griddler-mandrill 1.1.2 → 1.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 86dc4de8f452cac033829217d59a4c6bc9f773b9
4
- data.tar.gz: dce4fb18f34941f751aba6f71a6de09088cdfa83
3
+ metadata.gz: 11fa381ea4f4b1865823cf93565cbbaa98ed5f40
4
+ data.tar.gz: f1810eaf5c1295420f384a2647371bf493b75d87
5
5
  SHA512:
6
- metadata.gz: 9b6f95562127f589899a0074386cde554ca8ab3357698504fa633106a25bde17f7eb4743c9011a0ff92f5166fc4f78133b3dfeea6d4cf0218ec5348f6ddd8757
7
- data.tar.gz: a42ada7733a4480f76f56cc3144632428d937ffdbb53558a0d3e5cdf02a4758166b5756a691bbe600bd9b10ccc829a74d7f1da6f3242012de73e9d0d429546da
6
+ metadata.gz: 41142c12a3bfc6034c850e3503424ea7c911bccd5c43d74875d2f955a8d0507059365f0824df0c8907d8c16f74336aef42050f584f8354016bf7bc25b73eff0a
7
+ data.tar.gz: 00d30dc2c0c3a05699df71924d75272871eee113f23d19afa575279c666195a9f33bea2503ead1a3fba471008473686a6e3021e4201c1eba0ab8561489e7e19c
@@ -1,5 +1,8 @@
1
1
  ## master
2
2
 
3
+ ## 1.1.3
4
+ * Protect against SPF spoofing. #22 via [arunthampi](https://github.com/arunthampi)
5
+
3
6
  ## 1.1.2
4
7
  * Use Mandrill's `email` attribute to populate bcc if to and cc don't contain it. #19 and #20 via [Uelb](https://github.com/Uelb)
5
8
 
@@ -11,7 +11,9 @@ module Griddler
11
11
  end
12
12
 
13
13
  def normalize_params
14
- events.map do |event|
14
+ events.select do |event|
15
+ event[:spf].present? && (event[:spf][:result] == 'pass' || event[:spf][:result] == 'neutral')
16
+ end.map do |event|
15
17
  {
16
18
  to: recipients(:to, event),
17
19
  cc: recipients(:cc, event),
@@ -1,5 +1,5 @@
1
1
  module Griddler
2
2
  module Mandrill
3
- VERSION = '1.1.2'
3
+ VERSION = '1.1.3'
4
4
  end
5
5
  end
@@ -104,6 +104,45 @@ describe Griddler::Mandrill::Adapter, '.normalize_params' do
104
104
  end
105
105
  end
106
106
 
107
+ describe 'when the spf record is softfail' do
108
+ before do
109
+ @params = params_hash
110
+ @params.first[:msg][:spf] = { result: 'softfail', detail: 'domain owner discourages use of this host' }
111
+ end
112
+
113
+ it "doesn't include emails that have failed the SPF test" do
114
+ params = default_params(@params)
115
+ normalized_params = Griddler::Mandrill::Adapter.normalize_params(params)
116
+ expect(normalized_params).to be_empty
117
+ end
118
+ end
119
+
120
+ describe 'when the spf record is fail' do
121
+ before do
122
+ @params = params_hash
123
+ @params.first[:msg][:spf] = { result: 'fail', detail: 'sender SPF fail' }
124
+ end
125
+
126
+ it "doesn't include emails that have failed the SPF test" do
127
+ params = default_params(@params)
128
+ normalized_params = Griddler::Mandrill::Adapter.normalize_params(params)
129
+ expect(normalized_params).to be_empty
130
+ end
131
+ end
132
+
133
+ describe 'when the spf record is neutral' do
134
+ before do
135
+ @params = params_hash
136
+ @params.first[:msg][:spf] = { result: 'neutral', detail: 'sender SPF neutral' }
137
+ end
138
+
139
+ it "does include emails that have the SPF result as 'neutral'" do
140
+ params = default_params(@params)
141
+ normalized_params = Griddler::Mandrill::Adapter.normalize_params(params)
142
+ expect(normalized_params.size).to eql 2
143
+ end
144
+ end
145
+
107
146
  describe 'when the email has no html part' do
108
147
  before do
109
148
  @params = params_hash
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: griddler-mandrill
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stafford Brunk
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-27 00:00:00.000000000 Z
11
+ date: 2015-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: griddler