Commit 21bcd376 authored by paz's avatar paz
Browse files

Merge branch '357-no-unsubscribe-last-admin' into 'master'

Resolve "last/only remaining admin can self-unsubscribe via x-unsubscribe, leaving the list without any admin"

Closes #357

See merge request schleuder/schleuder!201
parents 89d60b0b d103f0bb
......@@ -9,6 +9,7 @@ This project adheres to [Semantic Versioning](
* Handle missing arguments for several keywords and reply with a helpful error-message.
* Send replies to keyword-usage and notices to admins regardless of the delivery-flag of their subscription. (#354)
* X-UNSUBSCRIBE will refuse to unsubscribe the last admin of a list. (#357)
### Changed
......@@ -43,6 +43,13 @@ module Schleuder
# If no address was given we unsubscribe the sender.
email = arguments.first.presence ||
# Refuse to unsubscribe the last admin.
if list.admins.size == 1 && == email
return I18n.t(
"plugins.subscription_management.cannot_unsubscribe_last_admin", email: email
# TODO: May signers have multiple UIDs? We don't match those currently.
if ! list.from_admin?(mail) && email !=
# Only admins may unsubscribe others.
......@@ -132,6 +132,8 @@ de:
unsubscribing_failed: |
Abo für %{email} nicht gelöscht:
cannot_unsubscribe_last_admin: |
%{email} ist das einzige admin-Abo für diese Liste, daher kann es nicht gelöscht werden.
subscribed: |
Abo für %{email} mit diesen Werten eingetragen:
......@@ -136,6 +136,8 @@ en:
unsubscribing_failed: |
Unsubscribing %{email} failed:
cannot_unsubscribe_last_admin: |
%{email} is the only admin for this list, thus it can not be unsubscribed.
subscribed: |
%{email} has been subscribed with these attributes:
......@@ -443,6 +443,41 @@ describe "user sends keyword" do
it "x-unsubscribe doesn't unsubscribe last admin" do
list = create(:list)
list.subscribe("", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
ENV['GNUPGHOME'] = list.listdir
mail = = list.request_address
mail.from =
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
mail.body = "x-list-name: #{}\nX-UNSUBSCRIBE:"
encrypted_mail = Mail::TestMailer.deliveries.first
begin, list.request_address)
rescue SystemExit
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
expect( eql([''])
expect(message.first_plaintext_part.body.to_s).to eql(I18n.t('plugins.subscription_management.cannot_unsubscribe_last_admin', email: ''))
expect(list.subscriptions.size).to be(2)
it "x-set-fingerprint with own email-address and valid fingerprint" do
list = create(:list)
list.subscribe("", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment