1package webmail

2

3import (

4 "archive/tar"

5 "archive/zip"

6 "bytes"

7 "compress/gzip"

8 "context"

9 "encoding/json"

10 "fmt"

11 "io"

12 "mime/multipart"

13 "net/http"

14 "net/http/httptest"

15 "net/textproto"

16 "net/url"

17 "os"

18 "path/filepath"

19 "reflect"

20 "strings"

21 "testing"

22 "time"

23

24 "golang.org/x/net/html"

25

26 "github.com/mjl-/sherpa"

27

28 "github.com/mjl-/mox/message"

29 "github.com/mjl-/mox/mlog"

30 "github.com/mjl-/mox/mox-"

31 "github.com/mjl-/mox/moxio"

32 "github.com/mjl-/mox/store"

33 "github.com/mjl-/mox/webauth"

34)

35

36var ctxbg = context.Background()

37

38func init() {

39 webauth.BadAuthDelay = 0

40}

41

42func tcheck(t *testing.T, err error, msg string) {

43 t.Helper()

44 if err != nil {

45 t.Fatalf("%s: %s", msg, err)

46 }

47}

48

49func tcompare(t *testing.T, got, exp any) {

50 t.Helper()

51 if !reflect.DeepEqual(got, exp) {

52 t.Fatalf("got %v, expected %v", got, exp)

53 }

54}

55

56type Message struct {

57 From, To, Cc, Bcc, Subject, MessageID string

58 Headers [][2]string

59 Date time.Time

60 References string

61 Part Part

62}

63

64type Part struct {

65 Type string

66 ID string

67 Disposition string

68 TransferEncoding string

69

70 Content string

71 Parts []Part

72

73 boundary string

74}

75

76func (m Message) Marshal(t *testing.T) []byte {

77 if m.Date.IsZero() {

78 m.Date = time.Now()

79 }

80 if m.MessageID == "" {

81 m.MessageID = "<" + mox.MessageIDGen(false) + ">"

82 }

83

84 var b bytes.Buffer

85 header := func(k, v string) {

86 if v == "" {

87 return

88 }

89 _, err := fmt.Fprintf(&b, "%s: %s\r\n", k, v)

90 tcheck(t, err, "write header")

91 }

92

93 header("From", m.From)

94 header("To", m.To)

95 header("Cc", m.Cc)

96 header("Bcc", m.Bcc)

97 header("Subject", m.Subject)

98 header("Message-Id", m.MessageID)

99 header("Date", m.Date.Format(message.RFC5322Z))

100 header("References", m.References)

101 for _, t := range m.Headers {

102 header(t[0], t[1])

103 }

104 header("Mime-Version", "1.0")

105 if len(m.Part.Parts) > 0 {

106 m.Part.boundary = multipart.NewWriter(io.Discard).Boundary()

107 }

108 m.Part.WriteHeader(t, &b)

109 m.Part.WriteBody(t, &b)

110 return b.Bytes()

111}

112

113func (p Part) Header() textproto.MIMEHeader {

114 h := textproto.MIMEHeader{}

115 add := func(k, v string) {

116 if v != "" {

117 h.Add(k, v)

118 }

119 }

120 ct := p.Type

121 if p.boundary != "" {

122 ct += fmt.Sprintf(`; boundary="%s"`, p.boundary)

123 }

124 add("Content-Type", ct)

125 add("Content-Id", p.ID)

126 add("Content-Disposition", p.Disposition)

127 add("Content-Transfer-Encoding", p.TransferEncoding) // todo: ensure if not multipart? probably ensure before calling headre

128 return h

129}

130

131func (p Part) WriteHeader(t *testing.T, w io.Writer) {

132 for k, vl := range p.Header() {

133 for _, v := range vl {

134 _, err := fmt.Fprintf(w, "%s: %s\r\n", k, v)

135 tcheck(t, err, "write header")

136 }

137 }

138 _, err := fmt.Fprint(w, "\r\n")

139 tcheck(t, err, "write line")

140}

141

142func (p Part) WriteBody(t *testing.T, w io.Writer) {

143 if len(p.Parts) == 0 {

144 switch p.TransferEncoding {

145 case "base64":

146 bw := moxio.Base64Writer(w)

147 _, err := bw.Write([]byte(p.Content))

148 tcheck(t, err, "writing base64")

149 err = bw.Close()

150 tcheck(t, err, "closing base64 part")

151 case "":

152 if p.Content == "" {

153 t.Fatalf("cannot write empty part")

154 }

155 if !strings.HasSuffix(p.Content, "\n") {

156 p.Content += "\n"

157 }

158 p.Content = strings.ReplaceAll(p.Content, "\n", "\r\n")

159 _, err := w.Write([]byte(p.Content))

160 tcheck(t, err, "write content")

161 default:

162 t.Fatalf("unknown transfer-encoding %q", p.TransferEncoding)

163 }

164 return

165 }

166

167 mp := multipart.NewWriter(w)

168 mp.SetBoundary(p.boundary)

169 for _, sp := range p.Parts {

170 if len(sp.Parts) > 0 {

171 sp.boundary = multipart.NewWriter(io.Discard).Boundary()

172 }

173 pw, err := mp.CreatePart(sp.Header())

174 tcheck(t, err, "create part")

175 sp.WriteBody(t, pw)

176 }

177 err := mp.Close()

178 tcheck(t, err, "close multipart")

179}

180

181var (

182 msgMinimal = Message{

183 Part: Part{Type: "text/plain", Content: "the body"},

184 }

185 msgText = Message{

186 From: "mjl <mjl@mox.example>",

187 To: "mox <mox@other.example>",

188 Subject: "text message",

189 Part: Part{Type: "text/plain; charset=utf-8", Content: "the body"},

190 }

191 msgHTML = Message{

192 From: "mjl <mjl@mox.example>",

193 To: "mox <mox@other.example>",

194 Subject: "html message",

195 Headers: [][2]string{{"List-Id", "test <list.mox.example>"}},

196 Part: Part{Type: "text/html", Content: `<html>the body <img src="cid:img1@mox.example" /></html>`},

197 }

198 msgAlt = Message{

199 From: "mjl <mjl@mox.example>",

200 To: "mox <mox@other.example>",

201 Subject: "test",

202 MessageID: "<alt@localhost>",

203 Headers: [][2]string{{"In-Reply-To", "<previous@host.example>"}},

204 Part: Part{

205 Type: "multipart/alternative",

206 Parts: []Part{

207 {Type: "text/plain", Content: "the body"},

208 {Type: "text/html; charset=utf-8", Content: `<html>the body <img src="cid:img1@mox.example" /></html>`},

209 },

210 },

211 }

212 msgAltReply = Message{

213 Subject: "Re: test",

214 References: "<alt@localhost>",

215 Part: Part{Type: "text/plain", Content: "reply to alt"},

216 }

217 msgAltRel = Message{

218 From: "mjl <mjl+altrel@mox.example>",

219 To: "mox <mox+altrel@other.example>",

220 Subject: "test with alt and rel",

221 Headers: [][2]string{{"X-Special", "testing"}},

222 Part: Part{

223 Type: "multipart/alternative",

224 Parts: []Part{

225 {Type: "text/plain", Content: "the text body"},

226 {

227 Type: "multipart/related",

228 Parts: []Part{

229 {

230 Type: "text/html; charset=utf-8",

231 Content: `<html>the body <img src="cid:img1@mox.example" /></html>`,

232 },

233 {Type: `image/png`, Disposition: `inline; filename="test1.png"`, ID: "<img1@mox.example>", Content: `PNG...`, TransferEncoding: "base64"},

234 },

235 },

236 },

237 },

238 }

239 msgAttachments = Message{

240 From: "mjl <mjl@mox.example>",

241 To: "mox <mox@other.example>",

242 Subject: "test",

243 Part: Part{

244 Type: "multipart/mixed",

245 Parts: []Part{

246 {Type: "text/plain", Content: "the body"},

247 {Type: "image/png", TransferEncoding: "base64", Content: `PNG...`},

248 {Type: "image/png", TransferEncoding: "base64", Content: `PNG...`},

249 {Type: `image/jpg; name="test.jpg"`, TransferEncoding: "base64", Content: `JPG...`},

250 {Type: `image/jpg`, Disposition: `attachment; filename="test.jpg"`, TransferEncoding: "base64", Content: `JPG...`},

251 },

252 },

253 }

254)

255

256// Import test messages messages.

257type testmsg struct {

258 Mailbox string

259 Flags store.Flags

260 Keywords []string

261 msg Message

262 m store.Message // As delivered.

263 ID int64 // Shortcut for m.ID

264}

265

266func tdeliver(t *testing.T, acc *store.Account, tm *testmsg) {

267 msgFile, err := store.CreateMessageTemp(pkglog, "webmail-test")

268 tcheck(t, err, "create message temp")

269 defer os.Remove(msgFile.Name())

270 defer msgFile.Close()

271 size, err := msgFile.Write(tm.msg.Marshal(t))

272 tcheck(t, err, "write message temp")

273 m := store.Message{

274 Flags: tm.Flags,

275 RcptToLocalpart: "mox",

276 RcptToDomain: "other.example",

277 MsgFromLocalpart: "mjl",

278 MsgFromDomain: "mox.example",

279 DKIMDomains: []string{"mox.example"},

280 Keywords: tm.Keywords,

281 Size: int64(size),

282 }

283 err = acc.DeliverMailbox(pkglog, tm.Mailbox, &m, msgFile)

284 tcheck(t, err, "deliver test message")

285 err = msgFile.Close()

286 tcheck(t, err, "closing test message")

287 tm.m = m

288 tm.ID = m.ID

289}

290

291func readBody(r io.Reader) string {

292 buf, err := io.ReadAll(r)

293 if err != nil {

294 return fmt.Sprintf("read error: %s", err)

295 }

296 return fmt.Sprintf("data: %q", buf)

297}

298

299// Test scenario with an account with some mailboxes, messages, then make all

300// kinds of changes and we check if we get the right events.

301// todo: check more of the results, we currently mostly check http statuses,

302// not the returned content.

303func TestWebmail(t *testing.T) {

304 mox.LimitersInit()

305 os.RemoveAll("../testdata/webmail/data")

306 mox.Context = ctxbg

307 mox.ConfigStaticPath = filepath.FromSlash("../testdata/webmail/mox.conf")

308 mox.MustLoadConfig(true, false)

309 defer store.Switchboard()()

310

311 log := mlog.New("webmail", nil)

312 acc, err := store.OpenAccount(pkglog, "mjl")

313 tcheck(t, err, "open account")

314 err = acc.SetPassword(pkglog, "test1234")

315 tcheck(t, err, "set password")

316 defer func() {

317 err := acc.Close()

318 pkglog.Check(err, "closing account")

319 acc.CheckClosed()

320 }()

321

322 api := Webmail{maxMessageSize: 1024 * 1024, cookiePath: "/webmail/"}

323 apiHandler, err := makeSherpaHandler(api.maxMessageSize, api.cookiePath, false)

324 tcheck(t, err, "sherpa handler")

325

326 respRec := httptest.NewRecorder()

327 reqInfo := requestInfo{log, "", nil, "", respRec, &http.Request{RemoteAddr: "127.0.0.1:1234"}}

328 ctx := context.WithValue(ctxbg, requestInfoCtxKey, reqInfo)

329

330 // Prepare loginToken.

331 loginCookie := &http.Cookie{Name: "webmaillogin"}

332 loginCookie.Value = api.LoginPrep(ctx)

333 reqInfo.Request.Header = http.Header{"Cookie": []string{loginCookie.String()}}

334

335 csrfToken := api.Login(ctx, loginCookie.Value, "mjl@mox.example", "test1234")

336 var sessionCookie *http.Cookie

337 for _, c := range respRec.Result().Cookies() {

338 if c.Name == "webmailsession" {

339 sessionCookie = c

340 break

341 }

342 }

343 if sessionCookie == nil {

344 t.Fatalf("missing session cookie")

345 }

346

347 reqInfo = requestInfo{log, "mjl@mox.example", acc, "", respRec, &http.Request{RemoteAddr: "127.0.0.1:1234"}}

348 ctx = context.WithValue(ctxbg, requestInfoCtxKey, reqInfo)

349

350 tneedError(t, func() { api.MailboxCreate(ctx, "Inbox") }) // Cannot create inbox.

351 tneedError(t, func() { api.MailboxCreate(ctx, "Archive") }) // Already exists.

352 api.MailboxCreate(ctx, "Testbox1")

353 api.MailboxCreate(ctx, "Lists/Go/Nuts") // Creates hierarchy.

354

355 var zerom store.Message

356 var (

357 inboxMinimal = &testmsg{"Inbox", store.Flags{}, nil, msgMinimal, zerom, 0}

358 inboxText = &testmsg{"Inbox", store.Flags{}, nil, msgText, zerom, 0}

359 inboxHTML = &testmsg{"Inbox", store.Flags{}, nil, msgHTML, zerom, 0}

360 inboxAlt = &testmsg{"Inbox", store.Flags{}, nil, msgAlt, zerom, 0}

361 inboxAltRel = &testmsg{"Inbox", store.Flags{}, nil, msgAltRel, zerom, 0}

362 inboxAttachments = &testmsg{"Inbox", store.Flags{}, nil, msgAttachments, zerom, 0}

363 testbox1Alt = &testmsg{"Testbox1", store.Flags{}, nil, msgAlt, zerom, 0}

364 rejectsMinimal = &testmsg{"Rejects", store.Flags{Junk: true}, nil, msgMinimal, zerom, 0}

365 )

366 var testmsgs = []*testmsg{inboxMinimal, inboxText, inboxHTML, inboxAlt, inboxAltRel, inboxAttachments, testbox1Alt, rejectsMinimal}

367

368 for _, tm := range testmsgs {

369 tdeliver(t, acc, tm)

370 }

371

372 type httpHeaders [][2]string

373 ctHTML := [2]string{"Content-Type", "text/html; charset=utf-8"}

374 ctText := [2]string{"Content-Type", "text/plain; charset=utf-8"}

375 ctTextNoCharset := [2]string{"Content-Type", "text/plain"}

376 ctJS := [2]string{"Content-Type", "application/javascript; charset=utf-8"}

377 ctJSON := [2]string{"Content-Type", "application/json; charset=utf-8"}

378

379 cookieOK := &http.Cookie{Name: "webmailsession", Value: sessionCookie.Value}

380 cookieBad := &http.Cookie{Name: "webmailsession", Value: "AAAAAAAAAAAAAAAAAAAAAA mjl"}

381 hdrSessionOK := [2]string{"Cookie", cookieOK.String()}

382 hdrSessionBad := [2]string{"Cookie", cookieBad.String()}

383 hdrCSRFOK := [2]string{"x-mox-csrf", string(csrfToken)}

384 hdrCSRFBad := [2]string{"x-mox-csrf", "AAAAAAAAAAAAAAAAAAAAAA"}

385

386 testHTTP := func(method, path string, headers httpHeaders, expStatusCode int, expHeaders httpHeaders, check func(resp *http.Response)) {

387 t.Helper()

388

389 req := httptest.NewRequest(method, path, nil)

390 for _, kv := range headers {

391 req.Header.Add(kv[0], kv[1])

392 }

393 rr := httptest.NewRecorder()

394 rr.Body = &bytes.Buffer{}

395 handle(apiHandler, false, "", rr, req)

396 if rr.Code != expStatusCode {

397 t.Fatalf("got status %d, expected %d (%s)", rr.Code, expStatusCode, readBody(rr.Body))

398 }

399

400 resp := rr.Result()

401 for _, h := range expHeaders {

402 if resp.Header.Get(h[0]) != h[1] {

403 t.Fatalf("for header %q got value %q, expected %q", h[0], resp.Header.Get(h[0]), h[1])

404 }

405 }

406

407 if check != nil {

408 check(resp)

409 }

410 }

411 testHTTPAuthAPI := func(method, path string, expStatusCode int, expHeaders httpHeaders, check func(resp *http.Response)) {

412 t.Helper()

413 testHTTP(method, path, httpHeaders{hdrCSRFOK, hdrSessionOK}, expStatusCode, expHeaders, check)

414 }

415 testHTTPAuthREST := func(method, path string, expStatusCode int, expHeaders httpHeaders, check func(resp *http.Response)) {

416 t.Helper()

417 testHTTP(method, path, httpHeaders{hdrSessionOK}, expStatusCode, expHeaders, check)

418 }

419

420 userAuthError := func(resp *http.Response, expCode string) {

421 t.Helper()

422

423 var response struct {

424 Error *sherpa.Error `json:"error"`

425 }

426 err := json.NewDecoder(resp.Body).Decode(&response)

427 tcheck(t, err, "parsing response as json")

428 if response.Error == nil {

429 t.Fatalf("expected sherpa error with code %s, no error", expCode)

430 }

431 if response.Error.Code != expCode {

432 t.Fatalf("got sherpa error code %q, expected %s", response.Error.Code, expCode)

433 }

434 }

435 badAuth := func(resp *http.Response) {

436 t.Helper()

437 userAuthError(resp, "user:badAuth")

438 }

439 noAuth := func(resp *http.Response) {

440 t.Helper()

441 userAuthError(resp, "user:noAuth")

442 }

443

444 // HTTP webmail

445 testHTTP("GET", "/", httpHeaders{}, http.StatusOK, nil, nil)

