[geary/wip/491-email-spoofing-case-3-32: 2/3] Don't consider substrings when checking distinct mailbox names

[Michael Gratton <mjog src gnome org>]

commit eafc0833b34cd4b3d026cce1cd56456c090293a2
Author: Michael Gratton <mike vee net>
Date:   Wed Jul 17 18:06:20 2019 +1000

    Don't consider substrings when checking distinct mailbox names
    
    RFC822.MailboxAddress.has_distinct_name() really needs to not do
    sub-string checks since it will cause addresses like
    `"foo-bar@baz" <bar@baz>` to not have a distinct name. To keep the fix
    for #491 in effect, also adds special case checking for sinlge quotes.
    
    Add some more tests to cover these cases.
    
    Partially reverts commit 6e137eb64984f365156ac956e42f32cd452c6141
    
    See discussion in GNOME/geary!252

 src/engine/rfc822/rfc822-mailbox-address.vala | 20 ++++++++++++++++----
 test/engine/rfc822-mailbox-address-test.vala  |  4 +++-
 2 files changed, 19 insertions(+), 5 deletions(-)
---
diff --git a/src/engine/rfc822/rfc822-mailbox-address.vala b/src/engine/rfc822/rfc822-mailbox-address.vala
index 07560000..f4e84fb8 100644
--- a/src/engine/rfc822/rfc822-mailbox-address.vala
+++ b/src/engine/rfc822/rfc822-mailbox-address.vala
@@ -409,17 +409,29 @@ public class Geary.RFC822.MailboxAddress :
      * Determines if the name part is different to the address part.
      *
      * @return //true// if {@link name} is not empty, and the
-     * normalised {@link address} part is not contained within the
-     * name part when performing a case-insensitive comparison.
+     * normalised {@link address} part is not equal to the name part
+     * when performing a case-insensitive comparison.
      */
     public bool has_distinct_name() {
         string name = Geary.String.reduce_whitespace(this.name);
+        if (!Geary.String.is_empty(name)) {
+            // Some software uses single quotes instead of double
+            // quotes for name parts, which GMime ignores. Don't take
+            // those into account if present. See GNOME/geary#491.
+            if (name.length >= 2 &&
+                name[0] == '\'' &&
+                name[name.length - 1] == '\'') {
+                name = name.substring(1, name.length - 2);
+            }
+        }
+
         bool ret = false;
         if (!Geary.String.is_empty(name)) {
+            name = name.normalize().casefold();
             string address = Geary.String.reduce_whitespace(
-                this.address.normalize()
+                this.address.normalize().casefold()
             );
-            ret = !(address.normalize().casefold() in name.casefold());
+            ret = (name != address);
         }
         return ret;
     }
diff --git a/test/engine/rfc822-mailbox-address-test.vala b/test/engine/rfc822-mailbox-address-test.vala
index ceb32381..b3f7547d 100644
--- a/test/engine/rfc822-mailbox-address-test.vala
+++ b/test/engine/rfc822-mailbox-address-test.vala
@@ -160,7 +160,9 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
         assert(new MailboxAddress("example example com", "example example com").has_distinct_name() == 
false);
         assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() == 
false);
         assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() == 
false);
+
         assert(new MailboxAddress("'example example com'", "example example com").has_distinct_name() == 
false);
+        assert(new MailboxAddress("'prefix-example example com'", "example example com").has_distinct_name() 
== true);
     }
 
     public void is_spoofed() throws Error {
@@ -181,7 +183,7 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
         assert(new MailboxAddress("\n", "example example com").is_spoofed() == true);
         assert(new MailboxAddress("test", "example@\nexample example com").is_spoofed() == true);
         assert(new MailboxAddress("test", "example@example example com").is_spoofed() == true);
-
+        assert(new MailboxAddress("'prefix-example example com'", "example example com").is_spoofed() == 
true);
 
         try {
             assert(new 
MailboxAddress.from_rfc822_string("\"=?utf-8?b?dGVzdCIgPHBvdHVzQHdoaXRlaG91c2UuZ292Pg==?==?utf-8?Q?=00=0A?=\" 
<demo mailsploit com>")