You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by rc...@apache.org on 2020/11/09 11:45:31 UTC
[james-project] 03/09: JAMES-3434 Validation testing for
EmailSubmission/set create
This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit a937abe79d936c3aec0a446ab71f5d762495222a
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Thu Nov 5 10:41:10 2020 +0700
JAMES-3434 Validation testing for EmailSubmission/set create
---
.../EmailSubmissionSetMethodContract.scala | 793 ++++++++++++++++++++-
.../james/jmap/rfc8621/contract/Fixture.scala | 1 +
.../jmap/json/EmailSubmissionSetSerializer.scala | 2 +
.../jmap/method/EmailSubmissionSetMethod.scala | 45 +-
4 files changed, 814 insertions(+), 27 deletions(-)
diff --git a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSubmissionSetMethodContract.scala b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSubmissionSetMethodContract.scala
index 0009d81..f27345d 100644
--- a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSubmissionSetMethodContract.scala
+++ b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSubmissionSetMethodContract.scala
@@ -23,40 +23,25 @@ import java.nio.charset.StandardCharsets
import java.util.concurrent.TimeUnit
import io.netty.handler.codec.http.HttpHeaderNames.ACCEPT
-import io.restassured.RestAssured.{`given`, `with`, requestSpecification}
+import io.restassured.RestAssured.{`given`, requestSpecification}
import io.restassured.builder.ResponseSpecBuilder
import io.restassured.http.ContentType.JSON
import net.javacrumbs.jsonunit.assertj.JsonAssertions.assertThatJson
import org.apache.http.HttpStatus.SC_OK
import org.apache.james.GuiceJamesServer
import org.apache.james.jmap.http.UserCredential
-import org.apache.james.jmap.rfc8621.contract.Fixture.{ACCEPT_RFC8621_VERSION_HEADER, ACCOUNT_ID, ANDRE, ANDRE_PASSWORD, BOB, BOB_PASSWORD, DOMAIN, authScheme, baseRequestSpecBuilder}
+import org.apache.james.jmap.rfc8621.contract.Fixture.{ACCEPT_RFC8621_VERSION_HEADER, ACCOUNT_ID, ANDRE, ANDRE_PASSWORD, BOB, BOB_PASSWORD, DOMAIN, andreAccountId, authScheme, baseRequestSpecBuilder}
import org.apache.james.mailbox.DefaultMailboxes
import org.apache.james.mailbox.MessageManager.AppendCommand
-import org.apache.james.mailbox.model.{MailboxId, MailboxPath, MessageId}
+import org.apache.james.mailbox.model.MailboxACL.Right
+import org.apache.james.mailbox.model.{MailboxACL, MailboxId, MailboxPath, MessageId}
import org.apache.james.mime4j.dom.Message
-import org.apache.james.modules.MailboxProbeImpl
+import org.apache.james.modules.{ACLProbeImpl, MailboxProbeImpl}
import org.apache.james.utils.DataProbeImpl
import org.awaitility.Awaitility
import org.awaitility.Duration.ONE_HUNDRED_MILLISECONDS
import org.junit.jupiter.api.{BeforeEach, Test}
-/*
- TODO
- - Bob can not send from Andre Account ID
- - Bob can not use Andre in mailFrom
- - Bob cannot use Andra in sender & from Mime fields
- - Emails with empty recipients are rejected
- - Can send an email to himself
- - message not found are handled
- - extra properties are rejected
- - message not founds are handled
- - I can chain Email/set create & EmailSubmission/create
- - multiple recipients
- - cannot send other people mail
- - can send delegated emails (read permission)
- */
-
trait EmailSubmissionSetMethodContract {
private lazy val slowPacedPollInterval = ONE_HUNDRED_MILLISECONDS
private lazy val calmlyAwait = Awaitility.`with`
@@ -132,7 +117,7 @@ trait EmailSubmissionSetMethodContract {
| "methodCalls": [[
| "Email/query",
| {
- | "accountId": "1e8584548eca20f26faf6becc1704a0f352839f12c208a47fbd486d60f491f7c",
+ | "accountId": "$andreAccountId",
| "filter": {"inMailbox": "${andreInboxId.serialize}"}
| },
| "c1"]]
@@ -161,6 +146,264 @@ trait EmailSubmissionSetMethodContract {
}
@Test
+ def emailSubmissionSetCreateShouldSendMailSuccessfullyToSelf(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val bobInboxId: MailboxId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(MailboxPath.inbox(BOB))
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${BOB.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+
+ val requestReadMail =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core","urn:ietf:params:jmap:mail"],
+ | "methodCalls": [[
+ | "Email/query",
+ | {
+ | "accountId": "$ACCOUNT_ID",
