recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Never send normal mail to unverified addresses

Summary:
Ref T12237. This tightens our delivery rules, which previously sent normal mail to unverified addresses:

- We sent general mail to unverified addresses so that you wouldn't miss anything between the time you sign up (or have an account created) and the time you verify your address. This was imagined as a slight convenience for users.
- We sent automatic reply mail to unverified addresses if they sent mail to us first, saying "we don't recognize that address". This was imagined as a convenience for users who accidentally send mail "From" the wrong address (personal vs work, for example).

I think both behaviors are probably a little better for users on the balance, but not having mail providers randomly shut us off without warning is better for me, personally -- so stop doing this stuff.

This creates a problem which we likely need to solve before the release is cut:

- On installs which do not require mail verification, mail to you will now mostly-silently be dropped if you never bothered to verify your address.

I'd like to solve this by adding some kind of per-user alert that says "We recently tried to send you some mail but you haven't verified your address.", and giving them links to verify the address and review the mail. I'll pursue this after restoring mail service to `secure.phabricator.com`.

Test Plan:
- Added a unit test.
- Unverified my address, sent mail, saw it get dropped.
- Reverified my address, sent mail, saw it go through.
- Verified that important mail (password reset, invite, confirm-this-address) either uses "Force Delivery" (skips this check) or "Raw To Addresses" (also skips this check).
- Verified that Phacility instance stuff is also covered: it uses the same invite flow.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12237

Differential Revision: https://secure.phabricator.com/D17329

epriestley 4997b6bd 7d0d4708

+58 -6
+14
src/applications/metamta/query/PhabricatorMetaMTAActor.php
··· 20 20 const REASON_FORCE_HERALD = 'force-herald'; 21 21 const REASON_ROUTE_AS_NOTIFICATION = 'route-as-notification'; 22 22 const REASON_ROUTE_AS_MAIL = 'route-as-mail'; 23 + const REASON_UNVERIFIED = 'unverified'; 23 24 24 25 private $phid; 25 26 private $emailAddress; 26 27 private $name; 27 28 private $status = self::STATUS_DELIVERABLE; 28 29 private $reasons = array(); 30 + private $isVerified = false; 29 31 30 32 public function setName($name) { 31 33 $this->name = $name; ··· 45 47 return $this->emailAddress; 46 48 } 47 49 50 + public function setIsVerified($is_verified) { 51 + $this->isVerified = $is_verified; 52 + return $this; 53 + } 54 + 55 + public function getIsVerified() { 56 + return $this->isVerified; 57 + } 58 + 48 59 public function setPHID($phid) { 49 60 $this->phid = $phid; 50 61 return $this; ··· 104 115 self::REASON_FORCE_HERALD => pht('Forced by Herald'), 105 116 self::REASON_ROUTE_AS_NOTIFICATION => pht('Route as Notification'), 106 117 self::REASON_ROUTE_AS_MAIL => pht('Route as Mail'), 118 + self::REASON_UNVERIFIED => pht('Address Not Verified'), 107 119 ); 108 120 109 121 return idx($names, $reason, pht('Unknown ("%s")', $reason)); ··· 158 170 self::REASON_ROUTE_AS_MAIL => pht( 159 171 'This message was upgraded to email by outbound mail rules '. 160 172 'in Herald.'), 173 + self::REASON_UNVERIFIED => pht( 174 + 'This recipient does not have a verified primary email address.'), 161 175 ); 162 176 163 177 return idx($descriptions, $reason, pht('Unknown Reason ("%s")', $reason));
+8
src/applications/metamta/query/PhabricatorMetaMTAActorQuery.php
··· 89 89 $actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_NO_ADDRESS); 90 90 } else { 91 91 $actor->setEmailAddress($email->getAddress()); 92 + $actor->setIsVerified($email->getIsVerified()); 92 93 } 93 94 } 94 95 } ··· 119 120 } 120 121 121 122 $actor->setEmailAddress($xuser->getAccountID()); 123 + 124 + // NOTE: This effectively drops all outbound mail to unrecognized 125 + // addresses unless "phabricator.allow-email-users" is set. See T12237 126 + // for context. 127 + $allow_key = 'phabricator.allow-email-users'; 128 + $allow_value = PhabricatorEnv::getEnvConfig($allow_key); 129 + $actor->setIsVerified((bool)$allow_value); 122 130 } 123 131 } 124 132
+10 -6
src/applications/metamta/receiver/PhabricatorMailReceiver.php
··· 153 153 ->loadOneOrCreate(); 154 154 return $xuser->getPhabricatorUser(); 155 155 } else { 156 + // NOTE: Currently, we'll always drop this mail (since it's headed to 157 + // an unverified recipient). See T12237. These details are still useful 158 + // because they'll appear in the mail logs and Mail web UI. 159 + 156 160 $reasons[] = pht( 157 161 'Phabricator is also not configured to allow unknown external users '. 158 162 'to send mail to the system using just an email address.'); ··· 174 178 if ($user) { 175 179 return $user; 176 180 } 177 - } 178 181 179 - $reasons[] = pht( 180 - "Phabricator is misconfigured, the application email ". 181 - "'%s' is set to user '%s' but that user does not exist.", 182 - $application_email->getAddress(), 183 - $default_user_phid); 182 + $reasons[] = pht( 183 + 'Phabricator is misconfigured: the application email '. 184 + '"%s" is set to user "%s", but that user does not exist.', 185 + $application_email->getAddress(), 186 + $default_user_phid); 187 + } 184 188 } 185 189 186 190 $reasons = implode("\n\n", $reasons);
+10
src/applications/metamta/storage/PhabricatorMetaMTAMail.php
··· 951 951 } 952 952 } 953 953 954 + // Unless delivery was forced earlier (password resets, confirmation mail), 955 + // never send mail to unverified addresses. 956 + foreach ($actors as $phid => $actor) { 957 + if ($actor->getIsVerified()) { 958 + continue; 959 + } 960 + 961 + $actor->setUndeliverable(PhabricatorMetaMTAActor::REASON_UNVERIFIED); 962 + } 963 + 954 964 return $actors; 955 965 } 956 966
+16
src/applications/metamta/storage/__tests__/PhabricatorMetaMTAMailTestCase.php
··· 153 153 $this->assertTrue( 154 154 in_array($phid, $mail->buildRecipientList()), 155 155 'Recipients restored after tag preference removed.'); 156 + 157 + $email = id(new PhabricatorUserEmail())->loadOneWhere( 158 + 'userPHID = %s AND isPrimary = 1', 159 + $phid); 160 + 161 + $email->setIsVerified(0)->save(); 162 + 163 + $this->assertFalse( 164 + in_array($phid, $mail->buildRecipientList()), 165 + pht('Mail not sent to unverified address.')); 166 + 167 + $email->setIsVerified(1)->save(); 168 + 169 + $this->assertTrue( 170 + in_array($phid, $mail->buildRecipientList()), 171 + pht('Mail sent to verified address.')); 156 172 } 157 173 158 174 public function testThreadIDHeaders() {