1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Email::Receiver do
include_context 'email shared context'
let_it_be(:project) { create(:project) }
let(:metric_transaction) { instance_double(Gitlab::Metrics::WebTransaction) }
shared_examples 'successful receive' do
let(:handler) { double(:handler, project: project, execute: true, metrics_event: nil, metrics_params: nil) }
let(:client_id) { 'email/jake@example.com' }
let(:mail_key) { 'gitlabhq/gitlabhq+auth_token' }
it 'correctly finds the mail key' do
expect(Gitlab::Email::Handler).to receive(:for).with(an_instance_of(Mail::Message), mail_key).and_return(handler)
receiver.execute
end
it 'adds metric event' do
allow(receiver).to receive(:handler).and_return(handler)
expect(::Gitlab::Metrics::BackgroundTransaction).to receive(:current).and_return(metric_transaction)
expect(metric_transaction).to receive(:add_event).with(handler.metrics_event, handler.metrics_params)
receiver.execute
end
it 'returns valid metadata' do
allow(receiver).to receive(:handler).and_return(handler)
metadata = receiver.mail_metadata
expect(metadata.keys).to match_array(%i(mail_uid from_address to_address mail_key references delivered_to envelope_to x_envelope_to meta received_recipients))
expect(metadata[:meta]).to include(client_id: client_id, project: project.full_path)
expect(metadata[meta_key]).to eq(meta_value)
end
end
shared_examples 'failed receive with event' do
it 'adds metric event' do
expect(::Gitlab::Metrics::BackgroundTransaction).to receive(:current).and_return(metric_transaction)
expect(metric_transaction).to receive(:add_event).with('email_receiver_error', { error: expected_error.name })
expect { receiver.execute }.to raise_error(expected_error)
end
end
shared_examples 'failed receive without event' do
it 'adds metric event' do
expect(::Gitlab::Metrics::BackgroundTransaction).not_to receive(:current)
expect { receiver.execute }.to raise_error(expected_error)
end
end
context 'when the email contains a valid email address in a header' do
before do
stub_incoming_email_setting(enabled: true, address: "incoming+%{key}@appmail.example.com")
end
context 'when in a Delivered-To header' do
let(:email_raw) { fixture_file('emails/forwarded_new_issue.eml') }
let(:meta_key) { :delivered_to }
let(:meta_value) { ["incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com", "support@example.com"] }
it_behaves_like 'successful receive'
end
context 'when in an Envelope-To header' do
let(:email_raw) { fixture_file('emails/envelope_to_header.eml') }
let(:meta_key) { :envelope_to }
let(:meta_value) { ["incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com"] }
it_behaves_like 'successful receive'
end
context 'when in an X-Envelope-To header' do
let(:email_raw) { fixture_file('emails/x_envelope_to_header.eml') }
let(:meta_key) { :x_envelope_to }
let(:meta_value) { ["incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com"] }
it_behaves_like 'successful receive'
end
context 'when enclosed with angle brackets in an Envelope-To header' do
let(:email_raw) { fixture_file('emails/envelope_to_header_with_angle_brackets.eml') }
let(:meta_key) { :envelope_to }
let(:meta_value) { ["<incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com>"] }
it_behaves_like 'successful receive'
end
context 'when mail key is in the references header with a comma' do
let(:email_raw) { fixture_file('emails/valid_reply_with_references_in_comma.eml') }
let(:meta_key) { :references }
let(:meta_value) { ['"<reply-59d8df8370b7e95c5a49fbf86aeb2c93@localhost>,<issue_1@localhost>,<exchange@microsoft.com>"'] }
it_behaves_like 'successful receive' do
let(:mail_key) { '59d8df8370b7e95c5a49fbf86aeb2c93' }
end
end
context 'when all other headers are missing' do
let(:email_raw) { fixture_file('emails/missing_delivered_to_header.eml') }
let(:meta_key) { :received_recipients }
let(:meta_value) { ['incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com', 'incoming+gitlabhq/gitlabhq@example.com'] }
describe 'it uses receive headers to find the key' do
