1package webmail

2

3import (

4 "archive/tar"

5 "archive/zip"

6 "bytes"

7 "compress/gzip"

8 "context"

9 "encoding/json"

10 "fmt"

11 "io"

12 "mime/multipart"

13 "net/http"

14 "net/http/httptest"

15 "net/textproto"

16 "net/url"

17 "os"

18 "path/filepath"

19 "reflect"

20 "strings"

21 "testing"

22 "time"

23

24 "golang.org/x/net/html"

25

26 "github.com/mjl-/sherpa"

27

28 "github.com/mjl-/mox/message"

29 "github.com/mjl-/mox/mlog"

30 "github.com/mjl-/mox/mox-"

31 "github.com/mjl-/mox/moxio"

32 "github.com/mjl-/mox/store"

33 "github.com/mjl-/mox/webauth"

34)

35

36var ctxbg = context.Background()

37

38func init() {

39 webauth.BadAuthDelay = 0

40}

41

42func tcheck(t *testing.T, err error, msg string) {

43 t.Helper()

44 if err != nil {

45 t.Fatalf("%s: %s", msg, err)

46 }

47}

48

49func tcompare(t *testing.T, got, exp any) {

50 t.Helper()

51 if !reflect.DeepEqual(got, exp) {

52 t.Fatalf("got %v, expected %v", got, exp)

53 }

54}

55

56type Message struct {

57 From, To, Cc, Bcc, Subject, MessageID string

58 Headers [][2]string

59 Date time.Time

60 References string

61 Part Part

62}

63

64type Part struct {

65 Type string

66 ID string

67 Disposition string

68 TransferEncoding string

69

70 Content string

71 Parts []Part

72

73 boundary string

74}

75

76func (m Message) Marshal(t *testing.T) []byte {

77 if m.Date.IsZero() {

78 m.Date = time.Now()

79 }

80 if m.MessageID == "" {

81 m.MessageID = "<" + mox.MessageIDGen(false) + ">"

82 }

83

84 var b bytes.Buffer

85 header := func(k, v string) {

86 if v == "" {

87 return

88 }

89 _, err := fmt.Fprintf(&b, "%s: %s\r\n", k, v)

90 tcheck(t, err, "write header")

91 }

92

93 header("From", m.From)

94 header("To", m.To)

95 header("Cc", m.Cc)

96 header("Bcc", m.Bcc)

97 header("Subject", m.Subject)

98 header("Message-Id", m.MessageID)

99 header("Date", m.Date.Format(message.RFC5322Z))

100 header("References", m.References)

101 for _, t := range m.Headers {

102 header(t[0], t[1])

103 }

104 header("Mime-Version", "1.0")

105 if len(m.Part.Parts) > 0 {

106 m.Part.boundary = multipart.NewWriter(io.Discard).Boundary()

107 }

108 m.Part.WriteHeader(t, &b)

109 m.Part.WriteBody(t, &b)

110 return b.Bytes()

111}

112

113func (p Part) Header() textproto.MIMEHeader {

114 h := textproto.MIMEHeader{}

115 add := func(k, v string) {

116 if v != "" {

117 h.Add(k, v)

118 }

119 }

120 ct := p.Type

121 if p.boundary != "" {

122 ct += fmt.Sprintf(`; boundary="%s"`, p.boundary)

123 }

124 add("Content-Type", ct)

125 add("Content-Id", p.ID)

126 add("Content-Disposition", p.Disposition)

127 add("Content-Transfer-Encoding", p.TransferEncoding) // todo: ensure if not multipart? probably ensure before calling headre

128 return h

129}

130

131func (p Part) WriteHeader(t *testing.T, w io.Writer) {

132 for k, vl := range p.Header() {

133 for _, v := range vl {

134 _, err := fmt.Fprintf(w, "%s: %s\r\n", k, v)

135 tcheck(t, err, "write header")

136 }

137 }

138 _, err := fmt.Fprint(w, "\r\n")

139 tcheck(t, err, "write line")

140}

141

142func (p Part) WriteBody(t *testing.T, w io.Writer) {

143 if len(p.Parts) == 0 {

144 switch p.TransferEncoding {

145 case "base64":

146 bw := moxio.Base64Writer(w)

147 _, err := bw.Write([]byte(p.Content))

148 tcheck(t, err, "writing base64")

149 err = bw.Close()

150 tcheck(t, err, "closing base64 part")

