diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test-setup-email.bats | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/tests/test-setup-email.bats b/tests/test-setup-email.bats new file mode 100644 index 00000000..e42335e5 --- /dev/null +++ b/tests/test-setup-email.bats @@ -0,0 +1,82 @@ +#!/usr/bin/env bats +# Tests for the password helpers in scripts/setup-email.sh. +# +# `install_encrypted_password' copies a password file from the encrypted +# assets dir into PASSWORD_DEST_DIR; `decrypt_password' pipes one through +# `gpg -d' into PASSWORD_DEST_DIR. Both skip when the destination already +# exists and exit 1 when the source is missing. These tests source the +# script (which only defines the helpers — `main' runs only when the script +# is executed directly) and point the two directory vars at a per-test +# tmpdir, so nothing touches ~/.config or the real mail setup. + +setup() { + source "${BATS_TEST_DIRNAME}/../scripts/setup-email.sh" + ENCRYPTED_PASSWORDS_DIR="${BATS_TEST_TMPDIR}/src" + PASSWORD_DEST_DIR="${BATS_TEST_TMPDIR}/dest" + mkdir -p "$ENCRYPTED_PASSWORDS_DIR" "$PASSWORD_DEST_DIR" +} + +# --------------------------- install_encrypted_password --------------------- + +@test "install_encrypted_password: copies the source and locks it to 600" { + printf 'secret' > "$ENCRYPTED_PASSWORDS_DIR/.gmailpass.gpg" + run install_encrypted_password ".gmailpass.gpg" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "secret" ] + [ "$(stat -c '%a' "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "600" ] + [[ "$output" == *"created"* ]] +} + +@test "install_encrypted_password: skips and keeps an existing destination" { + printf 'new' > "$ENCRYPTED_PASSWORDS_DIR/.gmailpass.gpg" + printf 'kept' > "$PASSWORD_DEST_DIR/.gmailpass.gpg" + run install_encrypted_password ".gmailpass.gpg" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "kept" ] + [[ "$output" == *"already exists, skipping"* ]] +} + +@test "install_encrypted_password: exits 1 when source and destination both missing" { + run install_encrypted_password ".gmailpass.gpg" + [ "$status" -eq 1 ] + [[ "$output" == *"missing"* ]] + [ ! -e "$PASSWORD_DEST_DIR/.gmailpass.gpg" ] +} + +# ------------------------------- decrypt_password --------------------------- + +@test "decrypt_password: writes the decrypted plaintext and locks it to 600" { + printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg" + gpg() { printf 'plaintext'; } # stub: no real GPG key here + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.cmailpass")" = "plaintext" ] + [ "$(stat -c '%a' "$PASSWORD_DEST_DIR/.cmailpass")" = "600" ] + [[ "$output" == *"created"* ]] +} + +@test "decrypt_password: skips and keeps an existing destination" { + printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg" + printf 'kept' > "$PASSWORD_DEST_DIR/.cmailpass" + gpg() { printf 'plaintext'; } + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 0 ] + [ "$(cat "$PASSWORD_DEST_DIR/.cmailpass")" = "kept" ] + [[ "$output" == *"already exists, skipping"* ]] +} + +@test "decrypt_password: exits 1 when the source is missing" { + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 1 ] + [[ "$output" == *"missing"* ]] + [ ! -e "$PASSWORD_DEST_DIR/.cmailpass" ] +} + +@test "decrypt_password: removes the partial file and exits 1 when gpg fails" { + printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg" + gpg() { return 1; } # stub: decryption failure + run decrypt_password ".cmailpass.gpg" ".cmailpass" + [ "$status" -eq 1 ] + [[ "$output" == *"failed to decrypt"* ]] + [ ! -e "$PASSWORD_DEST_DIR/.cmailpass" ] +} |