1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-14 05:25:07 -05:00
Commit Graph

430 Commits

Author SHA1 Message Date
Joe Steele
daea7f1ecd Eliminate the 'if available' connection security options
These options originated in the AOSP email client from which K-9 Mail was
forked.  They provide an odd combination of 2 features:

1. Don't bother to authenticate the server's certificate (applies to both
SSL/TLS and STARTTLS); i.e., blindly accept all certificates.  This is
generally a bad security policy which is susceptible to MITM attacks.

2. If STARTTLS is selected but the server doesn't claim to support
STARTTLS, then proceed without using encryption.  This, too, is a bad
security policy which is susceptible to MITM attacks.

Since the time that K-9 Mail was forked, a couple things have changed:

> K-9 Mail has implemented the ability for users to review and permanently
accept individual certificates that would otherwise fail authentication.
With this ability, there is no need for a user to subject themselves to
the ongoing risks of feature 1. above.  Hence, this commit removes feature
1.

> The AOSP email client has changed its behavior and no longer permits a
security downgrade to an unencrypted connection if the server doesn't
claim to support STARTTLS (i.e., they eliminated feature 2. above). K-9
Mail should do the same.  It's unlikely that a server is going to provide
STARTTLS on an intermittent basis, so providing a contingency for such
unusual behavior is an unnecessary risk.  Hence, this commit removes that
feature as well.

Effect on existing users:

If the old connection security setting was "SSL/TLS (if available)" (which
now gets remapped to "SSL/TLS"), and the server does not provide a
certificate that can be authenticated, then a "Certificate error for
<account name>" notification is generated telling the user to check their
server settings.  Tapping the notification takes the user to the relevant
server settings, where the user can tap "Next" to review the certificate
and choose to permanently accept it.  This process would occur during the
first syncing of folders after application upgrade or (in the case of
SMTP) during the first attempt to send a message.

If the connection security setting was "STARTTLS (if available)" (which
now gets remapped to "STARTTLS"), and the server does not provide a
certificate that can be authenticated, then the same process as above
would occur.

If the old connection security setting was "STARTTLS (if available)", and
the server doesn't claim to support STARTTLS, then the user would get a
certificate error notification which would lead them to the server's
settings.  There they would need to choose a different connection security
-- most likely "NONE".  If they didn't change anything but instead just
tapped "Next", the server settings would be checked again and a dialog
would pop up saying, "Cannot connect to server. (STARTTLS connection
security not available)". (The implementation of notifications when
STARTTLS is not available is not actually included here -- it's in the
commit that follows.)

Regarding the changes to providers.xml:  in cases where the scheme ended
with "+ssl", the schemes were simply updated by appending "+".  In cases
where the scheme ended with "+tls", a check of the server was made to
assure that STARTTLS was available before appending "+" to the scheme.
Domains paran.com and nate.com failed the check and were removed because
no current information could be found.  Domains me.com and mac.com also
failed and were updated based on http://support.apple.com/kb/ht4864.
2014-03-03 17:23:00 -05:00
Joe Steele
540de158a0 Change the PLAIN auth. option text based on encryption
If the user chooses a connection security option which assures the use of
encryption, then the PLAIN auth. option is labeled "Normal password",
otherwise it is labeled "Password, transmitted insecurely".

This is similar to Thunderbird's behavior.
2014-02-25 15:22:44 -05:00
Joe Steele
f7d397ea09 Eliminate SMTP AUTOMATIC authentication
The server settings for IMAP and POP3 have no such AUTOMATIC setting.
(Nor does Thunderbird have any such setting.)

The AUTOMATIC option is no longer offered to users as a choice.  A
pre-existing setting will continue to be honored, but only to the extent
that it doesn't result in insecure password transmission.  Users in such a
situation will get a "Failed to send some messages" notification
containing the exception text that says to update their outgoing server
authentication setting.

One of the problems with "AUTOMATIC" is that users may not fully
understand its security implications.  For example, a MITM attack could
mask a server's support for STARTTLS and CRAM-MD5, resulting in password
disclosure in certain configurations.

This commit also makes changes to the SMTP authentication process.  No
attempt is made to authenticate using methods that the server does not
profess to support in its EHLO response.  This is the same behavior as
found in Thunderbird.
2014-02-25 15:22:43 -05:00
Joe Steele
dc9720ca13 Use localized strings for authentication type
AUTOMATIC = "Automatic"
PLAIN = "Normal password"
CRAM_MD5 = "Encrypted password"

SMTP also uses LOGIN.  No localized text was associated with that because
a future commit will remove that option.

(The text is similar to that of Thunderbird's)
2014-02-25 15:22:35 -05:00
cketti
4955e34886 Merge pull request #437 from zjw/misc_clean_up 2014-01-05 04:30:28 +01:00
cketti
06ec852090 Rename plurals to make Transifex happy 2014-01-04 01:44:31 +01:00
Joe Steele
0de72c31b4 Use a locale-specific date in the header of a quoted message
Also, include the sent-date in the header when using
the "prefix" quote style.  "Be like mutt" (and gmail,
and thunderbird)

Also, the quoteOriginalHtmlMessage method was using the mSourceMessage
field in various places when it should be using its originalMessage
parameter.

Related issues:  2249, 3456
2013-12-29 18:46:51 -05:00
cketti
4cdbe00732 Remove problematic linebreaks from strings files 2013-12-06 03:14:16 +01:00
Joe Steele
ef01cabccc Remove \n from R.string.message_compose_reply_header_fmt
This string resource is used in two places -- both with and without the
linefeed at the end.  Instead of having a linefeed in the string and
having the code remove it if not needed, the linefeed is now omitted from
the string and the code adds it if needed.

Also, the line ending is changed from \n to \r\n.

Also, the string in the DE and FR locales had linefeeds at the start that
were removed so they match all the other locales.

(The string in the zh-rTW locale was left alone, since it had no
linefeeds.  It looks like that file has numerous instances where \n was
replaced with actual newlines, which is probably not correct.)
2013-10-11 11:39:48 -04:00
cketti
2b7f5e7b70 Merge branch 'pick_attachment_fix'
Update LocalStore code to handle the newly introduced temporary files
for attachments

Conflicts:
	res/values/strings.xml
	src/com/fsck/k9/activity/MessageCompose.java
2013-09-25 05:22:00 +02:00
cketti
677d6c923d Don't stop the activity before attachments have been fetched
Display a progress dialog when the user tries to send the message or
save a draft and the attachments haven't been fetched completely.
2013-09-25 03:46:11 +02:00
cketti
62aa1b87d0 Fetch attachments while MessageCompose activity is running
Android allows other apps to access protected content of an app without requesting the
necessary permission when the app returns an Intent with FLAG_GRANT_READ_URI_PERMISSION.
This regularly happens as a result of ACTION_GET_CONTENT, i.e. what we use to pick content
to be attached to a message. Accessing that content only works while the receiving activity
is running. Afterwards accessing the content throws a SecurityException because of the
missing permission.
This commit changes K-9 Mail's behavior to copy the content to a temporary file in K-9's
cache directory while the activity is still running.

Fixes issue 4847, 5821

This also fixes bugs related to the fact that K-9 Mail didn't save a copy of attached content
in the message database.

Fixes issue 1187, 3330, 4930
2013-09-25 03:12:34 +02:00
Sander Bogaert
99942381cc Fix type in settings string 'visisble'. 2013-09-23 11:50:34 +02:00
Koji Arai
80232132c5 Added detailed description for narrow devices 2013-09-18 16:52:17 +09:00
Andrew Chen
58e7732996 Add IMAP support for Outlook.com.
IMAP is no longer a Plus feature; removing the note saying that it is.

http://blogs.office.com/b/microsoft-outlook/archive/2013/09/12/outlook-com-now-with-imap.aspx
2013-09-13 14:36:02 -07:00
cketti
22e6c8cdbe Add visual indicator that a menu item opens a submenu
This isn't the best solution. Most of the developers agree that a right-aligned
triangle or arrow would be a better fit for such an indicator. But we currently
don't have the time to write the code to do it.
Personally, I think we should try to get rid of submenus altogether.
2013-08-29 21:24:15 +02:00
Leon Handreke
22639a7361 Make actions shown in message view menu configurable
Fixes #5850.
2013-08-24 19:26:06 +01:00
Jesse Vincent
99e354bc9f Add back select/deselect action to return it to the context menu where users keep looking 2013-08-22 20:56:56 -04:00
Jesse Vincent
cac85a29d4 partially revert "Remove unused strings" - bring back our "stars" preference
This reverts commit 4e8c8e35de.

Conflicts:
	res/values-ca/strings.xml
	res/values-cs/strings.xml
	res/values-da/strings.xml
	res/values-de/strings.xml
	res/values-el/strings.xml
	res/values-es/strings.xml
	res/values-fi/strings.xml
	res/values-fr-rCA/strings.xml
	res/values-fr/strings.xml
	res/values-gl/strings.xml
	res/values-hu/strings.xml
	res/values-it/strings.xml
	res/values-iw/strings.xml
	res/values-ja/strings.xml
	res/values-ko/strings.xml
	res/values-nl/strings.xml
	res/values-pl/strings.xml
	res/values-pt-rBR/strings.xml
	res/values-ru/strings.xml
	res/values-sv/strings.xml
	res/values-tr/strings.xml
	res/values-uk/strings.xml
	res/values-zh-rCN/strings.xml
	res/values-zh-rTW/strings.xml
	res/values/strings.xml
2013-08-22 20:56:55 -04:00
cketti
20fcd6f63d Add setting to toggle colored background of fallback contact pictures 2013-08-16 18:43:00 +02:00
cketti
e6d6744f55 Rename string to better convey the meaning
notification_action_read -> notification_action_mark_as_read
2013-07-23 20:12:48 +02:00
Jesse Vincent
f494035e02 Update the invalid ssl warning string a bit 2013-07-21 08:26:30 -04:00
David Nahodyl
27bddd8dd3 Issue 1292 - Updated invalid certificate message to be a bit more user-friendly. 2013-07-21 08:24:52 -04:00
cketti
61bd371bc1 Rename "SSL" to "SSL/TLS" and "TLS" to "STARTTLS"
Fixes issue 5775
2013-07-18 20:02:54 +02:00
cketti
2a48ad2170 Remove preference summary attribute when empty string was used
This will display the preference title vertically centered. Some
translations still had text for the summary, so their preference title
might need to be changed to adjust for possible loss of information.
2013-07-09 23:18:10 +02:00
cketti
de1c56e557 Move another XML comment 2013-07-09 17:21:59 +02:00
cketti
01103238b8 Move comment so the sync_translation script won't copy it to the output 2013-07-09 17:21:49 +02:00
Jesse Vincent
2e74d28da9 Merge branch 'Issue_4503_auto-fit_messages_option' of https://github.com/zjw/k-9 into zjw-Issue_4503_auto-fit_messages_option
* 'Issue_4503_auto-fit_messages_option' of https://github.com/zjw/k-9:
  Revert "Don't show a disabled preference if there is nothing a user can do to enable it."
  Fix indentation
  Correct preference version number.
  Issue 4503: Auto-fit messages option
  Don't show a disabled preference if there is nothing a user can do to enable it.
2013-05-07 21:49:12 -04:00
cketti
c7024af9a1 Merge branch 'message-list-sender-sorting' 2013-04-26 02:39:48 +02:00
Vincent Untz
9da0d4416f Update message_compose_reply_header_fmt to have only one newline
The PREFIX quote style was using an empty line between the header and
the quote. But mail apps using this way of quoting style do not have an
empty line between the quote header and the quote.
2013-04-14 20:06:00 -07:00
David Miller
e63afa55d3 Make the label on the "mark read" action on Jelly Bean notifications less confusing 2013-04-06 13:29:39 -04:00
Joe Steele
d9979cb1a2 Issue 4503: Auto-fit messages option
Create a preference option to automatically shrink messages
to fit the screen width (default setting is "shrink").
2013-04-04 17:11:17 -04:00
cketti
0c5bdf2c97 Add "Mark all as read" action to message list 2013-04-02 19:17:58 +02:00
m0viefreak
d85af1bfe0 reenable sorting by sender in messagelist
This was disabled in faa666394c
because it isn't possible to extract the name of the android
contact in the 'ORDER BY...' clause when querying the database.
Instead it simply sorts by the email address.

This may cause the same contact to appear multiple times in
the list, if they have multiple email addresses assigned.

But in most cases this is good enough and surely better than
not having the option to sort by sender at all.

Desktop mail clients such as Thunderbird also simply use the
sender email information when sorting the column.

This also adds a SenderComparator for usage in the MergeCursor.
2013-03-27 13:08:42 +01:00
Jesse Vincent
7defa122f8 Remove "Last" from the text of the "Refreshed" string 2013-03-14 12:01:57 -04:00
cketti
1b442f5be8 Add placeholders for missing strings / remove unused strings 2013-02-21 05:36:55 +01:00
Danny Baumann
49d1bdbcb0 Improve last folder update time formatting. 2013-02-13 11:20:40 +01:00
Jesse Vincent
d92a30f807 Experimental change to move most of our refile buttons into a refile submenu. Specifically to elicit feedback. I don't expect this change to stick around in its current form. But I do want to get a sense of whether it's something that makes people happy or angry 2013-02-11 15:28:53 -05:00
Jesse Vincent
a0be890b4d iadd a slightly less-bad label for the reply/forward submenu 2013-02-11 15:20:54 -05:00
Danny Baumann
0fac8e999d Clean up date handling.
Remove home-grown date formatting, and replace it by usage of the
DateUtils class which is present since API level 3.
2013-02-11 15:19:15 +01:00
m0viefreak
865151fef8 merge date and time font size preference into one
The header changes merged those, so remove the now unneeded preferece, too.
2013-02-11 13:05:52 +01:00
Jesse Vincent
c4b941b9b9 Switch our font sizes to have a "default", which is the size described in the XML.
Unify the text field size setting code. We should put it in a better place
2013-02-10 19:02:17 -05:00
Erkan
0ccc8807a0 Update res/values/strings.xml 2013-02-09 17:53:37 +01:00
cketti
c27a5a8104 Add setting to toggle contact pictures 2013-02-08 15:37:28 +01:00
Danny Baumann
bd154c4c0f Allow changing the message composer theme (background and text color). 2013-02-08 15:24:02 +01:00
Danny Baumann
2ea0961006 Move message view theme setting from message view menu to global prefs
by default.

The message view theme isn't something the user is likely to change on a
regular basis, so we don't need to clutter the message view menu with
this setting. The menu item can still be enabled for those who want it.
2013-02-08 15:24:01 +01:00
Jesse Vincent
7714bc3cfa Move "show all headers" into the menu (and out of the UI) 2013-02-07 15:27:22 -05:00
Danny Baumann
5d1e42c453 Improve certificate failure notifications.
The commit that introduced those notifications also introduced a rather
... interesting design pattern: The CertificateValidationException
notified the user of its pure existance - it's no longer a 'message'
only, but defines policy. As this is more than unusual, replace this
pattern by the MessagingController treating
CertificateValidationException specially when accessing remote folders.

Also make clear which account failed when constructing the notification.
2013-02-02 13:04:41 +01:00
cketti
3cd1b13833 Update help text for hotkeys 2013-02-01 21:30:07 +01:00
cketti
9a4b674282 Extract string to strings.xml 2013-02-01 03:34:35 +01:00