+
+ return conn
+}
+
+func TestTLS(t *testing.T) {
+ l := runServer(t, &testServer{tlsConfig: getTLSConfig(t)})
+ defer l.Close()
+
+ setupTLSClient(t, l.Addr())
+}
+
+func TestAuthWithoutTLS(t *testing.T) {
+ l := runServer(t, &testServer{})
+ defer l.Close()
+
+ conn := createClient(t, l.Addr())
+ readCodeLine(t, conn, 220)
+
+ ok(t, conn.PrintfLine("EHLO test"))
+ _, resp, err := conn.ReadResponse(250)
+ ok(t, err)
+
+ if strings.Contains(resp, "AUTH") {
+ t.Errorf("AUTH should not be advertised over plaintext")
+ }
+}
+
+func TestAuth(t *testing.T) {
+ l := runServer(t, &testServer{
+ tlsConfig: getTLSConfig(t),
+ userAuth: &userAuth{
+ authz: "-authz-",
+ authc: "-authc-",
+ passwd: "goats",
+ },
+ })
+ defer l.Close()
+
+ conn := setupTLSClient(t, l.Addr())
+
+ b64enc := func(s string) string {
+ return string(base64.StdEncoding.EncodeToString([]byte(s)))
+ }
+
+ runTableTest(t, conn, []requestResponse{
+ {"AUTH", 501, nil},
+ {"AUTH OAUTHBEARER", 504, nil},
+ {"AUTH PLAIN", 334, nil},
+ {b64enc("abc\x00def\x00ghf"), 535, nil},
+ {"AUTH PLAIN", 334, nil},
+ {b64enc("\x00"), 501, nil},
+ {"AUTH PLAIN", 334, nil},
+ {"this isn't base 64", 501, nil},
+ {"AUTH PLAIN", 334, nil},
+ {b64enc("-authz-\x00-authc-\x00goats"), 250, nil},
+ {"AUTH PLAIN", 503, nil}, // already authenticated
+ {"NOOP", 250, nil},
+ })