Commit 21ca3b3a authored by ng's avatar ng

Introduce `UNSET-FINGERPRINT` keyword - Implements second part of #260

Using the new introduced keyword an admin can now remove the linked
fingerprint from a subscription. A subscription can only remove
the fingerprint of themselves.

To unset their own fingerprint admins must additionally pass the
argument `force`.
parent c52b970d
Pipeline #18007 passed with stages
in 26 minutes and 52 seconds
......@@ -14,6 +14,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
* X-SET-FINGERPRINT will not anymore allow setting an empty fingerprint. (#360)
### Added
* To remove a fingerprint from a subscription one can use the new keyword X-UNSET-FINGERPRINT (#360).
### Changed
* The output of the keywords 'X-ADD-KEY' and 'X-DELETE-KEY' now also show the "oneline"-format to represent keys (which includes fingerprint, primary email-address, date of generation and possible expiry). (#295)
......
......@@ -161,6 +161,47 @@ module Schleuder
)
end
end
def self.unset_fingerprint(arguments, list, mail)
if arguments.blank?
return I18n.t(
"plugins.subscription_management.unset_fingerprint_requires_arguments"
)
end
email = arguments.first
unless email == mail.signer.email || list.from_admin?(mail)
return I18n.t(
"plugins.subscription_management.unset_fingerprint_only_self"
)
end
if email == mail.signer.email && list.from_admin?(mail) && arguments.last != 'force'
return I18n.t(
"plugins.subscription_management.unset_fingerprint_requires_arguments"
)
end
sub = list.subscriptions.where(email: email).first
if sub.blank?
return I18n.t(
"plugins.subscription_management.is_not_subscribed", email: email
)
end
sub.fingerprint = ''
if sub.save
I18n.t(
"plugins.subscription_management.fingerprint_unset",
email: email
)
else
I18n.t(
"plugins.subscription_management.unsetting_fingerprint_failed",
email: email,
errors: sub.errors.to_a.join("\n")
)
end
end
end
end
......@@ -162,6 +162,8 @@ de:
X-SET-FINGERPRINT: subscription2@hostname 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
Wobei der Fingerprint in der gesamten Länge (40 Zeichen) angegeben werden muss. Optional mit 0x als Präfix.
Um einen Fingerprint zu entfernen kannst du das Schlüsselwort 'UNSET-FINGERPRINT' verwenden.
set_fingerprint_requires_arguments: |
Du hast zu dem Schlüsselwort 'SET-FINGERPRINT' keinen Wert angegeben.
......@@ -170,6 +172,21 @@ de:
oder (als admin):
X-SET-FINGERPRINT: subscription2@hostname 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
Um einen Fingerprint zu entfernen kannst du das Schlüsselwort 'UNSET-FINGERPRINT' verwenden.
unset_fingerprint_only_self: Nur admins dürfen den Fingerabdruck für andere Abos festlegen.
fingerprint_unset: Fingerabdruck für %{email} wurde entfernt.
unsetting_fingerprint_failed: |
Fingerabdruck für %{email} konnte nicht entfernt werden:
%{errors}.
unset_fingerprint_requires_arguments: |
Du hast zu dem Schlüsselwort 'UNSET-FINGERPRINT' keinen Wert angegeben.
Benötigt werden ein Wert, bspw.:
X-UNSET-FINGERPRINT: subscription2@hostname
Als admin musst du um deinen eigenen Fingerabdruck zu entfernen, noch zusätzlich das Argument force mitgeben. bspw.:
X-UNSET-FINGERPRINT: adminsubscription2@hostname force
subscribe_requires_arguments: |
Fehler: Du hast zu dem Schlüsselwort 'SUBSCRIBE' keinen Wert angegeben.
......
......@@ -166,6 +166,8 @@ en:
X-SET-FINGERPRINT: subscription2@hostname 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
While the fingerprint must be passed in the full length (40 characters). Optionally prefixed with 0x.
To remove a fingerprint you can use the keyword 'UNSET-FINGERPRINT'
set_fingerprint_requires_arguments: |
Error: You did not send any arguments for the keyword 'SET-FINGERPRINT'.
......@@ -174,6 +176,21 @@ en:
or (as an admin):
X-SET-FINGERPRINT: subscription2@hostname 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
To remove a fingerprint you can use the keyword 'UNSET-FINGERPRINT'
unset_fingerprint_only_self: Only admins may remove fingerprints of subscriptions other than their own.
unset_fingerprint_requires_arguments: |
Error: You did not send any arguments for the keyword 'UNSET-FINGERPRINT'
One value is required, e.g.:
X-UNSET-FINGERPRINT: subscription2@hostname
As an admin to unset your own fingerprint you must additionally pass the argument force. E.g.:
X-UNSET-FINGERPRINT: adminsubscription2@hostname force
