From 74a9c0509b444499826fbc39b2e2dd3e37bcbeab Mon Sep 17 00:00:00 2001 From: Dan Ungureanu Date: Tue, 5 Oct 2021 12:42:19 +0300 Subject: [PATCH] FIX: Use addresses to compare email header (#14509) Usually, when an email is received a user lookup is performed using the email address found in the `From` header. When an email has an `X-Original-From` header, if it is equal to `Reply-To` then it uses that one instead. The comparison was sensitive to whitespaces and other insignificant characters such as quotes because it reconstructed the `From` header. For the fixture added in this commit, it compared the reconstructed `From` header `John Doe ` with the `Reply-To` header `"John Doe" `. --- lib/email/receiver.rb | 3 ++- spec/components/email/receiver_spec.rb | 17 +++++++++++++---- spec/fixtures/emails/reply_to_whitespaces.eml | 12 ++++++++++++ 3 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 spec/fixtures/emails/reply_to_whitespaces.eml diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb index 1f9e90b32a..207e418d70 100644 --- a/lib/email/receiver.rb +++ b/lib/email/receiver.rb @@ -637,7 +637,8 @@ module Email comparison_failed = false comparison_headers.each do |comparison_header| - if mail_object[comparison_header].to_s != "#{from_display_name} <#{from_address}>" + comparison_header_address = mail_object[comparison_header].to_s[/<([^>]+)>/, 1] + if comparison_header_address != from_address comparison_failed = true break end diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb index 7c61a0f62f..0f73e88962 100644 --- a/spec/components/email/receiver_spec.rb +++ b/spec/components/email/receiver_spec.rb @@ -870,8 +870,20 @@ describe Email::Receiver do end describe "reply-to header" do - it "handles emails where there is a Reply-To address, using that instead of the from address, if X-Original-From is present" do + before do SiteSetting.block_auto_generated_emails = false + end + + it "extracts address and uses it for comparison" do + expect { process(:reply_to_whitespaces) }.to change(Topic, :count).by(1) + user = User.last + incoming = IncomingEmail.find_by(message_id: "TXULO4v6YU0TzeL2buFAJNU2MK21c7t4@example.com") + topic = incoming.topic + expect(incoming.from_address).to eq("johndoe@example.com") + expect(user.email).to eq("johndoe@example.com") + end + + it "handles emails where there is a Reply-To address, using that instead of the from address, if X-Original-From is present" do expect { process(:reply_to_different_to_from) }.to change(Topic, :count).by(1) user = User.last incoming = IncomingEmail.find_by(message_id: "3848c3m98r439c348mc349@test.mailinglist.com") @@ -881,7 +893,6 @@ describe Email::Receiver do end it "allows for quotes around the display name of the Reply-To address" do - SiteSetting.block_auto_generated_emails = false expect { process(:reply_to_different_to_from_quoted_display_name) }.to change(Topic, :count).by(1) user = User.last incoming = IncomingEmail.find_by(message_id: "3848c3m98r439c348mc349@test.mailinglist.com") @@ -891,7 +902,6 @@ describe Email::Receiver do end it "does not use the reply-to address if an X-Original-From header is not present" do - SiteSetting.block_auto_generated_emails = false expect { process(:reply_to_different_to_from_no_x_original) }.to change(Topic, :count).by(1) user = User.last incoming = IncomingEmail.find_by(message_id: "3848c3m98r439c348mc349@test.mailinglist.com") @@ -901,7 +911,6 @@ describe Email::Receiver do end it "does not use the reply-to address if the X-Original-From header is different from the reply-to address" do - SiteSetting.block_auto_generated_emails = false expect { process(:reply_to_different_to_from_x_original_different) }.to change(Topic, :count).by(1) user = User.last incoming = IncomingEmail.find_by(message_id: "3848c3m98r439c348mc349@test.mailinglist.com") diff --git a/spec/fixtures/emails/reply_to_whitespaces.eml b/spec/fixtures/emails/reply_to_whitespaces.eml new file mode 100644 index 0000000000..7d08ef7faf --- /dev/null +++ b/spec/fixtures/emails/reply_to_whitespaces.eml @@ -0,0 +1,12 @@ +From: "'John Doe' via Forwarder" +To: "team@bar.com" +Subject: Greetings +Date: Wed, 01 Jan 2021 12:00:00 +0000 +Message-ID: +X-Original-Sender: johndoe@example.com +X-Original-From: "John Doe" + +Reply-To: "John Doe" + + +Hello world!