[Rt-commit] rt branch, 4.2/gpg-encrypted-attachment-tests, created. rt-4.2.13-72-g988f713
Alex Vandiver
alexmv at bestpractical.com
Tue Nov 29 18:55:53 EST 2016
The branch, 4.2/gpg-encrypted-attachment-tests has been created
at 988f7133a9a6de15956ae006648512b4f4be5dc1 (commit)
- Log -----------------------------------------------------------------
commit a24f4358480d8665b985f9ccddbec2d1cb724388
Author: Alex Vandiver <alex at chmrr.net>
Date: Tue Nov 29 12:23:49 2016 -0500
For GPG attachment tests on create, use CC, not requestor
If only the requestor is set, only the Autoreply template is used --
which does not set `RT-Attach-Message`, and thus attachments are never
sent. Because this test is only ever called with `Encrypt => 1`,
however, it only tested that the plaintext attachment content was
lacking -- which it always was, because the attachment was never
involved at all.
diff --git a/t/web/gnupg-select-keys-on-create.t b/t/web/gnupg-select-keys-on-create.t
index e30b264..b111013 100644
--- a/t/web/gnupg-select-keys-on-create.t
+++ b/t/web/gnupg-select-keys-on-create.t
@@ -245,7 +245,8 @@ diag "check encrypting of attachments";
ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
$m->form_name('TicketCreate');
$m->tick( Encrypt => 1 );
- $m->field( Requestors => 'rt-test at example.com' );
+ $m->field( Requestors => '' );
+ $m->field( Cc => 'rt-test at example.com' );
$m->field( Content => 'Some content' );
$m->field( Attach => $0 );
$m->submit;
commit f1c247a2b029d15cc9b6fc738d5a2b645b6aff86
Author: Alex Vandiver <alex at chmrr.net>
Date: Tue Nov 29 12:29:36 2016 -0500
Actually include the tested-for text in the attachment
2bf9cb4b refactored the check_text_emails methods out of the two
`gnupg-select-keys-on-___` files. However, the tests attach $0, the
test file itself -- since the checks are for "Attachment content",
which no longer appears in the test files, this broke the tests.
Since the only use of this string was via `unlike`, it broke them such
that the tests could never fail.
Hardcode the string to search for in the function call, so it exists
in the file that is attached.
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index e5a08b7..fdeac16 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -204,7 +204,7 @@ sub check_text_emails {
my $content = $type eq 'email'
? "Some content"
- : "Attachment content";
+ : $args{Attachment};
if ( $args{'Encrypt'} ) {
unlike $mail, qr/$content/, "outgoing $type was encrypted";
diff --git a/t/web/gnupg-select-keys-on-create.t b/t/web/gnupg-select-keys-on-create.t
index b111013..8c2309f 100644
--- a/t/web/gnupg-select-keys-on-create.t
+++ b/t/web/gnupg-select-keys-on-create.t
@@ -269,7 +269,7 @@ diag "check encrypting of attachments";
my @mail = RT::Test->fetch_caught_mails;
ok @mail, 'there are some emails';
- check_text_emails( { Encrypt => 1, Attachment => 1 }, @mail );
+ check_text_emails( { Encrypt => 1, Attachment => "Attachment content" }, @mail );
$m->no_warnings_ok;
}
diff --git a/t/web/gnupg-select-keys-on-update.t b/t/web/gnupg-select-keys-on-update.t
index a666851..1cac92b 100644
--- a/t/web/gnupg-select-keys-on-update.t
+++ b/t/web/gnupg-select-keys-on-update.t
@@ -290,7 +290,7 @@ diag "check encrypting of attachments";
my @mail = RT::Test->fetch_caught_mails;
ok @mail, 'there are some emails';
- check_text_emails( { Encrypt => 1, Attachment => 1 }, @mail );
+ check_text_emails( { Encrypt => 1, Attachment => "Attachment content" }, @mail );
$m->no_warnings_ok;
}
commit d9feec6fa4685efc9b229e3e5e7f314d41e45df9
Author: Alex Vandiver <alex at chmrr.net>
Date: Tue Nov 29 12:38:40 2016 -0500
Test the unencrypted versions of attachment generation, as well
These tests failed to test what they believed the did because they
only tested the encrypted form; had they tested the unencrypted form,
the lack of the "Attachment content" plaintext, and the lack of
attachments on Autoreply would have been evident.
Add an additional set of tests for enencrypted mails.
diff --git a/t/web/gnupg-select-keys-on-create.t b/t/web/gnupg-select-keys-on-create.t
index 8c2309f..271561a 100644
--- a/t/web/gnupg-select-keys-on-create.t
+++ b/t/web/gnupg-select-keys-on-create.t
@@ -1,7 +1,7 @@
use strict;
use warnings;
-use RT::Test::GnuPG tests => 79, gnupg_options => { passphrase => 'rt-test' };
+use RT::Test::GnuPG tests => undef, gnupg_options => { passphrase => 'rt-test' };
use RT::Action::SendEmail;
my $queue = RT::Test->load_or_create_queue(
@@ -239,38 +239,44 @@ diag "check that key selector works and we can select trusted key";
}
diag "check encrypting of attachments";
-{
+for my $encrypt (0, 1) {
RT::Test->clean_caught_mails;
ok $m->goto_create_ticket( $queue ), "UI -> create ticket";
$m->form_name('TicketCreate');
- $m->tick( Encrypt => 1 );
+ $m->tick( Encrypt => 1 ) if $encrypt;
$m->field( Requestors => '' );
$m->field( Cc => 'rt-test at example.com' );
$m->field( Content => 'Some content' );
$m->field( Attach => $0 );
$m->submit;
- $m->content_contains(
- 'You are going to encrypt outgoing email messages',
- 'problems with keys'
- );
- $m->content_contains(
- 'There are several keys suitable for encryption',
- 'problems with keys'
- );
- my $form = $m->form_name('TicketCreate');
- ok my $input = $form->find_input( 'UseKey-rt-test at example.com' ), 'found key selector';
- is scalar $input->possible_values, 2, 'two options';
+ if ($encrypt) {
+ $m->content_contains(
+ 'You are going to encrypt outgoing email messages',
+ 'problems with keys'
+ );
+ $m->content_contains(
+ 'There are several keys suitable for encryption',
+ 'problems with keys'
+ );
+
+ my $form = $m->form_name('TicketCreate');
+ ok my $input = $form->find_input( 'UseKey-rt-test at example.com' ), 'found key selector';
+ is scalar $input->possible_values, 2, 'two options';
+
+ $m->select( 'UseKey-rt-test at example.com' => $fpr1 );
+ $m->submit;
+ }
- $m->select( 'UseKey-rt-test at example.com' => $fpr1 );
- $m->submit;
$m->content_like( qr/Ticket \d+ created in queue/i, 'ticket created' );
my @mail = RT::Test->fetch_caught_mails;
ok @mail, 'there are some emails';
- check_text_emails( { Encrypt => 1, Attachment => "Attachment content" }, @mail );
+ check_text_emails( { Encrypt => $encrypt, Attachment => "Attachment content" }, @mail );
$m->no_warnings_ok;
}
+undef $m;
+done_testing;
diff --git a/t/web/gnupg-select-keys-on-update.t b/t/web/gnupg-select-keys-on-update.t
index 1cac92b..da7009c 100644
--- a/t/web/gnupg-select-keys-on-update.t
+++ b/t/web/gnupg-select-keys-on-update.t
@@ -1,7 +1,7 @@
use strict;
use warnings;
-use RT::Test::GnuPG tests => 86, gnupg_options => { passphrase => 'rt-test' };
+use RT::Test::GnuPG tests => undef, gnupg_options => { passphrase => 'rt-test' };
use RT::Action::SendEmail;
@@ -260,37 +260,44 @@ diag "check that key selector works and we can select trusted key";
}
diag "check encrypting of attachments";
-{
+for my $encrypt (0, 1) {
RT::Test->clean_caught_mails;
ok $m->goto_ticket( $tid ), "UI -> ticket #$tid";
$m->follow_link_ok( { text => 'Reply' }, 'ticket -> reply' );
$m->form_name('TicketUpdate');
- $m->tick( Encrypt => 1 );
+ $m->tick( Encrypt => 1 ) if $encrypt;
$m->field( UpdateCc => 'rt-test at example.com' );
$m->field( UpdateContent => 'Some content' );
$m->field( Attach => $0 );
$m->click('SubmitTicket');
- $m->content_contains(
- 'You are going to encrypt outgoing email messages',
- 'problems with keys'
- );
- $m->content_contains(
- 'There are several keys suitable for encryption',
- 'problems with keys'
- );
- my $form = $m->form_name('TicketUpdate');
- ok my $input = $form->find_input( 'UseKey-rt-test at example.com' ), 'found key selector';
- is scalar $input->possible_values, 2, 'two options';
+ if ($encrypt) {
+ $m->content_contains(
+ 'You are going to encrypt outgoing email messages',
+ 'problems with keys'
+ );
+ $m->content_contains(
+ 'There are several keys suitable for encryption',
+ 'problems with keys'
+ );
+
+ my $form = $m->form_name('TicketUpdate');
+ ok my $input = $form->find_input( 'UseKey-rt-test at example.com' ), 'found key selector';
+ is scalar $input->possible_values, 2, 'two options';
+
+ $m->select( 'UseKey-rt-test at example.com' => $fpr1 );
+ $m->click('SubmitTicket');
+ }
- $m->select( 'UseKey-rt-test at example.com' => $fpr1 );
- $m->click('SubmitTicket');
$m->content_contains('Correspondence added', 'Correspondence added' );
my @mail = RT::Test->fetch_caught_mails;
ok @mail, 'there are some emails';
- check_text_emails( { Encrypt => 1, Attachment => "Attachment content" }, @mail );
+ check_text_emails( { Encrypt => $encrypt, Attachment => "Attachment content" }, @mail );
$m->no_warnings_ok;
}
+
+undef $m;
+done_testing;
commit a3e11d047dc6cfa5c5c9e5b9dd48f68e11a4b91a
Author: Alex Vandiver <alex at chmrr.net>
Date: Tue Nov 29 14:15:33 2016 -0500
Ensure that parse_mail does not GC still-active attachments
Each call to `RT::EmailParser->ParseMIMEEntity*` makes a new
MIME::Parser object, with its own temporary directory (either under
the system tmpdir or under /opt/rt4/var). These are all removed when
the RT::EmailParser object goes out of scope, via both the tmpdir's
`CLEANUP => 1` as well as via an explicit RT::EmailParser->DESTROY
method. Thus, if the parsed entities contain attachments. and are not
done being examined by the time their generating RT::EmailParser goes
out of scope, their contents fail to be readable.
Use the same trick that is used in RT::Crypto::GnuPG, where the parsed
MIME::Entity outlives the scope of the RT::EmailParser that generated
it, by storing a reference to the parser inside the generated entity.
This is a stopgap solution; the proper fix requires larger-scale
changes which may be backwards-incompatible.
diff --git a/lib/RT/Test.pm b/lib/RT/Test.pm
index 257eea5..fe13bd0 100644
--- a/lib/RT/Test.pm
+++ b/lib/RT/Test.pm
@@ -1733,7 +1733,9 @@ sub parse_mail {
require RT::EmailParser;
my $parser = RT::EmailParser->new;
$parser->ParseMIMEEntityFromScalar( $mail );
- return $parser->Entity;
+ my $entity = $parser->Entity;
+ $entity->{__store_link_to_object_to_avoid_early_cleanup} = $parser;
+ return $entity;
}
sub works {
commit 988f7133a9a6de15956ae006648512b4f4be5dc1
Author: Alex Vandiver <alex at chmrr.net>
Date: Tue Nov 29 12:42:04 2016 -0500
Test that expected-encrypted mail is encrypted, with expected contents
Previously, the only test on encrypted content was that it didn't
contain the plaintext. This fails to verify that it was indeed
encrypted to the right recipient, and that it can successfully be
decrypted to reveal the right content. Specifically, this makes the
encrypted attachment tests useless, as they cannot prove that the
intended attachment was attached, merely that it was not sent in
plaintext.
Verify that the contents of the outgoing mail can be decrypted, and
that the decrypted text contains the expected string. This requires
loading not just the public part of the rt-test at example.com user
during tests, but the full secret key as well so that it can be used
to decrypt the data.
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index fdeac16..7419572 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -207,10 +207,14 @@ sub check_text_emails {
: $args{Attachment};
if ( $args{'Encrypt'} ) {
- unlike $mail, qr/$content/, "outgoing $type was encrypted";
+ unlike $mail, qr/$content/, "outgoing $type is not in plaintext";
+ my $entity = RT::Test::parse_mail($mail);
+ my @res = RT::Crypt->VerifyDecrypt(Entity => $entity);
+ like $res[0]{'status'}, qr/DECRYPTION_OKAY/, "Decrypts OK";
+ like $entity->as_string, qr/$content/, "outgoing decrypts to contain $type content";
} else {
like $mail, qr/$content/, "outgoing $type was not encrypted";
- }
+ }
next unless $type eq 'email';
diff --git a/t/mail/gnupg-outgoing-encrypted-plaintext.t b/t/mail/gnupg-outgoing-encrypted-plaintext.t
index 35cfced..7f0f7ac 100644
--- a/t/mail/gnupg-outgoing-encrypted-plaintext.t
+++ b/t/mail/gnupg-outgoing-encrypted-plaintext.t
@@ -2,7 +2,7 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 104,
+ tests => undef,
text_templates => 1,
gnupg_options => {
passphrase => 'rt-test',
@@ -10,7 +10,7 @@ use RT::Test::GnuPG
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -25,3 +25,5 @@ ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-encrypted.t b/t/mail/gnupg-outgoing-encrypted.t
index 96c7487..dc6a55d 100644
--- a/t/mail/gnupg-outgoing-encrypted.t
+++ b/t/mail/gnupg-outgoing-encrypted.t
@@ -2,14 +2,14 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 103,
+ tests => undef,
gnupg_options => {
passphrase => 'rt-test',
'trust-model' => 'always',
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -24,3 +24,5 @@ ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-plain-plaintext.t b/t/mail/gnupg-outgoing-plain-plaintext.t
index 32e7d5d..baf51e4 100644
--- a/t/mail/gnupg-outgoing-plain-plaintext.t
+++ b/t/mail/gnupg-outgoing-plain-plaintext.t
@@ -2,7 +2,7 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 104,
+ tests => undef,
text_templates => 1,
gnupg_options => {
passphrase => 'rt-test',
@@ -10,7 +10,7 @@ use RT::Test::GnuPG
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -23,3 +23,5 @@ my ( $baseurl, $m ) = RT::Test->started_ok;
ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-plain.t b/t/mail/gnupg-outgoing-plain.t
index 62ae0ed..f8f87e1 100644
--- a/t/mail/gnupg-outgoing-plain.t
+++ b/t/mail/gnupg-outgoing-plain.t
@@ -2,14 +2,14 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 103,
+ tests => undef,
gnupg_options => {
passphrase => 'rt-test',
'trust-model' => 'always',
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -22,3 +22,5 @@ my ( $baseurl, $m ) = RT::Test->started_ok;
ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-signed-plaintext.t b/t/mail/gnupg-outgoing-signed-plaintext.t
index cf46edd..0ff06d1 100644
--- a/t/mail/gnupg-outgoing-signed-plaintext.t
+++ b/t/mail/gnupg-outgoing-signed-plaintext.t
@@ -2,7 +2,7 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 104,
+ tests => undef,
text_templates => 1,
gnupg_options => {
passphrase => 'rt-test',
@@ -10,7 +10,7 @@ use RT::Test::GnuPG
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -25,3 +25,5 @@ ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-signed.t b/t/mail/gnupg-outgoing-signed.t
index 4aa262b..00d292a 100644
--- a/t/mail/gnupg-outgoing-signed.t
+++ b/t/mail/gnupg-outgoing-signed.t
@@ -2,14 +2,14 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 103,
+ tests => undef,
gnupg_options => {
passphrase => 'rt-test',
'trust-model' => 'always',
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -24,3 +24,5 @@ ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-signed_encrypted-plaintext.t b/t/mail/gnupg-outgoing-signed_encrypted-plaintext.t
index c2753d0..b21b344 100644
--- a/t/mail/gnupg-outgoing-signed_encrypted-plaintext.t
+++ b/t/mail/gnupg-outgoing-signed_encrypted-plaintext.t
@@ -2,7 +2,7 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 104,
+ tests => undef,
text_templates => 1,
gnupg_options => {
passphrase => 'rt-test',
@@ -10,7 +10,7 @@ use RT::Test::GnuPG
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -26,3 +26,5 @@ ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/mail/gnupg-outgoing-signed_encrypted.t b/t/mail/gnupg-outgoing-signed_encrypted.t
index 806f62d..1399c57 100644
--- a/t/mail/gnupg-outgoing-signed_encrypted.t
+++ b/t/mail/gnupg-outgoing-signed_encrypted.t
@@ -2,14 +2,14 @@ use strict;
use warnings;
use RT::Test::GnuPG
- tests => 103,
+ tests => undef,
gnupg_options => {
passphrase => 'rt-test',
'trust-model' => 'always',
};
RT::Test->import_gnupg_key('rt-recipient at example.com');
-RT::Test->import_gnupg_key( 'rt-test at example.com', 'public' );
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
@@ -25,3 +25,5 @@ ok $m->login, 'logged in';
create_and_test_outgoing_emails( $queue, $m );
+undef $m;
+done_testing;
diff --git a/t/web/gnupg-select-keys-on-create.t b/t/web/gnupg-select-keys-on-create.t
index 271561a..131f4c5 100644
--- a/t/web/gnupg-select-keys-on-create.t
+++ b/t/web/gnupg-select-keys-on-create.t
@@ -73,7 +73,7 @@ diag "check that things don't work if there is no key";
diag "import first key of rt-test\@example.com";
my $fpr1 = '';
{
- RT::Test->import_gnupg_key('rt-test at example.com', 'public');
+ RT::Test->import_gnupg_key('rt-test at example.com', 'secret');
my %res = RT::Crypt->GetKeysInfo( Key => 'rt-test at example.com' );
is $res{'info'}[0]{'TrustLevel'}, 0, 'is not trusted key';
$fpr1 = $res{'info'}[0]{'Fingerprint'};
@@ -122,7 +122,7 @@ diag "check that things still doesn't work if key is not trusted";
diag "import a second key of rt-test\@example.com";
my $fpr2 = '';
{
- RT::Test->import_gnupg_key('rt-test at example.com.2', 'public');
+ RT::Test->import_gnupg_key('rt-test at example.com.2', 'secret');
my %res = RT::Crypt->GetKeysInfo( Key => 'rt-test at example.com' );
is $res{'info'}[1]{'TrustLevel'}, 0, 'is not trusted key';
$fpr2 = $res{'info'}[2]{'Fingerprint'};
diff --git a/t/web/gnupg-select-keys-on-update.t b/t/web/gnupg-select-keys-on-update.t
index da7009c..24d22e7 100644
--- a/t/web/gnupg-select-keys-on-update.t
+++ b/t/web/gnupg-select-keys-on-update.t
@@ -90,7 +90,7 @@ diag "check that things don't work if there is no key";
diag "import first key of rt-test\@example.com";
my $fpr1 = '';
{
- RT::Test->import_gnupg_key('rt-test at example.com', 'public');
+ RT::Test->import_gnupg_key('rt-test at example.com', 'secret');
my %res = RT::Crypt->GetKeysInfo( Key => 'rt-test at example.com' );
is $res{'info'}[0]{'TrustLevel'}, 0, 'is not trusted key';
$fpr1 = $res{'info'}[0]{'Fingerprint'};
@@ -140,7 +140,7 @@ diag "check that things still doesn't work if key is not trusted";
diag "import a second key of rt-test\@example.com";
my $fpr2 = '';
{
- RT::Test->import_gnupg_key('rt-test at example.com.2', 'public');
+ RT::Test->import_gnupg_key('rt-test at example.com.2', 'secret');
my %res = RT::Crypt->GetKeysInfo( Key => 'rt-test at example.com' );
is $res{'info'}[1]{'TrustLevel'}, 0, 'is not trusted key';
$fpr2 = $res{'info'}[2]{'Fingerprint'};
-----------------------------------------------------------------------
More information about the rt-commit
mailing list