Commit Graph

7 Commits

Author SHA1 Message Date
renovate[bot]
e7bb7a47ed Update dependency typescript to v5.4.5 2024-04-16 09:08:58 +02:00
renovate[bot]
0c119e2464 Update dependency typescript to v5.4.4 2024-04-15 09:47:55 +02:00
renovate[bot]
092f982fec Update dependency typescript to v5.4.3 2024-03-21 09:28:10 +01:00
renovate[bot]
0162fea441 Update dependency typescript to v5.4.2 2024-03-11 17:16:17 +01:00
renovate[bot]
996ca6ac87 Update dependency ts-node to v10.9.2 2023-12-09 10:51:51 +01:00
renovate[bot]
1c04bdbdb2 Update dependency typescript to v5.3.3 2023-12-06 21:29:30 +01:00
Simon Backx
17ec1e8937
Added email address alignment protections (#19094)
ref GRO-54
fixes GRO-63
fixes GRO-62
fixes GRO-69

When the config `hostSettings:managedEmail:enabled` is enabled, or the
new flag (`newEmailAddresses`) is enabled for self-hosters, we'll start
to check the from addresses of all outgoing emails more strictly.

- Current flow: nothing changes if the managedEmail config is not set or
the `newEmailAddresses` feature flag is not set
- When managedEmail is enabled: never allow to send an email from any
chosen email. We always use `mail.from` for all outgoing emails. Custom
addresses should be set as replyTo instead. Changing the newsletter
sender_email is not allowed anymore (and ignored if it is set).
- When managedEmail is enabled with a custom sending domain: if a from
address doesn't match the sending domain, we'll default to mail.from and
use the original as a replyTo if appropriate and only when no other
replyTo was set. A newsletter sender email addresss can only be set to
an email address on this domain.
- When `newEmailAddresses` is enabled: self hosters are free to set all
email addresses to whatever they want, without verification. In addition
to that, we stop making up our own email addresses and send from
`mail.from` by default instead of generating a `noreply`+ `@` +
`sitedomain.com` address

A more in depth example of all cases can be seen in
`ghost/core/test/integration/services/email-addresses.test.js`

Includes lots of new E2E tests for most new situations. Apart from that,
all email snapshots are changed because the from and replyTo addresses
are now included in snapshots (so we can see unexpected changes in the
future).

Dropped test coverage requirement, because tests were failing coverage
locally, but not in CI

Fixed settings test that set the site title to an array - bug tracked in
GRO-68
2023-11-23 10:25:30 +01:00