Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Swift Mailer Update

Swift Mailer Update

Norio Suzuki

July 16, 2016
Tweet

More Decks by Norio Suzuki

Other Decks in Technology

Transcript

  1. Swift Mailer Update
    PHP Conference Kansai 2016
    @suzuki

    View Slide

  2. About me

    View Slide

  3. Twitter: @suzuki
    GitHub: @suzuki

    View Slide

  4. PHP Conference Kansai 2015
    https://speakerdeck.com/suzuki/guzzle-promisewoshi-tuta-fei-tong-qi-chu-li-niyoruapikorufalsegao-su-hua

    View Slide

  5. Require PHP

    View Slide

  6. PHP Conference Kansai 2014
    https://speakerdeck.com/suzuki/swift-mailer-the-missing-manual-and-more

    View Slide

  7. Swift Mailer

    View Slide

  8. Swift Mailer
    http://swiftmailer.org/

    View Slide

  9. Swift Mailer
    https://github.com/swiftmailer/swiftmailer

    View Slide

  10. Update

    View Slide

  11. BETWEEN '2014-06-28' AND now()

    View Slide

  12. Between v5.2.1 and v5.4.3
    https://github.com/swiftmailer/swiftmailer/releases

    View Slide

  13. v5.2.1 (2014-06-13)
    * SECURITY FIX: fixed CLI escaping when using sendmail as a transport
    Prior to 5.2.1, the sendmail transport (Swift_Transport_SendmailTransport)
    was vulnerable to an arbitrary shell execution if the "From" header came
    from a non-trusted source and no "Return-Path" is configured.
    * fixed parameter in DKIMSigner
    * fixed compatibility with PHP < 5.4

    View Slide

  14. v5.2.2 (2014-09-20)
    * fixed Japanese support
    * fixed the memory spool when the message changes when in the pool
    * added support for cloning messages
    * fixed PHP warning in the redirect plugin
    * changed the way to and cc-ed email are sent to only use one
    transaction

    View Slide

  15. v5.3.0 (2014-10-04)
    * fixed cloning when using signers
    * reverted removal of Swift_Encoding
    * drop support for PHP 5.2.x

    View Slide

  16. v5.3.1 (2014-12-05)
    * fixed cloning of messages with attachments

    View Slide

  17. v5.4.0 (2015-03-14)
    * added the possibility to add extra certs to PKCS#7 signature
    * fix base64 encoding with streams
    * added a new RESULT_SPOOLED status for SpoolTransport
    * fixed getBody() on attachments when called more than once
    * removed dots from generated filenames in filespool

    View Slide

  18. v5.4.1 (2015-06-06)
    * made Swiftmailer exceptions confirm to PHP base exception
    constructor signature
    * fixed MAIL FROM & RCPT TO headers to be RFC compliant

    View Slide

  19. v5.4.2 (2016-05-01): part 1
    * fixed support for IPv6 sockets
    * added auto-retry when sending messages from the memory
    spool
    * fixed consecutive read calls in Swift_ByteStream_FileByteStream
    * added support for iso-8859-15 encoding
    * fixed PHP mail extra params on missing reversePath

    View Slide

  20. v5.4.2 (2016-05-01): part 2
    * added methods to set custom stream context options
    * fixed charset changes in QpContentEncoderProxy
    * added return-path header to the ignoredHeaders list of DKIMSigner
    * fixed crlf for subject using mail
    * fixed add soft line break only when necessary
    * fixed escaping command-line args to Sendmail

    View Slide

  21. v5.4.3 (2016-07-08)
    * fixed SimpleHeaderSet::has()/get() when the 0 index is removed
    * removed the need to have mcrypt installed
    * fixed broken MIME header encoding with quotes/colons and
    non-ascii chars
    * allowed mail transport send for messages without To header
    * fixed PHP 7 support

    View Slide

  22. New Features

    View Slide

  23. added the possibility to add extra certs
    to PKCS#7 signature (v5.4.0)
    • Possible to add intermediate Certs when S/MIME sending.
    • https://github.com/swiftmailer/swiftmailer/pull/561

    View Slide

  24. added support for iso-8859-15
    encoding (v5.4.2)
    • Possible to send mail encoded ISO-8859-15
    • 8-bit single-byte coded graphic character sets — Part 15:

    Latin alphabet No. 9
    • https://github.com/swiftmailer/swiftmailer/pull/712

    View Slide

  25. Fixed

    View Slide

  26. SECURITY FIX: fixed CLI escaping when
    using sendmail as a transport (v5.2.1)
    • Remote code execution when using sendmail
    • Lack of escapeshellarg()
    • https://github.com/swiftmailer/swiftmailer/pull/626

    View Slide

  27. fixed Japanese support (v5.2.2)
    • Mail was broken when it was encode by ISO-2022-JP
    • mb_convert_encoding()
    • From v5.2.1
    • https://github.com/swiftmailer/swiftmailer/pull/475

    View Slide

  28. fixed MAIL FROM & RCPT TO headers to
    be RFC compliant (v5.4.1)
    • Remove unnecessary white spaces from SMTP request
    • NG: MAIL FROM: 

    OK: MAIL FROM:
    • https://github.com/swiftmailer/swiftmailer/pull/596

    View Slide

  29. fixed broken MIME header encoding
    with quotes/colons and non-ascii chars
    • MIME header was broken when using special chars such as
    ":", "[", "@", etc or non-ascii chars such as "Ö", "Ä", "Ü" etc.
    • https://github.com/swiftmailer/swiftmailer/pull/774

    View Slide

  30. Supported PHP

    View Slide

  31. %SPQ1)1
    4VQQPSU1)1Y
    4VQQPSU))7.
    https://github.com/swiftmailer/swiftmailer/blob/5.x/.travis.yml

    View Slide

  32. 8IBUJTNBJMDBUDIFS

    View Slide

  33. MailCatcher

    View Slide

  34. MailCatcher
    https://mailcatcher.me/

    View Slide

  35. Install
    % ruby --version

    ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15]
    % gem install mailcatcher

    [snip]

    17 gems installed

    View Slide

  36. Execute
    % mailcatcher

    Starting MailCatcher

    ==> smtp://127.0.0.1:1025

    ==> http://127.0.0.1:1080

    *** MailCatcher runs as a daemon by default.

    Go to the web interface to quit.

    View Slide

  37. http://127.0.0.1:1080

    View Slide

  38. HELO localhost
    % telnet localhost 1025

    Trying 127.0.0.1...

    Connected to localhost.

    Escape character is '^]'.

    220 EventMachine SMTP Server

    HELO localhost

    250 Ok EventMachine SMTP
    Server

    MAIL FROM:

    250 Ok

    RCPT TO:

    250 Ok
    DATA

    354 Send it

    To: 

    From: 

    Subject: Hello mailcatcher


    Hi, MailCatcher.

    .

    250 Message accepted

    QUIT

    View Slide

  39. http://127.0.0.1:1080

    View Slide

  40. http://127.0.0.1:1080

    View Slide

  41. MailCatcher API

    View Slide

  42. API: /messages
    [
    {
    "id": 1,
    "sender": "",
    "recipients": [
    ""
    ],
    "subject": "Hello mailcatcher",
    "size": "102",
    "created_at": "2016-07-07T23:18:27.000+00:00"
    }
    ]
    % curl -s localhost:1080/messages | jq

    View Slide

  43. API: /messages/:id.json
    {
    "id": 1,
    "sender": "",
    "recipients": [
    ""
    ],
    "subject": "Hello mailcatcher",
    "source": "To: \r\nFrom: \r\nSubject:
    Hello mailcatcher\r\n\r\nHi, MailCatcher.\r\n",
    "size": "102",
    "type": "text/plain",
    "created_at": "2016-07-07T23:18:27.000+00:00",
    "formats": [
    "source",
    "plain"
    ],
    "attachments": []
    }
    % curl -s localhost:1080/messages/1.json | jq

    View Slide

  44. API: /messages/:id.plain
    Hi, MailCatcher.
    % curl -s localhost:1080/messages/1.plain

    View Slide

  45. API: /messages/:id.html
    404 Not Found
    % curl -s localhost:1080/messages/1.html

    View Slide

  46. API: /messages/:id.source
    To:
    From:
    Subject: Hello mailcatcher
    Hi, MailCatcher.
    % curl -s localhost:1080/messages/1.source

    View Slide

  47. Conclusion

    View Slide

  48. Use MailCatcher
    Use Ruby

    View Slide

  49. View Slide

  50. MailCatcherTestCase

    View Slide

  51. MailCatcherTestCase
    use PHPUnit\Framework\TestCase;
    class MailCatcherTestCase extends TestCase
    {

    }

    View Slide

  52. Assertions
    • assertMailCount
    • assertMailSubject
    • assertMailPlainBodyContains
    • assertMailHtmlBodyContains
    • assertMailPlainBodyEmpty
    • assertMailHtmlBodyEmpty

    View Slide

  53. Sample TestCase
    use Suzuki\PHPUnit\MailCatcherTestCase;
    class SendMailTest extends MailCatcherTestCase
    {
    public function testSend()
    {
    $sendMail = new SendMail(); // Send plain text mail
    $sendMail->send();
    $sendMail->send();
    $this->assertMailCount(2);
    $this->assertMailSubject('This is a test mail');
    $this->assertMailPlainBodyContains('Hi, it is test');
    $this->assertMailHtmlBodyEmpty();
    }
    }

    View Slide

  54. phpunit-mailcatcher
    https://github.com/suzuki/phpunit-mailcatcher

    View Slide

  55. phpunit-mailcatcher-samples
    https://github.com/suzuki/phpunit-mailcatcher-samples

    View Slide

  56. 2nd Conclusion

    View Slide

  57. Use MailCatcherTestCase

    View Slide

  58. View Slide

  59. Thank you

    View Slide

  60. We are hiring !
    https://www.mercari.com/jp/jobs/

    View Slide

  61. Another solution

    View Slide

  62. Mailback
    http://mailback.me/

    View Slide

  63. Appendix

    View Slide

  64. References
    • Swift Mailer

    http://swiftmailer.org/

    https://github.com/swiftmailer/swiftmailer
    • MailCatcher

    https://mailcatcher.me/

    https://github.com/sj26/mailcatcher
    • Mailback

    http://mailback.me/

    http://k1low.hatenablog.com/entry/2015/08/03/212132

    View Slide

  65. References
    • MailCatcherTestCase

    https://github.com/suzuki/phpunit-mailcatcher
    • MailCatcherTestCase Samples

    https://github.com/suzuki/phpunit-mailcatcher-samples

    View Slide