diff src/browser/sat_browser/plugin_sec_otr.py @ 556:3aef7c5c7d3a

browser_side (plugin OTR): popup a big warning if the correspondent's resource is unknown while trying to start/use an OTR session
author souliane <souliane@mailoo.org>
date Tue, 23 Sep 2014 09:32:10 +0200
parents ad18eb65b6db
children d0114855d6d4
line wrap: on
line diff
--- a/src/browser/sat_browser/plugin_sec_otr.py	Mon Sep 22 12:01:29 2014 +0200
+++ b/src/browser/sat_browser/plugin_sec_otr.py	Tue Sep 23 09:32:10 2014 +0200
@@ -37,6 +37,7 @@
 PRIVATE_KEY = "PRIVATE KEY"
 MAIN_MENU = D_('OTR encryption')
 DIALOG_EOL = "<br />"
+DIALOG_USERS_ML = D_("<a href='mailto:users@salut-a-toi.org?subject={subject}&body=Please give us some hints about how to reproduce the bug (your browser name and version, what you did and what happened)'>users@salut-a-toi.org</a>")
 
 AUTH_TRUSTED = D_("Verified")
 AUTH_UNTRUSTED = D_("Unverified")
@@ -89,6 +90,8 @@
 
 ACTION_NA_TITLE = D_("Impossible action")
 ACTION_NA = D_("Your correspondent must be connected to start an OTR conversation with him.")
+RESOURCE_ISSUE_TITLE = D_("Security issue")
+RESOURCE_ISSUE = D_("Your correspondent's resource is unknown!{eol}{eol}You should stop any OTR conversation with {jid} to avoid sending him unencrypted messages in an encrypted context.{eol}{eol}Please report the bug to the users mailing list: {users_ml}.")
 
 DEFAULT_POLICY_FLAGS = {
     'ALLOW_V2': True,
@@ -339,6 +342,12 @@
         log.debug(u"getContextForUser [%s]" % other_jid)
         if not other_jid.resource:
             log.error("getContextForUser called with a bare jid")
+            running_sessions = [jid.userhostJID() for jid in self.contexts.keys() if self.contexts[jid].state == otr.context.STATE_ENCRYPTED]
+            if start or (other_jid in running_sessions):
+                users_ml = DIALOG_USERS_ML.format(subject=D_("OTR issue in Libervia: getContextForUser called with a bare jid in an encrypted context"))
+                text = RESOURCE_ISSUE.format(eol=DIALOG_EOL, jid=other_jid.full(), users_ml=users_ml)
+                dialog.InfoDialog(RESOURCE_ISSUE_TITLE, text, AddStyleName="maxWidthLimit").show()
+            return None  # never start an OTR session with a bare JID
         if start:
             return self.startContext(other_jid)
         else:
@@ -488,7 +497,8 @@
         """
         def query(other_jid):
             otrctx = self.context_manager.getContextForUser(other_jid)
-            otrctx.sendQueryMessage()
+            if otrctx:
+                otrctx.sendQueryMessage()
 
         def cb(jid):
             key = self.context_manager.account.privkey