From 20d99475736110e651762c04fa4a4e3dc8678306 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Mon, 16 Oct 2023 01:16:17 +0000
Subject: [PATCH] Allow to send securejoin

---
 chatmaild/src/chatmaild/filtermail.py      | 14 ++++++++++----
 chatmaild/src/chatmaild/test_filtermail.py | 22 +++++++++++++---------
 online-tests/test_1_deltachat.py           | 14 ++++++++++++++
 plan.txt                                   |  6 ------
 4 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/chatmaild/src/chatmaild/filtermail.py b/chatmaild/src/chatmaild/filtermail.py
index b8388b43..368f1762 100644
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -9,9 +9,8 @@ from aiosmtpd.controller import UnixSocketController
 from smtplib import SMTP as SMTPClient
 
 
-def check_encrypted(content):
+def check_encrypted(message):
     """Check that the message is an OpenPGP-encrypted message."""
-    message = BytesParser(policy=policy.default).parsebytes(content)
     if not message.is_multipart():
         return False
     if message.get("subject") != "...":
@@ -47,7 +46,8 @@ class ExampleHandler:
 
         valid_recipients = []
 
-        mail_encrypted = check_encrypted(envelope.content)
+        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
+        mail_encrypted = check_encrypted(message)
 
         res = []
         for recipient in envelope.rcpt_tos:
@@ -68,7 +68,13 @@ class ExampleHandler:
                 continue
 
             is_outgoing = recipient_local_domain[1] != my_local_domain[1]
-            if is_outgoing and not mail_encrypted:
+
+            if (
+                is_outgoing
+                and not mail_encrypted
+                and message.get("secure-join") != "vc-request"
+                and message.get("secure-join") != "vg-request"
+            ):
                 res += ["500 Outgoing mail must be encrypted"]
                 continue
 
diff --git a/chatmaild/src/chatmaild/test_filtermail.py b/chatmaild/src/chatmaild/test_filtermail.py
index ce95836a..7f5a5811 100644
--- a/chatmaild/src/chatmaild/test_filtermail.py
+++ b/chatmaild/src/chatmaild/test_filtermail.py
@@ -1,12 +1,16 @@
-import pytest
-
 from .filtermail import check_encrypted
+from email.parser import BytesParser
+from email import policy
 
 
 def test_filtermail():
-    assert not check_encrypted(b"foo")
+    def check_encrypted_bstr(content):
+        message = BytesParser(policy=policy.default).parsebytes(content)
+        return check_encrypted(message)
 
-    assert not check_encrypted(
+    assert not check_encrypted_bstr(b"foo")
+
+    assert not check_encrypted_bstr(
         "\r\n".join(
             [
                 "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -36,7 +40,7 @@ def test_filtermail():
         ).encode()
     )
 
-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
         "\r\n".join(
             [
                 "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -67,7 +71,7 @@ def test_filtermail():
     )
 
     # https://xkcd.com/1181/
-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
         "\r\n".join(
             [
                 "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -99,7 +103,7 @@ def test_filtermail():
         ).encode()
     )
 
-    assert check_encrypted(
+    assert check_encrypted_bstr(
         "\r\n".join(
             [
                 "Subject: ...",
@@ -172,7 +176,7 @@ def test_filtermail():
         ).encode()
     )
 
-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
         "\r\n".join(
             [
                 "Subject: Buy Penis Enlargement at www.malicious-domain.com",
@@ -245,7 +249,7 @@ def test_filtermail():
         ).encode()
     )
 
-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
         "\r\n".join(
             [
                 "Subject: Message opened",
diff --git a/online-tests/test_1_deltachat.py b/online-tests/test_1_deltachat.py
index 74dc2213..d3233679 100644
--- a/online-tests/test_1_deltachat.py
+++ b/online-tests/test_1_deltachat.py
@@ -67,3 +67,17 @@ class TestEndToEndDeltaChat:
                     break
 
         pytest.fail("sending succeeded although messages should exceed quota")
+
+    def test_securejoin(self, cmfactory, lp, maildomain2):
+        ac1 = cmfactory.new_online_configuring_account(cache=False)
+        cmfactory.switch_maildomain(maildomain2)
+        ac2 = cmfactory.new_online_configuring_account(cache=False)
+        cmfactory.bring_accounts_online()
+
+        lp.sec("ac1: create QR code and let ac2 scan it, starting the securejoin")
+        qr = ac1.get_setup_contact_qr()
+
+        lp.sec("ac2: start QR-code based setup contact protocol")
+        ch = ac2.qr_setup_contact(qr)
+        assert ch.id >= 10
+        ac1._evtracker.wait_securejoin_inviter_progress(1000)
diff --git a/plan.txt b/plan.txt
index 13a04982..66e8d20c 100644
--- a/plan.txt
+++ b/plan.txt
@@ -8,12 +8,6 @@
 - limit: configure max-connections per account
 
 
-## Filtermail
-
-- (alex, Only allow (outgoing) mails if secure-join or autocrypt-pgp-encrypted format.
-  TODO: mime-parse mails and check/add tests
-
-
 ## nami: send out rate limit / rspamd
 
 - basic outgoing send rate/limits (depending on "account-rating")