From 8d57201a62fd32040326635beb7de075b8434d56 Mon Sep 17 00:00:00 2001 From: nicholas evans Date: Tue, 19 Sep 2023 22:22:04 -0400 Subject: [PATCH] Stop using insecure deprecated Net::IMAP.new args This fixes the insecure `verify = false` argument that was previously unconfigurable. Now _any_ SSLContext params can be set on the IMAP connection. The original parameters have been undocumented since ~2007, will print deprecation warnings in the next release and will be removed in a year. Fixes #1586. --- lib/mail/network/retriever_methods/imap.rb | 8 +++-- .../network/retriever_methods/imap_spec.rb | 32 ++++++++++++++++++- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/lib/mail/network/retriever_methods/imap.rb b/lib/mail/network/retriever_methods/imap.rb index 76c900152..0ec84457a 100644 --- a/lib/mail/network/retriever_methods/imap.rb +++ b/lib/mail/network/retriever_methods/imap.rb @@ -164,9 +164,13 @@ def start(config=Mail::Configuration.instance, &block) raise ArgumentError, ":enable_starttls and :enable_ssl are mutually exclusive. Set :enable_ssl if you're on an IMAPS connection. Set :enable_starttls if you're on an IMAP connection and using STARTTLS for secure TLS upgrade." end - imap = Net::IMAP.new(settings[:address], settings[:port], settings[:enable_ssl], nil, false) + ssl = settings[:enable_ssl] + starttls = settings[:enable_starttls] + ssl &&= Hash.try_convert(ssl) || {} + starttls &&= Hash.try_convert(starttls) || {} - imap.starttls if settings[:enable_starttls] + imap = Net::IMAP.new(settings[:address], port: settings[:port], ssl: ssl) + imap.starttls(starttls) if starttls if settings[:authentication].nil? imap.login(settings[:user_name], settings[:password]) diff --git a/spec/mail/network/retriever_methods/imap_spec.rb b/spec/mail/network/retriever_methods/imap_spec.rb index 1f1f54eae..29425e743 100644 --- a/spec/mail/network/retriever_methods/imap_spec.rb +++ b/spec/mail/network/retriever_methods/imap_spec.rb @@ -269,6 +269,27 @@ end end + describe "Implicit SSL" do + before do + allow(Net::IMAP).to receive(:new).and_call_original + end + + it "calls Net::IMAP.new new with ssl keyword arg" do + Mail.find + expect(Net::IMAP).to have_received(:new) + .with("localhost", port: 993, ssl: {}) + end + + it "passes enable_ssl params to ssl keyword" do + Mail.defaults do + retriever_method :imap, port: 993, enable_ssl: {ca_file: "etc.ca"} + end + Mail.find + expect(Net::IMAP).to have_received(:new) + .with("localhost", port: 993, ssl: {ca_file: "etc.ca"}) + end + end + describe "STARTTLS" do before do @imap = MockIMAP.new @@ -280,7 +301,16 @@ retriever_method :imap, :enable_starttls => true end - expect(@imap).to receive(:starttls) + expect(@imap).to receive(:starttls).with({}) + Mail.find + end + + it "passes params to starttls" do + Mail.defaults do + retriever_method :imap, enable_starttls: {attr1: :val1, attr2: "v2"} + end + + expect(@imap).to receive(:starttls).with({attr1: :val1, attr2: "v2"}) Mail.find end