discourse/lib/email/receiver.rb
Régis Hanol d7aa13328d
FIX: strip unsubscribe links in incoming emails (#30695)
When we send an email notification to a user, we always include a link
that will allow them unsubscribe to these emails.

If the user reply to the email notification, the link to unsubscribe
might still be present in the final post (often in the elided part).

Since those links do not require authentication to unsubscribe a user
(this is a feature, not a bug), we would like to avoid showing them to
other users on Discourse.

(If such an email is forwarded elsewhere, then it's totally out of our
control.)

This commmit ensures we always strip those unsubscribe links from any
incoming email to avoid making it easier to unsubscribe another user.

Since the format we use for those links might be similar to the ones
used by other applications, the regular expression used to match those
links uses the absolute URL of the Discourse (aka.
`Discourse.base_url`).
2025-01-13 11:33:46 +01:00

1693 lines
56 KiB
Ruby

# frozen_string_literal: true
require "digest"
module Email
class Receiver
# If you add a new error, you need to
# * add it to Email::Processor#handle_failure()
# * add text to server.en.yml (parent key: "emails.incoming.errors")
class ProcessingError < StandardError
end
class EmptyEmailError < ProcessingError
end
class ScreenedEmailError < ProcessingError
end
class UserNotFoundError < ProcessingError
end
class AutoGeneratedEmailError < ProcessingError
end
class BouncedEmailError < ProcessingError
end
class NoBodyDetectedError < ProcessingError
end
class NoSenderDetectedError < ProcessingError
end
class FromReplyByAddressError < ProcessingError
end
class InactiveUserError < ProcessingError
end
class SilencedUserError < ProcessingError
end
class BadDestinationAddress < ProcessingError
end
class StrangersNotAllowedError < ProcessingError
end
class ReplyNotAllowedError < ProcessingError
end
class InsufficientTrustLevelError < ProcessingError
end
class ReplyUserNotMatchingError < ProcessingError
end
class TopicNotFoundError < ProcessingError
end
class TopicClosedError < ProcessingError
end
class InvalidPost < ProcessingError
end
class TooShortPost < ProcessingError
end
class InvalidPostAction < ProcessingError
end
class UnsubscribeNotAllowed < ProcessingError
end
class EmailNotAllowed < ProcessingError
end
class OldDestinationError < ProcessingError
end
class ReplyToDigestError < ProcessingError
end
class TooManyRecipientsError < ProcessingError
attr_reader :recipients_count
def initialize(recipients_count:)
@recipients_count = recipients_count
end
end
attr_reader :incoming_email
attr_reader :raw_email
attr_reader :mail
attr_reader :message_id
COMMON_ENCODINGS = [-"utf-8", -"windows-1252", -"iso-8859-1"]
def self.formats
@formats ||= Enum.new(plaintext: 1, markdown: 2)
end
def initialize(mail_string, opts = {})
raise EmptyEmailError if mail_string.blank?
@staged_users = []
@created_staged_users = []
@raw_email = mail_string
COMMON_ENCODINGS.each do |encoding|
fixed = try_to_encode(mail_string, encoding)
break @raw_email = fixed if fixed.present?
end
@mail = Mail.new(@raw_email)
@message_id = @mail.message_id.presence || Digest::MD5.hexdigest(mail_string)
@opts = opts
@destinations ||= opts[:destinations]
end
def process!
return if is_blocked?
id_hash = Digest::SHA1.hexdigest(@message_id)
DistributedMutex.synchronize("process_email_#{id_hash}") do
begin
# If we find an existing incoming email record with the exact same `message_id`
# do not create a new `IncomingEmail` record to avoid double ups.
return if @incoming_email = find_existing_and_update_imap
Email::Validator.ensure_valid!(@mail)
@from_email, @from_display_name = parse_from_field(@mail)
@from_user = User.find_by_email(@from_email)
@incoming_email = create_incoming_email
post = process_internal
raise BouncedEmailError if is_bounce?
post
rescue Exception => e
@incoming_email.update_columns(error: e.class.name) if @incoming_email
delete_created_staged_users
raise
end
end
end
def find_existing_and_update_imap
return unless incoming_email = IncomingEmail.find_by(message_id: @message_id)
# If we are not doing this for IMAP purposes just return the record.
return incoming_email if @opts[:imap_uid].blank?
# If the message_id matches the post id regexp then we
# generated the message_id not the imap server, e.g. in GroupSmtpEmail,
# so we want to update the incoming email because it will
# be missing IMAP details.
#
# Otherwise the incoming email is a completely new one from the IMAP
# server (e.g. a message_id generated by Gmail) and does not need to
# be updated, because message_ids from the IMAP server are not guaranteed
# to be unique.
return unless Email::MessageIdService.discourse_generated_message_id?(@message_id)
incoming_email.update(
imap_uid_validity: @opts[:imap_uid_validity],
imap_uid: @opts[:imap_uid],
imap_group_id: @opts[:imap_group_id],
imap_sync: false,
)
incoming_email
end
def is_blocked?
return false if SiteSetting.ignore_by_title.blank?
Regexp.new(SiteSetting.ignore_by_title, Regexp::IGNORECASE) =~ @mail.subject
end
def create_incoming_email
cc_addresses = Array.wrap(@mail.cc)
cc_addresses.concat(embedded_email.cc) if has_been_forwarded? && embedded_email&.cc
IncomingEmail.create(
message_id: @message_id,
raw: Email::Cleaner.new(@raw_email).execute,
subject: subject,
from_address: @from_email,
to_addresses: @mail.to,
cc_addresses: cc_addresses,
imap_uid_validity: @opts[:imap_uid_validity],
imap_uid: @opts[:imap_uid],
imap_group_id: @opts[:imap_group_id],
imap_sync: false,
created_via: IncomingEmail.created_via_types[@opts[:source] || :unknown],
)
end
def process_internal
handle_bounce if is_bounce?
raise NoSenderDetectedError if @from_email.blank?
raise FromReplyByAddressError if is_from_reply_by_email_address?
raise ScreenedEmailError if ScreenedEmail.should_block?(@from_email)
user = @from_user
if user.present?
log_and_validate_user(user)
else
raise UserNotFoundError unless SiteSetting.enable_staged_users
end
recipients = get_all_recipients(@mail)
if recipients.size > SiteSetting.maximum_recipients_per_new_group_email
raise TooManyRecipientsError.new(recipients_count: recipients.size)
end
body, elided = select_body
body ||= ""
raise NoBodyDetectedError if body.blank? && attachments.empty? && !is_bounce?
if is_auto_generated? && !sent_to_mailinglist_mirror?
