[PATCH 11/11] lei: check for IMAP auth errors

Wed, 17 Feb 2021 02:08:00 -0800 

We need to ensure authentication failures and error codes get
propagated to the parent process(es) properly.  For now, this
will just be a maintainer test which hits a read/write IMAP
server on public-inbox.org on a non-standard port with invalid
credentials.
---
 lib/PublicInbox/LeiAuth.pm   |  1 +
 lib/PublicInbox/NetReader.pm |  3 +++
 xt/lei-auth-fail.t           | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 xt/lei-auth-fail.t

diff --git a/lib/PublicInbox/LeiAuth.pm b/lib/PublicInbox/LeiAuth.pm
index 7210af99..7acb9900 100644
--- a/lib/PublicInbox/LeiAuth.pm
+++ b/lib/PublicInbox/LeiAuth.pm
@@ -42,6 +42,7 @@ sub auth_eof {
 
 sub auth_start {
        my ($self, $lei, $post_auth_cb, @args) = @_;
+       $lei->_lei_cfg(1); # workers may need to read config
        my $op = $lei->workers_start($self, 'auth', 1, {
                'nrd_merge' => [ \&nrd_merge, $lei ],
                '' => [ \&auth_eof, $lei, $post_auth_cb, @args ],
diff --git a/lib/PublicInbox/NetReader.pm b/lib/PublicInbox/NetReader.pm
index ad8c18d0..61ea538b 100644
--- a/lib/PublicInbox/NetReader.pm
+++ b/lib/PublicInbox/NetReader.pm
@@ -89,6 +89,9 @@ sub mic_for { # mic = Mail::IMAPClient
                $self->{mic_arg}->{uri_section($uri)} = $mic_arg;
        } else {
                $err = "E: <$url> LOGIN: $@\n";
+               if ($cred && defined($cred->{password})) {
+                       $err =~ s/\Q$cred->{password}\E/*******/g;
+               }
                $mic = undef;
        }
        $cred->run($mic ? 'approve' : 'reject') if $cred;
diff --git a/xt/lei-auth-fail.t b/xt/lei-auth-fail.t
new file mode 100644
index 00000000..5308d0f9
--- /dev/null
+++ b/xt/lei-auth-fail.t
@@ -0,0 +1,20 @@
+#!perl -w
+# Copyright (C) 2021 all contributors <[email protected]>
+# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
+use strict; use v5.10.1; use PublicInbox::TestCommon;
+
+# TODO: mock IMAP server which fails at authentication so we don't
+# have to make external connections to test this:
+my $imap_fail = $ENV{TEST_LEI_IMAP_FAIL_URL} //
+       'imaps://AzureDiamond:[email protected]:994/INBOX';
+test_lei(sub {
+       ok(!lei(qw(convert -o mboxrd:/dev/stdout), $imap_fail),
+               'IMAP auth failure on convert');
+       like($lei_err, qr!\bE:.*?imaps://.*?!sm, 'error shown');
+       unlike($lei_err, qr!Hunter2!s, 'password not shown');
+       is($lei_out, '', 'nothing output');
+       ok(!lei(qw(import), $imap_fail), 'IMAP auth failure on import');
+       like($lei_err, qr!\bE:.*?imaps://.*?!sm, 'error shown');
+       unlike($lei_err, qr!Hunter2!s, 'password not shown');
+});
+done_testing;
--
unsubscribe: one-click, see List-Unsubscribe header
archive: https://public-inbox.org/meta/

Reply via email to