mirror of
https://github.com/TheCommsChannel/TC2-BBS-mesh.git
synced 2025-01-12 05:17:30 -08:00
Merge pull request #22 from piranha32/dont_snoop_on_mail
Block users from reading mail for other nodes
This commit is contained in:
commit
e2c06ec287
|
@ -258,10 +258,19 @@ def handle_mail_steps(sender_id, message, step, state, interface, bbs_nodes):
|
||||||
|
|
||||||
elif step == 2:
|
elif step == 2:
|
||||||
mail_id = int(message)
|
mail_id = int(message)
|
||||||
sender, date, subject, content, unique_id = get_mail_content(mail_id)
|
try:
|
||||||
|
|
||||||
|
# ERROR: sender_id is not what is stored in the DB
|
||||||
|
sender_node_id = get_node_id_from_num(sender_id, interface)
|
||||||
|
sender, date, subject, content, unique_id = get_mail_content(mail_id, sender_node_id)
|
||||||
send_message(f"Date: {date}\nFrom: {sender}\nSubject: {subject}\n{content}", sender_id, interface)
|
send_message(f"Date: {date}\nFrom: {sender}\nSubject: {subject}\n{content}", sender_id, interface)
|
||||||
send_message("Would you like to delete this message now that you've viewed it? Y/N", sender_id, interface)
|
send_message("Would you like to delete this message now that you've viewed it? Y/N", sender_id, interface)
|
||||||
update_user_state(sender_id, {'command': 'MAIL', 'step': 4, 'mail_id': mail_id, 'unique_id': unique_id})
|
update_user_state(sender_id, {'command': 'MAIL', 'step': 4, 'mail_id': mail_id, 'unique_id': unique_id})
|
||||||
|
except TypeError:
|
||||||
|
# get_main_content returned None. Node tried to access somebody's else mail message
|
||||||
|
logging.info(f"Node {sender_id} tried to access non-existent message")
|
||||||
|
send_message(f"Mail not found", sender_id, interface)
|
||||||
|
update_user_state(sender_id, None)
|
||||||
|
|
||||||
elif step == 3:
|
elif step == 3:
|
||||||
short_name = message
|
short_name = message
|
||||||
|
@ -283,7 +292,8 @@ def handle_mail_steps(sender_id, message, step, state, interface, bbs_nodes):
|
||||||
elif step == 4:
|
elif step == 4:
|
||||||
if message.lower() == "y":
|
if message.lower() == "y":
|
||||||
unique_id = state['unique_id']
|
unique_id = state['unique_id']
|
||||||
delete_mail(unique_id, bbs_nodes, interface)
|
sender_node_id = get_node_id_from_num(sender_id, interface)
|
||||||
|
delete_mail(unique_id, sender_node_id, bbs_nodes, interface)
|
||||||
send_message("The message has been deleted 🗑️", sender_id, interface)
|
send_message("The message has been deleted 🗑️", sender_id, interface)
|
||||||
else:
|
else:
|
||||||
send_message("The message has been kept in your inbox.✉️\nJust don't let it get as messy as your regular email inbox (ಠ_ಠ)", sender_id, interface)
|
send_message("The message has been kept in your inbox.✉️\nJust don't let it get as messy as your regular email inbox (ಠ_ಠ)", sender_id, interface)
|
||||||
|
|
|
@ -123,24 +123,26 @@ def get_mail(recipient_id):
|
||||||
c.execute("SELECT id, sender_short_name, subject, date, unique_id FROM mail WHERE recipient = ?", (recipient_id,))
|
c.execute("SELECT id, sender_short_name, subject, date, unique_id FROM mail WHERE recipient = ?", (recipient_id,))
|
||||||
return c.fetchall()
|
return c.fetchall()
|
||||||
|
|
||||||
def get_mail_content(mail_id):
|
def get_mail_content(mail_id, recipient_id):
|
||||||
|
# TODO: ensure only recipient can read mail
|
||||||
conn = get_db_connection()
|
conn = get_db_connection()
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
c.execute("SELECT sender_short_name, date, subject, content, unique_id FROM mail WHERE id = ?", (mail_id,))
|
c.execute("SELECT sender_short_name, date, subject, content, unique_id FROM mail WHERE id = ? and recipient = ?", (mail_id, recipient_id,))
|
||||||
return c.fetchone()
|
return c.fetchone()
|
||||||
|
|
||||||
def delete_mail(unique_id, bbs_nodes, interface):
|
def delete_mail(unique_id, recipient_id, bbs_nodes, interface):
|
||||||
logging.info(f"Attempting to delete mail with unique_id: {unique_id}")
|
# TODO: ensure only recipient can delete mail
|
||||||
|
logging.info(f"Attempting to delete mail with unique_id: {unique_id} by {recipient_id}")
|
||||||
conn = get_db_connection()
|
conn = get_db_connection()
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
try:
|
try:
|
||||||
c.execute("SELECT unique_id FROM mail WHERE unique_id = ?", (unique_id,))
|
c.execute("SELECT unique_id FROM mail WHERE unique_id = ? and recipient = ?", (unique_id, recipient_id,))
|
||||||
result = c.fetchone()
|
result = c.fetchone()
|
||||||
logging.debug(f"Fetch result for unique_id {unique_id}: {result}")
|
logging.debug(f"Fetch result for unique_id {unique_id}: {result}")
|
||||||
if result is None:
|
if result is None:
|
||||||
logging.error(f"No mail found with unique_id: {unique_id}")
|
logging.error(f"No mail found with unique_id: {unique_id}")
|
||||||
return # Early exit if no matching mail found
|
return # Early exit if no matching mail found
|
||||||
c.execute("DELETE FROM mail WHERE unique_id = ?", (unique_id,))
|
c.execute("DELETE FROM mail WHERE unique_id = ? and recipient = ?", (unique_id, recipient_id,))
|
||||||
conn.commit()
|
conn.commit()
|
||||||
send_delete_mail_to_bbs_nodes(unique_id, bbs_nodes, interface)
|
send_delete_mail_to_bbs_nodes(unique_id, bbs_nodes, interface)
|
||||||
logging.info(f"Mail with unique_id: {unique_id} deleted and sync message sent.")
|
logging.info(f"Mail with unique_id: {unique_id} deleted and sync message sent.")
|
||||||
|
|
Loading…
Reference in a new issue