@incoming_email.update_columns(is_auto_generated: true)
if SiteSetting.block_auto_generated_emails? && !is_bounce? && !@opts[:allow_auto_generated]
raise AutoGeneratedEmailError
end
end
if action = subscription_action_for(body, subject)
raise UnsubscribeNotAllowed if user.nil?
send_subscription_mail(action, user)
return
end
if post = find_related_post
# Most of the time, it is impossible to **reply** without a reply key, so exit early
if user.blank?
if sent_to_mailinglist_mirror? || !SiteSetting.find_related_post_with_key
user = stage_from_user
elsif user.blank?
raise BadDestinationAddress
end
end
create_reply(
user: user,
raw: body,
elided: elided,
post: post,
topic: post.topic,
skip_validations: user.staged?,
bounce: is_bounce?,
)
else
first_exception = nil
destinations.each do |destination|
begin
return process_destination(destination, user, body, elided)
rescue => e
first_exception ||= e
end
end
raise first_exception if first_exception
# We don't stage new users for emails to reply addresses, exit if user is nil
raise BadDestinationAddress if user.blank?
# We only get here if there are no destinations (the email is not going to
# a Category, Group, or PostReplyKey)
post = find_related_post(force: true)
if post && Guardian.new(user).can_see_post?(post)
if destination_too_old?(post)
raise OldDestinationError.new("#{Discourse.base_url}/p/#{post.id}")
end
end
if EmailLog.where(email_type: "digest", message_id: @mail.in_reply_to).exists?
raise ReplyToDigestError
end
raise BadDestinationAddress
end
end
def log_and_validate_user(user)
@incoming_email.update_columns(user_id: user.id)
raise InactiveUserError if !user.active && !user.staged
raise SilencedUserError if user.silenced?
end
def get_all_recipients(mail)
recipients = Set.new
%i[to cc bcc].each do |field|
next if mail[field].blank?
mail[field].each do |address_field|
begin
address_field.decoded
recipients << address_field.address.downcase
end
end
end
recipients
end
def is_bounce?
@mail.bounced? || bounce_key
end
def handle_bounce
@incoming_email.update_columns(is_bounce: true)
mail_error_statuses = Array.wrap(@mail.error_status)
if email_log.present?
email_log.update_columns(bounced: true, bounce_error_code: mail_error_statuses.first)
post = email_log.post
topic = email_log.topic
end
DiscourseEvent.trigger(:email_bounce, @mail, @incoming_email, @email_log)
if mail_error_statuses.any? { |s| s.start_with?(Email::SMTP_STATUS_TRANSIENT_FAILURE) }
Email::Receiver.update_bounce_score(@from_email, SiteSetting.soft_bounce_score)
else
Email::Receiver.update_bounce_score(@from_email, SiteSetting.hard_bounce_score)
end
if SiteSetting.whispers_allowed_groups.present? && @from_user&.staged?
return if email_log.blank?
if post.present? && topic.present? && topic.archetype == Archetype.private_message
body, elided = select_body
body ||= ""
create_reply(
user: @from_user,
raw: body,
elided: elided,
post: post,
topic: topic,
skip_validations: true,
bounce: true,
)
end
end
raise BouncedEmailError
end
def is_from_reply_by_email_address?
Email::Receiver.reply_by_email_address_regex.match(@from_email)
end
def bounce_key
@bounce_key ||=
begin
verp = all_destinations.select { |to| to[/\+verp-\h{32}@/] }.first
verp && verp[/\+verp-(\h{32})@/, 1]
end
end
def email_log
return nil if bounce_key.blank?
@email_log ||= EmailLog.find_by(bounce_key: bounce_key)
end
def self.update_bounce_score(email, score)
if user = User.find_by_email(email)
old_bounce_score = user.user_stat.bounce_score
new_bounce_score = old_bounce_score + score
range = (old_bounce_score + 1..new_bounce_score)
user.user_stat.bounce_score = new_bounce_score
user.user_stat.reset_bounce_score_after =
SiteSetting.reset_bounce_score_after_days.days.from_now
user.user_stat.save!
if range === SiteSetting.bounce_score_threshold
# NOTE: we check bounce_score before sending emails
# So log we revoked the email...
reason =
I18n.t(
"user.email.revoked",
email: user.email,
date: user.user_stat.reset_bounce_score_after,
)
StaffActionLogger.new(Discourse.system_user).log_revoke_email(user, reason)
# ... and PM the user
SystemMessage.create_from_system_user(user, :email_revoked)
end
end
end
def is_auto_generated?
return false if SiteSetting.auto_generated_allowlist.split("|").include?(@from_email)
@mail[:precedence].to_s[/list|junk|bulk|auto_reply/i] ||
@mail[:from].to_s[/(mailer[\-_]?daemon|post[\-_]?master|no[\-_]?reply)@/i] ||
@mail[:subject].to_s[
/\A\s*(Auto:|Automatic reply|Autosvar|Automatisk svar|Automatisch antwoord|Abwesenheitsnotiz|Risposta Non al computer|Automatisch antwoord|Auto Response|Respuesta automática|Fuori sede|Out of Office|Frånvaro|Réponse automatique)/i
] ||
@mail.header.reject { |h| h.name.downcase == "x-auto-response-suppress" }.to_s[
/auto[\-_]?(response|submitted|replied|reply|generated|respond)|holidayreply|machinegenerated/i
]
end
def is_spam?
case SiteSetting.email_in_spam_header
when "X-Spam-Flag"
@mail[:x_spam_flag].to_s[/YES/i]
when "X-Spam-Status"
@mail[:x_spam_status].to_s[/\AYes, /i]
when "X-SES-Spam-Verdict"
@mail[:x_ses_spam_verdict].to_s[/FAIL/i]
else
false
end
end
def auth_res_action
@auth_res_action ||= AuthenticationResults.new(@mail.header[:authentication_results]).action
end
def select_body
text = nil
html = nil
text_content_type = nil
if @mail.multipart?
text = fix_charset(@mail.text_part)
html = fix_charset(@mail.html_part)
text_content_type = @mail.text_part&.content_type
elsif @mail.content_type.to_s["text/html"]
html = fix_charset(@mail)
elsif @mail.content_type.blank? || @mail.content_type["text/plain"]
text = fix_charset(@mail)
text_content_type = @mail.content_type
end
return if text.blank? && html.blank?
if text.present?
text = trim_discourse_markers(text)
text, elided_text = trim_reply_and_extract_elided(text)
if @opts[:convert_plaintext] || sent_to_mailinglist_mirror?
text_content_type ||= ""
converter_opts = {
format_flowed: !!(text_content_type =~ /format\s*=\s*["']?flowed["']?/i),
delete_flowed_space: !!(text_content_type =~ /DelSp\s*=\s*["']?yes["']?/i),
}
text = PlainTextToMarkdown.new(text, converter_opts).to_markdown
elided_text = PlainTextToMarkdown.new(elided_text, converter_opts).to_markdown
end
end
# keep track of inlined images in html version
# so we can later check if they were elided
@cids = (html.presence || "").scan(/src\s*=\s*['"](cid:.+?)["']/).flatten
markdown, elided_markdown =
if html.present?
# use the first html extracter that matches
if html_extracter = HTML_EXTRACTERS.select { |_, r| html[r] }.min_by { |_, r| html =~ r }
doc = Nokogiri::HTML5.fragment(html)
self.public_send(:"extract_from_#{html_extracter[0]}", doc)
else
markdown =
HtmlToMarkdown.new(html, keep_img_tags: true, keep_cid_imgs: true).to_markdown
markdown = trim_discourse_markers(markdown)
trim_reply_and_extract_elided(markdown)
end
end
text_format = Receiver.formats[:plaintext]
if text.blank? || (SiteSetting.incoming_email_prefer_html && markdown.present?)
text, elided_text, text_format = markdown, elided_markdown, Receiver.formats[:markdown]
end
if SiteSetting.strip_incoming_email_lines && text.present?
in_code = nil
text =
text
.lines
.map! do |line|
stripped = line.strip << "\n"
# Do not strip list items.
if (stripped[0] == "*" || stripped[0] == "-" || stripped[0] == "+") &&
stripped[1] == " "
next line
end
# Match beginning and ending of code blocks.
if !in_code && stripped[0..2] == "```"
in_code = "```"
elsif in_code == "```" && stripped[0..2] == "```"
in_code = nil
elsif !in_code && stripped[0..4] == "[code"
in_code = "[code]"
elsif in_code == "[code]" && stripped[0..6] == "[/code]"
in_code = nil
end
# Strip only lines outside code blocks.
in_code ? line : stripped
end
.join
end
[strip_unsubscribe_links(text), strip_unsubscribe_links(elided_text), text_format]
end
def strip_unsubscribe_links(text)
@unsubscribe_regex ||= %r|#{Discourse.base_url}/email/unsubscribe/\h{64}|
(text.presence || "").gsub(@unsubscribe_regex, "")
end
def to_markdown(html, elided_html)
markdown = HtmlToMarkdown.new(html, keep_img_tags: true, keep_cid_imgs: true).to_markdown
elided_markdown =
HtmlToMarkdown.new(elided_html, keep_img_tags: true, keep_cid_imgs: true).to_markdown
[EmailReplyTrimmer.trim(markdown), elided_markdown]
end
HTML_EXTRACTERS = [
[:gmail, /class="gmail_(signature|extra)/],
[:outlook, /id="(divRplyFwdMsg|Signature)"/],
[:word, /class="WordSection1"/],
[:exchange, /name="message(Body|Reply)Section"/],
[:apple_mail, /id="AppleMailSignature"/],
[:mozilla, /class="moz-/],
[:protonmail, /class="protonmail_/],
[:zimbra, /data-marker="__/],
[:newton, /(id|class)="cm_/],
[:front, /class="front-/],
]
def extract_from_gmail(doc)
# GMail adds a bunch of 'gmail_' prefixed classes like: gmail_signature, gmail_extra, gmail_quote, gmail_default...
elided = doc.css(".gmail_signature, .gmail_extra").remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_outlook(doc)
# Outlook properly identifies the signature and any replied/forwarded email
# Use their id to remove them and anything that comes after
elided = doc.css("#Signature, #Signature ~ *, hr, #divRplyFwdMsg, #divRplyFwdMsg ~ *").remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_word(doc)
# Word (?) keeps the content in the 'WordSection1' class and uses <p> tags
# When there's something else (<table>, <div>, etc..) there's high chance it's a signature or forwarded email
elided =
doc.css(
".WordSection1 > :not(p):not(ul):first-of-type, .WordSection1 > :not(p):not(ul):first-of-type ~ *",
).remove
to_markdown(doc.at(".WordSection1").to_html, elided.to_html)
end
def extract_from_exchange(doc)
# Exchange is using 'messageReplySection' for forwarded emails and 'messageBodySection' for the actual email
reply = doc.css("div[name='messageReplySection']")
body = doc.css("div[name='messageBodySection']")
if reply.present? && body.present?
elided = doc.css("div[name='messageReplySection']").remove
body = doc.css("div[name='messageBodySection']")
to_markdown(body.to_html, elided.to_html)
elsif reply.present?
to_markdown(reply.to_html, "")
elsif body.present?
