[PATCHv3 4/4] lei: check for IMAP auth errors

[Eric Wong]

We need to ensure authentication failures and error codes get
propagated to the parent process(es) properly.

v2: update MANIFEST
v3: LeiAuth.pm ->_lei_cfg bit moved to a previous commit
---
 MANIFEST                     |  1 +
 lib/PublicInbox/NetReader.pm |  3 +++
 xt/lei-auth-fail.t           | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 xt/lei-auth-fail.t

diff --git a/MANIFEST b/MANIFEST
index 19f73356..3d9ad616 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -466,6 +466,7 @@ xt/git_async_cmp.t
 xt/httpd-async-stream.t
 xt/imapd-mbsync-oimap.t
 xt/imapd-validate.t
+xt/lei-auth-fail.t
 xt/lei-sigpipe.t
 xt/mem-imapd-tls.t
 xt/mem-msgview.t
diff --git a/lib/PublicInbox/NetReader.pm b/lib/PublicInbox/NetReader.pm
index ad8c18d0..61ea538b 100644
--- a/lib/PublicInbox/NetReader.pm
+++ b/lib/PublicInbox/NetReader.pm
@@ -89,6 +89,9 @@ sub mic_for { # mic = Mail::IMAPClient
                $self->{mic_arg}->{uri_section($uri)} = $mic_arg;
        } else {
                $err = "E: <$url> LOGIN: $@\n";
+               if ($cred && defined($cred->{password})) {
+                       $err =~ s/\Q$cred->{password}\E/*******/g;
+               }
                $mic = undef;
        }
        $cred->run($mic ? 'approve' : 'reject') if $cred;
diff --git a/xt/lei-auth-fail.t b/xt/lei-auth-fail.t
new file mode 100644
index 00000000..5308d0f9
--- /dev/null
+++ b/xt/lei-auth-fail.t
@@ -0,0 +1,20 @@
+#!perl -w
+# Copyright (C) 2021 all contributors <meta@public-inbox.org>
+# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
+use strict; use v5.10.1; use PublicInbox::TestCommon;
+
+# TODO: mock IMAP server which fails at authentication so we don't
+# have to make external connections to test this:
+my $imap_fail = $ENV{TEST_LEI_IMAP_FAIL_URL} //
+       'imaps://AzureDiamond:hunt...@public-inbox.org:994/INBOX';
+test_lei(sub {
+       ok(!lei(qw(convert -o mboxrd:/dev/stdout), $imap_fail),
+               'IMAP auth failure on convert');
+       like($lei_err, qr!\bE:.*?imaps://.*?!sm, 'error shown');
+       unlike($lei_err, qr!Hunter2!s, 'password not shown');
+       is($lei_out, '', 'nothing output');
+       ok(!lei(qw(import), $imap_fail), 'IMAP auth failure on import');
+       like($lei_err, qr!\bE:.*?imaps://.*?!sm, 'error shown');
+       unlike($lei_err, qr!Hunter2!s, 'password not shown');
+});
+done_testing;
--
unsubscribe: one-click, see List-Unsubscribe header
archive: https://public-inbox.org/meta/