Commit 02ae7684 authored by georg's avatar georg

Merge branch 'request-mail-protected-headers-empty-subject' into 'master'

Recognize keywords in request mails with protected headers and empty subject

Closes #431

See merge request !297
parents afdca4c8 395a789a
......@@ -9,6 +9,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
* Do not crash on protected header emails generated by mutt (#430)
* Show an error message if `refresh_keys` is called with an email address for which no list exists.
* Fix recognizing keywords with "protected headers" and empty subject. Previously, if the subject was unset, keywords were not recognized and the original "protected headers" could leak. (#431)
### Changed
......
......@@ -53,13 +53,12 @@ module Mail
# headers, which reveals protected subjects.
if self.subject != new.subject
new.protected_headers_subject = self.subject.dup
# Delete the protected headers which might leak information.
if new.parts.first && new.parts.first.content_type == "text/rfc822-headers; protected-headers=v1"
new.parts.shift
end
end
# Delete the protected headers which might leak information.
if new.parts.first && new.parts.first.content_type == "text/rfc822-headers; protected-headers=v1"
new.parts.shift
end
new
end
......
......@@ -107,4 +107,43 @@ describe "protected subject" do
teardown_list_and_mailer(list)
end
it "recognizes keywords in mails with protected headers and empty subject" do
list = create(:list)
list.subscribe("schleuder@example.org", '59C71FB38AEE22E091C78259D06350440F759BD3', true)
ENV['GNUPGHOME'] = list.listdir
mail = Mail.new
mail.to = list.request_address
mail.from = list.admins.first.email
gpg_opts = {
encrypt: true,
keys: {list.request_address => list.fingerprint},
sign: true,
sign_as: list.admins.first.fingerprint
}
mail.gpg(gpg_opts)
mail.body = "x-list-name: #{list.email}\nx-list-keys"
protected_headers = Mail::Part.new do
body "Subject: protected"
content_type "text/rfc822-headers; protected-headers=v1"
end
mail.add_part protected_headers
mail.deliver
encrypted_mail = Mail::TestMailer.deliveries.first
Mail::TestMailer.deliveries.clear
begin
Schleuder::Runner.new().run(encrypted_mail.to_s, list.request_address)
rescue SystemExit
end
raw = Mail::TestMailer.deliveries.first
message = Mail.create_message_to_list(raw.to_s, list.request_address, list).setup
expect(message.first_plaintext_part.body.to_s).to include("59C71FB38AEE22E091C78259D06350440F759BD3")
expect(message.first_plaintext_part.body.to_s).to_not include("Your message didn't contain any keywords, thus there was nothing to do.")
teardown_list_and_mailer(list)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment