sanitize_email 2.0.2 → 2.0.4

data/lib/sanitize_email/config.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
 module SanitizeEmail
@@ -16,48 +16,48 @@ module SanitizeEmail
     DEFAULTS = {
       # Specify the BCC addresses for the messages
       #   that go out in "local" environments
-      :sanitized_bcc => nil,
+      sanitized_bcc: nil,
 
       # Specify the CC addresses for the messages
       #   that go out in "local" environments
-      :sanitized_cc => nil,
+      sanitized_cc: nil,
 
       # The recipient addresses for the messages,
       #   either as a string (for a single address)
       #   or an array (for multiple addresses)
       #   that go out in "local" environments
-      :sanitized_to => nil,
+      sanitized_to: nil,
 
-      # a white list
-      :good_list => nil,
+      # an allow list
+      good_list: nil,
 
-      # a black list
-      :bad_list => nil,
+      # a block list
+      bad_list: nil,
 
-      :environment => if defined?(Rails) && Rails.env.present?
-                        "[#{Rails.env}]"
-                      else
-                        '[UNKNOWN ENVIRONMENT]'
-                      end,
+      environment: if defined?(Rails) && Rails.env.present?
+                     "[#{Rails.env}]"
+                   else
+                     "[UNKNOWN ENVIRONMENT]"
+                   end,
 
       # Use the "real" email address as the username
       #   for the sanitized email address
       # e.g. "real@example.com <sanitized@example.com>"
-      :use_actual_email_as_sanitized_user_name => false,
+      use_actual_email_as_sanitized_user_name: false,
 
       # Prepend the "real" email address onto the Subject line of the message
       # e.g. "real@example.com rest of subject"
-      :use_actual_email_prepended_to_subject => false,
+      use_actual_email_prepended_to_subject: false,
 
       # Prepend the Rails environment onto the Subject line of the message
       # e.g. "[development] rest of subject"
-      :use_actual_environment_prepended_to_subject => false,
+      use_actual_environment_prepended_to_subject: false,
 
       # True / False turns on or off sanitization,
       #   while nil ignores this setting and checks activation_proc
-      :engage => nil,
+      engage: nil,
 
-      :activation_proc => proc { false },
+      activation_proc: proc { false },
     }.freeze
 
     @config ||= DEFAULTS.dup
@@ -83,9 +83,9 @@ module SanitizeEmail
     end
 
     def self.config_force_sanitize_deprecation_warning
-      return nil if @config[:force_sanitize].nil?
+      return if @config[:force_sanitize].nil?
       deprecation_warning_message(
-        <<-DEPRECATION
+        <<-DEPRECATION,
               SanitizeEmail::Config.config[:force_sanitize] is deprecated.
               Please use SanitizeEmail.force_sanitize or SanitizeEmail.sanitary instead.
               Refer to https://github.com/pboling/sanitize_email/wiki for examples.

data/lib/sanitize_email/deprecation.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
 module SanitizeEmail
@@ -19,8 +19,8 @@ module SanitizeEmail
     def deprecated_alias(name, replacement)
       # Create a wrapped version
       define_method(name) do |*args, &block|
-        warn "SanitizeEmail: ##{name} deprecated (please use ##{replacement})" unless SanitizeEmail::Deprecation.deprecate_in_silence
-        send replacement, *args, &block
+        warn("SanitizeEmail: ##{name} deprecated (please use ##{replacement})") unless SanitizeEmail::Deprecation.deprecate_in_silence
+        send(replacement, *args, &block)
       end
     end
 
@@ -30,11 +30,11 @@ module SanitizeEmail
     def deprecated(name, replacement = nil)
       # Replace old method
       old_name = :"#{name}_without_deprecation"
-      alias_method old_name, name
+      alias_method(old_name, name)
       # And replace it with a wrapped version
       define_method(name) do |*args, &block|
         deprecation(name, " (please use ##{replacement})")
-        send old_name, *args, &block
+        send(old_name, *args, &block)
       end
     end
 
@@ -47,7 +47,7 @@ module SanitizeEmail
     end
 
     def deprecation_warning_message(message)
-      warn message unless SanitizeEmail::Deprecation.deprecate_in_silence
+      warn(message) unless SanitizeEmail::Deprecation.deprecate_in_silence
     end
   end
 end

data/lib/sanitize_email/engine.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
 module SanitizeEmail

data/lib/sanitize_email/mail_ext.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "mail"
+
 # Cribbed from email_spec gem
 module SanitizeEmail::MailExt
   def default_part

data/lib/sanitize_email/mail_header_tools.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
 module SanitizeEmail
@@ -9,20 +9,20 @@ module SanitizeEmail
     def self.prepend_subject_array(message)
       prepend = []
       if SanitizeEmail.use_actual_email_prepended_to_subject
-        prepend << SanitizeEmail::MailHeaderTools.
-                   prepend_email_to_subject(Array(message.to))
+        prepend << SanitizeEmail::MailHeaderTools
+          .prepend_email_to_subject(Array(message.to))
       end
       if SanitizeEmail.use_actual_environment_prepended_to_subject
-        prepend << SanitizeEmail::MailHeaderTools.
-                   prepend_environment_to_subject
+        prepend << SanitizeEmail::MailHeaderTools
+          .prepend_environment_to_subject
       end
       # this will force later joins to add an extra space
-      prepend << '' unless prepend.empty?
+      prepend << "" unless prepend.empty?
       prepend
     end
 
     def self.custom_subject(message)
-      prepend_subject_array(message).join(' ')
+      prepend_subject_array(message).join(" ")
     end
 
     def self.prepend_environment_to_subject
@@ -30,18 +30,22 @@ module SanitizeEmail
     end
 
     def self.prepend_email_to_subject(actual_addresses)
-      "(#{Array(actual_addresses).uniq.join(',').gsub(/@/, ' at ').
-        gsub(/[<>]/, '~')})"
+      "(#{Array(actual_addresses).uniq.join(",").gsub(/@/, " at ")
+        .gsub(/[<>]/, "~")})"
     end
 
     def self.add_original_addresses_as_headers(message)
       # Add headers by string concat.
       # Setting hash values on message.headers does nothing, strangely.
       # See: http://goo.gl/v46GY
+      to_addrs = message[:to]&.addrs
+      cc_addrs = message[:cc]&.addrs
+      to_decoded = Array(to_addrs&.map(&:decoded))
+      cc_decoded = Array(cc_addrs&.map(&:decoded))
       {
         # can be an arrays, so casting it as arrays
-        'X-Sanitize-Email-To' => Array(message.to).uniq,
-        'X-Sanitize-Email-Cc' => Array(message.cc).uniq
+        "X-Sanitize-Email-To" => to_decoded,
+        "X-Sanitize-Email-Cc" => cc_decoded,
         # Don't write out the BCC, as those addresses should not be visible
         #   in message headers for obvious reasons
       }.each do |header_key, header_value|
@@ -49,13 +53,13 @@ module SanitizeEmail
         SanitizeEmail::MailHeaderTools.update_header(
           header_key,
           header_value,
-          message
+          message,
         )
       end
     end
 
     def self.prepend_custom_subject(message)
-      message.subject = '' unless message.subject
+      message.subject = "" unless message.subject
       custom_subject = SanitizeEmail::MailHeaderTools.custom_subject(message)
       message.subject = custom_subject + message.subject
     end
@@ -63,11 +67,11 @@ module SanitizeEmail
     # According to https://github.com/mikel/mail
     #   this is the correct way to update headers.
     def self.update_header(header_key, header_value, message)
-      return nil unless header_value
+      return unless header_value
       # For each address, as header_value can be an array of addresses
       Array(header_value).each_with_index do |elem, index|
         num = index + 1
-        new_header_key = num > 1 ? "#{header_key}-#{num}" : header_key
+        new_header_key = (num > 1) ? "#{header_key}-#{num}" : header_key
         message.header[new_header_key] = elem.to_s
       end
     end

data/lib/sanitize_email/overridden_addresses.rb

@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
+# External Libraries
+require "mail"
+
 module SanitizeEmail
   # Tools for overriding addresses
   class OverriddenAddresses
@@ -14,12 +17,18 @@ module SanitizeEmail
     # recognized recipient types are: TO, CC, and BCC
     class UnknownOverride < StandardError; end
 
-    REPLACE_AT = [/@/, ' at '].freeze
-    REPLACE_ALLIGATOR = [/[<>]/, '~'].freeze
-    attr_accessor :overridden_to, :overridden_cc, :overridden_bcc,
-                  :good_list, # White-listed addresses will not be molested as to, cc, or bcc
-                  :bad_list, # Black-listed addresses will be removed from to, cc and bcc when sanitization is engaged
-                  :sanitized_to, :sanitized_cc, :sanitized_bcc # Replace non-white-listed addresses with these sanitized addresses.
+    REPLACE_AT = [/@/, " at "].freeze
+    REPLACE_ALLIGATOR = [/[<>]/, "~"].freeze
+    attr_accessor :tempmail,
+      :overridden_to,
+      :overridden_cc,
+      :overridden_bcc,
+      :overridden_personalizations,
+      :good_list, # Allow-listed addresses will not be molested as to, cc, or bcc
+      :bad_list, # Block-listed addresses will be removed from to, cc and bcc when sanitization is engaged
+      :sanitized_to,
+      :sanitized_cc,
+      :sanitized_bcc # Replace non-allow-listed addresses with these sanitized addresses.
 
     def initialize(message, **args)
       # Not using extract_options! because non-rails compatibility is a goal
@@ -29,9 +38,23 @@ module SanitizeEmail
       @sanitized_bcc = args[:sanitized_bcc]
       @good_list = args[:good_list] || []
       @bad_list = args[:bad_list] || []
-      @overridden_to = to_override(message.to)
-      @overridden_cc = cc_override(message.cc)
-      @overridden_bcc = bcc_override(message.bcc)
+      # Mail will do the username parsing for us.
+      @tempmail = Mail.new
+
+      tempmail.to = to_override(message.to)
+      tempmail.cc = cc_override(message.cc)
+      tempmail.bcc = bcc_override(message.bcc)
+
+      remove_duplicates
+
+      @overridden_to = tempmail[:to].decoded
+      @overridden_cc = tempmail[:cc].decoded
+      @overridden_bcc = tempmail[:bcc].decoded
+
+      # remove addresses from :cc that are in :to
+      return if message["personalizations"].nil?
+
+      @overridden_personalizations = personalizations_override(message["personalizations"])
     end
 
     # Allow good listed email addresses, and then remove the bad listed addresses
@@ -44,15 +67,32 @@ module SanitizeEmail
     def to_override(actual_addresses)
       to = override_email(:to, actual_addresses)
       raise MissingTo, "after overriding :to (#{actual_addresses}) there are no addresses to send in To: header." if to.empty?
-      to.join(',')
+
+      to.join(",")
     end
 
     def cc_override(actual_addresses)
-      override_email(:cc, actual_addresses).join(',')
+      override_email(:cc, actual_addresses).join(",")
     end
 
     def bcc_override(actual_addresses)
-      override_email(:bcc, actual_addresses).join(',')
+      override_email(:bcc, actual_addresses).join(",")
+    end
+
+    def personalizations_override(actual_personalizations)
+      actual_personalizations.unparsed_value.map do |actual_personalization|
+        actual_personalization.merge(
+          to: actual_personalization[:to]&.map do |to|
+            to.merge(email: override_email(:to, to[:email]).join(","))
+          end,
+          cc: actual_personalization[:cc]&.map do |cc|
+            cc.merge(email: override_email(:cc, cc[:email]).join(","))
+          end,
+          bcc: actual_personalization[:bcc]&.map do |bcc|
+            bcc.merge(email: override_email(:bcc, bcc[:email]).join(","))
+          end,
+        )
+      end
     end
 
     def override_email(type, actual_addresses)
@@ -99,17 +139,19 @@ module SanitizeEmail
         has_address ? address : nil
       when :bad_list then
         has_address ? nil : address
+      else
+        raise ArgumentError, "address_list_filter got unknown list_type: #{list_type}"
       end
     end
 
     def inject_user_names(real_addresses, sanitized_addresses)
       real_addresses.each_with_object([]) do |real_recipient, result|
         new_recipient = if real_recipient.nil?
-                          sanitized_addresses
-                        else
-                          # puts "SANITIZED: #{sanitized_addresses}"
-                          sanitized_addresses.map { |sanitized| "#{real_recipient.gsub(REPLACE_AT[0], REPLACE_AT[1]).gsub(/[<>]/, '~')} <#{sanitized}>" }
-                        end
+          sanitized_addresses
+        else
+          # puts "SANITIZED: #{sanitized_addresses}"
+          sanitized_addresses.map { |sanitized| "#{real_recipient.gsub(REPLACE_AT[0], REPLACE_AT[1]).gsub(/[<>]/, "~")} <#{sanitized}>" }
+        end
         result << new_recipient
       end.flatten
     end
@@ -131,7 +173,23 @@ module SanitizeEmail
       when :bcc then
         Array(sanitized_bcc)
       else
-        raise UnknownOverride, 'unknown email override'
+        raise UnknownOverride, "unknown email override"
+      end
+    end
+
+    private
+
+    def remove_duplicates
+      dedup_addresses = tempmail[:to].addresses
+
+      tempmail[:cc].addrs.reject! do |addr|
+        # If this email address is already in the :to list, then remove
+        dedup_addresses.include?(addr.address)
+      end
+      dedup_addresses += tempmail[:cc].addresses
+      tempmail[:bcc].addrs.reject! do |addr|
+        # If this email address is already in the :to list, then remove
+        dedup_addresses.include?(addr.address)
       end
     end
   end

data/lib/sanitize_email/railtie.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
 module SanitizeEmail

data/lib/sanitize_email/rspec_matchers.rb

@@ -1,92 +1,116 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 # Note: the RspecMatchers are composed matchers:
 # See: http://www.relishapp.com/rspec/rspec-expectations/v/3-5/docs/composing-matchers
 
-require 'sanitize_email/mail_ext'
+require "sanitize_email/mail_ext"
 
 module SanitizeEmail
   # Provides matchers that can be used in
   #   Rspec tests to assert the behavior of email
   module RspecMatchers
     %i[from to cc bcc subject reply_to].each do |attribute|
-      RSpec::Matchers.define "have_#{attribute}" do |matcher|
+      RSpec::Matchers.define("have_#{attribute}") do |matcher|
         match do |actual|
           @actual = actual.send(attribute)
-          @actual = @actual.join(', ') if @actual.respond_to?(:join)
-          expect(@actual).to match(matcher)
+          @actual = @actual.join(", ") if @actual.respond_to?(:join)
+          expect(@actual).to(match(matcher))
         end
       end
     end
 
     %i[from to cc bcc subject reply_to].each do |attribute|
-      RSpec::Matchers.define "match_#{attribute}" do |matcher|
+      RSpec::Matchers.define("match_#{attribute}") do |matcher|
         match do |actual|
           @actual = actual.send(attribute)
-          @actual = @actual.join(', ') if @actual.respond_to?(:join)
-          expect(@actual).to match(matcher)
+          @actual = @actual.join(", ") if @actual.respond_to?(:join)
+          expect(@actual).to(match(matcher))
         end
       end
     end
 
     %i[from to cc bcc subject reply_to].each do |attribute|
-      RSpec::Matchers.define "be_#{attribute}" do |matcher|
+      RSpec::Matchers.define("be_#{attribute}") do |matcher|
         match do |actual|
           @actual = actual.send(attribute)
-          @actual = @actual.join(', ') if @actual.respond_to?(:join)
-          expect(@actual).to be(matcher)
+          @actual = @actual.join(", ") if @actual.respond_to?(:join)
+          expect(@actual).to(be(matcher))
         end
       end
     end
 
-    RSpec::Matchers.define 'have_to_username' do |matcher|
-      def get_to_username(email_message)
-        username_header = email_message.header['X-Sanitize-Email-To']
-        return username_header unless username_header.is_a?(Mail::Field)
-        email_message.header.fields[3].value
+    RSpec::Matchers.define("have_to_username") do |matcher|
+      def get_to_usernames(email_message)
+        to_addrs = email_message[:to].addrs
+        to_addrs.map(&:name)
       end
       match do |actual|
-        @actual = get_to_username(actual)
-        expect(@actual).to match(matcher)
+        @actual = get_to_usernames(actual)
+        expect(@actual).to(include(match(matcher)))
       end
     end
 