it_behaves_like 'successful receive'
end
end
end
context 'when we cannot find a capable handler' do
let(:email_raw) { fixture_file('emails/valid_reply.eml').gsub(mail_key, '!!!') }
let(:expected_error) { Gitlab::Email::UnknownIncomingEmail }
it_behaves_like 'failed receive with event'
end
context 'when the email is blank' do
let(:email_raw) { '' }
let(:expected_error) { Gitlab::Email::EmptyEmailError }
it_behaves_like 'failed receive without event'
end
context 'when the email was auto generated with Auto-Submitted header' do
let(:email_raw) { fixture_file('emails/auto_submitted.eml') }
let(:expected_error) { Gitlab::Email::AutoGeneratedEmailError }
it_behaves_like 'failed receive without event'
end
context "when the email's To field is blank" do
before do
stub_incoming_email_setting(enabled: true, address: "incoming+%{key}@appmail.example.com")
end
let(:email_raw) do
<<~EMAIL
Delivered-To: incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com
From: "jake@example.com" <jake@example.com>
Bcc: "support@example.com" <support@example.com>
Email content
EMAIL
end
let(:meta_key) { :delivered_to }
let(:meta_value) { ["incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com"] }
it_behaves_like 'successful receive'
end
context "when the email's From field is blank" do
before do
stub_incoming_email_setting(enabled: true, address: "incoming+%{key}@appmail.example.com")
end
let(:email_raw) do
<<~EMAIL
Delivered-To: incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com
To: "support@example.com" <support@example.com>
Email content
EMAIL
end
let(:meta_key) { :delivered_to }
let(:meta_value) { ["incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com"] }
it_behaves_like 'successful receive' do
let(:client_id) { 'email/' }
end
end
context 'when the email was auto generated with X-Autoreply header' do
let(:email_raw) { fixture_file('emails/auto_reply.eml') }
let(:expected_error) { Gitlab::Email::AutoGeneratedEmailError }
it_behaves_like 'failed receive without event'
end
describe 'event raising via errors' do
let(:handler) { double(:handler, project: project, execute: true, metrics_event: nil, metrics_params: nil) }
let(:email_raw) { "arbitrary text. could be anything really. we're going to raise an error anyway." }
before do
allow(receiver).to receive(:handler).and_return(handler)
allow(handler).to receive(:execute).and_raise(expected_error)
end
describe 'handling errors which do not raise events' do
where(:expected_error) do
[
Gitlab::Email::AutoGeneratedEmailError,
Gitlab::Email::ProjectNotFound,
Gitlab::Email::EmptyEmailError,
Gitlab::Email::UserNotFoundError,
Gitlab::Email::UserBlockedError,
Gitlab::Email::UserNotAuthorizedError,
Gitlab::Email::NoteableNotFoundError,
Gitlab::Email::InvalidAttachment,
Gitlab::Email::InvalidRecordError,
Gitlab::Email::EmailTooLarge
]
end
with_them do
it_behaves_like 'failed receive without event'
end
end
describe 'handling errors which do raise events' do
where(:expected_error) do
[Gitlab::Email::EmailUnparsableError, Gitlab::Email::UnknownIncomingEmail, ArgumentError, StandardError]
end
with_them do
it_behaves_like 'failed receive with event'
end
end
end
context "when the received field is malformed" do
let(:email_raw) do
attack = "for <<" * 100_000
[
"Delivered-To: incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com",
"Received: from mail.example.com #{attack}; Thu, 13 Jun 2013 17:03:50 -0400",
"To: \"support@example.com\" <support@example.com>",
"",
"Email content"
].join("\n")
end
it 'mail_metadata has no ReDos issue' do
Timeout.timeout(2) do
Gitlab::Email::Receiver.new(email_raw).mail_metadata
end
end
end
it 'requires all handlers to have a unique metric_event' do
events = Gitlab::Email::Handler.handlers.map do |handler|
handler.new(Mail::Message.new, 'gitlabhq/gitlabhq+auth_token').metrics_event
end
expect(events.uniq.count).to eq events.count
end
it 'requires all handlers to respond to #project' do
Gitlab::Email::Handler.load_handlers.each do |handler|
expect { handler.new(nil, nil).project }.not_to raise_error
end
end
end
|