Handle invalid pgp key (#1260)
* check invalid mailbox pgp key * check if public key is valid before trying with pgpy * fix query * remove unused code
This commit is contained in:
parent
f69c9583fb
commit
ae2cbf98e2
40
cron.py
40
cron.py
|
@ -68,6 +68,7 @@ from app.models import (
|
||||||
PartnerUser,
|
PartnerUser,
|
||||||
ApiToCookieToken,
|
ApiToCookieToken,
|
||||||
)
|
)
|
||||||
|
from app.pgp_utils import load_public_key_and_check, PGPException
|
||||||
from app.proton.utils import get_proton_partner
|
from app.proton.utils import get_proton_partner
|
||||||
from app.utils import sanitize_email
|
from app.utils import sanitize_email
|
||||||
from server import create_light_app
|
from server import create_light_app
|
||||||
|
@ -741,6 +742,9 @@ def sanity_check():
|
||||||
LOG.d("check mailbox valid domain")
|
LOG.d("check mailbox valid domain")
|
||||||
check_mailbox_valid_domain()
|
check_mailbox_valid_domain()
|
||||||
|
|
||||||
|
LOG.d("check mailbox valid PGP keys")
|
||||||
|
check_mailbox_valid_pgp_keys()
|
||||||
|
|
||||||
LOG.d(
|
LOG.d(
|
||||||
"""check if there's an email that starts with "\u200f" (right-to-left mark (RLM))"""
|
"""check if there's an email that starts with "\u200f" (right-to-left mark (RLM))"""
|
||||||
)
|
)
|
||||||
|
@ -765,7 +769,7 @@ def check_mailbox_valid_domain():
|
||||||
)
|
)
|
||||||
mailbox_ids = [e[0] for e in mailbox_ids]
|
mailbox_ids = [e[0] for e in mailbox_ids]
|
||||||
# iterate over id instead of mailbox directly
|
# iterate over id instead of mailbox directly
|
||||||
# as a mailbox can be deleted during the sleep time
|
# as a mailbox can be deleted in the meantime
|
||||||
for mailbox_id in mailbox_ids:
|
for mailbox_id in mailbox_ids:
|
||||||
mailbox = Mailbox.get(mailbox_id)
|
mailbox = Mailbox.get(mailbox_id)
|
||||||
# a mailbox has been deleted
|
# a mailbox has been deleted
|
||||||
|
@ -821,6 +825,40 @@ def check_mailbox_valid_domain():
|
||||||
Session.commit()
|
Session.commit()
|
||||||
|
|
||||||
|
|
||||||
|
def check_mailbox_valid_pgp_keys():
|
||||||
|
mailbox_ids = (
|
||||||
|
Session.query(Mailbox.id)
|
||||||
|
.filter(
|
||||||
|
Mailbox.verified.is_(True),
|
||||||
|
Mailbox.pgp_public_key.isnot(None),
|
||||||
|
Mailbox.disable_pgp.is_(False),
|
||||||
|
)
|
||||||
|
.all()
|
||||||
|
)
|
||||||
|
mailbox_ids = [e[0] for e in mailbox_ids]
|
||||||
|
# iterate over id instead of mailbox directly
|
||||||
|
# as a mailbox can be deleted in the meantime
|
||||||
|
for mailbox_id in mailbox_ids:
|
||||||
|
mailbox = Mailbox.get(mailbox_id)
|
||||||
|
# a mailbox has been deleted
|
||||||
|
if not mailbox:
|
||||||
|
continue
|
||||||
|
|
||||||
|
try:
|
||||||
|
load_public_key_and_check(mailbox.pgp_public_key)
|
||||||
|
except PGPException:
|
||||||
|
LOG.i(f"{mailbox} PGP key invalid")
|
||||||
|
send_email(
|
||||||
|
mailbox.user.email,
|
||||||
|
f"Mailbox {mailbox.email}'s PGP Key is invalid",
|
||||||
|
render(
|
||||||
|
"transactional/invalid-mailbox-pgp-key.txt.jinja2",
|
||||||
|
mailbox=mailbox,
|
||||||
|
),
|
||||||
|
retries=3,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def check_custom_domain():
|
def check_custom_domain():
|
||||||
LOG.d("Check verified domain for DNS issues")
|
LOG.d("Check verified domain for DNS issues")
|
||||||
|
|
||||||
|
|
|
@ -162,7 +162,12 @@ from app.models import (
|
||||||
Notification,
|
Notification,
|
||||||
VerpType,
|
VerpType,
|
||||||
)
|
)
|
||||||
from app.pgp_utils import PGPException, sign_data_with_pgpy, sign_data
|
from app.pgp_utils import (
|
||||||
|
PGPException,
|
||||||
|
sign_data_with_pgpy,
|
||||||
|
sign_data,
|
||||||
|
load_public_key_and_check,
|
||||||
|
)
|
||||||
from app.utils import sanitize_email
|
from app.utils import sanitize_email
|
||||||
from init_app import load_pgp_public_keys
|
from init_app import load_pgp_public_keys
|
||||||
from server import create_light_app
|
from server import create_light_app
|
||||||
|
@ -502,7 +507,12 @@ def prepare_pgp_message(
|
||||||
encrypted_data = pgp_utils.encrypt_file(BytesIO(msg_bytes), pgp_fingerprint)
|
encrypted_data = pgp_utils.encrypt_file(BytesIO(msg_bytes), pgp_fingerprint)
|
||||||
second.set_payload(encrypted_data)
|
second.set_payload(encrypted_data)
|
||||||
except PGPException:
|
except PGPException:
|
||||||
LOG.w("Cannot encrypt using python-gnupg, use pgpy")
|
LOG.w(
|
||||||
|
"Cannot encrypt using python-gnupg, check if public key is valid and try with pgpy"
|
||||||
|
)
|
||||||
|
# check if the public key is valid
|
||||||
|
load_public_key_and_check(public_key)
|
||||||
|
|
||||||
encrypted = pgp_utils.encrypt_file_with_pgpy(msg_bytes, public_key)
|
encrypted = pgp_utils.encrypt_file_with_pgpy(msg_bytes, public_key)
|
||||||
second.set_payload(str(encrypted))
|
second.set_payload(str(encrypted))
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
{% extends "base.txt.jinja2" %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
|
||||||
|
We have detected that your mailbox {{ mailbox.email }}'s PGP key is invalid.
|
||||||
|
|
||||||
|
A potential cause is the key is already expired.
|
||||||
|
|
||||||
|
Please update the key so forwarded emails can be properly encrypted.
|
||||||
|
|
||||||
|
{% endblock %}
|
Loading…
Reference in New Issue