You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2021/11/24 01:43:39 UTC

[james-project] 03/08: JAMES-3534 Check if a user can send from an address before save it as custom identity

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 57764bcc82244599082fc8361f30908cab3f4fca
Author: Quan Tran <hq...@linagora.com>
AuthorDate: Wed Nov 17 14:48:12 2021 +0700

    JAMES-3534 Check if a user can send from an address before save it as custom identity
---
 .../james/jmap/api/identity/CustomIdentityDAO.scala       | 15 ++++++++++++---
 .../scala/org/apache/james/jmap/api/model/Identity.scala  |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/identity/CustomIdentityDAO.scala b/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/identity/CustomIdentityDAO.scala
index bd30740..155e68e 100644
--- a/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/identity/CustomIdentityDAO.scala
+++ b/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/identity/CustomIdentityDAO.scala
@@ -25,8 +25,9 @@ import java.util.UUID
 import com.google.common.collect.ImmutableList
 import javax.inject.Inject
 import org.apache.james.core.{MailAddress, Username}
-import org.apache.james.jmap.api.model.{EmailAddress, HtmlSignature, Identity, IdentityId, IdentityName, MayDeleteIdentity, PushSubscriptionCreationRequest, TextSignature}
+import org.apache.james.jmap.api.model.{EmailAddress, ForbiddenSendFromException, HtmlSignature, Identity, IdentityId, IdentityName, MayDeleteIdentity, TextSignature}
 import org.apache.james.rrt.api.CanSendFrom
+import org.apache.james.user.api.UsersRepository
 import org.reactivestreams.Publisher
 import reactor.core.scala.publisher.{SFlux, SMono}
 import reactor.core.scheduler.Schedulers
@@ -83,7 +84,7 @@ trait CustomIdentityDAO {
   def delete(username: Username, ids: Seq[IdentityId]): Publisher[Unit]
 }
 
-class DefaultIdentitySupplier @Inject()(canSendFrom: CanSendFrom) {
+class DefaultIdentitySupplier @Inject()(canSendFrom: CanSendFrom, usersRepository: UsersRepository) {
   def listIdentities(username: Username): List[Identity] =
     canSendFrom.allValidFromAddressesForUser(username)
       .collect(ImmutableList.toImmutableList()).asScala.toList
@@ -99,6 +100,9 @@ class DefaultIdentitySupplier @Inject()(canSendFrom: CanSendFrom) {
             htmlSignature = HtmlSignature.DEFAULT,
             mayDelete = MayDeleteIdentity(false))))
 
+  def userCanSendFrom(username: Username, mailAddress: MailAddress): Boolean =
+    canSendFrom.userCanSendFrom(username, usersRepository.getUsername(mailAddress))
+
   private def from(address: MailAddress): Option[IdentityId] =
     Try(UUID.nameUUIDFromBytes(address.asString().getBytes(StandardCharsets.UTF_8)))
       .toEither
@@ -109,7 +113,12 @@ class DefaultIdentitySupplier @Inject()(canSendFrom: CanSendFrom) {
 // This class is intended to merge default (server-set0 identities with (user defined) custom identities
 // Using the custom identities we can stores deltas of the default (server-set) identities allowing to modify them.
 class IdentityRepository @Inject()(customIdentityDao: CustomIdentityDAO, identityFactory: DefaultIdentitySupplier) {
-  def save(user: Username, creationRequest: IdentityCreationRequest): Publisher[Identity] = customIdentityDao.save(user, creationRequest)
+  def save(user: Username, creationRequest: IdentityCreationRequest): Publisher[Identity] =
+    if (identityFactory.userCanSendFrom(user, creationRequest.email)) {
+      customIdentityDao.save(user, creationRequest)
+    } else {
+      SMono.error(ForbiddenSendFromException(creationRequest.email))
+    }
 
   def list(user: Username): Publisher[Identity] = SFlux.merge(Seq(
     customIdentityDao.list(user),
diff --git a/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/model/Identity.scala b/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/model/Identity.scala
index acf65b4..58a9cc1 100644
--- a/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/model/Identity.scala
+++ b/server/data/data-jmap/src/main/scala/org/apache/james/jmap/api/model/Identity.scala
@@ -51,4 +51,4 @@ case class Identity(id: IdentityId,
                     htmlSignature: HtmlSignature,
                     mayDelete: MayDeleteIdentity)
 
-
+case class ForbiddenSendFromException(mailAddress: MailAddress) extends IllegalStateException(s"Can not send from ${mailAddress.asString()}")

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org