to_markdown(body.to_html, "")
else
to_markdown(doc.to_html, "")
end
end
def extract_from_apple_mail(doc)
# AppleMail is the worst. It adds 'AppleMailSignature' ids (!) to several div/p with no deterministic rules
# Our best guess is to elide whatever comes after that.
elided = doc.css("#AppleMailSignature:last-of-type ~ *").remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_mozilla(doc)
# Mozilla (Thunderbird ?) properly identifies signature and forwarded emails
# Remove them and anything that comes after
elided =
doc.css(
"*[class^='moz-cite'], *[class^='moz-cite'] ~ *, " \
"*[class^='moz-signature'], *[class^='moz-signature'] ~ *, " \
"*[class^='moz-forward'], *[class^='moz-forward'] ~ *",
).remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_protonmail(doc)
# Removes anything that has a class starting with "protonmail_" and everything after that
elided = doc.css("*[class^='protonmail_'], *[class^='protonmail_'] ~ *").remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_zimbra(doc)
# Removes anything that has a 'data-marker' attribute
elided = doc.css("*[data-marker]").remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_newton(doc)
# Removes anything that has an id or a class starting with 'cm_'
elided = doc.css("*[id^='cm_'], *[class^='cm_']").remove
to_markdown(doc.to_html, elided.to_html)
end
def extract_from_front(doc)
# Removes anything that has a class starting with 'front-'
elided = doc.css("*[class^='front-']").remove
to_markdown(doc.to_html, elided.to_html)
end
def trim_reply_and_extract_elided(text)
return text, "" if @opts[:skip_trimming] || !SiteSetting.trim_incoming_emails
EmailReplyTrimmer.trim(text, true)
end
def fix_charset(mail_part)
return nil if mail_part.blank? || mail_part.body.blank?
string =
begin
mail_part.body.decoded
rescue StandardError
nil
end
return nil if string.blank?
# common encodings
encodings = COMMON_ENCODINGS.dup
encodings.unshift(mail_part.charset) if mail_part.charset.present?
# mail (>=2.5) decodes mails with 8bit transfer encoding to utf-8, so always try UTF-8 first
if mail_part.content_transfer_encoding == "8bit"
encodings.delete("UTF-8")
encodings.unshift("UTF-8")
end
encodings.uniq.each do |encoding|
fixed = try_to_encode(string, encoding)
return fixed if fixed.present?
end
nil
end
def try_to_encode(string, encoding)
encoded = string.encode("UTF-8", encoding)
!encoded.nil? && encoded.valid_encoding? ? encoded : nil
rescue Encoding::InvalidByteSequenceError,
Encoding::UndefinedConversionError,
Encoding::ConverterNotFoundError
nil
end
def previous_replies_regex
strings =
I18n
.available_locales
.map do |locale|
I18n.with_locale(locale) { I18n.t("user_notifications.previous_discussion") }
end
.uniq
@previous_replies_regex ||=
/\A--[- ]\n\*(?:#{strings.map { |x| Regexp.escape(x) }.join("|")})\*\n/im
end
def reply_above_line_regex
strings =
I18n
.available_locales
.map do |locale|
I18n.with_locale(locale) { I18n.t("user_notifications.reply_above_line") }
end
.uniq
@reply_above_line_regex ||= /\n(?:#{strings.map { |x| Regexp.escape(x) }.join("|")})\n/im
end
def trim_discourse_markers(reply)
return "" if reply.blank?
reply = reply.split(previous_replies_regex)[0]
reply.split(reply_above_line_regex)[0]
end
def parse_from_field(mail, process_forwarded_emails: true)
if email_log.present?
email = email_log.to_address || email_log.user&.email
return email, email_log.user&.username
elsif mail.bounced?
# "Final-Recipient" has a specific format (<name> ; <address>)
# cf. https://www.ietf.org/rfc/rfc2298.html#section-3.2.4
address_type, generic_address = mail.final_recipient.to_s.split(";").map { _1.to_s.strip }
return generic_address, nil if generic_address.include?("@") && address_type == "rfc822"
end
return unless mail[:from]
# For forwarded emails, where the from address matches a group incoming
# email, we want to use the from address of the original email sender,
# which we can extract from embedded_email_raw.
if process_forwarded_emails && has_been_forwarded?
if mail[:from].to_s =~ group_incoming_emails_regex
if embedded_email && embedded_email[:from].errors.blank?
from_address, from_display_name =
Email::Receiver.extract_email_address_and_name(embedded_email[:from])
return from_address, from_display_name if from_address
end
end
end
# extract proper sender when using mailman mailing list
if mail[:x_mailman_version].present?
address, name = Email::Receiver.extract_email_address_and_name_from_mailman(mail)
return address, name if address
end
# For now we are only using the Reply-To header if the email has
# been forwarded via Google Groups, which is why we are checking the
# X-Original-From header too. In future we may want to use the Reply-To
# header in more cases.
if mail[:x_original_from].present? && mail[:reply_to].present?
original_from_address, _ =
Email::Receiver.extract_email_address_and_name(mail[:x_original_from])
reply_to_address, reply_to_name =
Email::Receiver.extract_email_address_and_name(mail[:reply_to])
return reply_to_address, reply_to_name if original_from_address == reply_to_address
end
Email::Receiver.extract_email_address_and_name(mail[:from])
rescue StandardError
nil
end
def self.extract_email_address_and_name_from_mailman(mail)
list_address, _ = Email::Receiver.extract_email_address_and_name(mail[:list_post])
list_address, _ =
Email::Receiver.extract_email_address_and_name(mail[:x_beenthere]) if list_address.blank?
return if list_address.blank?
# the CC header often includes the name of the sender
address_to_name = mail[:cc]&.element&.addresses&.to_h { [_1.address, _1.name] } || {}
%i[from reply_to x_mailfrom x_original_from].each do |header|
next if mail[header].blank?
email, name = Email::Receiver.extract_email_address_and_name(mail[header])
if email.present? && email != list_address
return email, name.presence || address_to_name[email]
end
end
end
def self.extract_email_address_and_name(value)
begin
# ensure the email header value is a string
value = value.to_s
# in embedded emails, converts [mailto:foo@bar.com] to <foo@bar.com>
value = value.gsub(/\[mailto:([^\[\]]+?)\]/, "<\\1>")
# 'mailto:' suffix isn't supported by Mail::Address parsing
value = value.gsub("mailto:", "")
# parse the email header value
parsed = Mail::Address.new(value)
# extract the email address and name
mail = parsed.address.to_s.downcase.strip
name = parsed.name.to_s.strip
# ensure the email address is "valid"
if mail.include?("@")
# remove surrounding quotes from the name
name = name[1...-1] if name.size > 2 && name[/\A(['"]).+(\1)\z/]
# return the email address and name
[mail, name]
end
rescue Mail::Field::ParseError, Mail::Field::IncompleteParseError
# something went wrong parsing the email header value, return nil
end
end
def subject
@subject ||=
if mail_subject = @mail.subject
mail_subject.delete("\u0000")[0..254]
else
I18n.t("emails.incoming.default_subject", email: @from_email)
end
end
def find_or_create_user(email, display_name, raise_on_failed_create: false, user: nil)
User.transaction do
user ||= User.find_by_email(email)
if user.nil? && SiteSetting.enable_staged_users
raise EmailNotAllowed unless EmailValidator.allowed?(email)
username = UserNameSuggester.sanitize_username(display_name) if display_name.present?
begin
user =
User.create!(
email: email,
username: UserNameSuggester.suggest(username.presence || email),
name: display_name.presence || User.suggest_name(email),
staged: true,
)
@created_staged_users << user
rescue PG::UniqueViolation, ActiveRecord::RecordNotUnique, ActiveRecord::RecordInvalid
raise if raise_on_failed_create
user = nil
end
end
@staged_users << user if user&.staged?
end
user
end
def find_or_create_user!(email, display_name)
find_or_create_user(email, display_name, raise_on_failed_create: true)
end
def all_destinations
@all_destinations ||= [
@mail.destinations,
[@mail[:x_forwarded_to]].flatten.compact.map(&:decoded),
[@mail[:delivered_to]].flatten.compact.map(&:decoded),
].flatten.select(&:present?).uniq.lazy
end
def destinations
@destinations ||=
all_destinations.map { |d| Email::Receiver.check_address(d, is_bounce?) }.reject(&:blank?)
end
def sent_to_mailinglist_mirror?
@sent_to_mailinglist_mirror ||=
begin
destinations.each do |destination|
return true if destination.is_a?(Category) && destination.mailinglist_mirror?
end
false
end
end
def self.check_address(address, include_verp = false)
# only check for a group/category when 'email_in' is enabled
if SiteSetting.email_in
group = Group.find_by_email(address)
return group if group
category = Category.find_by_email(address)
return category if category
end
# reply
match = Email::Receiver.reply_by_email_address_regex(true, include_verp).match(address)
if match && match.captures
match.captures.each do |c|
next if c.blank?
post_reply_key = PostReplyKey.find_by(reply_key: c)
return post_reply_key if post_reply_key
end
end
nil
end
def process_destination(destination, user, body, elided)
if SiteSetting.forwarded_emails_behaviour != "hide" && has_been_forwarded? &&
process_forwarded_email(destination, user)
return
end
return if is_bounce? && !destination.is_a?(PostReplyKey)
if destination.is_a?(Group)
user ||= stage_from_user
create_group_post(destination, user, body, elided)
elsif destination.is_a?(Category)
if (user.nil? || user.staged?) && !destination.email_in_allow_strangers
raise StrangersNotAllowedError
end
user ||= stage_from_user
if !user.staged? && !user.in_any_groups?(SiteSetting.email_in_allowed_groups_map) &&
!sent_to_mailinglist_mirror?
raise InsufficientTrustLevelError
end
create_topic(
user: user,
raw: body,
elided: elided,
title: subject,
category: destination.id,
skip_validations: user.staged?,
)
elsif destination.is_a?(PostReplyKey)
# We don't stage new users for emails to reply addresses, exit if user is nil
raise BadDestinationAddress if user.blank?
post = Post.with_deleted.find(destination.post_id)
raise ReplyNotAllowedError if !Guardian.new(user).can_create_post?(post&.topic)
if destination.user_id != user.id && !forwarded_reply_key?(destination, user)
raise ReplyUserNotMatchingError,
"post_reply_key.user_id => #{destination.user_id.inspect}, user.id => #{user.id.inspect}"
end
create_reply(
user: user,
raw: body,
elided: elided,
post: post,
topic: post&.topic,
skip_validations: user.staged?,
bounce: is_bounce?,
)
end
end
def create_group_post(group, user, body, elided)
message_ids = Email::Receiver.extract_reply_message_ids(@mail, max_message_id_count: 5)
# Incoming emails with matching message ids, and then cross references
# these with any email addresses for the user vs to/from/cc of the
# incoming emails. in effect, any incoming email record for these
# message ids where the user is involved in any way will be returned.
incoming_emails = IncomingEmail.where(message_id: message_ids)
if !group.allow_unknown_sender_topic_replies
incoming_emails = incoming_emails.addressed_to_user(user)
end
post_ids = incoming_emails.pluck(:post_id) || []
# If the user is directly replying to an email send to them from discourse,
# there will be a corresponding EmailLog record, so we can use that as the
# reply post if it exists.
#
# Since In-Reply-To can technically have multiple message ids, we only
# consider the first one here to simplify things.
first_in_reply_to = Array.wrap(mail.in_reply_to).first
if Email::MessageIdService.discourse_generated_message_id?(first_in_reply_to)
post_id_from_email_log =
EmailLog
.where(message_id: first_in_reply_to)
.addressed_to_user(user)
.order(created_at: :desc)
.limit(1)
.pluck(:post_id)
.last
post_ids << post_id_from_email_log if post_id_from_email_log
end
target_post = post_ids.any? && Post.where(id: post_ids).order(:created_at).last
too_old_for_group_smtp = (destination_too_old?(target_post) && group.smtp_enabled)
if target_post.blank? || too_old_for_group_smtp
create_topic(
user: user,
raw: new_group_topic_body(body, target_post, too_old_for_group_smtp),
elided: elided,
title: subject,
archetype: Archetype.private_message,
target_group_names: [group.name],
is_group_message: true,
skip_validations: true,
)
else
# This must be done for the unknown user (who is staged) to
# be allowed to post a reply in the topic.
if group.allow_unknown_sender_topic_replies
target_post.topic.topic_allowed_users.find_or_create_by!(user_id: user.id)
end
create_reply(
user: user,
raw: body,
elided: elided,
post: target_post,
topic: target_post.topic,
skip_validations: true,
)
end
end
def new_group_topic_body(body, target_post, too_old_for_group_smtp)
return body if !too_old_for_group_smtp
body + "\n\n----\n\n" +
I18n.t(
"emails.incoming.continuing_old_discussion",
url: target_post.topic.url,
title: target_post.topic.title,
count: SiteSetting.disallow_reply_by_email_after_days,
)
end
def forwarded_reply_key?(post_reply_key, user)
incoming_emails =
IncomingEmail
.joins(:post)
.where("posts.topic_id = ?", post_reply_key.post.topic_id)
.addressed_to(post_reply_key.reply_key)
.addressed_to_user(user)
.pluck(:to_addresses, :cc_addresses)
incoming_emails.each do |to_addresses, cc_addresses|
unless contains_email_address_of_user?(to_addresses, user) ||
contains_email_address_of_user?(cc_addresses, user)
next
end
if contains_reply_by_email_address(to_addresses, post_reply_key.reply_key) ||
contains_reply_by_email_address(cc_addresses, post_reply_key.reply_key)
return true
end
end
false
end
def contains_email_address_of_user?(addresses, user)
return false if addresses.blank?
