Skip to content

Password reminder exception, email address exposed #348

New issue
New issue
Closed
Closed
Password reminder exception, email address exposed#348
Labels
ready-for-worksecuritysize:small
@lucag

Description

@lucag
lucag
opened on Jun 9, 2015

Trying to get a password reminder for an account with invalid email fails with an exception. Moreover, the invalid email address is exposed in the exception traceback. This was from https://clojars.org/forgot-password:

org.apache.commons.mail.EmailException: Sending the email to the following server failed : localhost:25
                    Email.java:1242 org.apache.commons.mail.Email.sendMimeMessage
                    Email.java:1267 org.apache.commons.mail.Email.send
                   (Unknown Source) sun.reflect.NativeMethodAccessorImpl.invoke0
   NativeMethodAccessorImpl.java:57 sun.reflect.NativeMethodAccessorImpl.invoke
DelegatingMethodAccessorImpl.java:43 sun.reflect.DelegatingMethodAccessorImpl.invoke
                    Method.java:622 java.lang.reflect.Method.invoke
                  Reflector.java:93 clojure.lang.Reflector.invokeMatchingMethod
                 Reflector.java:313 clojure.lang.Reflector.invokeNoArgInstanceMember
                       user.clj:154 clojars.web.user/send-out
                       user.clj:170 clojars.web.user/send-mail
                       user.clj:179 clojars.web.user/forgot-password
                        user.clj:26 clojars.routes.user/fn
                       core.clj:113 compojure.core/make-route[fn]
                       core.clj:103 compojure.core/wrap-route-middleware[fn]
                        core.clj:41 compojure.core/if-route[fn]
                        core.clj:27 compojure.core/if-method[fn]
                       core.clj:127 compojure.core/routing[fn]
                      core.clj:2515 clojure.core/some
                       core.clj:127 compojure.core/routing
                    RestFn.java:139 clojure.lang.RestFn.applyTo
                       core.clj:626 clojure.core/apply
                       core.clj:132 compojure.core/routes[fn]
                       core.clj:127 compojure.core/routing[fn]
                      core.clj:2515 clojure.core/some
                       core.clj:127 compojure.core/routing
                    RestFn.java:139 clojure.lang.RestFn.applyTo
                       core.clj:626 clojure.core/apply
                       core.clj:132 compojure.core/routes[fn]
                     friend.clj:222 cemerick.friend/handler-request
                     friend.clj:249 cemerick.friend/authenticate*
                     friend.clj:260 cemerick.friend/authenticate[fn]
                anti_forgery.clj:57 ring.middleware.anti-forgery/wrap-anti-forgery[fn]
                  error_page.clj:23 clojars.web.error-page/wrap-exceptions[fn]
                         web.clj:84 clojars.web/wrap-x-frame-options[fn]
              keyword_params.clj:35 ring.middleware.keyword-params/wrap-keyword-params[fn]
                      params.clj:64 ring.middleware.params/wrap-params[fn]
           multipart_params.clj:118 ring.middleware.multipart-params/wrap-multipart-params[fn]
                       flash.clj:35 ring.middleware.flash/wrap-flash[fn]
                     session.clj:98 ring.middleware.session/wrap-session[fn]
                         web.clj:97 clojars.web/wrap-secure-session[fn]
                    resource.clj:26 ring.middleware.resource/wrap-resource[fn]
                   file_info.clj:69 ring.middleware.file-info/wrap-file-info[fn]
                       core.clj:127 compojure.core/routing[fn]
                      core.clj:2515 clojure.core/some
                       core.clj:127 compojure.core/routing
                    RestFn.java:139 clojure.lang.RestFn.applyTo
                       core.clj:626 clojure.core/apply
                       core.clj:132 compojure.core/routes[fn]
                       Var.java:379 clojure.lang.Var.invoke
                       jetty.clj:18 ring.adapter.jetty/proxy-handler[fn]
                   (Unknown Source) ring.adapter.jetty.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle
            HandlerWrapper.java:111 org.eclipse.jetty.server.handler.HandlerWrapper.handle
                    Server.java:349 org.eclipse.jetty.server.Server.handle
    AbstractHttpConnection.java:452 org.eclipse.jetty.server.AbstractHttpConnection.handleRequest
    AbstractHttpConnection.java:894 org.eclipse.jetty.server.AbstractHttpConnection.content
    AbstractHttpConnection.java:948 org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content
                HttpParser.java:857 org.eclipse.jetty.http.HttpParser.parseNext
                HttpParser.java:235 org.eclipse.jetty.http.HttpParser.parseAvailable
        AsyncHttpConnection.java:76 org.eclipse.jetty.server.AsyncHttpConnection.handle
     SelectChannelEndPoint.java:609 org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle
      SelectChannelEndPoint.java:45 org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run
          QueuedThreadPool.java:599 org.eclipse.jetty.util.thread.QueuedThreadPool.runJob
          QueuedThreadPool.java:534 org.eclipse.jetty.util.thread.QueuedThreadPool$3.run
                    Thread.java:701 java.lang.Thread.run
Caused by: javax.mail.SendFailedException: Invalid Addresses
            SMTPTransport.java:1294 com.sun.mail.smtp.SMTPTransport.rcptTo
             SMTPTransport.java:635 com.sun.mail.smtp.SMTPTransport.sendMessage
                 Transport.java:189 javax.mail.Transport.send0
                 Transport.java:118 javax.mail.Transport.send
                    Email.java:1232 org.apache.commons.mail.Email.sendMimeMessage
Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 450 4.1.2 <lucag@icsi.berkeley.ed>: Recipient address rejected: Domain not found

Metadata

Metadata

Assignees

No one assigned

    Labels

    ready-for-worksecuritysize:small

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions