chore: Bridge Perth Narrows 3.0.16/17

When moving between system labels the expunge commands were not being
issued.

Changelog.md

@@ -2,6 +2,46 @@
 
 Changelog [format](http://keepachangelog.com/en/1.0.0/)
 
+## [Bridge 3.0.16/17] Perth Narrows
+
+### Fixed
+* GODT-2354: Report failed load users.
+
+## [Bridge 3.0.15] Perth Narrows
+
+### Changed
+* GODT-2355: Improve wording and actions on bad event.
+
+### Fixed
+* GODT-2354: Report failed load users.
+* GODT-2353: Show popup only after 3.0.16.
+* GODT-2351: Bump GPA to better handle net.OpError.
+
+
+## [Bridge 3.0.14] Perth Narrows
+
+### Fixed
+* GODT-2323: Fix Expunge not issued for move.
+* GODT-2341: Handle URL error.
+* GODT-2340: Improve logging.
+* GODT-2278: Improve sentry logs.
+* GODT-2327: Sync issues when migrating DB.
+* GODT-2318: Remove gluon DB if label sync was incomplete.
+* GODT-1804: Only promote content headers if non-empty.
+* GODT-2343: Only poll after send if sync is complete.
+* GODT-2336: Recover from changed address order while bridge is down.
+
+
+
+## [Bridge 3.0.13] Perth Narrows
+
+### Fixed
+GODT-2328: Ignore labels that aren't part of user label set.
+GODT-2326: Sync issue on missing fresh DB file.
+GODT-2319: Seed the math/rand RNG on app startup.
+GODT-1804: Preserve MIME parameters when uploading attachments.
+
+
 ## [Bridge 3.0.12] Perth Narrows
 
 ### Added

Makefile

@@ -11,7 +11,7 @@ ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 .PHONY: build build-gui build-nogui build-launcher versioner hasher
 
 # Keep version hardcoded so app build works also without Git repository.
-BRIDGE_APP_VERSION?=3.0.12+git
+BRIDGE_APP_VERSION?=3.0.16+git
 APP_VERSION:=${BRIDGE_APP_VERSION}
 APP_FULL_NAME:=Proton Mail Bridge
 APP_VENDOR:=Proton AG
@@ -294,7 +294,7 @@ gofiles: ./internal/bridge/credits.go
 	cd ./utils/ && ./credits.sh bridge
 
 ## Run and debug
-.PHONY: run run-qt run-qt-cli run-nogui run-cli run-noninteractive run-debug run-qml-preview clean-vendor clean-frontend-qt clean-frontend-qt-common clean
+.PHONY: run run-qt run-qt-cli run-nogui run-cli run-noninteractive run-debug run-gui-tester clean-vendor clean-frontend-qt clean-frontend-qt-common clean
 
 LOG?=debug
 LOG_IMAP?=client # client/server/all, or empty to turn it off
@@ -321,6 +321,20 @@ run-nogui: build-nogui clean-vendor gofiles
 run-debug:
 	dlv debug ./cmd/Desktop-Bridge/main.go -- -l=debug
 
+ifeq "${TARGET_OS}" "windows"
+	EXE_SUFFIX=.exe
+endif
+
+bridge-gui-tester:  build-gui
+	cp ./cmd/Desktop-Bridge/deploy/${TARGET_OS}/bridge-gui${EXE_SUFFIX} .
+	cd ./internal/frontend/bridge-gui/bridge-gui-tester && cmake . && make
+
+run-gui-tester: bridge-gui-tester
+	# copying tester as bridge so bridge-gui will start it and connect to it automatically
+	cp ./internal/frontend/bridge-gui/bridge-gui-tester/bridge-gui-tester${EXE_SUFFIX} bridge${EXE_SUFFIX}
+	./bridge-gui${EXE_SUFFIX}
+
+
 clean-vendor:
 	rm -rf ./vendor
 

go.mod

@@ -5,9 +5,9 @@ go 1.18
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/ProtonMail/gluon v0.14.2-0.20230127085305-bc2d818d9d13
+	github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
-	github.com/ProtonMail/go-proton-api v0.3.1-0.20230126112849-3c1ac277855e
+	github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a
 	github.com/ProtonMail/go-rfc5322 v0.11.0
 	github.com/ProtonMail/gopenpgp/v2 v2.4.10
 	github.com/PuerkitoBio/goquery v1.8.0

go.sum

@@ -28,8 +28,8 @@ github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
 github.com/ProtonMail/docker-credential-helpers v1.1.0 h1:+kvUIpwWcbtP3WFv5sSvkFn/XLzSqPOB5AAthuk9xPk=
 github.com/ProtonMail/docker-credential-helpers v1.1.0/go.mod h1:mK0aBveCxhnQ756AmaTfXMZDeULvheYVhF/MWMErN5g=
-github.com/ProtonMail/gluon v0.14.2-0.20230127085305-bc2d818d9d13 h1:rljNZVgfq/F1LLyJ4NmCfEzWayC/rk+l9QgJjtQTLKI=
-github.com/ProtonMail/gluon v0.14.2-0.20230127085305-bc2d818d9d13/go.mod h1:z2AxLIiBCT1K+0OBHyaDI7AEaO5qI6/BEC2TE42vs4Q=
+github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6 h1:HR944ZH7lN6sCA9OJMTdyoH1IRU0dBjxQHc7W0vFVrg=
+github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6/go.mod h1:z2AxLIiBCT1K+0OBHyaDI7AEaO5qI6/BEC2TE42vs4Q=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
@@ -41,8 +41,8 @@ github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753/go.mod h1:NB
 github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
 github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f h1:4IWzKjHzZxdrW9k4zl/qCwenOVHDbVDADPPHFLjs0Oc=
 github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f/go.mod h1:qRZgbeASl2a9OwmsV85aWwRqic0NHPh+9ewGAzb4cgM=
-github.com/ProtonMail/go-proton-api v0.3.1-0.20230126112849-3c1ac277855e h1:UkfLQc44UvknNCLoBEZb1qg7zfVWVLMvCE/LtdVEcAw=
-github.com/ProtonMail/go-proton-api v0.3.1-0.20230126112849-3c1ac277855e/go.mod h1:JUo5IQG0hNuPRuDpOUsCOvtee6UjTEHHF1QN2i8RSos=
+github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a h1:h9KLPt0HTCJjILYHREWCYnZv+1xaYmOVx/rxiT/1dIg=
+github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a/go.mod h1:JUo5IQG0hNuPRuDpOUsCOvtee6UjTEHHF1QN2i8RSos=
 github.com/ProtonMail/go-rfc5322 v0.11.0 h1:o5Obrm4DpmQEffvgsVqG6S4BKwC1Wat+hYwjIp2YcCY=
 github.com/ProtonMail/go-rfc5322 v0.11.0/go.mod h1:6oOKr0jXvpoE6pwTx/HukigQpX2J9WUf6h0auplrFTw=
 github.com/ProtonMail/go-srp v0.0.5 h1:xhUioxZgDbCnpo9JehyFhwwsn9JLWkUGfB0oiKXgiGg=

internal/app/app.go

@@ -19,11 +19,13 @@ package app
 
 import (
 	"fmt"
+	"math/rand"
 	"net/http"
 	"net/http/cookiejar"
 	"os"
 	"path/filepath"
 	"runtime"
+	"time"
 