+ | "filter": {"inMailbox": "${bobInboxId.serialize}"}
+ | },
+ | "c1"]]
+ |}""".stripMargin
+
+ awaitAtMostTenSeconds.untilAsserted { () =>
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestReadMail)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].ids")
+ .isArray
+ .hasSize(1)
+ }
+ }
+
+ @Test
+ def emailSubmissionSetCreateShouldSendMailSuccessfullyToBothRecipients(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val bobInboxId: MailboxId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(MailboxPath.inbox(BOB))
+ val andreInboxPath = MailboxPath.inbox(ANDRE)
+ val andreInboxId: MailboxId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(andreInboxPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${BOB.asString}"}, {"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+
+ val requestReadMailBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core","urn:ietf:params:jmap:mail"],
+ | "methodCalls": [[
+ | "Email/query",
+ | {
+ | "accountId": "$ACCOUNT_ID",
+ | "filter": {"inMailbox": "${bobInboxId.serialize}"}
+ | },
+ | "c1"]]
+ |}""".stripMargin
+
+ val requestReadMailAndre =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core","urn:ietf:params:jmap:mail"],
+ | "methodCalls": [[
+ | "Email/query",
+ | {
+ | "accountId": "$andreAccountId",
+ | "filter": {"inMailbox": "${andreInboxId.serialize}"}
+ | },
+ | "c1"]]
+ |}""".stripMargin
+
+ awaitAtMostTenSeconds.untilAsserted { () =>
+ val responseBob = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestReadMailBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+ val responseAndre = `given`(
+ baseRequestSpecBuilder(server)
+ .setAuth(authScheme(UserCredential(ANDRE, ANDRE_PASSWORD)))
+ .addHeader(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .setBody(requestReadMailAndre)
+ .build, new ResponseSpecBuilder().build)
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(responseBob)
+ .inPath("methodResponses[0][1].ids")
+ .isArray
+ .hasSize(1)
+ assertThatJson(responseAndre)
+ .inPath("methodResponses[0][1].ids")
+ .isArray
+ .hasSize(1)
+ }
+ }
+
+ @Test
+ def emailSubmissionSetCanBeChainedAfterEmailSet(server: GuiceJamesServer): Unit = {
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ val draftId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val bobInboxId: MailboxId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(MailboxPath.inbox(BOB))
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["Email/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "e1526":{
+ | "mailboxIds": {"${draftId.serialize}": true},
+ | "to": [{"email": "${BOB.asString}"}],
+ | "from": [{"email": "${BOB.asString}"}]
+ | }
+ | }
+ | }, "c1"],
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "#e1526",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${BOB.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+
+ val requestReadMailBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core","urn:ietf:params:jmap:mail"],
+ | "methodCalls": [[
+ | "Email/query",
+ | {
+ | "accountId": "$ACCOUNT_ID",
+ | "filter": {"inMailbox": "${bobInboxId.serialize}"}
+ | },
+ | "c1"]]
+ |}""".stripMargin
+
+ awaitAtMostTenSeconds.untilAsserted { () =>
+ val responseBob = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestReadMailBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(responseBob)
+ .inPath("methodResponses[0][1].ids")
+ .isArray
+ .hasSize(1)
+ }
+ }
+
+ @Test
def emailSubmissionSetCreateShouldReturnSuccess(server: GuiceJamesServer): Unit = {
val message: Message = Message.Builder
.of
@@ -213,4 +456,512 @@ trait EmailSubmissionSetMethodContract {
.inPath("methodResponses[0][1].created")
.isEqualTo("""{"k1490": {}}""")
}
+
+ @Test
+ def setShouldRejectOtherAccountIds(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$andreAccountId",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0]")
+ .isEqualTo("""[
+ | "error",
+ | {"type": "accountNotFound"},
+ | "c1"
+ |]""".stripMargin)
+ }
+
+ @Test
+ def setShouldRejectMessageNotFound(): Unit = {
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${randomMessageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "invalidArguments",
+ | "description": "The email to be sent cannot be found",
+ | "properties": ["emailId"]
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
+ def setShouldRejectExtraProperties(): Unit = {
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${randomMessageId.serialize}",
+ | "extra": true,
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "invalidArguments",
+ | "description": "Some unknown properties were specified",
+ | "properties": ["extra"]
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
+ def setShouldRejectMessageOfOtherUsers(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val andreDraftsPath = MailboxPath.forUser(ANDRE, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(andreDraftsPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(ANDRE.asString(), andreDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "invalidArguments",
+ | "description": "The email to be sent cannot be found",
+ | "properties": ["emailId"]
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
+ def setShouldAcceptDelegatedMessages(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(BOB.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val andreDraftsPath = MailboxPath.forUser(ANDRE, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(andreDraftsPath)
+ val bobInboxId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(MailboxPath.inbox(BOB))
+ server.getProbe(classOf[ACLProbeImpl])
+ .replaceRights(andreDraftsPath, BOB.asString, new MailboxACL.Rfc4314Rights(Right.Lookup, Right.Read))
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(ANDRE.asString(), andreDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${BOB.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+
+ val requestReadMail =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core","urn:ietf:params:jmap:mail"],
+ | "methodCalls": [[
+ | "Email/query",
+ | {
+ | "accountId": "$ACCOUNT_ID",
+ | "filter": {"inMailbox": "${bobInboxId.serialize}"}
+ | },
+ | "c1"]]
+ |}""".stripMargin
+
+ awaitAtMostTenSeconds.untilAsserted { () =>
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestReadMail)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].ids")
+ .isArray
+ .hasSize(1)
+ }
+ }
+
+ @Test
+ def setShouldRejectOtherUserUsageInSenderMimeField(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(ANDRE.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "forbiddenMailFrom",
+ | "description": "Attempt to send a mail whose MimeMessage From and Sender fields not allowed for connected user: List(andre@domain.tld)"
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
+ def setShouldRejectOtherUserUsageInFromMimeField(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString, ANDRE.asString())
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "forbiddenMailFrom",
+ | "description": "Attempt to send a mail whose MimeMessage From and Sender fields not allowed for connected user: List(andre@domain.tld)"
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
+ def setShouldRejectOtherUserUsageInFromEnvelopeField(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${ANDRE.asString}"},
+ | "rcptTo": [{"email": "${ANDRE.asString}"}]
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "forbiddenFrom",
+ | "description": "Attempt to send a mail whose envelope From not allowed for connected user: andre@domain.tld",
+ | "properties":["envelope.mailFrom"]
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
+ def setShouldRejectNoRecipients(server: GuiceJamesServer): Unit = {
+ val message: Message = Message.Builder
+ .of
+ .setSubject("test")
+ .setSender(BOB.asString)
+ .setFrom(BOB.asString)
+ .setTo(ANDRE.asString)
+ .setBody("testmail", StandardCharsets.UTF_8)
+ .build
+
+ val bobDraftsPath = MailboxPath.forUser(BOB, DefaultMailboxes.DRAFTS)
+ server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobDraftsPath)
+ val messageId: MessageId = server.getProbe(classOf[MailboxProbeImpl]).appendMessage(BOB.asString(), bobDraftsPath, AppendCommand.builder()
+ .build(message))
+ .getMessageId
+
+ val requestBob =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["EmailSubmission/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "k1490": {
+ | "emailId": "${messageId.serialize}",
+ | "envelope": {
+ | "mailFrom": {"email": "${BOB.asString}"},
+ | "rcptTo": []
+ | }
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(requestBob)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo("""{
+ | "k1490": {
+ | "type": "noRecipients",
+ | "description": "Attempt to send a mail with no recipients"
+ | }
+ |}""".stripMargin)
+ }
}
diff --git a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/Fixture.scala b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/Fixture.scala
index 6b2a9fb..c9844b3 100644
--- a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/Fixture.scala
+++ b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/Fixture.scala
@@ -39,6 +39,7 @@ import org.apache.james.mime4j.dom.Message
object Fixture {
val ACCOUNT_ID: String = "29883977c13473ae7cb7678ef767cbfbaffc8a44a6e463d971d23a65c1dc4af6"
val ALICE_ACCOUNT_ID: String = "2bd806c97f0e00af1a1fc3328fa763a9269723c8db8fac4f93af71db186d6e90"
+ def andreAccountId: String = "1e8584548eca20f26faf6becc1704a0f352839f12c208a47fbd486d60f491f7c"
def createTestMessage: Message = Message.Builder
.of
diff --git a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSubmissionSetSerializer.scala b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSubmissionSetSerializer.scala
index 6bdb66e..f927639 100644
--- a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSubmissionSetSerializer.scala
+++ b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSubmissionSetSerializer.scala
@@ -23,6 +23,7 @@ import eu.timepit.refined.collection.NonEmpty
import eu.timepit.refined.refineV
import javax.inject.Inject
import org.apache.james.core.MailAddress
+import org.apache.james.jmap.core.SetError
import org.apache.james.jmap.mail.EmailSubmissionSet.EmailSubmissionCreationId
import org.apache.james.jmap.mail.{EmailSubmissionAddress, EmailSubmissionCreationRequest, EmailSubmissionCreationResponse, EmailSubmissionId, EmailSubmissionSetRequest, EmailSubmissionSetResponse, Envelope, Parameters}
import org.apache.james.mailbox.model.MessageId
@@ -43,6 +44,7 @@ class EmailSubmissionSetSerializer @Inject()(messageIdFactory: MessageId.Factory
.fold(_ => JsError("Invalid messageId"), messageId => messageId)
case _ => JsError("Expecting messageId to be represented by a JsString")
}
+ private implicit val notCreatedWrites: Writes[Map[EmailSubmissionCreationId, SetError]] = mapWrites[EmailSubmissionCreationId, SetError](_.value, setErrorWrites)
private implicit val mailAddressReads: Reads[MailAddress] = {
case JsString(value) => Try(JsSuccess(new MailAddress(value)))
diff --git a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/method/EmailSubmissionSetMethod.scala b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/method/EmailSubmissionSetMethod.scala
index cfc96b5..315c330 100644
--- a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/method/EmailSubmissionSetMethod.scala
+++ b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/method/EmailSubmissionSetMethod.scala
@@ -24,14 +24,14 @@ import java.io.InputStream
import eu.timepit.refined.auto._
import javax.annotation.PreDestroy
import javax.inject.Inject
-import javax.mail.internet.MimeMessage
+import javax.mail.internet.{InternetAddress, MimeMessage}
import org.apache.james.jmap.core.CapabilityIdentifier.{CapabilityIdentifier, JMAP_CORE, JMAP_MAIL}
import org.apache.james.jmap.core.Invocation.{Arguments, MethodName}
-import org.apache.james.jmap.core.{ClientId, Id, Invocation, ServerId, SetError, State}
-import org.apache.james.jmap.core.SetError.SetErrorDescription
+import org.apache.james.jmap.core.SetError.{SetErrorDescription, SetErrorType}
+import org.apache.james.jmap.core.{ClientId, Id, Invocation, Properties, ServerId, SetError, State}
import org.apache.james.jmap.json.{EmailSubmissionSetSerializer, ResponseSerializer}
import org.apache.james.jmap.mail.EmailSubmissionSet.EmailSubmissionCreationId
-import org.apache.james.jmap.mail.{EmailSubmissionCreationRequest, EmailSubmissionCreationResponse, EmailSubmissionId, EmailSubmissionSetRequest, EmailSubmissionSetResponse}
+import org.apache.james.jmap.mail.{EmailSubmissionCreationRequest, EmailSubmissionCreationResponse, EmailSubmissionId, EmailSubmissionSetRequest, EmailSubmissionSetResponse, Envelope}
import org.apache.james.jmap.method.EmailSubmissionSetMethod.{LOGGER, MAIL_METADATA_USERNAME_ATTRIBUTE}
import org.apache.james.jmap.routes.{ProcessingContext, SessionSupplier}
import org.apache.james.lifecycle.api.{LifecycleUtil, Startable}
@@ -48,14 +48,20 @@ import reactor.core.scala.publisher.{SFlux, SMono}
import reactor.core.scheduler.Schedulers
import scala.jdk.CollectionConverters._
-import scala.util.Try
+import scala.util.{Failure, Success, Try}
object EmailSubmissionSetMethod {
val MAIL_METADATA_USERNAME_ATTRIBUTE: AttributeName = AttributeName.of("org.apache.james.jmap.send.MailMetaData.username")
val LOGGER: Logger = LoggerFactory.getLogger(classOf[EmailSubmissionSetMethod])
+ val noRecipients: SetErrorType = "noRecipients"
+ val forbiddenFrom: SetErrorType = "forbiddenFrom"
+ val forbiddenMailFrom: SetErrorType = "forbiddenMailFrom"
}
case class EmailSubmissionCreationParseException(setError: SetError) extends Exception
+case class NoRecipientException() extends Exception
+case class ForbiddenFromException(from: String) extends Exception
+case class ForbiddenMailFromException(from: List[String]) extends Exception
class EmailSubmissionSetMethod @Inject()(serializer: EmailSubmissionSetSerializer,
messageIdManager: MessageIdManager,
@@ -64,7 +70,7 @@ class EmailSubmissionSetMethod @Inject()(serializer: EmailSubmissionSetSerialize
val sessionSupplier: SessionSupplier) extends MethodRequiringAccountId[EmailSubmissionSetRequest] with Startable {
override val methodName: MethodName = MethodName("EmailSubmission/set")
override val requiredCapabilities: Set[CapabilityIdentifier] = Set(JMAP_CORE, JMAP_MAIL)
- var queue: MailQueue = null
+ var queue: MailQueue = _
sealed trait CreationResult {
def emailSubmissionCreationId: EmailSubmissionCreationId
@@ -73,6 +79,16 @@ class EmailSubmissionSetMethod @Inject()(serializer: EmailSubmissionSetSerialize
case class CreationFailure(emailSubmissionCreationId: EmailSubmissionCreationId, exception: Throwable) extends CreationResult {
def asSetError: SetError = exception match {
case e: EmailSubmissionCreationParseException => e.setError
+ case _: NoRecipientException => SetError(EmailSubmissionSetMethod.noRecipients,
+ SetErrorDescription("Attempt to send a mail with no recipients"), None)
+ case e: ForbiddenMailFromException => SetError(EmailSubmissionSetMethod.forbiddenMailFrom,
+ SetErrorDescription(s"Attempt to send a mail whose MimeMessage From and Sender fields not allowed for connected user: ${e.from}"), None)
+ case e: ForbiddenFromException => SetError(EmailSubmissionSetMethod.forbiddenFrom,
+ SetErrorDescription(s"Attempt to send a mail whose envelope From not allowed for connected user: ${e.from}"),
+ Some(Properties("envelope.mailFrom")))
+ case _: MessageNotFoundException => SetError(SetError.invalidArgumentValue,
+ SetErrorDescription("The email to be sent cannot be found"),
+ Some(Properties("emailId")))
case e: Exception =>
e.printStackTrace()
SetError.serverFail(SetErrorDescription(exception.getMessage))
@@ -179,6 +195,7 @@ class EmailSubmissionSetMethod @Inject()(serializer: EmailSubmissionSetSerialize
message.flatMap(m => {
val submissionId = EmailSubmissionId.generate
toMimeMessage(submissionId.value, m.getFullContent.getInputStream)
+ .flatMap(message => validate(mailboxSession)(message, request.envelope))
.flatMap(mimeMessage => {
Try(queue.enQueue(MailImpl.builder()
.name(submissionId.value)
@@ -203,6 +220,22 @@ class EmailSubmissionSetMethod @Inject()(serializer: EmailSubmissionSetSerialize
})
}
+ private def validate(session: MailboxSession)(mimeMessage: MimeMessage, envelope: Envelope): Try[MimeMessage] = {
+ val forbiddenMailFrom: List[String] = (Option(mimeMessage.getSender).toList ++ Option(mimeMessage.getFrom).toList.flatten)
+ .map(_.asInstanceOf[InternetAddress].getAddress)
+ .filter(from => !from.equals(session.getUser.asString()))
+
+ if (forbiddenMailFrom.nonEmpty) {
+ Failure(ForbiddenMailFromException(forbiddenMailFrom))
+ } else if (envelope.rcptTo.isEmpty) {
+ Failure(NoRecipientException())
+ } else if (!envelope.mailFrom.email.asString.equals(session.getUser.asString())) {
+ Failure(ForbiddenFromException(envelope.mailFrom.email.asString))
+ } else {
+ Success(mimeMessage)
+ }
+ }
+
private def recordCreationIdInProcessingContext(emailSubmissionCreationId: EmailSubmissionCreationId,
processingContext: ProcessingContext,
emailSubmissionId: EmailSubmissionId): Either[IllegalArgumentException, ProcessingContext] =
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org