fix: normalize email addresses before using them

Signed-off-by: SebastianKrupinski <[email protected]>

Author: SebastianKrupinski

lib/Address.php

@@ -29,14 +29,21 @@ private function __construct(Horde_Mail_Rfc822_Address $wrapped) {
 		$this->wrapped = $wrapped;
 	}
 
-	public static function fromHorde(Horde_Mail_Rfc822_Address $horde): self {
+	public static function fromHorde(Horde_Mail_Rfc822_Address $horde, bool $normalize = false): self {
+		if ($normalize) {
+			return self::fromRaw($horde->personal, $horde->bare_address, $normalize);
+		}
 		return new self($horde);
 	}
 
-	public static function fromRaw(string $label, string $email): self {
-		$wrapped = new Horde_Mail_Rfc822_Address($email);
+	public static function fromRaw(?string $label, string $email, bool $normalize = false): self {
+		if ($normalize) {
+			$wrapped = new Horde_Mail_Rfc822_Address(self::normalizeAddress($email));
+		} else {
+			$wrapped = new Horde_Mail_Rfc822_Address($email);
+		}
 		// If no label is set we use the email
-		if ($label !== $email) {
+		if ($label !== null && $label !== $email) {
 			$wrapped->personal = $label;
 		}
 		return new self($wrapped);
@@ -117,4 +124,13 @@ public function equals($object): bool {
 		return $this->getEmail() === $object->getEmail()
 			&& $this->getLabel() === $object->getLabel();
 	}
+
+	private static function normalizeAddress(string $address): string {
+		// remove single quotes and whitespace the might exist
+		// Examples:
+		// [email protected]
+		// '[email protected]'
+		// ' [email protected]'
+		return strtolower(trim(trim($address, "'")));
+	}
 }

lib/AddressList.php

@@ -47,9 +47,9 @@ public static function parse($str) {
 	 * @param Horde_Mail_Rfc822_List $hordeList
 	 * @return AddressList
 	 */
-	public static function fromHorde(Horde_Mail_Rfc822_List $hordeList) {
-		$addresses = array_map(static function (Horde_Mail_Rfc822_Address $addr) {
-			return Address::fromHorde($addr);
+	public static function fromHorde(Horde_Mail_Rfc822_List $hordeList, bool $normalize = false): self {
+		$addresses = array_map(static function (Horde_Mail_Rfc822_Address $addr) use ($normalize) {
+			return Address::fromHorde($addr, $normalize);
 		}, array_filter(iterator_to_array($hordeList), static function (Horde_Mail_Rfc822_Object $obj) {
 			// TODO: how to handle non-addresses? This doesn't seem right …
 			return $obj instanceof Horde_Mail_Rfc822_Address;

lib/BackgroundJob/RepairRecipients.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Mail\BackgroundJob;
+
+use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\BackgroundJob\IJobList;
+use OCP\BackgroundJob\TimedJob;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+
+class RepairRecipients extends TimedJob {
+
+	public function __construct(
+		protected ITimeFactory $time,
+		private IDBConnection $db,
+		private IJobList $jobService,
+	) {
+		parent::__construct($time);
+		$this->setInterval(300);
+	}
+
+	protected function run($argument): void {
+		// fetch all quoted emails
+		$select = $this->db->getQueryBuilder();
+		$select->select('id', 'email')
+			->from('mail_recipients')
+			->where(
+				$select->expr()->like('email', $select->createNamedParameter('\'%\'', IQueryBuilder::PARAM_STR))
+			)
+			->setMaxResults(1000);
+		$recipients = $select->executeQuery()->fetchAll();
+		// update emails
+		$update = $this->db->getQueryBuilder();
+		$update->update('mail_recipients')
+			->set('email', $update->createParameter('email'))
+			->where($update->expr()->in('id', $update->createParameter('id'), IQueryBuilder::PARAM_STR));
+		foreach ($recipients as $recipient) {
+			$id = $recipient['id'];
+			$email = $recipient['email'];
+			$email = trim(str_replace('\'', '', (string)$email));
+			$update->setParameter('id', $id, IQueryBuilder::PARAM_STR);
+			$update->setParameter('email', $email, IQueryBuilder::PARAM_STR);
+			$update->executeStatement();
+		}
+		// remove job depending on the result
+		if ($recipients === []) {
+			$this->jobService->remove(RepairRecipients::class);
+		}
+	}
+
+}

lib/IMAP/ImapMessageFetcher.php

@@ -250,11 +250,11 @@ public function fetchMessage(?Horde_Imap_Client_Data_Fetch $fetch = null): IMAPM
 			$this->uid,
 			$envelope->message_id,
 			$fetch->getFlags(),
-			AddressList::fromHorde($envelope->from),
-			AddressList::fromHorde($envelope->to),
-			AddressList::fromHorde($envelope->cc),
-			AddressList::fromHorde($envelope->bcc),
-			AddressList::fromHorde($envelope->reply_to),
+			AddressList::fromHorde($envelope->from, true),
+			AddressList::fromHorde($envelope->to, true),
+			AddressList::fromHorde($envelope->cc, true),
+			AddressList::fromHorde($envelope->bcc, true),
+			AddressList::fromHorde($envelope->reply_to, true),
 			$this->decodeSubject($envelope),
 			$this->plainMessage,
 			$this->htmlMessage,

lib/Migration/Version5000Date20250507000000.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Mail\Migration;
+
+use Closure;
+use OCP\BackgroundJob\IJobList;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version5000Date20250507000000 extends SimpleMigrationStep {
+
+	public function __construct(
+		private IJobList $jobService,
+	) {
+	}
+
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
+		$this->jobService->add(\OCA\Mail\BackgroundJob\RepairRecipients::class);
+	}
+
+}

lib/Service/PhishingDetection/PhishingDetectionService.php

@@ -33,7 +33,7 @@ public function checkHeadersForPhishing(Horde_Mime_Headers $headers, bool $hasHt
 		$customEmail = null;
 		$fromHeader = $headers->getHeader('From');
 		if ($fromHeader instanceof Horde_Mime_Headers_Element_Address) {
-			$firstAddr = AddressList::fromHorde($fromHeader->getAddressList(true))?->first();
+			$firstAddr = AddressList::fromHorde($fromHeader->getAddressList(true), true)->first();
 			$fromFN = $firstAddr?->getLabel();
 			$fromEmail = $firstAddr?->getEmail();
 			$customEmail = $firstAddr?->getCustomEmail();
@@ -45,7 +45,7 @@ public function checkHeadersForPhishing(Horde_Mime_Headers $headers, bool $hasHt
 		if ($replyToHeader instanceof Horde_Mime_Headers_Element_Address) {
 			$replyToAddrs = $replyToHeader->getAddressList(true);
 			if (isset($replyToAddrs)) {
-				$replyToEmail = AddressList::fromHorde($replyToAddrs)->first()?->getEmail();
+				$replyToEmail = AddressList::fromHorde($replyToAddrs, true)->first()?->getEmail();
 			}
 		}
 

tests/AddressTest.php

@@ -68,4 +68,36 @@ public function testDoesNotEqualBecauseDifferentLabel() {
 
 		$this->assertFalse($equals);
 	}
+
+	public function testNormalizedWithSingleQuotes() {
+		$address = Address::fromRaw(null, "'[email protected]'", true)->toHorde();
+		$this->assertEquals('[email protected]', $address->bare_address);
+
+		$address = Address::fromHorde(new Horde_Mail_Rfc822_Address("'[email protected]'"), true)->toHorde();
+		$this->assertEquals('[email protected]', $address->bare_address);
+	}
+
+	public function testUnnormalizedWithSingleQuotes() {
+		$address = Address::fromRaw(null, "'[email protected]'", false)->toHorde();
+		$this->assertEquals("'[email protected]'", $address->bare_address);
+
+		$address = Address::fromHorde(new Horde_Mail_Rfc822_Address("'[email protected]'"), false)->toHorde();
+		$this->assertEquals("'[email protected]'", $address->bare_address);
+	}
+
+	public function testNormalizedWithUpperCaseLetters() {
+		$address = Address::fromRaw(null, '[email protected]', true)->toHorde();
+		$this->assertEquals('[email protected]', $address->bare_address);
+
+		$address = Address::fromHorde(new Horde_Mail_Rfc822_Address('[email protected]'), true)->toHorde();
+		$this->assertEquals('[email protected]', $address->bare_address);
+	}
+
+	public function testUnnormalizedWithUpperCaseLetters() {
+		$address = Address::fromRaw(null, '[email protected]', false)->toHorde();
+		$this->assertEquals('[email protected]', $address->bare_address);
+
+		$address = Address::fromHorde(new Horde_Mail_Rfc822_Address('[email protected]'), false)->toHorde();
+		$this->assertEquals('[email protected]', $address->bare_address);
+	}
 }