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
@@ -155,6 +157,9 @@ func New() *cli.App { //nolint:funlen
 }
 
 func run(c *cli.Context) error { //nolint:funlen
+	// Seed the default RNG from the math/rand package.
+	rand.Seed(time.Now().UnixNano())
+
 	// Get the current bridge version.
 	version, err := semver.NewVersion(constants.Version)
 	if err != nil {

internal/bridge/bridge.go

@@ -21,6 +21,7 @@ package bridge
 import (
 	"context"
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -38,6 +39,7 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/bradenaw/juniper/xslices"
@@ -376,10 +378,11 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 
 	// Attempt to lazy load users when triggered.
 	bridge.goLoad = bridge.tasks.Trigger(func(ctx context.Context) {
-		logrus.Info("Loading users")
-
 		if err := bridge.loadUsers(ctx); err != nil {
 			logrus.WithError(err).Error("Failed to load users")
+			if netErr := new(proton.NetError); !errors.As(err, &netErr) {
+				sentry.ReportError(bridge.reporter, "Failed to load users", err)
+			}
 		} else {
 			bridge.publish(events.AllUsersLoaded{})
 		}

internal/bridge/bridge_test.go

@@ -559,6 +559,69 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 	})
 }
 
+func TestBridge_ChangeAddressOrder(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		// Create a user.
+		userID, addrID, err := s.CreateUser("imap", password)
+		require.NoError(t, err)
+
+		// Create a second address for the user.
+		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
+		require.NoError(t, err)
+
+		// Create 10 messages for the user.
+		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
+			createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			// Log the user in with its first address.
+			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
+			defer done()
+			userID, err := b.LoginFull(ctx, "imap", password, nil, nil)
+			require.NoError(t, err)
+			require.Equal(t, userID, (<-syncCh).UserID)
+
+			// We should see 10 messages in the inbox.
+			info, err := b.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.True(t, info.State == bridge.Connected)
+
+			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
+			defer func() { _ = client.Logout() }()
+
+			status, err := client.Select(`Inbox`, false)
+			require.NoError(t, err)
+			require.Equal(t, uint32(10), status.Messages)
+		})
+
+		// Make the second address the primary one.
+		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
+			require.NoError(t, c.OrderAddresses(ctx, proton.OrderAddressesReq{AddressIDs: []string{aliasID, addrID}}))
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			// We should still see 10 messages in the inbox.
+			info, err := b.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.True(t, info.State == bridge.Connected)
+
+			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
+			defer func() { _ = client.Logout() }()
+
+			require.Eventually(t, func() bool {
+				status, err := client.Select(`Inbox`, false)
+				require.NoError(t, err)
+				return status.Messages == 10
+			}, 5*time.Second, 100*time.Millisecond)
+		})
+	})
+}
+
 // withEnv creates the full test environment and runs the tests.
 func withEnv(t *testing.T, tests func(context.Context, *server.Server, *proton.NetCtl, bridge.Locator, []byte), opts ...server.Option) {
 	server := server.New(opts...)

internal/bridge/imap.go

@@ -100,6 +100,8 @@ func (bridge *Bridge) closeIMAP(ctx context.Context) error {
 }
 
 // addIMAPUser connects the given user to gluon.
+//
+//nolint:funlen
 func (bridge *Bridge) addIMAPUser(ctx context.Context, user *user.User) error {
 	if bridge.imapServer == nil {
 		return fmt.Errorf("no imap server instance running")
@@ -125,13 +127,46 @@ func (bridge *Bridge) addIMAPUser(ctx context.Context, user *user.User) error {
 				return fmt.Errorf("failed to load IMAP user: %w", err)
 			}
 
-			// If the DB was newly created, clear the sync status; gluon's DB was not found.
 			if isNew {
+				// If the DB was newly created, clear the sync status; gluon's DB was not found.
 				logrus.Warn("IMAP user DB was newly created, clearing sync status")
 
+				// Remove the user from IMAP so we can clear the sync status.
+				if err := bridge.imapServer.RemoveUser(ctx, gluonID, false); err != nil {
+					return fmt.Errorf("failed to remove IMAP user: %w", err)
+				}
+
+				// Clear the sync status -- we need to resync all messages.
 				if err := user.ClearSyncStatus(); err != nil {
 					return fmt.Errorf("failed to clear sync status: %w", err)
 				}
+
+				// Add the user back to the IMAP server.
+				if isNew, err := bridge.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey()); err != nil {
+					return fmt.Errorf("failed to add IMAP user: %w", err)
+				} else if isNew {
+					panic("IMAP user should already have a database")
+				}
+			} else if status := user.GetSyncStatus(); !status.HasLabels {
+				// Otherwise, the DB already exists -- if the labels are not yet synced, we need to re-create the DB.
+				if err := bridge.imapServer.RemoveUser(ctx, gluonID, true); err != nil {
+					return fmt.Errorf("failed to remove old IMAP user: %w", err)
+				}
+
+				if err := user.RemoveGluonID(addrID, gluonID); err != nil {
+					return fmt.Errorf("failed to remove old IMAP user ID: %w", err)
+				}
+
+				gluonID, err := bridge.imapServer.AddUser(ctx, imapConn, user.GluonKey())
+				if err != nil {
+					return fmt.Errorf("failed to add IMAP user: %w", err)
+				}
+
+				if err := user.SetGluonID(addrID, gluonID); err != nil {
+					return fmt.Errorf("failed to set IMAP user ID: %w", err)
+				}
+
+				log.WithField("gluonID", gluonID).Info("Re-created IMAP user")
 			}
 		} else {
 			log.Info("Creating new IMAP user")
@@ -149,6 +184,9 @@ func (bridge *Bridge) addIMAPUser(ctx context.Context, user *user.User) error {
 		}
 	}
 
+	// Trigger a sync for the user, if needed.
+	user.TriggerSync()
+
 	return nil
 }
 

internal/bridge/send_test.go

@@ -18,10 +18,12 @@
 package bridge_test
 
 import (
+	"bytes"
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net"
+	"os"
 	"strings"
 	"testing"
 	"time"
@@ -217,3 +219,114 @@ func TestBridge_SendDraftFlags(t *testing.T) {
 		})
 	})
 }
+
+func TestBridge_SendInvite(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a recipient user.
+		_, _, err := s.CreateUser("recipient", password)
+		require.NoError(t, err)
+
+		// Set "attach public keys" to true for the user.
+		withClient(ctx, t, s, username, password, func(ctx context.Context, client *proton.Client) {
+			settings, err := client.SetAttachPublicKey(ctx, proton.SetAttachPublicKeyReq{AttachPublicKey: true})
+			require.NoError(t, err)
+			require.Equal(t, proton.Bool(true), settings.AttachPublicKey)
+		})
+
+		// The sender should be fully synced.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
+			defer done()
+
+			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			require.Equal(t, userID, (<-syncCh).UserID)
+		})
+
+		// Start the bridge.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			// Get the sender user info.
+			userInfo, err := bridge.QueryUserInfo(username)
+			require.NoError(t, err)
+
+			// Connect the sender IMAP client.
+			imapClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			require.NoError(t, err)
+			require.NoError(t, imapClient.Login(userInfo.Addresses[0], string(userInfo.BridgePass)))
+			defer imapClient.Logout() //nolint:errcheck
+
+			// The message to send.
+			b, err := os.ReadFile("testdata/invite.eml")
+			require.NoError(t, err)
+
+			// Save a draft.
+			require.NoError(t, imapClient.Append("Drafts", []string{imap.DraftFlag}, time.Now(), bytes.NewReader(b)))
+
+			// Assert that the draft exists and is marked as a draft.
+			{
+				messages, err := clientFetch(imapClient, "Drafts")
+				require.NoError(t, err)
+				require.Len(t, messages, 1)
+				require.Contains(t, messages[0].Flags, imap.DraftFlag)
+			}
+
+			// Connect the SMTP client.
+			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
+			require.NoError(t, err)
+			defer smtpClient.Close() //nolint:errcheck
+
+			// Upgrade to TLS.
+			require.NoError(t, smtpClient.StartTLS(&tls.Config{InsecureSkipVerify: true}))
+
+			// Authorize with SASL PLAIN.
+			require.NoError(t, smtpClient.Auth(sasl.NewPlainClient(
+				userInfo.Addresses[0],
+				userInfo.Addresses[0],
+				string(userInfo.BridgePass)),
+			))
+
+			// Send the message.
+			require.NoError(t, smtpClient.SendMail(
+				userInfo.Addresses[0],
+				[]string{"recipient@" + s.GetDomain()},
+				bytes.NewReader(b),
+			))
+
+			// Delete the draft: add the \Deleted flag and expunge.
+			{
+				status, err := imapClient.Select("Drafts", false)
+				require.NoError(t, err)
+				require.Equal(t, uint32(1), status.Messages)
+
+				// Add the \Deleted flag.
+				require.NoError(t, clientStore(imapClient, 1, 1, true, imap.FormatFlagsOp(imap.AddFlags, true), imap.DeletedFlag))
+
+				// Expunge.
+				require.NoError(t, imapClient.Expunge(nil))
+			}
+
+			// Assert that the draft is eventually gone.
+			require.Eventually(t, func() bool {
+				status, err := imapClient.Select("Drafts", false)
+				require.NoError(t, err)
+				return status.Messages == 0
+			}, 10*time.Second, 100*time.Millisecond)
+
+			// Assert that the message is eventually in the sent folder.
+			require.Eventually(t, func() bool {
+				messages, err := clientFetch(imapClient, "Sent")
+				require.NoError(t, err)
+				return len(messages) == 1
+			}, 10*time.Second, 100*time.Millisecond)
+
+			// Assert that the message is not marked as a draft.
+			{
+				messages, err := clientFetch(imapClient, "Sent")
+				require.NoError(t, err)
+				require.Len(t, messages, 1)
+				require.NotContains(t, messages[0].Flags, imap.DraftFlag)
+			}
+		})
+	})
+}

