Update to use header based api auth

Update to use header based api auth

The old way of api authentication via query params is going away so we need to switch to header based creds.

https://github.com/discourse/discourse/commit/2db20031879dbafd1a90cbb1a43bca55d51c1b08

diff --git a/lib/mail_receiver/discourse_mail_receiver.rb b/lib/mail_receiver/discourse_mail_receiver.rb
index 7efa028..81f76fb 100644
--- a/lib/mail_receiver/discourse_mail_receiver.rb
+++ b/lib/mail_receiver/discourse_mail_receiver.rb
@@ -30,17 +30,13 @@ class DiscourseMailReceiver < MailReceiverBase
 
   def process
     uri = URI.parse(endpoint)
-    api_qs = "api_key=#{key}&api_username=#{username}"
-    if uri.query && !uri.query.empty?
-      uri.query += "&#{api_qs}"
-    else
-      uri.query = api_qs
-    end
 
     begin
       http = Net::HTTP.new(uri.host, uri.port)
       http.use_ssl = uri.scheme == "https"
       post = Net::HTTP::Post.new(uri.request_uri)
+      post["Api-Username"] = username
+      post["Api-Key"] = key
       post.set_form_data(email: @mail)
 
       response = http.request(post)
diff --git a/lib/mail_receiver/fast_rejection.rb b/lib/mail_receiver/fast_rejection.rb
index 55c636f..3040c34 100644
--- a/lib/mail_receiver/fast_rejection.rb
+++ b/lib/mail_receiver/fast_rejection.rb
@@ -64,17 +64,19 @@ class FastRejection < MailReceiverBase
     fromarg = CGI::escape(from)
     toarg = CGI::escape(to)
 
-    api_qs = "api_key=#{key}&api_username=#{username}&from=#{fromarg}&to=#{toarg}"
+    qs = "from=#{fromarg}&to=#{toarg}"
     if uri.query && !uri.query.empty?
-      uri.query += "&#{api_qs}"
+      uri.query += "&#{qs}"
     else
-      uri.query = api_qs
+      uri.query = qs
     end
 
     begin
       http = Net::HTTP.new(uri.host, uri.port)
       http.use_ssl = uri.scheme == "https"
       get = Net::HTTP::Get.new(uri.request_uri)
+      get["Api-Username"] = username
+      get["Api-Key"] = key
       response = http.request(get)
     rescue StandardError => ex
       logger.err "Failed to GET smtp_should_reject answer from %s: %s (%s)", endpoint, ex.message, ex.class

GitHub sha: fae05804

1 Like