fingerprint_unset: Fingerprint for %{email} removed.
unsetting_fingerprint_failed: |
Removing fingerprint for %{email} failed:
%{errors}.
subscribe_requires_arguments: |
Error: You did not send any arguments for the keyword 'SUBSCRIBE'.
......
......@@ -861,6 +861,224 @@ describe "user sends keyword" do
teardown_list_and_mailer(list)
end
it "x-unset-fingerprint without argument" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-unset-fingerprint: "
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
expect(message.to).to eql(['schleuder@example.org'])
expect(message.first_plaintext_part.body.to_s).to eql(I18n.t("plugins.subscription_management.unset_fingerprint_requires_arguments"))
teardown_list_and_mailer(list)
end
it "x-unset-fingerprint with other email-address as admin" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
list.subscribe('test@example.org','C4D60F8833789C7CAA44496FD3FFA6613AB10ECE')
list.import_key(File.read('spec/fixtures/example_key.txt'))
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-unset-fingerprint: test@example.org"
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
subscription = list.subscriptions.where(email: 'test@example.org').first
expect(message.to).to eql(['schleuder@example.org'])
expect(message.to_s).to include("Fingerprint for test@example.org removed.")
expect(subscription).to be_present
expect(subscription.fingerprint.blank?).to be_truthy
teardown_list_and_mailer(list)
end
it "x-unset-fingerprint with own email-address as admin but without force" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
list.import_key(File.read('spec/fixtures/example_key.txt'))
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-unset-fingerprint: schleuder@example.org"
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
subscription = list.subscriptions.where(email: 'schleuder@example.org').first
expect(message.to).to eql(['schleuder@example.org'])
expect(message.first_plaintext_part.body.to_s).to eql(I18n.t("plugins.subscription_management.unset_fingerprint_requires_arguments"))
expect(subscription).to be_present
expect(subscription.fingerprint).to eql('59C71FB38AEE22E091C78259D06350440F759BD3')
teardown_list_and_mailer(list)
end
it "x-unset-fingerprint with own email-address as admin and force" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
list.import_key(File.read('spec/fixtures/example_key.txt'))
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-unset-fingerprint: schleuder@example.org force"
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
subscription = list.subscriptions.where(email: 'schleuder@example.org').first
expect(message.to).to eql(['schleuder@example.org'])
expect(message.to_s).to include("Fingerprint for schleuder@example.org removed.")
expect(subscription).to be_present
expect(subscription.fingerprint.blank?).to be_truthy
teardown_list_and_mailer(list)
end
it "x-unset-fingerprint with not-subscribed email-address" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-unset-fingerprint: bla@example.org"
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
expect(message.to).to eql(['schleuder@example.org'])
expect(message.to_s).to include("bla@example.org is not subscribed")
teardown_list_and_mailer(list)
end
it "x-unset-fingerprint with other email-address as non-admin" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3')
list.subscribe("test@example.org", 'C4D60F8833789C7CAA44496FD3FFA6613AB10ECE', true)
list.import_key(File.read('spec/fixtures/example_key.txt'))
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = 'schleuder@example.org'
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: '59C71FB38AEE22E091C78259D06350440F759BD3'
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nX-unset-fingerprint: test@example.org"
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
subscription = list.subscriptions.where(email: 'test@example.org').first
expect(message.to).to eql(['schleuder@example.org'])
expect(message.to_s).to include("Only admins may remove fingerprints of subscriptions other than their own")
expect(subscription).to be_present
expect(subscription.fingerprint).to eql('C4D60F8833789C7CAA44496FD3FFA6613AB10ECE')
teardown_list_and_mailer(list)
end
it "x-list-subscriptions without arguments" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment