fix: continue for non-definitive responses from Outlook API

if using `--outlook-use-api`, only return immediately in the event of a positive response: negative responses are ambiguous and the process should fall back to subsequent checks.
reacherhq · Oct 10, 2022 · 16430dc · 16430dc
1 parent 1d28ad1
commit 16430dc
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 13 deletions.
diff --git a/core/src/smtp/hotmail.rs b/core/src/smtp/hotmail.rs
@@ -168,30 +168,40 @@ fn get_onedrive_url(email_address: &str) -> String {
 	)
 }
 
-/// Use HTTP request to verify if an Outlook email address exists.
-/// See: <https://www.trustedsec.com/blog/achieving-passive-user-enumeration-with-onedrive/>
+/// Use a HTTP request to verify if an Outlook email address exists.
+///
+/// See
+/// [this article](<https://www.trustedsec.com/blog/achieving-passive-user-enumeration-with-onedrive/>)
+/// for details on the underlying principles.
+///
+/// Note that a positive response from this function is (at present) considered
+/// a reliable indicator that an email-address is valid. However, a negative
+/// response is ambigious: the email address may or may not be valid but this
+/// cannot be determined by the method outlined here.
 pub async fn check_outlook_api(
 	to_email: &EmailAddress,
 	input: &CheckEmailInput,
-) -> Result<SmtpDetails, HotmailError> {
+) -> Result<Option<SmtpDetails>, HotmailError> {
 	let url = get_onedrive_url(to_email.as_ref());
 
 	let response = create_client(input, "outlook")?.head(url).send().await?;
 
-	let email_exists = response.status() == 403;
-
 	log::debug!(
 		target: LOG_TARGET,
 		"[email={}] outlook response: {:?}",
 		to_email,
 		response
 	);
 
-	Ok(SmtpDetails {
-		can_connect_smtp: true,
-		is_deliverable: email_exists,
-		..Default::default()
-	})
+	if response.status() == 403 {
+		Ok(Some(SmtpDetails {
+			can_connect_smtp: true,
+			is_deliverable: true,
+			..Default::default()
+		}))
+	} else {
+		Ok(None)
+	}
 }
 
 #[cfg(test)]

diff --git a/core/src/smtp/mod.rs b/core/src/smtp/mod.rs
@@ -70,9 +70,10 @@ pub async fn check_smtp(
 			.map_err(|err| err.into());
 	}
 	if input.outlook_use_api && host_lowercase.ends_with(".mail.protection.outlook.com.") {
-		return hotmail::check_outlook_api(to_email, input)
-			.await
-			.map_err(|err| err.into());
+		// Continue in the event of an ambiguous result.
+		if let Some(smtp_details) = hotmail::check_outlook_api(to_email, input).await? {
+			return Ok(smtp_details);
+		}
 	}
 	#[cfg(feature = "headless")]
 	if let Some(webdriver) = &input.hotmail_use_headless {