linagora / james-project

Mirror of Apache James Project

Apache License 2.0

70 stars 63 forks source link

User should not be able to see and use updated server-set identity once deleted by Admin #5113

Closed quantranhong1999 closed 5 months ago

quantranhong1999 commented 6 months ago

Why

rf: https://github.com/apache/james-project/pull/2083#discussion_r1512094480

Today: GIVEN BOB update a server-set JMAP identity e.g. an alias bob-alias@domain.tld WHEN James admin deletes the alias THEN the updated custom identity would not be able to be cleaned up, BOB would keep sending mail with the alias while RRT would reject the identity.

Expect: After the alias is deleted by the admin, BOB should not be able to use the identity anymore.

How

Write the test to reproduce the issue
Fix: either clean the JMAP identity out of DB upon James admin deleting the alias, or filtering at retrieval time via IdentityRepository?

DoD

Fixed.

chibenwa commented 6 months ago

filtering at retrieval time via IdentityRepository

This might be the easiest to achieve: verify at read time that the user still have the right to use that identity address...

hungphan227 commented 5 months ago

I found that these tests have already existed in IdentitySetContract:

givenServerSetAliasAndCreateACustomIdentityWithItWhenAdminRemoveThatAliasThenFetchThatIdentityShouldNoLongerReturn givenServerSetAliasAndCreateACustomIdentityWhenAdminRemoveThatAliasThenUpdateThatIdentityShouldFail givenServerSetAliasAndUserUpdateItWhenAdminRemoveThatAliasThenFetchThatIdentityShouldNoLongerReturn givenServerSetAliasAndUserUpdateItWhenAdminRemoveThatAliasThenUpdateThatIdentityShouldFail

quantranhong1999 commented 5 months ago

I found that these tests have already existed in IdentitySetContract:

Thanks for checking. Likely we were already safe from this.