2011-05-10 01:31:26 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
abstract class PhabricatorMailReplyHandler {
|
|
|
|
|
|
|
|
private $mailReceiver;
|
2015-01-29 23:15:38 +01:00
|
|
|
private $applicationEmail;
|
2011-05-10 01:31:26 +02:00
|
|
|
private $actor;
|
2012-10-10 19:18:23 +02:00
|
|
|
private $excludePHIDs = array();
|
2011-05-10 01:31:26 +02:00
|
|
|
|
|
|
|
final public function setMailReceiver($mail_receiver) {
|
|
|
|
$this->validateMailReceiver($mail_receiver);
|
|
|
|
$this->mailReceiver = $mail_receiver;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
final public function getMailReceiver() {
|
|
|
|
return $this->mailReceiver;
|
|
|
|
}
|
|
|
|
|
2015-01-29 23:15:38 +01:00
|
|
|
public function setApplicationEmail(
|
|
|
|
PhabricatorMetaMTAApplicationEmail $email) {
|
|
|
|
$this->applicationEmail = $email;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getApplicationEmail() {
|
|
|
|
return $this->applicationEmail;
|
|
|
|
}
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
final public function setActor(PhabricatorUser $actor) {
|
|
|
|
$this->actor = $actor;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
final public function getActor() {
|
|
|
|
return $this->actor;
|
|
|
|
}
|
|
|
|
|
2012-10-10 19:18:23 +02:00
|
|
|
final public function setExcludeMailRecipientPHIDs(array $exclude) {
|
|
|
|
$this->excludePHIDs = $exclude;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
final public function getExcludeMailRecipientPHIDs() {
|
|
|
|
return $this->excludePHIDs;
|
|
|
|
}
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
abstract public function validateMailReceiver($mail_receiver);
|
|
|
|
abstract public function getPrivateReplyHandlerEmailAddress(
|
|
|
|
PhabricatorObjectHandle $handle);
|
2013-01-26 01:03:54 +01:00
|
|
|
public function getReplyHandlerDomain() {
|
|
|
|
return PhabricatorEnv::getEnvConfig(
|
2013-02-19 22:33:10 +01:00
|
|
|
'metamta.reply-handler-domain');
|
2013-01-26 01:03:54 +01:00
|
|
|
}
|
2011-05-10 01:31:26 +02:00
|
|
|
abstract public function getReplyHandlerInstructions();
|
2012-08-28 23:09:37 +02:00
|
|
|
abstract protected function receiveEmail(
|
|
|
|
PhabricatorMetaMTAReceivedMail $mail);
|
|
|
|
|
|
|
|
public function processEmail(PhabricatorMetaMTAReceivedMail $mail) {
|
2014-04-04 20:14:33 +02:00
|
|
|
$this->dropEmptyMail($mail);
|
2012-08-28 23:09:37 +02:00
|
|
|
|
|
|
|
return $this->receiveEmail($mail);
|
|
|
|
}
|
|
|
|
|
2014-04-04 20:14:33 +02:00
|
|
|
private function dropEmptyMail(PhabricatorMetaMTAReceivedMail $mail) {
|
|
|
|
$body = $mail->getCleanTextBody();
|
2012-11-01 23:18:06 +01:00
|
|
|
$attachments = $mail->getAttachments();
|
|
|
|
|
2014-04-04 20:14:33 +02:00
|
|
|
if (strlen($body) || $attachments) {
|
|
|
|
return;
|
2012-08-28 23:09:37 +02:00
|
|
|
}
|
|
|
|
|
2014-04-04 20:14:33 +02:00
|
|
|
// Only send an error email if the user is talking to just Phabricator.
|
|
|
|
// We can assume if there is only one "To" address it is a Phabricator
|
|
|
|
// address since this code is running and everything.
|
|
|
|
$is_direct_mail = (count($mail->getToAddresses()) == 1) &&
|
|
|
|
(count($mail->getCCAddresses()) == 0);
|
2012-08-28 23:09:37 +02:00
|
|
|
|
2014-04-04 20:14:33 +02:00
|
|
|
if ($is_direct_mail) {
|
|
|
|
$status_code = MetaMTAReceivedMailStatus::STATUS_EMPTY;
|
|
|
|
} else {
|
|
|
|
$status_code = MetaMTAReceivedMailStatus::STATUS_EMPTY_IGNORED;
|
2012-08-28 23:09:37 +02:00
|
|
|
}
|
|
|
|
|
2014-04-04 20:14:33 +02:00
|
|
|
throw new PhabricatorMetaMTAReceivedMailProcessingException(
|
|
|
|
$status_code,
|
|
|
|
pht(
|
|
|
|
'Your message does not contain any body text or attachments, so '.
|
|
|
|
'Phabricator can not do anything useful with it. Make sure comment '.
|
|
|
|
'text appears at the top of your message: quoted replies, inline '.
|
|
|
|
'text, and signatures are discarded and ignored.'));
|
2012-08-28 23:09:37 +02:00
|
|
|
}
|
2011-05-10 01:31:26 +02:00
|
|
|
|
|
|
|
public function supportsPrivateReplies() {
|
Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.
