This is an automated email from the ASF dual-hosted git repository. rcordier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit afe9df74619dfddc3a13235cbf3b4b9b63194726 Author: Benoit TELLIER <[email protected]> AuthorDate: Wed Jun 19 11:19:42 2024 +0200 JAMES-4044 Implement SenderHasLDAPAttribute matcher --- .../transport/matchers/SenderHasLDAPAttribute.java | 130 ++++++++++++++ .../matchers/SenderHasLDAPAttributeTest.java | 198 +++++++++++++++++++++ 2 files changed, 328 insertions(+) diff --git a/server/mailet/ldap/src/main/java/org/apache/james/transport/matchers/SenderHasLDAPAttribute.java b/server/mailet/ldap/src/main/java/org/apache/james/transport/matchers/SenderHasLDAPAttribute.java new file mode 100644 index 0000000000..e4103d4f00 --- /dev/null +++ b/server/mailet/ldap/src/main/java/org/apache/james/transport/matchers/SenderHasLDAPAttribute.java @@ -0,0 +1,130 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.transport.matchers; + +import java.util.Collection; +import java.util.Optional; + +import jakarta.inject.Inject; +import jakarta.mail.MessagingException; + +import org.apache.james.core.Domain; +import org.apache.james.core.MailAddress; +import org.apache.james.user.ldap.LDAPConnectionFactory; +import org.apache.james.user.ldap.LdapRepositoryConfiguration; +import org.apache.mailet.Mail; +import org.apache.mailet.base.GenericMatcher; + +import com.github.fge.lambdas.Throwing; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; +import com.unboundid.ldap.sdk.Attribute; +import com.unboundid.ldap.sdk.Filter; +import com.unboundid.ldap.sdk.LDAPConnectionPool; +import com.unboundid.ldap.sdk.LDAPException; +import com.unboundid.ldap.sdk.LDAPSearchException; +import com.unboundid.ldap.sdk.SearchResult; +import com.unboundid.ldap.sdk.SearchScope; + +public class SenderHasLDAPAttribute extends GenericMatcher { + private final LDAPConnectionPool ldapConnectionPool; + private final LdapRepositoryConfiguration configuration; + private final Filter objectClassFilter; + private final Optional<Filter> userExtraFilter; + private String attributeName; + private String attributeValue; + private String[] attributes; + + @Inject + public SenderHasLDAPAttribute(LdapRepositoryConfiguration configuration) throws LDAPException { + this.configuration = configuration; + ldapConnectionPool = new LDAPConnectionFactory(this.configuration).getLdapConnectionPool(); + + userExtraFilter = Optional.ofNullable(configuration.getFilter()) + .map(Throwing.function(Filter::create).sneakyThrow()); + objectClassFilter = Filter.createEqualityFilter("objectClass", configuration.getUserObjectClass()); + } + + @Override + public void init() throws MessagingException { + String condition = getCondition().trim(); + int commaPosition = condition.indexOf(':'); + + if (-1 == commaPosition) { + throw new MessagingException("Syntax Error. Missing ':'."); + } + + if (0 == commaPosition) { + throw new MessagingException("Syntax Error. Missing attribute name."); + } + + attributeName = condition.substring(0, commaPosition).trim(); + attributeValue = condition.substring(commaPosition + 1).trim(); + attributes = ImmutableSet.builder() + .add(configuration.getReturnedAttributes()) + .add(attributeName) + .build().toArray(String[]::new); + } + + @Override + public Collection<MailAddress> match(Mail mail) { + boolean matches = mail.getMaybeSender().asOptional() + .map(this::hasAttribute) + .orElse(false); + if (matches) { + return mail.getRecipients(); + } + return ImmutableList.of(); + } + + private boolean hasAttribute(MailAddress rcpt) { + try { + SearchResult searchResult = ldapConnectionPool.search(userBase(rcpt), + SearchScope.SUB, + createFilter(rcpt.asString(), configuration.getUserIdAttribute()), + attributes); + + return searchResult.getSearchEntries().stream() + .anyMatch(entry -> Optional.ofNullable(entry.getAttribute(attributeName)) + .map(Attribute::getValue) + .map(attributeValue::equals) + .orElse(false)); + + } catch (LDAPSearchException e) { + throw new RuntimeException("Failed