RubyGems - gitlab-mail_room - Versions diffs - 0.0.15 → 0.0.16 - Mend

gitlab-mail_room 0.0.15 → 0.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/README.md +11 -0
data/lib/mail_room/delivery/postback.rb +36 -4
data/lib/mail_room/jwt.rb +33 -0
data/lib/mail_room/version.rb +1 -1
data/mail_room.gemspec +1 -0
data/spec/fixtures/jwt_secret +1 -0
data/spec/lib/delivery/postback_spec.rb +51 -3
data/spec/lib/jwt_spec.rb +79 -0
metadata +25 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec4ee38465229ec567497afa371c9001ba6b55f3f7b427815d2aeeaaa3916569
-  data.tar.gz: f98d83bd07c436f6d833c8ed9710a7cfe33d43a0f56891495eb495c75001ac6f
+  metadata.gz: 379c92ce022edc809e94ff13a0789fa78166483d0228df03db4a6cbaf7213be4
+  data.tar.gz: 1490b43ca949d4ea15240367ef6c6162799cf3648868bfd2982f92688d30f4b0
 SHA512:
-  metadata.gz: e7146b00f46e4ba842fad2234caf4f9145263f25aa4b21daaf16b17d5308d9cb7fc028c4cdaeede5e542bc05476bbbf95dff3f9fc5aae35fefca458004cfcd6e
-  data.tar.gz: c89588a3d43583ce20f1513b8488293f8b2f56b13bd15331276288f4331f2bef59abef77d790836cdcfe298d8af3fc9c4475586c44bb174fb485a6e1f4ac0834
+  metadata.gz: 4c03b12b703e68b58fbe0b91a6a3cfea7dff35b3aca33abc74589fb4d51aadcbfd5976d586b7313ce10100a48d615861f510eeb025b4e7931ae1d30fb05ec8bc
+  data.tar.gz: 5318027b63f4f04b42270b4d54fcfeb3d69bdce7fcda93a2f431532ea72be96c4e9046be664199a4debeae2cca6b2a4d175cccb850d3c3776783219a3c7309b6

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.7.2
1	+ 2.7.5

data/README.md CHANGED Viewed

@@ -138,6 +138,17 @@ You will also need to install `faraday` or `letter_opener` if you use the `postb
     :delivery_options:
       :redis_url: redis://localhost:6379
       :worker: EmailReceiverWorker
+  -
+    :email: "user8@gmail.com"
+    :password: "password"
+    :name: "inbox"
+    :delivery_method: postback
+    :delivery_options:
+      :delivery_url: "http://localhost:3000/inbox"
+      :jwt_auth_header: "Mailroom-Api-Request"
+      :jwt_issuer: "mailroom"
+      :jwt_algorithm: "HS256"
+      :jwt_secret_path: "/etc/secrets/mailroom/.mailroom_secret"
 ```
 **Note:** If using `delete_after_delivery`, you also probably want to use

data/lib/mail_room/delivery/postback.rb CHANGED Viewed

@@ -1,11 +1,12 @@
 require 'faraday'
+require "mail_room/jwt"
 module MailRoom
   module Delivery
     # Postback Delivery method
     # @author Tony Pitale
     class Postback
-      Options = Struct.new(:url, :token, :username, :password, :logger, :content_type) do
+      Options = Struct.new(:url, :token, :username, :password, :logger, :content_type, :jwt) do
         def initialize(mailbox)
           url =
             mailbox.delivery_url ||
@@ -17,6 +18,8 @@ module MailRoom
             mailbox.delivery_options[:delivery_token] ||
             mailbox.delivery_options[:token]
+          jwt = initialize_jwt(mailbox.delivery_options)
           username = mailbox.delivery_options[:username]
           password = mailbox.delivery_options[:password]
@@ -24,16 +27,31 @@ module MailRoom
           content_type = mailbox.delivery_options[:content_type]
-          super(url, token, username, password, logger, content_type)
+          super(url, token, username, password, logger, content_type, jwt)
         end
         def token_auth?
           !self[:token].nil?
         end
+        def jwt_auth?
+          self[:jwt].valid?
+        end
         def basic_auth?
           !self[:username].nil? && !self[:password].nil?
         end
+        private
+        def initialize_jwt(delivery_options)
+          ::MailRoom::JWT.new(
+            header: delivery_options[:jwt_auth_header],
+            secret_path: delivery_options[:jwt_secret_path],
+            algorithm: delivery_options[:jwt_algorithm],
+            issuer: delivery_options[:jwt_issuer]
+          )
+        end
       end
       # Build a new delivery, hold the delivery options
@@ -60,13 +78,27 @@ module MailRoom
         connection.post do |request|
           request.url @delivery_options.url
           request.body = message
-          # request.options[:timeout] = 3
-          request.headers['Content-Type'] = @delivery_options.content_type unless @delivery_options.content_type.nil?