151 case "":

152 if p.Content == "" {

153 t.Fatalf("cannot write empty part")

154 }

155 if !strings.HasSuffix(p.Content, "\n") {

156 p.Content += "\n"

157 }

158 p.Content = strings.ReplaceAll(p.Content, "\n", "\r\n")

159 _, err := w.Write([]byte(p.Content))

160 tcheck(t, err, "write content")

161 default:

162 t.Fatalf("unknown transfer-encoding %q", p.TransferEncoding)

163 }

164 return

165 }

166

167 mp := multipart.NewWriter(w)

168 mp.SetBoundary(p.boundary)

169 for _, sp := range p.Parts {

170 if len(sp.Parts) > 0 {

171 sp.boundary = multipart.NewWriter(io.Discard).Boundary()

172 }

173 pw, err := mp.CreatePart(sp.Header())

174 tcheck(t, err, "create part")

175 sp.WriteBody(t, pw)

176 }

177 err := mp.Close()

178 tcheck(t, err, "close multipart")

179}

180

181var (

182 msgMinimal = Message{

183 Part: Part{Type: "text/plain", Content: "the body"},

184 }

185 msgText = Message{

186 From: "mjl <mjl@mox.example>",

187 To: "mox <mox@other.example>",

188 Subject: "text message",

189 Part: Part{Type: "text/plain; charset=utf-8", Content: "the body"},

190 }

191 msgHTML = Message{

192 From: "mjl <mjl@mox.example>",

193 To: "mox <mox@other.example>",

194 Subject: "html message",

195 Headers: [][2]string{{"List-Id", "test <list.mox.example>"}},

196 Part: Part{Type: "text/html", Content: `<html>the body <img src="cid:img1@mox.example" /></html>`},

197 }

198 msgAlt = Message{

199 From: "mjl <mjl@mox.example>",

200 To: "mox <mox@other.example>",

201 Subject: "test",

202 MessageID: "<alt@localhost>",

203 Headers: [][2]string{{"In-Reply-To", "<previous@host.example>"}},

204 Part: Part{

205 Type: "multipart/alternative",

206 Parts: []Part{

207 {Type: "text/plain", Content: "the body"},

208 {Type: "text/html; charset=utf-8", Content: `<html>the body <img src="cid:img1@mox.example" /></html>`},

209 },

210 },

211 }

212 msgAltReply = Message{

213 Subject: "Re: test",

214 References: "<alt@localhost>",

215 Part: Part{Type: "text/plain", Content: "reply to alt"},

216 }

217 msgAltRel = Message{

218 From: "mjl <mjl+altrel@mox.example>",

219 To: "mox <mox+altrel@other.example>",

220 Subject: "test with alt and rel",

221 Headers: [][2]string{{"X-Special", "testing"}},

222 Part: Part{

223 Type: "multipart/alternative",

224 Parts: []Part{

225 {Type: "text/plain", Content: "the text body"},

226 {

227 Type: "multipart/related",

228 Parts: []Part{

229 {

230 Type: "text/html; charset=utf-8",

231 Content: `<html>the body <img src="cid:img1@mox.example" /></html>`,

232 },

233 {Type: `image/png`, Disposition: `inline; filename="test1.png"`, ID: "<img1@mox.example>", Content: `PNG...`, TransferEncoding: "base64"},

234 },

235 },

236 },

237 },

238 }

239 msgAttachments = Message{

240 From: "mjl <mjl@mox.example>",

241 To: "mox <mox@other.example>",

242 Subject: "test",

243 Part: Part{

244 Type: "multipart/mixed",

245 Parts: []Part{

246 {Type: "text/plain", Content: "the body"},

247 {Type: "image/png", TransferEncoding: "base64", Content: `PNG...`},

248 {Type: "image/png", TransferEncoding: "base64", Content: `PNG...`},

249 {Type: `image/jpg; name="test.jpg"`, TransferEncoding: "base64", Content: `JPG...`},

250 {Type: `image/jpg`, Disposition: `attachment; filename="test.jpg"`, TransferEncoding: "base64", Content: `JPG...`},

251 },

252 },

253 }

254)

255

256// Import test messages messages.

257type testmsg struct {

258 Mailbox string

259 Flags store.Flags

260 Keywords []string

261 msg Message

262 m store.Message // As delivered.

