mirror of
https://github.com/bitwarden/server.git
synced 2025-04-04 20:50:21 -05:00
559101d7e2
* Add SMTP Mail Tests Co-authored-by: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> * Update test/Core.IntegrationTest/MailKitSmtpMailDeliveryServiceTests.cs * Add Skipped Tests for upcoming feature * Safer TCS Completion --------- Co-authored-by: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com>
411 lines
14 KiB
C#
411 lines
14 KiB
C#
using System.Security.Cryptography;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using Bit.Core.Models.Mail;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Settings;
|
|
using MailKit.Security;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Logging.Abstractions;
|
|
using Rnwood.SmtpServer;
|
|
using Rnwood.SmtpServer.Extensions.Auth;
|
|
using Xunit.Abstractions;
|
|
|
|
namespace Bit.Core.IntegrationTest;
|
|
|
|
public class MailKitSmtpMailDeliveryServiceTests
|
|
{
|
|
private readonly X509Certificate2 _selfSignedCert;
|
|
|
|
public MailKitSmtpMailDeliveryServiceTests(ITestOutputHelper testOutputHelper)
|
|
{
|
|
ConfigureSmtpServerLogging(testOutputHelper);
|
|
|
|
_selfSignedCert = CreateSelfSignedCert("localhost");
|
|
}
|
|
|
|
private static X509Certificate2 CreateSelfSignedCert(string commonName)
|
|
{
|
|
using var rsa = RSA.Create(2048);
|
|
var certRequest = new CertificateRequest($"CN={commonName}", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
|
|
return certRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
|
|
}
|
|
|
|
private static async Task SaveCertAsync(string filePath, X509Certificate2 certificate)
|
|
{
|
|
await File.WriteAllBytesAsync(filePath, certificate.Export(X509ContentType.Cert));
|
|
}
|
|
|
|
private static void ConfigureSmtpServerLogging(ITestOutputHelper testOutputHelper)
|
|
{
|
|
// Unfortunately this package doesn't public expose its logging infrastructure
|
|
// so we use private reflection to try and access it.
|
|
try
|
|
{
|
|
var loggingType = typeof(DefaultServerBehaviour).Assembly.GetType("Rnwood.SmtpServer.Logging")
|
|
?? throw new Exception("No type found in RnWood.SmtpServer named 'Logging'");
|
|
|
|
var factoryProperty = loggingType.GetProperty("Factory")
|
|
?? throw new Exception($"No property named 'Factory' found on class {loggingType.FullName}");
|
|
|
|
var factoryPropertyGet = factoryProperty.GetMethod
|
|
?? throw new Exception($"{loggingType.FullName}.{factoryProperty.Name} does not have a get method.");
|
|
|
|
if (factoryPropertyGet.Invoke(null, null) is not ILoggerFactory loggerFactory)
|
|
{
|
|
throw new Exception($"{loggingType.FullName}.{factoryProperty.Name} is not of type 'ILoggerFactory'" +
|
|
$"instead it's type '{factoryProperty.PropertyType.FullName}'");
|
|
}
|
|
|
|
loggerFactory.AddXUnit(testOutputHelper);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
testOutputHelper.WriteLine($"Failed to configure logging for RnWood.SmtpServer (logging will not be configured):\n{ex.Message}");
|
|
}
|
|
}
|
|
private static int RandomPort()
|
|
{
|
|
return Random.Shared.Next(50000, 60000);
|
|
}
|
|
|
|
private static GlobalSettings GetSettings(Action<GlobalSettings> configure)
|
|
{
|
|
var globalSettings = new GlobalSettings();
|
|
globalSettings.SiteName = "TestSiteName";
|
|
globalSettings.Mail.ReplyToEmail = "test@example.com";
|
|
globalSettings.Mail.Smtp.Host = "localhost";
|
|
// Set common defaults
|
|
configure(globalSettings);
|
|
return globalSettings;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task SendEmailAsync_SmtpServerUsingSelfSignedCert_CertNotInTrustedRootStore_ThrowsException()
|
|
{
|
|
// If an SMTP server is using a self signed cert we currently require
|
|
// that the certificate for their SMTP server is installed in the root CA
|
|
// we are building the ability to do so without installing it, when we add that
|
|
// this test can be copied, and changed to utilize that new feature and instead of
|
|
// failing it should successfully send the email.
