hkp: welcome email on upload of previously unknown key
This commit is contained in:
parent
f38a530ae9
commit
9a71103fe7
|
@ -0,0 +1,27 @@
|
|||
<!doctype html>
|
||||
<html lang=en>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Your key upload on {{domain}}</title>
|
||||
</head>
|
||||
<body>
|
||||
<p>
|
||||
Hi,
|
||||
<p>
|
||||
this is an automated message from <a rel="nofollow" href="{{base_uri}}" style="text-decoration:none; color: #333"><tt>{{domain}}</tt></a>. If you didn't
|
||||
upload your key there, please ignore it.
|
||||
<p>
|
||||
OpenPGP key: <tt>{{primary_fp}}</tt>
|
||||
<p>
|
||||
This key was just uploaded for the first time, and is now published without
|
||||
identity information. If you want to allow others to find this key by e-mail
|
||||
address, please follow this link:
|
||||
<p>
|
||||
<a href="{{uri}}">{{uri}}</a>
|
||||
<p>
|
||||
You can find more info at <a href="{{base_uri}}/about">{{domain}}/about</a>.
|
||||
<p>
|
||||
Greetings from the <a rel="nofollow" href="{{base_uri}}" style="text-decoration:none; color: #333"><tt>keys.openpgp.org</tt></a> team
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
Hi,
|
||||
|
||||
this is an automated message from {{domain}}. If you didn't upload your key
|
||||
there, please ignore it.
|
||||
|
||||
OpenPGP key: {{primary_fp}}
|
||||
|
||||
This key was just uploaded for the first time, and is now published without
|
||||
identity information. If you want to allow others to find this key by e-mail
|
||||
address, please follow this link:
|
||||
|
||||
{{uri}}
|
||||
|
||||
You can find more info at {{base_uri}}/about
|
||||
|
||||
Greetings from the keys.openpgp.org team
|
26
src/mail.rs
26
src/mail.rs
|
@ -28,6 +28,14 @@ mod context {
|
|||
pub base_uri: String,
|
||||
pub domain: String,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Clone)]
|
||||
pub struct Welcome {
|
||||
pub primary_fp: String,
|
||||
pub uri: String,
|
||||
pub base_uri: String,
|
||||
pub domain: String,
|
||||
}
|
||||
}
|
||||
|
||||
pub struct Service {
|
||||
|
@ -107,6 +115,24 @@ impl Service {
|
|||
)
|
||||
}
|
||||
|
||||
pub fn send_welcome(&self, base_uri: &str, tpk_name: String, userid: &Email,
|
||||
token: &str)
|
||||
-> Result<()> {
|
||||
let ctx = context::Welcome {
|
||||
primary_fp: tpk_name,
|
||||
uri: format!("{}/upload/{}", base_uri, token),
|
||||
base_uri: base_uri.to_owned(),
|
||||
domain: self.domain.clone(),
|
||||
};
|
||||
|
||||
self.send(
|
||||
&vec![userid],
|
||||
&format!("Your key upload on {}", self.domain),
|
||||
"welcome",
|
||||
ctx,
|
||||
)
|
||||
}
|
||||
|
||||
fn send<T>(&self, to: &[&Email], subject: &str, template: &str, ctx: T)
|
||||
-> Result<()>
|
||||
where T: Serialize + Clone,
|
||||
|
|
|
@ -14,7 +14,9 @@ use rate_limiter::RateLimiter;
|
|||
use tokens;
|
||||
|
||||
use web;
|
||||
use mail;
|
||||
use web::{HagridState, RequestOrigin, MyResponse, vks_web};
|
||||
use web::vks::response::UploadResponse;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum Hkp {
|
||||
|
@ -128,18 +130,41 @@ pub fn pks_add_form(
|
|||
db: rocket::State<KeyDatabase>,
|
||||
tokens_stateless: rocket::State<tokens::Service>,
|
||||
rate_limiter: rocket::State<RateLimiter>,
|
||||
cont_type: &ContentType,
|
||||
mail_service: rocket::State<mail::Service>,
|
||||
data: Data,
|
||||
) -> MyResponse {
|
||||
match vks_web::process_post_form_data(db, tokens_stateless, rate_limiter, cont_type, data) {
|
||||
match vks_web::process_post_form(db, tokens_stateless, rate_limiter, data) {
|
||||
Ok(UploadResponse::Ok { is_new_key, key_fpr, primary_uid, token, .. }) => {
|
||||
let msg = if is_new_key && send_welcome_mail(&request_origin, &mail_service, key_fpr, primary_uid, token) {
|
||||
"Upload successful. This is a new key, a welcome mail has been sent!".to_owned()
|
||||
} else {
|
||||
format!("Upload successful. Note that identity information will only be published after verification! see {}/about/usage#gnupg-upload", request_origin.get_base_uri())
|
||||
};
|
||||
MyResponse::plain(msg)
|
||||
}
|
||||
Ok(_) => {
|
||||
let msg = format!("Upload successful. Note that identity information will only be published with verification! see {}/about/usage#gnupg-upload", request_origin.get_base_uri());
|
||||
let msg = format!("Upload successful. Note that identity information will only be published after verification! see {}/about/usage#gnupg-upload", request_origin.get_base_uri());
|
||||
MyResponse::plain(msg)
|
||||
}
|
||||
Err(err) => MyResponse::ise(err),
|
||||
}
|
||||
}
|
||||
|
||||
fn send_welcome_mail(
|
||||
request_origin: &RequestOrigin,
|
||||
mail_service: &mail::Service,
|
||||
fpr: String,
|
||||
primary_uid: Option<Email>,
|
||||
token: String,
|
||||
) -> bool {
|
||||
if let Some(primary_uid) = primary_uid {
|
||||
mail_service.send_welcome(
|
||||
request_origin.get_base_uri(), fpr, &primary_uid, &token).is_ok()
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
||||
#[get("/pks/lookup")]
|
||||
pub fn pks_lookup(state: rocket::State<HagridState>,
|
||||
db: rocket::State<KeyDatabase>,
|
||||
|
@ -307,9 +332,9 @@ mod tests {
|
|||
let body = response.body_string().unwrap();
|
||||
eprintln!("response: {}", body);
|
||||
|
||||
// Check that we do not get a confirmation mail.
|
||||
let confirm_mail = pop_mail(filemail_into.as_path()).unwrap();
|
||||
assert!(confirm_mail.is_none());
|
||||
// Check that we get a welcome mail
|
||||
let welcome_mail = pop_mail(filemail_into.as_path()).unwrap();
|
||||
assert!(welcome_mail.is_some());
|
||||
|
||||
// We should not be able to look it up by email address.
|
||||
check_null_responses_by_email(&client, "foo@invalid.example.com");
|
||||
|
@ -321,6 +346,16 @@ mod tests {
|
|||
// And check that we can see the human-readable result page.
|
||||
check_hr_responses_by_fingerprint(&client, &tpk, 0);
|
||||
|
||||
// Upload the same key again, make sure the welcome mail is not sent again
|
||||
let mut response = client.post("/pks/add")
|
||||
.body(post_data.as_bytes())
|
||||
.header(ContentType::Form)
|
||||
.dispatch();
|
||||
assert_eq!(response.status(), Status::Ok);
|
||||
|
||||
let welcome_mail = pop_mail(filemail_into.as_path()).unwrap();
|
||||
assert!(welcome_mail.is_none());
|
||||
|
||||
assert_consistency(client.rocket());
|
||||
}
|
||||
|
||||
|
@ -357,8 +392,11 @@ mod tests {
|
|||
.header(ContentType::Form)
|
||||
.dispatch();
|
||||
assert_eq!(response.status(), Status::Ok);
|
||||
let confirm_mail = pop_mail(filemail_into.as_path()).unwrap();
|
||||
assert!(confirm_mail.is_none());
|
||||
|
||||
// Check that there is no welcome mail (since we uploaded two)
|
||||
let welcome_mail = pop_mail(filemail_into.as_path()).unwrap();
|
||||
assert!(welcome_mail.is_none());
|
||||
|
||||
check_mr_responses_by_fingerprint(&client, &tpk_0, 0);
|
||||
check_mr_responses_by_fingerprint(&client, &tpk_1, 0);
|
||||
check_hr_responses_by_fingerprint(&client, &tpk_0, 0);
|
||||
|
|
|
@ -455,12 +455,16 @@ fn configure_mail_service(config: &Config) -> Result<mail::Service> {
|
|||
let verify_txt = template_dir.join("email/publish-txt.hbs");
|
||||
let manage_html = template_dir.join("email/manage-html.hbs");
|
||||
let manage_txt = template_dir.join("email/manage-txt.hbs");
|
||||
let welcome_html = template_dir.join("email/welcome-html.hbs");
|
||||
let welcome_txt = template_dir.join("email/welcome-txt.hbs");
|
||||
|
||||
let mut handlebars = Handlebars::new();
|
||||
handlebars.register_template_file("verify-html", verify_html)?;
|
||||
handlebars.register_template_file("verify-txt", verify_txt)?;
|
||||
handlebars.register_template_file("manage-html", manage_html)?;
|
||||
handlebars.register_template_file("manage-txt", manage_txt)?;
|
||||
handlebars.register_template_file("welcome-html", welcome_html)?;
|
||||
handlebars.register_template_file("welcome-txt", welcome_txt)?;
|
||||
|
||||
let filemail_into = config.get_str("filemail_into")
|
||||
.ok().map(|p| PathBuf::from(p));
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use failure::Fallible as Result;
|
||||
|
||||
use database::{Database, KeyDatabase, StatefulTokens, EmailAddressStatus, TpkStatus};
|
||||
use database::{Database, KeyDatabase, StatefulTokens, EmailAddressStatus, TpkStatus, ImportResult};
|
||||
use database::types::{Fingerprint,Email};
|
||||
use mail;
|
||||
use tokens::{self, StatelessSerializable};
|
||||
|
@ -29,6 +29,8 @@ pub mod request {
|
|||
}
|
||||
|
||||
pub mod response {
|
||||
use database::types::Email;
|
||||
|
||||
#[derive(Debug,Serialize,Deserialize,PartialEq,Eq)]
|
||||
pub enum EmailStatus {
|
||||
#[serde(rename = "unpublished")]
|
||||
|
@ -50,6 +52,8 @@ pub mod response {
|
|||
is_revoked: bool,
|
||||
status: HashMap<String,EmailStatus>,