See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.
This also has the advantage over a naive implementation of at least doing object
hash validation.
@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).
Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.
Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.
Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-06-30 22:01:35 +02:00
|
|
|
return (bool)$this->getReplyHandlerDomain() &&
|
|
|
|
!$this->supportsPublicReplies();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function supportsPublicReplies() {
|
|
|
|
if (!PhabricatorEnv::getEnvConfig('metamta.public-replies')) {
|
|
|
|
return false;
|
|
|
|
}
|
2012-02-27 21:57:57 +01:00
|
|
|
if (!$this->getReplyHandlerDomain()) {
|
|
|
|
return false;
|
|
|
|
}
|
Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.
See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.
This also has the advantage over a naive implementation of at least doing object
hash validation.
@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).
Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.
Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.
Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-06-30 22:01:35 +02:00
|
|
|
return (bool)$this->getPublicReplyHandlerEmailAddress();
|
2011-05-10 01:31:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
final public function supportsReplies() {
|
|
|
|
return $this->supportsPrivateReplies() ||
|
Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.
See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.
This also has the advantage over a naive implementation of at least doing object
hash validation.
@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).
Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.
Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.
Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-06-30 22:01:35 +02:00
|
|
|
$this->supportsPublicReplies();
|
2011-05-10 01:31:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function getPublicReplyHandlerEmailAddress() {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2012-06-16 08:21:25 +02:00
|
|
|
final public function getRecipientsSummary(
|
|
|
|
array $to_handles,
|
|
|
|
array $cc_handles) {
|
|
|
|
assert_instances_of($to_handles, 'PhabricatorObjectHandle');
|
|
|
|
assert_instances_of($cc_handles, 'PhabricatorObjectHandle');
|
|
|
|
|
|
|
|
$body = '';
|
2012-07-17 04:02:06 +02:00
|
|
|
|
|
|
|
if (PhabricatorEnv::getEnvConfig('metamta.recipients.show-hints')) {
|
|
|
|
if ($to_handles) {
|
|
|
|
$body .= "To: ".implode(', ', mpull($to_handles, 'getName'))."\n";
|
|
|
|
}
|
|
|
|
if ($cc_handles) {
|
|
|
|
$body .= "Cc: ".implode(', ', mpull($cc_handles, 'getName'))."\n";
|
|
|
|
}
|
2012-06-16 08:21:25 +02:00
|
|
|
}
|
2012-07-17 04:02:06 +02:00
|
|
|
|
2012-06-16 08:21:25 +02:00
|
|
|
return $body;
|
|
|
|
}
|
|
|
|
|
2014-11-15 18:12:17 +01:00
|
|
|
final public function getRecipientsSummaryHTML(
|
|
|
|
array $to_handles,
|
|
|
|
array $cc_handles) {
|
|
|
|
assert_instances_of($to_handles, 'PhabricatorObjectHandle');
|
|
|
|
assert_instances_of($cc_handles, 'PhabricatorObjectHandle');
|
|
|
|
|
|
|
|
if (PhabricatorEnv::getEnvConfig('metamta.recipients.show-hints')) {
|
|
|
|
$body = array();
|
|
|
|
if ($to_handles) {
|
|
|
|
$body[] = phutil_tag('strong', array(), 'To: ');
|
|
|
|
$body[] = phutil_implode_html(', ', mpull($to_handles, 'getName'));
|
|
|
|
$body[] = phutil_tag('br');
|
|
|
|
}
|
|
|
|
if ($cc_handles) {
|
|
|
|
$body[] = phutil_tag('strong', array(), 'Cc: ');
|
|
|
|
$body[] = phutil_implode_html(', ', mpull($cc_handles, 'getName'));
|
|
|
|
$body[] = phutil_tag('br');
|
|
|
|
}
|
|
|
|
return phutil_tag('div', array(), $body);
|
|
|
|
} else {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
final public function multiplexMail(
|
|
|
|
PhabricatorMetaMTAMail $mail_template,
|
|
|
|
array $to_handles,
|
|
|
|
array $cc_handles) {
|
2012-04-03 21:10:45 +02:00
|
|
|
assert_instances_of($to_handles, 'PhabricatorObjectHandle');
|
|
|
|
assert_instances_of($cc_handles, 'PhabricatorObjectHandle');
|
2011-05-10 01:31:26 +02:00
|
|
|
|
|
|
|
$result = array();
|
|
|
|
|
Fix various threading issues, particularly in Gmail
Summary:
- Add an explicit multiplexing option, and enable it by default. This is necessary for Mail.app to coexist with other clients ("Re:" breaks outlook at the very least, and generally sucks in the common case), and allows users with flexible clients to enable subject variance.
- Add an option for subject line variance. Default to not varying the subject, so mail no longer says [Committed], [Closed], etc. This is so the defaults thread correctly in Gmail (not entirely sure this actually works).
- Add a preference to enable subject line variance.
- Unless all mail is multiplexed, don't enable or respect the "Re" or "vary subject" preferences. These are currently shown and respected in non-multiplex cases, which creates inconsistent results.
NOTE: @jungejason @nh @vrana This changes the default behavior (from non-multiplexing to multiplexing), and might break Facebook's integration. You should be able to keep the same behavior by setting the options appropriately, although if you can get the new defaults working they're probably better.
Test Plan:
Send mail from Maniphest, Differential and Audit. Updated preferences. Enabled/disabled multiplexing. Things seem OK?
NOTE: I haven't actually been able to repro the Gmail threading issue so I'm not totally sure what's going on there, maybe it started respecting "Re:" (or always has), but @cpiro and @20after4 both reported it independently. This fixes a bunch of bugs in any case and gives us more conservative set of defaults.
I'll see if I can buff out the Gmail story a bit but every client is basically a giant black box of mystery. :/
Reviewers: btrahan, vrana, jungejason, nh
Reviewed By: btrahan
CC: cpiro, 20after4, aran
Maniphest Tasks: T1097, T847
Differential Revision: https://secure.phabricator.com/D2206
2012-04-12 18:31:03 +02:00
|
|
|
// If MetaMTA is configured to always multiplex, skip the single-email
|
|
|
|
// case.
|
|
|
|
if (!PhabricatorMetaMTAMail::shouldMultiplexAllMail()) {
|
|
|
|
// If private replies are not supported, simply send one email to all
|
|
|
|
// recipients and CCs. This covers cases where we have no reply handler,
|
|
|
|
// or we have a public reply handler.
|
|
|
|
if (!$this->supportsPrivateReplies()) {
|
|
|
|
$mail = clone $mail_template;
|
|
|
|
$mail->addTos(mpull($to_handles, 'getPHID'));
|
|
|
|
$mail->addCCs(mpull($cc_handles, 'getPHID'));
|
|
|
|
|
|
|
|
if ($this->supportsPublicReplies()) {
|
|
|
|
$reply_to = $this->getPublicReplyHandlerEmailAddress();
|
|
|
|
$mail->setReplyTo($reply_to);
|
|
|
|
}
|
|
|
|
|
|
|
|
$result[] = $mail;
|
|
|
|
|
|
|
|
return $result;
|
2011-05-10 01:31:26 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-01 23:35:55 +01:00
|
|
|
// TODO: This is pretty messy. We should really be doing all of this
|
|
|
|
// multiplexing in the task queue, but that requires significant rewriting
|
|
|
|
// in the general case. ApplicationTransactions can do it fairly easily,
|
|
|
|
// but other mail sites currently can not, so we need to support this
|
|
|
|
// junky version until they catch up and we can swap things over.
|
|
|
|
|
|
|
|
$to_handles = $this->expandRecipientHandles($to_handles);
|
|
|
|
$cc_handles = $this->expandRecipientHandles($cc_handles);
|
|
|
|
|
2012-06-22 03:39:35 +02:00
|
|
|
$tos = mpull($to_handles, null, 'getPHID');
|
|
|
|
$ccs = mpull($cc_handles, null, 'getPHID');
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
// Merge all the recipients together. TODO: We could keep the CCs as real
|
|
|
|
// CCs and send to a "noreply@domain.com" type address, but keep it simple
|
|
|
|
// for now.
|
2012-06-22 03:39:35 +02:00
|
|
|
$recipients = $tos + $ccs;
|
2011-05-10 01:31:26 +02:00
|
|
|
|
2011-05-12 05:32:30 +02:00
|
|
|
// When multiplexing mail, explicitly include To/Cc information in the
|
|
|
|
// message body and headers.
|
2012-06-22 03:39:35 +02:00
|
|
|
|
|
|
|
$mail_template = clone $mail_template;
|
|
|
|
|
|
|
|
$mail_template->addPHIDHeaders('X-Phabricator-To', array_keys($tos));
|
|
|
|
$mail_template->addPHIDHeaders('X-Phabricator-Cc', array_keys($ccs));
|
2011-05-12 05:32:30 +02:00
|
|
|
|
|
|
|
$body = $mail_template->getBody();
|
|
|
|
$body .= "\n";
|
2012-06-16 08:21:25 +02:00
|
|
|
$body .= $this->getRecipientsSummary($to_handles, $cc_handles);
|
2011-05-12 05:32:30 +02:00
|
|
|
|
2014-11-15 18:12:17 +01:00
|
|
|
$html_body = $mail_template->getHTMLBody();
|
2014-11-17 22:43:02 +01:00
|
|
|
if (strlen($html_body)) {
|
|
|
|
$html_body .= hsprintf('%s',
|
|
|
|
$this->getRecipientsSummaryHTML($to_handles, $cc_handles));
|
|
|
|
}
|
2014-02-01 23:35:55 +01:00
|
|
|
|
2014-11-15 18:12:17 +01:00
|
|
|
foreach ($recipients as $phid => $recipient) {
|
2014-02-01 23:35:55 +01:00
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
$mail = clone $mail_template;
|
2012-07-18 01:50:52 +02:00
|
|
|
if (isset($to_handles[$phid])) {
|
|
|
|
$mail->addTos(array($phid));
|
|
|
|
} else if (isset($cc_handles[$phid])) {
|
|
|
|
$mail->addCCs(array($phid));
|
|
|
|
} else {
|
|
|
|
// not good - they should be a to or a cc
|
|
|
|
continue;
|
|
|
|
}
|
2011-05-10 01:31:26 +02:00
|
|
|
|
2011-05-12 05:32:30 +02:00
|
|
|
$mail->setBody($body);
|
2014-11-15 18:12:17 +01:00
|
|
|
$mail->setHTMLBody($html_body);
|
2011-05-12 05:32:30 +02:00
|
|
|
|
2012-04-16 19:35:52 +02:00
|
|
|
$reply_to = null;
|
|
|
|
if (!$reply_to && $this->supportsPrivateReplies()) {
|
|
|
|
$reply_to = $this->getPrivateReplyHandlerEmailAddress($recipient);
|
|
|
|
}
|
|
|
|
|
2011-07-09 08:16:58 +02:00
|
|
|
if (!$reply_to && $this->supportsPublicReplies()) {
|
2011-05-10 01:31:26 +02:00
|
|
|
$reply_to = $this->getPublicReplyHandlerEmailAddress();
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($reply_to) {
|
|
|
|
$mail->setReplyTo($reply_to);
|
|
|
|
}
|
|
|
|
|
|
|
|
$result[] = $mail;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.
See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.
This also has the advantage over a naive implementation of at least doing object
hash validation.
@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).
Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.
Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.
Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-06-30 22:01:35 +02:00
|
|
|
protected function getDefaultPublicReplyHandlerEmailAddress($prefix) {
|
|
|
|
|
|
|
|
$receiver = $this->getMailReceiver();
|
|
|
|
$receiver_id = $receiver->getID();
|
|
|
|
$domain = $this->getReplyHandlerDomain();
|
|
|
|
|
|
|
|
// We compute a hash using the object's own PHID to prevent an attacker
|
|
|
|
// from blindly interacting with objects that they haven't ever received
|
|
|
|
// mail about by just sending to D1@, D2@, etc...
|
2013-05-17 12:49:00 +02:00
|
|
|
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.
See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.
This also has the advantage over a naive implementation of at least doing object
hash validation.
@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).
Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.
Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.
Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-06-30 22:01:35 +02:00
|
|
|
$receiver->getMailKey(),
|
|
|
|
$receiver->getPHID());
|
|
|
|
|
2011-08-16 11:31:51 +02:00
|
|
|
$address = "{$prefix}{$receiver_id}+public+{$hash}@{$domain}";
|
|
|
|
return $this->getSingleReplyHandlerPrefix($address);
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function getSingleReplyHandlerPrefix($address) {
|
|
|
|
$single_handle_prefix = PhabricatorEnv::getEnvConfig(
|
|
|
|
'metamta.single-reply-handler-prefix');
|
|
|
|
return ($single_handle_prefix)
|
2014-06-10 01:03:58 +02:00
|
|
|
? $single_handle_prefix.'+'.$address
|
2011-08-16 11:31:51 +02:00
|
|
|
: $address;
|
Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.
See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.
This also has the advantage over a naive implementation of at least doing object
hash validation.
@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).
Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.
Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.
Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-06-30 22:01:35 +02:00
|
|
|
}
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
protected function getDefaultPrivateReplyHandlerEmailAddress(
|
|
|
|
PhabricatorObjectHandle $handle,
|
|
|
|
$prefix) {
|
|
|
|
|
2014-07-24 00:05:46 +02:00
|
|
|
if ($handle->getType() != PhabricatorPeopleUserPHIDType::TYPECONST) {
|
2011-05-10 01:31:26 +02:00
|
|
|
// You must be a real user to get a private reply handler address.
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2013-05-31 19:51:20 +02:00
|
|
|
$user = id(new PhabricatorPeopleQuery())
|
|
|
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
|
|
|
->withPHIDs(array($handle->getPHID()))
|
|
|
|
->executeOne();
|
2013-04-04 22:10:18 +02:00
|
|
|
|
2013-07-13 19:41:17 +02:00
|
|
|
if (!$user) {
|
|
|
|
// This may happen if a user was subscribed to something, and was then
|
|
|
|
// deleted.
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
$receiver = $this->getMailReceiver();
|
|
|
|
$receiver_id = $receiver->getID();
|
2013-04-04 22:10:18 +02:00
|
|
|
$user_id = $user->getID();
|
2013-05-17 12:49:00 +02:00
|
|
|
$hash = PhabricatorObjectMailReceiver::computeMailHash(
|
2011-05-10 01:31:26 +02:00
|
|
|
$receiver->getMailKey(),
|
|
|
|
$handle->getPHID());
|
|
|
|
$domain = $this->getReplyHandlerDomain();
|
|
|
|
|
2011-08-16 11:31:51 +02:00
|
|
|
$address = "{$prefix}{$receiver_id}+{$user_id}+{$hash}@{$domain}";
|
|
|
|
return $this->getSingleReplyHandlerPrefix($address);
|
2011-05-10 01:31:26 +02:00
|
|
|
}
|
|
|
|
|
2013-10-14 21:29:41 +02:00
|
|
|
final protected function enhanceBodyWithAttachments(
|
2013-01-27 04:56:39 +01:00
|
|
|
$body,
|
|
|
|
array $attachments,
|
|
|
|
$format = '- {F%d, layout=link}') {
|
2012-11-01 23:18:06 +01:00
|
|
|
if (!$attachments) {
|
|
|
|
return $body;
|
|
|
|
}
|
|
|
|
|
2013-09-30 18:38:13 +02:00
|
|
|
// TODO: (T603) What's the policy here?
|
2012-11-01 23:18:06 +01:00
|
|
|
$files = id(new PhabricatorFile())
|
|
|
|
->loadAllWhere('phid in (%Ls)', $attachments);
|
|
|
|
|
|
|
|
// if we have some text then double return before adding our file list
|
|
|
|
if ($body) {
|
|
|
|
$body .= "\n\n";
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach ($files as $file) {
|
2013-01-27 04:56:39 +01:00
|
|
|
$file_str = sprintf($format, $file->getID());
|
2012-11-01 23:18:06 +01:00
|
|
|
$body .= $file_str."\n";
|
|
|
|
}
|
|
|
|
|
|
|
|
return rtrim($body);
|
|
|
|
}
|
|
|
|
|
2014-02-01 23:35:55 +01:00
|
|
|
private function expandRecipientHandles(array $handles) {
|
|
|
|
if (!$handles) {
|
|
|
|
return array();
|
|
|
|
}
|
|
|
|
|
|
|
|
$phids = mpull($handles, 'getPHID');
|
|
|
|
$map = id(new PhabricatorMetaMTAMemberQuery())
|
|
|
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
|
|
|
->withPHIDs($phids)
|
|
|
|
->execute();
|
|
|
|
|
|
|
|
$results = array();
|
|
|
|
foreach ($phids as $phid) {
|
|
|
|
if (isset($map[$phid])) {
|
|
|
|
foreach ($map[$phid] as $expanded_phid) {
|
|
|
|
$results[$expanded_phid] = $expanded_phid;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$results[$phid] = $phid;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return id(new PhabricatorHandleQuery())
|
|
|
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
|
|
|
->withPHIDs($results)
|
|
|
|
->execute();
|
|
|
|
}
|
|
|
|
|
2011-05-10 01:31:26 +02:00
|
|
|
}
|