mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 17:52:43 +01:00
4997b6bd02
Summary: Ref T12237. This tightens our delivery rules, which previously sent normal mail to unverified addresses: - We sent general mail to unverified addresses so that you wouldn't miss anything between the time you sign up (or have an account created) and the time you verify your address. This was imagined as a slight convenience for users. - We sent automatic reply mail to unverified addresses if they sent mail to us first, saying "we don't recognize that address". This was imagined as a convenience for users who accidentally send mail "From" the wrong address (personal vs work, for example). I think both behaviors are probably a little better for users on the balance, but not having mail providers randomly shut us off without warning is better for me, personally -- so stop doing this stuff. This creates a problem which we likely need to solve before the release is cut: - On installs which do not require mail verification, mail to you will now mostly-silently be dropped if you never bothered to verify your address. I'd like to solve this by adding some kind of per-user alert that says "We recently tried to send you some mail but you haven't verified your address.", and giving them links to verify the address and review the mail. I'll pursue this after restoring mail service to `secure.phabricator.com`. Test Plan: - Added a unit test. - Unverified my address, sent mail, saw it get dropped. - Reverified my address, sent mail, saw it go through. - Verified that important mail (password reset, invite, confirm-this-address) either uses "Force Delivery" (skips this check) or "Raw To Addresses" (also skips this check). - Verified that Phacility instance stuff is also covered: it uses the same invite flow. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12237 Differential Revision: https://secure.phabricator.com/D17329
166 lines
4.7 KiB
PHP
166 lines
4.7 KiB
PHP
<?php
|
|
|
|
final class PhabricatorMetaMTAActorQuery extends PhabricatorQuery {
|
|
|
|
private $phids = array();
|
|
private $viewer;
|
|
|
|
public function setViewer(PhabricatorUser $viewer) {
|
|
$this->viewer = $viewer;
|
|
return $this;
|
|
}
|
|
|
|
public function getViewer() {
|
|
return $this->viewer;
|
|
}
|
|
|
|
public function withPHIDs(array $phids) {
|
|
$this->phids = $phids;
|
|
return $this;
|
|
}
|
|
|
|
public function execute() {
|
|
$phids = array_fuse($this->phids);
|
|
$actors = array();
|
|
$type_map = array();
|
|
foreach ($phids as $phid) {
|
|
$type_map[phid_get_type($phid)][] = $phid;
|
|
$actors[$phid] = id(new PhabricatorMetaMTAActor())->setPHID($phid);
|
|
}
|
|
|
|
// TODO: Move this to PhabricatorPHIDType, or the objects, or some
|
|
// interface.
|
|
|
|
foreach ($type_map as $type => $phids) {
|
|
switch ($type) {
|
|
case PhabricatorPeopleUserPHIDType::TYPECONST:
|
|
$this->loadUserActors($actors, $phids);
|
|
break;
|
|
case PhabricatorPeopleExternalPHIDType::TYPECONST:
|
|
$this->loadExternalUserActors($actors, $phids);
|
|
break;
|
|
default:
|
|
$this->loadUnknownActors($actors, $phids);
|
|
break;
|
|
}
|
|
}
|
|
|
|
return $actors;
|
|
}
|
|
|
|
private function loadUserActors(array $actors, array $phids) {
|
|
assert_instances_of($actors, 'PhabricatorMetaMTAActor');
|
|
|
|
$emails = id(new PhabricatorUserEmail())->loadAllWhere(
|
|
'userPHID IN (%Ls) AND isPrimary = 1',
|
|
$phids);
|
|
$emails = mpull($emails, null, 'getUserPHID');
|
|
|
|
$users = id(new PhabricatorPeopleQuery())
|
|
->setViewer($this->getViewer())
|
|
->withPHIDs($phids)
|
|
->needUserSettings(true)
|
|
->execute();
|
|
$users = mpull($users, null, 'getPHID');
|
|
|
|
foreach ($phids as $phid) {
|
|
$actor = $actors[$phid];
|
|
|
|
$user = idx($users, $phid);
|
|
if (!$user) {
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_UNLOADABLE);
|
|
} else {
|
|
$actor->setName($this->getUserName($user));
|
|
if ($user->getIsDisabled()) {
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_DISABLED);
|
|
}
|
|
if ($user->getIsSystemAgent()) {
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_BOT);
|
|
}
|
|
|
|
// NOTE: We do send email to unapproved users, and to unverified users,
|
|
// because it would otherwise be impossible to get them to verify their
|
|
// email addresses. Possibly we should white-list this kind of mail and
|
|
// deny all other types of mail.
|
|
}
|
|
|
|
$email = idx($emails, $phid);
|
|
if (!$email) {
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_NO_ADDRESS);
|
|
} else {
|
|
$actor->setEmailAddress($email->getAddress());
|
|
$actor->setIsVerified($email->getIsVerified());
|
|
}
|
|
}
|
|
}
|
|
|
|
private function loadExternalUserActors(array $actors, array $phids) {
|
|
assert_instances_of($actors, 'PhabricatorMetaMTAActor');
|
|
|
|
$xusers = id(new PhabricatorExternalAccountQuery())
|
|
->setViewer($this->getViewer())
|
|
->withPHIDs($phids)
|
|
->execute();
|
|
$xusers = mpull($xusers, null, 'getPHID');
|
|
|
|
foreach ($phids as $phid) {
|
|
$actor = $actors[$phid];
|
|
|
|
$xuser = idx($xusers, $phid);
|
|
if (!$xuser) {
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_UNLOADABLE);
|
|
continue;
|
|
}
|
|
|
|
$actor->setName($xuser->getDisplayName());
|
|
|
|
if ($xuser->getAccountType() != 'email') {
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_EXTERNAL_TYPE);
|
|
continue;
|
|
}
|
|
|
|
$actor->setEmailAddress($xuser->getAccountID());
|
|
|
|
// NOTE: This effectively drops all outbound mail to unrecognized
|
|
// addresses unless "phabricator.allow-email-users" is set. See T12237
|
|
// for context.
|
|
$allow_key = 'phabricator.allow-email-users';
|
|
$allow_value = PhabricatorEnv::getEnvConfig($allow_key);
|
|
$actor->setIsVerified((bool)$allow_value);
|
|
}
|
|
}
|
|
|
|
|
|
private function loadUnknownActors(array $actors, array $phids) {
|
|
foreach ($phids as $phid) {
|
|
$actor = $actors[$phid];
|
|
$actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_UNMAILABLE);
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Small helper function to make sure we format the username properly as
|
|
* specified by the `metamta.user-address-format` configuration value.
|
|
*/
|
|
private function getUserName(PhabricatorUser $user) {
|
|
$format = PhabricatorEnv::getEnvConfig('metamta.user-address-format');
|
|
|
|
switch ($format) {
|
|
case 'short':
|
|
$name = $user->getUserName();
|
|
break;
|
|
case 'real':
|
|
$name = strlen($user->getRealName()) ?
|
|
$user->getRealName() : $user->getUserName();
|
|
break;
|
|
case 'full':
|
|
default:
|
|
$name = $user->getFullName();
|
|
break;
|
|
}
|
|
|
|
return $name;
|
|
}
|
|
|
|
}
|