jro_apps/redmine Commit - r2908:cc684803bac9

Ignore emails received from the application emission address to avoid hell cycles (#4139)....

Jean-Philippe Lang -

r2908:cc684803bac9

parent child

Context file:

r2908:cc684803bac9

Collapse all files

test/fixtures/mail_handler/ticket_from_emission_address.eml created 644 +19 0

@@ -0,0 +1,19
	1	Return-Path: <redmine@somenet.foo>
	2	Received: from osiris ([127.0.0.1])
	3	by OSIRIS
	4	with hMailServer ; Sun, 22 Jun 2008 12:28:07 +0200
	5	Message-ID: <000501c8d452$a95cd7e0$0a00a8c0@osiris>
	6	From: "John Doe" <Redmine@example.net>
	7	To: <redmine@somenet.foo>
	8	Subject: Ticket with the Redmine emission address
	9	Date: Sun, 22 Jun 2008 12:28:07 +0200
	10	MIME-Version: 1.0
	11	Content-Type: text/plain;
	12	format=flowed;
	13	charset="iso-8859-1";
	14	reply-type=original
	15	Content-Transfer-Encoding: 7bit
	16
	17	This is a ticket submitted with the Redmine emission address.
	18	It should be ignored.
	19

app/models/mail_handler.rb +9 -3

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class MailHandler < ActionMailer::Base
               include ActionView::Helpers::SanitizeHelper
               class UnauthorizedAction < StandardError; end
               class MissingInformation < StandardError; end
               attr_reader :email, :user
               def self.receive(email, options={})
                 @@handler_options = options.dup
                 @@handler_options[:issue] ||= {}
                 @@handler_options[:allow_override] = @@handler_options[:allow_override].split(',').collect(&:strip) if @@handler_options[:allow_override].is_a?(String)
                 @@handler_options[:allow_override] ||= []
                 # Project needs to be overridable if not specified
                 @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
                 # Status overridable by default
                 @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)
                 super email
               end
               # Processes incoming emails
               # Returns the created object (eg. an issue, a message) or false
               def receive(email)
                 @email = email
-                @user = User.find_by_mail(email.from.to_a.first.to_s.strip)
+                sender_email = email.from.to_a.first.to_s.strip
+                # Ignore emails received from the application emission address to avoid hell cycles
+                if sender_email.downcase == Setting.mail_from.to_s.strip.downcase
+                  logger.info  "MailHandler: ignoring email from Redmine emission address [#{sender_email}]" if logger && logger.info
+                  return false
+                end
+                @user = User.find_by_mail(sender_email)
                 if @user && !@user.active?
                   logger.info  "MailHandler: ignoring email from non-active user [#{@user.login}]" if logger && logger.info
                   return false
                 end
                 if @user.nil?
                   # Email was submitted by an unknown user
                   case @@handler_options[:unknown_user]
                   when 'accept'
                     @user = User.anonymous
                   when 'create'
                     @user = MailHandler.create_user_from_email(email)
                     if @user
                       logger.info "MailHandler: [#{@user.login}] account created" if logger && logger.info
                       Mailer.deliver_account_information(@user, @user.password)
                     else
-                      logger.error "MailHandler: could not create account for [#{email.from.first}]" if logger && logger.error
+                      logger.error "MailHandler: could not create account for [#{sender_email}]" if logger && logger.error
                       return false
                     end
                   else
                     # Default behaviour, emails from unknown users are ignored
-                    logger.info  "MailHandler: ignoring email from unknown user [#{email.from.first}]" if logger && logger.info
+                    logger.info  "MailHandler: ignoring email from unknown user [#{sender_email}]" if logger && logger.info
                     return false
                   end
                 end
                 User.current = @user
                 dispatch
               end
               private
               MESSAGE_ID_RE = %r{^<redmine\.([a-z0-9_]+)\-(\d+)\.\d+@}
               ISSUE_REPLY_SUBJECT_RE = %r{\[[^\]]+#(\d+)\]}
               MESSAGE_REPLY_SUBJECT_RE = %r{\[[^\]]+msg(\d+)\]}
               def dispatch
                 headers = [email.in_reply_to, email.references].flatten.compact
                 if headers.detect {|h| h.to_s =~ MESSAGE_ID_RE}
                   klass, object_id = $1, $2.to_i
                   method_name = "receive_#{klass}_reply"
                   if self.class.private_instance_methods.collect(&:to_s).include?(method_name)
                     send method_name, object_id
                   else
                     # ignoring it
                   end
                 elsif m = email.subject.match(ISSUE_REPLY_SUBJECT_RE)
                   receive_issue_reply(m[1].to_i)
                 elsif m = email.subject.match(MESSAGE_REPLY_SUBJECT_RE)
                   receive_message_reply(m[1].to_i)
                 else
                   receive_issue
                 end
               rescue ActiveRecord::RecordInvalid => e
                 # TODO: send a email to the user
                 logger.error e.message if logger
                 false
               rescue MissingInformation => e
                 logger.error "MailHandler: missing information from #{user}: #{e.message}" if logger
                 false
               rescue UnauthorizedAction => e
                 logger.error "MailHandler: unauthorized attempt from #{user}" if logger
                 false
               end
               # Creates a new issue
               def receive_issue
                 project = target_project
                 tracker = (get_keyword(:tracker) && project.trackers.find_by_name(get_keyword(:tracker))) || project.trackers.find(:first)
                 category = (get_keyword(:category) && project.issue_categories.find_by_name(get_keyword(:category)))
                 priority = (get_keyword(:priority) && IssuePriority.find_by_name(get_keyword(:priority)))
                 status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
                 # check permission
                 raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
                 issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
                 # check workflow
                 if status && issue.new_statuses_allowed_to(user).include?(status)
                   issue.status = status
                 end
                 issue.subject = email.subject.chomp
                 issue.subject = issue.subject.toutf8 if issue.subject.respond_to?(:toutf8)
                 if issue.subject.blank?
                   issue.subject = '(no subject)'
                 end
                 issue.description = plain_text_body
                 # custom fields
                 issue.custom_field_values = issue.available_custom_fields.inject({}) do |h, c|
                   if value = get_keyword(c.name, :override => true)
                     h[c.id] = value
                   end
                   h
                 end
                 # add To and Cc as watchers before saving so the watchers can reply to Redmine
                 add_watchers(issue)
                 issue.save!
                 add_attachments(issue)
                 logger.info "MailHandler: issue ##{issue.id} created by #{user}" if logger && logger.info
                 issue
               end
               def target_project
                 # TODO: other ways to specify project:
                 # * parse the email To field
                 # * specific project (eg. Setting.mail_handler_target_project)
                 target = Project.find_by_identifier(get_keyword(:project))
                 raise MissingInformation.new('Unable to determine target project') if target.nil?
                 target
               end
               # Adds a note to an existing issue
               def receive_issue_reply(issue_id)
                 status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
                 issue = Issue.find_by_id(issue_id)
                 return unless issue
                 # check permission
                 raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
                 raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
                 # add the note
                 journal = issue.init_journal(user, plain_text_body)
                 add_attachments(issue)
                 # check workflow
                 if status && issue.new_statuses_allowed_to(user).include?(status)
                   issue.status = status
                 end
                 issue.save!
                 logger.info "MailHandler: issue ##{issue.id} updated by #{user}" if logger && logger.info
                 journal
               end
               # Reply will be added to the issue
               def receive_journal_reply(journal_id)
                 journal = Journal.find_by_id(journal_id)
                 if journal && journal.journalized_type == 'Issue'
                   receive_issue_reply(journal.journalized_id)
                 end
               end
               # Receives a reply to a forum message
               def receive_message_reply(message_id)
                 message = Message.find_by_id(message_id)
                 if message
                   message = message.root
                   if user.allowed_to?(:add_messages, message.project) && !message.locked?
                     reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
                                         :content => plain_text_body)
                     reply.author = user
                     reply.board = message.board
                     message.children << reply
                     add_attachments(reply)
                     reply
                   else
                     raise UnauthorizedAction
                   end
                 end
               end
               def add_attachments(obj)
                 if email.has_attachments?
                   email.attachments.each do |attachment|
                     Attachment.create(:container => obj,
                                       :file => attachment,
                                       :author => user,
                                       :content_type => attachment.content_type)
                   end
                 end
               end
               # Adds To and Cc as watchers of the given object if the sender has the
               # appropriate permission
               def add_watchers(obj)
                 if user.allowed_to?("add_#{obj.class.name.underscore}_watchers".to_sym, obj.project)
                   addresses = [email.to, email.cc].flatten.compact.uniq.collect {|a| a.strip.downcase}
                   unless addresses.empty?
                     watchers = User.active.find(:all, :conditions => ['LOWER(mail) IN (?)', addresses])
                     watchers.each {|w| obj.add_watcher(w)}
                   end
                 end
               end
               def get_keyword(attr, options={})
                 @keywords ||= {}
                 if @keywords.has_key?(attr)
                   @keywords[attr]
                 else
                   @keywords[attr] = begin
                     if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr}[ \t]*:[ \t]*(.+)\s*$/i, '')
                       $1.strip
                     elsif !@@handler_options[:issue][attr].blank?
                       @@handler_options[:issue][attr]
                     end
                   end
                 end
               end
               # Returns the text/plain part of the email
               # If not found (eg. HTML-only email), returns the body with tags removed
               def plain_text_body
                 return @plain_text_body unless @plain_text_body.nil?
                 parts = @email.parts.collect {|c| (c.respond_to?(:parts) && !c.parts.empty?) ? c.parts : c}.flatten
                 if parts.empty?
                   parts << @email
                 end
                 plain_text_part = parts.detect {|p| p.content_type == 'text/plain'}
                 if plain_text_part.nil?
                   # no text/plain part found, assuming html-only email
                   # strip html tags and remove doctype directive
                   @plain_text_body = strip_tags(@email.body.to_s)
                   @plain_text_body.gsub! %r{^<!DOCTYPE .*$}, ''
                 else
                   @plain_text_body = plain_text_part.body.to_s
                 end
                 @plain_text_body.strip!
                 @plain_text_body
               end
               def self.full_sanitizer
                 @full_sanitizer ||= HTML::FullSanitizer.new
               end
               # Creates a user account for the +email+ sender
               def self.create_user_from_email(email)
                 addr = email.from_addrs.to_a.first
                 if addr && !addr.spec.blank?
                   user = User.new
                   user.mail = addr.spec
                   names = addr.name.blank? ? addr.spec.gsub(/@.*$/, '').split('.') : addr.name.split
                   user.firstname = names.shift
                   user.lastname = names.join(' ')
                   user.lastname = '-' if user.lastname.blank?
                   user.login = user.mail
                   user.password = ActiveSupport::SecureRandom.hex(5)
                   user.language = Setting.default_language
                   user.save ? user : nil
                 end
               end
             end

test/unit/mail_handler_test.rb +7 0

             # Redmine - project management software
             # Copyright (C) 2006-2009  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class MailHandlerTest < ActiveSupport::TestCase
               fixtures :users, :projects,
                                :enabled_modules,
                                :roles,
                                :members,
                                :member_roles,
                                :issues,
                                :issue_statuses,
                                :workflows,
                                :trackers,
                                :projects_trackers,
                                :enumerations,
                                :issue_categories,
                                :custom_fields,
                                :custom_fields_trackers,
                                :boards,
                                :messages
               FIXTURES_PATH = File.dirname(__FILE__) + '/../fixtures/mail_handler'
               def setup
                 ActionMailer::Base.deliveries.clear
               end
               def test_add_issue
                 # This email contains: 'Project: onlinestore'
                 issue = submit_email('ticket_on_given_project.eml')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal IssueStatus.find_by_name('Resolved'), issue.status
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
                 # keywords should be removed from the email body
                 assert !issue.description.match(/^Project:/i)
                 assert !issue.description.match(/^Status:/i)
               end
               def test_add_issue_with_status
                 # This email contains: 'Project: onlinestore' and 'Status: Resolved'
                 issue = submit_email('ticket_on_given_project.eml')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal Project.find(2), issue.project
                 assert_equal IssueStatus.find_by_name("Resolved"), issue.status
               end
               def test_add_issue_with_attributes_override
                 issue = submit_email('ticket_with_attributes.eml', :allow_override => 'tracker,category,priority')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'Feature request', issue.tracker.to_s
                 assert_equal 'Stock management', issue.category.to_s
                 assert_equal 'Urgent', issue.priority.to_s
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
               end
               def test_add_issue_with_partial_attributes_override
                 issue = submit_email('ticket_with_attributes.eml', :issue => {:priority => 'High'}, :allow_override => ['tracker'])
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'Feature request', issue.tracker.to_s
                 assert_nil issue.category
                 assert_equal 'High', issue.priority.to_s
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
               end
               def test_add_issue_with_spaces_between_attribute_and_separator
                 issue = submit_email('ticket_with_spaces_between_attribute_and_separator.eml', :allow_override => 'tracker,category,priority')
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket on a given project', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'Feature request', issue.tracker.to_s
                 assert_equal 'Stock management', issue.category.to_s
                 assert_equal 'Urgent', issue.priority.to_s
                 assert issue.description.include?('Lorem ipsum dolor sit amet, consectetuer adipiscing elit.')
               end
               def test_add_issue_with_attachment_to_specific_project
                 issue = submit_email('ticket_with_attachment.eml', :issue => {:project => 'onlinestore'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'Ticket created by email with attachment', issue.subject
                 assert_equal User.find_by_login('jsmith'), issue.author
                 assert_equal Project.find(2), issue.project
                 assert_equal 'This is  a new ticket with attachments', issue.description
                 # Attachment properties
                 assert_equal 1, issue.attachments.size
                 assert_equal 'Paella.jpg', issue.attachments.first.filename
                 assert_equal 'image/jpeg', issue.attachments.first.content_type
                 assert_equal 10790, issue.attachments.first.filesize
               end
               def test_add_issue_with_custom_fields
                 issue = submit_email('ticket_with_custom_fields.eml', :issue => {:project => 'onlinestore'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'New ticket with custom field values', issue.subject
                 assert_equal 'Value for a custom field', issue.custom_value_for(CustomField.find_by_name('Searchable field')).value
                 assert !issue.description.match(/^searchable field:/i)
               end
               def test_add_issue_with_cc
                 issue = submit_email('ticket_with_cc.eml', :issue => {:project => 'ecookbook'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert issue.watched_by?(User.find_by_mail('dlopper@somenet.foo'))
                 assert_equal 1, issue.watchers.size
               end
               def test_add_issue_by_unknown_user
                 assert_no_difference 'User.count' do
                   assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'ecookbook'})
                 end
               end
               def test_add_issue_by_anonymous_user
                 Role.anonymous.add_permission!(:add_issues)
                 assert_no_difference 'User.count' do
                   issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'ecookbook'}, :unknown_user => 'accept')
                   assert issue.is_a?(Issue)
                   assert issue.author.anonymous?
                 end
               end
               def test_add_issue_by_created_user
                 Setting.default_language = 'en'
                 assert_difference 'User.count' do
                   issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'ecookbook'}, :unknown_user => 'create')
                   assert issue.is_a?(Issue)
                   assert issue.author.active?
                   assert_equal 'john.doe@somenet.foo', issue.author.mail
                   assert_equal 'John', issue.author.firstname
                   assert_equal 'Doe', issue.author.lastname
                   # account information
                   email = ActionMailer::Base.deliveries.first
                   assert_not_nil email
                   assert email.subject.include?('account activation')
                   login = email.body.match(/\* Login: (.*)$/)[1]
                   password = email.body.match(/\* Password: (.*)$/)[1]
                   assert_equal issue.author, User.try_to_login(login, password)
                 end
               end
               def test_add_issue_without_from_header
                 Role.anonymous.add_permission!(:add_issues)
                 assert_equal false, submit_email('ticket_without_from_header.eml')
               end
+              def test_should_ignore_emails_from_emission_address
+                Role.anonymous.add_permission!(:add_issues)
+                assert_no_difference 'User.count' do
+                  assert_equal false, submit_email('ticket_from_emission_address.eml', :issue => {:project => 'ecookbook'}, :unknown_user => 'create')
+                end
+              end
               def test_add_issue_should_send_email_notification
                 ActionMailer::Base.deliveries.clear
                 # This email contains: 'Project: onlinestore'
                 issue = submit_email('ticket_on_given_project.eml')
                 assert issue.is_a?(Issue)
                 assert_equal 1, ActionMailer::Base.deliveries.size
               end
               def test_add_issue_note
                 journal = submit_email('ticket_reply.eml')
                 assert journal.is_a?(Journal)
                 assert_equal User.find_by_login('jsmith'), journal.user
                 assert_equal Issue.find(2), journal.journalized
                 assert_match /This is reply/, journal.notes
               end
               def test_add_issue_note_with_status_change
                 # This email contains: 'Status: Resolved'
                 journal = submit_email('ticket_reply_with_status.eml')
                 assert journal.is_a?(Journal)
                 issue = Issue.find(journal.issue.id)
                 assert_equal User.find_by_login('jsmith'), journal.user
                 assert_equal Issue.find(2), journal.journalized
                 assert_match /This is reply/, journal.notes
                 assert_equal IssueStatus.find_by_name("Resolved"), issue.status
               end
               def test_add_issue_note_should_send_email_notification
                 ActionMailer::Base.deliveries.clear
                 journal = submit_email('ticket_reply.eml')
                 assert journal.is_a?(Journal)
                 assert_equal 1, ActionMailer::Base.deliveries.size
               end
               def test_reply_to_a_message
                 m = submit_email('message_reply.eml')
                 assert m.is_a?(Message)
                 assert !m.new_record?
                 m.reload
                 assert_equal 'Reply via email', m.subject
                 # The email replies to message #2 which is part of the thread of message #1
                 assert_equal Message.find(1), m.parent
               end
               def test_reply_to_a_message_by_subject
                 m = submit_email('message_reply_by_subject.eml')
                 assert m.is_a?(Message)
                 assert !m.new_record?
                 m.reload
                 assert_equal 'Reply to the first post', m.subject
                 assert_equal Message.find(1), m.parent
               end
               def test_should_strip_tags_of_html_only_emails
                 issue = submit_email('ticket_html_only.eml', :issue => {:project => 'ecookbook'})
                 assert issue.is_a?(Issue)
                 assert !issue.new_record?
                 issue.reload
                 assert_equal 'HTML email', issue.subject
                 assert_equal 'This is a html-only email.', issue.description
               end
               private
               def submit_email(filename, options={})
                 raw = IO.read(File.join(FIXTURES_PATH, filename))
                 MailHandler.receive(raw, options)
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages