5 files changed, 58 insertions, 43 deletions

diff --git a/app/controllers/action_mailbox/base_controller.rb b/app/controllers/action_mailbox/base_controller.rb
index d3846b06e1..a2f7eb4b61 100644
--- a/app/controllers/action_mailbox/base_controller.rb
+++ b/app/controllers/action_mailbox/base_controller.rb
@@ -1,15 +1,33 @@
 class ActionMailbox::BaseController < ActionController::Base
   skip_forgery_protection
 
+  before_action :ensure_configured
+
   private
-    def authenticate
-      if username.present? && password.present?
-        http_basic_authenticate_or_request_with username: username, password: password, realm: "Action Mailbox"
+    def ensure_configured
+      unless ActionMailbox.ingress == ingress_name
+        head :not_found
+      end
+    end
+
+    def ingress_name
+      self.class.name[/^ActionMailbox::Ingresses::(.*?)::/, 1].underscore.to_sym
+    end
+
+
+    def authenticate_by_password
+      if password.present?
+        http_basic_authenticate_or_request_with username: "actionmailbox", password: password, realm: "Action Mailbox"
       else
         raise ArgumentError, "Missing required ingress credentials"
       end
     end
 
+    def password
+      Rails.application.credentials.dig(:action_mailbox, :ingress_password) || ENV["RAILS_INBOUND_EMAIL_PASSWORD"]
+    end
+
+
     # TODO: Extract to ActionController::HttpAuthentication
     def http_basic_authenticate_or_request_with(username:, password:, realm: nil)
       authenticate_or_request_with_http_basic(realm || "Application") do |given_username, given_password|
diff --git a/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb
index c7e53b07f4..0b763dcf18 100644
--- a/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb
+++ b/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb
@@ -11,21 +11,30 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox
     end
 
     def authenticated?
-      Authenticator.new(
-        timestamp: params.require(:timestamp),
-        token:     params.require(:token),
-        signature: params.require(:signature)
-      ).authenticated?
+      if key.present?
+        Authenticator.new(
+          key:       key,
+          timestamp: params.require(:timestamp),
+          token:     params.require(:token),
+          signature: params.require(:signature)
+        ).authenticated?
+      else
+        raise ArgumentError, <<~MESSAGE.squish
+          Missing required Mailgun API key. Set action_mailbox.mailgun_api_key in your application's
+          encrypted credentials or provide the MAILGUN_INGRESS_API_KEY environment variable.
+        MESSAGE
+      end
     end
 
-    class Authenticator
-      cattr_accessor :key
-      attr_reader :timestamp, :token, :signature
+    def key
+      Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key) || ENV["MAILGUN_INGRESS_API_KEY"]
+    end
 
-      def initialize(timestamp:, token:, signature:)
-        @timestamp, @token, @signature = Integer(timestamp), token, signature
+    class Authenticator
+      attr_reader :key, :timestamp, :token, :signature
 
-        ensure_presence_of_key
+      def initialize(key:, timestamp:, token:, signature:)
+        @key, @timestamp, @token, @signature = key, Integer(timestamp), token, signature
       end
 
       def authenticated?
@@ -33,13 +42,6 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox
       end
 
       private
-        def ensure_presence_of_key
-          unless key.present?
-            raise ArgumentError, "Missing required Mailgun API key"
-          end
-        end
-
-
         def signed?
           ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
         end
diff --git a/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
index bcaa5faf23..0601125cdb 100644
--- a/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
+++ b/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
@@ -24,17 +24,25 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbo
     end
 
     def authenticated?
-      Authenticator.new(request).authenticated?
+      if key.present?
+        Authenticator.new(request, key).authenticated?
+      else
+        raise ArgumentError, <<~MESSAGE.squish
+          Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
+          encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
+        MESSAGE
+      end
     end
 
-    class Authenticator
-      cattr_accessor :key
-      attr_reader :request
+    def key
+      Rails.application.credentials.dig(:action_mailbox, :mandrill_api_key) || ENV["MANDRILL_INGRESS_API_KEY"]
+    end
 
-      def initialize(request)
-        @request = request
+    class Authenticator
+      attr_reader :request, :key
 
-        ensure_presence_of_key
+      def initialize(request, key)
+        @request, @key = request, key
       end
 
       def authenticated?
@@ -42,13 +50,6 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbo
       end
 
       private
-        def ensure_presence_of_key
-          unless key.present?
-            raise ArgumentError, "Missing required Mandrill API key"
-          end
-        end
-
-
         def given_signature
           request.headers["X-Mandrill-Signature"]
         end
diff --git a/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb
index 72303378a9..133accf651 100644
--- a/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb
+++ b/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb
@@ -1,8 +1,5 @@
 class ActionMailbox::Ingresses::Postfix::InboundEmailsController < ActionMailbox::BaseController
-  cattr_accessor :username, default: "actionmailbox"
-  cattr_accessor :password
-
-  before_action :authenticate, :require_valid_rfc822_message
+  before_action :authenticate_by_password, :require_valid_rfc822_message
 
   def create
     ActionMailbox::InboundEmail.create_and_extract_message_id! request.body.read
diff --git a/app/controllers/action_mailbox/ingresses/sendgrid/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/sendgrid/inbound_emails_controller.rb
index f31845d8cd..b856eb5b94 100644
--- a/app/controllers/action_mailbox/ingresses/sendgrid/inbound_emails_controller.rb
+++ b/app/controllers/action_mailbox/ingresses/sendgrid/inbound_emails_controller.rb
@@ -1,8 +1,5 @@
 class ActionMailbox::Ingresses::Sendgrid::InboundEmailsController < ActionMailbox::BaseController
-  cattr_accessor :username, default: "actionmailbox"
-  cattr_accessor :password
-
-  before_action :authenticate
+  before_action :authenticate_by_password
 
   def create
     ActionMailbox::InboundEmail.create_and_extract_message_id! params.require(:email)