schleuder 3.2.2 → 3.3.0

data/lib/schleuder/gpgme/ctx.rb

@@ -19,7 +19,7 @@ module GPGME
       case import_result.imports.size
       when 1
         import_status = import_result.imports.first
-        if import_status.action == 'not imported'
+        if import_status.action == 'error'
           [nil, "Key #{import_status.fpr} could not be imported!"]
         else
           [import_status.fpr, nil]

data/lib/schleuder/gpgme/import_status.rb

@@ -2,17 +2,23 @@ module GPGME
   class ImportStatus
     attr_reader :action
 
-    # Unfortunately in initialize() @status and @result are not yet intialized.
+    # Unfortunately in initialize() @status and @result are not yet initialized.
     def set_action
-      @action ||= if self.status > 0
-                    'imported'
-                  elsif self.result == 0
-                    'unchanged'
-                  else
+      @action ||= if self.result > 0
                     # An error happened.
                     # TODO: Give details by going through the list of errors in
                     # "gpg-errors.h" and find out which is present here.
-                    'not imported'
+                    'error'
+                  else
+                    # TODO: refactor with Ctx#translate_import_data
+                    case self.status
+                    when 0
+                      'unchanged'
+                    when IMPORT_NEW
+                      'imported'
+                    else
+                      'updated'
+                    end
                   end
       self
     end

data/lib/schleuder/gpgme/key.rb

@@ -208,5 +208,9 @@ module GPGME
       pinentry = File.join(ENV['SCHLEUDER_ROOT'], 'bin', 'pinentry-clearpassphrase')
       GPGME::Ctx.spawn_daemon('gpg-agent', "--use-standard-socket --pinentry-program #{pinentry}")
     end
+
+    def self.valid_fingerprint?(fp)
+      fp =~ Schleuder::Conf::FINGERPRINT_REGEXP
+    end
   end
 end

data/lib/schleuder/list.rb

@@ -124,7 +124,7 @@ module Schleuder
 
     def import_key_and_find_fingerprint(key_material)
       return nil if key_material.blank?
-      
+
       import_result = import_key(key_material)
       gpg.interpret_import_result(import_result)
     end
@@ -251,9 +251,8 @@ module Schleuder
     end
 
     def fingerprint=(arg)
-      # Strip whitespace from incoming arg.
       if arg
-        write_attribute(:fingerprint, arg.gsub(/\s*/, '').chomp)
+        write_attribute(:fingerprint, arg.gsub(/\s*/, '').gsub(/^0x/, '').chomp.upcase)
       end
     end
 
@@ -346,7 +345,11 @@ module Schleuder
       mail.add_internal_footer!
       self.subscriptions.each do |subscription|
         begin
-          subscription.send_mail(mail)
+          if subscription.delivery_enabled
+            subscription.send_mail(mail)
+          else
+            logger.info "Not sending to #{subscription.email}: delivery is disabled."
+          end
         rescue => exc
           msg = I18n.t('errors.delivery_error',
                        { email: subscription.email, error: exc.to_s })

data/lib/schleuder/mail/encrypted_part.rb

@@ -0,0 +1,14 @@
+module Mail                                                                                                                                            
+  module Gpg                                                                                                                                           
+    class EncryptedPart < Mail::Part                                                                                                                   
+      alias_method :initialize_mailgpg, :initialize
+
+      def initialize(cleartext_mail, options = {})
+        if cleartext_mail.protected_headers_subject
+          cleartext_mail.content_type_parameters['protected-headers'] = 'v1'                                                                       
+        end
+        initialize_mailgpg(cleartext_mail, options)
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg.rb

@@ -0,0 +1,15 @@
+module Mail
+  module Gpg
+    class << self  
+      alias_method :encrypt_mailgpg, :encrypt
+
+      def encrypt(cleartext_mail, options={})
+        encrypted_mail = encrypt_mailgpg(cleartext_mail, options)
+        if cleartext_mail.protected_headers_subject
+          encrypted_mail.subject = cleartext_mail.protected_headers_subject
+        end
+        encrypted_mail
+      end
+    end  
+  end
+end

data/lib/schleuder/mail/message.rb

@@ -16,6 +16,7 @@ module Mail
     attr_accessor :recipient
     attr_accessor :original_message
     attr_accessor :list
+    attr_accessor :protected_headers_subject
 
     # TODO: This should be in initialize(), but I couldn't understand the
     # strange errors about wrong number of arguments when overriding
@@ -23,12 +24,9 @@ module Mail
     def setup
       if self.encrypted?
         new = self.decrypt(verify: true)
-        ## Work around a bug in mail-gpg: when decrypting pgp/mime the
-        ## Date-header is not copied.
-        #new.date ||= self.date
         # Test if there's a signed multipart inside the ciphertext
         # ("encapsulated" format of pgp/mime).
-        if new.signed?
+        if encapsulated_signed?(new)
           new = new.verify
         end
       elsif self.signed?
@@ -49,6 +47,20 @@ module Mail
       self.dynamic_pseudoheaders.each do |str|
         new.add_pseudoheader(str)
       end
+
+      # Store previously protected subject for later access.
+      # mail-gpg pulls headers from the decrypted mime parts "up" into the main
+      # headers, which reveals protected subjects.
+      if self.subject != new.subject
+        new.protected_headers_subject = self.subject.dup
+
+        # Delete the protected headers which might leak information.
+        if new.parts.first.content_type == "text/rfc822-headers; protected-headers=v1"
+          new.parts.shift
+        end
+      end
+
+
       new
     end
 
@@ -58,6 +70,7 @@ module Mail
       clean.gpg self.list.gpg_sign_options
       clean.from = list.email
       clean.subject = self.subject
+      clean.protected_headers_subject = self.protected_headers_subject
 
       clean.add_msgids(list, self)
       clean.add_list_headers(list)
@@ -69,6 +82,13 @@ module Mail
         clean.add_part new_part
       end
 
+      if self.protected_headers_subject.present?
+        new_part = Mail::Part.new
+        new_part.content_type = "text/rfc822-headers; protected-headers=v1"
+        new_part.body = "Subject: #{self.subject}\n"
+        clean.add_part new_part
+      end
+
       # Attach body or mime-parts in a new wrapper-part, to preserve the
       # original mime-structure.
       # We can't use self.to_s here — that includes all the headers we *don't*
@@ -203,15 +223,19 @@ module Mail
       end
 
       @keywords = []
+      look_for_keywords = true
       lines = part.decoded.lines.map do |line|
         # TODO: Find multiline arguments (add-key). Currently add-key has to
         # read the whole body and hope for the best.
-        if line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
-          command = $1.strip.downcase
-          arguments = $2.to_s.strip.downcase.split(/[,; ]{1,}/)
+        if look_for_keywords && (m = line.match(/^x-([^:\s]*)[:\s]*(.*)/i))
+          command = m[1].strip.downcase
+          arguments = m[2].to_s.strip.downcase.split(/[,; ]{1,}/)
           @keywords << [command, arguments]
           nil
         else
+          if look_for_keywords && line.match(/\S+/i)
+            look_for_keywords = false
+          end
           line
         end
       end
@@ -259,17 +283,7 @@ module Mail
       @dynamic_pseudoheaders || []
     end
 
-    def standard_pseudoheaders(list)
-      if @standard_pseudoheaders.present?
-        return @standard_pseudoheaders
-      else
-        @standard_pseudoheaders = []
-      end
-
-      Array(list.headers_to_meta).each do |field|
-        @standard_pseudoheaders << make_pseudoheader(field.to_s, self.header[field.to_s])
-      end
-
+    def signature_state
       # Careful to add information about the incoming signature. GPGME
       # throws exceptions if it doesn't know the key.
       if self.signature.present?
@@ -277,22 +291,41 @@ module Mail
         # for that manually and provide our own fallback. (Calling
         # `signature.key` results in an EOFError in that case.)
         if signing_key.present?
-          msg = signature.to_s
+          signature_state = signature.to_s
         else
-          # TODO: I18n
-          msg = "Unknown signature by unknown key 0x#{self.signature.fingerprint}"
+          signature_state = I18n.t("signature_states.unknown", fingerprint: self.signature.fingerprint)
         end
       else
-        # TODO: I18n
-        msg = "Unsigned"
+        signature_state = I18n.t("signature_states.unsigned")
+      end
+      signature_state
+    end
+
+    def encryption_state
+      if was_encrypted?
+        encryption_state = I18n.t("encryption_states.encrypted")
+      else
+        encryption_state = I18n.t("encryption_states.unencrypted")
+      end
+      encryption_state
+    end
+
+    def standard_pseudoheaders(list)
+      if @standard_pseudoheaders.present?
+        return @standard_pseudoheaders
+      else
+        @standard_pseudoheaders = []
+      end
+
+      Array(list.headers_to_meta).each do |field|
+        value = case field.to_s
+          when 'sig' then signature_state
+          when 'enc' then encryption_state
+          else self.header[field.to_s]
+        end
+        @standard_pseudoheaders << make_pseudoheader(field.to_s, value)
       end
-      @standard_pseudoheaders << make_pseudoheader(:sig, msg)
 
-      # TODO: I18n
-      @standard_pseudoheaders << make_pseudoheader(
-            :enc,
-            was_encrypted? ? 'Encrypted' : 'Unencrypted'
-        )
 
       @standard_pseudoheaders
     end
@@ -316,7 +349,7 @@ module Mail
       if list.include_list_headers
         self['List-Id'] = "<#{list.email.gsub('@', '.')}>"
         self['List-Owner'] = "<mailto:#{list.owner_address}> (Use list's public key)"
-        self['List-Help'] = '<https://schleuder.nadir.org/>'
+        self['List-Help'] = '<https://schleuder.org/>'
 
         postmsg = if list.receive_admin_only
                     "NO (Admins only)"
@@ -410,6 +443,13 @@ module Mail
 
     private
 
+    # mail.signed? throws an error if it finds
+    # pgp boundaries, so we must use the Mail::Gpg
+    # methods.
+    def encapsulated_signed?(mail)
+      (mail.verify_result.nil? || mail.verify_result.signatures.empty?) && \
+        (Mail::Gpg.signed_mime?(mail) || Mail::Gpg.signed_inline?(mail))
+    end
 
     def add_footer!(footer_attribute)
       if self.list.blank? || self.list.send(footer_attribute).to_s.empty?

data/lib/schleuder/plugins/key_management.rb

@@ -1,7 +1,6 @@
 module Schleuder
   module RequestPlugins
     def self.add_key(arguments, list, mail)
-      out = [I18n.t('plugins.key_management.import_result')]
 
       if mail.has_attachments?
         results = self.import_keys_from_attachments(list, mail)
@@ -9,15 +8,35 @@ module Schleuder
         results = [self.import_key_from_body(list, mail)]
       end
 
-      out << results.compact.collect(&:imports).flatten.map do |import_status|
-        str = I18n.t("plugins.key_management.key_import_status.#{import_status.action}")
-        "#{import_status.fpr}: #{str}"
+      import_stati = results.compact.collect(&:imports).flatten
+
+      if import_stati.blank?
+        return I18n.t('plugins.key_management.no_imports')
       end
 
-      out.join("\n")
+      out = []
+
+      import_stati.each do |import_status|
+        if import_status.action == 'error'
+          out << I18n.t("plugins.key_management.key_import_status.error", fingerprint: import_status.fingerprint)
+        else
+          key = list.gpg.find_distinct_key(import_status.fingerprint)
+          if key
+            out << I18n.t("plugins.key_management.key_import_status.#{import_status.action}", key_oneline: key.oneline)
+          end
+        end
+      end
+
+      out.join("\n\n")
     end
 
     def self.delete_key(arguments, list, mail)
+      if arguments.blank?
+        return I18n.t(
+          "plugins.key_management.delete_key_requires_arguments"
+        )
+      end
+
       arguments.map do |argument|
         keys = list.keys(argument)
         case keys.size
@@ -26,9 +45,9 @@ module Schleuder
         when 1
           begin
             keys.first.delete!
-            I18n.t('plugins.key_management.deleted', key_string: keys.first.fingerprint)
+            I18n.t('plugins.key_management.deleted', key_string: keys.first.oneline)
           rescue GPGME::Error::Conflict
-            I18n.t('plugins.key_management.not_deletable', key_string: keys.first.fingerprint)
+            I18n.t('plugins.key_management.not_deletable', key_string: keys.first.oneline)
           end
         else
           I18n.t('errors.too_many_matching_keys', {
@@ -71,6 +90,12 @@ module Schleuder
     end
 
     def self.fetch_key(arguments, list, mail)
+      if arguments.blank?
+        return I18n.t(
+          "plugins.key_management.fetch_key_requires_arguments"
+        )
+      end
+
       arguments.map do |argument|
         list.fetch_keys(argument)
       end

data/lib/schleuder/plugins/subscription_management.rb

@@ -1,12 +1,18 @@
 module Schleuder
   module RequestPlugins
     def self.subscribe(arguments, list, mail)
+      if arguments.blank?
+        return I18n.t(
+          "plugins.subscription_management.subscribe_requires_arguments"
+        )
+      end
+
       email = arguments.shift
 
       if arguments.present?
         # Collect all arguments that look like fingerprint-material
         fingerprint = ''
-        while arguments.first.present? && arguments.first.match(/\A(0x)?[a-f0-9]+/i)
+        while arguments.first.present? && arguments.first.match(/^(0x)?[a-f0-9]+$/i)
           fingerprint << arguments.shift
         end
         # Use possibly remaining args as flags.
@@ -37,6 +43,13 @@ module Schleuder
       # If no address was given we unsubscribe the sender.
       email = arguments.first.presence || mail.signer.email
 
+      # Refuse to unsubscribe the last admin.
+      if list.admins.size == 1 && list.admins.first.email == email
+        return I18n.t(
+          "plugins.subscription_management.cannot_unsubscribe_last_admin", email: email
+        )
+      end
+
       # TODO: May signers have multiple UIDs? We don't match those currently.
       if ! list.from_admin?(mail) && email != mail.signer.email
         # Only admins may unsubscribe others.
@@ -98,6 +111,12 @@ module Schleuder
     end
 
     def self.set_fingerprint(arguments, list, mail)
+      if arguments.blank?
+        return I18n.t(
+          "plugins.subscription_management.set_fingerprint_requires_arguments"
+        )
+      end
+
       if arguments.first.match(/@/)
         if arguments.first == mail.signer.email || list.from_admin?(mail)
           email = arguments.shift
@@ -118,8 +137,15 @@ module Schleuder
         )
       end
 
-      sub.fingerprint = arguments.join
+      fingerprint = arguments.join
+      unless GPGME::Key.valid_fingerprint?(fingerprint)
+        return I18n.t(
+          "plugins.subscription_management.set_fingerprint_requires_valid_fingerprint",
+          fingerprint: fingerprint
+        )
+      end
 
+      sub.fingerprint = fingerprint
       if sub.save
         I18n.t(
           "plugins.subscription_management.fingerprint_set",
@@ -130,7 +156,48 @@ module Schleuder
         I18n.t(
           "plugins.subscription_management.setting_fingerprint_failed",
           email: email,
-          fingerprint: arguments.last,
+          fingerprint: sub.fingerprint,
+          errors: sub.errors.to_a.join("\n")
+        )
+      end
+    end
+
+    def self.unset_fingerprint(arguments, list, mail)
+      if arguments.blank?
+        return I18n.t(
+          "plugins.subscription_management.unset_fingerprint_requires_arguments"
+        )
+      end
+
+      email = arguments.first
+      unless email == mail.signer.email || list.from_admin?(mail)
+          return I18n.t(
+            "plugins.subscription_management.unset_fingerprint_only_self"
+          )
+      end
+      if email == mail.signer.email && list.from_admin?(mail) && arguments.last != 'force'
+        return I18n.t(
+          "plugins.subscription_management.unset_fingerprint_requires_arguments"
+        )
+      end
+
+      sub = list.subscriptions.where(email: email).first
+      if sub.blank?
+        return I18n.t(
+          "plugins.subscription_management.is_not_subscribed", email: email
+        )
+      end
+
+      sub.fingerprint = ''
+      if sub.save
+        I18n.t(
+          "plugins.subscription_management.fingerprint_unset",
+          email: email
+        )
+      else
+        I18n.t(
+          "plugins.subscription_management.unsetting_fingerprint_failed",
+          email: email,
           errors: sub.errors.to_a.join("\n")
         )
       end