446 testHTTP("POST", "/", httpHeaders{}, http.StatusMethodNotAllowed, nil, nil)

447 testHTTP("GET", "/", httpHeaders{[2]string{"Accept-Encoding", "gzip"}}, http.StatusOK, httpHeaders{ctHTML, [2]string{"Content-Encoding", "gzip"}}, nil)

448 testHTTP("GET", "/msg.js", httpHeaders{}, http.StatusOK, httpHeaders{ctJS}, nil)

449 testHTTP("POST", "/msg.js", httpHeaders{}, http.StatusMethodNotAllowed, nil, nil)

450 testHTTP("GET", "/text.js", httpHeaders{}, http.StatusOK, httpHeaders{ctJS}, nil)

451 testHTTP("POST", "/text.js", httpHeaders{}, http.StatusMethodNotAllowed, nil, nil)

452

453 testHTTP("POST", "/api/Bogus", httpHeaders{}, http.StatusOK, nil, noAuth)

454 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFBad}, http.StatusOK, nil, noAuth)

455 testHTTP("POST", "/api/Bogus", httpHeaders{hdrSessionBad}, http.StatusOK, nil, noAuth)

456 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFBad, hdrSessionBad}, http.StatusOK, nil, badAuth)

457 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFOK}, http.StatusOK, nil, noAuth)

458 testHTTP("POST", "/api/Bogus", httpHeaders{hdrSessionOK}, http.StatusOK, nil, noAuth)

459 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFBad, hdrSessionOK}, http.StatusOK, nil, badAuth)

460 testHTTP("POST", "/api/Bogus", httpHeaders{hdrCSRFOK, hdrSessionBad}, http.StatusOK, nil, badAuth)

461 testHTTPAuthAPI("GET", "/api/Bogus", http.StatusMethodNotAllowed, nil, nil)

462 testHTTPAuthAPI("POST", "/api/Bogus", http.StatusNotFound, nil, nil)

463 testHTTPAuthAPI("POST", "/api/SSETypes", http.StatusOK, httpHeaders{ctJSON}, nil)

464

465 // Unknown.

466 testHTTP("GET", "/other", httpHeaders{}, http.StatusForbidden, nil, nil)

467

468 // Export.

469 testHTTP("GET", "/export", httpHeaders{}, http.StatusForbidden, nil, nil)

470 testHTTP("GET", "/export", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

471 testHTTP("GET", "/export", httpHeaders{hdrSessionOK}, http.StatusForbidden, nil, nil)

472

473 testExport := func(format, archive, mailbox string, recursive bool, expectFiles int) {

474 t.Helper()

475

476 fields := url.Values{

477 "csrf": []string{string(csrfToken)},

478 "format": []string{format},

479 "archive": []string{archive},

480 "mailbox": []string{mailbox},

481 }

482 if recursive {

483 fields.Add("recursive", "on")

484 }

485 r := httptest.NewRequest("POST", "/export", strings.NewReader(fields.Encode()))

486 r.Header.Set("Content-Type", "application/x-www-form-urlencoded")

487 r.Header.Add("Cookie", cookieOK.String())

488 w := httptest.NewRecorder()

489 handle(apiHandler, false, "", w, r)

490 if w.Code != http.StatusOK {

491 t.Fatalf("export, got status code %d, expected 200: %s", w.Code, w.Body.Bytes())

492 }

493 var count int

494 if archive == "zip" {

495 buf := w.Body.Bytes()

496 zr, err := zip.NewReader(bytes.NewReader(buf), int64(len(buf)))

497 tcheck(t, err, "reading zip")

498 for _, f := range zr.File {

499 if !strings.HasSuffix(f.Name, "/") {

500 count++

501 }

502 }

503 } else {

504 var src io.Reader = w.Body

505 if archive == "tgz" {

506 gzr, err := gzip.NewReader(src)

507 tcheck(t, err, "gzip reader")

508 src = gzr

509 }

510 tr := tar.NewReader(src)

511 for {

512 h, err := tr.Next()

513 if err == io.EOF {

514 break

515 }

516 tcheck(t, err, "next file in tar")

517 if !strings.HasSuffix(h.Name, "/") {

518 count++

519 }

520 _, err = io.Copy(io.Discard, tr)

521 tcheck(t, err, "reading from tar")

522 }

523 }

524 if count != expectFiles {

525 t.Fatalf("export, has %d files, expected %d", count, expectFiles)

526 }

527 }

528

529 testExport("maildir", "tgz", "", true, 8+1) // 8 messages, 1 flags file

530 testExport("maildir", "zip", "", true, 8+1)

531 testExport("mbox", "tar", "", true, 6+5) // 6 default mailboxes, 5 created

532 testExport("mbox", "zip", "", true, 6+5)

533 testExport("mbox", "zip", "Lists", true, 3)

534 testExport("mbox", "zip", "Lists", false, 1)

535

536 // HTTP message, generic

537 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), nil, http.StatusForbidden, nil, nil)

538 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), httpHeaders{hdrCSRFBad}, http.StatusForbidden, nil, nil)

539 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), httpHeaders{hdrCSRFOK}, http.StatusForbidden, nil, nil)

540 testHTTP("GET", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

541 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/attachments.zip", 0), http.StatusNotFound, nil, nil)

542 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/attachments.zip", testmsgs[len(testmsgs)-1].ID+1), http.StatusNotFound, nil, nil)

543 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/bogus", inboxMinimal.ID), http.StatusNotFound, nil, nil)

544 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/view/bogus", inboxMinimal.ID), http.StatusNotFound, nil, nil)

545 testHTTPAuthREST("GET", fmt.Sprintf("/msg/%v/bogus/0", inboxMinimal.ID), http.StatusNotFound, nil, nil)

546 testHTTPAuthREST("GET", "/msg/", http.StatusNotFound, nil, nil)

547 testHTTPAuthREST("POST", fmt.Sprintf("/msg/%v/attachments.zip", inboxMinimal.ID), http.StatusMethodNotAllowed, nil, nil)

548

549 // HTTP message: attachments.zip

550 ctZip := [2]string{"Content-Type", "application/zip"}

551 checkZip := func(resp *http.Response, fileContents [][2]string) {

552 t.Helper()

553 zipbuf, err := io.ReadAll(resp.Body)

554 tcheck(t, err, "reading response")

555 zr, err := zip.NewReader(bytes.NewReader(zipbuf), int64(len(zipbuf)))

556 tcheck(t, err, "open zip")

557 if len(fileContents) != len(zr.File) {

558 t.Fatalf("zip file has %d files, expected %d", len(fileContents), len(zr.File))

559 }

560 for i, fc := range fileContents {

561 if zr.File[i].Name != fc[0] {

562 t.Fatalf("zip, file at index %d is named %q, expected %q", i, zr.File[i].Name, fc[0])

563 }

564 f, err := zr.File[i].Open()

565 tcheck(t, err, "open file in zip")

566 buf, err := io.ReadAll(f)

567 tcheck(t, err, "read file in zip")

568 tcompare(t, string(buf), fc[1])

569 err = f.Close()

570 tcheck(t, err, "closing file")

571 }

572 }

573

574 pathInboxMinimal := fmt.Sprintf("/msg/%d", inboxMinimal.ID)

575 testHTTP("GET", pathInboxMinimal+"/attachments.zip", httpHeaders{}, http.StatusForbidden, nil, nil)

576 testHTTP("GET", pathInboxMinimal+"/attachments.zip", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

577

578 testHTTPAuthREST("GET", pathInboxMinimal+"/attachments.zip", http.StatusOK, httpHeaders{ctZip}, func(resp *http.Response) {

579 checkZip(resp, nil)

580 })

581 pathInboxRelAlt := fmt.Sprintf("/msg/%d", inboxAltRel.ID)

582 testHTTPAuthREST("GET", pathInboxRelAlt+"/attachments.zip", http.StatusOK, httpHeaders{ctZip}, func(resp *http.Response) {

583 checkZip(resp, [][2]string{{"test1.png", "PNG..."}})

584 })

585 pathInboxAttachments := fmt.Sprintf("/msg/%d", inboxAttachments.ID)

586 testHTTPAuthREST("GET", pathInboxAttachments+"/attachments.zip", http.StatusOK, httpHeaders{ctZip}, func(resp *http.Response) {

587 checkZip(resp, [][2]string{{"attachment-1.png", "PNG..."}, {"attachment-2.png", "PNG..."}, {"test.jpg", "JPG..."}, {"test-1.jpg", "JPG..."}})

588 })

589

590 // HTTP message: raw

591 pathInboxAltRel := fmt.Sprintf("/msg/%d", inboxAltRel.ID)

592 pathInboxText := fmt.Sprintf("/msg/%d", inboxText.ID)

593 testHTTP("GET", pathInboxAltRel+"/raw", httpHeaders{}, http.StatusForbidden, nil, nil)