internal/bridge/testdata/invite.eml

@@ -0,0 +1,85 @@
+From: <username@proton.local>
+To: <recipient@proton.local>
+Subject: Testing calendar invite
+Date: Fri, 3 Feb 2023 01:04:32 +0100
+Message-ID: <000001d93763$183b74e0$48b25ea0$@proton.local>
+MIME-Version: 1.0
+Content-Type: text/calendar; method=REQUEST;
+	charset="utf-8"
+Content-Transfer-Encoding: 7bit
+X-Mailer: Microsoft Outlook 16.0
+Thread-Index: Adk3Yw5pLdgwsT46RviXb/nfvQlesQAAAmGA
+Content-Language: en-gb
+
+BEGIN:VCALENDAR
+PRODID:-//Microsoft Corporation//Outlook 16.0 MIMEDIR//EN
+VERSION:2.0
+METHOD:REQUEST
+X-MS-OLK-FORCEINSPECTOROPEN:TRUE
+BEGIN:VTIMEZONE
+TZID:Central European Standard Time
+BEGIN:STANDARD
+DTSTART:16011028T030000
+RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+END:STANDARD
+BEGIN:DAYLIGHT
+DTSTART:16010325T020000
+RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+END:DAYLIGHT
+END:VTIMEZONE
+BEGIN:VEVENT
+ATTENDEE;CN=recipient@proton.local;RSVP=TRUE:mailto:recipient@proton.local
+CLASS:PUBLIC
+CREATED:20230203T000432Z
+DESCRIPTION:qweqweqweqweqweqwe/gn\\n
+DTEND;TZID="Central European Standard Time":20230203T020000
+DTSTAMP:20230203T000432Z
+DTSTART;TZID="Central European Standard Time":20230203T013000
+LAST-MODIFIED:20230203T000432Z
+LOCATION:qweqwe
+ORGANIZER;CN=username@proton.local:mailto:username@proton.local
+PRIORITY:5
+SEQUENCE:0
+SUMMARY;LANGUAGE=en-gb:Testing calendar invite
+TRANSP:OPAQUE
+UID:040000008200E00074C5B7101A82E008000000003080B2796B37D901000000000000000
+	0100000001236CD1CD93CA9449C6FF1AC4DEAC44E
+X-ALT-DESC;FMTTYPE=text/html:<html xmlns:v="urn:schemas-microsoft-com:vml" 
+	xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-mic
+	rosoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/
+	12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Co
+	ntent-Type content="text/html/g; charset=us-ascii"><meta name=Generator con
+	tent="Microsoft Word 15 (filtered medium)"><style><!--/gn/* Font Definition
+	s *//gn@font-face\\n	{font-family:"Cambria Math"\\;\\n	panose-1:2 4 5 3 5 4 6 
+	3 2 4/g;}\\n@font-face\\n	{font-family:Calibri\\;\\n	panose-1:2 15 5 2 2 2 4 3 
+	2 4/g;}\\n/* Style Definitions */\\np.MsoNormal\\, li.MsoNormal\\, div.MsoNorma
+	l/gn	{margin:0cm\\;\\n	font-size:11.0pt\\;\\n	font-family:"Calibri"\\,sans-serif
+	/g;\\n	mso-fareast-language:EN-US\\;}\\nspan.EmailStyle18\\n	{mso-style-type:pe
+	rsonal-compose/g;\\n	font-family:"Calibri"\\,sans-serif\\;\\n	color:windowtext\\
+	;}/gn.MsoChpDefault\\n	{mso-style-type:export-only\\;\\n	font-size:10.0pt\\;}\\n
+	@page WordSection1/gn	{size:612.0pt 792.0pt\\;\\n	margin:72.0pt 72.0pt 72.0pt
+	 72.0pt/g;}\\ndiv.WordSection1\\n	{page:WordSection1\\;}\\n--></style><!--[if g
+	te mso 9]><xml>/gn<o:shapedefaults v:ext="edit" spidmax="1026" />\\n</xml><!
+	[endif]--><!--[if gte mso 9]><xml>/gn<o:shapelayout v:ext="edit">\\n<o:idmap
+	 v:ext="edit" data="1" />/gn</o:shapelayout></xml><![endif]--></head><body 
+	lang=EN-GB link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><di
+	v class=WordSection1><p class=MsoNormal><span lang=EN-US>qweqweqweqweqweqw
+	e<o:p></o:p></span></p></div></body></html>
+X-MICROSOFT-CDO-BUSYSTATUS:TENTATIVE
+X-MICROSOFT-CDO-IMPORTANCE:1
+X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY
+X-MICROSOFT-DISALLOW-COUNTER:FALSE
+X-MS-OLK-AUTOSTARTCHECK:FALSE
+X-MS-OLK-CONFTYPE:0
+BEGIN:VALARM
+TRIGGER:-PT15M
+ACTION:DISPLAY
+DESCRIPTION:Reminder
+END:VALARM
+END:VEVENT
+END:VCALENDAR
+

internal/bridge/user.go

@@ -330,17 +330,18 @@ func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, auth
 // loadUsers tries to load each user in the vault that isn't already loaded.
 func (bridge *Bridge) loadUsers(ctx context.Context) error {
 	logrus.WithField("count", len(bridge.vault.GetUserIDs())).Info("Loading users")
+	defer logrus.Info("Finished loading users")
 
 	return bridge.vault.ForUser(runtime.NumCPU(), func(user *vault.User) error {
 		log := logrus.WithField("userID", user.UserID())
 
 		if user.AuthUID() == "" {
-			log.Info("Not loading disconnected user")
+			log.Info("User is not connected (skipping)")
 			return nil
 		}
 
 		if safe.RLockRet(func() bool { return mapHas(bridge.users, user.UserID()) }, bridge.usersLock) {
-			log.Debug("Not loading already-loaded user")
+			log.Info("User is already loaded (skipping)")
 			return nil
 		}
 

internal/frontend/bridge-gui/bridge-gui/AppController.cpp

@@ -76,10 +76,10 @@ ProcessMonitor *AppController::bridgeMonitor() const {
 //****************************************************************************************************************************************************
 void AppController::onFatalError(QString const &function, QString const &message) {
     QString const fullMessage = QString("%1(): %2").arg(function, message);
-    reportSentryException(SENTRY_LEVEL_ERROR, "AppController got notified of a fatal error", "Exception", fullMessage.toLocal8Bit());
+    auto uuid = reportSentryException(SENTRY_LEVEL_ERROR, "AppController got notified of a fatal error", "Exception", fullMessage.toLocal8Bit());
     QMessageBox::critical(nullptr, tr("Error"), message);
     restart(true);
-    log().fatal(fullMessage);
+    log().fatal(QString("reportID: %1 Captured exception: %2").arg(QByteArray(uuid.bytes, 16).toHex()).arg(fullMessage));
     qApp->exit(EXIT_FAILURE);
 }
 

internal/frontend/bridge-gui/bridge-gui/QMLBackend.cpp

@@ -874,12 +874,14 @@ void QMLBackend::onLoginAlreadyLoggedIn(QString const &userID) {
 //****************************************************************************************************************************************************
 void QMLBackend::onUserBadEvent(QString const &userID, QString const &errorMessage) {
     HANDLE_EXCEPTION(
-        Q_UNUSED(errorMessage);
         SPUser const user = users_->getUserWithID(userID);
         if (!user)
             app().log().error(QString("Received bad event for unknown user %1").arg(user->id()));
         user->setState(UserState::SignedOut);
-        emit userBadEvent(tr("%1 was logged out because of an internal error.").arg(user->primaryEmailOrUsername()));
+        emit userBadEvent(
+            tr("Internal error: %1 was automatically logged out. Please log in again or report this problem if the issue persists.").arg(user->primaryEmailOrUsername()),
+            errorMessage
+            );
         emit selectUser(userID);
         emit showMainWindow();
     )

internal/frontend/bridge-gui/bridge-gui/QMLBackend.h

@@ -222,7 +222,7 @@ signals: // Signals received from the Go backend, to be forwarded to QML
     void addressChangedLogout(QString const &address); ///< Signal for the 'addressChangedLogout' gRPC stream event.
     void apiCertIssue(); ///< Signal for the 'apiCertIssue' gRPC stream event.
     void userDisconnected(QString const &username); ///< Signal for the 'userDisconnected' gRPC stream event.
-    void userBadEvent(QString const &message); ///< Signal for the 'userBadEvent' gRPC stream event.
+    void userBadEvent(QString const &description, QString const &errorMessage); ///< Signal for the 'userBadEvent' gRPC stream event.
     void internetOff(); ///< Signal for the 'internetOff' gRPC stream event.
     void internetOn(); ///< Signal for the 'internetOn' gRPC stream event.
     void resetFinished(); ///< Signal for the 'resetFinished' gRPC stream event.

