René Cordier created JAMES-3367:
-----------------------------------
Summary: Add capability mandatory checks regarding jmap core and
mail
Key: JAMES-3367
URL: https://issues.apache.org/jira/browse/JAMES-3367
Project: James Server
Issue Type: Improvement
Reporter: René Cordier
It seems we are not checking that base mandatory capabilities are present in
the request when processing the methods :
* urn:ietf:params:jmap:core
* urn:ietf:params:jmap:mail
We need to make sure we reject requests in our apis missing those (mailbox/get,
mailbox/set, vacationresponse/get, vacationresponse/set... even core/echo with
core capability?)
It would be ideal to handle this in a generic fashion: the methods declare
which capabilities they need and the API routes ensure these capabilities are
there before calling the methods themselves.
*DoD*
* Add integration tests showing that requests with missing mandatory
capabilities are being rejected in our existing APIs
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
