You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by rc...@apache.org on 2021/01/14 03:26:07 UTC
[james-project] 02/11: JAMES-3436 Email/set create should reject
headers properties
This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 5acfb985ef72403ca59cd53484172cac9227afea
Author: LanKhuat <dl...@linagora.com>
AuthorDate: Tue Jan 12 17:51:03 2021 +0700
JAMES-3436 Email/set create should reject headers properties
---
.../rfc8621/contract/EmailSetMethodContract.scala | 54 ++++++++++++++++++++++
.../james/jmap/json/EmailSetSerializer.scala | 21 +++++----
2 files changed, 67 insertions(+), 8 deletions(-)
diff --git a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSetMethodContract.scala b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSetMethodContract.scala
index b39614d..a4cff0d 100644
--- a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSetMethodContract.scala
+++ b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/EmailSetMethodContract.scala
@@ -404,6 +404,60 @@ trait EmailSetMethodContract {
}
@Test
+ def createShouldFailWhenEmailContainsHeadersProperties(server: GuiceJamesServer): Unit = {
+ val bobPath = MailboxPath.inbox(BOB)
+ val mailboxId = server.getProbe(classOf[MailboxProbeImpl]).createMailbox(bobPath)
+
+ val request =
+ s"""{
+ | "using": ["urn:ietf:params:jmap:core", "urn:ietf:params:jmap:mail"],
+ | "methodCalls": [
+ | ["Email/set", {
+ | "accountId": "$ACCOUNT_ID",
+ | "create": {
+ | "aaaaaa":{
+ | "mailboxIds": {
+ | "${mailboxId.serialize}": true
+ | },
+ | "headers": [
+ | {
+ | "name": "Content-Type",
+ | "value": " text/plain; charset=utf-8; format=flowed"
+ | },
+ | {
+ | "name": "Content-Transfer-Encoding",
+ | "value": " 7bit"
+ | }
+ | ]
+ | }
+ | }
+ | }, "c1"]]
+ |}""".stripMargin
+
+ val response = `given`
+ .header(ACCEPT.toString, ACCEPT_RFC8621_VERSION_HEADER)
+ .body(request)
+ .when
+ .post
+ .`then`
+ .statusCode(SC_OK)
+ .contentType(JSON)
+ .extract
+ .body
+ .asString
+
+ assertThatJson(response)
+ .inPath("methodResponses[0][1].notCreated")
+ .isEqualTo(
+ s"""{
+ | "aaaaaa": {
+ | "type": "invalidArguments",
+ | "description": "List((,List(JsonValidationError(List('headers' is not allowed),ArraySeq()))))"
+ | }
+ |}""".stripMargin)
+ }
+
+ @Test
def shouldNotResetKeywordWhenFalseValue(server: GuiceJamesServer): Unit = {
val message: Message = Fixture.createTestMessage
diff --git a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSetSerializer.scala b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSetSerializer.scala
index 0ad72f6..83fa593 100644
--- a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSetSerializer.scala
+++ b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/json/EmailSetSerializer.scala
@@ -355,12 +355,15 @@ class EmailSetSerializer @Inject()(messageIdFactory: MessageId.Factory, mailboxI
private implicit val emailCreationRequestWithoutHeadersReads: Reads[EmailCreationRequestWithoutHeaders] = Json.reads[EmailCreationRequestWithoutHeaders]
private implicit val emailCreationRequestReads: Reads[EmailCreationRequest] = {
case o: JsObject =>
- val withoutHeader = emailCreationRequestWithoutHeadersReads.reads(o)
-
- val specificHeadersEither: Either[IllegalArgumentException, List[EmailHeader]] = o.value.toList
- .filter {
- case (name, _) => name.startsWith("header:")
- }.map {
+ if(o.value.contains("headers")) {
+ JsError("'headers' is not allowed")
+ } else {
+ val withoutHeader = emailCreationRequestWithoutHeadersReads.reads(o)
+
+ val specificHeadersEither: Either[IllegalArgumentException, List[EmailHeader]] = o.value.toList
+ .filter {
+ case (name, _) => name.startsWith("header:")
+ }.map {
case (name, value) =>
val refinedName: Either[String, NonEmptyString] = refineV[NonEmpty](name)
refinedName.left.map(e => new IllegalArgumentException(e))
@@ -372,8 +375,10 @@ class EmailSetSerializer @Inject()(messageIdFactory: MessageId.Factory, mailboxI
.map(headerValue => EmailHeader(EmailHeaderName(specificHeaderRequest.headerName), headerValue)))
}.sequence
- specificHeadersEither.fold(e => JsError(e.getMessage),
- specificHeaders => withoutHeader.map(_.toCreationRequest(specificHeaders)))
+ specificHeadersEither.fold(e => JsError(e.getMessage),
+ specificHeaders => withoutHeader.map(_.toCreationRequest(specificHeaders)))
+ }
+
case _ => JsError("Expecting a JsObject to represent a creation request")
}
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org