263 ID int64 // Shortcut for m.ID

264}

265

266func tdeliver(t *testing.T, acc *store.Account, tm *testmsg) {

267 msgFile, err := store.CreateMessageTemp(pkglog, "webmail-test")

268 tcheck(t, err, "create message temp")

269 defer os.Remove(msgFile.Name())

270 defer msgFile.Close()

271 size, err := msgFile.Write(tm.msg.Marshal(t))

272 tcheck(t, err, "write message temp")

273 m := store.Message{

274 Flags: tm.Flags,

275 RcptToLocalpart: "mox",

276 RcptToDomain: "other.example",

277 MsgFromLocalpart: "mjl",

278 MsgFromDomain: "mox.example",

279 DKIMDomains: []string{"mox.example"},

280 Keywords: tm.Keywords,

281 Size: int64(size),

282 }

283 err = acc.DeliverMailbox(pkglog, tm.Mailbox, &m, msgFile)

284 tcheck(t, err, "deliver test message")

285 err = msgFile.Close()

286 tcheck(t, err, "closing test message")

287 tm.m = m

288 tm.ID = m.ID

289}

290

291func readBody(r io.Reader) string {

292 buf, err := io.ReadAll(r)

293 if err != nil {

294 return fmt.Sprintf("read error: %s", err)

295 }

296 return fmt.Sprintf("data: %q", buf)

297}

298

299// Test scenario with an account with some mailboxes, messages, then make all

300// kinds of changes and we check if we get the right events.

301// todo: check more of the results, we currently mostly check http statuses,

302// not the returned content.

303func TestWebmail(t *testing.T) {

304 mox.LimitersInit()

305 os.RemoveAll("../testdata/webmail/data")

306 mox.Context = ctxbg

307 mox.ConfigStaticPath = filepath.FromSlash("../testdata/webmail/mox.conf")

308 mox.MustLoadConfig(true, false)

309 defer store.Switchboard()()

310 err := store.Init(ctxbg)

311 tcheck(t, err, "store init")

312 defer func() {

313 err := store.Close()

314 tcheck(t, err, "store close")

315 }()

316

317 log := mlog.New("webmail", nil)

318 acc, err := store.OpenAccount(pkglog, "mjl", false)

319 tcheck(t, err, "open account")

320 err = acc.SetPassword(pkglog, "test1234")

321 tcheck(t, err, "set password")

322 defer func() {

323 err := acc.Close()

324 pkglog.Check(err, "closing account")

325 acc.CheckClosed()

326 }()

327

328 api := Webmail{maxMessageSize: 1024 * 1024, cookiePath: "/webmail/"}

329 apiHandler, err := makeSherpaHandler(api.maxMessageSize, api.cookiePath, false)

330 tcheck(t, err, "sherpa handler")

331

332 respRec := httptest.NewRecorder()

333 reqInfo := requestInfo{log, "", nil, "", respRec, &http.Request{RemoteAddr: "127.0.0.1:1234"}}

334 ctx := context.WithValue(ctxbg, requestInfoCtxKey, reqInfo)

335

336 // Prepare loginToken.

337 loginCookie := &http.Cookie{Name: "webmaillogin"}

338 loginCookie.Value = api.LoginPrep(ctx)

339 reqInfo.Request.Header = http.Header{"Cookie": []string{loginCookie.String()}}

340

341 csrfToken := api.Login(ctx, loginCookie.Value, "mjl@mox.example", "test1234")

342 var sessionCookie *http.Cookie

343 for _, c := range respRec.Result().Cookies() {

344 if c.Name == "webmailsession" {

345 sessionCookie = c

346 break

347 }

348 }

349 if sessionCookie == nil {

350 t.Fatalf("missing session cookie")

351 }

352

353 reqInfo = requestInfo{log, "mjl@mox.example", acc, "", respRec, &http.Request{RemoteAddr: "127.0.0.1:1234"}}

354 ctx = context.WithValue(ctxbg, requestInfoCtxKey, reqInfo)

355

356 tneedError(t, func() { api.MailboxCreate(ctx, "Inbox") }) // Cannot create inbox.

357 tneedError(t, func() { api.MailboxCreate(ctx, "Archive") }) // Already exists.

358 api.MailboxCreate(ctx, "Testbox1")

359 api.MailboxCreate(ctx, "Lists/Go/Nuts") // Creates hierarchy.

