[
https://issues.apache.org/jira/browse/JAMES-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17191426#comment-17191426
]
René Cordier commented on JAMES-3367:
-------------------------------------
[https://github.com/linagora/james-project/pull/3748] contributed to this
> Add capability mandatory checks regarding jmap core and mail
> -------------------------------------------------------------
>
> Key: JAMES-3367
> URL: https://issues.apache.org/jira/browse/JAMES-3367
> Project: James Server
> Issue Type: Improvement
> Reporter: René Cordier
> Priority: Major
>
> It seems we are not checking that base mandatory capabilities are present in
> the request when processing the methods :
> * urn:ietf:params:jmap:core
> * urn:ietf:params:jmap:mail
> We need to make sure we reject requests in our apis missing those
> (mailbox/get, mailbox/set, vacationresponse/get, vacationresponse/set... even
> core/echo with core capability?)
> It would be ideal to handle this in a generic fashion: the methods declare
> which capabilities they need and the API routes ensure these capabilities are
> there before calling the methods themselves.
> *DoD*
> * Add integration tests showing that requests with missing mandatory
> capabilities are being rejected in our existing APIs
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
