tests: ensure valid invite token in password overrides nocreate file

2026-05-13 01:24:36 +00:00 · 2025-07-09 01:19:46 +02:00
parent 1afdab7b20
commit a92c9ff275
2 changed files with 29 additions and 7 deletions
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -24,7 +24,7 @@ def encrypt_password(password: str):
 def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
    """Return True if user and password are admissable."""
    if os.path.exists(NOCREATE_FILE):
-        if config.invite_token and config.invite_token not in cleartext_password:
+        if not config.invite_token or config.invite_token not in cleartext_password:
            logging.warning(
                f"blocked account creation because {NOCREATE_FILE!r} exists."
            )
--- a/chatmaild/src/chatmaild/tests/test_doveauth.py
+++ b/chatmaild/src/chatmaild/tests/test_doveauth.py
@@ -64,12 +64,34 @@ def test_dont_overwrite_password_on_wrong_login(dictproxy):
    assert res["password"] == res2["password"]


-def test_nocreate_file(monkeypatch, tmpdir, dictproxy):
-    p = tmpdir.join("nocreate")
-    p.write("")
-    monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
-    dictproxy.lookup_passdb("newuser12@chat.example.org", "zequ0Aimuchoodaechik")
-    assert not dictproxy.lookup_userdb("newuser12@chat.example.org")
+@pytest.mark.parametrize(
+    ["nocreate_file", "account", "invite_token", "password"],
+    [
+        (False, True, "asdf", "asdfasdmaimfelsgwerw"),
+        (False, True, "asdf", "z9873240187420913798"),
+        (False, True, "", "dsaiujfw9fjiwf9w"),
+        (True, True, "asdf", "asdfmosadkdkfwdofkw"),
+        (True, False, "asdf", "z9873240187420913798"),
+        (True, False, "", "dsaiujfw9fjiwf9w"),
+    ],
+)
+def test_nocreate_file(
+    monkeypatch,
+    tmpdir,
+    dictproxy,
+    example_config,
+    nocreate_file: bool,
+    account: bool,
+    invite_token: str,
+    password: str,
+):
+    if nocreate_file:
+        p = tmpdir.join("nocreate")
+        p.write("")
+        monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
+    example_config.invite_token = invite_token
+    dictproxy.lookup_passdb("newuser12@chat.example.org", password)
+    assert bool(dictproxy.lookup_userdb("newuser12@chat.example.org")) == account


 def test_handle_dovecot_request(dictproxy):