fix(GODT-3153): Do not take into account full address when hasing mes…

internal/session/handle_append.go

@@ -9,7 +9,7 @@ import (
 	"github.com/ProtonMail/gluon/internal/state"
 	"github.com/ProtonMail/gluon/profiling"
 	"github.com/ProtonMail/gluon/reporter"
-	"github.com/ProtonMail/gluon/rfc5322"
+	"github.com/ProtonMail/gluon/rfcvalidation"
 )
 
 func (s *Session) handleAppend(ctx context.Context, tag string, cmd *command.Append, ch chan response.Response) error {
@@ -33,7 +33,7 @@ func (s *Session) handleAppend(ctx context.Context, tag string, cmd *command.App
 		}
 
 		if !isDrafts {
-			if err := rfc5322.ValidateMessageHeaderFields(cmd.Literal); err != nil {
+			if err := rfcvalidation.ValidateMessageHeaderFields(cmd.Literal); err != nil {
 				return response.Bad(tag).WithError(err)
 			}
 		}

rfc822/hash.go

@@ -8,6 +8,7 @@ import (
 	"mime/quotedprintable"
 	"strings"
 
+	"github.com/ProtonMail/gluon/rfc5322"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/maps"
 	"golang.org/x/exp/slices"
@@ -34,23 +35,23 @@ func GetMessageHash(b []byte) (string, error) {
 		return "", err
 	}
 
-	if _, err := h.Write([]byte(header.Get("From"))); err != nil {
+	if _, err := h.Write([]byte(getAddresses(header.Get("From")))); err != nil {
 		return "", err
 	}
 
-	if _, err := h.Write([]byte(header.Get("To"))); err != nil {
+	if _, err := h.Write([]byte(getAddresses(header.Get("To")))); err != nil {
 		return "", err
 	}
 
-	if _, err := h.Write([]byte(header.Get("Cc"))); err != nil {
+	if _, err := h.Write([]byte(getAddresses(header.Get("Cc")))); err != nil {
 		return "", err
 	}
 
-	if _, err := h.Write([]byte(header.Get("Reply-To"))); err != nil {
+	if _, err := h.Write([]byte(getAddresses(header.Get("Reply-To")))); err != nil {
 		return "", err
 	}
 
-	if _, err := h.Write([]byte(header.Get("In-Reply-To"))); err != nil {
+	if _, err := h.Write([]byte(getAddresses(header.Get("In-Reply-To")))); err != nil {
 		return "", err
 	}
 
@@ -152,3 +153,18 @@ func hashBody(writer io.Writer, body []byte, mimeType MIMEType, encoding string)
 
 	return err
 }
+
+func getAddresses(fieldAddr string) string {
+	var addresses string
+
+	addrList, err := rfc5322.ParseAddressList(fieldAddr)
+	if err != nil {
+		return fieldAddr
+	}
+
+	for _, addr := range addrList {
+		addresses += addr.Address
+	}
+
+	return addresses
+}

rfc5322/validation.go → rfcvalidation/validation.go

@@ -1,9 +1,10 @@
-package rfc5322
+package rfcvalidation
 
 import (
 	"errors"
 	"fmt"
 
+	"github.com/ProtonMail/gluon/rfc5322"
 	"github.com/ProtonMail/gluon/rfc822"
 )
 
@@ -37,7 +38,7 @@ func ValidateMessageHeaderFields(literal []byte) error {
 		}
 
 		// Check if From is a multi address. If so, a sender filed must be present and non-empty.
-		addresses, err := ParseAddressList(value)
+		addresses, err := rfc5322.ParseAddressList(value)
 		if err != nil {
 			return fmt.Errorf("%w: failed to parse From header: %v", ErrInvalidMessage, err)
 		}
@@ -47,7 +48,7 @@ func ValidateMessageHeaderFields(literal []byte) error {
 			if len(senderValue) == 0 {
 				return fmt.Errorf("%w: Required header field 'Sender' not found or empty", ErrInvalidMessage)
 			}
-			_, err := ParseAddress(senderValue)
+			_, err := rfc5322.ParseAddress(senderValue)
 			if err != nil {
 				return fmt.Errorf("%w: failed to parse Sender header: %v", ErrInvalidMessage, err)
 			}
@@ -58,7 +59,7 @@ func ValidateMessageHeaderFields(literal []byte) error {
 					return fmt.Errorf("%w: Required header field 'Sender' should not be empty", ErrInvalidMessage)
 				}
 
-				_, err := ParseAddress(senderValue)
+				_, err := rfc5322.ParseAddress(senderValue)
 				if err != nil {
 					return fmt.Errorf("%w: failed to parse Sender header: %v", ErrInvalidMessage, err)
 				}

rfc5322/validation_test.go → rfcvalidation/validation_test.go

@@ -1,4 +1,4 @@
-package rfc5322
+package rfcvalidation
 
 import (
 	"testing"