mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 16:52:41 +01:00
Add a Herald action to trigger "Must Encrypt" for mail
Summary: Depends on D18983. Ref T13053. Adds a new Herald action to activate the "must encrypt" flag and drop mail content. Test Plan: - Created a new Herald rule: {F5407075} - Created a "dog task" (woof woof, unsecure) and a "duck task" (quack quack, secure). - Viewed mail for both in `bin/mail` and web UI, saw appropriate security/encryption behavior. - Viewed "Must Encrypt" in "Headers" tab for the duck mail, saw why the mail was encrypted (link to Herald rule). Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13053 Differential Revision: https://secure.phabricator.com/D18984
This commit is contained in:
parent
7b2b5cd91e
commit
cbe4e68c07
7 changed files with 111 additions and 0 deletions
|
@ -3189,6 +3189,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorMailManagementUnverifyWorkflow' => 'applications/metamta/management/PhabricatorMailManagementUnverifyWorkflow.php',
|
'PhabricatorMailManagementUnverifyWorkflow' => 'applications/metamta/management/PhabricatorMailManagementUnverifyWorkflow.php',
|
||||||
'PhabricatorMailManagementVolumeWorkflow' => 'applications/metamta/management/PhabricatorMailManagementVolumeWorkflow.php',
|
'PhabricatorMailManagementVolumeWorkflow' => 'applications/metamta/management/PhabricatorMailManagementVolumeWorkflow.php',
|
||||||
'PhabricatorMailManagementWorkflow' => 'applications/metamta/management/PhabricatorMailManagementWorkflow.php',
|
'PhabricatorMailManagementWorkflow' => 'applications/metamta/management/PhabricatorMailManagementWorkflow.php',
|
||||||
|
'PhabricatorMailMustEncryptHeraldAction' => 'applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php',
|
||||||
'PhabricatorMailOutboundMailHeraldAdapter' => 'applications/metamta/herald/PhabricatorMailOutboundMailHeraldAdapter.php',
|
'PhabricatorMailOutboundMailHeraldAdapter' => 'applications/metamta/herald/PhabricatorMailOutboundMailHeraldAdapter.php',
|
||||||
'PhabricatorMailOutboundRoutingHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingHeraldAction.php',
|
'PhabricatorMailOutboundRoutingHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingHeraldAction.php',
|
||||||
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingSelfEmailHeraldAction.php',
|
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingSelfEmailHeraldAction.php',
|
||||||
|
@ -8674,6 +8675,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorMailManagementUnverifyWorkflow' => 'PhabricatorMailManagementWorkflow',
|
'PhabricatorMailManagementUnverifyWorkflow' => 'PhabricatorMailManagementWorkflow',
|
||||||
'PhabricatorMailManagementVolumeWorkflow' => 'PhabricatorMailManagementWorkflow',
|
'PhabricatorMailManagementVolumeWorkflow' => 'PhabricatorMailManagementWorkflow',
|
||||||
'PhabricatorMailManagementWorkflow' => 'PhabricatorManagementWorkflow',
|
'PhabricatorMailManagementWorkflow' => 'PhabricatorManagementWorkflow',
|
||||||
|
'PhabricatorMailMustEncryptHeraldAction' => 'HeraldAction',
|
||||||
'PhabricatorMailOutboundMailHeraldAdapter' => 'HeraldAdapter',
|
'PhabricatorMailOutboundMailHeraldAdapter' => 'HeraldAdapter',
|
||||||
'PhabricatorMailOutboundRoutingHeraldAction' => 'HeraldAction',
|
'PhabricatorMailOutboundRoutingHeraldAction' => 'HeraldAction',
|
||||||
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'PhabricatorMailOutboundRoutingHeraldAction',
|
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'PhabricatorMailOutboundRoutingHeraldAction',
|
||||||
|
|
|
@ -39,6 +39,7 @@ abstract class HeraldAdapter extends Phobject {
|
||||||
private $edgeCache = array();
|
private $edgeCache = array();
|
||||||
private $forbiddenActions = array();
|
private $forbiddenActions = array();
|
||||||
private $viewer;
|
private $viewer;
|
||||||
|
private $mustEncryptReasons = array();
|
||||||
|
|
||||||
public function getEmailPHIDs() {
|
public function getEmailPHIDs() {
|
||||||
return array_values($this->emailPHIDs);
|
return array_values($this->emailPHIDs);
|
||||||
|
@ -1182,4 +1183,17 @@ abstract class HeraldAdapter extends Phobject {
|
||||||
return $this->forbiddenActions[$action];
|
return $this->forbiddenActions[$action];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* -( Must Encrypt )------------------------------------------------------- */
|
||||||
|
|
||||||
|
|
||||||
|
final public function addMustEncryptReason($reason) {
|
||||||
|
$this->mustEncryptReasons[] = $reason;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
final public function getMustEncryptReasons() {
|
||||||
|
return $this->mustEncryptReasons;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -175,6 +175,15 @@ final class PhabricatorMetaMTAMailViewController
|
||||||
$properties->addProperty($key, $value);
|
$properties->addProperty($key, $value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$encrypt_phids = $mail->getMustEncryptReasons();
|
||||||
|
if ($encrypt_phids) {
|
||||||
|
$properties->addProperty(
|
||||||
|
pht('Must Encrypt'),
|
||||||
|
$viewer->loadHandles($encrypt_phids)
|
||||||
|
->renderList());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
return $properties;
|
return $properties;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorMailMustEncryptHeraldAction
|
||||||
|
extends HeraldAction {
|
||||||
|
|
||||||
|
const DO_MUST_ENCRYPT = 'do.must-encrypt';
|
||||||
|
|
||||||
|
const ACTIONCONST = 'email.must-encrypt';
|
||||||
|
|
||||||
|
public function getHeraldActionName() {
|
||||||
|
return pht('Require secure email');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function renderActionDescription($value) {
|
||||||
|
return pht(
|
||||||
|
'Require mail content be transmitted only over secure channels.');
|
||||||
|
}
|
||||||
|
public function supportsObject($object) {
|
||||||
|
return self::isMailGeneratingObject($object);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getActionGroupKey() {
|
||||||
|
return HeraldUtilityActionGroup::ACTIONGROUPKEY;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function supportsRuleType($rule_type) {
|
||||||
|
return ($rule_type != HeraldRuleTypeConfig::RULE_TYPE_PERSONAL);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getHeraldActionStandardType() {
|
||||||
|
return self::STANDARD_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function applyEffect($object, HeraldEffect $effect) {
|
||||||
|
$rule_phid = $effect->getRule()->getPHID();
|
||||||
|
|
||||||
|
$adapter = $this->getAdapter();
|
||||||
|
$adapter->addMustEncryptReason($rule_phid);
|
||||||
|
|
||||||
|
$this->logEffect(self::DO_MUST_ENCRYPT, array($rule_phid));
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getActionEffectMap() {
|
||||||
|
return array(
|
||||||
|
self::DO_MUST_ENCRYPT => array(
|
||||||
|
'icon' => 'fa-shield',
|
||||||
|
'color' => 'blue',
|
||||||
|
'name' => pht('Must Encrypt'),
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function renderActionEffectDescription($type, $data) {
|
||||||
|
switch ($type) {
|
||||||
|
case self::DO_MUST_ENCRYPT:
|
||||||
|
return pht(
|
||||||
|
'Made it a requirement that mail content be transmitted only '.
|
||||||
|
'over secure channels.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -13,6 +13,10 @@ abstract class PhabricatorMetaMTAEmailHeraldAction
|
||||||
}
|
}
|
||||||
|
|
||||||
public function supportsObject($object) {
|
public function supportsObject($object) {
|
||||||
|
return self::isMailGeneratingObject($object);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function isMailGeneratingObject($object) {
|
||||||
// NOTE: This implementation lacks generality, but there's no great way to
|
// NOTE: This implementation lacks generality, but there's no great way to
|
||||||
// figure out if something generates email right now.
|
// figure out if something generates email right now.
|
||||||
|
|
||||||
|
|
|
@ -259,6 +259,15 @@ final class PhabricatorMetaMTAMail
|
||||||
return $this->getParam('mustEncrypt', false);
|
return $this->getParam('mustEncrypt', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function setMustEncryptReasons(array $reasons) {
|
||||||
|
$this->setParam('mustEncryptReasons', $reasons);
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getMustEncryptReasons() {
|
||||||
|
return $this->getParam('mustEncryptReasons', array());
|
||||||
|
}
|
||||||
|
|
||||||
public function setHTMLBody($html) {
|
public function setHTMLBody($html) {
|
||||||
$this->setParam('html-body', $html);
|
$this->setParam('html-body', $html);
|
||||||
return $this;
|
return $this;
|
||||||
|
|
|
@ -71,6 +71,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
||||||
private $mailShouldSend = false;
|
private $mailShouldSend = false;
|
||||||
private $modularTypes;
|
private $modularTypes;
|
||||||
private $silent;
|
private $silent;
|
||||||
|
private $mustEncrypt;
|
||||||
|
|
||||||
private $transactionQueue = array();
|
private $transactionQueue = array();
|
||||||
|
|
||||||
|
@ -2549,6 +2550,13 @@ abstract class PhabricatorApplicationTransactionEditor
|
||||||
$this->loadHandles($xactions);
|
$this->loadHandles($xactions);
|
||||||
|
|
||||||
$mail = $this->buildMailForTarget($object, $xactions, $target);
|
$mail = $this->buildMailForTarget($object, $xactions, $target);
|
||||||
|
|
||||||
|
if ($this->mustEncrypt) {
|
||||||
|
$mail
|
||||||
|
->setMustEncrypt(true)
|
||||||
|
->setMustEncryptReasons($this->mustEncrypt);
|
||||||
|
}
|
||||||
|
|
||||||
} catch (Exception $ex) {
|
} catch (Exception $ex) {
|
||||||
$caught = $ex;
|
$caught = $ex;
|
||||||
}
|
}
|
||||||
|
@ -3214,6 +3222,8 @@ abstract class PhabricatorApplicationTransactionEditor
|
||||||
$adapter->getQueuedHarbormasterBuildRequests());
|
$adapter->getQueuedHarbormasterBuildRequests());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->mustEncrypt = $adapter->getMustEncryptReasons();
|
||||||
|
|
||||||
return array_merge(
|
return array_merge(
|
||||||
$this->didApplyHeraldRules($object, $adapter, $xscript),
|
$this->didApplyHeraldRules($object, $adapter, $xscript),
|
||||||
$adapter->getQueuedTransactions());
|
$adapter->getQueuedTransactions());
|
||||||
|
@ -3558,6 +3568,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
||||||
'feedRelatedPHIDs',
|
'feedRelatedPHIDs',
|
||||||
'feedShouldPublish',
|
'feedShouldPublish',
|
||||||
'mailShouldSend',
|
'mailShouldSend',
|
||||||
|
'mustEncrypt',
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue