smtp dot-stuffed + null variations

Author: pierre-b

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file.
 
+## [26.11] - 2026-01-24
+
+- **Broadcasts**: Fixed crash on Broadcasts page when `variations` is null instead of empty array (#233)
+- **SMTP Email**: Fixed URL corruption in emails where dots were stripped after quoted-printable line breaks by adding proper SMTP dot-stuffing
+
 ## [26.10] - 2026-01-23
 
 - **Automations**: Email node template selector now shows all template categories instead of only marketing templates

config/config.go

@@ -14,7 +14,7 @@ import (
 	"github.com/spf13/viper"
 )
 
-const VERSION = "26.10"
+const VERSION = "26.11"
 
 type Config struct {
 	Server              ServerConfig

console/src/pages/BroadcastsPage.tsx

@@ -649,7 +649,7 @@ const BroadcastCard: React.FC<BroadcastCardProps> = ({
             <div className="mb-6">
               <Table
                 showHeader={false}
-                dataSource={broadcast.test_settings.variations.map((variation, index) => {
+                dataSource={(broadcast.test_settings.variations || []).map((variation, index) => {
                   const emailProvider = currentWorkspace?.integrations?.find(
                     (i: Integration) =>
                       i.id ===

internal/domain/broadcast.go

@@ -54,6 +54,16 @@ func (b BroadcastTestSettings) Value() (driver.Value, error) {
 	return json.Marshal(b)
 }
 
+// MarshalJSON implements custom JSON marshaling to ensure Variations is never null
+func (b BroadcastTestSettings) MarshalJSON() ([]byte, error) {
+	type Alias BroadcastTestSettings
+	// Ensure Variations is an empty array, not null
+	if b.Variations == nil {
+		b.Variations = []BroadcastVariation{}
+	}
+	return json.Marshal((*Alias)(&b))
+}
+
 // Scan implements the sql.Scanner interface for database deserialization
 func (b *BroadcastTestSettings) Scan(value interface{}) error {
 	if value == nil {
@@ -66,7 +76,16 @@ func (b *BroadcastTestSettings) Scan(value interface{}) error {
 	}
 
 	cloned := bytes.Clone(v)
-	return json.Unmarshal(cloned, b)
+	if err := json.Unmarshal(cloned, b); err != nil {
+		return err
+	}
+
+	// Ensure Variations is never nil to prevent frontend crashes
+	if b.Variations == nil {
+		b.Variations = []BroadcastVariation{}
+	}
+
+	return nil
 }
 
 // BroadcastVariation represents a single variation in an A/B test

internal/domain/broadcast_test.go

@@ -1107,6 +1107,24 @@ func TestBroadcastTestSettings_ValueScan(t *testing.T) {
 	err = invalidTarget.Scan("not-a-byte-array")
 	require.Error(t, err)
 	assert.Contains(t, err.Error(), "type assertion to []byte failed")
+
+	// Test that null variations becomes empty array after scan
+	nullVariationsJSON := []byte(`{"enabled":true,"sample_percentage":10,"auto_send_winner":false,"variations":null}`)
+	var nullVariationsTarget domain.BroadcastTestSettings
+	err = nullVariationsTarget.Scan(nullVariationsJSON)
+	require.NoError(t, err)
+	assert.NotNil(t, nullVariationsTarget.Variations, "Variations should not be nil after scanning null")
+	assert.Equal(t, 0, len(nullVariationsTarget.Variations), "Variations should be empty array")
+
+	// Test that MarshalJSON produces empty array instead of null
+	emptySettings := domain.BroadcastTestSettings{
+		Enabled:          true,
+		SamplePercentage: 10,
+		Variations:       nil, // nil variations
+	}
+	marshaled, err := emptySettings.MarshalJSON()
+	require.NoError(t, err)
+	assert.Contains(t, string(marshaled), `"variations":[]`, "Variations should be serialized as empty array, not null")
 }
 
 // TestBroadcastVariation_ValueScan tests the Value and Scan methods for BroadcastVariation

internal/service/smtp_service.go

@@ -8,6 +8,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"net"
+	"net/textproto"
 	"os"
 	"strings"
 	"time"
@@ -297,15 +298,21 @@ func sendRawEmailWithSettings(settings *domain.SMTPSettings, from string, to []s
 		return fmt.Errorf("DATA rejected with code: %d", code)
 	}
 
-	// Send message body
-	// Ensure proper line endings and dot-stuffing
-	if _, err := smtpConn.conn.Write(msg); err != nil {
+	// Send message body using textproto.DotWriter for automatic dot-stuffing
+	// Per RFC 5321 Section 4.5.2, lines starting with a period must be escaped
+	// by doubling the period. This prevents the SMTP server from stripping
+	// leading periods or misinterpreting them as end-of-message markers.
+	// The DotWriter handles this automatically and also sends the terminating
+	// CRLF.CRLF sequence when Close() is called.
+	// See: https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.2
+	tw := textproto.NewWriter(bufio.NewWriter(smtpConn.conn))
+	dw := tw.DotWriter()
+	if _, err := dw.Write(msg); err != nil {
+		dw.Close()
 		return fmt.Errorf("failed to write message: %w", err)
 	}
-
-	// End message with CRLF.CRLF
-	if _, err := fmt.Fprintf(smtpConn.conn, "\r\n.\r\n"); err != nil {
-		return fmt.Errorf("failed to write message terminator: %w", err)
+	if err := dw.Close(); err != nil {
+		return fmt.Errorf("failed to close message: %w", err)
 	}
 
 	// Read response after DATA

internal/service/smtp_service_test.go

@@ -1662,3 +1662,46 @@ func TestNewSMTPServiceWithOAuth2(t *testing.T) {
 	assert.Equal(t, log, service.logger)
 	assert.Equal(t, mockProvider, service.oauth2Provider)
 }
+
+// TestDotStuffingIntegration tests that emails with URLs crossing line boundaries
+// are properly handled by the SMTP sending logic using textproto.DotWriter.
+// This verifies the fix for the URL corruption bug where dots after soft line
+// breaks in quoted-printable encoded content were being stripped by SMTP servers.
+func TestDotStuffingIntegration(t *testing.T) {
+	// Create a mock server that captures the raw message data
+	// The server starts serving automatically in newMockSMTPServer
+	server := newMockSMTPServer(t, true)
+	defer server.Close()
+
+	// Wait for server to start
+	time.Sleep(50 * time.Millisecond)
+
+	host, portStr, _ := net.SplitHostPort(server.Addr())
+	port := 0
+	fmt.Sscanf(portStr, "%d", &port)
+
+	// Create a message with content that would trigger the bug:
+	// After quoted-printable encoding, a soft line break before ".com" results in
+	// a line starting with ".com". Without proper dot-stuffing, SMTP servers
+	// strip the leading dot, corrupting URLs.
+	//
+	// The test message simulates this by having a line that starts with a period.
+	testMessage := []byte("Content-Type: text/html\r\n\r\n" +
+		"Line one\r\n" +
+		".com/path/to/image.png\r\n" + // This line starts with a dot
+		"Line three\r\n")
+
+	err := sendRawEmail(host, port, "user", "pass", false, "[email protected]", []string{"[email protected]"}, testMessage)
+	require.NoError(t, err)
+
+	// Verify the message was received
+	require.Len(t, server.messages, 1)
+	receivedData := string(server.messages[0].data)
+
+	// The SMTP server should have received the message with the dot doubled (dot-stuffed).
+	// textproto.DotWriter automatically handles this per RFC 5321.
+	// When the server receives "..com", it strips one dot to get ".com" back.
+	// Our mock server stores the raw data as received (with dot-stuffing applied).
+	assert.Contains(t, receivedData, "..com/path/to/image.png",
+		"Expected dot-stuffed content (double dot) but got: %s", receivedData)
+}