Create a new issue via: incoming+group/project+AUTH_TOKEN@...

a065c8d5 · Lin Jen-Shin · 634c9f40 · a065c8d5 · a065c8d5 · a065c8d5
Commit a065c8d5 authored Apr 07, 2016 by Lin Jen-Shin
5 changed files
--- a/lib/gitlab/email/receiver.rb
+++ b/lib/gitlab/email/receiver.rb
@@ -60,6 +60,7 @@ module Gitlab

      def process_create_issue
        validate_permission!(message_sender, message_project, :create_issue)
+        validate_authentication_token!(message_sender)

        issue = Issues::CreateService.new(
          message_project,
@@ -85,6 +86,11 @@ module Gitlab
        raise UserNotAuthorizedError unless author.can?(permission, project)
      end

+      def validate_authentication_token!(author)
+        raise UserNotAuthorizedError unless author.authentication_token ==
+                                              authentication_token
+      end
+
      # Find the first matched user in database from email From: section
      # TODO: Since this address could be forged, we should have some kind of
      #       auth token attached somewhere to verify the identity better.
@@ -97,7 +103,7 @@ module Gitlab

      def message_project
        @message_project ||=
-          Project.find_with_namespace(reply_key) if reply_key
+          Project.find_with_namespace(project_namespace) if reply_key
      end

      def process_reply(project)
@@ -118,6 +124,14 @@ module Gitlab
        key_from_to_header || key_from_additional_headers
      end

+      def authentication_token
+        reply_key[/[^\+]+$/]
+      end
+
+      def project_namespace
+        reply_key[/^[^\+]+/]
+      end
+
      def key_from_to_header
        key = nil
        message.to.each do |address|

--- a/spec/fixtures/emails/valid_new_issue.eml
+++ b/spec/fixtures/emails/valid_new_issue.eml
@@ -5,7 +5,7 @@ Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incom
 Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
 Date: Thu, 13 Jun 2013 17:03:48 -0400
 From: Jake the Dog <jake@adventuretime.ooo>
-To: incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo
+To: incoming+gitlabhq/gitlabhq+auth_token@appmail.adventuretime.ooo
 Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
 Subject: New Issue by email
 Mime-Version: 1.0

--- a/spec/fixtures/emails/valid_new_issue_empty.eml
+++ b/spec/fixtures/emails/valid_new_issue_empty.eml
@@ -5,7 +5,7 @@ Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incom
 Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
 Date: Thu, 13 Jun 2013 17:03:48 -0400
 From: Jake the Dog <jake@adventuretime.ooo>
-To: incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo
+To: incoming+gitlabhq/gitlabhq+auth_token@appmail.adventuretime.ooo
 Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
 Subject: New Issue by email
 Mime-Version: 1.0

--- a/spec/fixtures/emails/wrong_authentication_token.eml
+++ b/spec/fixtures/emails/wrong_authentication_token.eml
+Return-Path: <jake@adventuretime.ooo>
+Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400
+Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400
+Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700
+Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
+Date: Thu, 13 Jun 2013 17:03:48 -0400
+From: Jake the Dog <jake@adventuretime.ooo>
+To: incoming+gitlabhq/gitlabhq+bad_token@appmail.adventuretime.ooo
+Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
+Subject: New Issue by email
+Mime-Version: 1.0
+Content-Type: text/plain;
+ charset=ISO-8859-1
+Content-Transfer-Encoding: 7bit
+X-Sieve: CMU Sieve 2.2
+X-Received: by 10.0.0.1 with SMTP id n7mr11234144ipb.85.1371157428600; Thu,
+ 13 Jun 2013 14:03:48 -0700 (PDT)
+X-Scanned-By: MIMEDefang 2.69 on IPv6:2001:470:1d:165::1
--- a/spec/lib/gitlab/email/receiver_spec.rb
+++ b/spec/lib/gitlab/email/receiver_spec.rb
@@ -171,7 +171,13 @@ describe Gitlab::Email::Receiver, lib: true do
    end

    let(:sent_notification) {}
-    let!(:user)     { create(:user, email: 'jake@adventuretime.ooo') }
+    let!(:user) do
+      create(
+        :user,
+        email: 'jake@adventuretime.ooo',
+        authentication_token: 'auth_token'
+      )
+    end
    let(:namespace) { create(:namespace, path: 'gitlabhq') }
    let(:project)   { create(:project, :public, namespace: namespace) }
    let(:email_raw) { fixture_file('emails/valid_new_issue.eml') }
@@ -215,6 +221,18 @@ describe Gitlab::Email::Receiver, lib: true do
          expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::InvalidIssueError)
        end
      end
+
+      context "when the authentication_token token didn't match" do
+        let!(:email_raw) { fixture_file("emails/wrong_authentication_token.eml") }
+
+        before do
+          project
+        end
+
+        it "raises an UserNotAuthorizedError" do
+          expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::UserNotAuthorizedError)
+        end
+      end
    end
  end
 end