|
||||
count_unparsed: usize,
|
||||
is_new_key: bool,
|
||||
primary_uid: Option<Email>,
|
||||
},
|
||||
OkMulti { key_fprs: Vec<String> },
|
||||
Error(String),
|
||||
|
@ -144,8 +148,10 @@ fn process_key_single(
|
|||
) -> response::UploadResponse {
|
||||
let fp = Fingerprint::try_from(tpk.fingerprint()).unwrap();
|
||||
|
||||
let tpk_status = match db.merge(tpk) {
|
||||
Ok(import_result) => import_result.into_tpk_status(),
|
||||
let (tpk_status, is_new_key) = match db.merge(tpk) {
|
||||
Ok(ImportResult::New(tpk_status)) => (tpk_status, true),
|
||||
Ok(ImportResult::Updated(tpk_status)) => (tpk_status, false),
|
||||
Ok(ImportResult::Unchanged(tpk_status)) => (tpk_status, false),
|
||||
Err(_) => return UploadResponse::err(&format!(
|
||||
"Something went wrong processing key {}", fp)),
|
||||
};
|
||||
|
@ -163,7 +169,7 @@ fn process_key_single(
|
|||
|
||||
let token = tokens_stateless.create(&verify_state);
|
||||
|
||||
show_upload_verify(rate_limiter, token, tpk_status, verify_state)
|
||||
show_upload_verify(rate_limiter, token, tpk_status, verify_state, is_new_key)
|
||||
}
|
||||
|
||||
pub fn request_verify(
|
||||
|
@ -183,7 +189,7 @@ pub fn request_verify(
|
|||
|
||||
if tpk_status.is_revoked {
|
||||
return show_upload_verify(
|
||||
&rate_limiter, token, tpk_status, verify_state);
|
||||
&rate_limiter, token, tpk_status, verify_state, false);
|
||||
}
|
||||
|
||||
let emails_requested: Vec<_> = addresses.into_iter()
|
||||
|
@ -205,7 +211,7 @@ pub fn request_verify(
|
|||
}
|
||||
}
|
||||
|
||||
show_upload_verify(&rate_limiter, token, tpk_status, verify_state)
|
||||
show_upload_verify(&rate_limiter, token, tpk_status, verify_state, false)
|
||||
}
|
||||
|
||||
fn check_tpk_state(
|
||||
|
@ -270,10 +276,19 @@ fn show_upload_verify(
|
|||
token: String,
|
||||
tpk_status: TpkStatus,
|
||||
verify_state: VerifyTpkState,
|
||||
is_new_key: bool,
|
||||
) -> response::UploadResponse {
|
||||
let key_fpr = verify_state.fpr.to_string();
|
||||
if tpk_status.is_revoked {
|
||||
return response::UploadResponse::Ok { token, key_fpr, count_unparsed: 0, is_revoked: true, status: HashMap::new() };
|
||||
return response::UploadResponse::Ok {
|
||||
token,
|
||||
key_fpr,
|
||||
count_unparsed: 0,
|
||||
is_revoked: true,
|
||||
status: HashMap::new(),
|
||||
is_new_key: false,
|
||||
primary_uid: None,
|
||||
};
|
||||
}
|
||||
|
||||
let status: HashMap<_,_> = tpk_status.email_status
|
||||
|
@ -292,8 +307,12 @@ fn show_upload_verify(
|
|||
}
|
||||
})
|
||||
.collect();
|
||||
let primary_uid = tpk_status.email_status
|
||||
.get(0)
|
||||
.map(|(email, _)| email)
|
||||
.cloned();
|
||||
|
||||
let count_unparsed = tpk_status.unparsed_uids;
|
||||
|
||||
response::UploadResponse::Ok { token, key_fpr, count_unparsed, is_revoked: false, status }
|
||||
response::UploadResponse::Ok { token, key_fpr, count_unparsed, is_revoked: false, status, is_new_key, primary_uid }
|
||||
}
|
||||
|
|
|
@ -120,7 +120,7 @@ impl MyResponse {
|
|||
|
||||
fn upload_response(response: UploadResponse) -> Self {
|
||||
match response {
|
||||
UploadResponse::Ok { token, key_fpr, is_revoked, count_unparsed, status } =>
|
||||
UploadResponse::Ok { token, key_fpr, is_revoked, count_unparsed, status, .. } =>
|
||||
Self::upload_ok(token, key_fpr, is_revoked, count_unparsed, status),
|
||||
UploadResponse::OkMulti { key_fprs } =>
|
||||
Self::upload_ok_multi(key_fprs),
|
||||
|
|
Loading…
Reference in New Issue