addresses = addresses.split(";")
user.user_emails.any? { |user_email| addresses.include?(user_email.email) }
end
def contains_reply_by_email_address(addresses, reply_key)
return false if addresses.blank?
addresses
.split(";")
.each do |address|
match = Email::Receiver.reply_by_email_address_regex.match(address)
return true if match && match.captures&.include?(reply_key)
end
false
end
def has_been_forwarded?
subject[/\A[[:blank:]]*(fwd?|tr)[[:blank:]]?:/i] && embedded_email_raw.present?
end
def embedded_email_raw
return @embedded_email_raw if @embedded_email_raw
text = fix_charset(@mail.multipart? ? @mail.text_part : @mail)
@embedded_email_raw, @before_embedded = EmailReplyTrimmer.extract_embedded_email(text)
@embedded_email_raw
end
def embedded_email
@embedded_email ||=
if embedded_email_raw.present?
mail = Mail.new(embedded_email_raw)
Email::Validator.ensure_valid_address_lists!(mail)
mail
else
nil
end
end
def process_forwarded_email(destination, user)
user ||= stage_from_user
case SiteSetting.forwarded_emails_behaviour
when "create_replies"
forwarded_email_create_replies(destination, user)
when "quote"
forwarded_email_quote_forwarded(destination, user)
else
false
end
end
def forwarded_email_create_topic(
destination:,
user:,
raw:,
title:,
date: nil,
embedded_user: nil
)
if destination.is_a?(Group)
topic_user = embedded_user&.call || user
create_topic(
user: topic_user,
raw: raw,
title: title,
archetype: Archetype.private_message,
target_usernames: [user.username],
target_group_names: [destination.name],
is_group_message: true,
skip_validations: true,
created_at: date,
)
elsif destination.is_a?(Category)
return false if user.staged? && !destination.email_in_allow_strangers
if user.groups.any? && !user.in_any_groups?(SiteSetting.email_in_allowed_groups_map)
return false
end
topic_user = embedded_user&.call || user
create_topic(
user: topic_user,
raw: raw,
title: title,
category: destination.id,
skip_validations: topic_user.staged?,
created_at: date,
)
else
false
end
end
def forwarded_email_create_replies(destination, user)
forwarded_by_address, forwarded_by_name =
Email::Receiver.extract_email_address_and_name(@mail[:from])
if forwarded_by_address && forwarded_by_name
@forwarded_by_user = stage_sender_user(forwarded_by_address, forwarded_by_name)
end
email_address, display_name =
parse_from_field(embedded_email, process_forwarded_emails: false)
return false if email_address.blank? || !email_address.include?("@")
post =
forwarded_email_create_topic(
destination: destination,
user: user,
raw: try_to_encode(embedded_email.decoded, "UTF-8").presence || embedded_email.to_s,
title: embedded_email.subject.presence || subject,
date: embedded_email.date,
embedded_user: lambda { find_or_create_user(email_address, display_name) },
)
return false unless post
if post.topic
# mark post as seen for the forwarder
PostTiming.record_timing(
user_id: user.id,
topic_id: post.topic_id,
post_number: post.post_number,
msecs: 5000,
)
# create reply when available
if @before_embedded.present?
post_type = Post.types[:regular]
post_type = Post.types[:whisper] if post.topic.private_message? &&
destination.usernames[user.username]
create_reply(
user: user,
raw: @before_embedded,
post: post,
topic: post.topic,
post_type: post_type,
skip_validations: user.staged?,
)
else
if @forwarded_by_user
post.topic.topic_allowed_users.find_or_create_by!(user_id: @forwarded_by_user.id)
end
post.topic.add_small_action(@forwarded_by_user || user, "forwarded")
end
end
true
end
def forwarded_email_quote_forwarded(destination, user)
raw = <<~MD
#{@before_embedded}
[quote]
#{PlainTextToMarkdown.new(@embedded_email_raw).to_markdown}
[/quote]
MD
if forwarded_email_create_topic(
destination: destination,
user: user,
raw: raw,
title: subject,
)
true
end
end
def self.reply_by_email_address_regex(extract_reply_key = true, include_verp = false)
reply_addresses = [SiteSetting.reply_by_email_address]
reply_addresses << (SiteSetting.alternative_reply_by_email_addresses.presence || "").split(
"|",
)
if include_verp && SiteSetting.reply_by_email_address.present? &&
SiteSetting.reply_by_email_address["+"]
reply_addresses << SiteSetting.reply_by_email_address.sub(
"%{reply_key}",
"verp-%{reply_key}",
)
end
reply_addresses.flatten!
reply_addresses.select!(&:present?)
reply_addresses.map! { |a| Regexp.escape(a) }
reply_addresses.map! { |a| a.gsub("\+", "\+?") }
reply_addresses.map! { |a| a.gsub(Regexp.escape("%{reply_key}"), "(\\h{32})?") }
if reply_addresses.empty?
/$a/ # a regex that can never match
else
/#{reply_addresses.join("|")}/
end
end
def group_incoming_emails_regex
@group_incoming_emails_regex =
Regexp.union(DB.query_single(<<~SQL).map { |e| e.split("|") }.flatten.compact_blank.uniq)
SELECT CONCAT(incoming_email, '|', email_username)
FROM groups
WHERE incoming_email IS NOT NULL OR email_username IS NOT NULL
SQL
end
def category_email_in_regex
@category_email_in_regex ||=
Regexp.union Category
.pluck(:email_in)
.select(&:present?)
.map { |e| e.split("|") }
.flatten
.uniq
end
def find_related_post(force: false)
return if !force && SiteSetting.find_related_post_with_key && !sent_to_mailinglist_mirror?
message_ids = Email::Receiver.extract_reply_message_ids(@mail, max_message_id_count: 5)
return if message_ids.empty?
Email::MessageIdService.find_post_from_message_ids(message_ids)
end
def self.extract_reply_message_ids(mail, max_message_id_count:)
message_ids = [mail.in_reply_to, Email::Receiver.extract_references(mail.references)]
message_ids.flatten!
message_ids.select!(&:present?)
message_ids.uniq!
message_ids.first(max_message_id_count)
end
def self.extract_references(references)
if Array === references
references
elsif references.present?
references.split(/[\s,]/).map { |r| Email::MessageIdService.message_id_clean(r) }
end
end
def likes
@likes ||= Set.new ["+1", "<3", "", I18n.t("post_action_types.like.title").downcase]
end
def subscription_action_for(body, subject)
return unless SiteSetting.unsubscribe_via_email
return if sent_to_mailinglist_mirror?
if ([subject, body].compact.map(&:to_s).map(&:downcase) & ["unsubscribe"]).any?
:confirm_unsubscribe
end
end
def post_action_for(body)
PostActionType.types[:like] if likes.include?(body.strip.downcase)
end
def create_topic(options = {})
enable_email_pm_setting(options[:user]) if options[:archetype] == Archetype.private_message
create_post_with_attachments(options)
end
def notification_level_for(body)
# since we are stripping save all this work on long replies
return nil if body.length > 40
body = body.strip.downcase
case body
when "mute"
NotificationLevels.topic_levels[:muted]
when "track"
NotificationLevels.topic_levels[:tracking]
when "watch"
NotificationLevels.topic_levels[:watching]
else
nil
end
end
def create_reply(options = {})
raise TopicNotFoundError if options[:topic].nil? || options[:topic].trashed?
if options[:bounce] && options[:topic].archetype != Archetype.private_message
raise BouncedEmailError
end
options[:post] = nil if options[:post]&.trashed?
if options[:topic].archetype == Archetype.private_message
enable_email_pm_setting(options[:user])
end
if post_action_type = post_action_for(options[:raw])
create_post_action(options[:user], options[:post], post_action_type)
elsif notification_level = notification_level_for(options[:raw])
TopicUser.change(
options[:user].id,
options[:post].topic_id,
notification_level: notification_level,
)
else
raise TopicClosedError if options[:topic].closed?
options[:topic_id] = options[:topic].id
options[:reply_to_post_number] = options[:post]&.post_number
options[:is_group_message] = options[:topic].private_message? &&
options[:topic].allowed_groups.exists?
create_post_with_attachments(options)
end
end
def create_post_action(user, post, type)
result = PostActionCreator.new(user, post, type).perform
raise InvalidPostAction.new if result.failed? && result.forbidden
end
def is_allowed?(attachment)
attachment.content_type !~ SiteSetting.blocked_attachment_content_types_regex &&
attachment.filename !~ SiteSetting.blocked_attachment_filenames_regex
end
def attachments
@attachments ||=
begin
attachments = @mail.attachments.select { |attachment| is_allowed?(attachment) }
attachments << @mail if @mail.attachment? && is_allowed?(@mail)
@mail.parts.each { |part| attachments << part if part.attachment? && is_allowed?(part) }
attachments.uniq!
attachments
end
end
def create_post_with_attachments(options = {})
add_elided_to_raw!(options)
options[:raw] = add_attachments(options[:raw], options[:user], options)
create_post(options)
end
def add_attachments(raw, user, options = {})
raw = raw.dup
upload_ids =
UploadReference.where(
target_id: Post.where(topic_id: options[:topic_id]).select(:id),
).pluck("DISTINCT upload_id")
upload_shas = Upload.where(id: upload_ids).pluck("DISTINCT COALESCE(original_sha1, sha1)")
is_duplicate = ->(upload_id, upload_sha, attachment) do
return true if upload_id && upload_ids.include?(upload_id)
return true if upload_sha && upload_shas.include?(upload_sha)
if attachment.respond_to?(:url) && attachment.url&.start_with?("cid:") &&
attachment.content_type&.start_with?("image/")
return true if @cids&.include?(attachment.url)
end
false
end
added_attachments = []
rejected_attachments = []
attachments.each do |attachment|
tmp = Tempfile.new(["discourse-email-attachment", File.extname(attachment.filename)])
begin
# read attachment
File.open(tmp.path, "w+b") { |f| f.write attachment.body.decoded }
# create the upload for the user
opts = { for_group_message: options[:is_group_message] }
upload = UploadCreator.new(tmp, attachment.filename, opts).create_for(user.id)
upload_sha = upload.original_sha1.presence || upload.sha1
if upload.errors.empty?
# try to inline images
if attachment.content_type&.start_with?("image/")
if raw[attachment.url]
raw.sub!(attachment.url, upload.url)
InlineUploads.match_img(
raw,
uploads: {
upload.url => upload,
},
) do |match, src, replacement, _|
raw = raw.sub(match, replacement) if src == upload.url
end
elsif raw[/\[image:[^\]]*\]/i]
raw.sub!(/\[image:[^\]]*\]/i, UploadMarkdown.new(upload).to_markdown)
elsif !is_duplicate[upload.id, upload_sha, attachment]
added_attachments << upload
end
elsif !is_duplicate[upload.id, upload_sha, attachment]
added_attachments << upload
end
else
rejected_attachments << upload
raw << "\n\n#{I18n.t("emails.incoming.missing_attachment", filename: upload.original_filename)}\n\n"
end
ensure
tmp&.close!
end
end
if rejected_attachments.present? && !user.staged?
notify_about_rejected_attachment(rejected_attachments)
end
if added_attachments.present?
markdown =
added_attachments.map { |upload| UploadMarkdown.new(upload).to_markdown }.join("\n")
if markdown.present?
raw << "\n\n"
raw << "[details=\"#{I18n.t("emails.incoming.attachments")}\"]"
raw << "\n\n"
raw << markdown
raw << "\n\n"
raw << "[/details]"
end
end
raw
end
def notify_about_rejected_attachment(attachments)
errors = []
attachments.each do |a|
error = a.errors.messages.values[0][0]
errors << "#{a.original_filename}: #{error}"
end
message = Mail::Message.new(@mail)
template_args = {
former_title: message.subject,
destination: message.to,
site_name: SiteSetting.title,
rejected_errors: errors.join("\n"),
}
client_message =
RejectionMailer.send_rejection(:email_reject_attachment, message.from, template_args)
Email::Sender.new(client_message, :email_reject_attachment).send
end
def add_elided_to_raw!(options)
is_private_message =
options[:archetype] == Archetype.private_message || options[:topic].try(:private_message?)
