Fixes bug where emails are sent to blocked addresses

models/MailBlocker.php

@@ -211,11 +211,11 @@ public static function checkAllForUser($user)
  /**
  * Checks if an email address has blocked a given template,
  * returns an array of blocked emails.
- * @param  string $template
- * @param  string $email
+ * @param ?string $template
+ * @param string|string[] $email
  * @return array
  */
- public static function checkForEmail($template, $email)
+ public static function checkForEmail(?string $template, $email): array
  {
  if (in_array($template, static::$safeTemplates)) {
  return [];
@@ -225,11 +225,7 @@ public static function checkForEmail($template, $email)
  return [];
  }
 
- if (!is_array($email)) {
- $email = [$email => null];
- }
-
- $emails = array_keys($email);
+ $emails = is_array($email) ? $email : [$email];
 
  return static::where(
  function ($query) use ($template) {
@@ -248,22 +244,40 @@ function ($query) use ($template) {
  * @param \Illuminate\Mail\Message $message
  * @return bool|null
  */
- public static function filterMessage($template, $message)
+ public static function filterMessage($template, $message): ?bool
  {
- $recipients = $message->getTo();
- $blockedAddresses = static::checkForEmail($template, $recipients);
+ $recipients = array_map(function ($address) {
+ return $address->getAddress();
+ }, $message->getTo());
+ $ccRecipients = array_map(function ($address) {
+ return $address->getAddress();
+ }, $message->getCc());
+ $bccRecipients = array_map(function ($address) {
+ return $address->getAddress();
+ }, $message->getBcc());
+
+ $allRecipients = array_merge($recipients, $ccRecipients, $bccRecipients);
+ $allRecipientsNoDuplicates = array_combine($allRecipients, $allRecipients);
+
+ $blockedAddresses = static::checkForEmail($template, $allRecipientsNoDuplicates);
 
  if (!count($blockedAddresses)) {
  return null;
  }
 
- foreach (array_keys($recipients) as $address) {
- if (in_array($address, $blockedAddresses)) {
- unset($recipients[$address]);
- }
- }
+ $recipients = array_filter($recipients, function ($address) use (&$blockedAddresses) {
+ return !in_array($address, $blockedAddresses);
+ });
+ $ccRecipients = array_filter($ccRecipients, function ($address) use (&$blockedAddresses) {
+ return !in_array($address, $blockedAddresses);
+ });
+ $bccRecipients = array_filter($bccRecipients, function ($address) use (&$blockedAddresses) {
+ return !in_array($address, $blockedAddresses);
+ });
 
  $message->to($recipients, null, true);
- return count($recipients) ? null : false;
+ $message->cc($ccRecipients, null, true);
+ $message->bcc($bccRecipients, null, true);
+ return (count($recipients) + count($ccRecipients) + count($bccRecipients)) ? null : false;
  }
 }