+          config_request_content_type(request)
+          config_request_jwt_auth(request)
         end
         @delivery_options.logger.info({ delivery_method: 'Postback', action: 'message pushed', url: @delivery_options.url })
         true
       end
+      private
+      def config_request_content_type(request)
+        return if @delivery_options.content_type.nil?
+        request.headers['Content-Type'] = @delivery_options.content_type
+      end
+      def config_request_jwt_auth(request)
+        return unless @delivery_options.jwt_auth?
+        request.headers[@delivery_options.jwt.header] = @delivery_options.jwt.token
+      end
     end
   end
 end

data/lib/mail_room/jwt.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+require 'faraday'
+require 'securerandom'
+module MailRoom
+  # Responsible for validating and generating JWT token
+  class JWT
+    DEFAULT_ISSUER = 'mailroom'
+    DEFAULT_ALGORITHM = 'HS256'
+    attr_reader :header, :secret_path, :issuer, :algorithm
+    def initialize(header:, secret_path:, issuer:, algorithm:)
+      @header = header
+      @secret_path = secret_path
+      @issuer = issuer || DEFAULT_ISSUER
+      @algorithm = algorithm || DEFAULT_ALGORITHM
+    end
+    def valid?
+      [@header, @secret_path, @issuer, @algorithm].none?(&:nil?)
+    end
+    def token
+      return nil unless valid?
+      secret = Base64.strict_decode64(File.read(@secret_path).chomp)
+      payload = { nonce: SecureRandom.hex(12), iss: @issuer }
+      ::JWT.encode payload, secret, @algorithm
+    end
+  end
+end

data/lib/mail_room/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module MailRoom
   # Current version of gitlab-mail_room gem
-  VERSION = "0.0.15"
+  VERSION = "0.0.16"
 end

data/mail_room.gemspec CHANGED Viewed

@@ -19,6 +19,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency             "net-imap", ">= 0.2.1"
   gem.add_dependency             "oauth2", "~> 1.4.4"
+  gem.add_dependency             "jwt", ">= 2.0"
   # Pinning io-wait to 0.1.0, which is the last version to support Ruby < 3
   gem.add_dependency              "io-wait", "~> 0.1.0"

data/spec/fixtures/jwt_secret ADDED Viewed

	@@ -0,0 +1 @@
1	+ aGVsbG93b3JsZA==

data/spec/lib/delivery/postback_spec.rb CHANGED Viewed

@@ -65,11 +65,10 @@ describe MailRoom::Delivery::Postback do
           }
         })}
         let(:delivery_options) {
           MailRoom::Delivery::Postback::Options.new(mailbox)
         }
         it 'posts the message with faraday' do
           connection = stub
           request = stub
@@ -82,10 +81,59 @@ describe MailRoom::Delivery::Postback do
           connection.expects(:basic_auth).with('user1', 'password123abc')
           MailRoom::Delivery::Postback.new(delivery_options).deliver('a message')
           expect(request.headers['Content-Type']).to eq('text/plain')
         end
       end
+      context 'with jwt token in the delivery options' do
+        let(:mailbox) {build_mailbox({
+          delivery_options: {
+            url: 'http://localhost/inbox',
+            jwt_auth_header: "Mailroom-Api-Request",
+            jwt_issuer: "mailroom",
+            jwt_algorithm: "HS256",
+            jwt_secret_path: "secret_path"
+          }
+        })}
+        let(:delivery_options) {
+          MailRoom::Delivery::Postback::Options.new(mailbox)
+        }
+        it 'posts the message with faraday' do
+          connection = stub
+          request = stub
+          Faraday.stubs(:new).returns(connection)
+          connection.expects(:post).yields(request).twice
+          request.stubs(:url)
+          request.stubs(:body=)
+          request.stubs(:headers).returns({})
+          jwt = stub
+          MailRoom::JWT.expects(:new).with(
+            header: 'Mailroom-Api-Request',
+            issuer: 'mailroom',
+            algorithm: 'HS256',
+            secret_path: 'secret_path'
+          ).returns(jwt)
+          jwt.stubs(:valid?).returns(true)
+          jwt.stubs(:header).returns('Mailroom-Api-Request')
+          jwt.stubs(:token).returns('a_jwt_token')
+          delivery = MailRoom::Delivery::Postback.new(delivery_options)
+          delivery.deliver('a message')
+          expect(request.headers['Mailroom-Api-Request']).to eql('a_jwt_token')
+          # A different jwt token for the second time
