1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 16:52:41 +01:00

Add a Herald action to trigger "Must Encrypt" for mail

Summary: Depends on D18983. Ref T13053. Adds a new Herald action to activate the "must encrypt" flag and drop mail content.

Test Plan:
  - Created a new Herald rule:

{F5407075}

  - Created a "dog task" (woof woof, unsecure) and a "duck task" (quack quack, secure).
  - Viewed mail for both in `bin/mail` and web UI, saw appropriate security/encryption behavior.
  - Viewed "Must Encrypt" in "Headers" tab for the duck mail, saw why the mail was encrypted (link to Herald rule).

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13053

Differential Revision: https://secure.phabricator.com/D18984
This commit is contained in:
epriestley 2018-02-01 09:19:14 -08:00
parent 7b2b5cd91e
commit cbe4e68c07
7 changed files with 111 additions and 0 deletions

View file

@ -3189,6 +3189,7 @@ phutil_register_library_map(array(
'PhabricatorMailManagementUnverifyWorkflow' => 'applications/metamta/management/PhabricatorMailManagementUnverifyWorkflow.php', 'PhabricatorMailManagementUnverifyWorkflow' => 'applications/metamta/management/PhabricatorMailManagementUnverifyWorkflow.php',
'PhabricatorMailManagementVolumeWorkflow' => 'applications/metamta/management/PhabricatorMailManagementVolumeWorkflow.php', 'PhabricatorMailManagementVolumeWorkflow' => 'applications/metamta/management/PhabricatorMailManagementVolumeWorkflow.php',
'PhabricatorMailManagementWorkflow' => 'applications/metamta/management/PhabricatorMailManagementWorkflow.php', 'PhabricatorMailManagementWorkflow' => 'applications/metamta/management/PhabricatorMailManagementWorkflow.php',
'PhabricatorMailMustEncryptHeraldAction' => 'applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php',
'PhabricatorMailOutboundMailHeraldAdapter' => 'applications/metamta/herald/PhabricatorMailOutboundMailHeraldAdapter.php', 'PhabricatorMailOutboundMailHeraldAdapter' => 'applications/metamta/herald/PhabricatorMailOutboundMailHeraldAdapter.php',
'PhabricatorMailOutboundRoutingHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingHeraldAction.php', 'PhabricatorMailOutboundRoutingHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingHeraldAction.php',
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingSelfEmailHeraldAction.php', 'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingSelfEmailHeraldAction.php',
@ -8674,6 +8675,7 @@ phutil_register_library_map(array(
'PhabricatorMailManagementUnverifyWorkflow' => 'PhabricatorMailManagementWorkflow', 'PhabricatorMailManagementUnverifyWorkflow' => 'PhabricatorMailManagementWorkflow',
'PhabricatorMailManagementVolumeWorkflow' => 'PhabricatorMailManagementWorkflow', 'PhabricatorMailManagementVolumeWorkflow' => 'PhabricatorMailManagementWorkflow',
'PhabricatorMailManagementWorkflow' => 'PhabricatorManagementWorkflow', 'PhabricatorMailManagementWorkflow' => 'PhabricatorManagementWorkflow',
'PhabricatorMailMustEncryptHeraldAction' => 'HeraldAction',
'PhabricatorMailOutboundMailHeraldAdapter' => 'HeraldAdapter', 'PhabricatorMailOutboundMailHeraldAdapter' => 'HeraldAdapter',
'PhabricatorMailOutboundRoutingHeraldAction' => 'HeraldAction', 'PhabricatorMailOutboundRoutingHeraldAction' => 'HeraldAction',
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'PhabricatorMailOutboundRoutingHeraldAction', 'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'PhabricatorMailOutboundRoutingHeraldAction',

View file

@ -39,6 +39,7 @@ abstract class HeraldAdapter extends Phobject {
private $edgeCache = array(); private $edgeCache = array();
private $forbiddenActions = array(); private $forbiddenActions = array();
private $viewer; private $viewer;
private $mustEncryptReasons = array();
public function getEmailPHIDs() { public function getEmailPHIDs() {
return array_values($this->emailPHIDs); return array_values($this->emailPHIDs);
@ -1182,4 +1183,17 @@ abstract class HeraldAdapter extends Phobject {
return $this->forbiddenActions[$action]; return $this->forbiddenActions[$action];
} }
/* -( Must Encrypt )------------------------------------------------------- */
final public function addMustEncryptReason($reason) {
$this->mustEncryptReasons[] = $reason;
return $this;
}
final public function getMustEncryptReasons() {
return $this->mustEncryptReasons;
}
} }

