Commit e9475b7f authored by georg's avatar georg

Handle various exceptions due to decryption problems gracefully

Handle incoming mails encrypted to an absent key, using symmetric
encryption or containing PGP-garbage in a more graceful manner: Don't
throw an exception, don't notify (and annoy) the admins, instead inform
the sender of the mail how to do better.

Closes #337
parent de3fecb4
Pipeline #32803 passed with stages
in 10 minutes and 7 seconds
......@@ -16,6 +16,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
* Do not recognize sudo messages as automated message (#248)
* Fixed using x-attach-listkey with emails from Thunderbird that include protected headers.
* Ensure ASCII-8BIT as external encoding, this should ensure that plain text emails in different charsets can be parsed (#409)
* Handle incoming mails encrypted to an absent key, using symmetric encryption or containing PGP-garbage in a more graceful manner: Don't throw an exception, don't notify (and annoy) the admins, instead inform the sender of the mail how to do better. (#337)
## [3.4.1] / 2019-09-16
......
......@@ -13,7 +13,12 @@ module Schleuder
begin
# This decrypts, verifies, etc.
@mail = @mail.setup
rescue GPGME::Error::DecryptFailed
rescue GPGME::Error::BadPassphrase,
GPGME::Error::DecryptFailed,
GPGME::Error::NoData,
GPGME::Error::NoSecretKey
logger.warn "Decryption of incoming message failed."
return Errors::DecryptionFailed.new(list)
end
......
Date: Sat, 4 Jan 2020 23:42:49 +0000
From: <schleuder@example.org>
To: schleuder@example.org
Subject: Test
Message-ID: <20200104234249.GB9231@example.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Version: 1
--eAbsdosE1cNLO4uF
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
hF4DTO8GH8gtgSMSAQdAjiYMTVwKw70Z3H8NwyZeHpPopnE1BB2L8Cs0MF95AXYw
=xJbn
-----END PGP MESSAGE-----
--eAbsdosE1cNLO4uF--
Date: Sat, 4 Jan 2020 23:42:49 +0000
From: <schleuder@example.org>
To: schleuder@example.org
Subject: Test
Message-ID: <20200104234249.GB9231@example.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Version: 1
--eAbsdosE1cNLO4uF
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
hQGMA+8L5wLeonReAQv/ch+gZBhnP0ikFnkmEXB50e3oWlP7/Gc0hRetb6s5I8u4
dJOt9FUpaWiKg/OryBafJ889VtE7ujO2d8T+D0xwqiE9JRNzP3DiWiXgNpKw5pmN
L6R4+skZ9UK009AzxWSivgg6fJIpk8i022n9c5DPK4sMOE2jUYV7C2BMzXcSq8jf
vr5Wet3lf2yzfU+Pb62s8N1y/qg0PZrJb/0ddnaY4DDMPb4db3H2fuOEzuHnyxOK
WiphCGWSKqKUUWt/x/01GABWBDCy/5HB5ow1o43u8KDriTVB765dd0aS2QGqhLD8
yvhEnzjb1DRz5Bml7NOXKeueFL80S0vge1AKT1YOf1bW1YfTEpn0jiLr8zasd41c
c7cM6SGX6PFV6xGTqMgHLBZaN7Xj4ijgqZfPslYJp4iqjyQ18y1S3zMBDLc3s+9T
iihTi2Ve2D2nI7Xb1Cl/UAgRDin7pQT39UBsHtrKHbpf0NTKYQKzHk+0K+VZn1Bq
a89bFZrfiT+iMXovAzx20loBzk6GUrmSRSgngW7ai0se4nEQ7Vj8xJV/awmBq8Oz
O8UtXiQlIoqOXH07aLxZm819BRNy66XiRUsW0bxN/pzSbOlhivIXYm5ypy5UWEsl
hGHDxswJibLDdpc=
=pSCD
-----END PGP MESSAGE-----
--eAbsdosE1cNLO4uF--
Date: Sat, 4 Jan 2020 23:42:49 +0000
From: <schleuder@example.org>
To: schleuder@example.org
Subject: Test
Message-ID: <20200104234249.GB9231@example.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Version: 1
--eAbsdosE1cNLO4uF
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
jA0ECQMCk858png0tIj/0lQBvHbaDcW9nElJfL0tgFhEnZv3847kDXaRpYAaQhAY
TmHzD51Z7uUbalJSxgmLnBVFRFop2sKSmba1sqtlhszYFjTRerlWAJsb5vNZ1KIB
1kyOuBU=
=42m3
-----END PGP MESSAGE-----
--eAbsdosE1cNLO4uF--
......@@ -218,6 +218,54 @@ describe Schleuder::Runner do
end
end
context 'mails not encrypted to the list key' do
it 'handles a mail which was encrypted to an absent key and returns DecryptionFailed error' do
list = create(
:list,
send_encrypted_only: false
)
list.subscribe("schleuder@example.org", nil, true)
mail = File.read('spec/fixtures/mails/encrypted-to-absent-key.txt')
result = Schleuder::Runner.new().run(mail, list.email)
expect(result.class).to eql(Schleuder::Errors::DecryptionFailed)
teardown_list_and_mailer(list)
end
it 'handles a mail which was encrypted to a passphrase and returns DecryptionFailed error' do
list = create(
:list,
send_encrypted_only: false
)
list.subscribe("schleuder@example.org", nil, true)
mail = File.read('spec/fixtures/mails/encrypted-to-passphrase.txt')
result = Schleuder::Runner.new().run(mail, list.email)
expect(result.class).to eql(Schleuder::Errors::DecryptionFailed)
teardown_list_and_mailer(list)
end
it 'handles a mail containing PGP-garbage and returns DecryptionFailed error' do
list = create(
:list,
send_encrypted_only: false
)
list.subscribe("schleuder@example.org", nil, true)
mail = File.read('spec/fixtures/mails/containing-pgp-garbage.txt')
result = Schleuder::Runner.new().run(mail, list.email)
expect(result.class).to eql(Schleuder::Errors::DecryptionFailed)
teardown_list_and_mailer(list)
end
end
it "delivers a signed error message if a subscription's key is expired on a encrypted-only list" do
list = create(:list, send_encrypted_only: true)
list.subscribe("admin@example.org", nil, true, false)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment