aa67a09b80
New internal/mailer/ package:
- Sender interface with two impls: SMTPSender (production, reads
smtp_config at send time so admin edits apply without restart;
uses stdlib net/smtp + STARTTLS) and FakeSender (test/concurrent-
safe call recorder).
- Embedded text + HTML templates for the password reset email,
rendered via stdlib text/template + html/template. The HTML
uses the FabledSword forest-teal accent color.
- ErrNotConfigured surfaces when smtp_config.enabled is false or
required fields are empty; callers like the future forgot-password
handler will treat this as "log and pretend success" to avoid
user-enumeration leaks.
Three admin endpoints under RequireAdmin:
- GET /api/admin/smtp-config — returns the singleton; password
field is masked ("***" or "").
- PUT /api/admin/smtp-config — updates settings. Validates
host + from_address are non-empty when enabled=true. Empty
password in the request preserves the stored value (so the
operator doesn't have to re-enter it on every save).
- POST /api/admin/smtp-config/test — sends a real test email to
the calling admin's email. 400 if admin has no email; 500 with
the error message on send failure (so the operator can debug
config without grep-then-trace through logs).
Tests cover the password-mask, password-preservation-on-empty,
enabled-requires-host-and-from validation, and the no-email-on-file
rejection. Mailer unit tests cover the fake recorder and template
rendering. The "real SMTP send" path needs a live server and isn't
covered in CI; the FakeSender covers that role for downstream tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
65 lines
1.9 KiB
Go
65 lines
1.9 KiB
Go
package mailer_test
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strings"
|
|
"testing"
|
|
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/mailer"
|
|
)
|
|
|
|
func TestFakeSender_RecordsCalls(t *testing.T) {
|
|
f := &mailer.FakeSender{}
|
|
if err := f.Send(context.Background(), "u@example.com", "Subj", "text body", "<p>html body</p>"); err != nil {
|
|
t.Fatalf("Send: %v", err)
|
|
}
|
|
if len(f.Sent) != 1 {
|
|
t.Fatalf("Sent len = %d, want 1", len(f.Sent))
|
|
}
|
|
got := f.LastSent()
|
|
if got.To != "u@example.com" || got.Subject != "Subj" {
|
|
t.Errorf("LastSent = %+v", got)
|
|
}
|
|
}
|
|
|
|
func TestFakeSender_FailNext(t *testing.T) {
|
|
f := &mailer.FakeSender{FailNext: errors.New("simulated")}
|
|
if err := f.Send(context.Background(), "u@example.com", "Subj", "t", "h"); err == nil {
|
|
t.Errorf("Send returned nil, want error")
|
|
}
|
|
// Subsequent call should succeed (FailNext consumed).
|
|
if err := f.Send(context.Background(), "u@example.com", "Subj", "t", "h"); err != nil {
|
|
t.Errorf("second Send: %v", err)
|
|
}
|
|
if len(f.Sent) != 1 {
|
|
t.Errorf("Sent len = %d, want 1 (first call failed, second recorded)", len(f.Sent))
|
|
}
|
|
}
|
|
|
|
func TestRenderResetEmail(t *testing.T) {
|
|
textBody, htmlBody, err := mailer.RenderResetEmail(mailer.ResetEmailVars{
|
|
Username: "alice",
|
|
ResetURL: "https://example.com/reset/abc123",
|
|
ExpiryHours: 24,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("RenderResetEmail: %v", err)
|
|
}
|
|
if !strings.Contains(textBody, "alice") {
|
|
t.Errorf("textBody missing username; got: %s", textBody)
|
|
}
|
|
if !strings.Contains(textBody, "https://example.com/reset/abc123") {
|
|
t.Errorf("textBody missing reset URL; got: %s", textBody)
|
|
}
|
|
if !strings.Contains(textBody, "24") {
|
|
t.Errorf("textBody missing expiry hours; got: %s", textBody)
|
|
}
|
|
if !strings.Contains(htmlBody, "alice") {
|
|
t.Errorf("htmlBody missing username")
|
|
}
|
|
if !strings.Contains(htmlBody, "https://example.com/reset/abc123") {
|
|
t.Errorf("htmlBody missing reset URL")
|
|
}
|
|
}
|