internal/frontend/bridge-gui/bridge-gui/SentryUtils.cpp

@@ -16,19 +16,38 @@
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 
 #include "SentryUtils.h"
+#include "Version.h"
+#include <bridgepp/BridgeUtils.h>
 
+#include <QByteArray>
+#include <QCryptographicHash>
+#include <QString>
+#include <QSysInfo>
 
 static constexpr const char *LoggerName = "bridge-gui";
 
+QByteArray getProtectedHostname() {
+    QByteArray hostname = QCryptographicHash::hash(QSysInfo::machineHostName().toUtf8(), QCryptographicHash::Sha256);
+    return hostname.toHex();
+}
 
-void reportSentryEvent(sentry_level_t level, const char *message) {
+void setSentryReportScope() {
+    sentry_set_tag("OS", bridgepp::goos().toUtf8());
+    sentry_set_tag("Client", PROJECT_FULL_NAME);
+    sentry_set_tag("Version",   PROJECT_VER);
+    sentry_set_tag("UserAgent", QString("/ (%1)").arg(bridgepp::goos()).toUtf8());
+    sentry_set_tag("HostArch",  QSysInfo::currentCpuArchitecture().toUtf8());
+    sentry_set_tag("server_name",  getProtectedHostname());
+}
+
+sentry_uuid_t reportSentryEvent(sentry_level_t level, const char *message) {
     auto event = sentry_value_new_message_event(level, LoggerName, message);
-    sentry_capture_event(event);
+    return sentry_capture_event(event);
 }
 
 
-void reportSentryException(sentry_level_t level, const char *message, const char *exceptionType, const char *exception) {
+sentry_uuid_t reportSentryException(sentry_level_t level, const char *message, const char *exceptionType, const char *exception) {
     auto event = sentry_value_new_message_event(level, LoggerName, message);
     sentry_event_add_exception(event, sentry_value_new_exception(exceptionType, exception));
-    sentry_capture_event(event);
+    return sentry_capture_event(event);
 }

internal/frontend/bridge-gui/bridge-gui/SentryUtils.h

@@ -21,8 +21,8 @@
 
 #include <sentry.h>
 
-
-void reportSentryEvent(sentry_level_t level, const char *message);
-void reportSentryException(sentry_level_t level, const char *message, const char *exceptionType, const char *exception);
+void setSentryReportScope();
+sentry_uuid_t reportSentryEvent(sentry_level_t level, const char *message);
+sentry_uuid_t reportSentryException(sentry_level_t level, const char *message, const char *exceptionType, const char *exception);
 
 #endif //BRIDGE_GUI_SENTRYUTILS_H

internal/frontend/bridge-gui/bridge-gui/build.ps1

@@ -75,6 +75,7 @@ function check_exit() {
 
 Write-host "Running build for version $bridgeVersion - $buildConfig in $buildDir"
 
+$REVISION_HASH = git rev-parse --short=10 HEAD
 git submodule update --init --recursive $vcpkgRoot
 . $vcpkgBootstrap -disableMetrics
 . $vcpkgExe install sentry-native:x64-windows grpc:x64-windows --clean-after-build
@@ -82,6 +83,7 @@ git submodule update --init --recursive $vcpkgRoot
 . $cmakeExe -G "Visual Studio 17 2022" -DCMAKE_BUILD_TYPE="$buildConfig" `
                                        -DBRIDGE_APP_FULL_NAME="$bridgeFullName" `
                                        -DBRIDGE_VENDOR="$bridgeVendor" `
+                                       -DBRIDGE_REVISION=$REVISION_HASH `
                                        -DBRIDGE_APP_VERSION="$bridgeVersion" `
                                        -S . -B $buildDir
 

internal/frontend/bridge-gui/bridge-gui/build.sh

@@ -55,7 +55,7 @@ BRIDGE_VENDOR=${BRIDGE_VENDOR:-"Proton AG"}
 BUILD_CONFIG=${BRIDGE_GUI_BUILD_CONFIG:-Debug}
 BUILD_DIR=$(echo "./cmake-build-${BUILD_CONFIG}" | tr '[:upper:]' '[:lower:]')
 VCPKG_ROOT="${BRIDGE_REPO_ROOT}/extern/vcpkg"
-
+BRIDGE_REVISION=$(git rev-parse --short=10 HEAD)
 git submodule update --init --recursive ${VCPKG_ROOT}
 check_exit "Failed to initialize vcpkg as a submodule."
 
@@ -93,6 +93,7 @@ cmake  \
     -DCMAKE_BUILD_TYPE="${BUILD_CONFIG}" \
     -DBRIDGE_APP_FULL_NAME="${BRIDGE_APP_FULL_NAME}" \
     -DBRIDGE_VENDOR="${BRIDGE_VENDOR}" \
+    -DBRIDGE_REVISION="${BRIDGE_REVISION}" \
     -DBRIDGE_APP_VERSION="${BRIDGE_APP_VERSION}" "${BRIDGE_CMAKE_MACOS_OPTS}" \
     -G Ninja \
     -S . \

internal/frontend/bridge-gui/bridge-gui/main.cpp

@@ -28,6 +28,7 @@
 #include <bridgepp/Log/Log.h>
 #include <bridgepp/ProcessMonitor.h>
 #include <sentry.h>
+#include <SentryUtils.h>
 #include <project_sentry_config.h>
 
 
@@ -238,7 +239,8 @@ void focusOtherInstance() {
     }
     catch (Exception const &e) {
         app().log().error(e.qwhat());
-        reportSentryException(SENTRY_LEVEL_ERROR, "Exception occurred during focusOtherInstance()", "Exception", e.what());
+        auto uuid = reportSentryException(SENTRY_LEVEL_ERROR, "Exception occurred during focusOtherInstance()", "Exception", e.what());
+        app().log().fatal(QString("reportID: %1 Captured exception: %2").arg(QByteArray(uuid.bytes, 16).toHex()).arg(e.qwhat()));
     }
 }
 
@@ -296,13 +298,13 @@ int main(int argc, char *argv[]) {
         const QString sentryCachePath = sentryCacheDir();
         sentry_options_set_database_path(sentryOptions, sentryCachePath.toStdString().c_str());
     }
-    sentry_options_set_release(sentryOptions, SentryProductID);
+    sentry_options_set_release(sentryOptions, QByteArray(PROJECT_REVISION).toHex());
     // Enable this for debugging sentry.
     // sentry_options_set_debug(sentryOptions, 1);
     if (sentry_init(sentryOptions) != 0) {
         std::cerr << "Failed to initialize sentry" << std::endl;
     }
-
+    setSentryReportScope();
     auto sentryClose = qScopeGuard([] { sentry_close(); });
 
     // The application instance is needed to display system message boxes. As we may have to do it in the exception handler,
@@ -426,9 +428,9 @@ int main(int argc, char *argv[]) {
         return result;
     }
     catch (Exception const &e) {
-        reportSentryException(SENTRY_LEVEL_ERROR, "Exception occurred during main", "Exception", e.what());
+        auto uuid = reportSentryException(SENTRY_LEVEL_ERROR, "Exception occurred during main", "Exception", e.what());
         QMessageBox::critical(nullptr, "Error", e.qwhat());
-        QTextStream(stderr) << e.qwhat() << "\n";
+        QTextStream(stderr) << "reportID: " << QByteArray(uuid.bytes, 16).toHex() << "Captured exception :" << e.qwhat() << "\n";
         return EXIT_FAILURE;
     }
 }

internal/frontend/bridge-gui/bridge-gui/qml/BugReportView.qml

@@ -170,6 +170,10 @@ SettingsView {
         }
     }
 
+    function setDescription(message) {
+        description.text = message
+    }
+
     function setDefaultValue() {
         description.text = ""
         address.text = root.selectedAddress

internal/frontend/bridge-gui/bridge-gui/qml/ContentWrapper.qml

@@ -348,6 +348,7 @@ Item {
                 }
 
                 BugReportView { // 8
+                    id: bugReport
                     colorScheme: root.colorScheme
                     selectedAddress: {
                         if (accounts.currentIndex < 0) return ""
@@ -409,10 +410,14 @@ Item {
             }
             accounts.currentIndex = i;
             if (user.state === EUserState.SignedOut)
-                showSignIn(user.primaryEmailOrUsername())
+            showSignIn(user.primaryEmailOrUsername())
             return;
         }
         console.error("User with ID ", userID, " was not found in the account list")
     }
 
+    function showBugReportAndPrefill(description) {
+        rightContent.showBugReport()
+        bugReport.setDescription(description)
+    }
 }

internal/frontend/bridge-gui/bridge-gui/qml/MainWindow.qml

@@ -169,7 +169,6 @@ ApplicationWindow {
                 root.showSetup(null,"")
             }
         }
-
     }
 
     NotificationPopups {
@@ -188,6 +187,10 @@ ApplicationWindow {
     function showHelp() { contentWrapper.showHelp() }
     function selectUser(userID) { contentWrapper.selectUser(userID) }
 
+    function showBugReportAndPrefill(message) {
+        contentWrapper.showBugReportAndPrefill(message)
+    }
+
     function showSignIn(username) {
         if (contentLayout.currentIndex == 1) return
         contentWrapper.showSignIn(username)

internal/frontend/bridge-gui/bridge-gui/qml/NotificationPopups.qml

@@ -129,6 +129,11 @@ Item {
         notification: root.notifications.noActiveKeyForRecipient
     }
 
+    NotificationDialog {
+        colorScheme: root.colorScheme
+        notification: root.notifications.userBadEvent
+    }
+
     NotificationDialog {
         colorScheme: root.colorScheme
         notification: root.notifications.genericError

internal/frontend/bridge-gui/bridge-gui/qml/Notifications/Notifications.qml

@@ -1046,8 +1046,8 @@ QtObject {
     property Notification apiCertIssue: Notification {
         title: qsTr("Unable to establish a \nsecure connection to \nProton servers")
         description: qsTr("Bridge cannot verify the authenticity of Proton servers on your current network due to a TLS certificate error. " +
-            "Start Bridge again after ensuring your connection is secure and/or connecting to a VPN. Learn more about TLS pinning " +
-            "<a href=\"https://proton.me/blog/tls-ssl-certificate#Extra-security-precautions-taken-by-ProtonMail\">here</a>.")
+        "Start Bridge again after ensuring your connection is secure and/or connecting to a VPN. Learn more about TLS pinning " +
+        "<a href=\"https://proton.me/blog/tls-ssl-certificate#Extra-security-precautions-taken-by-ProtonMail\">here</a>.")
 
         brief: title
         icon: "./icons/ic-exclamation-circle-filled.svg"
@@ -1086,7 +1086,7 @@ QtObject {
 
             function onNoActiveKeyForRecipient(email) {
                 root.noActiveKeyForRecipient.description = qsTr("There are no active keys to encrypt your message to %1. "+
-                    "Please update the setting for this contact.").arg(email)
+                "Please update the setting for this contact.").arg(email)
                 root.noActiveKeyForRecipient.active = true
             }
         }
@@ -1103,17 +1103,21 @@ QtObject {
     }
 
     property Notification userBadEvent: Notification {
-        title: qsTr("User was logged out")
+        title: qsTr("Your account was logged out")
         brief: title
         description: "#PlaceHolderText"
         icon: "./icons/ic-exclamation-circle-filled.svg"
         type: Notification.NotificationType.Danger
-        group: Notifications.Group.Connection
+        group: Notifications.Group.Connection | Notifications.Group.Dialogs
+
+        property var bugReportMsg: "Reporting an issue:\n\n\"%1\"\n\nError: %2\n\nThe issue persists even after loggin back in."
+        property var errorMessage: ""
 
         Connections {
             target: Backend
-            function onUserBadEvent(message) {
-                root.userBadEvent.description = message
+            function onUserBadEvent(description, errorMessage) {
+                root.userBadEvent.description = description
+                root.userBadEvent.errorMessage = errorMessage
                 root.userBadEvent.active = true
             }
         }
@@ -1125,8 +1129,22 @@ QtObject {
                 onTriggered: {
                     root.userBadEvent.active = false
                 }
+            },
+
+            Action {
+                text: qsTr("Report")
+
+                onTriggered: {
+                    root.frontendMain.showBugReportAndPrefill(
+                        root.userBadEvent.bugReportMsg.
+                        arg( root.userBadEvent.description).
+                        arg(root.userBadEvent.errorMessage)
+                    )
+                    root.userBadEvent.active = false
+                }
             }
         ]
+
     }
 
     property Notification genericError: Notification {
@@ -1135,14 +1153,14 @@ QtObject {
         icon: "./icons/ic-exclamation-circle-filled.svg"
         type: Notification.NotificationType.Danger
         group: Notifications.Group.Dialogs
-            Connections {
-              target: Backend
-                 function onGenericError(title, description) {
-                  root.genericError.title = title
-                  root.genericError.description = description
-                  root.genericError.active = true;
-              }
+        Connections {
+            target: Backend
+            function onGenericError(title, description) {
+                root.genericError.title = title
+                root.genericError.description = description
+                root.genericError.active = true;
             }
+        }
 
         action: [
             Action {

internal/frontend/grpc/service_methods.go

@@ -96,9 +96,11 @@ func (s *Service) GuiReady(ctx context.Context, _ *emptypb.Empty) (*GuiReadyResp
 
 	s.initializationDone.Do(s.initializing.Done)
 
-	// Splash screen should be displayed only to users who start v3 for the first time after upgrading from v2.
+	// Splash screen should be displayed only to users who start v3.0.17 or later for the first time after upgrading from v2.
 	return &GuiReadyResponse{
-		ShowSplashScreen: (!s.bridge.GetFirstStart()) && s.bridge.GetLastVersion().LessThan(semver.MustParse("3.0.0")),
+		ShowSplashScreen: (!s.bridge.GetFirstStart()) &&
+			s.bridge.GetLastVersion().LessThan(semver.MustParse("3.0.0")) &&
+			s.bridge.GetCurrentVersion().GreaterThan(semver.MustParse("3.0.16")),
 	}, nil
 }
 

internal/sentry/reporter.go

@@ -18,6 +18,7 @@
 package sentry
 
 import (
+	"crypto/sha256"
 	"errors"
 	"fmt"
 	"log"
@@ -25,6 +26,7 @@ import (
 	"runtime"
 	"time"
 
+	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/restarter"
 	"github.com/getsentry/sentry-go"
@@ -62,12 +64,21 @@ type Reporter struct {
 	appVersion string
 	identifier Identifier
 	hostArch   string
+	serverName string
 }
 
 type Identifier interface {
 	GetUserAgent() string
 }
 
+func getProtectedHostname() string {
+	hostname, err := os.Hostname()
+	if err != nil {
+		return "Unknown"
+	}
+	return fmt.Sprintf("%x", sha256.Sum256([]byte(hostname)))
+}
+
 // NewReporter creates new sentry reporter with appName and appVersion to report.
 func NewReporter(appName, appVersion string, identifier Identifier) *Reporter {
 	return &Reporter{
@@ -75,6 +86,7 @@ func NewReporter(appName, appVersion string, identifier Identifier) *Reporter {
 		appVersion: appVersion,
 		identifier: identifier,
 		hostArch:   getHostArch(),
+		serverName: getProtectedHostname(),
 	}
 }
 
@@ -126,11 +138,12 @@ func (r *Reporter) scopedReport(context map[string]interface{}, doReport func())
 	}
 
 	tags := map[string]string{
-		"OS":        runtime.GOOS,
-		"Client":    r.appName,
-		"Version":   r.appVersion,
-		"UserAgent": r.identifier.GetUserAgent(),
-		"HostArch":  r.hostArch,
+		"OS":          runtime.GOOS,
+		"Client":      r.appName,
+		"Version":     r.appVersion,
+		"UserAgent":   r.identifier.GetUserAgent(),
+		"HostArch":    r.hostArch,
+		"server_name": r.serverName,
 	}
 
 	sentry.WithScope(func(scope *sentry.Scope) {
@@ -151,6 +164,14 @@ func (r *Reporter) scopedReport(context map[string]interface{}, doReport func())
 	return nil
 }
 
+func ReportError(r reporter.Reporter, msg string, err error) {
+	if rerr := r.ReportMessageWithContext(msg, reporter.Context{
+		"error": err.Error(),
+	}); rerr != nil {
+		logrus.WithError(rerr).WithField("msg", msg).Error("Failed to send report")
+	}
+}
+
 // SkipDuringUnwind removes caller from the traceback.
 func SkipDuringUnwind() {
 	pcs := make([]uintptr, 2)

internal/user/events.go

@@ -85,8 +85,10 @@ func (user *User) handleRefreshEvent(ctx context.Context, refresh proton.Refresh
 		l.WithError(err).Error("Failed to report refresh to sentry")
 	}
 
-	// Cancel and restart ongoing syncs.
-	user.abortable.Abort()
+	// Cancel the event stream once this refresh is done.
+	defer user.pollAbort.Abort()
+
+	// Resync after the refresh.
 	defer user.goSync()
 
 	return safe.LockRet(func() error {
@@ -113,11 +115,8 @@ func (user *User) handleRefreshEvent(ctx context.Context, refresh proton.Refresh
 		user.apiAddrs = groupBy(apiAddrs, func(addr proton.Address) string { return addr.ID })
 		user.apiLabels = groupBy(apiLabels, func(label proton.Label) string { return label.ID })
 
-		// Reinitialize the update channels.
-		user.initUpdateCh(user.vault.AddressMode())
-
 		// Clear sync status; we want to sync everything again.
-		if err := user.vault.ClearSyncStatus(); err != nil {
+		if err := user.clearSyncStatus(); err != nil {
 			return fmt.Errorf("failed to clear sync status: %w", err)
 		}
 
@@ -454,7 +453,7 @@ func (user *User) handleMessageEvents(ctx context.Context, messageEvents []proto
 					return err
 				}
 
-				return nil
+				continue
 			}
 
 			// GODT-2028 - Use better events here. It should be possible to have 3 separate events that refrain to

internal/user/imap.go

@@ -287,12 +287,28 @@ func (conn *imapConnector) CreateMessage(
 	} else if ok {
 		conn.log.WithField("messageID", messageID).Warn("Message already sent")
 
-		message, err := conn.client.GetMessage(ctx, messageID)
+		// Query the server-side message.
+		full, err := conn.client.GetFullMessage(ctx, messageID)
 		if err != nil {
 			return imap.Message{}, nil, fmt.Errorf("failed to fetch message: %w", err)
 		}
 
-		return toIMAPMessage(message.MessageMetadata), nil, nil
+		// Build the message as it is on the server.
+		if err := safe.RLockRet(func() error {
+			return withAddrKR(conn.apiUser, conn.apiAddrs[full.AddressID], conn.vault.KeyPass(), func(_, addrKR *crypto.KeyRing) error {
+				var err error
+
+				if literal, err = message.BuildRFC822(addrKR, full.Message, full.AttData, defaultJobOpts()); err != nil {
+					return err
+				}
+
+				return nil
+			})
+		}, conn.apiUserLock, conn.apiAddrsLock); err != nil {
+			return imap.Message{}, nil, fmt.Errorf("failed to build message: %w", err)
+		}
+
+		return toIMAPMessage(full.MessageMetadata), literal, nil
 	}
 
 	wantLabelIDs := []string{string(mailboxID)}
@@ -427,7 +443,7 @@ func (conn *imapConnector) MoveMessages(ctx context.Context, messageIDs []imap.M
 			result = result || true
 		}
 
-		if v, ok := conn.apiLabels[string(labelToID)]; ok && v.Type == proton.LabelTypeFolder {
+		if v, ok := conn.apiLabels[string(labelToID)]; ok && (v.Type == proton.LabelTypeFolder || v.Type == proton.LabelTypeSystem) {
 			result = result || true
 		}
 

internal/user/smtp.go

@@ -23,6 +23,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io"
+	"mime"
 	"net/mail"
 	"runtime"
 	"strings"
@@ -119,7 +120,7 @@ func (user *User) sendMail(authID string, from string, to []string, r io.Reader)
 			}
 
 			// If we have to attach the public key, do it now.
-			if settings.AttachPublicKey == proton.AttachPublicKeyEnabled {
+			if settings.AttachPublicKey {
 				key, err := addrKR.GetKey(0)
 				if err != nil {
 					return fmt.Errorf("failed to get sending key: %w", err)
@@ -419,7 +420,7 @@ func createAttachments(
 		attachment, err := client.UploadAttachment(ctx, addrKR, proton.CreateAttachmentReq{
 			Filename:    att.Name,
 			MessageID:   draftID,
-			MIMEType:    rfc822.MIMEType(att.MIMEType),
+			MIMEType:    rfc822.MIMEType(mime.FormatMediaType(att.MIMEType, att.MIMEParams)),
 			Disposition: att.Disposition,
 			ContentID:   att.ContentID,
 			Body:        att.Data,

internal/user/sync.go

@@ -463,6 +463,11 @@ func wantLabel(label proton.Label) bool {
 
 func wantLabels(apiLabels map[string]proton.Label, labelIDs []string) []string {
 	return xslices.Filter(labelIDs, func(labelID string) bool {
-		return wantLabel(apiLabels[labelID])
+		apiLabel, ok := apiLabels[labelID]
+		if !ok {
+			return false
+		}
+
+		return wantLabel(apiLabel)
 	})
 }

internal/user/user.go

@@ -23,6 +23,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"strings"
 	"sync/atomic"
 	"time"
@@ -78,7 +79,8 @@ type User struct {
 	updateChLock safe.RWMutex
 
 	tasks     *async.Group
-	abortable async.Abortable
+	syncAbort async.Abortable
+	pollAbort async.Abortable
 	goSync    func()
 
 	pollAPIEventsCh chan chan struct{}
@@ -171,42 +173,6 @@ func New(
 		return nil
 	})
 
-	// Stream events from the API, logging any errors that occur.
-	// This does nothing until the sync has been marked as complete.
-	// When we receive an API event, we attempt to handle it.
-	// If successful, we update the event ID in the vault.
-	user.tasks.Once(func(ctx context.Context) {
-		ticker := proton.NewTicker(EventPeriod, EventJitter)
-		defer ticker.Stop()
-
-		for {
-			var doneCh chan struct{}
-
-			select {
-			case <-ctx.Done():
-				return
-
-			case doneCh = <-user.pollAPIEventsCh:
-				// ...
-
-			case <-ticker.C:
-				// ...
-			}
-
-			user.log.Debug("Event poll triggered")
-
-			if !user.vault.SyncStatus().IsComplete() {
-				user.log.Debug("Sync is incomplete, skipping event poll")
-			} else if err := user.doEventPoll(ctx); err != nil {
-				user.log.WithError(err).Error("Failed to poll events")
-			}
-
-			if doneCh != nil {
-				close(doneCh)
-			}
-		}
-	})
-
 	// When triggered, poll the API for events, optionally blocking until the poll is complete.
 	user.goPollAPIEvents = func(wait bool) {
 		doneCh := make(chan struct{})
@@ -218,26 +184,46 @@ func New(
 		}
 	}
 
-	// When triggered, attempt to sync the user.
+	// When triggered, sync the user and then begin streaming API events.
 	user.goSync = user.tasks.Trigger(func(ctx context.Context) {
-		user.log.Debug("Sync triggered")
+		user.log.Info("Sync triggered")
 
-		user.abortable.Do(ctx, func(ctx context.Context) {
+		// Sync the user.
+		user.syncAbort.Do(ctx, func(ctx context.Context) {
 			if user.vault.SyncStatus().IsComplete() {
-				user.log.Debug("Sync is already complete, skipping")
-			} else if err := user.doSync(ctx); err != nil {
-				user.log.WithError(err).Error("Failed to sync, will retry later")
-				time.AfterFunc(SyncRetryCooldown, user.goSync)
+				user.log.Info("Sync already complete, skipping")
+				return
+			}
+
+			for {
+				if err := ctx.Err(); err != nil {
+					user.log.WithError(err).Error("Sync aborted")
+					return
+				} else if err := user.doSync(ctx); err != nil {
+					user.log.WithError(err).Error("Failed to sync, will retry later")
+					sleepCtx(ctx, SyncRetryCooldown)
+				} else {
+					user.log.Info("Sync complete, starting API event stream")
+					return
+				}
 			}
 		})
+
+		// Once we know the sync has completed, we can start polling for API events.
+		if user.vault.SyncStatus().IsComplete() {
+			user.pollAbort.Do(ctx, func(ctx context.Context) {
+				user.startEvents(ctx)
+			})
+		}
 	})
 
-	// Trigger an initial sync (if necessary).
-	user.goSync()
-
 	return user, nil
 }
 
+func (user *User) TriggerSync() {
+	user.goSync()
+}
+
 // ID returns the user's ID.
 func (user *User) ID() string {
 	return safe.RLockRet(func() string {
@@ -294,22 +280,21 @@ func (user *User) GetAddressMode() vault.AddressMode {
 func (user *User) SetAddressMode(_ context.Context, mode vault.AddressMode) error {
 	user.log.WithField("mode", mode).Info("Setting address mode")
 
-	user.abortable.Abort()
+	user.syncAbort.Abort()
+	user.pollAbort.Abort()
 	defer user.goSync()
 
 	return safe.LockRet(func() error {
-		user.initUpdateCh(mode)
-
 		if err := user.vault.SetAddressMode(mode); err != nil {
 			return fmt.Errorf("failed to set address mode: %w", err)
 		}
 
-		if err := user.vault.ClearSyncStatus(); err != nil {
+		if err := user.clearSyncStatus(); err != nil {
 			return fmt.Errorf("failed to clear sync status: %w", err)
 		}
 
 		return nil
-	}, user.apiAddrsLock, user.updateChLock)
+	}, user.eventLock, user.apiAddrsLock, user.updateChLock)
 }
 
 // SetShowAllMail sets whether to show the All Mail mailbox.
@@ -326,12 +311,25 @@ func (user *User) GetGluonIDs() map[string]string {
 
 // GetGluonID returns the gluon ID for the given address, if present.
 func (user *User) GetGluonID(addrID string) (string, bool) {
-	gluonID, ok := user.vault.GetGluonIDs()[addrID]
-	if !ok {
+	if gluonID, ok := user.vault.GetGluonIDs()[addrID]; ok {
+		return gluonID, true
+	}
+
+	if user.vault.AddressMode() != vault.CombinedMode {
 		return "", false
 	}
 
-	return gluonID, true
+	// If there is only one address, return its gluon ID.
+	// This can happen if we are in combined mode and the primary address ID has changed.
+	if gluonIDs := maps.Values(user.vault.GetGluonIDs()); len(gluonIDs) == 1 {
+		if err := user.vault.SetGluonID(addrID, gluonIDs[0]); err != nil {
+			user.log.WithError(err).Error("Failed to set gluon ID for updated primary address")
+		}
+
+		return gluonIDs[0], true
+	}
+
+	return "", false
 }
 
 // SetGluonID sets the gluon ID for the given address.
@@ -419,7 +417,9 @@ func (user *User) NewIMAPConnectors() (map[string]connector.Connector, error) {
 //
 // nolint:funlen
 func (user *User) SendMail(authID string, from string, to []string, r io.Reader) error {
-	defer user.goPollAPIEvents(true)
+	if user.vault.SyncStatus().IsComplete() {
+		defer user.goPollAPIEvents(true)
+	}
 
 	if len(to) == 0 {
 		return ErrInvalidRecipient
@@ -472,15 +472,40 @@ func (user *User) OnStatusUp(context.Context) {
 func (user *User) OnStatusDown(context.Context) {
 	user.log.Info("Connection is down")
 
-	user.abortable.Abort()
+	user.syncAbort.Abort()
+	user.pollAbort.Abort()
 }
 
-// ClearSyncStatus clears the sync status of the user. This triggers a resync.
-func (user *User) ClearSyncStatus() error {
-	user.abortable.Abort()
-	defer user.goSync()
+// GetSyncStatus returns the sync status of the user.
+func (user *User) GetSyncStatus() vault.SyncStatus {
+	return user.vault.GetSyncStatus()
+}
 
-	return user.vault.ClearSyncStatus()
+// ClearSyncStatus clears the sync status of the user.
+// This also drops any updates in the update channel(s).
+// Warning: the gluon user must be removed and re-added if this happens!
+func (user *User) ClearSyncStatus() error {
+	user.log.Info("Clearing sync status")
+
+	return safe.LockRet(func() error {
+		return user.clearSyncStatus()
+	}, user.eventLock, user.apiAddrsLock, user.updateChLock)
+}
+
+// clearSyncStatus clears the sync status of the user.
+// This also drops any updates in the update channel(s).
+// Warning: the gluon user must be removed and re-added if this happens!
+// It is assumed that the eventLock, apiAddrsLock and updateChLock are already locked.
+func (user *User) clearSyncStatus() error {
+	user.log.Info("Clearing sync status")
+
+	user.initUpdateCh(user.vault.AddressMode())
+
+	if err := user.vault.ClearSyncStatus(); err != nil {
+		return fmt.Errorf("failed to clear sync status: %w", err)
+	}
+
+	return nil
 }
 
 // Logout logs the user out from the API.
@@ -558,7 +583,43 @@ func (user *User) initUpdateCh(mode vault.AddressMode) {
 	}
 }
 
+// startEvents streams events from the API, logging any errors that occur.
+// This does nothing until the sync has been marked as complete.
+// When we receive an API event, we attempt to handle it.
+// If successful, we update the event ID in the vault.
+func (user *User) startEvents(ctx context.Context) {
+	ticker := proton.NewTicker(EventPeriod, EventJitter)
+	defer ticker.Stop()
+
+	for {
+		var doneCh chan struct{}
+
+		select {
+		case <-ctx.Done():
+			return
+
+		case doneCh = <-user.pollAPIEventsCh:
+			// ...
+
+		case <-ticker.C:
+			// ...
+		}
+
+		user.log.Debug("Event poll triggered")
+
+		if err := user.doEventPoll(ctx); err != nil {
+			user.log.WithError(err).Error("Failed to poll events")
+		}
+
+		if doneCh != nil {
+			close(doneCh)
+		}
+	}
+}
+
 // doEventPoll is called whenever API events should be polled.
+//
+//nolint:funlen
 func (user *User) doEventPoll(ctx context.Context) error {
 	user.eventLock.Lock()
 	defer user.eventLock.Unlock()
@@ -586,6 +647,11 @@ func (user *User) doEventPoll(ctx context.Context) error {
 			return fmt.Errorf("failed to handle event due to network issue: %w", err)
 		}
 
+		// If the error is a url.Error, return error to retry later.
+		if urlErr := new(url.Error); errors.As(err, &urlErr) {
+			return fmt.Errorf("failed to handle event due to URL issue: %w", err)
+		}
+
 		// If the error is a server-side issue, return error to retry later.
 		if apiErr := new(proton.APIError); errors.As(err, &apiErr) && apiErr.Status >= 500 {
 			return fmt.Errorf("failed to handle event due to server error: %w", err)
@@ -627,3 +693,11 @@ func b32(b bool) uint32 {
 
 	return 0
 }
+
+// sleepCtx sleeps for the given duration, or until the context is canceled.
+func sleepCtx(ctx context.Context, d time.Duration) {
+	select {
+	case <-ctx.Done():
+	case <-time.After(d):
+	}
+}

internal/user/user_test.go

@@ -22,16 +22,12 @@ import (
 	"testing"
 	"time"
 
-	"github.com/ProtonMail/gluon/connector"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/go-proton-api/server/backend"
-	"github.com/ProtonMail/proton-bridge/v3/internal/bridge/mocks"
 	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
-	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/tests"
-	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
 )
@@ -70,101 +66,15 @@ func TestUser_Info(t *testing.T) {
 	})
 }
 
-func TestUser_Sync(t *testing.T) {
-	withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *proton.Manager) {
-		withAccount(t, s, "username", "password", []string{}, func(string, []string) {
-			withUser(t, ctx, s, m, "username", "password", func(user *User) {
-				// User starts a sync at startup.
-				require.IsType(t, events.SyncStarted{}, <-user.GetEventCh())
-
-				// User sends sync progress.
-				require.IsType(t, events.SyncProgress{}, <-user.GetEventCh())
-
-				// User finishes a sync at startup.
-				require.IsType(t, events.SyncFinished{}, <-user.GetEventCh())
-			})
-		})
-	})
-}
-
 func TestUser_AddressMode(t *testing.T) {
 	withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *proton.Manager) {
 		withAccount(t, s, "username", "password", []string{}, func(string, []string) {
 			withUser(t, ctx, s, m, "username", "password", func(user *User) {
-				// User finishes syncing at startup.
-				require.IsType(t, events.SyncStarted{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncProgress{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncFinished{}, <-user.GetEventCh())
-
 				// By default, user should be in combined mode.
 				require.Equal(t, vault.CombinedMode, user.GetAddressMode())
 