360

361 var zerom store.Message

362 var (

363 inboxMinimal = &testmsg{"Inbox", store.Flags{}, nil, msgMinimal, zerom, 0}

364 inboxText = &testmsg{"Inbox", store.Flags{}, nil, msgText, zerom, 0}

365 inboxHTML = &testmsg{"Inbox", store.Flags{}, nil, msgHTML, zerom, 0}

366 inboxAlt = &testmsg{"Inbox", store.Flags{}, nil, msgAlt, zerom, 0}

367 inboxAltRel = &testmsg{"Inbox", store.Flags{}, nil, msgAltRel, zerom, 0}

368 inboxAttachments = &testmsg{"Inbox", store.Flags{}, nil, msgAttachments, zerom, 0}

369 testbox1Alt = &testmsg{"Testbox1", store.Flags{}, nil, msgAlt, zerom, 0}

370 rejectsMinimal = &testmsg{"Rejects", store.Flags{Junk: true}, nil, msgMinimal, zerom, 0}

371 )

372 var testmsgs = []*testmsg{inboxMinimal, inboxText, inboxHTML, inboxAlt, inboxAltRel, inboxAttachments, testbox1Alt, rejectsMinimal}

373

374 for _, tm := range testmsgs {

375 tdeliver(t, acc, tm)

376 }

377

378 type httpHeaders [][2]string

379 ctHTML := [2]string{"Content-Type", "text/html; charset=utf-8"}

380 ctText := [2]string{"Content-Type", "text/plain; charset=utf-8"}

381 ctTextNoCharset := [2]string{"Content-Type", "text/plain"}

382 ctJS := [2]string{"Content-Type", "application/javascript; charset=utf-8"}

383 ctJSON := [2]string{"Content-Type", "application/json; charset=utf-8"}

384

385 cookieOK := &http.Cookie{Name: "webmailsession", Value: sessionCookie.Value}

386 cookieBad := &http.Cookie{Name: "webmailsession", Value: "AAAAAAAAAAAAAAAAAAAAAA mjl"}

387 hdrSessionOK := [2]string{"Cookie", cookieOK.String()}

388 hdrSessionBad := [2]string{"Cookie", cookieBad.String()}

389 hdrCSRFOK := [2]string{"x-mox-csrf", string(csrfToken)}

390 hdrCSRFBad := [2]string{"x-mox-csrf", "AAAAAAAAAAAAAAAAAAAAAA"}

391

392 testHTTP := func(method, path string, headers httpHeaders, expStatusCode int, expHeaders httpHeaders, check func(resp *http.Response)) {

393 t.Helper()

394

395 req := httptest.NewRequest(method, path, nil)

396 for _, kv := range headers {

397 req.Header.Add(kv[0], kv[1])

398 }

399 rr := httptest.NewRecorder()

400 rr.Body = &bytes.Buffer{}

401 handle(apiHandler, false, "", rr, req)

402 if rr.Code != expStatusCode {

403 t.Fatalf("got status %d, expected %d (%s)", rr.Code, expStatusCode, readBody(rr.Body))

404 }

405

406 resp := rr.Result()

407 for _, h := range expHeaders {

408 if resp.Header.Get(h[0]) != h[1] {

409 t.Fatalf("for header %q got value %q, expected %q", h[0], resp.Header.Get(h[0]), h[1])

410 }

411 }

412

413 if check != nil {

414 check(resp)

415 }

416 }

417 testHTTPAuthAPI := func(method, path string, expStatusCode int, expHeaders httpHeaders, check func(resp *http.Response)) {

418 t.Helper()

419 testHTTP(method, path, httpHeaders{hdrCSRFOK, hdrSessionOK}, expStatusCode, expHeaders, check)

420 }

421 testHTTPAuthREST := func(method, path string, expStatusCode int, expHeaders httpHeaders, check func(resp *http.Response)) {

422 t.Helper()

423 testHTTP(method, path, httpHeaders{hdrSessionOK}, expStatusCode, expHeaders, check)

424 }

425

426 userAuthError := func(resp *http.Response, expCode string) {

427 t.Helper()

428

429 var response struct {

430 Error *sherpa.Error `json:"error"`

431 }

432 err := json.NewDecoder(resp.Body).Decode(&response)

433 tcheck(t, err, "parsing response as json")

434 if response.Error == nil {

435 t.Fatalf("expected sherpa error with code %s, no error", expCode)

436 }

437 if response.Error.Code != expCode {

438 t.Fatalf("got sherpa error code %q, expected %s", response.Error.Code, expCode)

439 }

440 }

441 badAuth := func(resp *http.Response) {

442 t.Helper()

443 userAuthError(resp, "user:badAuth")

444 }

445 noAuth := func(resp *http.Response) {

446 t.Helper()

447 userAuthError(resp, "user:noAuth")

448 }

449

450 // HTTP webmail

451 testHTTP("GET", "/", httpHeaders{}, http.StatusOK, nil, nil)

452 testHTTP("POST", "/", httpHeaders{}, http.StatusMethodNotAllowed, nil, nil)

453 testHTTP("GET", "/", httpHeaders{[2]string{"Accept-Encoding", "gzip"}}, http.StatusOK, httpHeaders{ctHTML, [2]string{"Content-Encoding", "gzip"}}, nil)

454 testHTTP("GET", "/msg.js", httpHeaders{}, http.StatusOK, httpHeaders{ctJS}, nil)

455 testHTTP("POST", "/msg.js", httpHeaders{}, http.StatusMethodNotAllowed, nil, nil)

456 testHTTP("GET", "/text.js", httpHeaders{}, http.StatusOK, httpHeaders{ctJS}, nil)

457 testHTTP("POST", "/text.js", httpHeaders{}, http.StatusMethodNotAllowed, nil, nil)

458

459 testHTTP("POST", "/api/Bogus", httpHeaders{}, http.StatusOK, nil, noAuth)

460 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFBad}, http.StatusOK, nil, noAuth)

461 testHTTP("POST", "/api/Bogus", httpHeaders{hdrSessionBad}, http.StatusOK, nil, noAuth)

462 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFBad, hdrSessionBad}, http.StatusOK, nil, badAuth)

463 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFOK}, http.StatusOK, nil, noAuth)

464 testHTTP("POST", "/api/Bogus", httpHeaders{hdrSessionOK}, http.StatusOK, nil, noAuth)

465 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFBad, hdrSessionOK}, http.StatusOK, nil, badAuth)

466 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFOK, hdrSessionBad}, http.StatusOK, nil, badAuth)

467 testHTTPAuthAPI("GET", "/api/Bogus", http.StatusMethodNotAllowed, nil, nil)

468 testHTTPAuthAPI("POST", "/api/Bogus", http.StatusNotFound, nil, nil)

469 testHTTPAuthAPI("POST", "/api/SSETypes", http.StatusOK, httpHeaders{ctJSON}, nil)

470

471 // Unknown.

472 testHTTP("GET", "/other", httpHeaders{}, http.StatusForbidden, nil, nil)

473

474 // Export.

475 testHTTP("GET", "/export", httpHeaders{}, http.StatusForbidden, nil, nil)

476 testHTTP("GET", "/export", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

477 testHTTP("GET", "/export", httpHeaders{hdrSessionOK}, http.StatusForbidden, nil, nil)

478

479 testExport := func(format, archive, mailbox string, recursive bool, expectFiles int) {

480 t.Helper()

481

482 fields := url.Values{

483 "csrf": []string{string(csrfToken)},

484 "format": []string{format},

485 "archive": []string{archive},

486 "mailbox": []string{mailbox},

487 }

488 if recursive {

489 fields.Add("recursive", "on")

490 }

491 r := httptest.NewRequest("POST", "/export", strings.NewReader(fields.Encode()))

492 r.Header.Set("Content-Type", "application/x-www-form-urlencoded")

493 r.Header.Add("Cookie", cookieOK.String())

494 w := httptest.NewRecorder()

495 handle(apiHandler, false, "", w, r)

496 if w.Code != http.StatusOK {

497 t.Fatalf("export, got status code %d, expected 200: %s", w.Code, w.Body.Bytes())

498 }

499 var count int

500 if archive == "zip" {

501 buf := w.Body.Bytes()

502 zr, err := zip.NewReader(bytes.NewReader(buf), int64(len(buf)))

503 tcheck(t, err, "reading zip")

504 for _, f := range zr.File {

505 if !strings.HasSuffix(f.Name, "/") {

506 count++

507 }

508 }

509 } else {

510 var src io.Reader = w.Body

511 if archive == "tgz" {

512 gzr, err := gzip.NewReader(src)

513 tcheck(t, err, "gzip reader")

514 src = gzr

515 }

516 tr := tar.NewReader(src)

517 for {

518 h, err := tr.Next()

