Felamimail Sieve - configurable email domain whitelist for redirect rules
authorPaul Mehrer <p.mehrer@metaways.de>
Fri, 16 Jun 2017 14:10:45 +0000 (16:10 +0200)
committerPaul Mehrer <p.mehrer@metaways.de>
Tue, 20 Jun 2017 11:53:31 +0000 (13:53 +0200)
Change-Id: I2977bfd09b07e7259d5e6a100fa47fc215bfdf6d
Reviewed-on: http://gerrit.tine20.com/customers/4887
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Paul Mehrer <p.mehrer@metaways.de>
Tested-by: Paul Mehrer <p.mehrer@metaways.de>
tine20/Felamimail/Config.php
tine20/Felamimail/Controller/Sieve.php
tine20/Felamimail/Model/Sieve/Rule.php
tine20/Tinebase/Frontend/Json.php

index c22682a..d61edcc 100644 (file)
@@ -66,6 +66,13 @@ class Felamimail_Config extends Tinebase_Config_Abstract
     const EMAIL_NOTIFICATION_TEMPLATES_CONTAINER_ID = 'emailNotificationTemplatesContainerId';
 
     /**
+     * allow only sieve redirect rules to internal (primary/secondary) email addresses
+     *
+     * @var string
+     */
+    const SIEVE_REDIRECT_ONLY_INTERNAL = 'sieveRedirectOnlyInternal';
+
+    /**
      * user can set custom vacation message
      *
      * @var string
@@ -175,6 +182,17 @@ class Felamimail_Config extends Tinebase_Config_Abstract
             'setBySetupModule'      => TRUE,
             'default'               => null,
         ),
+        self::SIEVE_REDIRECT_ONLY_INTERNAL => array(
+            //_('Sieve Redirect Only Internal')
+            'label'                 => 'Sieve Redirect Only Internal',
+            // _('Allow only sieve redirect rules to internal (primary/secondary) email addresses')
+            'description'           => 'Allow only sieve redirect rules to internal (primary/secondary) email addresses',
+            'type'                  => Tinebase_Config_Abstract::TYPE_BOOL,
+            'clientRegistryInclude' => TRUE,
+            'setByAdminModule'      => TRUE,
+            'setBySetupModule'      => FALSE,
+            'default'               => false,
+        ),
     );
     
     /**
index f9937cd..9a2f46b 100644 (file)
@@ -508,6 +508,26 @@ class Felamimail_Controller_Sieve extends Tinebase_Controller_Abstract
             if ($account->email === $_rule->action_argument) {
                 throw new Felamimail_Exception_Sieve('It is not allowed to redirect emails to self (' . $account->email . ')! Please change the recipient.');
             }
+            if (Felamimail_Config::getInstance()->{Felamimail_Config::SIEVE_REDIRECT_ONLY_INTERNAL}) {
+                $success = false;
+                $smtpConfig = Tinebase_EmailUser::manages(Tinebase_Config::SMTP) ? Tinebase_EmailUser::getConfig(Tinebase_Config::SMTP) : $smtpConfig = array();
+                $allowedDomains = array();
+                if (isset($smtpConfig['primarydomain'])) {
+                    $allowedDomains[] = $smtpConfig['primarydomain'];
+                }
+                if (isset($smtpConfig['secondarydomains'])) {
+                    $allowedDomains[] = array_merge($allowedDomains, explode(',', $smtpConfig['secondarydomains']));
+                }
+                foreach ($allowedDomains as $allowedDomain) {
+                    if (strpos($_rule->action_argument, $allowedDomain) !== false) {
+                        $success = true;
+                        break;
+                    }
+                }
+                if (false === $success) {
+                    throw new Felamimail_Exception_Sieve('redirects only to the following domains allowed: ' . join(',', $whiteList));
+                }
+            }
         }
     }
     
index f2bacc3..6cabdf0 100644 (file)
 /**
  * class to hold Rule data
  * 
- * @property    integer id
- * @property    array   action       array('type', 'argument')
- * @property    array   conditions   array( 0 => array('test', 'comperator', 'header', 'key'), 1 => (...))
- * @property    boolean enabled
+ * @property    integer $id
+ * @property    array   $conditions   array( 0 => array('test', 'comperator', 'header', 'key'), 1 => (...))
+ * @property    boolean $enabled
+ * @property    string  $action_argument
+ * @property    string  $action_type
  * 
  * @package     Felamimail
  */
index f0c2a4f..19d2881 100644 (file)
@@ -5,7 +5,7 @@
  * @package     Tinebase
  * @subpackage  Server
  * @license     http://www.gnu.org/licenses/agpl.html AGPL Version 3
- * @copyright   Copyright (c) 2007-2014 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2007-2017 Metaways Infosystems GmbH (http://www.metaways.de)
  * @author      Lars Kneschke <l.kneschke@metaways.de>
  * 
  */
@@ -807,6 +807,8 @@ class Tinebase_Frontend_Json extends Tinebase_Frontend_Json_Abstract
             $persistentFilters = array();
         }
 
+        $smtpConfig = Tinebase_EmailUser::manages(Tinebase_Config::SMTP) ? Tinebase_EmailUser::getConfig(Tinebase_Config::SMTP) : $smtpConfig = array();
+
         $userRegistryData = array(
             'timeZone'           => Tinebase_Core::getUserTimezone(),
             'currentAccount'     => $user->toArray(),
@@ -822,6 +824,8 @@ class Tinebase_Frontend_Json extends Tinebase_Frontend_Json_Abstract
             'persistentFilters'  => $persistentFilters,
             'userAccountChanged' => Tinebase_Controller::getInstance()->userAccountChanged(),
             'sessionLifeTime'    => Tinebase_Session_Abstract::getSessionLifetime(),
+            'primarydomain'      => isset($smtpConfig['primarydomain']) ? $smtpConfig['primarydomain'] : '',
+            'secondarydomains'   => isset($smtpConfig['secondarydomains']) ? $smtpConfig['secondarydomains'] : '',
         );
         
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__