7 files changed, 143 insertions, 5 deletions

diff --git a/app/controllers/action_mailbox/base_controller.rb b/app/controllers/action_mailbox/base_controller.rb
index 6f0e7e42d1..a64a817b51 100644
--- a/app/controllers/action_mailbox/base_controller.rb
+++ b/app/controllers/action_mailbox/base_controller.rb
@@ -3,9 +3,13 @@ class ActionMailbox::BaseController < ActionController::Base
 
   private
     def authenticate
-      authenticate_or_request_with_http_basic("Action Mailbox") do |given_username, given_password|
-        ActiveSupport::SecurityUtils.secure_compare(given_username, username) &
-          ActiveSupport::SecurityUtils.secure_compare(given_password, password)
+      if username.present? && password.present?
+        authenticate_or_request_with_http_basic("Action Mailbox") do |given_username, given_password|
+          ActiveSupport::SecurityUtils.secure_compare(given_username, username) &
+            ActiveSupport::SecurityUtils.secure_compare(given_password, password)
+        end
+      else
+        raise ArgumentError, "Missing required ingress credentials"
       end
     end
 end
diff --git a/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb
index 46b0977592..c7e53b07f4 100644
--- a/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb
+++ b/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb
@@ -24,6 +24,8 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox
 
       def initialize(timestamp:, token:, signature:)
         @timestamp, @token, @signature = Integer(timestamp), token, signature
+
+        ensure_presence_of_key
       end
 
       def authenticated?
@@ -31,6 +33,13 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox
       end
 
       private
+        def ensure_presence_of_key
+          unless key.present?
+            raise ArgumentError, "Missing required Mailgun API key"
+          end
+        end
+
+
         def signed?
           ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
         end
diff --git a/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
index 31e1315ccd..bcaa5faf23 100644
--- a/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
+++ b/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
@@ -33,6 +33,8 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbo
 
       def initialize(request)
         @request = request
+
+        ensure_presence_of_key
       end
 
       def authenticated?
@@ -40,6 +42,13 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbo
       end
 
       private
+        def ensure_presence_of_key
+          unless key.present?
+            raise ArgumentError, "Missing required Mandrill API key"
+          end
+        end
+
+
         def given_signature
           request.headers["X-Mandrill-Signature"]
         end
diff --git a/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb b/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb
index 35e8314618..8fb3dd28c6 100644
--- a/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb
+++ b/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb
@@ -48,4 +48,42 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsControllerTest < ActionDis
 
     assert_response :unauthorized
   end
+
+  test "raising when the configured Mailgun API key is nil" do
+    switch_key_to nil do
+      assert_raises ArgumentError do
+        travel_to "2018-10-09 15:15:00 EDT"
+        post rails_mailgun_inbound_emails_url, params: {
+          timestamp: 1539112500,
+          token: "7VwW7k6Ak7zcTwoSoNm7aTtbk1g67MKAnsYLfUB7PdszbgR5Xi",
+          signature: "ef24c5225322217bb065b80bb54eb4f9206d764e3e16abab07f0a64d1cf477cc",
+          "body-mime" => file_fixture("../files/welcome.eml").read
+        }
+      end
+    end
+  end
+
+  test "raising when the configured Mailgun API key is blank" do
+    switch_key_to "" do
+      assert_raises ArgumentError do
+        travel_to "2018-10-09 15:15:00 EDT"
+        post rails_mailgun_inbound_emails_url, params: {
+          timestamp: 1539112500,
+          token: "7VwW7k6Ak7zcTwoSoNm7aTtbk1g67MKAnsYLfUB7PdszbgR5Xi",
+          signature: "ef24c5225322217bb065b80bb54eb4f9206d764e3e16abab07f0a64d1cf477cc",
+          "body-mime" => file_fixture("../files/welcome.eml").read
+        }
+      end
+    end
+  end
+
+  private
+    delegate :key, :key=, to: ActionMailbox::Ingresses::Mailgun::InboundEmailsController::Authenticator
+
+    def switch_key_to(new_key)
+      previous_key, self.key = key, new_key
+      yield
+    ensure
+      self.key = previous_key
+    end
 end
diff --git a/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb b/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb
index abef6baa4f..1658d85104 100644
--- a/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb
+++ b/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb
@@ -28,4 +28,32 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsControllerTest < ActionDi
 
     assert_response :unauthorized
   end
+
+  test "raising when Mandrill API key is nil" do
+    switch_key_to nil do
+      assert_raises ArgumentError do
+        post rails_mandrill_inbound_emails_url,
+          headers: { "X-Mandrill-Signature" => "gldscd2tAb/G+DmpiLcwukkLrC4=" }, params: { mandrill_events: @events }
+      end
+    end
+  end
+
+  test "raising when Mandrill API key is blank" do
+    switch_key_to "" do
+      assert_raises ArgumentError do
+        post rails_mandrill_inbound_emails_url,
+          headers: { "X-Mandrill-Signature" => "gldscd2tAb/G+DmpiLcwukkLrC4=" }, params: { mandrill_events: @events }
+      end
+    end
+  end
+
+  private
+    delegate :key, :key=, to: ActionMailbox::Ingresses::Mandrill::InboundEmailsController::Authenticator
+
+    def switch_key_to(new_key)
+      previous_key, self.key = key, new_key
+      yield
+    ensure
+      self.key = previous_key
+    end
 end
diff --git a/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb b/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb
index 3fa0854576..a9588791b9 100644
--- a/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb
+++ b/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb
@@ -34,10 +34,35 @@ class ActionMailbox::Ingresses::Postfix::InboundEmailsControllerTest < ActionDis
     assert_response :unsupported_media_type
   end
 
+  test "raising when the configured password is nil" do
+    switch_password_to nil do
+      assert_raises ArgumentError do
+        post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" },
+          params: file_fixture("../files/welcome.eml").read
+      end
+    end
+  end
+
+  test "raising when the configured password is blank" do
+    switch_password_to "" do
+      assert_raises ArgumentError do
+        post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" },
+          params: file_fixture("../files/welcome.eml").read
+      end
+    end
+  end
+
   private
-    delegate :username, :password, to: ActionMailbox::Ingresses::Postfix::InboundEmailsController
+    delegate :username, :password, :password=, to: ActionMailbox::Ingresses::Postfix::InboundEmailsController
 
     def credentials
       ActionController::HttpAuthentication::Basic.encode_credentials username, password
     end
+
+    def switch_password_to(new_password)
+      previous_password, self.password = password, new_password
+      yield
+    ensure
+      self.password = previous_password
+    end
 end
diff --git a/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb b/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb
index 7663c6657e..759a532087 100644
--- a/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb
+++ b/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb
@@ -24,10 +24,35 @@ class ActionMailbox::Ingresses::Sendgrid::InboundEmailsControllerTest < ActionDi
     assert_response :unauthorized
   end
 
+  test "raising when the configured password is nil" do
+    switch_password_to nil do
+      assert_raises ArgumentError do
+        post rails_sendgrid_inbound_emails_url,
+          headers: { authorization: credentials }, params: { email: file_fixture("../files/welcome.eml").read }
+      end
+    end
+  end
+
+  test "raising when the configured password is blank" do
+    switch_password_to "" do
+      assert_raises ArgumentError do
+        post rails_sendgrid_inbound_emails_url,
+          headers: { authorization: credentials }, params: { email: file_fixture("../files/welcome.eml").read }
+      end
+    end
+  end
+
   private
-    delegate :username, :password, to: ActionMailbox::Ingresses::Sendgrid::InboundEmailsController
+    delegate :username, :password, :password=, to: ActionMailbox::Ingresses::Sendgrid::InboundEmailsController
 
     def credentials
       ActionController::HttpAuthentication::Basic.encode_credentials username, password
     end
+
+    def switch_password_to(new_password)
+      previous_password, self.password = password, new_password
+      yield
+    ensure
+      self.password = previous_password
+    end
 end