From 569449e633abbe22b63b9c6b8c680119a3bdceda Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Mon, 30 Nov 2015 15:37:41 -0400
Subject: [feat] make events multi-user aware

- Resolves: #7656
- Releases: 0.4.1
---
 src/leap/mail/incoming/service.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'src/leap/mail/incoming')

diff --git a/src/leap/mail/incoming/service.py b/src/leap/mail/incoming/service.py
index d8b91ba..3896c17 100644
--- a/src/leap/mail/incoming/service.py
+++ b/src/leap/mail/incoming/service.py
@@ -233,7 +233,7 @@ class IncomingMail(Service):
             failure.trap(InvalidAuthTokenError)
             # if the token is invalid, send an event so the GUI can
             # disable mail and show an error message.
-            emit_async(catalog.SOLEDAD_INVALID_AUTH_TOKEN)
+            emit_async(catalog.SOLEDAD_INVALID_AUTH_TOKEN, self._userid)
 
         log.msg('FETCH: syncing soledad...')
         d = self._soledad.sync()
@@ -254,7 +254,7 @@ class IncomingMail(Service):
             num_mails = len(doclist) if doclist is not None else 0
             if num_mails != 0:
                 log.msg("there are %s mails" % (num_mails,))
-            emit_async(catalog.MAIL_FETCHED_INCOMING,
+            emit_async(catalog.MAIL_FETCHED_INCOMING, self._userid,
                        str(num_mails), str(fetched_ts))
             return doclist
 
@@ -262,7 +262,7 @@ class IncomingMail(Service):
         """
         Sends unread event to ui.
         """
-        emit_async(catalog.MAIL_UNREAD_MESSAGES,
+        emit_async(catalog.MAIL_UNREAD_MESSAGES, self._userid,
                    str(self._inbox_collection.count_unseen()))
 
     # process incoming mail.
@@ -286,7 +286,7 @@ class IncomingMail(Service):
         deferreds = []
         for index, doc in enumerate(doclist):
             logger.debug("processing doc %d of %d" % (index + 1, num_mails))
-            emit_async(catalog.MAIL_MSG_PROCESSING,
+            emit_async(catalog.MAIL_MSG_PROCESSING, self._userid,
                        str(index), str(num_mails))
 
             keys = doc.content.keys()
@@ -336,7 +336,8 @@ class IncomingMail(Service):
                 decrdata = ""
                 success = False
 
-            emit_async(catalog.MAIL_MSG_DECRYPTED, "1" if success else "0")
+            emit_async(catalog.MAIL_MSG_DECRYPTED, self._userid,
+                       "1" if success else "0")
             return self._process_decrypted_doc(doc, decrdata)
 
         d = self._keymanager.decrypt(
@@ -743,10 +744,11 @@ class IncomingMail(Service):
                 listener(result)
 
             def signal_deleted(doc_id):
-                emit_async(catalog.MAIL_MSG_DELETED_INCOMING)
+                emit_async(catalog.MAIL_MSG_DELETED_INCOMING,
+                           self._userid)
                 return doc_id
 
-            emit_async(catalog.MAIL_MSG_SAVED_LOCALLY)
+            emit_async(catalog.MAIL_MSG_SAVED_LOCALLY, self._userid)
             d = self._delete_incoming_message(doc)
             d.addCallback(signal_deleted)
             return d
-- 
cgit v1.2.3


From 50f0659459169d297fa28ec8f42b7541da970175 Mon Sep 17 00:00:00 2001
From: Giovane <giovaneliberato@gmail.com>
Date: Tue, 19 Jan 2016 17:45:52 -0200
Subject: [feat] Verify plain text signed email

- Extract message serialization to a method
- Add new condition to verify signature on plain text mail
- Return InvalidSignature if cannot verify
---
 src/leap/mail/incoming/service.py | 43 ++++++++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 7 deletions(-)

(limited to 'src/leap/mail/incoming')

diff --git a/src/leap/mail/incoming/service.py b/src/leap/mail/incoming/service.py
index 3896c17..1716816 100644
--- a/src/leap/mail/incoming/service.py
+++ b/src/leap/mail/incoming/service.py
@@ -440,6 +440,7 @@ class IncomingMail(Service):
 
         fromHeader = msg.get('from', None)
         senderAddress = None
+
         if (fromHeader is not None and
             (msg.get_content_type() == MULTIPART_ENCRYPTED or
              msg.get_content_type() == MULTIPART_SIGNED)):
@@ -466,6 +467,8 @@ class IncomingMail(Service):
         if msg.get_content_type() == MULTIPART_ENCRYPTED:
             d = self._decrypt_multipart_encrypted_msg(
                 msg, encoding, senderAddress)
+        elif msg.get_content_type() == MULTIPART_SIGNED:
+            d = self._verify_signature_not_encrypted_msg(msg, senderAddress)
         else:
             d = self._maybe_decrypt_inline_encrypted_msg(
                 msg, encoding, senderAddress)
@@ -522,8 +525,8 @@ class IncomingMail(Service):
             return (msg, signkey)
 
         d = self._keymanager.decrypt(
-            encdata, self._userid, OpenPGPKey,
-            verify=senderAddress)
+                encdata, self._userid, OpenPGPKey,
+                verify=senderAddress)
         d.addCallbacks(build_msg, self._decryption_error, errbackArgs=(msg,))
         return d
 
@@ -545,11 +548,8 @@ class IncomingMail(Service):
         :rtype: Deferred
         """
         log.msg('maybe decrypting inline encrypted msg')
-        # serialize the original message
-        buf = StringIO()
-        g = Generator(buf)
-        g.flatten(origmsg)
-        data = buf.getvalue()
+
+        data = self._serialize_msg(origmsg)
 
         def decrypted_data(res):
             decrdata, signkey = res
@@ -578,6 +578,35 @@ class IncomingMail(Service):
         d.addCallback(encode_and_return)
         return d
 
+    def _verify_signature_not_encrypted_msg(self, origmsg, sender_address):
+        """
+        Possibly decrypt an inline OpenPGP encrypted message.
+
+        :param origmsg: The original, possibly encrypted message.
+        :type origmsg: Message
+        :param sender_address: The email address of the sender of the message.
+        :type sender_address: str
+
+        :return: A Deferred that will be fired with a tuple containing a
+        signed Message and the signing OpenPGPKey if the signature
+        is valid or InvalidSignature.
+        :rtype: Deferred
+        """
+        msg = copy.deepcopy(origmsg)
+        data = msg.get_payload()[0].as_string()
+        detached_sig = msg.get_payload()[1].get_payload()
+        d = self._keymanager.verify(data, sender_address, OpenPGPKey, detached_sig)
+
+        d.addCallback(lambda sign_key: (msg, sign_key))
+        d.addErrback(lambda _: (msg, keymanager_errors.InvalidSignature()))
+        return d
+
+    def _serialize_msg(self, origmsg):
+        buf = StringIO()
+        g = Generator(buf)
+        g.flatten(origmsg)
+        return buf.getvalue()
+
     def _decryption_error(self, failure, msg):
         """
         Check for known decryption errors
-- 
cgit v1.2.3


From 1c3b8d861db49ee723a7470301a63a8ca2994f5c Mon Sep 17 00:00:00 2001
From: Giovane <giovaneliberato@gmail.com>
Date: Thu, 21 Jan 2016 16:31:14 -0200
Subject: [feat] Validate signature with attachments

- Create a new Generator that doesn't trim the headers
- Extract detached signature from message
- Convert message to the body an attachments level
- Add coment to the generator workaround and shows which python version
  has the patch
---
 src/leap/mail/incoming/service.py | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

(limited to 'src/leap/mail/incoming')

diff --git a/src/leap/mail/incoming/service.py b/src/leap/mail/incoming/service.py
index 1716816..49bca50 100644
--- a/src/leap/mail/incoming/service.py
+++ b/src/leap/mail/incoming/service.py
@@ -24,7 +24,6 @@ import time
 import warnings
 
 from email.parser import Parser
-from email.generator import Generator
 from email.utils import parseaddr
 from email.utils import formatdate
 from StringIO import StringIO
@@ -43,6 +42,7 @@ from leap.common.mail import get_email_charset
 from leap.keymanager import errors as keymanager_errors
 from leap.keymanager.openpgp import OpenPGPKey
 from leap.mail.adaptors import soledad_indexes as fields
+from leap.mail.generator import Generator
 from leap.mail.utils import json_loads, empty
 from leap.soledad.client import Soledad
 from leap.soledad.common.crypto import ENC_SCHEME_KEY, ENC_JSON_KEY
@@ -394,7 +394,7 @@ class IncomingMail(Service):
 
         # ok, this is an incoming message
         rawmsg = msg.get(self.CONTENT_KEY, None)
-        if not rawmsg:
+        if rawmsg is None:
             return ""
         return self._maybe_decrypt_msg(rawmsg)
 