-    RSpec::Matchers.define 'have_cc_username' do |matcher|
-      def get_cc_username(email_message)
-        username_header = email_message.header['X-Sanitize-Email-Cc']
-        return username_header unless username_header.is_a?(Mail::Field)
-        email_message.header.fields[3].value
+    RSpec::Matchers.define("have_sanitized_to_header") do |matcher|
+      def get_sanitized_to_header(email_message)
+        sanitized_to_header = email_message.header["X-Sanitize-Email-To"]
+        return sanitized_to_header.value if sanitized_to_header.is_a?(Mail::Field)
+
+        "no header found at 'X-Sanitize-Email-To'"
+      end
+      match do |actual|
+        @actual = get_sanitized_to_header(actual)
+        expect(@actual).to(match(matcher))
+      end
+    end
+
+    RSpec::Matchers.define("have_cc_username") do |matcher|
+      def get_cc_usernames(email_message)
+        to_addrs = email_message[:cc].addrs
+        to_addrs.map(&:name)
+      end
+      match do |actual|
+        @actual = get_cc_usernames(actual)
+        expect(@actual).to(include(match(matcher)))
+      end
+    end
+
+    RSpec::Matchers.define("have_sanitized_cc_header") do |matcher|
+      def get_sanitized_cc_header(email_message)
+        sanitized_cc_header = email_message.header["X-Sanitize-Email-Cc"]
+        return sanitized_cc_header.value if sanitized_cc_header.is_a?(Mail::Field)
+
+        "no header found at 'X-Sanitize-Email-Cc'"
       end
       match do |actual|
-        @actual = get_cc_username(actual)
-        expect(@actual).to match(matcher)
+        @actual = get_sanitized_cc_header(actual)
+        expect(@actual).to(match(matcher))
       end
     end
 
     # Cribbed from email_spec gem
-    RSpec::Matchers.define 'have_body_text' do |matcher|
+    RSpec::Matchers.define("have_body_text") do |matcher|
       def get_fuzzy_body(email_message)
-        email_message.default_part_body.to_s.gsub(/\s+/, ' ')
+        email_message.default_part_body.to_s.gsub(/\s+/, " ")
       end
 
       def get_fuzzy_matcher(to_fuzz)
-        to_fuzz.gsub(/\s+/, ' ')
+        to_fuzz.gsub(/\s+/, " ")
       end
       match do |actual|
         @actual = get_fuzzy_body(actual)
         fuzzy_matcher = get_fuzzy_matcher(matcher)
-        expect(@actual).to match(fuzzy_matcher)
+        expect(@actual).to(match(fuzzy_matcher))
       end
     end
 
     # Cribbed from email_spec gem
-    RSpec::Matchers.define 'have_header' do |name, matcher|
+    RSpec::Matchers.define("have_header") do |name, matcher|
       match do |actual|
         @actual = actual.header[name]
         @actual = @actual.value unless @actual.nil?
-        expect(@actual).to match(matcher)
+        expect(@actual).to(match(matcher))
       end
     end
   end

data/lib/sanitize_email/test_helpers.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 # Note: the RspecMatchers no longer use these methods.  Instead they are composed matchers:
 # See: http://www.relishapp.com/rspec/rspec-expectations/v/3-5/docs/composing-matchers
@@ -19,15 +19,15 @@ module SanitizeEmail
       # Can we match a regex against it?
       raise UnexpectedMailType, "Cannot match #{matcher} for #{part}" unless attribute.respond_to?(:=~)
       attribute =~ if matcher.is_a?(Regexp)
-                     matcher
-                   else
-                     Regexp.new(Regexp.escape(matcher))
-                   end
+        matcher
+      else
+        Regexp.new(Regexp.escape(matcher))
+      end
     end
 
     # Normalize arrays to strings
     def array_matching(matcher, part, attribute)
-      attribute = attribute.join(', ') if attribute.respond_to?(:join)
+      attribute = attribute.join(", ") if attribute.respond_to?(:join)
       string_matching(matcher, part, attribute)
     end
 

data/lib/sanitize_email/version.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2008-16 Peter H. Boling of RailsBling.com
+# Copyright (c) 2008 - 2018, 2020, 2022, 2024 Peter H. Boling of RailsBling.com
 # Released under the MIT license
 
 module SanitizeEmail
-  VERSION = '2.0.2'
+  module Version
+    VERSION = "2.0.4"
+  end
 end