# only add elided part in messages
if options[:elided].present? &&
(SiteSetting.always_show_trimmed_content || is_private_message)
options[:raw] << Email::Receiver.elided_html(options[:elided])
options[:elided] = ""
end
end
def create_post(options = {})
options[:import_mode] = @opts[:import_mode]
options[:via_email] = true
options[:raw_email] = @raw_email
options[:created_at] ||= @mail.date
options[:created_at] = DateTime.now if options[:created_at] > DateTime.now
add_elided_to_raw!(options)
if sent_to_mailinglist_mirror?
options[:skip_validations] = true
options[:skip_guardian] = true
else
options[:email_spam] = is_spam?
options[:first_post_checks] = true if is_spam?
options[:email_auth_res_action] = auth_res_action
end
user = options.delete(:user)
if options[:bounce]
options[:raw] = I18n.t(
"system_messages.email_bounced",
email: user.email,
raw: options[:raw],
)
user = Discourse.system_user
options[:post_type] = Post.types[:whisper]
end
# To avoid race conditions with the post alerter and Group SMTP
# emails, we skip the jobs here and enqueue them only _after_
# the incoming email has been updated with the post and topic.
options[:skip_jobs] = true
options[:skip_events] = true
result = NewPostManager.new(user, options).perform
errors = result.errors.full_messages
if errors.any? { |message|
message.include?(I18n.t("activerecord.attributes.post.raw").strip) &&
message.include?(
I18n.t("errors.messages.too_short", count: SiteSetting.min_post_length).strip,
)
}
raise TooShortPost
end
raise InvalidPost, errors.join("\n") if result.errors.present?
if result.post
IncomingEmail.transaction do
@incoming_email.update_columns(topic_id: result.post.topic_id, post_id: result.post.id)
result.post.update(outbound_message_id: @incoming_email.message_id)
end
if result.post.topic&.private_message? && !is_bounce?
add_other_addresses(result.post, user, @mail)
if has_been_forwarded?
add_other_addresses(result.post, @forwarded_by_user || user, embedded_email)
end
end
# Alert the people involved in the topic now that the incoming email
# has been linked to the post.
PostJobsEnqueuer.new(
result.post,
result.post.topic,
options[:topic_id].blank?,
import_mode: options[:import_mode],
post_alert_options: options[:post_alert_options],
).enqueue_jobs
if result.post.is_first_post?
DiscourseEvent.trigger(:topic_created, result.post.topic, options, user)
end
DiscourseEvent.trigger(:post_created, result.post, options, user)
end
result.post
end
def self.elided_html(elided)
html = +"\n\n" << "<details class='elided'>" << "\n"
html << "<summary title='#{I18n.t("emails.incoming.show_trimmed_content")}'>&#183;&#183;&#183;</summary>" <<
"\n\n"
html << elided << "\n\n"
html << "</details>" << "\n"
html
end
def add_other_addresses(post, sender, mail_object)
max_staged_users_post = nil
%i[to cc bcc].each do |d|
next if mail_object[d].blank?
mail_object[d].each do |address_field|
begin
address_field.decoded
email = address_field.address.downcase
display_name = address_field.display_name.try(:to_s)
next if !email.include?("@")
if should_invite?(email)
user = User.find_by_email(email)
# cap number of staged users created per email
if (!user || user.staged) &&
@staged_users.count >= SiteSetting.maximum_staged_users_per_email
max_staged_users_post ||=
post.topic.add_moderator_post(
sender,
I18n.t("emails.incoming.maximum_staged_user_per_email_reached"),
import_mode: @opts[:import_mode],
)
next
end
user = find_or_create_user(email, display_name, user: user)
if user && can_invite?(post.topic, user)
post.topic.topic_allowed_users.create!(user_id: user.id)
TopicUser.auto_notification_for_staging(
user.id,
post.topic_id,
TopicUser.notification_reasons[:auto_watch],
)
post.topic.add_small_action(
sender,
"invited_user",
user.username,
import_mode: @opts[:import_mode],
)
end
end
rescue ActiveRecord::RecordInvalid, EmailNotAllowed
# don't care if user already allowed or the user's email address is not allowed
end
end
end
end
def should_invite?(email)
email !~ Email::Receiver.reply_by_email_address_regex &&
email !~ group_incoming_emails_regex && email !~ category_email_in_regex
end
def can_invite?(topic, user)
!topic.topic_allowed_users.where(user_id: user.id).exists? &&
!topic
.topic_allowed_groups
.where("group_id IN (SELECT group_id FROM group_users WHERE user_id = ?)", user.id)
.exists?
end
def send_subscription_mail(action, user)
message = SubscriptionMailer.public_send(action, user)
Email::Sender.new(message, :subscription).send
end
def stage_from_user
@from_user ||= stage_sender_user(@from_email, @from_display_name)
end
def stage_sender_user(email, display_name)
find_or_create_user!(email, display_name).tap { |u| log_and_validate_user(u) }
end
def delete_created_staged_users
@created_staged_users.each do |user|
@incoming_email.update_columns(user_id: nil) if @incoming_email.user&.id == user.id
UserDestroyer.new(Discourse.system_user).destroy(user, quiet: true) if user.posts.count == 0
end
end
def enable_email_pm_setting(user)
# ensure user PM emails are enabled (since user is posting via email)
if !user.staged &&
user.user_option.email_messages_level == UserOption.email_level_types[:never]
user.user_option.update!(email_messages_level: UserOption.email_level_types[:always])
end
end
def destination_too_old?(post)
return false if post.blank?
num_of_days = SiteSetting.disallow_reply_by_email_after_days
num_of_days > 0 && post.created_at < num_of_days.days.ago
end
end
end