searching LDAP", e); + } + } + + private Filter createFilter(String retrievalName, String ldapUserRetrievalAttribute) { + Filter specificUserFilter = Filter.createEqualityFilter(ldapUserRetrievalAttribute, retrievalName); + return userExtraFilter + .map(extraFilter -> Filter.createANDFilter(objectClassFilter, specificUserFilter, extraFilter)) + .orElseGet(() -> Filter.createANDFilter(objectClassFilter, specificUserFilter)); + } + + private String userBase(MailAddress mailAddress) { + return userBase(mailAddress.getDomain()); + } + + private String userBase(Domain domain) { + return configuration.getPerDomainBaseDN() + .getOrDefault(domain, configuration.getUserBase()); + } +} diff --git a/server/mailet/ldap/src/test/java/org/apache/james/transport/matchers/SenderHasLDAPAttributeTest.java b/server/mailet/ldap/src/test/java/org/apache/james/transport/matchers/SenderHasLDAPAttributeTest.java new file mode 100644 index 0000000000..02ebabc2b3 --- /dev/null +++ b/server/mailet/ldap/src/test/java/org/apache/james/transport/matchers/SenderHasLDAPAttributeTest.java @@ -0,0 +1,198 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.transport.matchers; + +import static org.apache.james.user.ldap.DockerLdapSingleton.ADMIN; +import static org.apache.james.user.ldap.DockerLdapSingleton.ADMIN_PASSWORD; +import static org.assertj.core.api.Assertions.assertThat; + +import java.util.Collection; +import java.util.Optional; + +import org.apache.commons.configuration2.HierarchicalConfiguration; +import org.apache.commons.configuration2.plist.PropertyListConfiguration; +import org.apache.commons.configuration2.tree.ImmutableNode; +import org.apache.james.core.MailAddress; +import org.apache.james.core.Username; +import org.apache.james.user.ldap.DockerLdapSingleton; +import org.apache.james.user.ldap.LdapGenericContainer; +import org.apache.james.user.ldap.LdapRepositoryConfiguration; +import org.apache.mailet.base.test.FakeMail; +import org.apache.mailet.base.test.FakeMatcherConfig; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; + +class SenderHasLDAPAttributeTest { + + static LdapGenericContainer ldapContainer = DockerLdapSingleton.ldapContainer; + + @BeforeAll + static void setUpAll() { + ldapContainer.start(); + } + + @AfterAll + static void afterAll() { + ldapContainer.stop(); + } + + @Test + void shouldReturnSenderWhenHasAttribute() throws Exception { + SenderHasLDAPAttribute testee = new SenderHasLDAPAttribute(LdapRepositoryConfiguration.from(ldapRepositoryConfigurationWithVirtualHosting(ldapContainer))); + FakeMatcherConfig matcherConfig = FakeMatcherConfig.builder() + .matcherName("HasLDAPAttribute") + .condition("description:abcdef") + .build(); + testee.init(matcherConfig); + + MailAddress sender = new MailAddress("[email protected]"); + MailAddress recipient = new MailAddress("[email protected]"); + Collection<MailAddress> matched = testee.match(FakeMail.builder() + .name("default-id") + .sender(sender) + .recipient(recipient) + .build()); + + assertThat(matched).containsOnly(recipient); + } + + @Test + void shouldReturnEmptyWhenNoSender() throws Exception { + SenderHasLDAPAttribute testee = new SenderHasLDAPAttribute(LdapRepositoryConfiguration.from(ldapRepositoryConfigurationWithVirtualHosting(ldapContainer))); + FakeMatcherConfig matcherConfig = FakeMatcherConfig.builder() + .matcherName("HasLDAPAttribute") + .condition("description:abcdef") + .build(); + testee.init(matcherConfig); + + MailAddress recipient = new MailAddress("[email protected]"); + Collection<MailAddress> matched = testee.match(FakeMail.builder() + .name("default-id") + .recipient(recipient) + .build()); + + assertThat(matched).isEmpty(); + } + + @Test + void shouldReturnEmptyWhenHasNoAttribute() throws Exception { + SenderHasLDAPAttribute testee = new SenderHasLDAPAttribute(LdapRepositoryConfiguration.from(ldapRepositoryConfigurationWithVirtualHosting(ldapContainer))); + FakeMatcherConfig matcherConfig = FakeMatcherConfig.builder() + .matcherName("HasLDAPAttribute") + .condition("description:abcdef") + .build(); + testee.init(matcherConfig); + + MailAddress sender = new MailAddress("[email protected]"); + MailAddress recipient = new MailAddress("[email protected]"); + Collection<MailAddress> matched = testee.match(FakeMail.builder() + .name("default-id") + .sender(sender) + .recipient(recipient) + .build()); + + assertThat(matched).isEmpty(); + } + + @Test + void shouldReturnEmptyWhenHasBadAttribute() throws Exception { + SenderHasLDAPAttribute testee = new SenderHasLDAPAttribute(LdapRepositoryConfiguration.from(ldapRepositoryConfigurationWithVirtualHosting(ldapContainer))); + FakeMatcherConfig matcherConfig = FakeMatcherConfig.builder() + .matcherName("HasLDAPAttribute") + .condition("description:abcdefg") + .build(); + testee.init(matcherConfig); + + MailAddress sender = new MailAddress("[email protected]"); + MailAddress recipient = new MailAddress("[email protected]"); + Collection<MailAddress> matched = testee.match(FakeMail.builder() + .name("default-id") + .sender(sender) + .recipient(recipient) + .build()); + + assertThat(matched).isEmpty(); + } + + @Test + void shouldReturnEmptyWhenHasPartialAttribute() throws Exception { + SenderHasLDAPAttribute testee = new SenderHasLDAPAttribute(LdapRepositoryConfiguration.from(ldapRepositoryConfigurationWithVirtualHosting(ldapContainer))); + FakeMatcherConfig matcherConfig = FakeMatcherConfig.builder() + .matcherName("HasLDAPAttribute") + .condition("description:abcde") + .build(); + testee.init(matcherConfig); + + MailAddress sender = new MailAddress("[email protected]"); + MailAddress recipient = new MailAddress("[email protected]"); + Collection<MailAddress> matched = testee.match(FakeMail.builder() + .name("default-id") + .sender(sender) + .recipient(recipient) + .build()); + + assertThat(matched).isEmpty(); + } + + @Test + void shouldReturnEmptyWhenHasLongerAttributeName() throws Exception { + SenderHasLDAPAttribute testee = new SenderHasLDAPAttribute(LdapRepositoryConfiguration.from(ldapRepositoryConfigurationWithVirtualHosting(ldapContainer))); + FakeMatcherConfig matcherConfig = FakeMatcherConfig.builder() + .matcherName("HasLDAPAttribute") + .condition("descriptionaaa:abcdef") + .build(); + testee.init(matcherConfig); + + MailAddress sender = new MailAddress("[email protected]"); + MailAddress recipient = new MailAddress("[email protected]"); + Collection<MailAddress> matched = testee.match(FakeMail.builder() + .name("default-id") + .sender(sender) + .recipient(recipient) + .build()); + + assertThat(matched).isEmpty(); + } + + static HierarchicalConfiguration<ImmutableNode> ldapRepositoryConfigurationWithVirtualHosting(LdapGenericContainer ldapContainer) { + return ldapRepositoryConfigurationWithVirtualHosting(ldapContainer, Optional.of(ADMIN)); + } + + static HierarchicalConfiguration<ImmutableNode> ldapRepositoryConfigurationWithVirtualHosting(LdapGenericContainer ldapContainer, Optional<Username> administrator) { + PropertyListConfiguration configuration = baseConfiguration(ldapContainer); + configuration.addProperty("[@userIdAttribute]", "mail"); + configuration.addProperty("supportsVirtualHosting", true); + administrator.ifPresent(username -> configuration.addProperty("[@administratorId]", username.asString())); + return configuration; + } + + private static PropertyListConfiguration baseConfiguration(LdapGenericContainer ldapContainer) { + PropertyListConfiguration configuration = new PropertyListConfiguration(); + configuration.addProperty("[@ldapHost]", ldapContainer.getLdapHost()); + configuration.addProperty("[@principal]", "cn=admin,dc=james,dc=org"); + configuration.addProperty("[@credentials]", ADMIN_PASSWORD); + configuration.addProperty("[@userBase]", "ou=people,dc=james,dc=org"); + configuration.addProperty("[@userObjectClass]", "inetOrgPerson"); + configuration.addProperty("[@connectionTimeout]", "2000"); + configuration.addProperty("[@readTimeout]", "2000"); + return configuration; + } +} \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
