rusackas commented on code in PR #40647:
URL: https://github.com/apache/superset/pull/40647#discussion_r3464199914
##########
tests/unit_tests/config_test.py:
##########
@@ -312,3 +312,123 @@ def test_full_setting(
assert dttm_col.is_dttm
assert dttm_col.python_date_format == "epoch_s"
assert dttm_col.expression == "CAST(dttm as INTEGER)"
+
+
+def test_smtp_ssl_server_auth_defaults_to_true() -> None:
+ """
+ The shipped default for SMTP_SSL_SERVER_AUTH validates the SMTP server's
+ TLS certificate. Operators can still opt out by overriding it to False.
+ """
+ from superset import config
+
+ assert config.SMTP_SSL_SERVER_AUTH is True
+
+
+def _smtp_config(**overrides: Any) -> dict[str, Any]:
+ """
+ Build a minimal SMTP config dict for ``send_mime_email`` tests, with
+ plaintext transport defaults; keyword ``overrides`` replace any key.
+ """
+ config = {
+ "SMTP_HOST": "localhost",
+ "SMTP_PORT": 25,
+ "SMTP_USER": "",
+ "SMTP_PASSWORD": "",
+ "SMTP_STARTTLS": False,
+ "SMTP_SSL": False,
+ "SMTP_SSL_SERVER_AUTH": True,
+ }
+ config.update(overrides)
+ return config
+
+
+def test_send_mime_email_ssl_server_auth_passes_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ With SMTP_SSL and SMTP_SSL_SERVER_AUTH enabled, ``send_mime_email`` builds
a
+ default SSL context and threads it through to ``smtplib.SMTP_SSL`` so the
+ server certificate is validated.
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp_ssl = mocker.patch("smtplib.SMTP_SSL")
+ smtp = mocker.patch("smtplib.SMTP")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=True),
+ dryrun=False,
+ )
+
+ create_default_context.assert_called_once_with()
+ assert not smtp.called
+ smtp_ssl.assert_called_once_with(
+ "localhost", 25, context=create_default_context.return_value
+ )
Review Comment:
Good catch — fixed; #41250 added `timeout` to the `SMTP_SSL` call after
these tests were written. Updated the assertion to expect `timeout=30`.
##########
tests/unit_tests/config_test.py:
##########
@@ -312,3 +312,123 @@ def test_full_setting(
assert dttm_col.is_dttm
assert dttm_col.python_date_format == "epoch_s"
assert dttm_col.expression == "CAST(dttm as INTEGER)"
+
+
+def test_smtp_ssl_server_auth_defaults_to_true() -> None:
+ """
+ The shipped default for SMTP_SSL_SERVER_AUTH validates the SMTP server's
+ TLS certificate. Operators can still opt out by overriding it to False.
+ """
+ from superset import config
+
+ assert config.SMTP_SSL_SERVER_AUTH is True
+
+
+def _smtp_config(**overrides: Any) -> dict[str, Any]:
+ """
+ Build a minimal SMTP config dict for ``send_mime_email`` tests, with
+ plaintext transport defaults; keyword ``overrides`` replace any key.
+ """
+ config = {
+ "SMTP_HOST": "localhost",
+ "SMTP_PORT": 25,
+ "SMTP_USER": "",
+ "SMTP_PASSWORD": "",
+ "SMTP_STARTTLS": False,
+ "SMTP_SSL": False,
+ "SMTP_SSL_SERVER_AUTH": True,
+ }
+ config.update(overrides)
+ return config
+
+
+def test_send_mime_email_ssl_server_auth_passes_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ With SMTP_SSL and SMTP_SSL_SERVER_AUTH enabled, ``send_mime_email`` builds
a
+ default SSL context and threads it through to ``smtplib.SMTP_SSL`` so the
+ server certificate is validated.
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp_ssl = mocker.patch("smtplib.SMTP_SSL")
+ smtp = mocker.patch("smtplib.SMTP")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=True),
+ dryrun=False,
+ )
+
+ create_default_context.assert_called_once_with()
+ assert not smtp.called
+ smtp_ssl.assert_called_once_with(
+ "localhost", 25, context=create_default_context.return_value
+ )
+
+
+def test_send_mime_email_starttls_server_auth_passes_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ With STARTTLS and SMTP_SSL_SERVER_AUTH enabled, ``send_mime_email`` builds
a
+ default SSL context and threads it through to ``starttls`` so the server
+ certificate is validated.
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp = mocker.patch("smtplib.SMTP")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_STARTTLS=True, SMTP_SSL_SERVER_AUTH=True),
+ dryrun=False,
+ )
+
+ create_default_context.assert_called_once_with()
+ smtp.return_value.starttls.assert_called_once_with(
+ context=create_default_context.return_value
+ )
+
+
+def test_send_mime_email_server_auth_disabled_skips_context(
+ mocker: MockerFixture,
+) -> None:
+ """
+ When SMTP_SSL_SERVER_AUTH is disabled no SSL context is built and ``None``
is
+ passed through, preserving the opt-out (certificate validation skipped).
+ """
+ from email.mime.multipart import MIMEMultipart
+
+ from superset.utils import core as utils
+
+ create_default_context = mocker.patch(
+ "superset.utils.core.ssl.create_default_context"
+ )
+ smtp_ssl = mocker.patch("smtplib.SMTP_SSL")
+
+ utils.send_mime_email(
+ "from",
+ ["to"],
+ MIMEMultipart(),
+ _smtp_config(SMTP_SSL=True, SMTP_SSL_SERVER_AUTH=False),
+ dryrun=False,
+ )
+
+ assert not create_default_context.called
+ smtp_ssl.assert_called_once_with("localhost", 25, context=None)
Review Comment:
Fixed here too — added `timeout=30` to the assertion.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
