From 691e2068541f6fab161daddbfe8b3e17418f0f80 Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Thu, 7 May 2020 09:49:37 +0100 Subject: [PATCH] SES - Validate domain before send_raw_email --- moto/ses/models.py | 4 +-- tests/test_ses/test_ses_boto3.py | 47 +++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/moto/ses/models.py b/moto/ses/models.py index 91241f706..75c25a0a3 100644 --- a/moto/ses/models.py +++ b/moto/ses/models.py @@ -189,7 +189,7 @@ class SESBackend(BaseBackend): def send_raw_email(self, source, destinations, raw_data, region): if source is not None: _, source_email_address = parseaddr(source) - if source_email_address not in self.addresses: + if not self._is_verified_address(source_email_address): raise MessageRejectedError( "Did not have authority to send from email %s" % source_email_address @@ -202,7 +202,7 @@ class SESBackend(BaseBackend): raise MessageRejectedError("Source not specified") _, source_email_address = parseaddr(message["from"]) - if source_email_address not in self.addresses: + if not self._is_verified_address(source_email_address): raise MessageRejectedError( "Did not have authority to send from email %s" % source_email_address diff --git a/tests/test_ses/test_ses_boto3.py b/tests/test_ses/test_ses_boto3.py index de8aa0813..7f64e5f71 100644 --- a/tests/test_ses/test_ses_boto3.py +++ b/tests/test_ses/test_ses_boto3.py @@ -139,19 +139,7 @@ def test_send_html_email(): def test_send_raw_email(): conn = boto3.client("ses", region_name="us-east-1") - message = MIMEMultipart() - message["Subject"] = "Test" - message["From"] = "test@example.com" - message["To"] = "to@example.com, foo@example.com" - - # Message body - part = MIMEText("test file attached") - message.attach(part) - - # Attachment - part = MIMEText("contents of test file here") - part.add_header("Content-Disposition", "attachment; filename=test.txt") - message.attach(part) + message = get_raw_email() kwargs = dict(Source=message["From"], RawMessage={"Data": message.as_string()}) @@ -165,6 +153,39 @@ def test_send_raw_email(): sent_count.should.equal(2) +@mock_ses +def test_send_raw_email_validate_domain(): + conn = boto3.client("ses", region_name="us-east-1") + + message = get_raw_email() + + kwargs = dict(Source=message["From"], RawMessage={"Data": message.as_string()}) + + conn.send_raw_email.when.called_with(**kwargs).should.throw(ClientError) + + conn.verify_domain_identity(Domain="example.com") + conn.send_raw_email(**kwargs) + + send_quota = conn.get_send_quota() + sent_count = int(send_quota["SentLast24Hours"]) + sent_count.should.equal(2) + + +def get_raw_email(): + message = MIMEMultipart() + message["Subject"] = "Test" + message["From"] = "test@example.com" + message["To"] = "to@example.com, foo@example.com" + # Message body + part = MIMEText("test file attached") + message.attach(part) + # Attachment + part = MIMEText("contents of test file here") + part.add_header("Content-Disposition", "attachment; filename=test.txt") + message.attach(part) + return message + + @mock_ses def test_send_raw_email_without_source(): conn = boto3.client("ses", region_name="us-east-1")