diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-12 00:56:27 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-12 00:56:27 -0500 |
| commit | 839bbeb14a92a777a3857102dba08a212b21443d (patch) | |
| tree | 67cadf65b818b17d8421e4063a06d51895e4584b /tests | |
| parent | 18ba99fda928769adb235bd85b485c8be94c3ddd (diff) | |
| download | dotemacs-839bbeb14a92a777a3857102dba08a212b21443d.tar.gz dotemacs-839bbeb14a92a777a3857102dba08a212b21443d.zip | |
test(scripts): add bats coverage for setup-email.sh password helpers
`setup-email.sh' ran top to bottom, so the only way to exercise `install_encrypted_password' / `decrypt_password' was to run the whole new-machine setup (mbsync, mu init). Its procedural body now lives in a `main()' function guarded by the usual `[[ "${BASH_SOURCE[0]}" == "${0}" ]]' check, so sourcing the script just defines the helpers, and running it directly is unchanged.
New `tests/test-setup-email.bats' sources the script, points the password dirs at a per-test tmpdir, and covers both helpers across the normal / skip-existing / missing-source / (for decrypt) gpg-failure paths, stubbing `gpg' so no real key is needed. `make test-bash' runs the bats files, and `make test' picks them up after the Elisp suite when bats is installed.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test-setup-email.bats | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/tests/test-setup-email.bats b/tests/test-setup-email.bats new file mode 100644 index 00000000..e42335e5 --- /dev/null +++ b/tests/test-setup-email.bats @@ -0,0 +1,82 @@ +#!/usr/bin/env bats +# Tests for the password helpers in scripts/setup-email.sh. +# +# `install_encrypted_password' copies a password file from the encrypted +# assets dir into PASSWORD_DEST_DIR; `decrypt_password' pipes one through +# `gpg -d' into PASSWORD_DEST_DIR. Both skip when the destination already +# exists and exit 1 when the source is missing. These tests source the +# script (which only defines the helpers — `main' runs only when the script +# is executed directly) and point the two directory vars at a per-test +# tmpdir, so nothing touches ~/.config or the real mail setup. + +setup() { + source "${BATS_TEST_DIRNAME}/../scripts/setup-email.sh" + ENCRYPTED_PASSWORDS_DIR="${BATS_TEST_TMPDIR}/src" + PASSWORD_DEST_DIR="${BATS_TEST_TMPDIR}/dest" + mkdir -p "$ENCRYPTED_PASSWORDS_DIR" "$PASSWORD_DEST_DIR" +} + +# --------------------------- install_encrypted_password --------------------- + +@test "install_encrypted_password: copies the source and locks it to 600" { + printf 'secret' > "$ENCRYPTED_PASSWORDS_DIR/.gmailpass.gpg" + run install_encrypted_password ".gmailpass.gpg" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "secret" ] + [ "$(stat -c '%a' "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "600" ] + [[ "$output" == *"created"* ]] +} + +@test "install_encrypted_password: skips and keeps an existing destination" { + printf 'new' > "$ENCRYPTED_PASSWORDS_DIR/.gmailpass.gpg" + printf 'kept' > "$PASSWORD_DEST_DIR/.gmailpass.gpg" + run install_encrypted_password ".gmailpass.gpg" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "kept" ] + [[ "$output" == *"already exists, skipping"* ]] +} + +@test "install_encrypted_password: exits 1 when source and destination both missing" { + run install_encrypted_password ".gmailpass.gpg" + [ "$status" -eq 1 ] + [[ "$output" == *"missing"* ]] + [ ! -e "$PASSWORD_DEST_DIR/.gmailpass.gpg" ] +} + +# ------------------------------- decrypt_password --------------------------- + +@test "decrypt_password: writes the decrypted plaintext and locks it to 600" { + printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg" + gpg() { printf 'plaintext'; } # stub: no real GPG key here + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.cmailpass")" = "plaintext" ] + [ "$(stat -c '%a' "$PASSWORD_DEST_DIR/.cmailpass")" = "600" ] + [[ "$output" == *"created"* ]] +} + +@test "decrypt_password: skips and keeps an existing destination" { + printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg" + printf 'kept' > "$PASSWORD_DEST_DIR/.cmailpass" + gpg() { printf 'plaintext'; } + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.cmailpass")" = "kept" ] + [[ "$output" == *"already exists, skipping"* ]] +} + +@test "decrypt_password: exits 1 when the source is missing" { + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 1 ] + [[ "$output" == *"missing"* ]] + [ ! -e "$PASSWORD_DEST_DIR/.cmailpass" ] +} + +@test "decrypt_password: removes the partial file and exits 1 when gpg fails" { + printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg" + gpg() { return 1; } # stub: decryption failure + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 1 ] + [[ "$output" == *"failed to decrypt"* ]] + [ ! -e "$PASSWORD_DEST_DIR/.cmailpass" ] +} |