[Rt-commit] rt branch, 4.4/per-queue-outgoing-encryption-protocol, updated. rt-4.4.4-177-ge28e0420ce
Dianne Skoll
dianne at bestpractical.com
Thu Nov 19 12:58:56 EST 2020
The branch, 4.4/per-queue-outgoing-encryption-protocol has been updated
via e28e0420ce3fadaccd036719125a10bae565f61b (commit)
via e26c6fdba23b54ab7a2fc612548fcab464f94aac (commit)
from 216f0a66497deb317b0c2bbd7b2970aa491479c0 (commit)
Summary of changes:
lib/RT/Config.pm | 24 +++++++++++++++---
share/html/Admin/Users/Keys.html | 8 +++---
...going.t => crypt-per-queue-outgoing-protocol.t} | 29 +++++++++++++++++++---
3 files changed, 51 insertions(+), 10 deletions(-)
copy t/mail/{smime/outgoing.t => crypt-per-queue-outgoing-protocol.t} (67%)
- Log -----------------------------------------------------------------
commit e26c6fdba23b54ab7a2fc612548fcab464f94aac
Author: Dianne Skoll <dianne at bestpractical.com>
Date: Thu Nov 19 12:08:35 2020 -0500
Add unit test to make sure that per-queue-crypt-protocol setting actually works.
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 431a12ca22..c3ee334d08 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -796,12 +796,30 @@ our %META;
$opt->{'Incoming'} = \@enabled;
}
if ( $opt->{'Outgoing'} ) {
- if (not $enabled{$opt->{'Outgoing'}}) {
- $RT::Logger->warning($opt->{'Outgoing'}.
+ if (ref($opt->{'Outgoing'}) eq 'HASH') {
+ # Check each entry in the hash
+ foreach my $q (keys(%{$opt->{'Outgoing'}})) {
+ if (not $enabled{$opt->{'Outgoing'}->{$q}}) {
+ if ($q ne '') {
+ $RT::Logger->warning($opt->{'Outgoing'}->{$q}.
+ " explicitly set as outgoing Crypt plugin for queue $q, but not marked Enabled; "
+ . (@enabled ? "using $enabled[0]" : "removing"));
+ } else {
+ $RT::Logger->warning($opt->{'Outgoing'}->{$q}.
+ " explicitly set as default outgoing Crypt plugin, but not marked Enabled; "
+ . (@enabled ? "using $enabled[0]" : "removing"));
+ }
+ $opt->{'Outgoing'}->{$q} = $enabled[0];
+ }
+ }
+ } else {
+ if (not $enabled{$opt->{'Outgoing'}}) {
+ $RT::Logger->warning($opt->{'Outgoing'}.
" explicitly set as outgoing Crypt plugin, but not marked Enabled; "
. (@enabled ? "using $enabled[0]" : "removing"));
+ }
+ $opt->{'Outgoing'} = $enabled[0] unless $enabled{$opt->{'Outgoing'}};
}
- $opt->{'Outgoing'} = $enabled[0] unless $enabled{$opt->{'Outgoing'}};
} else {
$opt->{'Outgoing'} = $enabled[0];
}
diff --git a/t/mail/crypt-per-queue-outgoing-protocol.t b/t/mail/crypt-per-queue-outgoing-protocol.t
new file mode 100644
index 0000000000..1568e25413
--- /dev/null
+++ b/t/mail/crypt-per-queue-outgoing-protocol.t
@@ -0,0 +1,102 @@
+use strict;
+use warnings;
+
+use RT::Test::Crypt
+ GnuPG => 1,
+ SMIME => 1,
+ tests => undef,
+ gnupg_options => {
+ passphrase => 'rt-test',
+ 'trust-model' => 'always'
+ },
+ config => 'Set( %Crypt, Incoming => ["GnuPG", "SMIME"], Outgoing => {"" => "GnuPG", Special => "SMIME" } );';
+
+my $test = 'RT::Test::Crypt';
+
+use IPC::Run3 'run3';
+use RT::Interface::Email;
+
+my ($url, $m) = RT::Test->started_ok;
+ok $m->login, "logged in";
+
+my $queue = RT::Test->load_or_create_queue(
+ Name => 'Special',
+ CorrespondAddress => 'sender at example.com',
+ CommentAddress => 'sender at example.com',
+);
+ok $queue && $queue->id, 'loaded or created queue';
+
+{
+ my ($status, $msg) = $queue->SetEncrypt(1);
+ ok $status, "turn on encryption by default"
+ or diag "error: $msg";
+}
+
+my $user;
+{
+ $user = RT::User->new($RT::SystemUser);
+ ok($user->LoadByEmail('root at localhost'), "Loaded user 'root'");
+ ok($user->Load('root'), "Loaded user 'root'");
+ is($user->EmailAddress, 'root at localhost');
+
+ $test->smime_import_key( 'root at example.com.crt' => $user );
+}
+
+RT::Test->clean_caught_mails;
+
+{
+ my $mail = <<END;
+From: root\@localhost
+To: rt\@example.com
+Subject: This is a test of new ticket creation as an unknown user
+
+Blah!
