Validated automation email senders consistently

[EvanHahn]

closes https://linear.app/ghost/issue/NY-1349

Before this change, a few endpoints weren't validating email sender/reply-to.

Now, they all do.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 97db9cd6-44f5-4496-b0cd-b6c754bd0d8c

📥 Commits

Reviewing files that changed from the base of the PR and between d1c933f and 88e222b.

📒 Files selected for processing (2)

• ghost/core/core/server/api/endpoints/automated-emails.js
• ghost/core/test/e2e-api/admin/automated-emails.test.js

---

Walkthrough

A new validateEmailSenderFields utility is added that checks sender_email and sender_reply_to values against emailAddressService.validate, throwing a ValidationError when an address is disallowed or requires verification. This utility is wired into the automated-email-design controller's edit path and into both the add and edit handlers of the automated-emails controller, running before any database transaction. The automated-emails controller also gains a getChangedSenderData helper to detect only modified sender fields on edit, and refactored logic to conditionally load default design settings when email content is absent. Unit tests cover skip, pass, and throw scenarios; E2E tests assert HTTP 422 responses for disallowed addresses, verify correct validation call arguments, and confirm that existing database rows are not modified when validation fails. Unchanged sender fields on edit skip validation entirely.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Validated automation email senders consistently' directly describes the main change: implementing consistent validation of email senders across automation endpoints.
Description check	✅ Passed	The description clearly explains the purpose of the PR: adding missing email sender/reply-to validation across endpoints to ensure consistency.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch NY-1349

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[nx-cloud]

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci

---

View your CI Pipeline Execution ↗ for commit 88e222b

Command	Status	Duration	Result
nx run ghost:test:ci:integration	✅ Succeeded	2m 13s	View ↗
nx run ghost:test:ci:integration:no-coverage	✅ Succeeded	2m 21s	View ↗
nx build @tryghost/comments-ui	✅ Succeeded	<1s	View ↗
nx build @tryghost/admin-toolbar	✅ Succeeded	<1s	View ↗
nx build @tryghost/signup-form	✅ Succeeded	<1s	View ↗
nx run ghost:test:ci:legacy	✅ Succeeded	2m 48s	View ↗
nx build @tryghost/sodo-search	✅ Succeeded	<1s	View ↗
nx build @tryghost/activitypub	✅ Succeeded	1s	View ↗
Additional runs (10)	✅ Succeeded	...	View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗

---

☁️ Nx Cloud last updated this comment at 2026-06-22 20:56:52 UTC

[nx-cloud]

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci

---

View your CI Pipeline Execution ↗ for commit ca6733a

Command	Status	Duration	Result
nx run ghost:test:ci:integration:no-coverage	✅ Succeeded	2m 25s	View ↗
nx run ghost:test:ci:integration	✅ Succeeded	2m 3s	View ↗
nx run ghost:test:ci:legacy	✅ Succeeded	2m 55s	View ↗
nx run ghost:test:ci:e2e:no-coverage	✅ Succeeded	2m 22s	View ↗
nx run ghost:test:ci:e2e	✅ Succeeded	2m 29s	View ↗
nx build @tryghost/admin-toolbar	✅ Succeeded	<1s	View ↗
nx build @tryghost/portal	✅ Succeeded	<1s	View ↗
nx build @tryghost/comments-ui	✅ Succeeded	<1s	View ↗
Additional runs (10)	✅ Succeeded	...	View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗

---

☁️ Nx Cloud last updated this comment at 2026-06-22 18:32:15 UTC

[coderabbitai]

🧹 Nitpick comments (1)

ghost/core/test/e2e-api/admin/automated-emails.test.js (1)

278-313: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Add an add-path test for sender_reply_to verification-required rejection.

You already cover this branch on edit, but not on add. Adding the symmetric add case would lock coverage for both controller entry points.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ghost/core/test/e2e-api/admin/automated-emails.test.js` around lines 278 -
313, Create a new test case in the same file following the pattern of the
existing Rejects disallowed sender email on add test, but instead test the
scenario where sender_reply_to verification is required. The new test should
stub the emailAddressService.service.validate method to return
verificationEmailRequired: true for the sender_reply_to field, verify that the
POST to automated_emails with sender_reply_to set rejects with status 422,
assert that validateStub was called with the sender_reply_to email and
'reply-to' as parameters, and confirm the email_design_settings in the database
were not modified with the new sender_reply_to value.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@ghost/core/test/e2e-api/admin/automated-emails.test.js`:
- Around line 278-313: Create a new test case in the same file following the
pattern of the existing Rejects disallowed sender email on add test, but instead
test the scenario where sender_reply_to verification is required. The new test
should stub the emailAddressService.service.validate method to return
verificationEmailRequired: true for the sender_reply_to field, verify that the
POST to automated_emails with sender_reply_to set rejects with status 422,
assert that validateStub was called with the sender_reply_to email and
'reply-to' as parameters, and confirm the email_design_settings in the database
were not modified with the new sender_reply_to value.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5866b2c5-d485-4a68-aab2-4c52abeee052

📥 Commits

Reviewing files that changed from the base of the PR and between 8cf741f and ced3e8d.

📒 Files selected for processing (6)

• ghost/core/core/server/api/endpoints/automated-email-design.js
• ghost/core/core/server/api/endpoints/automated-emails.js
• ghost/core/core/server/api/endpoints/utils/validate-email-sender-fields.ts
• ghost/core/test/e2e-api/admin/automated-email-design.test.js
• ghost/core/test/e2e-api/admin/automated-emails.test.js
• ghost/core/test/unit/api/endpoints/utils/validate-email-sender-fields.test.ts