has_security_options_examples.rb 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. RSpec.shared_examples 'FormUpdater::HasSecurityOptions' do |type:|
  3. context 'with security options' do
  4. let(:base_data) do
  5. case type
  6. when 'create'
  7. {
  8. 'articleSenderType' => 'email-out',
  9. }
  10. when 'edit'
  11. {
  12. 'article' => {
  13. 'articleType' => 'email',
  14. },
  15. }
  16. end
  17. end
  18. let(:data) { base_data }
  19. before do
  20. Setting.set('smime_integration', true)
  21. Setting.set('smime_config', smime_config) if defined?(smime_config)
  22. end
  23. shared_examples 'resolving security field' do |expected_result:|
  24. it 'resolves security field' do
  25. result = resolved_result.resolve[:fields]
  26. expect(result['security']).to include(expected_result)
  27. end
  28. end
  29. shared_examples 'not resolving security field' do
  30. it 'does not resolve security field' do
  31. result = resolved_result.resolve[:fields]
  32. expect(result['security']).to be_nil
  33. end
  34. end
  35. it_behaves_like 'resolving security field', expected_result: {
  36. securityAllowed: { 'SMIME' => [] },
  37. securityDefaultOptions: { 'SMIME' => [] },
  38. value: { 'method' => 'SMIME', 'options' => [] },
  39. }
  40. context 'when PGP is activated as well' do
  41. before do
  42. Setting.set('pgp_integration', true)
  43. end
  44. security_messages =
  45. {
  46. 'PGP' => { 'encryption' => { message: 'There was no recipient found.', messagePlaceholder: [] }, 'sign' => { message: 'There was no PGP key found.', messagePlaceholder: [] } },
  47. 'SMIME' => { 'encryption' => { message: 'There was no recipient found.', messagePlaceholder: [] }, 'sign' => { message: 'There was no certificate found.', messagePlaceholder: [] } }
  48. }
  49. it_behaves_like 'resolving security field', expected_result: {
  50. securityAllowed: { 'SMIME' => [], 'PGP' => [] },
  51. securityDefaultOptions: { 'SMIME' => [], 'PGP' => [] },
  52. value: { 'method' => 'SMIME', 'options' => [] },
  53. securityMessages: security_messages,
  54. }
  55. end
  56. context 'when secure mailing is not configured' do
  57. before do
  58. Setting.set('smime_integration', false)
  59. end
  60. it_behaves_like 'not resolving security field'
  61. end
  62. context 'without article type present' do
  63. let(:data) do
  64. base_data.tap do |data|
  65. case type
  66. when 'create'
  67. data.delete('articleSenderType')
  68. when 'edit'
  69. data['article'].delete('articleType')
  70. end
  71. end
  72. end
  73. it_behaves_like 'not resolving security field'
  74. end
  75. context 'with phone article type present' do
  76. let(:data) do
  77. base_data.tap do |data|
  78. case type
  79. when 'create'
  80. data['articleSenderType'] = 'phone-out'
  81. when 'edit'
  82. data['article']['articleType'] = 'phone'
  83. end
  84. end
  85. end
  86. it_behaves_like 'not resolving security field'
  87. end
  88. context 'when user has no agent permission' do
  89. let(:user) { create(:customer, groups: [group]) }
  90. it_behaves_like 'not resolving security field'
  91. end
  92. context 'with recipient present' do
  93. let(:recipient_email_address) { 'smime2@example.com' }
  94. let(:customer) { create(:customer, email: recipient_email_address) }
  95. let(:data) do
  96. base_data.tap do |data|
  97. case type
  98. when 'create'
  99. data['customer_id'] = customer.id.to_s
  100. when 'edit'
  101. data['article']['to'] = [customer.email]
  102. end
  103. end
  104. end
  105. it_behaves_like 'resolving security field', expected_result: {
  106. securityAllowed: { 'SMIME' => [] },
  107. securityDefaultOptions: { 'SMIME' => [] },
  108. value: { 'method' => 'SMIME', 'options' => [] },
  109. securityMessages: { 'SMIME'=>{ 'encryption' => { message: "Can't find S/MIME encryption certificates for: smime2@example.com", messagePlaceholder: [] }, 'sign' => { message: 'There was no certificate found.', messagePlaceholder: [] } } }
  110. }
  111. context 'with recipient certificate present' do
  112. before do
  113. create(:smime_certificate, fixture: recipient_email_address)
  114. end
  115. it_behaves_like 'resolving security field', expected_result: {
  116. securityAllowed: { 'SMIME' => ['encryption'] },
  117. securityDefaultOptions: { 'SMIME' => ['encryption'] },
  118. value: { 'method' => 'SMIME', 'options' => ['encryption'] },
  119. securityMessages: { 'SMIME' => { 'encryption' => { message: 'The certificates for %s were found.', messagePlaceholder: ['smime2@example.com'] }, 'sign' => { message: 'There was no certificate found.', messagePlaceholder: [] } } }
  120. }
  121. end
  122. end
  123. context 'with additional recipient present' do
  124. let(:recipient_email_address) { 'smime3@example.com' }
  125. let(:data) do
  126. base_data.tap do |data|
  127. case type
  128. when 'create'
  129. data['cc'] = [recipient_email_address]
  130. when 'edit'
  131. data['article']['cc'] = [recipient_email_address]
  132. end
  133. end
  134. end
  135. it_behaves_like 'resolving security field', expected_result: {
  136. securityAllowed: { 'SMIME' => [] },
  137. securityDefaultOptions: { 'SMIME' => [] },
  138. value: { 'method' => 'SMIME', 'options' => [] },
  139. }
  140. context 'with recipient certificate present' do
  141. before do
  142. create(:smime_certificate, fixture: recipient_email_address)
  143. end
  144. it_behaves_like 'resolving security field', expected_result: {
  145. securityAllowed: { 'SMIME'=>['encryption'] },
  146. securityDefaultOptions: { 'SMIME' => ['encryption'] },
  147. value: { 'method' => 'SMIME', 'options' => ['encryption'] },
  148. }
  149. end
  150. context 'when email address is invalid' do
  151. let(:recipient_email_address) { 'invalid-email-address' }
  152. it_behaves_like 'resolving security field', expected_result: {
  153. securityAllowed: { 'SMIME' => [] },
  154. securityDefaultOptions: { 'SMIME' => [] },
  155. value: { 'method' => 'SMIME', 'options' => [] },
  156. }
  157. end
  158. end
  159. context 'with both recipient and additional recipient present' do
  160. let(:recipient_email_address1) { 'smime2@example.com' }
  161. let(:recipient_email_address2) { 'smime3@example.com' }
  162. let(:customer) { create(:customer, email: recipient_email_address1) }
  163. let(:data) do
  164. base_data.tap do |data|
  165. case type
  166. when 'create'
  167. data['customer_id'] = customer.id.to_s
  168. data['cc'] = [recipient_email_address2]
  169. when 'edit'
  170. data['article']['to'] = [customer.email]
  171. data['article']['cc'] = [recipient_email_address2]
  172. end
  173. end
  174. end
  175. it_behaves_like 'resolving security field', expected_result: {
  176. securityAllowed: { 'SMIME' => [] },
  177. securityDefaultOptions: { 'SMIME' => [] },
  178. value: { 'method' => 'SMIME', 'options' => [] },
  179. }
  180. context 'with only one recipient certificate present' do
  181. before do
  182. create(:smime_certificate, fixture: recipient_email_address1)
  183. end
  184. it_behaves_like 'resolving security field', expected_result: {
  185. securityAllowed: { 'SMIME' => [] },
  186. securityDefaultOptions: { 'SMIME' => [] },
  187. value: { 'method' => 'SMIME', 'options' => [] },
  188. }
  189. end
  190. context 'with both recipient certificates present' do
  191. before do
  192. create(:smime_certificate, fixture: recipient_email_address1)
  193. create(:smime_certificate, fixture: recipient_email_address2)
  194. end
  195. it_behaves_like 'resolving security field', expected_result: {
  196. securityAllowed: { 'SMIME' => ['encryption'] },
  197. securityDefaultOptions: { 'SMIME' => ['encryption'] },
  198. value: { 'method' => 'SMIME', 'options' => ['encryption'] },
  199. }
  200. end
  201. end
  202. context 'with group present' do
  203. let(:data) { base_data.tap { |data| data['group_id'] = group.id } }
  204. it_behaves_like 'resolving security field', expected_result: {
  205. securityAllowed: { 'SMIME' => [] },
  206. securityDefaultOptions: { 'SMIME' => [] },
  207. value: { 'method' => 'SMIME', 'options' => [] },
  208. }
  209. context 'when the group has a configured sender address' do
  210. let(:system_email_address) { 'smime1@example.com' }
  211. let(:email_address) { create(:email_address, email: system_email_address) }
  212. let(:group) { create(:group, email_address: email_address) }
  213. it_behaves_like 'resolving security field', expected_result: {
  214. securityAllowed: { 'SMIME' => [] },
  215. securityDefaultOptions: { 'SMIME' => [] },
  216. value: { 'method' => 'SMIME', 'options' => [] },
  217. }
  218. context 'with sender certificate present' do
  219. before do
  220. create(:smime_certificate, :with_private, fixture: system_email_address)
  221. end
  222. it_behaves_like 'resolving security field', expected_result: {
  223. securityAllowed: { 'SMIME'=>['sign'] },
  224. securityDefaultOptions: { 'SMIME' => ['sign'] },
  225. value: { 'method' => 'SMIME', 'options' => ['sign'] },
  226. }
  227. end
  228. end
  229. end
  230. context 'with recipient and group present' do
  231. let(:recipient_email_address) { 'smime2@example.com' }
  232. let(:system_email_address) { 'smime1@example.com' }
  233. let(:customer) { create(:customer, email: recipient_email_address) }
  234. let(:email_address) { create(:email_address, email: system_email_address) }
  235. let(:group) { create(:group, email_address: email_address) }
  236. let(:data) do
  237. base_data.tap do |data|
  238. case type
  239. when 'create'
  240. data['customer_id'] = customer.id.to_s
  241. data['group_id'] = group.id
  242. when 'edit'
  243. data['article']['to'] = [customer.email]
  244. data['group_id'] = group.id
  245. end
  246. end
  247. end
  248. it_behaves_like 'resolving security field', expected_result: {
  249. securityAllowed: { 'SMIME' => [] },
  250. securityDefaultOptions: { 'SMIME' => [] },
  251. value: { 'method' => 'SMIME', 'options' => [] },
  252. }
  253. context 'with recipient and sender certificates present' do
  254. before do
  255. create(:smime_certificate, fixture: recipient_email_address)
  256. create(:smime_certificate, :with_private, fixture: system_email_address)
  257. end
  258. it_behaves_like 'resolving security field', expected_result: {
  259. securityAllowed: { 'SMIME' => %w[sign encryption] },
  260. securityDefaultOptions: { 'SMIME' => %w[sign encryption] },
  261. value: { 'method' => 'SMIME', 'options' => %w[sign encryption] },
  262. }
  263. context 'with default group configuration' do
  264. let(:smime_config) do
  265. {
  266. 'group_id' => group_defaults
  267. }
  268. end
  269. let(:group_defaults) do
  270. {
  271. 'default_encryption' => {
  272. group.id.to_s => default_encryption,
  273. },
  274. 'default_sign' => {
  275. group.id.to_s => default_sign,
  276. }
  277. }
  278. end
  279. let(:default_encryption) { true }
  280. let(:default_sign) { true }
  281. it_behaves_like 'resolving security field', expected_result: {
  282. securityDefaultOptions: { 'SMIME' => %w[sign encryption] },
  283. value: { 'method' => 'SMIME', 'options' => %w[sign encryption] }
  284. }
  285. context 'when it has no value' do
  286. let(:group_defaults) { {} }
  287. it_behaves_like 'resolving security field', expected_result: {
  288. securityDefaultOptions: { 'SMIME' => %w[sign encryption] },
  289. value: { 'method' => 'SMIME', 'options' => %w[sign encryption] },
  290. }
  291. end
  292. context 'when encryption is disabled' do
  293. let(:default_encryption) { false }
  294. it_behaves_like 'resolving security field', expected_result: {
  295. securityDefaultOptions: { 'SMIME' => ['sign'] },
  296. value: { 'method' => 'SMIME', 'options' => ['sign'] },
  297. }
  298. end
  299. context 'when signing is disabled' do
  300. let(:default_sign) { false }
  301. it_behaves_like 'resolving security field', expected_result: {
  302. securityDefaultOptions: { 'SMIME' => ['encryption'] },
  303. value: { 'method' => 'SMIME', 'options' => ['encryption'] },
  304. }
  305. end
  306. context 'when both encryption and signing are disabled' do
  307. let(:default_encryption) { false }
  308. let(:default_sign) { false }
  309. it_behaves_like 'resolving security field', expected_result: {
  310. securityDefaultOptions: { 'SMIME' => [] },
  311. value: { 'method' => 'SMIME', 'options' => [] },
  312. }
  313. end
  314. end
  315. end
  316. end
  317. end
  318. end