feat: restrict smtp sender address (#3637)

* fix: check if sender address is custom domain * fix: check if sender address is custom domain * fix: check if sender address is custom domain Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 03:37:34 +00:00 · 2022-05-16 16:08:47 +02:00
parent 40de8d5b3b
commit 5c0f527a49
39 changed files with 510 additions and 153 deletions
--- a/internal/query/projection/domain_policy_test.go
+++ b/internal/query/projection/domain_policy_test.go
@@ -30,7 +30,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					org.AggregateType,
 					[]byte(`{
 						"userLoginMustBeDomain": true,
-						"validateOrgDomains": true
+						"validateOrgDomains": true,
+						"smtpSenderAddressMatchesInstanceDomain": true
 }`),
 				), org.DomainPolicyAddedEventMapper),
 			},
@@ -43,7 +44,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								anyArg{},
@@ -52,6 +53,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 								domain.PolicyStateActive,
 								true,
 								true,
+								true,
 								false,
 								"ro-id",
 								"instance-id",
@@ -70,7 +72,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					org.AggregateType,
 					[]byte(`{
 						"userLoginMustBeDomain": true,
-						"validateOrgDomains": true
+						"validateOrgDomains": true,
+						"smtpSenderAddressMatchesInstanceDomain": true
 		}`),
 				), org.DomainPolicyChangedEventMapper),
 			},
@@ -82,12 +85,13 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains) = ($1, $2, $3, $4) WHERE (id = $5)",
+							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain) = ($1, $2, $3, $4, $5) WHERE (id = $6)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								uint64(15),
 								true,
 								true,
+								true,
 								"agg-id",
 							},
 						},
@@ -131,7 +135,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					instance.AggregateType,
 					[]byte(`{
 						"userLoginMustBeDomain": true,
-						"validateOrgDomains": true
+						"validateOrgDomains": true,
+						"smtpSenderAddressMatchesInstanceDomain": true
 					}`),
 				), instance.DomainPolicyAddedEventMapper),
 			},
@@ -143,7 +148,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								anyArg{},
@@ -153,6 +158,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 								true,
 								true,
 								true,
+								true,
 								"ro-id",
 								"instance-id",
 							},
@@ -170,7 +176,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					instance.AggregateType,
 					[]byte(`{
 						"userLoginMustBeDomain": true,
-						"validateOrgDomains": true
+						"validateOrgDomains": true,
+						"smtpSenderAddressMatchesInstanceDomain": true
 					}`),
 				), instance.DomainPolicyChangedEventMapper),
 			},
@@ -182,12 +189,13 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains) = ($1, $2, $3, $4) WHERE (id = $5)",
+							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain) = ($1, $2, $3, $4, $5) WHERE (id = $6)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								uint64(15),
 								true,
 								true,
+								true,
 								"agg-id",
 							},
 						},