zephyr_mirror: Require zcrypt when mirroring to invite-only streams.

(imported from commit 1b88a8fc9bc26f2f9b1bb3f037093f85255feb17)
2025-11-10 08:56:10 +00:00 · 2013-08-27 18:01:50 -04:00
parent ddd790e642
commit 77dbbe7f23
3 changed files with 44 additions and 20 deletions
--- a/bots/zephyr_mirror_backend.py
+++ b/bots/zephyr_mirror_backend.py
@@ -612,6 +612,10 @@ def zcrypt_encrypt_content(zephyr_class, instance, content):
    return encrypted
 def forward_to_zephyr(message):
    support_heading = "Hi there! This is an automated message from Zulip."
    support_closing = """If you have any questions, please be in touch through the \
 Feedback tab or at support@zulip.com."""
    wrapper = textwrap.TextWrapper(break_long_words=False, break_on_hyphens=False)
    wrapped_content = "\n".join("\n".join(wrapper.wrap(line))
            for line in message["content"].replace("@", "@@").split("\n"))
@@ -658,21 +662,29 @@ def forward_to_zephyr(message):
        logger.info("Forwarding message to %s" % (recipients,))
        zwrite_args.extend(recipients)
-    if message['type'] == "stream":
+    if message.get("invite_only_stream"):
        result = zcrypt_encrypt_content(zephyr_class, instance, wrapped_content)
-        if result is not None:
+        if result is None:
-            wrapped_content = result
+            return send_error_zulip("""%s
-            zwrite_args.extend(["-O", "crypt"])
+
 Your Zulip-Zephyr mirror bot was unable to forward that last message \
 from Zulip to Zephyr because you were sending to a zcrypted Zephyr \
 class and your mirroring bot does not have access to the relevant \
 key (perhaps because your AFS tokens expired). That means that while \
 Zulip users (like you) received it, Zephyr users did not.
 %s""" % (support_heading, support_closing))
            return
        # Proceed with sending a zcrypted message
        wrapped_content = result
        zwrite_args.extend(["-O", "crypt"])
    if options.test_mode:
        logger.debug("Would have forwarded: %s\n%s" %
                     (zwrite_args, wrapped_content.encode("utf-8")))
        return
    heading = "Hi there! This is an automated message from Zulip."
    support_closing = """If you have any questions, please be in touch through the \
 Feedback tab or at support@zulip.com."""
    (code, stderr) = send_authed_zephyr(zwrite_args, wrapped_content)
    if code == 0 and stderr == "":
        return
@@ -684,7 +696,7 @@ returned the following warning:
 %s
-%s""" % (heading, stderr, support_closing))
+%s""" % (support_heading, stderr, support_closing))
    elif code != 0 and (stderr.startswith("zwrite: Ticket expired while sending notice to ") or
                        stderr.startswith("zwrite: No credentials cache found while sending notice to ")):
        # Retry sending the message unauthenticated; if that works,
@@ -701,7 +713,7 @@ but please renew your Kerberos tickets in the screen session where you \
 are running the Zulip-Zephyr mirroring bot, so we can send \
 authenticated Zephyr messages for you again.
-%s""" % (heading, support_closing))
+%s""" % (support_heading, support_closing))
    # zwrite failed and it wasn't because of expired tickets: This is
    # probably because the recipient isn't subscribed to personals,
@@ -714,7 +726,7 @@ received it, Zephyr users did not.  The error message from zwrite was:
 %s
-%s""" % (heading, stderr, support_closing))
+%s""" % (support_heading, stderr, support_closing))
 def maybe_forward_to_zephyr(message):
    if (message["sender_email"] == zulip_account_email):
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -304,6 +304,8 @@ def do_send_messages(messages):
            if message['stream'].is_public():
                data['realm_id'] = message['stream'].realm.id
                data['stream_name'] = message['stream'].name
            if message['stream'].invite_only:
                data['invite_only'] = True
        tornado_callbacks.send_notification(data)
    # Note that this does not preserve the order of message ids
--- a/zerver/tornado_callbacks.py
+++ b/zerver/tornado_callbacks.py
@@ -296,16 +296,26 @@ def process_new_message(data):
        user_receive_message(user_profile_id, message)
        for client in get_client_descriptors_for_user(user_profile_id):
            if not client.accepts_event_type('message'):
                continue
            # The below prevents (Zephyr) mirroring loops.
-            if client.accepts_event_type('message') and not \
+            if ('mirror' in message.sending_client.name and
-                    ('mirror' in message.sending_client.name and
+                message.sending_client == client.client_type):
-                     message.sending_client == client.client_type):
+                continue
-                if client.apply_markdown:
+
-                    message_dict = message_dict_markdown
+            if client.apply_markdown:
-                else:
+                message_dict = message_dict_markdown
-                    message_dict = message_dict_no_markdown
+            else:
-                event = dict(type='message', message=message_dict, flags=flags)
+                message_dict = message_dict_no_markdown
-                client.add_event(event)
+
            # Make sure Zephyr mirroring bots know whether stream is invite-only
            if "mirror" in client.client_type.name and data.get("invite_only"):
                message_dict = message_dict.copy()
                message_dict["invite_only_stream"] = True
            event = dict(type='message', message=message_dict, flags=flags)
            client.add_event(event)
        # If the recipient was offline and the message was a single or group PM to him
        # or she was @-notified potentially notify more immediately