#!/bin/sh

# autopkgtest check: test authentication via PostgreSQL using custom queries
# Author: Markus Wanner <markus@bluegap.ch>

set -eu

. debian/tests/common.sh

backup_config_files

PASSWORD_DATABASE=$(gen_random_password)
PASSWORD_ALICE=$(gen_random_password)
PASSWORD_BOB=$(gen_random_password)
PASSWORD_CAROL=$(gen_random_password)

# setup the database
echo "create test database..."
postgres_superuser_exec <<EOSQL
  CREATE ROLE courier
    PASSWORD '${PASSWORD_DATABASE}'
    INHERIT LOGIN;

  CREATE DATABASE test
    ENCODING 'utf-8';

  \connect test;

  CREATE TABLE domains (
    id SERIAL PRIMARY KEY,
    name TEXT NOT NULL
  );
  CREATE UNIQUE INDEX domains_name_idx
    ON domains(lower(name));

  CREATE TABLE users (
    localpart TEXT PRIMARY KEY,
    password_hash TEXT NOT NULL,
    domain_id INT NOT NULL REFERENCES domains(id)
  );

  INSERT INTO domains (name)
    VALUES ('example.com'),
           ('test.org');

  INSERT INTO users (localpart, password_hash, domain_id)
    VALUES ('alice', '${PASSWORD_ALICE}', 1),
           ('bob',   '${PASSWORD_BOB}',   1),
           ('carol', '${PASSWORD_CAROL}', 2);

  GRANT SELECT ON domains, users TO courier;
EOSQL

# configure courier authdaemon
cat > /etc/courier/authpgsqlrc << EOF
PGSQL_CONNECTION  host=localhost user=courier \
                  password='${PASSWORD_DATABASE}'
PGSQL_DATABASE    test

PGSQL_SELECT_CLAUSE SELECT                       \
    users.username,                              \
    '{SHA3}' || users.password_hash,             \
    NULL AS clearpw,                             \
    999 AS uid,    -- hard-coded                 \
    999 AS gid,    -- hard-coded                 \
    '/virtual/' || domains.name || '/'           \
         || users.localpart AS home              \
    '',                                          \
    NULL AS quota                                \
    '',                                          \
FROM users                                       \
INNER JOIN domains                               \
  ON domains.id = users.domain_id                \
WHERE users.username = '\$(local_part)'          \
  AND lower(domains.name) = lower('\$(domain)');
EOF

cat > /etc/courier/authdaemonrc << EOF
authmodulelist="authpgsql"
daemons=5
authdaemonvar=/run/courier/authdaemon
EOF

echo "restarting courier-authdaemon"
service courier-authdaemon restart

echo "===== authenumerate ====="
authenumerate_as_courier || /bin/true

echo "===== authtest ====="
authtest_as_courier alice@example.com
authtest_as_courier bob@example.com
authtest_as_courier carol@test.org
