From be0a8bec8701c7df2667dbf1569429218ea30370 Mon Sep 17 00:00:00 2001 From: George Claghorn Date: Mon, 29 Oct 2018 13:45:24 -0400 Subject: Raise when required config is missing --- app/controllers/action_mailbox/base_controller.rb | 10 ++++-- .../ingresses/mailgun/inbound_emails_controller.rb | 9 +++++ .../mandrill/inbound_emails_controller.rb | 9 +++++ .../mailgun/inbound_emails_controller_test.rb | 38 ++++++++++++++++++++++ .../mandrill/inbound_emails_controller_test.rb | 28 ++++++++++++++++ .../postfix/inbound_emails_controller_test.rb | 27 ++++++++++++++- .../sendgrid/inbound_emails_controller_test.rb | 27 ++++++++++++++- 7 files changed, 143 insertions(+), 5 deletions(-) diff --git a/app/controllers/action_mailbox/base_controller.rb b/app/controllers/action_mailbox/base_controller.rb index 6f0e7e42d1..a64a817b51 100644 --- a/app/controllers/action_mailbox/base_controller.rb +++ b/app/controllers/action_mailbox/base_controller.rb @@ -3,9 +3,13 @@ class ActionMailbox::BaseController < ActionController::Base private def authenticate - authenticate_or_request_with_http_basic("Action Mailbox") do |given_username, given_password| - ActiveSupport::SecurityUtils.secure_compare(given_username, username) & - ActiveSupport::SecurityUtils.secure_compare(given_password, password) + if username.present? && password.present? + authenticate_or_request_with_http_basic("Action Mailbox") do |given_username, given_password| + ActiveSupport::SecurityUtils.secure_compare(given_username, username) & + ActiveSupport::SecurityUtils.secure_compare(given_password, password) + end + else + raise ArgumentError, "Missing required ingress credentials" end end end diff --git a/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb index 46b0977592..c7e53b07f4 100644 --- a/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb +++ b/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb @@ -24,6 +24,8 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox def initialize(timestamp:, token:, signature:) @timestamp, @token, @signature = Integer(timestamp), token, signature + + ensure_presence_of_key end def authenticated? @@ -31,6 +33,13 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox end private + def ensure_presence_of_key + unless key.present? + raise ArgumentError, "Missing required Mailgun API key" + end + end + + def signed? ActiveSupport::SecurityUtils.secure_compare signature, expected_signature end diff --git a/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb b/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb index 31e1315ccd..bcaa5faf23 100644 --- a/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb +++ b/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb @@ -33,6 +33,8 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbo def initialize(request) @request = request + + ensure_presence_of_key end def authenticated? @@ -40,6 +42,13 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbo end private + def ensure_presence_of_key + unless key.present? + raise ArgumentError, "Missing required Mandrill API key" + end + end + + def given_signature request.headers["X-Mandrill-Signature"] end diff --git a/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb b/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb index 35e8314618..8fb3dd28c6 100644 --- a/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb +++ b/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb @@ -48,4 +48,42 @@ class ActionMailbox::Ingresses::Mailgun::InboundEmailsControllerTest < ActionDis assert_response :unauthorized end + + test "raising when the configured Mailgun API key is nil" do + switch_key_to nil do + assert_raises ArgumentError do + travel_to "2018-10-09 15:15:00 EDT" + post rails_mailgun_inbound_emails_url, params: { + timestamp: 1539112500, + token: "7VwW7k6Ak7zcTwoSoNm7aTtbk1g67MKAnsYLfUB7PdszbgR5Xi", + signature: "ef24c5225322217bb065b80bb54eb4f9206d764e3e16abab07f0a64d1cf477cc", + "body-mime" => file_fixture("../files/welcome.eml").read + } + end + end + end + + test "raising when the configured Mailgun API key is blank" do + switch_key_to "" do + assert_raises ArgumentError do + travel_to "2018-10-09 15:15:00 EDT" + post rails_mailgun_inbound_emails_url, params: { + timestamp: 1539112500, + token: "7VwW7k6Ak7zcTwoSoNm7aTtbk1g67MKAnsYLfUB7PdszbgR5Xi", + signature: "ef24c5225322217bb065b80bb54eb4f9206d764e3e16abab07f0a64d1cf477cc", + "body-mime" => file_fixture("../files/welcome.eml").read + } + end + end + end + + private + delegate :key, :key=, to: ActionMailbox::Ingresses::Mailgun::InboundEmailsController::Authenticator + + def switch_key_to(new_key) + previous_key, self.key = key, new_key + yield + ensure + self.key = previous_key + end end diff --git a/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb b/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb index abef6baa4f..1658d85104 100644 --- a/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb +++ b/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb @@ -28,4 +28,32 @@ class ActionMailbox::Ingresses::Mandrill::InboundEmailsControllerTest < ActionDi assert_response :unauthorized end + + test "raising when Mandrill API key is nil" do + switch_key_to nil do + assert_raises ArgumentError do + post rails_mandrill_inbound_emails_url, + headers: { "X-Mandrill-Signature" => "gldscd2tAb/G+DmpiLcwukkLrC4=" }, params: { mandrill_events: @events } + end + end + end + + test "raising when Mandrill API key is blank" do + switch_key_to "" do + assert_raises ArgumentError do + post rails_mandrill_inbound_emails_url, + headers: { "X-Mandrill-Signature" => "gldscd2tAb/G+DmpiLcwukkLrC4=" }, params: { mandrill_events: @events } + end + end + end + + private + delegate :key, :key=, to: ActionMailbox::Ingresses::Mandrill::InboundEmailsController::Authenticator + + def switch_key_to(new_key) + previous_key, self.key = key, new_key + yield + ensure + self.key = previous_key + end end diff --git a/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb b/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb index 3fa0854576..a9588791b9 100644 --- a/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb +++ b/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb @@ -34,10 +34,35 @@ class ActionMailbox::Ingresses::Postfix::InboundEmailsControllerTest < ActionDis assert_response :unsupported_media_type end + test "raising when the configured password is nil" do + switch_password_to nil do + assert_raises ArgumentError do + post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, + params: file_fixture("../files/welcome.eml").read + end + end + end + + test "raising when the configured password is blank" do + switch_password_to "" do + assert_raises ArgumentError do + post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, + params: file_fixture("../files/welcome.eml").read + end + end + end + private - delegate :username, :password, to: ActionMailbox::Ingresses::Postfix::InboundEmailsController + delegate :username, :password, :password=, to: ActionMailbox::Ingresses::Postfix::InboundEmailsController def credentials ActionController::HttpAuthentication::Basic.encode_credentials username, password end + + def switch_password_to(new_password) + previous_password, self.password = password, new_password + yield + ensure + self.password = previous_password + end end diff --git a/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb b/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb index 7663c6657e..759a532087 100644 --- a/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb +++ b/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb @@ -24,10 +24,35 @@ class ActionMailbox::Ingresses::Sendgrid::InboundEmailsControllerTest < ActionDi assert_response :unauthorized end + test "raising when the configured password is nil" do + switch_password_to nil do + assert_raises ArgumentError do + post rails_sendgrid_inbound_emails_url, + headers: { authorization: credentials }, params: { email: file_fixture("../files/welcome.eml").read } + end + end + end + + test "raising when the configured password is blank" do + switch_password_to "" do + assert_raises ArgumentError do + post rails_sendgrid_inbound_emails_url, + headers: { authorization: credentials }, params: { email: file_fixture("../files/welcome.eml").read } + end + end + end + private - delegate :username, :password, to: ActionMailbox::Ingresses::Sendgrid::InboundEmailsController + delegate :username, :password, :password=, to: ActionMailbox::Ingresses::Sendgrid::InboundEmailsController def credentials ActionController::HttpAuthentication::Basic.encode_credentials username, password end + + def switch_password_to(new_password) + previous_password, self.password = password, new_password + yield + ensure + self.password = previous_password + end end -- cgit v1.2.3