594 testHTTP("GET", pathInboxAltRel+"/raw", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

595 testHTTPAuthREST("GET", pathInboxAltRel+"/raw", http.StatusOK, httpHeaders{ctTextNoCharset}, nil)

596 testHTTPAuthREST("GET", pathInboxText+"/raw", http.StatusOK, httpHeaders{ctText}, nil)

597

598 // HTTP message: parsedmessage.js

599 testHTTP("GET", pathInboxMinimal+"/parsedmessage.js", httpHeaders{}, http.StatusForbidden, nil, nil)

600 testHTTP("GET", pathInboxMinimal+"/parsedmessage.js", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

601 testHTTPAuthREST("GET", pathInboxMinimal+"/parsedmessage.js", http.StatusOK, httpHeaders{ctJS}, nil)

602

603 mox.LimitersInit()

604 // HTTP message: text,html,htmlexternal and msgtext,msghtml,msghtmlexternal

605 for _, elem := range []string{"text", "html", "htmlexternal", "msgtext", "msghtml", "msghtmlexternal"} {

606 testHTTP("GET", pathInboxAltRel+"/"+elem, httpHeaders{}, http.StatusForbidden, nil, nil)

607 testHTTP("GET", pathInboxAltRel+"/"+elem, httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

608 mox.LimitersInit() // Reset, for too many failures.

609 }

610

611 // The text endpoint serves JS that we generated, so should be safe, but still doesn't hurt to have a CSP.

612 cspText := [2]string{

613 "Content-Security-Policy",

614 "frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

615 }

616 // Text and img-src 'self', for viewing image files inline.

617 cspTextImg := [2]string{

618 "Content-Security-Policy",

619 "frame-ancestors 'self'; default-src 'none'; img-src data: 'self'; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

620 }

621 // HTML as viewed in the regular viewer, not in a new tab.

622 cspHTML := [2]string{

623 "Content-Security-Policy",

624 "sandbox allow-popups allow-popups-to-escape-sandbox; frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'",

625 }

626 // HTML when in separate message tab, needs allow-same-origin for iframe inner height.

627 cspHTMLSameOrigin := [2]string{

628 "Content-Security-Policy",

629 "sandbox allow-popups allow-popups-to-escape-sandbox allow-same-origin; frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'",

630 }

631 // Like cspHTML, but allows http and https resources.

632 cspHTMLExternal := [2]string{

633 "Content-Security-Policy",

634 "sandbox allow-popups allow-popups-to-escape-sandbox; frame-ancestors 'self'; default-src 'none'; img-src data: http: https: 'unsafe-inline'; style-src 'unsafe-inline' data: http: https:; font-src data: http: https: 'unsafe-inline'; media-src 'unsafe-inline' data: http: https:",

635 }

636 // HTML with external resources when opened in separate tab, with allow-same-origin for iframe inner height.

637 cspHTMLExternalSameOrigin := [2]string{

638 "Content-Security-Policy",

639 "sandbox allow-popups allow-popups-to-escape-sandbox allow-same-origin; frame-ancestors 'self'; default-src 'none'; img-src data: http: https: 'unsafe-inline'; style-src 'unsafe-inline' data: http: https:; font-src data: http: https: 'unsafe-inline'; media-src 'unsafe-inline' data: http: https:",

640 }

641 // Msg page, our JS, that loads an html iframe, already blocks access for the iframe.

642 cspMsgHTML := [2]string{

643 "Content-Security-Policy",

644 "frame-ancestors 'self'; default-src 'none'; img-src data:; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

645 }

646 // Msg page that already allows external resources for the iframe.

647 cspMsgHTMLExternal := [2]string{

648 "Content-Security-Policy",

649 "frame-ancestors 'self'; default-src 'none'; img-src data: http: https: 'unsafe-inline'; style-src 'unsafe-inline' data: http: https:; font-src data: http: https: 'unsafe-inline'; media-src 'unsafe-inline' data: http: https:; script-src 'unsafe-inline' 'self'; frame-src 'self'; connect-src 'self'",

650 }

651 testHTTPAuthREST("GET", pathInboxAltRel+"/text", http.StatusOK, httpHeaders{ctHTML, cspTextImg}, nil)

652 testHTTPAuthREST("GET", pathInboxAltRel+"/html", http.StatusOK, httpHeaders{ctHTML, cspHTML}, nil)

653 testHTTPAuthREST("GET", pathInboxAltRel+"/htmlexternal", http.StatusOK, httpHeaders{ctHTML, cspHTMLExternal}, nil)

654 testHTTPAuthREST("GET", pathInboxAltRel+"/msgtext", http.StatusOK, httpHeaders{ctHTML, cspText}, nil)

655 testHTTPAuthREST("GET", pathInboxAltRel+"/msghtml", http.StatusOK, httpHeaders{ctHTML, cspMsgHTML}, nil)

656 testHTTPAuthREST("GET", pathInboxAltRel+"/msghtmlexternal", http.StatusOK, httpHeaders{ctHTML, cspMsgHTMLExternal}, nil)

657

658 testHTTPAuthREST("GET", pathInboxAltRel+"/html?sameorigin=true", http.StatusOK, httpHeaders{ctHTML, cspHTMLSameOrigin}, nil)

659 testHTTPAuthREST("GET", pathInboxAltRel+"/htmlexternal?sameorigin=true", http.StatusOK, httpHeaders{ctHTML, cspHTMLExternalSameOrigin}, nil)

660

661 // No HTML part.

662 for _, elem := range []string{"html", "htmlexternal", "msghtml", "msghtmlexternal"} {

663 testHTTPAuthREST("GET", pathInboxText+"/"+elem, http.StatusBadRequest, nil, nil)

664

665 }

666 // No text part.

667 pathInboxHTML := fmt.Sprintf("/msg/%d", inboxHTML.ID)

668 for _, elem := range []string{"text", "msgtext"} {

669 testHTTPAuthREST("GET", pathInboxHTML+"/"+elem, http.StatusBadRequest, nil, nil)

670 }

671

672 // HTTP message part: view,viewtext,download

673 for _, elem := range []string{"view", "viewtext", "download"} {

674 testHTTP("GET", pathInboxAltRel+"/"+elem+"/0", httpHeaders{}, http.StatusForbidden, nil, nil)

675 testHTTP("GET", pathInboxAltRel+"/"+elem+"/0", httpHeaders{hdrSessionBad}, http.StatusForbidden, nil, nil)

676 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0", http.StatusOK, nil, nil)

677 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0.0", http.StatusOK, nil, nil)

678 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0.1", http.StatusOK, nil, nil)

679 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/0.2", http.StatusNotFound, nil, nil)

680 testHTTPAuthREST("GET", pathInboxAltRel+"/"+elem+"/1", http.StatusNotFound, nil, nil)

681 }

682

683 // Logout invalidates the session. Must work exactly once.

684 // Normally the generic /api/ auth check returns a user error. We bypass it and

685 // check for the server error.

686 sessionToken := store.SessionToken(strings.SplitN(sessionCookie.Value, " ", 2)[0])

687 reqInfo = requestInfo{log, "mjl@mox.example", acc, sessionToken, httptest.NewRecorder(), &http.Request{RemoteAddr: "127.0.0.1:1234"}}

688 ctx = context.WithValue(ctxbg, requestInfoCtxKey, reqInfo)

689 api.Logout(ctx)

690 tneedErrorCode(t, "server:error", func() { api.Logout(ctx) })

691}

692

693func TestSanitize(t *testing.T) {

694 check := func(s string, exp string) {

695 t.Helper()

696 n, err := html.Parse(strings.NewReader(s))

697 tcheck(t, err, "parsing html")

698 sanitizeNode(n)

699 var sb strings.Builder

700 err = html.Render(&sb, n)

701 tcheck(t, err, "writing html")

702 if sb.String() != exp {

703 t.Fatalf("sanitizing html: %s\ngot: %s\nexpected: %s", s, sb.String(), exp)

704 }

705 }

706

707 check(``,

708 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body></body></html>`)

709 check(`<script>read localstorage</script>`,

710 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body></body></html>`)

711 check(`<a href="javascript:evil">click me</a>`,

712 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

713 check(`<a href="https://badsite" target="top">click me</a>`,

714 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a href="https://badsite" target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

715 check(`<a xlink:href="https://badsite">click me</a>`,

716 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a xlink:href="https://badsite" target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

717 check(`<a onclick="evil">click me</a>`,

718 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><a target="_blank" rel="noopener noreferrer">click me</a></body></html>`)

719 check(`<iframe src="data:text/html;base64,evilhtml"></iframe>`,

720 `<html><head><base target="_blank" rel="noopener noreferrer"/></head><body><iframe></iframe></body></html>`)

721}

722