+          jwt.stubs(:token).returns('another_jwt_token')
+          delivery.deliver('another message')
+          expect(request.headers['Mailroom-Api-Request']).to eql('another_jwt_token')
+        end
+      end
     end
   end
 end

data/spec/lib/jwt_spec.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require 'spec_helper'
+require 'mail_room/jwt'
+describe MailRoom::JWT do
+  let(:secret_path) { File.expand_path('../fixtures/jwt_secret', File.dirname(__FILE__)) }
+  let(:secret) { Base64.strict_decode64(File.read(secret_path).chomp) }
+  let(:standard_config) do
+    {
+      secret_path: secret_path,
+      issuer: 'mailroom',
+      header: 'Mailroom-Api-Request',
+      algorithm: 'HS256'
+    }
+  end
+  describe '#token' do
+    let(:jwt) { described_class.new(**standard_config) }
+    it 'generates a valid jwt token' do
+      token = jwt.token
+      expect(token).not_to be_empty
+      payload = nil
+      expect do
+        payload = JWT.decode(token, secret, true, iss: 'mailroom', verify_iss: true, algorithm: 'HS256')
+      end.not_to raise_error
+      expect(payload).to be_an(Array)
+      expect(payload).to match(
+        [
+          a_hash_including(
+            'iss' => 'mailroom',
+            'nonce' => be_a(String)
+          ),
+          { 'alg' => 'HS256' }
+        ]
+      )
+    end
+    it 'generates a different token for each invocation' do
+      expect(jwt.token).not_to eql(jwt.token)
+    end
+  end
+  describe '#valid?' do
+    it 'returns true if all essential components are present' do
+      jwt = described_class.new(**standard_config)
+      expect(jwt.valid?).to eql(true)
+    end
+    it 'returns true if header and secret path are present' do
+      jwt = described_class.new(
+        secret_path: secret_path,
+        header: 'Mailroom-Api-Request',
+        issuer: nil,
+        algorithm: nil
+      )
+      expect(jwt.valid?).to eql(true)
+      expect(jwt.issuer).to eql(described_class::DEFAULT_ISSUER)
+      expect(jwt.algorithm).to eql(described_class::DEFAULT_ALGORITHM)
+    end
+    it 'returns false if either header or secret_path are missing' do
+      expect(described_class.new(
+        secret_path: nil,
+        header: 'Mailroom-Api-Request',
+        issuer: nil,
+        algorithm: nil
+      ).valid?).to eql(false)
+      expect(described_class.new(
+        secret_path: secret_path,
+        header: nil,
+        issuer: nil,
+        algorithm: nil
+      ).valid?).to eql(false)
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-mail_room
 version: !ruby/object:Gem::Version
-  version: 0.0.15
+  version: 0.0.16
 platform: ruby
 authors:
 - Tony Pitale
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-14 00:00:00.000000000 Z
+date: 2021-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-imap
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.4.4
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: io-wait
   requirement: !ruby/object:Gem::Requirement
@@ -291,6 +305,7 @@ files:
 - lib/mail_room/imap.rb
 - lib/mail_room/imap/connection.rb
 - lib/mail_room/imap/message.rb
+- lib/mail_room/jwt.rb
 - lib/mail_room/logger/structured.rb
 - lib/mail_room/mailbox.rb
 - lib/mail_room/mailbox_watcher.rb
@@ -300,6 +315,7 @@ files:
 - lib/mail_room/version.rb
 - logfile.log
 - mail_room.gemspec
+- spec/fixtures/jwt_secret
 - spec/fixtures/test_config.yml
 - spec/lib/arbitration/redis_spec.rb
 - spec/lib/cli_spec.rb
@@ -314,6 +330,7 @@ files:
 - spec/lib/health_check_spec.rb
 - spec/lib/imap/connection_spec.rb
 - spec/lib/imap/message_spec.rb
+- spec/lib/jwt_spec.rb
 - spec/lib/logger/structured_spec.rb
 - spec/lib/mailbox_spec.rb
 - spec/lib/mailbox_watcher_spec.rb
@@ -323,7 +340,7 @@ files:
 homepage: http://github.com/tpitale/mail_room
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -338,12 +355,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: mail_room will proxy email (gmail) from IMAP to a callback URL, logger, or
   letter_opener
 test_files:
+- spec/fixtures/jwt_secret
 - spec/fixtures/test_config.yml
 - spec/lib/arbitration/redis_spec.rb
 - spec/lib/cli_spec.rb
@@ -358,6 +376,7 @@ test_files:
 - spec/lib/health_check_spec.rb
 - spec/lib/imap/connection_spec.rb
 - spec/lib/imap/message_spec.rb
+- spec/lib/jwt_spec.rb
 - spec/lib/logger/structured_spec.rb
 - spec/lib/mailbox_spec.rb
 - spec/lib/mailbox_watcher_spec.rb