Improve handling when pgp key is invalid (#1264)

* remove unused email statuses * add more logging * use text_header if html_header not set * improve email * add a header about PGP failure when forward emails can't be encrypted * remove unused email status
simple-login · Sep 2, 2022 · cea139b · cea139b
1 parent 2577344
commit cea139b
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 13 deletions.
diff --git a/app/email/status.py b/app/email/status.py
@@ -31,11 +31,7 @@
 # E403 = "421 SL E403 Retry later"
 E404 = "421 SL E404 Unexpected error - Retry later"
 E405 = "421 SL E405 Mailbox domain problem - Retry later"
-E406 = "421 SL E406 Retry later"
 E407 = "421 SL E407 Retry later"
-E408 = "421 SL E408 Retry later"
-E409 = "421 SL E409 Retry later"
-E410 = "421 SL E410 Retry later"
 # endregion
 
 # region 5** errors

diff --git a/app/email_utils.py b/app/email_utils.py
@@ -931,7 +931,9 @@ def decode_text(text: str, encoding: EmailEncoding = EmailEncoding.NO) -> str:
         return text
 
 
-def add_header(msg: Message, text_header, html_header) -> Message:
+def add_header(msg: Message, text_header, html_header=None) -> Message:
+    if not html_header:
+        html_header = text_header
     content_type = msg.get_content_type().lower()
     if content_type == "text/plain":
         encoding = get_encoding(msg)

diff --git a/cron.py b/cron.py
@@ -842,8 +842,11 @@ def check_mailbox_valid_pgp_keys():
         mailbox = Mailbox.get(mailbox_id)
         # a mailbox has been deleted
         if not mailbox:
+            LOG.d(f"Mailbox {mailbox_id} not found")
             continue
 
+        LOG.d(f"Checking PGP key for {mailbox}")
+
         try:
             load_public_key_and_check(mailbox.pgp_public_key)
         except PGPException:

diff --git a/email_handler.py b/email_handler.py
@@ -515,6 +515,9 @@ def prepare_pgp_message(
 
         encrypted = pgp_utils.encrypt_file_with_pgpy(msg_bytes, public_key)
         second.set_payload(str(encrypted))
+        LOG.i(
+            f"encryption works with pgpy and not with python-gnupg, public key {public_key}"
+        )
 
     msg.attach(second)
 
@@ -853,12 +856,13 @@ def forward_email_to_mailbox(
                 msg, mailbox.pgp_finger_print, mailbox.pgp_public_key, can_sign=True
             )
         except PGPException:
-            LOG.e(
+            LOG.w(
                 "Cannot encrypt message %s -> %s. %s %s", contact, alias, mailbox, user
             )
-            EmailLog.delete(email_log.id, commit=True)
-            # so the client can retry later
-            return False, status.E406
+            msg = add_header(
+                msg,
+                f"""PGP encryption fails with {mailbox.email}'s PGP key""",
+            )
 
     # add custom header
     add_or_replace_header(msg, headers.SL_DIRECTION, "Forward")

diff --git a/templates/emails/base.txt.jinja2 b/templates/emails/base.txt.jinja2
@@ -3,4 +3,4 @@
 Best,
 SimpleLogin team.
 
-Do you have a question? Contact us at https://app.simplelogin.io/dashboard/support.
+Do you have a question? Contact us at https://app.simplelogin.io/dashboard/support
diff --git a/templates/emails/transactional/invalid-mailbox-pgp-key.txt.jinja2 b/templates/emails/transactional/invalid-mailbox-pgp-key.txt.jinja2
@@ -2,10 +2,10 @@
 
 {% block content %}
 
-  We have detected that your mailbox {{ mailbox.email }}'s PGP key is invalid.
+We have detected that your mailbox {{ mailbox.email }}'s PGP key is invalid.
 
-  A potential cause is the key is already expired.
+A potential cause is the PGP key is already expired.
 
-  Please update the key so forwarded emails can be properly encrypted.
+Please update your PGP key on {{URL}}/dashboard/mailbox/{{ mailbox.id }}/ so forwarded emails can be properly encrypted.
 
 {% endblock %}