@@ -525,8 +525,8 @@ class IncomingMail(Service):
             return (msg, signkey)
 
         d = self._keymanager.decrypt(
-                encdata, self._userid, OpenPGPKey,
-                verify=senderAddress)
+            encdata, self._userid, OpenPGPKey,
+            verify=senderAddress)
         d.addCallbacks(build_msg, self._decryption_error, errbackArgs=(msg,))
         return d
 
@@ -593,9 +593,10 @@ class IncomingMail(Service):
         :rtype: Deferred
         """
         msg = copy.deepcopy(origmsg)
-        data = msg.get_payload()[0].as_string()
-        detached_sig = msg.get_payload()[1].get_payload()
-        d = self._keymanager.verify(data, sender_address, OpenPGPKey, detached_sig)
+        data = self._serialize_msg(msg.get_payload(0))
+        detached_sig = self._extract_signature(msg)
+        d = self._keymanager.verify(data, sender_address, OpenPGPKey,
+                                    detached_sig)
 
         d.addCallback(lambda sign_key: (msg, sign_key))
         d.addErrback(lambda _: (msg, keymanager_errors.InvalidSignature()))
@@ -607,6 +608,16 @@ class IncomingMail(Service):
         g.flatten(origmsg)
         return buf.getvalue()
 
+    def _extract_signature(self, msg):
+        body = msg.get_payload(0).get_payload()
+
+        if isinstance(body, str):
+            body = msg.get_payload(0)
+
+        detached_sig = msg.get_payload(1).get_payload()
+        msg.set_payload(body)
+        return detached_sig
+
     def _decryption_error(self, failure, msg):
         """
         Check for known decryption errors
-- 
cgit v1.2.3


From 8a828b7a2158c01215c3cbab006caa694a41af03 Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Mon, 21 Dec 2015 15:35:56 +0100
Subject: [feat] use fingerprint instead of key_id to address keys

---
 src/leap/mail/incoming/service.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/leap/mail/incoming')

diff --git a/src/leap/mail/incoming/service.py b/src/leap/mail/incoming/service.py
index 49bca50..98ed416 100644
--- a/src/leap/mail/incoming/service.py
+++ b/src/leap/mail/incoming/service.py
@@ -461,7 +461,7 @@ class IncomingMail(Service):
                 decrmsg.add_header(
                     self.LEAP_SIGNATURE_HEADER,
                     self.LEAP_SIGNATURE_VALID,
-                    pubkey=signkey.key_id)
+                    pubkey=signkey.fingerprint)
             return decrmsg.as_string()
 
         if msg.get_content_type() == MULTIPART_ENCRYPTED:
-- 
cgit v1.2.3


From 13927ac178c00b729d8d660107f72d878879a5c3 Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Sun, 20 Mar 2016 19:52:46 +0100
Subject: [bug] Decode attached keys so they are recognized by keymanager

- Resolves: #7977
---
 src/leap/mail/incoming/service.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/leap/mail/incoming')

diff --git a/src/leap/mail/incoming/service.py b/src/leap/mail/incoming/service.py
index 98ed416..c7d194d 100644
--- a/src/leap/mail/incoming/service.py
+++ b/src/leap/mail/incoming/service.py
@@ -749,7 +749,7 @@ class IncomingMail(Service):
         for attachment in attachments:
             if MIME_KEY == attachment.get_content_type():
                 d = self._keymanager.put_raw_key(
-                    attachment.get_payload(),
+                    attachment.get_payload(decode=True),
                     OpenPGPKey,
                     address=address)
                 d.addCallbacks(log_key_added, failed_put_key)
-- 
cgit v1.2.3


From ec0183a792223e6acd8343beb0e5ba1bf3df43b1 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Fri, 15 Apr 2016 16:06:56 -0400
Subject: [refactor] change IMAPAccount signature

for consistency with the previous Account change.
---
 src/leap/mail/incoming/tests/test_incoming_mail.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/leap/mail/incoming')

diff --git a/src/leap/mail/incoming/tests/test_incoming_mail.py b/src/leap/mail/incoming/tests/test_incoming_mail.py
index 6880496..754df9f 100644
--- a/src/leap/mail/incoming/tests/test_incoming_mail.py
+++ b/src/leap/mail/incoming/tests/test_incoming_mail.py
@@ -77,7 +77,7 @@ subject: independence of cyberspace
     def setUp(self):
         def getInbox(_):
             d = defer.Deferred()
-            theAccount = IMAPAccount(ADDRESS, self._soledad, d=d)
+            theAccount = IMAPAccount(self._soledad, ADDRESS, d=d)
             d.addCallback(
                 lambda _: theAccount.getMailbox(INBOX_NAME))
             return d
-- 
cgit v1.2.3