1
0
mirror of https://github.com/moparisthebest/mail synced 2024-12-22 23:38:48 -05:00

Merge pull request #325 from whiteout-io/dev/WO-947

[WO-03-014] Fix Spoofing of Signed Messages and general UI Concerns (High)
This commit is contained in:
Tankred Hase 2015-04-22 18:59:11 +02:00
commit 4a681a73d2
6 changed files with 63 additions and 15 deletions

View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="100px" height="100px" viewBox="0 0 100 100" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">
<!-- Generator: Sketch 3.0.4 (8053) - http://www.bohemiancoding.com/sketch -->
<title>signature-invalid-cutout</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">
<g id="signature-invalid-cutout" sketch:type="MSArtboardGroup" transform="translate(0.110156, 0.000000)" fill="#000000">
<path d="M77.3119658,92 L50,64.6787909 L22.6865385,92 L8.00299145,77.3054987 L35.3149573,49.9977557 L8,22.6870202 L22.6850427,8.00149623 L50,35.3137279 L77.3149573,8 L92,22.6825315 L64.6850427,49.9977557 L91.9970085,77.3054987 L77.3119658,92 Z" sketch:type="MSShapeGroup"></path>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 995 B

View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="100px" height="100px" viewBox="0 0 100 100" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">
<!-- Generator: Sketch 3.0.4 (8053) - http://www.bohemiancoding.com/sketch -->
<title>signature-verified-cutout</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">
<g id="signature-verified-cutout" sketch:type="MSArtboardGroup" transform="translate(0.110156, 0.000000)" fill="#000000">
<path d="M50,97 C75.9573832,97 97,75.9573832 97,50 C97,24.0426168 75.9573832,3 50,3 C24.0426168,3 3,24.0426168 3,50 C3,75.9573832 24.0426168,97 50,97 Z M46.2732912,77.5085 L20,57.830916 L27.9184401,47.6349702 L43.3096859,59.5152262 L70.31112,23 L80.867825,30.7782191 L46.2732912,77.5085 Z" sketch:type="MSShapeGroup"></path>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.0 KiB

View File

@ -122,9 +122,11 @@ Dummy.prototype.listMails = function() {
'>> from 0.7.0.1\n' + '>> from 0.7.0.1\n' +
'>>\n' + '>>\n' +
'>> God speed!'; // plaintext body '>> God speed!'; // plaintext body
this.html = '<!DOCTYPE html><html><head></head><body><h1 style="border: 1px solid red; width: 500px; margin:0;">Hello there' + Math.random() + '</h1></body></html>'; //this.html = '<!DOCTYPE html><html><head></head><body><h1 style="border: 1px solid red; width: 500px; margin:0;">Hello there' + Math.random() + '</h1></body></html>';
this.encrypted = true; this.encrypted = true;
this.decrypted = true; this.decrypted = true;
this.signed = true;
this.signaturesValid = true;
}; };
var dummies = [], var dummies = [],

View File

@ -55,6 +55,21 @@
& > .attachments { & > .attachments {
margin-top: 1em; margin-top: 1em;
} }
.signature-status {
& > svg {
vertical-align: middle;
width: 1.5em;
height: 1.5em;
margin-bottom: .2em;
fill: $color-main;
}
}
.signature-status--invalid {
& > svg {
fill: $color-error-area;
}
}
} }
// only visible in stripped version of read view // only visible in stripped version of read view
.mail-addresses__stripped { .mail-addresses__stripped {
@ -137,13 +152,6 @@
// Content components // Content components
&__signature-status {
margin-top: 0;
margin-bottom: 0.5em;
text-align: center;
color: $color-error;
padding: 0 $padding-horizontal;
}
&__display-images { &__display-images {
margin-bottom: 0.5em; margin-bottom: 0.5em;
text-align: center; text-align: center;

View File

@ -42,7 +42,7 @@
<svg ng-show="!email.flagged"><use xlink:href="#icon-star" /><title>Not Starred</title></svg> <svg ng-show="!email.flagged"><use xlink:href="#icon-star" /><title>Not Starred</title></svg>
</li> </li>
<li class="mail-list-entry__flags-encrypted"> <li class="mail-list-entry__flags-encrypted">
<svg ng-show="email.encrypted"><use xlink:href="#icon-encrypted" /><title>Encrypted</title></svg> <svg ng-show="email.encrypted" wo-tooltip="#encrypted-info"><use xlink:href="#icon-encrypted" /></svg>
</li> </li>
<li class="mail-list-entry__flags-answered" ng-show="!email.unread && email.answered"> <li class="mail-list-entry__flags-answered" ng-show="!email.unread && email.answered">
<svg><use xlink:href="#icon-reply" /><title>Answered</title></svg> <svg><use xlink:href="#icon-reply" /><title>Answered</title></svg>
@ -74,4 +74,11 @@
</div> </div>
<footer ng-include="'tpl/status-display.html'"></footer> <footer ng-include="'tpl/status-display.html'"></footer>
</div>
<!-- tooltips -->
<div id="encrypted-info" class="tooltip">
<div class="tooltip__arrow"></div>
<div class="tooltip__content">Message is encrypted.</div>
</div>
</div><!--/mail-list-->

View File

@ -78,6 +78,13 @@
{{u.name || u.address}} {{u.name || u.address}}
<svg ng-show="u.secure === false"><use xlink:href="#icon-add_contact" /></svg> <svg ng-show="u.secure === false"><use xlink:href="#icon-add_contact" /></svg>
</span> </span>
<span ng-show="(state.mailList.selected.body || state.mailList.selected.html) && state.mailList.selected.signed"
class="signature-status" ng-class="{'signature-status--invalid': !state.mailList.selected.signaturesValid}" wo-tooltip="#signature-info">
<svg ng-show="state.mailList.selected.signaturesValid"><use xlink:href="#icon-signature-verified" /></svg>
<svg ng-show="!state.mailList.selected.signaturesValid"><use xlink:href="#icon-signature-invalid" /></svg>
</span>
<span class="mail-addresses__stripped"></span> <span class="mail-addresses__stripped"></span>
</span> </span>
</div> </div>
@ -111,11 +118,6 @@
</ul> </ul>
</header><!--/read__header--> </header><!--/read__header-->
<p class="read__signature-status"
ng-show="(state.mailList.selected.body || state.mailList.selected.html) && state.mailList.selected.signed && !state.mailList.selected.signaturesValid">
Invalid PGP signature. This message could have been tampered with.
</p>
<div class="read__display-images" ng-show="state.mailList.selected.html && showImageButton"> <div class="read__display-images" ng-show="state.mailList.selected.html && showImageButton">
<button class="btn btn--light" wo-touch="displayImages()">Display images</button> <button class="btn btn--light" wo-touch="displayImages()">Display images</button>
</div> </div>
@ -164,6 +166,11 @@
<div class="tooltip__arrow"></div> <div class="tooltip__arrow"></div>
<div class="tooltip__content">{{keyId}}</div> <div class="tooltip__content">{{keyId}}</div>
</div> </div>
<div id="signature-info" class="tooltip">
<div class="tooltip__arrow"></div>
<div ng-show="state.mailList.selected.signaturesValid" class="tooltip__content">Message signature is valid.</div>
<div ng-show="!state.mailList.selected.signaturesValid" class="tooltip__content">Invalid message signature. This message could have been tampered with!</div>
</div>
<!-- dropdowns --> <!-- dropdowns -->
<ul id="read-reply-selection" class="dropdown"> <ul id="read-reply-selection" class="dropdown">