View file

@ -175,6 +175,15 @@ final class PhabricatorMetaMTAMailViewController
$properties->addProperty($key, $value); $properties->addProperty($key, $value);
} }
$encrypt_phids = $mail->getMustEncryptReasons();
if ($encrypt_phids) {
$properties->addProperty(
pht('Must Encrypt'),
$viewer->loadHandles($encrypt_phids)
->renderList());
}
return $properties; return $properties;
} }

View file

@ -0,0 +1,62 @@
<?php
final class PhabricatorMailMustEncryptHeraldAction
extends HeraldAction {
const DO_MUST_ENCRYPT = 'do.must-encrypt';
const ACTIONCONST = 'email.must-encrypt';
public function getHeraldActionName() {
return pht('Require secure email');
}
public function renderActionDescription($value) {
return pht(
'Require mail content be transmitted only over secure channels.');
}
public function supportsObject($object) {
return self::isMailGeneratingObject($object);
}
public function getActionGroupKey() {
return HeraldUtilityActionGroup::ACTIONGROUPKEY;
}
public function supportsRuleType($rule_type) {
return ($rule_type != HeraldRuleTypeConfig::RULE_TYPE_PERSONAL);
}
public function getHeraldActionStandardType() {
return self::STANDARD_NONE;
}
public function applyEffect($object, HeraldEffect $effect) {
$rule_phid = $effect->getRule()->getPHID();
$adapter = $this->getAdapter();
$adapter->addMustEncryptReason($rule_phid);
$this->logEffect(self::DO_MUST_ENCRYPT, array($rule_phid));
}
protected function getActionEffectMap() {
return array(
self::DO_MUST_ENCRYPT => array(
'icon' => 'fa-shield',
'color' => 'blue',
'name' => pht('Must Encrypt'),
),
);
}
protected function renderActionEffectDescription($type, $data) {
switch ($type) {
case self::DO_MUST_ENCRYPT:
return pht(
'Made it a requirement that mail content be transmitted only '.
'over secure channels.');
}
}
}

View file

@ -13,6 +13,10 @@ abstract class PhabricatorMetaMTAEmailHeraldAction
} }
public function supportsObject($object) { public function supportsObject($object) {
return self::isMailGeneratingObject($object);
}
public static function isMailGeneratingObject($object) {
// NOTE: This implementation lacks generality, but there's no great way to // NOTE: This implementation lacks generality, but there's no great way to
// figure out if something generates email right now. // figure out if something generates email right now.

View file

@ -259,6 +259,15 @@ final class PhabricatorMetaMTAMail
return $this->getParam('mustEncrypt', false); return $this->getParam('mustEncrypt', false);
} }
public function setMustEncryptReasons(array $reasons) {
$this->setParam('mustEncryptReasons', $reasons);
return $this;
}
public function getMustEncryptReasons() {
return $this->getParam('mustEncryptReasons', array());
}
public function setHTMLBody($html) { public function setHTMLBody($html) {
$this->setParam('html-body', $html); $this->setParam('html-body', $html);
return $this; return $this;

View file

@ -71,6 +71,7 @@ abstract class PhabricatorApplicationTransactionEditor
private $mailShouldSend = false; private $mailShouldSend = false;
private $modularTypes; private $modularTypes;
private $silent; private $silent;
private $mustEncrypt;
private $transactionQueue = array(); private $transactionQueue = array();
@ -2549,6 +2550,13 @@ abstract class PhabricatorApplicationTransactionEditor
$this->loadHandles($xactions); $this->loadHandles($xactions);
$mail = $this->buildMailForTarget($object, $xactions, $target); $mail = $this->buildMailForTarget($object, $xactions, $target);
if ($this->mustEncrypt) {
$mail
->setMustEncrypt(true)
->setMustEncryptReasons($this->mustEncrypt);
}
} catch (Exception $ex) { } catch (Exception $ex) {
$caught = $ex; $caught = $ex;
} }
@ -3214,6 +3222,8 @@ abstract class PhabricatorApplicationTransactionEditor
$adapter->getQueuedHarbormasterBuildRequests()); $adapter->getQueuedHarbormasterBuildRequests());
} }
$this->mustEncrypt = $adapter->getMustEncryptReasons();
return array_merge( return array_merge(
$this->didApplyHeraldRules($object, $adapter, $xscript), $this->didApplyHeraldRules($object, $adapter, $xscript),
$adapter->getQueuedTransactions()); $adapter->getQueuedTransactions());
@ -3558,6 +3568,7 @@ abstract class PhabricatorApplicationTransactionEditor
'feedRelatedPHIDs', 'feedRelatedPHIDs',
'feedShouldPublish', 'feedShouldPublish',
'mailShouldSend', 'mailShouldSend',
'mustEncrypt',
); );
} }