519 if err == io.EOF {

520 break

521 }

522 tcheck(t, err, "next file in tar")

523 if !strings.HasSuffix(h.Name, "/") {

524 count++

525 }

526 _, err = io.Copy(io.Discard, tr)

527 tcheck(t, err, "reading from tar")

528 }

529 }

530 if count != expectFiles {

531 t.Fatalf("export, has %d files, expected %d", count, expectFiles)

532 }

533 }

534

535 testExport("maildir", "tgz", "", true, 8+1) // 8 messages, 1 flags file

536 testExport("maildir", "zip", "", true, 8+1)

537 testExport("mbox", "tar", "", true, 6+5) // 6 default mailboxes, 5 created

538 testExport("mbox", "zip", "", true, 6+5)

539 testExport("mbox", "zip", "Lists", true, 3)

540 testExport("mbox", "zip", "Lists", false, 1)

541

542 // HTTP message, generic

543 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), nil, http.StatusForbidden, nil, nil)

544 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), httpHeaders{hdrCSRFBad}, http.StatusForbidden, nil, nil)

545 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), httpHeaders{hdrCSRFOK}, http.StatusForbidden, nil, nil)

546 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

547 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/attachments.zip", 0), http.StatusNotFound, nil, nil)

548 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/attachments.zip", testmsgs[len(testmsgs)-1].ID+1), http.StatusNotFound, nil, nil)

549 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/bogus", inboxMinimal.ID), http.StatusNotFound, nil, nil)

550 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/view/bogus", inboxMinimal.ID), http.StatusNotFound, nil, nil)

551 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/bogus/0", inboxMinimal.ID), http.StatusNotFound, nil, nil)

552 testHTTPAuthREST("GET", "/msg/", http.StatusNotFound, nil, nil)

553 testHTTPAuthREST("POST", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), http.StatusMethodNotAllowed, nil, nil)

554

555 // HTTP message: attachments.zip

556 ctZip := [2]string{"Content-Type", "application/zip"}

557 checkZip := func(resp *http.Response, fileContents [][2]string) {

558 t.Helper()

559 zipbuf, err := io.ReadAll(resp.Body)

560 tcheck(t, err, "reading response")

561 zr, err := zip.NewReader(bytes.NewReader(zipbuf), int64(len(zipbuf)))

562 tcheck(t, err, "open zip")

563 if len(fileContents) != len(zr.File) {

564 t.Fatalf("zip file has %d files, expected %d", len(fileContents), len(zr.File))

565 }

566 for i, fc := range fileContents {

567 if zr.File[i].Name != fc[0] {

568 t.Fatalf("zip, file at index %d is named %q, expected %q", i, zr.File[i].Name, fc[0])

569 }

570 f, err := zr.File[i].Open()

571 tcheck(t, err, "open file in zip")

572 buf, err := io.ReadAll(f)

573 tcheck(t, err, "read file in zip")

574 tcompare(t, string(buf), fc[1])

575 err = f.Close()

576 tcheck(t, err, "closing file")

577 }

578 }

579

580 pathInboxMinimal := fmt.Sprintf("/msg/%d", inboxMinimal.ID)

581 testHTTP("GET", pathInboxMinimal+"/attachments.zip", httpHeaders{}, http.StatusForbidden, nil, nil)

582 testHTTP("GET", pathInboxMinimal+"/attachments.zip", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

583

584 testHTTPAuthREST("GET", pathInboxMinimal+"/attachments.zip", http.StatusOK, httpHeaders{ctZip}, func(resp *http.Response) {

585 checkZip(resp, nil)

586 })

587 pathInboxRelAlt := fmt.Sprintf("/msg/%d", inboxAltRel.ID)

588 testHTTPAuthREST("GET", pathInboxRelAlt+"/attachments.zip", http.StatusOK, httpHeaders{ctZip}, func(resp *http.Response) {

589 checkZip(resp, [][2]string{{"test1.png", "PNG..."}})

590 })

591 pathInboxAttachments := fmt.Sprintf("/msg/%d", inboxAttachments.ID)

592 testHTTPAuthREST("GET", pathInboxAttachments+"/attachments.zip", http.StatusOK, httpHeaders{ctZip}, func(resp *http.Response) {

593 checkZip(resp, [][2]string{{"attachment-1.png", "PNG..."}, {"attachment-2.png", "PNG..."}, {"test.jpg", "JPG..."}, {"test-1.jpg", "JPG..."}})

594 })

595

596 // HTTP message: raw

597 pathInboxAltRel := fmt.Sprintf("/msg/%d", inboxAltRel.ID)

598 pathInboxText := fmt.Sprintf("/msg/%d", inboxText.ID)

599 testHTTP("GET", pathInboxAltRel+"/raw", httpHeaders{}, http.StatusForbidden, nil, nil)

600 testHTTP("GET", pathInboxAltRel+"/raw", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

601 testHTTPAuthREST("GET", pathInboxAltRel+"/raw", http.StatusOK, httpHeaders{ctTextNoCharset}, nil)

602 testHTTPAuthREST("GET", pathInboxText+"/raw", http.StatusOK, httpHeaders{ctText}, nil)

603

604 // HTTP message: parsedmessage.js

605 testHTTP("GET", pathInboxMinimal+"/parsedmessage.js", httpHeaders{}, http.StatusForbidden, nil, nil)

606 testHTTP("GET", pathInboxMinimal+"/parsedmessage.js", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

607 testHTTPAuthREST("GET", pathInboxMinimal+"/parsedmessage.js", http.StatusOK, httpHeaders{ctJS}, nil)

608

609 mox.LimitersInit()

610 // HTTP message: text,html,htmlexternal and msgtext,msghtml,msghtmlexternal

611 for _, elem := range []string{"text", "html", "htmlexternal", "msgtext", "msghtml", "msghtmlexternal"} {

612 testHTTP("GET", pathInboxAltRel+"/"+elem, httpHeaders{}, http.StatusForbidden, nil, nil)

613 testHTTP("GET", pathInboxAltRel+"/"+elem, httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

614 mox.LimitersInit() // Reset, for too many failures.

615 }

616

617 // The text endpoint serves JS that we generated, so should be safe, but still doesn't hurt to have a CSP.

618 cspText := [2]string{

619 "Content-Security-Policy",

620 "frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

621 }

622 // Text and img-src 'self', for viewing image files inline.

623 cspTextImg := [2]string{

624 "Content-Security-Policy",

625 "frame-ancestors 'self'; default-src 'none'; img-src data: 'self'; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

626 }

627 // HTML as viewed in the regular viewer, not in a new tab.

628 cspHTML := [2]string{

629 "Content-Security-Policy",

630 "sandbox allow-popups allow-popups-to-escape-sandbox; frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'",

631 }

632 // HTML when in separate message tab, needs allow-same-origin for iframe inner height.

633 cspHTMLSameOrigin := [2]string{

634 "Content-Security-Policy",

635 "sandbox allow-popups allow-popups-to-escape-sandbox allow-same-origin; frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'",

636 }

637 // Like cspHTML, but allows http and https resources.

638 cspHTMLExternal := [2]string{

639 "Content-Security-Policy",

640 "sandbox allow-popups allow-popups-to-escape-sandbox; frame-ancestors 'self'; default-src 'none'; img-src data: http: https: 'unsafe-inline'; style-src 'unsafe-inline' data: http: https:; font-src data: http: https: 'unsafe-inline'; media-src 'unsafe-inline' data: http: https:",

641 }

642 // HTML with external resources when opened in separate tab, with allow-same-origin for iframe inner height.

643 cspHTMLExternalSameOrigin := [2]string{

644 "Content-Security-Policy",

645 "sandbox allow-popups allow-popups-to-escape-sandbox allow-same-origin; frame-ancestors 'self'; default-src 'none'; img-src data: http: https: 'unsafe-inline'; style-src 'unsafe-inline' data: http: https:; font-src data: http: https: 'unsafe-inline'; media-src 'unsafe-inline' data: http: https:",

646 }

647 // Msg page, our JS, that loads an html iframe, already blocks access for the iframe.

648 cspMsgHTML := [2]string{

649 "Content-Security-Policy",

650 "frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

651 }

652 // Msg page that already allows external resources for the iframe.

653 cspMsgHTMLExternal := [2]string{

654 "Content-Security-Policy",

655 "frame-ancestors 'self'; default-src 'none'; img-src data: http: https: 'unsafe-inline'; style-src 'unsafe-inline' data: http: https:; font-src data: http: https: 'unsafe-inline'; media-src 'unsafe-inline' data: http: https:; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

656 }

657 testHTTPAuthREST("GET", pathInboxAltRel+"/text", http.StatusOK, httpHeaders{ctHTML, cspTextImg}, nil)

658 testHTTPAuthREST("GET", pathInboxAltRel+"/html", http.StatusOK, httpHeaders{ctHTML, cspHTML}, nil)

659 testHTTPAuthREST("GET", pathInboxAltRel+"/htmlexternal", http.StatusOK, httpHeaders{ctHTML, cspHTMLExternal}, nil)

660 testHTTPAuthREST("GET", pathInboxAltRel+"/msgtext", http.StatusOK, httpHeaders{ctHTML, cspText}, nil)

661 testHTTPAuthREST("GET", pathInboxAltRel+"/msghtml", http.StatusOK, httpHeaders{ctHTML, cspMsgHTML}, nil)

662 testHTTPAuthREST("GET", pathInboxAltRel+"/msghtmlexternal", http.StatusOK, httpHeaders{ctHTML, cspMsgHTMLExternal}, nil)

663

664 testHTTPAuthREST("GET", pathInboxAltRel+"/html?sameorigin=true", http.StatusOK, httpHeaders{ctHTML, cspHTMLSameOrigin}, nil)

665 testHTTPAuthREST("GET", pathInboxAltRel+"/htmlexternal?sameorigin=true", http.StatusOK, httpHeaders{ctHTML, cspHTMLExternalSameOrigin}, nil)

666

667 // No HTML part.

668 for _, elem := range []string{"html", "htmlexternal", "msghtml", "msghtmlexternal"} {

669 testHTTPAuthREST("GET", pathInboxText+"/"+elem, http.StatusBadRequest, nil, nil)

670

671 }

672 // No text part.

673 pathInboxHTML := fmt.Sprintf("/msg/%d", inboxHTML.ID)

674 for _, elem := range []string{"text", "msgtext"} {

675 testHTTPAuthREST("GET", pathInboxHTML+"/"+elem, http.StatusBadRequest, nil, nil)

676 }

677

678 // HTTP message part: view,viewtext,download

679 for _, elem := range []string{"view", "viewtext", "download"} {

680 testHTTP("GET", pathInboxAltRel+"/"+elem+"/0", httpHeaders{}, http.StatusForbidden, nil, nil)

681 testHTTP("GET", pathInboxAltRel+"/"+elem+"/0", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

682 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0", http.StatusOK, nil, nil)

683 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0.0", http.StatusOK, nil, nil)

684 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0.1", http.StatusOK, nil, nil)

685 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0.2", http.StatusNotFound, nil, nil)

686 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/1", http.StatusNotFound, nil, nil)

687 }

688

689 // Logout invalidates the session. Must work exactly once.

690 // Normally the generic /api/ auth check returns a user error. We bypass it and

691 // check for the server error.

692 sessionToken := store.SessionToken(strings.SplitN(sessionCookie.Value, " ", 2)[0])

693 reqInfo = requestInfo{log, "mjl@mox.example", acc, sessionToken, httptest.NewRecorder(), &http.Request{RemoteAddr: "127.0.0.1:1234"}}

694 ctx = context.WithValue(ctxbg, requestInfoCtxKey, reqInfo)

695 api.Logout(ctx)

696 tneedErrorCode(t, "server:error", func() { api.Logout(ctx) })

697}

698

699func TestSanitize(t *testing.T) {

700 check := func(s string, exp string) {

701 t.Helper()

702 n, err := html.Parse(strings.NewReader(s))

703 tcheck(t, err, "parsing html")

704 sanitizeNode(n)

705 var sb strings.Builder

706 err = html.Render(&sb, n)

707 tcheck(t, err, "writing html")

708 if sb.String() != exp {

709 t.Fatalf("sanitizing html: %s\ngot: %s\nexpected: %s", s, sb.String(), exp)

710 }

711 }

712

713 check(``,

714 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body></body></html>`)

715 check(`<script>read localstorage</script>`,

716 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body></body></html>`)

717 check(`<a href="javascript:evil">click me</a>`,

718 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

719 check(`<a href="https://badsite" target="top">click me</a>`,

720 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a href="https://badsite" target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

721 check(`<a xlink:href="https://badsite">click me</a>`,

722 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a xlink:href="https://badsite" target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

723 check(`<a onclick="evil">click me</a>`,

724 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

725 check(`<iframe src="data:text/html;base64,evilhtml"></iframe>`,

726 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><iframe></iframe></body></html>`)

727}

728