0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-22 06:12:55 -05:00
forgejo/services/mailer/mail_repo.go
KN4CK3R 21dd4a252a
Prevent multiple To recipients (#22566)
Change the mailer interface to prevent leaking of possible hidden email
addresses when sending to multiple recipients.

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2023-01-22 08:23:52 -06:00

93 lines
2.7 KiB
Go

// Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package mailer
import (
"bytes"
"context"
"fmt"
"code.gitea.io/gitea/models/organization"
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/translation"
)
// SendRepoTransferNotifyMail triggers a notification e-mail when a pending repository transfer was created
func SendRepoTransferNotifyMail(ctx context.Context, doer, newOwner *user_model.User, repo *repo_model.Repository) error {
if setting.MailService == nil {
// No mail service configured
return nil
}
if newOwner.IsOrganization() {
users, err := organization.GetUsersWhoCanCreateOrgRepo(ctx, newOwner.ID)
if err != nil {
return err
}
langMap := make(map[string][]string)
for _, user := range users {
if !user.IsActive {
// don't send emails to inactive users
continue
}
langMap[user.Language] = append(langMap[user.Language], user.Email)
}
for lang, tos := range langMap {
if err := sendRepoTransferNotifyMailPerLang(lang, newOwner, doer, tos, repo); err != nil {
return err
}
}
return nil
}
return sendRepoTransferNotifyMailPerLang(newOwner.Language, newOwner, doer, []string{newOwner.Email}, repo)
}
// sendRepoTransferNotifyMail triggers a notification e-mail when a pending repository transfer was created for each language
func sendRepoTransferNotifyMailPerLang(lang string, newOwner, doer *user_model.User, emails []string, repo *repo_model.Repository) error {
var (
locale = translation.NewLocale(lang)
content bytes.Buffer
)
destination := locale.Tr("mail.repo.transfer.to_you")
subject := locale.Tr("mail.repo.transfer.subject_to_you", doer.DisplayName(), repo.FullName())
if newOwner.IsOrganization() {
destination = newOwner.DisplayName()
subject = locale.Tr("mail.repo.transfer.subject_to", doer.DisplayName(), repo.FullName(), destination)
}
data := map[string]interface{}{
"Doer": doer,
"User": repo.Owner,
"Repo": repo.FullName(),
"Link": repo.HTMLURL(),
"Subject": subject,
"Language": locale.Language(),
"Destination": destination,
// helper
"locale": locale,
"Str2html": templates.Str2html,
"DotEscape": templates.DotEscape,
}
if err := bodyTemplates.ExecuteTemplate(&content, string(mailRepoTransferNotify), data); err != nil {
return err
}
for _, to := range emails {
msg := NewMessage(to, subject, content.String())
msg.Info = fmt.Sprintf("UID: %d, repository pending transfer notification", newOwner.ID)
SendAsync(msg)
}
return nil
}