1
0
mirror of https://github.com/moparisthebest/mail synced 2024-12-24 08:18:48 -05:00

Merge pull request #63 from whiteout-io/dev/WO-376

[WO-376] disable secure sending when bcc is used
This commit is contained in:
Tankred Hase 2014-05-16 14:04:47 +02:00
commit 380a9da1fd
3 changed files with 57 additions and 3 deletions

View File

@ -62,6 +62,12 @@ define(function(require) {
mail.publicKeysArmored = []; // gather the public keys mail.publicKeysArmored = []; // gather the public keys
mail.id = util.UUID(); // the mail needs a random uuid for storage in the database mail.id = util.UUID(); // the mail needs a random uuid for storage in the database
// do not encrypt mails with a bcc recipient, due to a possible privacy leak
if (mail.bcc.length > 0) {
storeAndForward(mail);
return;
}
checkRecipients(allReaders); checkRecipients(allReaders);
// check if there are unregistered recipients // check if there are unregistered recipients

View File

@ -237,6 +237,11 @@ define(function(require) {
return; return;
} }
// bcc automatically disables secure sending
if ($scope.bcc.filter(filterEmptyAddresses).length > 0) {
allSecure = false;
}
if (allSecure) { if (allSecure) {
// send encrypted if all secure // send encrypted if all secure
$scope.okToSend = true; $scope.okToSend = true;
@ -331,11 +336,21 @@ define(function(require) {
}); });
}); });
};
};
//
// Helpers
//
/*
* Visitor to filter out objects without an address property, i.e. empty addresses
*/
function filterEmptyAddresses(addr) { function filterEmptyAddresses(addr) {
return !!addr.address; return !!addr.address;
} }
};
};
// //
// Directives // Directives

View File

@ -86,6 +86,39 @@ define(function(require) {
}); });
}); });
it('should not encrypt a mail with bcc and store a mail', function(done) {
var mail;
mail = {
from: [{
name: 'member',
address: 'member@whiteout.io'
}],
to: [{
name: 'member',
address: 'member@whiteout.io'
}],
cc: [],
bcc: [{
name: 'member',
address: 'member@whiteout.io'
}]
};
devicestorageStub.storeList.withArgs([mail]).yieldsAsync();
outbox.put(mail, function(error) {
expect(error).to.not.exist;
expect(mail.publicKeysArmored.length).to.equal(0);
expect(keychainStub.getReceiverPublicKey.called).to.be.false;
expect(emailDaoStub.encrypt.called).to.be.false;
expect(devicestorageStub.storeList.calledOnce).to.be.true;
done();
});
});
it('should encrypt and store a mail', function(done) { it('should encrypt and store a mail', function(done) {
var mail, senderKey, receiverKey; var mail, senderKey, receiverKey;