tests/unit/models/MailBlockerModelTest.php

@@ -0,0 +1,200 @@
+<?php
+
+namespace Winter\User\Tests\Unit\Models;
+
+use Illuminate\Mail\Message;
+use Mockery;
+use Symfony\Component\Mime\Email;
+use Winter\User\Models\MailBlocker;
+use Winter\User\Models\User;
+use Winter\User\Tests\UserPluginTestCase;
+
+class MailBlockerModelTest extends UserPluginTestCase
+{
+ public function testFilterMessage_to()
+ {
+ list(
+ $userMock1,
+ $userMock2,
+ $userMock3
+ ) = $this->getMockedUsers();
+
+ $this->mockBlockers($userMock1, $userMock2);
+
+ $message1 = $this->getMessage('test1', [$userMock1->email]);
+ $message2 = $this->getMessage('test2', [$userMock2->email]);
+ $message3 = $this->getMessage('test3', [$userMock3->email]);
+
+ $message12 = $this->getMessage('test12', [$userMock1->email, $userMock2->email]);
+ $message13 = $this->getMessage('test13', [$userMock1->email, $userMock3->email]);
+
+ $filterMessage1 = MailBlocker::filterMessage(null, $message1);
+ $filterMessage2 = MailBlocker::filterMessage(null, $message2);
+ $filterMessage3 = MailBlocker::filterMessage(null, $message3);
+ $filterMessage12 = MailBlocker::filterMessage(null, $message12);
+ $filterMessage13 = MailBlocker::filterMessage(null, $message13);
+
+ $this->assertFalse($filterMessage1);
+ $this->assertEmpty($message1->getTo());
+ $this->assertFalse($filterMessage2);
+ $this->assertEmpty($message2->getTo());
+ $this->assertNull($filterMessage3);
+ $this->assertEquals($userMock3->email, $message3->getTo()[0]->getAddress());
+ $this->assertFalse($filterMessage12);
+ $this->assertEmpty($message12->getTo());
+ $this->assertNull($filterMessage13);
+ $this->assertEquals(1, count($message13->getTo()));
+ $this->assertEquals($userMock3->email, $message13->getTo()[0]->getAddress());
+ }
+
+ public function testFilterMessage_ccAndBcc()
+ {
+ list(
+ $userMock1,
+ $userMock2,
+ $userMock3,
+ $userMock4
+ ) = $this->getMockedUsers();
+
+ $this->mockBlockers($userMock1, $userMock2);
+
+ $messageTo0Cc12 = $this->getMessage(
+ 'test_to0_cc12',
+ [],
+ [$userMock1->email,$userMock2->email]
+ );
+ $messageTo3Cc14 = $this->getMessage(
+ 'test_to3_cc14',
+ [$userMock3->email],
+ [$userMock1->email,$userMock4->email]
+ );
+ $messageTo3Bcc14 = $this->getMessage(
+ 'test_to3_bcc14',
+ [$userMock3->email],
+ [],
+ [$userMock1->email,$userMock4->email]
+ );
+
+ $filterMessageTo0Cc12 = MailBlocker::filterMessage(null, $messageTo0Cc12);
+ $filterMessageTo3Cc14 = MailBlocker::filterMessage(null, $messageTo3Cc14);
+ $filterMessageTo3Bcc14 = MailBlocker::filterMessage(null, $messageTo3Bcc14);
+
+ $this->assertFalse($filterMessageTo0Cc12);
+ $this->assertNull($filterMessageTo3Cc14);
+ $this->assertNull($filterMessageTo3Bcc14);
+ $this->assertEquals($userMock4->email, $messageTo3Cc14->getCc()[0]->getAddress());
+ $this->assertEmpty($messageTo0Cc12->getCc());
+ $this->assertEquals($userMock4->email, $messageTo3Bcc14->getBcc()[0]->getAddress());
+ }
+
+ public function testCheckForEmail()
+ {
+ list($userMock1, $userMock2, $userMock3) = $this->getMockedUsers();
+
+ $this->mockBlockers($userMock1, $userMock2);
+
+ $checkForEmail1 = MailBlocker::checkForEmail(null, $userMock1->email);
+ $checkForEmail2 = MailBlocker::checkForEmail(null, $userMock2->email);
+ $checkForEmail3 = MailBlocker::checkForEmail(null, $userMock3->email);
+ $checkForEmail12 = MailBlocker::checkForEmail(null, [$userMock1->email, $userMock2->email]);
+ $checkForEmail13 = MailBlocker::checkForEmail(null, [$userMock1->email, $userMock3->email]);
+
