Allow insecure mail auth with "Reply-To" header

Summary: Quora wants to handle some moderation tasks with Phabricator, but want to lower the barrier to entry for the install and let moderators adopt it gradually. One request is to allow auth rules to be relaxed so we can auth based on Reply-To to make things easier. This is insecure if configured but not really a big deal and the patch isn't big or complicated. Test Plan: Sent a test email with bogus "From" but valid "Reply-To". It was rejected with this setting off, and allowed with this setting on. Reviewers: jungejason, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, jungejason Differential Revision: 842
2024-11-09 16:32:39 +01:00 · 2011-08-21 12:03:57 -07:00 · 2011-08-21 12:03:57 -07:00 · d1134810d6
commit d1134810d6
parent 04b4f04cb9
2 changed files with 28 additions and 1 deletions
--- a/conf/default.conf.php
+++ b/conf/default.conf.php
@ -253,6 +253,16 @@ return array(
  // Email" in the documentation for more information.
  'metamta.maniphest.public-create-email' => null,

+  // If you enable 'metamta.public-replies', Phabricator uses "From" to
+  // authenticate users. You can additionally enable this setting to try to
+  // authenticate with 'Reply-To'. Note that this is completely spoofable and
+  // insecure (any user can set any 'Reply-To' address) but depending on the
+  // nature of your install or other deliverability conditions this might be
+  // okay. Generally, you can't do much more by spoofing Reply-To than be
+  // annoying (you can write but not read content). But, you know, this is
+  // still **COMPLETELY INSECURE**.
+  'metamta.insecure-auth-with-reply-to' => false,
+

 // -- Auth ------------------------------------------------------------------ //

--- a/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php
+++ b/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php
@ -232,9 +232,26 @@ class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
    $from = idx($this->headers, 'from');
    $from = $this->getRawEmailAddress($from);

-    return id(new PhabricatorUser())->loadOneWhere(
+    $user = id(new PhabricatorUser())->loadOneWhere(
      'email = %s',
      $from);
+
+    // If Phabricator is configured to allow "Reply-To" authentication, try
+    // the "Reply-To" address if we failed to match the "From" address.
+    $config_key = 'metamta.insecure-auth-with-reply-to';
+    $allow_reply_to = PhabricatorEnv::getEnvConfig($config_key);
+
+    if (!$user && $allow_reply_to) {
+      $reply_to = idx($this->headers, 'reply-to');
+      $reply_to = $this->getRawEmailAddress($reply_to);
+      if ($reply_to) {
+        $user = id(new PhabricatorUser())->loadOneWhere(
+          'email = %s',
+          $reply_to);
+      }
+    }
+
+    return $user;
  }

 }