 | ||
154 | RT::Test->clean_caught_mails; | |
155 | ||
156 | $m->get( $m->rt_base_url . "/Ticket/Update.html?Action=Respond&id=$tid" ); | |
157 | $m->form_number(3); | |
158 | $m->field( UpdateContent => 'Some content' ); | |
159 | ||
160 | foreach ( qw(Sign Encrypt) ) { | |
161 | if ( $args{ $_ } ) { | |
162 | $m->tick( $_ => 1 ); | |
163 | } else { | |
164 | $m->untick( $_ => 1 ); | |
165 | } | |
166 | } | |
167 | ||
168 | $m->click('SubmitTicket'); | |
169 | is $m->status, 200, "request successful"; | |
170 | $m->content_contains("Message recorded", 'Message recorded') or diag $m->content; | |
171 | ||
172 | ||
173 | my @mail = RT::Test->fetch_caught_mails; | |
174 | check_text_emails(\%args, @mail ); | |
175 | categorize_emails($mail, \%args, @mail ); | |
176 | } | |
177 | ||
178 | sub categorize_emails { | |
179 | my $mail = shift; | |
180 | my $args = shift; | |
181 | my @mail = @_; | |
182 | ||
183 | if ( $args->{'Sign'} && $args->{'Encrypt'} ) { | |
184 | push @{ $mail->{'signed_encrypted'} }, @mail; | |
185 | } | |
186 | elsif ( $args->{'Sign'} ) { | |
187 | push @{ $mail->{'signed'} }, @mail; | |
188 | } | |
189 | elsif ( $args->{'Encrypt'} ) { | |
190 | push @{ $mail->{'encrypted'} }, @mail; | |
191 | } | |
192 | else { | |
193 | push @{ $mail->{'plain'} }, @mail; | |
194 | } | |
195 | } | |
196 | ||
197 | sub check_text_emails { | |
198 | my %args = %{ shift @_ }; | |
199 | my @mail = @_; | |
200 | ||
201 | ok scalar @mail, "got some mail"; | |
202 | for my $mail (@mail) { | |
203 | for my $type ('email', 'attachment') { | |
204 | next if $type eq 'attachment' && !$args{'Attachment'}; | |
205 | ||
206 | my $content = $type eq 'email' | |
207 | ? "Some content" | |
208 | : "Attachment content"; | |
209 | ||
210 | if ( $args{'Encrypt'} ) { | |
211 | unlike $mail, qr/$content/, "outgoing $type was encrypted"; | |
212 | } else { | |
213 | like $mail, qr/$content/, "outgoing $type was not encrypted"; | |
214 | } | |
215 | ||
216 | next unless $type eq 'email'; | |
217 | ||
218 | if ( $args{'Sign'} && $args{'Encrypt'} ) { | |
219 | like $mail, qr/BEGIN PGP MESSAGE/, 'outgoing email was signed'; | |
220 | } elsif ( $args{'Sign'} ) { | |
221 | like $mail, qr/SIGNATURE/, 'outgoing email was signed'; | |
222 | } else { | |
223 | unlike $mail, qr/SIGNATURE/, 'outgoing email was not signed'; | |
224 | } | |
225 | } | |
226 | } | |
227 | } | |
228 | ||
229 | sub cleanup_headers { | |
230 | my $mail = shift; | |
231 | # strip id from subject to create new ticket | |
232 | $mail =~ s/^(Subject:)\s*\[.*?\s+#\d+\]\s*/$1 /m; | |
233 | # strip several headers | |
234 | foreach my $field ( qw(Message-ID X-RT-Original-Encoding RT-Originator RT-Ticket X-RT-Loop-Prevention) ) { | |
235 | $mail =~ s/^$field:.*?\n(?! |\t)//gmsi; | |
236 | } | |
237 | return $mail; | |
238 | } | |
239 | ||
240 | sub set_queue_crypt_options { | |
241 | my $queue = shift; | |
242 | my %args = @_; | |
243 | $queue->SetEncrypt($args{'Encrypt'}); | |
244 | $queue->SetSign($args{'Sign'}); | |
245 | } | |
246 | ||
247 | sub send_email_and_check_transaction { | |
248 | my $mail = shift; | |
249 | my $type = shift; | |
250 | ||
251 | my ( $status, $id ) = RT::Test->send_via_mailgate($mail); | |
252 | is( $status >> 8, 0, "The mail gateway exited normally" ); | |
253 | ok( $id, "got id of a newly created ticket - $id" ); | |
254 | ||
255 | my $tick = RT::Ticket->new( RT->SystemUser ); | |
256 | $tick->Load($id); | |
257 | ok( $tick->id, "loaded ticket #$id" ); | |
258 | ||
259 | my $txn = $tick->Transactions->First; | |
260 | my ( $msg, @attachments ) = @{ $txn->Attachments->ItemsArrayRef }; | |
261 | ||
262 | if ( $attachments[0] ) { | |
263 | like $attachments[0]->Content, qr/Some content/, | |
264 | "RT's mail includes copy of ticket text"; | |
265 | } | |
266 | else { | |
267 | like $msg->Content, qr/Some content/, | |
268 | "RT's mail includes copy of ticket text"; | |
269 | } | |
270 | ||
271 | if ( $type eq 'plain' ) { | |
272 | ok !$msg->GetHeader('X-RT-Privacy'), "RT's outgoing mail has no crypto"; | |
273 | is $msg->GetHeader('X-RT-Incoming-Encryption'), 'Not encrypted', | |
274 | "RT's outgoing mail looks not encrypted"; | |
275 | ok !$msg->GetHeader('X-RT-Incoming-Signature'), | |
276 | "RT's outgoing mail looks not signed"; | |
277 | } | |
278 | elsif ( $type eq 'signed' ) { | |
279 | is $msg->GetHeader('X-RT-Privacy'), 'PGP', | |
280 | "RT's outgoing mail has crypto"; | |
281 | is $msg->GetHeader('X-RT-Incoming-Encryption'), 'Not encrypted', | |
282 | "RT's outgoing mail looks not encrypted"; | |
283 | like $msg->GetHeader('X-RT-Incoming-Signature'), | |
284 | qr/<rt-recipient\@example.com>/, | |
285 | "RT's outgoing mail looks signed"; | |
286 | } | |
287 | elsif ( $type eq 'encrypted' ) { | |
288 | is $msg->GetHeader('X-RT-Privacy'), 'PGP', | |
289 | "RT's outgoing mail has crypto"; | |
290 | is $msg->GetHeader('X-RT-Incoming-Encryption'), 'Success', | |
291 | "RT's outgoing mail looks encrypted"; | |
292 | ok !$msg->GetHeader('X-RT-Incoming-Signature'), | |
293 | "RT's outgoing mail looks not signed"; | |
294 | ||
295 | } | |
296 | elsif ( $type eq 'signed_encrypted' ) { | |
297 | is $msg->GetHeader('X-RT-Privacy'), 'PGP', | |
298 | "RT's outgoing mail has crypto"; | |
299 | is $msg->GetHeader('X-RT-Incoming-Encryption'), 'Success', | |
300 | "RT's outgoing mail looks encrypted"; | |
301 | like $msg->GetHeader('X-RT-Incoming-Signature'), | |
302 | qr/<rt-recipient\@example.com>/, | |
303 | "RT's outgoing mail looks signed"; | |
304 | } | |
305 | else { | |
306 | die "unknown type: $type"; | |
307 | } | |
308 | } | |
309 | ||
310 | sub create_and_test_outgoing_emails { | |
311 | my $queue = shift; | |
312 | my $m = shift; | |
313 | my @variants = | |
314 | ( {}, { Sign => 1 }, { Encrypt => 1 }, { Sign => 1, Encrypt => 1 }, ); | |
315 | ||
316 | # collect emails | |
317 | my %mail; | |
318 | ||
319 | # create a ticket for each combination | |
320 | foreach my $ticket_set (@variants) { | |
321 | create_a_ticket( $queue, \%mail, $m, %$ticket_set ); | |
322 | } | |
323 | ||
324 | my $tid; | |
325 | { | |
326 | my $ticket = RT::Ticket->new( RT->SystemUser ); | |
327 | ($tid) = $ticket->Create( | |
328 | Subject => 'test', | |
329 | Queue => $queue->id, | |
330 | Requestor => 'rt-test@example.com', | |
331 | ); | |
332 | ok $tid, 'ticket created'; | |
333 | } | |
334 | ||
335 | # again for each combination add a reply message | |
336 | foreach my $ticket_set (@variants) { | |
337 | update_ticket( $tid, \%mail, $m, %$ticket_set ); | |
338 | } | |
339 | ||
340 | # ------------------------------------------------------------------------------ | |
341 | # now delete all keys from the keyring and put back secret/pub pair for rt-test@ | |
342 | # and only public key for rt-recipient@ so we can verify signatures and decrypt | |
343 | # like we are on another side recieve emails | |
344 | # ------------------------------------------------------------------------------ | |
345 | ||
346 | unlink $_ | |
347 | foreach glob( RT->Config->Get('GnuPGOptions')->{'homedir'} . "/*" ); | |
348 | RT::Test->import_gnupg_key( 'rt-recipient@example.com', 'public' ); | |
349 | RT::Test->import_gnupg_key('rt-test@example.com'); | |
350 | ||
351 | $queue = RT::Test->load_or_create_queue( | |
352 | Name => 'Regression', | |
353 | CorrespondAddress => 'rt-test@example.com', | |
354 | CommentAddress => 'rt-test@example.com', | |
355 | ); | |
356 | ok $queue && $queue->id, 'changed props of the queue'; | |
357 | ||
358 | for my $type ( keys %mail ) { | |
359 | for my $mail ( map cleanup_headers($_), @{ $mail{$type} } ) { | |
360 | send_email_and_check_transaction( $mail, $type ); | |
361 | } | |
362 | } | |
363 | } |