Add handling for message reply via email

If the reply_email_domain configuration is set the messages plugin will use unique Reply-To addresses for every email. They contain enough information to reconstruct the message context and a hash to avoid user forgery and spam. A mail transfer agent must be configured to call the new rake task foodsoft:parse_reply_email for incoming mails. The rake task requires the receipt of the mail in the RECIPIENT variable and the raw message via standard input. An example invocation would look like: rake foodsoft:parse_reply_email RECIPIENT=f.1.1.HASH < test.eml
2016-02-26 14:42:16 +01:00 · 2016-02-26 14:42:16 +01:00 · 4e35e2d58e
commit 4e35e2d58e
parent 6b32d0c960
11 changed files with 135 additions and 11 deletions
--- a/plugins/messages/app/mailers/messages_mailer.rb
+++ b/plugins/messages/app/mailers/messages_mailer.rb
@ -4,9 +4,17 @@ class MessagesMailer < Mailer
    set_foodcoop_scope
    @message = message

+    reply_email_domain = FoodsoftConfig[:reply_email_domain]
+    if reply_email_domain
+      hash = message.mail_hash_for_user recipient
+      reply_to = "Foodsoft <#{FoodsoftConfig.scope}.#{message.id}.#{recipient.id}.#{hash}@#{reply_email_domain}>"
+    else
+      reply_to = "#{show_user(message.sender)} <#{message.sender.email}>"
+    end
+
    mail subject: "[#{FoodsoftConfig[:name]}] " + message.subject,
         to: recipient.email,
         from: "#{show_user(message.sender)} via Foodsoft <#{FoodsoftConfig[:email_sender]}>",
-         reply_to: "#{show_user(message.sender)} <#{message.sender.email}>"
+         reply_to: reply_to
  end
 end
--- a/plugins/messages/app/models/message.rb
+++ b/plugins/messages/app/models/message.rb
@ -1,3 +1,5 @@
+require "base32"
+
 class Message < ActiveRecord::Base
  belongs_to :sender, :class_name => "User", :foreign_key => "sender_id"
  belongs_to :group, :class_name => "Group", :foreign_key => "group_id"
@ -23,6 +25,7 @@ class Message < ActiveRecord::Base
  validates_length_of :subject, :in => 1..255
  validates_inclusion_of :email_state, :in => EMAIL_STATE.values

+  before_create :create_salt
  before_validation :clean_up_recipient_ids, :on => :create

  def self.deliver(message_id)
@ -61,8 +64,18 @@ class Message < ActiveRecord::Base
    add_recipients([user])
  end

+  def mail_hash_for_user(user)
+    digest = Digest::SHA1.new
+    digest.update self.id.to_s
+    digest.update ":"
+    digest.update salt
+    digest.update ":"
+    digest.update user.id.to_s
+    Base32.encode digest.digest
+  end
+
  # Returns true if this message is a system message, i.e. was sent automatically by Foodsoft itself.
-  def system_message?    
+  def system_message?
    self.sender_id.nil?
  end

@ -94,6 +107,10 @@ class Message < ActiveRecord::Base
  def is_readable_for?(user)
    !private || sender == user || recipients_ids.include?(user.id)
  end
+
+  private
+
+  def create_salt
+    self.salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp
+  end
 end
-
-