 				// User should be able to switch to split mode.
 				require.NoError(t, user.SetAddressMode(ctx, vault.SplitMode))
-
-				// Create a new set of IMAP connectors (after switching to split mode).
-				imapConn, err := user.NewIMAPConnectors()
-				require.NoError(t, err)
-
-				// Process updates from the new set of IMAP connectors.
-				for _, imapConn := range imapConn {
-					go func(imapConn connector.Connector) {
-						for update := range imapConn.GetUpdates() {
-							update.Done(nil)
-						}
-					}(imapConn)
-				}
-
-				// User finishes syncing after switching to split mode.
-				require.IsType(t, events.SyncStarted{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncProgress{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncFinished{}, <-user.GetEventCh())
-			})
-		})
-	})
-}
-
-func TestUser_Deauth(t *testing.T) {
-	withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *proton.Manager) {
-		withAccount(t, s, "username", "password", []string{}, func(string, []string) {
-			withUser(t, ctx, s, m, "username", "password", func(user *User) {
-				require.IsType(t, events.SyncStarted{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncProgress{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncFinished{}, <-user.GetEventCh())
-
-				// Revoke the user's auth token.
-				require.NoError(t, s.RevokeUser(user.ID()))
-
-				// The user should eventually be logged out.
-				require.Eventually(t, func() bool { _, ok := (<-user.GetEventCh()).(events.UserDeauth); return ok }, 500*time.Second, 100*time.Millisecond)
-			})
-		})
-	})
-}
-
-func TestUser_Refresh(t *testing.T) {
-	ctl := gomock.NewController(t)
-	mockReporter := mocks.NewMockReporter(ctl)
-
-	withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *proton.Manager) {
-		withAccount(t, s, "username", "password", []string{}, func(string, []string) {
-			withUser(t, ctx, s, m, "username", "password", func(user *User) {
-				require.IsType(t, events.SyncStarted{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncProgress{}, <-user.GetEventCh())
-				require.IsType(t, events.SyncFinished{}, <-user.GetEventCh())
-
-				user.reporter = mockReporter
-
-				mockReporter.EXPECT().ReportMessageWithContext(
-					gomock.Eq("Warning: refresh occurred"),
-					mocks.NewRefreshContextMatcher(proton.RefreshAll),
-				).Return(nil)
-
-				// Send refresh event
-				require.NoError(t, s.RefreshUser(user.ID(), proton.RefreshAll))
-
-				// The user should eventually be re-synced.
-				require.Eventually(t, func() bool { _, ok := (<-user.GetEventCh()).(events.UserRefreshed); return ok }, 5*time.Second, 100*time.Millisecond)
 			})
 		})
 	})
@@ -220,16 +130,5 @@ func withUser(tb testing.TB, ctx context.Context, _ *server.Server, m *proton.Ma
 	require.NoError(tb, err)
 	defer user.Close()
 
-	imapConn, err := user.NewIMAPConnectors()
-	require.NoError(tb, err)
-
-	for _, imapConn := range imapConn {
-		go func(imapConn connector.Connector) {
-			for update := range imapConn.GetUpdates() {
-				update.Done(nil)
-			}
-		}(imapConn)
-	}
-
 	fn(user)
 }

internal/vault/settings.go

@@ -18,8 +18,16 @@
 package vault
 
 import (
+	"math"
+	"math/rand"
+
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	ForbiddenRollout = 0.6046602879796196
 )
 
 // GetIMAPPort sets the port that the IMAP server should listen on.
@@ -96,7 +104,17 @@ func (vault *Vault) SetUpdateChannel(channel updater.Channel) error {
 
 // GetUpdateRollout sets the update rollout.
 func (vault *Vault) GetUpdateRollout() float64 {
-	return vault.get().Settings.UpdateRollout
+	// The rollout value 0.6046602879796196 is forbidden. The RNG was not seeded when it was picked (GODT-2319).
+	rollout := vault.get().Settings.UpdateRollout
+	if math.Abs(rollout-ForbiddenRollout) >= 0.00000001 {
+		return rollout
+	}
+
+	rollout = rand.Float64() //nolint:gosec
+	if err := vault.SetUpdateRollout(rollout); err != nil {
+		logrus.WithError(err).Warning("Failed writing updateRollout value in vault")
+	}
+	return rollout
 }
 
 // SetUpdateRollout sets the update rollout.

internal/vault/settings_test.go

@@ -18,6 +18,7 @@
 package vault_test
 
 import (
+	"math"
 	"testing"
 
 	"github.com/Masterminds/semver/v3"
@@ -103,6 +104,10 @@ func TestVault_Settings_UpdateRollout(t *testing.T) {
 
 	// Check the new update rollout.
 	require.Equal(t, float64(0.5), s.GetUpdateRollout())
+
+	// Since GODT-2319 0.6046602879796196 is not allowed as a rollout value (RNG was not seeded)
+	require.NoError(t, s.SetUpdateRollout(vault.ForbiddenRollout))
+	require.GreaterOrEqual(t, math.Abs(s.GetUpdateRollout()-vault.ForbiddenRollout), 0.00000001)
 }
 
 func TestVault_Settings_ColorScheme(t *testing.T) {

internal/vault/user.go

@@ -197,6 +197,11 @@ func (user *User) RemFailedMessageID(messageID string) error {
 	})
 }
 
+// GetSyncStatus returns the user's sync status.
+func (user *User) GetSyncStatus() SyncStatus {
+	return user.vault.getUser(user.userID).SyncStatus
+}
+
 // ClearSyncStatus clears the user's sync status.
 func (user *User) ClearSyncStatus() error {
 	return user.vault.modUser(user.userID, func(data *UserData) {

pkg/message/parser.go

@@ -66,6 +66,7 @@ type Attachment struct {
 	Name        string
 	ContentID   string
 	MIMEType    string
+	MIMEParams  map[string]string
 	Disposition proton.Disposition
 	Data        []byte
 }
@@ -523,6 +524,7 @@ func parseAttachment(h message.Header, body []byte) (Attachment, error) {
 		return Attachment{}, err
 	}
 	att.MIMEType = mimeType
+	att.MIMEParams = mimeTypeParams
 
 	// Prefer attachment name from filename param in content disposition.
 	// If not available, try to get it from name param in content type.

pkg/message/parser/part.go

@@ -186,9 +186,17 @@ func (p *Part) isMultipartMixed() bool {
 func getContentHeaders(header message.Header) message.Header {
 	var res message.Header
 
-	res.Set("Content-Type", header.Get("Content-Type"))
-	res.Set("Content-Disposition", header.Get("Content-Disposition"))
-	res.Set("Content-Transfer-Encoding", header.Get("Content-Transfer-Encoding"))
+	if contentType := header.Get("Content-Type"); contentType != "" {
+		res.Set("Content-Type", contentType)
+	}
+
+	if contentDisposition := header.Get("Content-Disposition"); contentDisposition != "" {
+		res.Set("Content-Disposition", contentDisposition)
+	}
+
+	if contentTransferEncoding := header.Get("Content-Transfer-Encoding"); contentTransferEncoding != "" {
+		res.Set("Content-Transfer-Encoding", contentTransferEncoding)
+	}
 
 	return res
 }

tests/features/imap/message/move.feature

@@ -64,6 +64,29 @@ Feature: IMAP move messages
        | john.doe@mail.com | [user:user]@[domain] | baz     | false  |
      And IMAP client "1" sees 0 messages in "Labels/label2"
 
+  Scenario: Move message from system label to system label
+    When IMAP client "1" moves the message with subject "foo" from "INBOX" to "Trash"
+    And it succeeds
+    And IMAP client "1" sees the following messages in "INBOX":
+      | from              | to                   | subject | unread |
+      | jane.doe@mail.com | name@[domain]        | bar     | true   |
+    And IMAP client "1" sees the following messages in "Trash":
+      | from              | to                   | subject | unread |
+      | john.doe@mail.com | [user:user]@[domain] | foo     | false  |
+
+  Scenario: Move message from folder to system label
+    When IMAP client "1" moves the message with subject "baz" from "Labels/label2" to "Folders/mbox"
+    And it succeeds
+    And IMAP client "1" sees the following messages in "Folders/mbox":
+      | from              | to                   | subject | unread |
+      | john.doe@mail.com | [user:user]@[domain] | baz     | false  |
+    When IMAP client "1" moves the message with subject "baz" from "Folders/mbox" to "Trash"
+    And it succeeds
+    And IMAP client "1" sees 0 messages in "Folders/mbox"
+    And IMAP client "1" sees the following messages in "Trash":
+      | from              | to                   | subject | unread |
+      | john.doe@mail.com | [user:user]@[domain] | baz     | false  |
+
    Scenario: Move message from All Mail is not possible
      When IMAP client "1" moves the message with subject "baz" from "All Mail" to "Folders/folder"
      Then it fails