FIX: Drop malformed CC addresses in GroupSmtpEmail job (#14934)

Sometimes, a user may have a malformed email such as `test@test.com<mailto:test@test.com` their email address, and as a topic participant will be included as a CC email when sending a GroupSmtpEmail. This causes the CC parsing to fail and further down the line in Email::Sender the code to check the CC addresses expects an array but gets a string instead because of the parse failure. Instead, we can just check if the CC addresses are valid and drop them if they are not in the GroupSmtpEmail job.
2025-01-18 19:02:46 +08:00 · 2021-11-16 08:15:11 +10:00 · 2021-11-16 08:15:11 +10:00 · eabe2df8d2
commit eabe2df8d2
parent 0e371d4c6d
2 changed files with 22 additions and 10 deletions
--- a/app/jobs/regular/group_smtp_email.rb
+++ b/app/jobs/regular/group_smtp_email.rb
@ -23,26 +23,28 @@ module Jobs

    def execute(args)
      return if quit_email_early?
+      email = args[:email]
+      recipient_user = User.find_by_email(email, primary: true)
+
+      post = Post.find_by(id: args[:post_id])
+      if post.blank?
+        return skip(email, nil, recipient_user, :group_smtp_post_deleted)
+      end

      group = Group.find_by(id: args[:group_id])
      return if group.blank?

-      post = Post.find_by(id: args[:post_id])
-      email = args[:email]
-      cc_addresses = args[:cc_emails]
-      recipient_user = User.find_by_email(email, primary: true)
-
-      if post.blank?
-        return skip(email, nil, recipient_user, :group_smtp_post_deleted)
+      if !group.smtp_enabled
+        return skip(email, post, recipient_user, :group_smtp_disabled_for_group)
      end

      if !Topic.exists?(id: post.topic_id)
        return skip(email, post, recipient_user, :group_smtp_topic_deleted)
      end

-      if !group.smtp_enabled
-        return skip(email, post, recipient_user, :group_smtp_disabled_for_group)
-      end
+      cc_addresses = args[:cc_emails].map do |cc|
+        cc.match(EmailValidator.email_regex) ? cc : nil
+      end.compact

      # There is a rare race condition causing the Imap::Sync class to create
      # an incoming email and associated post/topic, which then kicks off
--- a/spec/jobs/regular/group_smtp_email_spec.rb
+++ b/spec/jobs/regular/group_smtp_email_spec.rb
@ -160,6 +160,16 @@ RSpec.describe Jobs::GroupSmtpEmail do
    expect(email_log.smtp_group_id).to eq(group.id)
  end

+  it "drops malformed cc addresses when sending the email" do
+    args2 = args.clone
+    args2[:cc_emails] << "somebadccemail@test.com<mailto:somebadccemail@test.com"
+    subject.execute(args2)
+    expect(ActionMailer::Base.deliveries.count).to eq(1)
+    last_email = ActionMailer::Base.deliveries.last
+    expect(last_email.subject).to eq("Re: Help I need support")
+    expect(last_email.cc).to match_array(["otherguy@test.com", "cormac@lit.com"])
+  end
+
  context "when there are cc_addresses" do
    it "has the cc_addresses and cc_user_ids filled in correctly" do
      subject.execute(args)