+Foob!
+
+END
+
+ my ($status, $id) = RT::Test->send_via_mailgate(
+ $mail, queue => $queue->Name,
+ );
+ is $status >> 8, 0, "successfuly executed mailgate";
+
+ my $ticket = RT::Ticket->new($RT::SystemUser);
+ $ticket->Load( $id );
+ ok ($ticket->id, "found ticket ". $ticket->id);
+}
+
+{
+ my @mails = RT::Test->fetch_caught_mails;
+ is scalar @mails, 1, "autoreply";
+
+ my ($buf, $err);
+ local $@;
+ ok(eval {
+ run3([
+ qw(openssl smime -decrypt -passin pass:123456),
+ '-inkey', $test->smime_key_path('root at example.com.key'),
+ '-recip', $test->smime_key_path('root at example.com.crt')
+ ], \$mails[0], \$buf, \$err )
+ }, 'can decrypt'
+ );
+ diag $@ if $@;
+ diag $err if $err;
+ diag "Error code: $?" if $?;
+ like($buf, qr'This message has been automatically generated in response');
+}
+
+# non-"Special" queue should use GnuPG, not S/MIME.
+RT::Test->import_gnupg_key('rt-recipient at example.com');
+RT::Test->import_gnupg_key( 'rt-test at example.com' );
+
+$queue = RT::Test->load_or_create_queue(
+ Name => 'Regression',
+ CorrespondAddress => 'rt-recipient at example.com',
+ CommentAddress => 'rt-recipient at example.com',
+ Encrypt => 1,
+);
+ok $queue && $queue->id, 'loaded or created queue';
+
+create_and_test_outgoing_emails( $queue, $m );
+
+done_testing;
commit e28e0420ce3fadaccd036719125a10bae565f61b
Author: Dianne Skoll <dianne at bestpractical.com>
Date: Thu Nov 19 12:21:02 2020 -0500
In Admin/Users/Keys.html, do not call "UseForOutgoing" when we have no $Queue object.
Instead, just check if the corresponding encryption protocol is enabled.
diff --git a/share/html/Admin/Users/Keys.html b/share/html/Admin/Users/Keys.html
index cee08c869e..36b9a7e353 100644
--- a/share/html/Admin/Users/Keys.html
+++ b/share/html/Admin/Users/Keys.html
@@ -59,7 +59,7 @@
<form action="<%RT->Config->Get('WebPath')%>/Admin/Users/Keys.html" method="post" enctype="multipart/form-data">
<input type="hidden" class="hidden" name="id" value="<% $UserObj->Id %>" />
-% if (RT::Crypt->UseForOutgoing eq 'GnuPG') {
+% if (RT::Config->Get('GnuPG')->{Enable}) {
<&|/Widgets/TitleBox, title => loc('GnuPG private key') &>
<& /Widgets/Form/Select,
Name => 'PrivateKey',
@@ -71,7 +71,7 @@
</&>
% }
-% if (RT::Crypt->UseForOutgoing eq 'SMIME') {
+% if (RT::Config->Get('SMIME')->{Enable}) {
<&|/Widgets/TitleBox, title => loc('SMIME Certificate') &>
<textarea name="SMIMECertificate"><% $UserObj->SMIMECertificate || '' %></textarea>
</&>
@@ -99,7 +99,7 @@ $id = $ARGS{'id'} = $UserObj->id;
my @potential_keys;
my $email = $UserObj->EmailAddress;
-if (RT::Crypt->UseForOutgoing eq 'GnuPG') {
+if (RT::Config->Get('GnuPG')->{Enable}) {
my %keys_meta = RT::Crypt->GetKeysForSigning( Signer => $email, Protocol => 'GnuPG' );
@potential_keys = map $_->{'Key'}, @{ $keys_meta{'info'} || [] };
@@ -121,7 +121,7 @@ if (RT::Crypt->UseForOutgoing eq 'GnuPG') {
}
}
-if (RT::Crypt->UseForOutgoing eq 'SMIME') {
+if (RT::Config->Get('SMIME')->{Enable}) {
if ( $Update and ($ARGS{'SMIMECertificate'}||'') ne ($UserObj->SMIMECertificate||'') ) {
my ($status, $msg) = $UserObj->SetSMIMECertificate( $ARGS{'SMIMECertificate'} );
push @results, $msg;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list