Verify emails when creating an email connector, even if allowedDomains is not provided. (#133859)

2025-04-23 09:19:04 -04:00 · 2022-06-28 13:46:33 +02:00 · 2022-06-28 13:46:33 +02:00 · 2b6fc197cb
commit 2b6fc197cb
parent d6f2dc1042
3 changed files with 26 additions and 28 deletions
--- a/x-pack/plugins/actions/common/validate_email_addresses.test.ts
+++ b/x-pack/plugins/actions/common/validate_email_addresses.test.ts
@ -182,11 +182,13 @@ describe('validate_email_address', () => {
          },
          Object {
            "address": "totally invalid",
-            "valid": true,
+            "reason": "invalid",
+            "valid": false,
          },
          Object {
            "address": "{{sneaky}}",
-            "valid": true,
+            "reason": "invalid",
+            "valid": false,
          },
        ]
      `);
@ -226,7 +228,8 @@ describe('validate_email_address', () => {
          },
          Object {
            "address": "totally invalid",
-            "valid": true,
+            "reason": "invalid",
+            "valid": false,
          },
          Object {
            "address": "{{sneaky}}",
--- a/x-pack/plugins/actions/common/validate_email_addresses.ts
+++ b/x-pack/plugins/actions/common/validate_email_addresses.ts
@ -27,13 +27,6 @@ export function validateEmailAddresses(
  addresses: string[],
  options: ValidateEmailAddressesOptions = {}
 ): ValidatedEmail[] {
-  // note: this is the legacy default, which would in theory allow
-  // mustache strings, so options.allowMustache is ignored in this
-  // case - everything is valid!
-  if (allowedDomains == null) {
-    return validateEmailAddressesAsAlwaysValid(addresses);
-  }
-
  return addresses.map((address) => validateEmailAddress(allowedDomains, address, options));
 }

@ -60,7 +53,7 @@ export function invalidEmailsAsMessage(validatedEmails: ValidatedEmail[]): strin

 // in case the npm email-addresses returns unexpected things ...
 function validateEmailAddress(
-  allowedDomains: string[],
+  allowedDomains: string[] | null,
  address: string,
  options: ValidateEmailAddressesOptions
 ): ValidatedEmail {
@ -80,32 +73,33 @@ function validateEmailAddress(
  }
 }

-function validateEmailAddress_(allowedDomains: string[], address: string): ValidatedEmail {
+function validateEmailAddress_(allowedDomains: string[] | null, address: string): ValidatedEmail {
  const emailAddresses = parseAddressList(address);
  if (emailAddresses == null) {
    return { address, valid: false, reason: InvalidEmailReason.invalid };
  }

-  const allowedDomainsSet = new Set(allowedDomains);
+  if (allowedDomains !== null) {
+    const allowedDomainsSet = new Set(allowedDomains);

-  for (const emailAddress of emailAddresses) {
-    let domains: string[] = [];
+    for (const emailAddress of emailAddresses) {
+      let domains: string[] = [];

-    if (emailAddress.type === 'group') {
-      domains = emailAddress.addresses.map((groupAddress) => groupAddress.domain);
-    } else if (emailAddress.type === 'mailbox') {
-      domains = [emailAddress.domain];
-    } else {
-      return { address, valid: false, reason: InvalidEmailReason.invalid };
-    }
+      if (emailAddress.type === 'group') {
+        domains = emailAddress.addresses.map((groupAddress) => groupAddress.domain);
+      } else if (emailAddress.type === 'mailbox') {
+        domains = [emailAddress.domain];
+      } else {
+        return { address, valid: false, reason: InvalidEmailReason.invalid };
+      }

-    for (const domain of domains) {
-      if (!allowedDomainsSet.has(domain)) {
-        return { address, valid: false, reason: InvalidEmailReason.notAllowed };
+      for (const domain of domains) {
+        if (!allowedDomainsSet.has(domain)) {
+          return { address, valid: false, reason: InvalidEmailReason.notAllowed };
+        }
      }
    }
  }
-
  return { address, valid: true };
 }

--- a/x-pack/plugins/actions/public/plugin.test.ts
+++ b/x-pack/plugins/actions/public/plugin.test.ts
@ -12,7 +12,7 @@ describe('Actions Plugin', () => {
  describe('setup()', () => {
    const emails = ['bob@elastic.co', 'jim@somewhere.org', 'not an email'];

-    it('should allow all emails when not using email allowlist config', async () => {
+    it('should allow all the valid emails when not using email allowlist config', async () => {
      const context = coreMock.createPluginInitializerContext({});
      const plugin = new Plugin(context);
      const pluginSetup = plugin.setup();
@ -29,7 +29,8 @@ describe('Actions Plugin', () => {
          },
          Object {
            "address": "not an email",
-            "valid": true,
+            "reason": "invalid",
+            "valid": false,
          },
        ]
      `);