Add http(s):// validation for graph/auth endpoints

bobvandevijver · bobvandevijver · commit 37f87a280335 · 2025-08-01T13:24:22.000+02:00
diff --git a/src/Symfony/Component/Mailer/Bridge/MicrosoftGraph/Tests/Transport/MicrosoftGraphTransportFactoryTest.php b/src/Symfony/Component/Mailer/Bridge/MicrosoftGraph/Tests/Transport/MicrosoftGraphTransportFactoryTest.php
@@ -16,6 +16,7 @@
 use Symfony\Component\Mailer\Bridge\MicrosoftGraph\TokenManager;
 use Symfony\Component\Mailer\Bridge\MicrosoftGraph\Transport\MicrosoftGraphApiTransport;
 use Symfony\Component\Mailer\Bridge\MicrosoftGraph\Transport\MicrosoftGraphTransportFactory;
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\Mailer\Test\AbstractTransportFactoryTestCase;
 use Symfony\Component\Mailer\Test\IncompleteDsnTestTrait;
 use Symfony\Component\Mailer\Transport\Dsn;
@@ -74,4 +75,23 @@ public static function incompleteDsnProvider(): iterable
         yield [new Dsn('microsoft+graphapi', 'default', self::USER, self::PASSWORD)];
         yield [new Dsn('microsoft+graphapi', 'non-default', self::USER, self::PASSWORD, null, ['tenantId' => self::TENANT])];
     }
+
+    /** @dataProvider invalidHttpDsnProvider */
+    public function testValidatesHttpNotProvided(string $graph, string $auth, string $failingType)
+    {
+        $factory = $this->getFactory();
+        $dsn = new Dsn('microsoft+graphapi', $graph, self::USER, self::PASSWORD, null, ['tenantId' => self::TENANT, 'authEndpoint' => $auth]);
+
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage($failingType.' endpoint needs to be provided without http(s)://.');
+        $factory->create($dsn);
+    }
+
+    public static function invalidHttpDsnProvider(): iterable
+    {
+        yield ['http://graph', 'auth', 'Graph'];
+        yield ['https://graph', 'auth', 'Graph'];
+        yield ['graph', 'http://auth', 'Auth'];
+        yield ['graph', 'https://auth', 'Auth'];
+    }
 }
diff --git a/src/Symfony/Component/Mailer/Bridge/MicrosoftGraph/Transport/MicrosoftGraphTransportFactory.php b/src/Symfony/Component/Mailer/Bridge/MicrosoftGraph/Transport/MicrosoftGraphTransportFactory.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\Mailer\Bridge\MicrosoftGraph\TokenManager;
 use Symfony\Component\Mailer\Exception\IncompleteDsnException;
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\Mailer\Exception\UnsupportedSchemeException;
 use Symfony\Component\Mailer\Transport\AbstractTransportFactory;
 use Symfony\Component\Mailer\Transport\Dsn;
@@ -44,6 +45,14 @@ public function create(Dsn $dsn): TransportInterface
             throw new IncompleteDsnException("Transport 'microsoft+graphapi' requires the 'authEndpoint' option when not using the default graph endpoint.");
         }
 
+        if (0 !== preg_match('#^https?://#', $authEndpoint)) {
+            throw new InvalidArgumentException('Auth endpoint needs to be provided without http(s)://.');
+        }
+
+        if (0 !== preg_match('#^https?://#', $graphEndpoint)) {
+            throw new InvalidArgumentException('Graph endpoint needs to be provided without http(s)://.');
+        }
+
         $tokenManager = new TokenManager($graphEndpoint, $authEndpoint, $tenantId, $this->getUser($dsn), $this->getPassword($dsn), $this->client);
 
         return new MicrosoftGraphApiTransport($graphEndpoint, $tokenManager, $dsn->getBooleanOption('noSave'), $this->client, $this->dispatcher, $this->logger);