|
|
var port = RandomPort();
|
|
var behavior = new DefaultServerBehaviour(false, port, _selfSignedCert);
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = true;
|
|
});
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
await Assert.ThrowsAsync<SslHandshakeException>(
|
|
async () => await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test@example.com"],
|
|
TextContent = "Hi",
|
|
}, new CancellationTokenSource(TimeSpan.FromSeconds(5)).Token)
|
|
);
|
|
}
|
|
|
|
[Fact(Skip = "Upcoming feature")]
|
|
public async Task SendEmailAsync_SmtpServerUsingSelfSignedCert_CertInCustomLocation_Works()
|
|
{
|
|
// If an SMTP server is using a self signed cert we will in the future
|
|
// allow a custom location for certificates to be stored and the certitifactes
|
|
// stored there will also be trusted.
|
|
var port = RandomPort();
|
|
var behavior = new DefaultServerBehaviour(false, port, _selfSignedCert);
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = true;
|
|
});
|
|
|
|
// TODO: Setup custom location and save self signed cert there.
|
|
// await SaveCertAsync("./my-location", _selfSignedCert);
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
var tcs = new TaskCompletionSource();
|
|
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(5));
|
|
cts.Token.Register(() => _ = tcs.TrySetCanceled());
|
|
|
|
behavior.MessageReceivedEventHandler += (sender, args) =>
|
|
{
|
|
if (args.Message.Recipients.Contains("test1@example.com"))
|
|
{
|
|
tcs.SetResult();
|
|
}
|
|
return Task.CompletedTask;
|
|
};
|
|
|
|
await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test1@example.com"],
|
|
TextContent = "Hi",
|
|
}, cts.Token);
|
|
|
|
// Wait for email
|
|
await tcs.Task;
|
|
}
|
|
|
|
[Fact(Skip = "Upcoming feature")]
|
|
public async Task SendEmailAsync_SmtpServerUsingSelfSignedCert_CertInCustomLocation_WithUnrelatedCerts_Works()
|
|
{
|
|
// If an SMTP server is using a self signed cert we will in the future
|
|
// allow a custom location for certificates to be stored and the certitifactes
|
|
// stored there will also be trusted.
|
|
var port = RandomPort();
|
|
var behavior = new DefaultServerBehaviour(false, port, _selfSignedCert);
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = true;
|
|
});
|
|
|
|
// TODO: Setup custom location and save self signed cert there
|
|
// along with another self signed cert that is not related to
|
|
// the SMTP server.
|
|
// await SaveCertAsync("./my-location", _selfSignedCert);
|
|
// await SaveCertAsync("./my-location", CreateSelfSignedCert("example.com"));
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
var tcs = new TaskCompletionSource();
|
|
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(5));
|
|
cts.Token.Register(() => _ = tcs.TrySetCanceled());
|
|
|
|
behavior.MessageReceivedEventHandler += (sender, args) =>
|
|
{
|
|
if (args.Message.Recipients.Contains("test1@example.com"))
|
|
{
|
|
tcs.SetResult();
|
|
}
|
|
return Task.CompletedTask;
|
|
};
|
|
|
|
await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test1@example.com"],
|
|
TextContent = "Hi",
|
|
}, cts.Token);
|
|
|
|
// Wait for email
|
|
await tcs.Task;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task SendEmailAsync_Succeeds_WhenCertIsSelfSigned_ServerIsTrusted()
|
|
{
|
|
// When the setting `TrustServer = true` is set even if the cert is
|
|
// self signed and the cert is not trusted in anyway the connection should
|
|
// still go through.
|
|
var port = RandomPort();
|
|
var behavior = new DefaultServerBehaviour(false, port, _selfSignedCert);
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = true;
|
|
gs.Mail.Smtp.TrustServer = true;
|
|
});
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
var tcs = new TaskCompletionSource();
|
|
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(5));
|
|
cts.Token.Register(() => _ = tcs.TrySetCanceled());
|
|
|
|
behavior.MessageReceivedEventHandler += (sender, args) =>
|
|
{
|
|
if (args.Message.Recipients.Contains("test1@example.com"))
|
|
{
|
|
tcs.SetResult();
|
|
}
|
|
return Task.CompletedTask;
|
|
};
|
|
|
|
await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test1@example.com"],
|
|
TextContent = "Hi",
|
|
}, cts.Token);
|
|
|
|
// Wait for email
|
|
await tcs.Task;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task SendEmailAsync_FailsConnectingWithTls_ServerDoesNotSupportTls()
|
|
{
|
|
// If the SMTP server is not setup to use TLS but our server is expecting it
|
|
// to, we should fail.
