blob: e42335e5e0c431628f9e74f9f3bb00743a3ca971 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
#!/usr/bin/env bats
# Tests for the password helpers in scripts/setup-email.sh.
#
# `install_encrypted_password' copies a password file from the encrypted
# assets dir into PASSWORD_DEST_DIR; `decrypt_password' pipes one through
# `gpg -d' into PASSWORD_DEST_DIR. Both skip when the destination already
# exists and exit 1 when the source is missing. These tests source the
# script (which only defines the helpers — `main' runs only when the script
# is executed directly) and point the two directory vars at a per-test
# tmpdir, so nothing touches ~/.config or the real mail setup.
setup() {
source "${BATS_TEST_DIRNAME}/../scripts/setup-email.sh"
ENCRYPTED_PASSWORDS_DIR="${BATS_TEST_TMPDIR}/src"
PASSWORD_DEST_DIR="${BATS_TEST_TMPDIR}/dest"
mkdir -p "$ENCRYPTED_PASSWORDS_DIR" "$PASSWORD_DEST_DIR"
}
# --------------------------- install_encrypted_password ---------------------
@test "install_encrypted_password: copies the source and locks it to 600" {
printf 'secret' > "$ENCRYPTED_PASSWORDS_DIR/.gmailpass.gpg"
run install_encrypted_password ".gmailpass.gpg"
[ "$status" -eq 0 ]
[ "$(cat "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "secret" ]
[ "$(stat -c '%a' "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "600" ]
[[ "$output" == *"created"* ]]
}
@test "install_encrypted_password: skips and keeps an existing destination" {
printf 'new' > "$ENCRYPTED_PASSWORDS_DIR/.gmailpass.gpg"
printf 'kept' > "$PASSWORD_DEST_DIR/.gmailpass.gpg"
run install_encrypted_password ".gmailpass.gpg"
[ "$status" -eq 0 ]
[ "$(cat "$PASSWORD_DEST_DIR/.gmailpass.gpg")" = "kept" ]
[[ "$output" == *"already exists, skipping"* ]]
}
@test "install_encrypted_password: exits 1 when source and destination both missing" {
run install_encrypted_password ".gmailpass.gpg"
[ "$status" -eq 1 ]
[[ "$output" == *"missing"* ]]
[ ! -e "$PASSWORD_DEST_DIR/.gmailpass.gpg" ]
}
# ------------------------------- decrypt_password ---------------------------
@test "decrypt_password: writes the decrypted plaintext and locks it to 600" {
printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg"
gpg() { printf 'plaintext'; } # stub: no real GPG key here
run decrypt_password ".cmailpass.gpg" ".cmailpass"
[ "$status" -eq 0 ]
[ "$(cat "$PASSWORD_DEST_DIR/.cmailpass")" = "plaintext" ]
[ "$(stat -c '%a' "$PASSWORD_DEST_DIR/.cmailpass")" = "600" ]
[[ "$output" == *"created"* ]]
}
@test "decrypt_password: skips and keeps an existing destination" {
printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg"
printf 'kept' > "$PASSWORD_DEST_DIR/.cmailpass"
gpg() { printf 'plaintext'; }
run decrypt_password ".cmailpass.gpg" ".cmailpass"
[ "$status" -eq 0 ]
[ "$(cat "$PASSWORD_DEST_DIR/.cmailpass")" = "kept" ]
[[ "$output" == *"already exists, skipping"* ]]
}
@test "decrypt_password: exits 1 when the source is missing" {
run decrypt_password ".cmailpass.gpg" ".cmailpass"
[ "$status" -eq 1 ]
[[ "$output" == *"missing"* ]]
[ ! -e "$PASSWORD_DEST_DIR/.cmailpass" ]
}
@test "decrypt_password: removes the partial file and exits 1 when gpg fails" {
printf 'ciphertext' > "$ENCRYPTED_PASSWORDS_DIR/.cmailpass.gpg"
gpg() { return 1; } # stub: decryption failure
run decrypt_password ".cmailpass.gpg" ".cmailpass"
[ "$status" -eq 1 ]
[[ "$output" == *"failed to decrypt"* ]]
[ ! -e "$PASSWORD_DEST_DIR/.cmailpass" ]
}
|