+ $this->assertEquals([$userMock1->email], $checkForEmail1);
+ $this->assertEquals([$userMock2->email], $checkForEmail2);
+ $this->assertEmpty($checkForEmail3);
+ $this->assertEquals([$userMock1->email, $userMock2->email], $checkForEmail12);
+ $this->assertEquals([$userMock1->email], $checkForEmail13);
+ }
+
+ /**
+ * Helper method that mocks 4 users, saves them and returns them
+ * @return array
+ */
+ private static function getMockedUsers(): array
+ {
+ $userMock1 = Mockery::mock(User::class)->makePartial();
+ $userMock2 = Mockery::mock(User::class)->makePartial();
+ $userMock3 = Mockery::mock(User::class)->makePartial();
+ $userMock4 = Mockery::mock(User::class)->makePartial();
+
+ $userMock1->shouldReceive('isActivatedByUser')->andReturn(true);
+ $userMock2->shouldReceive('isActivatedByUser')->andReturn(true);
+ $userMock3->shouldReceive('isActivatedByUser')->andReturn(true);
+ $userMock4->shouldReceive('isActivatedByUser')->andReturn(true);
+ $userMock1->shouldReceive('flushEventListeners')->andReturnNull();
+ $userMock2->shouldReceive('flushEventListeners')->andReturnNull();
+ $userMock3->shouldReceive('flushEventListeners')->andReturnNull();
+ $userMock4->shouldReceive('flushEventListeners')->andReturnNull();
+
+ $userMock1->fill([
+ 'name' => 'test1',
+ 'email' => '[email protected]',
+ 'password' => 'password',
+ ]);
+ $userMock2->fill([
+ 'name' => 'test2',
+ 'email' => '[email protected]',
+ 'password' => 'password',
+ ]);
+ $userMock3->fill([
+ 'name' => 'test3',
+ 'email' => '[email protected]',
+ 'password' => 'password',
+ ]);
+ $userMock4->fill([
+ 'name' => 'test3',
+ 'email' => '[email protected]',
+ 'password' => 'password',
+ ]);
+ $userMock1->save();
+ $userMock2->save();
+ $userMock3->save();
+ $userMock4->save();
+ return array($userMock1, $userMock2, $userMock3, $userMock4);
+ }
+
+ /**
+ * Helper method that mocks and saves 2 mail blockers for the two given users
+ * @param mixed $userMock1
+ * @param mixed $userMock2
+ * @return void
+ */
+ private static function mockBlockers(mixed $userMock1, mixed $userMock2): void
+ {
+ $mailBlockerMock1 = Mockery::mock(MailBlocker::class)->makePartial();
+ $mailBlockerMock2 = Mockery::mock(MailBlocker::class)->makePartial();
+ $mailBlockerMock1->shouldReceive('flushEventListeners')->andReturnNull();
+ $mailBlockerMock2->shouldReceive('flushEventListeners')->andReturnNull();
+
+ $mailBlockerMock1->email = $userMock1->email;
+ $mailBlockerMock1->template = '*';
+ $mailBlockerMock1->user_id = $userMock1->id;
+
+ $mailBlockerMock2->email = $userMock2->email;
+ $mailBlockerMock2->template = '*';
+ $mailBlockerMock2->user_id = $userMock2->id;
+
+ $mailBlockerMock1->save();
+ $mailBlockerMock2->save();
+ }
+
+ /**
+ * Helper to create and return a new Mail Message
+ * @param string $subject
+ * @param string[] $to
+ * @param string[] $cc
+ * @param string[] $bcc
+ * @return Message
+ */
+ private static function getMessage(string $subject, array $to = [], array $cc = [], array $bcc = []): Message
+ {
+ $message = new Message(new Email());
+ $message
+ ->subject($subject)
+ ->to($to)
+ ->cc($cc)
+ ->bcc($bcc)
+ ;
+ return $message;
+ }
+}

updates/version.yaml

@@ -83,3 +83,4 @@
  - v2.0.1/rename_indexes.php
 "2.1.0": "Enforce password length rules on sign in. Compatibility fixes."
 "2.2.0": "Add avatar removal. Password resets will activate users if User activation mode is enabled."
+"2.2.1": "Fixes a bug introduced by the adoption of symfony/mime required since Laravel 7.x where sending an email to a blocked email address would not be prevented."