Mercurial > libervia-web
diff src/browser/sat_browser/plugin_sec_otr.py @ 556:3aef7c5c7d3a
browser_side (plugin OTR): popup a big warning if the correspondent's resource is unknown while trying to start/use an OTR session
author | souliane <souliane@mailoo.org> |
---|---|
date | Tue, 23 Sep 2014 09:32:10 +0200 |
parents | ad18eb65b6db |
children | d0114855d6d4 |
line wrap: on
line diff
--- a/src/browser/sat_browser/plugin_sec_otr.py Mon Sep 22 12:01:29 2014 +0200 +++ b/src/browser/sat_browser/plugin_sec_otr.py Tue Sep 23 09:32:10 2014 +0200 @@ -37,6 +37,7 @@ PRIVATE_KEY = "PRIVATE KEY" MAIN_MENU = D_('OTR encryption') DIALOG_EOL = "<br />" +DIALOG_USERS_ML = D_("<a href='mailto:users@salut-a-toi.org?subject={subject}&body=Please give us some hints about how to reproduce the bug (your browser name and version, what you did and what happened)'>users@salut-a-toi.org</a>") AUTH_TRUSTED = D_("Verified") AUTH_UNTRUSTED = D_("Unverified") @@ -89,6 +90,8 @@ ACTION_NA_TITLE = D_("Impossible action") ACTION_NA = D_("Your correspondent must be connected to start an OTR conversation with him.") +RESOURCE_ISSUE_TITLE = D_("Security issue") +RESOURCE_ISSUE = D_("Your correspondent's resource is unknown!{eol}{eol}You should stop any OTR conversation with {jid} to avoid sending him unencrypted messages in an encrypted context.{eol}{eol}Please report the bug to the users mailing list: {users_ml}.") DEFAULT_POLICY_FLAGS = { 'ALLOW_V2': True, @@ -339,6 +342,12 @@ log.debug(u"getContextForUser [%s]" % other_jid) if not other_jid.resource: log.error("getContextForUser called with a bare jid") + running_sessions = [jid.userhostJID() for jid in self.contexts.keys() if self.contexts[jid].state == otr.context.STATE_ENCRYPTED] + if start or (other_jid in running_sessions): + users_ml = DIALOG_USERS_ML.format(subject=D_("OTR issue in Libervia: getContextForUser called with a bare jid in an encrypted context")) + text = RESOURCE_ISSUE.format(eol=DIALOG_EOL, jid=other_jid.full(), users_ml=users_ml) + dialog.InfoDialog(RESOURCE_ISSUE_TITLE, text, AddStyleName="maxWidthLimit").show() + return None # never start an OTR session with a bare JID if start: return self.startContext(other_jid) else: @@ -488,7 +497,8 @@ """ def query(other_jid): otrctx = self.context_manager.getContextForUser(other_jid) - otrctx.sendQueryMessage() + if otrctx: + otrctx.sendQueryMessage() def cb(jid): key = self.context_manager.account.privkey