feature(examples): configure managesieve and test oidc authentication in oidc example

Author: felixauringer

examples/oidc/README.md

@@ -189,4 +189,35 @@ We would use Thunderbird version 91.4.1 as a mail client (above versions should
   ![](_media/receive-mail.png)
 
 A remark here is that if you generate a new client_secret for `james-thunderbird` client in Keycloak, you have to modify
-it accordingly in `OAuth2Providers.jsm`.
+it accordingly in `OAuth2Providers.jsm`.
+
+### IMAP on the CLI
+
+You can test logging into IMAP on the CLI by connecting with `telnet localhost 143`. Here are some commands that can be tried:
+
+- `a AUTHENTICATE XOAUTH2 <initial response>` (unauthenticated state)
+- `b AUTHENTICATE OAUTHBEARER <initial response>` (unauthenticated state)
+- `c LOGOUT` (any state)
+
+You can get the initial response from the [test script](./test.sh).
+
+### ManageSieve on the CLI
+
+You can test logging into IMAP on the CLI by connecting with `telnet localhost 4190`. Here are some commands that can be tried:
+
+- `AUTHENTICATE "XOAUTH2" "<initial response>"` (unauthenticated state)
+- `AUTHENTICATE "OAUTHBEARER" "<initial response>"` (unauthenticated state)
+- `CAPABILITY` (any state)
+- `LOGOUT` (any state)
+
+You can get the initial response from the [test script](./test.sh).
+
+### SMTP on the CLI
+
+You can test logging into IMAP on the CLI by connecting with `telnet localhost 587`. Here are some commands that can be tried:
+
+- `AUTH XOAUTH2 <initial response>` (unauthenticated state)
+- `AUTH OAUTHBEARER <initial response>` (unauthenticated state)
+- `QUIT` (any state)
+
+You can get the initial response from the [test script](./test.sh).

examples/oidc/docker-compose.yml

@@ -29,8 +29,12 @@ services:
       - ./james/jmap.properties:/root/conf/jmap.properties
       - ./james/imapserver.xml:/root/conf/imapserver.xml
       - ./james/smtpserver.xml:/root/conf/smtpserver.xml
+      - ./james/managesieveserver.xml:/root/conf/managesieveserver.xml
     ports:
       - "8000:8000"
+      - "143:143"
+      - "587:587"
+      - "4190:4190"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://james:8000/domains"]
 

examples/oidc/james/managesieveserver.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+<managesieveservers>
+    <managesieveserver enabled="true">
+        <jmxName>managesieveserver</jmxName>
+        <bind>0.0.0.0:4190</bind>
+        <connectionBacklog>200</connectionBacklog>
+        <connectiontimeout>360</connectiontimeout>
+        <connectionLimit>0</connectionLimit>
+        <connectionLimitPerIP>0</connectionLimitPerIP>
+        <oidc>
+            <oidcConfigurationURL>http://sso.example.com:8080/auth/realms/oidc/.well-known/openid-configuration</oidcConfigurationURL>
+            <jwksURL>http://sso.example.com:8080/auth/realms/oidc/protocol/openid-connect/certs</jwksURL>
+            <claim>email</claim>
+            <scope>openid profile email</scope>
+            <introspection>
+                <url>http://sso.example.com:8080/auth/realms/oidc/protocol/openid-connect/token/introspect</url>
+                <auth>Basic amFtZXMtdGh1bmRlcmJpcmQ6WHc5aHQxdmVUdTBUazVzTU15MDNQZHpZM0FpRnZzc3c=</auth>
+            </introspection>
+        </oidc>
+    </managesieveserver>
+</managesieveservers>

examples/oidc/test.sh

@@ -32,6 +32,47 @@ else
 	echo "Not OK"
 fi
 
+XOAUTH2_INITIAL_CLIENT_RESPONSE=`echo -n -e "user=james-user@localhost\x01auth=Bearer ${ACCESS_TOKEN}\x01\x01" | base64 -w 0`
+OAUTHBEARER_INITIAL_CLIENT_RESPONSE=`echo -n -e "n,a=james-user@localhost\x01auth=Bearer ${ACCESS_TOKEN}\x01\x01" | base64 -w 0`
+
+set +x
+MANAGESIEVE_XOAUTH2_RESPONSE=`(echo "AUTHENTICATE \"XOAUTH2\" \"${XOAUTH2_INITIAL_CLIENT_RESPONSE}\""; echo "CAPABILITY"; echo "LOGOUT"; sleep 3) | telnet localhost 4190`
+if echo $MANAGESIEVE_XOAUTH2_RESPONSE | grep "\"OWNER\" \"james-user@localhost\"" > /dev/null; then
+	echo "Success: Managesieve XOAUTH2 login"
+else
+	echo "Error: Managesieve XOAUTH2 login"
+fi
+if echo $MANAGESIEVE_XOAUTH2_RESPONSE | grep "OK channel is closing" > /dev/null; then
+	echo "Success: Managesieve XOAUTH2 logout"
+else
+	echo "Error: Managesieve XOAUTH2 logout"
+fi
+
+IMAP_XOAUTH2_RESPONSE=`(echo "a AUTHENTICATE XOAUTH2 ${XOAUTH2_INITIAL_CLIENT_RESPONSE}"; echo "c LOGOUT"; sleep 3) | telnet localhost 143`
+if echo $IMAP_XOAUTH2_RESPONSE | grep "a OK AUTHENTICATE completed" > /dev/null; then
+	echo "Success: IMAP XOAUTH2 login"
+else
+	echo "Error: IMAP XOAUTH2 login"
+fi
+if echo $IMAP_XOAUTH2_RESPONSE | grep "c OK LOGOUT completed" > /dev/null; then
+	echo "Success: IMAP XOAUTH2 logout"
+else
+	echo "Error: IMAP XOAUTH2 logout"
+fi
+
+SMTP_XOAUTH2_RESPONSE=`(echo "AUTH XOAUTH2 ${XOAUTH2_INITIAL_CLIENT_RESPONSE}"; echo "QUIT"; sleep 3) | telnet localhost 587`
+if echo $SMTP_XOAUTH2_RESPONSE | grep "235 Authentication successful" > /dev/null; then
+	echo "Success: SMTP XOAUTH2 login"
+else
+	echo "Error: SMTP XOAUTH2 login"
+fi
+if echo $SMTP_XOAUTH2_RESPONSE | grep "221 2.0.0 james.local Service closing transmission channel" > /dev/null; then
+	echo "Success: SMTP XOAUTH2 logout"
+else
+	echo "Error: SMTP XOAUTH2 logout"
+fi
+set -x
+
 # Logout
 
 curl --location 'http://sso.example.com:8080/auth/realms/oidc/protocol/openid-connect/logout' \