From af98bc22735cbfd5600f2691ac3857189147ff5b Mon Sep 17 00:00:00 2001
From: Atanas Janeshliev <atanas.janeshliev@proton.ch>
Date: Tue, 1 Apr 2025 15:43:40 +0200
Subject: [PATCH] fix(BRIDGE-301): don't use external, non-BYOE addresses for
 imports

---
 internal/services/imapservice/connector.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/internal/services/imapservice/connector.go b/internal/services/imapservice/connector.go
index d5dc350d..ca55ef81 100644
--- a/internal/services/imapservice/connector.go
+++ b/internal/services/imapservice/connector.go
@@ -878,6 +878,15 @@ func (s *Connector) getImportAddress(p *parser.Parser, isDraft bool) (proton.Add
 		return proton.Address{}, errors.New("could not find account address")
 	}
 
+	// If the address is external and not BYOE - with sending enabled, then use the primary address as an import target.
+	if address.Type == proton.AddressTypeExternal && !address.Send {
+		var err error
+		address, err = s.identityState.GetPrimaryAddress()
+		if err != nil {
+			return proton.Address{}, errors.New("could not get primary account address")
+		}
+	}
+
 	inCombinedMode := s.addressMode == usertypes.AddressModeCombined
 	if !inCombinedMode {
 		return address, nil
@@ -903,7 +912,10 @@ func (s *Connector) getImportAddress(p *parser.Parser, isDraft bool) (proton.Add
 	// - import with non-default disabled address in combined mode: using sender address
 
 	isSenderAddressDisabled := (!bool(senderAddr.Send)) || (senderAddr.Status != proton.AddressStatusEnabled)
-	if isDraft && isSenderAddressDisabled {
+	// BRIDGE-301: forbid imports via sender address if it's external.
+	isSenderExternal := senderAddr.Type == proton.AddressTypeExternal
+
+	if (isDraft && isSenderAddressDisabled) || isSenderExternal {
 		return address, nil
 	}