Verified Commit d103f0bb authored by paz's avatar paz
Browse files

X-UNSUBSCRIBE may not unsubscribe the last list-admin.

parent 89d60b0b
......@@ -9,6 +9,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
* Handle missing arguments for several keywords and reply with a helpful error-message.
* Send replies to keyword-usage and notices to admins regardless of the delivery-flag of their subscription. (#354)
* X-UNSUBSCRIBE will refuse to unsubscribe the last admin of a list. (#357)
### Changed
......
......@@ -43,6 +43,13 @@ module Schleuder
# If no address was given we unsubscribe the sender.
email = arguments.first.presence || mail.signer.email
# Refuse to unsubscribe the last admin.
if list.admins.size == 1 && list.admins.first.email == email
return I18n.t(
"plugins.subscription_management.cannot_unsubscribe_last_admin", email: email
)
end
# TODO: May signers have multiple UIDs? We don't match those currently.
if ! list.from_admin?(mail) && email != mail.signer.email
# Only admins may unsubscribe others.
......
......@@ -132,6 +132,8 @@ de:
unsubscribing_failed: |
Abo für %{email} nicht gelöscht:
%{errors}
cannot_unsubscribe_last_admin: |
%{email} ist das einzige admin-Abo für diese Liste, daher kann es nicht gelöscht werden.
subscribed: |
Abo für %{email} mit diesen Werten eingetragen:
......
......@@ -136,6 +136,8 @@ en:
unsubscribing_failed: |
Unsubscribing %{email} failed:
%{errors}
cannot_unsubscribe_last_admin: |
%{email} is the only admin for this list, thus it can not be unsubscribed.
subscribed: |
%{email} has been subscribed with these attributes:
......
......@@ -443,6 +443,41 @@ describe "user sends keyword" do
teardown_list_and_mailer(list)
end
it "x-unsubscribe doesn't unsubscribe last admin" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
list.subscribe("test@example.org")
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-UNSUBSCRIBE: schleuder@example.org"
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
expect(message.to).to eql(['schleuder@example.org'])
expect(message.first_plaintext_part.body.to_s).to eql(I18n.t('plugins.subscription_management.cannot_unsubscribe_last_admin', email: 'schleuder@example.org'))
expect(list.subscriptions.size).to be(2)
teardown_list_and_mailer(list)
end
it "x-set-fingerprint with own email-address and valid fingerprint" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment