Merge pull request #63 from whiteout-io/dev/WO-376

[WO-376] disable secure sending when bcc is used
2024-11-12 04:05:13 -05:00 · 2014-05-16 14:04:47 +02:00 · 2014-05-16 14:04:47 +02:00 · 380a9da1fd
commit 380a9da1fd
parent 811f35c048 e25617134b
3 changed files with 57 additions and 3 deletions
--- a/src/js/bo/outbox.js
+++ b/src/js/bo/outbox.js
@ -62,6 +62,12 @@ define(function(require) {
        mail.publicKeysArmored = []; // gather the public keys
        mail.id = util.UUID(); // the mail needs a random uuid for storage in the database

+        // do not encrypt mails with a bcc recipient, due to a possible privacy leak
+        if (mail.bcc.length > 0) {
+            storeAndForward(mail);
+            return;
+        }
+
        checkRecipients(allReaders);

        // check if there are unregistered recipients
--- a/src/js/controller/write.js
+++ b/src/js/controller/write.js
@ -237,6 +237,11 @@ define(function(require) {
                return;
            }

+            // bcc automatically disables secure sending
+            if ($scope.bcc.filter(filterEmptyAddresses).length > 0) {
+                allSecure = false;
+            }
+
            if (allSecure) {
                // send encrypted if all secure
                $scope.okToSend = true;
@ -331,11 +336,21 @@ define(function(require) {
                });
            });

+        };
+    };
+
+    
+    //
+    // Helpers
+    //
+
+    /*
+     * Visitor to filter out objects without an address property, i.e. empty addresses
+     */
    function filterEmptyAddresses(addr) {
        return !!addr.address;
    }
-        };
-    };
+

    //
    // Directives
--- a/test/new-unit/outbox-bo-test.js
+++ b/test/new-unit/outbox-bo-test.js
@ -86,6 +86,39 @@ define(function(require) {
                });
            });

+            it('should not encrypt a mail with bcc and store a mail', function(done) {
+                var mail;
+
+                mail = {
+                    from: [{
+                        name: 'member',
+                        address: 'member@whiteout.io'
+                    }],
+                    to: [{
+                        name: 'member',
+                        address: 'member@whiteout.io'
+                    }],
+                    cc: [],
+                    bcc: [{
+                        name: 'member',
+                        address: 'member@whiteout.io'
+                    }]
+                };
+
+                devicestorageStub.storeList.withArgs([mail]).yieldsAsync();
+
+                outbox.put(mail, function(error) {
+                    expect(error).to.not.exist;
+
+                    expect(mail.publicKeysArmored.length).to.equal(0);
+                    expect(keychainStub.getReceiverPublicKey.called).to.be.false;
+                    expect(emailDaoStub.encrypt.called).to.be.false;
+                    expect(devicestorageStub.storeList.calledOnce).to.be.true;
+
+                    done();
+                });
+            });
+
            it('should encrypt and store a mail', function(done) {
                var mail, senderKey, receiverKey;