TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:57:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict smtp sender address (#3637)

Browse Source 
* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2022-05-16 16:08:47 +02:00
committed by GitHub
parent 40de8d5b3b
commit 5c0f527a49
39 changed files with 510 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
internal/command/smtp.go
View File

@@ -53,7 +53,7 @@ func (c *Commands) ChangeSMTPConfig(ctx context.Context, config *smtp.EmailConfi
func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter)
smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter, "")
if err != nil {
return nil, err
}
@@ -90,13 +90,19 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, host,
return nil, errors.ThrowInvalidArgument(nil, "INST-SF3g1", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := getSMTPConfigWriteModel(ctx, filter)
fromSplitted := strings.Split(from, "@")
senderDomain := fromSplitted[len(fromSplitted)-1]
writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
if err != nil {
return nil, err
}
if writeModel.State == domain.SMTPConfigStateActive {
return nil, errors.ThrowAlreadyExists(nil, "INST-W3VS2", "Errors.SMTPConfig.AlreadyExists")
}
err = checkSenderAddress(writeModel)
if err != nil {
return nil, err
}
var smtpPassword *crypto.CryptoValue
if password != nil {
smtpPassword, err = crypto.Encrypt(password, c.smtpEncryption)
@@ -128,14 +134,21 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, ho
if host = strings.TrimSpace(host); host == "" {
return nil, errors.ThrowInvalidArgument(nil, "INST-VDwvq", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := getSMTPConfigWriteModel(ctx, filter)
fromSplitted := strings.Split(from, "@")
senderDomain := fromSplitted[len(fromSplitted)-1]
writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
if err != nil {
return nil, err
}
if writeModel.State != domain.SMTPConfigStateActive {
return nil, errors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound")
}
err = checkSenderAddress(writeModel)
if err != nil {
return nil, err
}
changedEvent, hasChanged, err := writeModel.NewChangedEvent(
ctx,
&a.Aggregate,
@@ -155,8 +168,18 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, ho
}
}
func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (_ *InstanceSMTPConfigWriteModel, err error) {
writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID())
func checkSenderAddress(writeModel *InstanceSMTPConfigWriteModel) error {
if !writeModel.smtpSenderAddressMatchesInstanceDomain {
return nil
}
if !writeModel.domainState.Exists() {
return errors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain")
}
return nil
}
func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, domain string) (_ *InstanceSMTPConfigWriteModel, err error) {
writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID(), domain)
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err