feat(preferences): can set SOGoForwardConstraints to 3 to accept both…

… internal and external domains from SOGoForwardConstraintsDomains
Alinto · Nov 10, 2023 · c872fb4 · c872fb4
1 parent d163405
commit c872fb4
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 8 deletions.
diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc
@@ -2280,12 +2280,14 @@ Defaults to `NO` when unset.
 |D |SOGoForwardConstraints
 |Parameter used to set constraints on possible addresses used when
 automatically forwarding mails. When set to `0` (default), no constraint
-is enforced. When set to `1`, only internal domains can be used. When
-set to `2`, only external domains can be used.
+is enforced. When set to `1`, only internal domains can be used.
+When set to `2`, only external domains defined in `SOGoForwardConstraintsDomains`
+can be used. When set to `3`, internal domains and other domains defined
+in `SOGoForwardConstraintsDomains` can be used.
 
 |D |SOGoForwardConstraintsDomains
-|Parameter used to set which domains are allowed as external domains
-when SOGoForwardConstraints is set to `2`. For example, setting:
+|Parameter used to set which external domains are allowed
+when SOGoForwardConstraints is set to `2` or `3`. For example, setting:
 
 SOGoForwardConstraintsDomains = ("gmail.com", "googlemail.com");
 

diff --git a/SoObjects/SOGo/NSString+Utilities.h b/SoObjects/SOGo/NSString+Utilities.h
@@ -65,6 +65,7 @@
 - (id) objectFromJSONString;
 
 /* bare email addresses */
+- (NSString *) mailDomain;
 - (NSString *) pureEMailAddress;
 
 - (NSString *) asQPSubjectString: (NSString *) encoding;

diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m
@@ -609,6 +609,18 @@ - (NSString *) fromCSSIdentifier
   return newString;
 }
 
+
+- (NSString *) mailDomain
+{
+  NSArray *mailSeparated;
+
+  mailSeparated = [self componentsSeparatedByString: @"@"];
+  if([mailSeparated count] == 2)
+    return [mailSeparated objectAtIndex: 1];
+  [self logWithFormat: @"Error while extracting domain from : %@", self];
+  return nil;
+}
+
 - (NSString *) pureEMailAddress
 {
   NSString *pureAddress;

diff --git a/SoObjects/SOGo/SOGoDomainDefaults.m b/SoObjects/SOGo/SOGoDomainDefaults.m
@@ -217,7 +217,7 @@ - (int) forwardConstraints
 
   v =  [self integerForKey: @"SOGoForwardConstraints"];
 
-  return (v > 2 ? 0 : v);
+  return (v > 3 ? 0 : v);
 }
 
 - (NSArray *) forwardConstraintsDomains

diff --git a/UI/PreferencesUI/UIxPreferences.m b/UI/PreferencesUI/UIxPreferences.m
@@ -1532,6 +1532,44 @@ - (NSString *) forwardEnabled
   return (forwardEnabled ? @"true" : @"false");
 }
 
+- (BOOL) doForwardsMatchTheConstraints: (NSArray *) forwardMails
+{
+  NSArray *allUserMails, *domainConstraints;
+  NSMutableArray *allUserDomains;
+  NSString *currentMail, *currentDomain, *userMail;
+  SOGoDomainDefaults *dd;
+  int constraint;
+
+  dd = [[context activeUser] domainDefaults];
+  constraint = [dd forwardConstraints];
+
+  if(constraint > 0)
+  {
+    allUserMails = [[user allEmails] uniqueObjects];
+    allUserDomains = [NSMutableArray array];
+    for(userMail in allUserMails)
+    {
+      [allUserDomains push: [userMail mailDomain]];
+    }
+    for(currentMail in forwardMails)
+    {
+      currentDomain = [currentMail mailDomain];
+      domainConstraints = [dd forwardConstraintsDomains];
+      if (constraint == 1 && [allUserDomains indexOfObject: currentDomain] == NSNotFound)
+        return NO;
+      else if (constraint == 2 && [allUserDomains indexOfObject: currentDomain] != NSNotFound)
+        return NO;
+      else if (constraint == 2 && (!domainConstraints || [domainConstraints indexOfObject: currentDomain] == NSNotFound))
+        return NO;
+      else if (constraint == 3 && 
+              [allUserDomains indexOfObject: currentDomain] == NSNotFound &&
+                (!domainConstraints || [domainConstraints indexOfObject: currentDomain] == NSNotFound))
+        return NO;
+    }
+  }
+  return YES;
+}
+
 /**
  * @api {post} /so/:username/Preferences/save Save user's defaults and settings
  * @apiVersion 1.0.0
@@ -1561,8 +1599,8 @@ - (NSString *) forwardEnabled
   if ((v = [o objectForKey: @"defaults"]))
     {
       NSMutableDictionary *sanitizedLabels;
-      NSArray *allKeys, *accounts, *identities;
-      NSDictionary *newLabels;
+      NSArray *allKeys, *accounts, *identities, *forwardMails;
+      NSDictionary *newLabels, *forwardPref;
       NSString *name;
       id loginModule;
 
@@ -1600,6 +1638,20 @@ - (NSString *) forwardEnabled
           [v removeObjectForKey: @"SOGoAlternateAvatar"];
           [[[user userDefaults] source] removeObjectForKey: @"SOGoAlternateAvatar"];
         }
+
+      //We check if there are forward constraints
+      forwardPref = [v objectForKey: @"Forward"];
+      if(forwardPref && [forwardPref isKindOfClass: [NSDictionary class]]
+                     && [forwardPref objectForKey: @"enabled"]
+                     && [[forwardPref objectForKey: @"enabled"] boolValue])
+      {
+        BOOL doForward = NO;
+        forwardMails = [forwardPref objectForKey: @"forwardAddress"];
+        if (forwardMails && [forwardMails isKindOfClass: [NSArray class]] && [forwardMails count]>0)
+          doForward = [self doForwardsMatchTheConstraints: [forwardPref objectForKey: @"forwardAddress"]];
+        if(!doForward)
+          [v removeObjectForKey: @"Forward"];
+      }
 
       if ([self userHasMailAccess])
         {
@@ -1658,7 +1710,7 @@ - (NSString *) forwardEnabled
                   // - forceDefaultIdentity                => SOGoMailForceDefaultIdentity
                   // - receipts.receiptAction              => SOGoMailReceiptAllow
                   // - receipts.receiptNonRecipientAction  => SOGoMailReceiptNonRecipientAction
-                  // - receipts.receiptOutsideDomainAction => SOGoMailReceiptOutsideDomainAction
+                  // - receipts.receiptOutsideDomaforwardAddressinAction => SOGoMailReceiptOutsideDomainAction
                   // - receipts.receiptAnyAction           => SOGoMailReceiptAnyAction
                   // - security.alwaysSign                 => SOGoMailCertificateAlwaysSign
                   // - security.alwaysEncrypt              => SOGoMailCertificateAlwaysEncrypt

diff --git a/UI/WebServerResources/js/Preferences/PreferencesController.js b/UI/WebServerResources/js/Preferences/PreferencesController.js
@@ -394,6 +394,13 @@
                  $window.forwardConstraintsDomains.indexOf(domain) < 0) {
           throw new Error(l("You are not allowed to forward your messages to this domain:") + " " + domain);
         }
+        else if ($window.forwardConstraints == 3 &&
+                  domains.indexOf(domain) < 0 &&
+                    ($window.forwardConstraintsDomains.length > 0 &&
+                    $window.forwardConstraintsDomains.indexOf(domain) < 0)) {
+          // If constraints mode is 3 and the domain is not an internal nor in forwardConstraintsDomains list, throw an error
+          throw new Error(l("You are not allowed to forward your messages to this domain:")+ " " + domain);
+        }
       }
 
       return true;