|
|
var port = RandomPort();
|
|
var behavior = new DefaultServerBehaviour(false, port);
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = true;
|
|
gs.Mail.Smtp.TrustServer = true;
|
|
});
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(5));
|
|
|
|
await Assert.ThrowsAsync<SslHandshakeException>(
|
|
async () => await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test1@example.com"],
|
|
TextContent = "Hi",
|
|
}, cts.Token)
|
|
);
|
|
}
|
|
|
|
[Fact(Skip = "Requires permission to privileged port")]
|
|
public async Task SendEmailAsync_Works_NoSsl()
|
|
{
|
|
// If the SMTP server isn't set up with any SSL/TLS and we dont' expect
|
|
// any, then the email should go through just fine. Just without encryption.
|
|
// This test has to use port 25
|
|
var port = 25;
|
|
var behavior = new DefaultServerBehaviour(false, port);
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = false;
|
|
gs.Mail.Smtp.StartTls = false;
|
|
});
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
var tcs = new TaskCompletionSource();
|
|
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(5));
|
|
cts.Token.Register(() => _ = tcs.TrySetCanceled());
|
|
|
|
behavior.MessageReceivedEventHandler += (sender, args) =>
|
|
{
|
|
if (args.Message.Recipients.Contains("test1@example.com"))
|
|
{
|
|
tcs.SetResult();
|
|
}
|
|
return Task.CompletedTask;
|
|
};
|
|
|
|
await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test1@example.com"],
|
|
TextContent = "Hi",
|
|
}, cts.Token);
|
|
|
|
// Wait for email
|
|
await tcs.Task;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task SendEmailAsync_Succeeds_WhenServerNeedsToAuthenticate()
|
|
{
|
|
// When the setting `TrustServer = true` is set even if the cert is
|
|
// self signed and the cert is not trusted in anyway the connection should
|
|
// still go through.
|
|
var port = RandomPort();
|
|
var behavior = new DefaultServerBehaviour(false, port, _selfSignedCert);
|
|
behavior.AuthenticationCredentialsValidationRequiredEventHandler += (sender, args) =>
|
|
{
|
|
args.AuthenticationResult = AuthenticationResult.Failure;
|
|
if (args.Credentials is not UsernameAndPasswordAuthenticationCredentials usernameAndPasswordCreds)
|
|
{
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
if (usernameAndPasswordCreds.Username != "test" || usernameAndPasswordCreds.Password != "password")
|
|
{
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
args.AuthenticationResult = AuthenticationResult.Success;
|
|
return Task.CompletedTask;
|
|
};
|
|
using var smtpServer = new SmtpServer(behavior);
|
|
smtpServer.Start();
|
|
|
|
var globalSettings = GetSettings(gs =>
|
|
{
|
|
gs.Mail.Smtp.Port = port;
|
|
gs.Mail.Smtp.Ssl = true;
|
|
gs.Mail.Smtp.TrustServer = true;
|
|
|
|
gs.Mail.Smtp.Username = "test";
|
|
gs.Mail.Smtp.Password = "password";
|
|
});
|
|
|
|
var mailKitDeliveryService = new MailKitSmtpMailDeliveryService(
|
|
globalSettings,
|
|
NullLogger<MailKitSmtpMailDeliveryService>.Instance
|
|
);
|
|
|
|
var tcs = new TaskCompletionSource();
|
|
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(5));
|
|
cts.Token.Register(() => _ = tcs.TrySetCanceled());
|
|
|
|
behavior.MessageReceivedEventHandler += (sender, args) =>
|
|
{
|
|
if (args.Message.Recipients.Contains("test1@example.com"))
|
|
{
|
|
tcs.SetResult();
|
|
}
|
|
return Task.CompletedTask;
|
|
};
|
|
|
|
await mailKitDeliveryService.SendEmailAsync(new MailMessage
|
|
{
|
|
Subject = "Test",
|
|
ToEmails = ["test1@example.com"],
|
|
TextContent = "Hi",
|
|
}, cts.Token);
|
|
|
|
// Wait for email
|
|
await tcs.Task;
|
|
}
|
|
}
|