provide recommendation when email providers encrypt on disk

2025-04-07 09:56:47 +02:00 · 2025-04-07 09:56:47 +02:00 · 6f71c8b26e
parent 12c671387b
commit 6f71c8b26e
2 changed files with 51 additions and 2 deletions
--- a/src/keyserver_bot/hooks.py
+++ b/src/keyserver_bot/hooks.py
@ -32,7 +32,8 @@ def command(event):

    public_key = request_key_by_email(email)
    if not public_key:
-        return snapshot.chat.send_text(f"Sorry, I could not find a key for {email}.")
+        provider_recommendation = check_providers(snapshot.sender.get_snapshot().address, email)
+        return snapshot.chat.send_text(f"Sorry, I could not find a key for {email}." + provider_recommendation)

    vcard = construct_vcard(email, public_key)
    vcard_path = f"/tmp/{email}.vcf"
@ -50,6 +51,27 @@ def request_key_by_email(email) -> str:
    return public_key


+def check_providers(sender: str, receiver: str) -> str:
+    """Check if both providers store messages encrypted
+
+    :param sender: the email address of the user the bot is talking to
+    :param receiver: the email address the user requested a key for
+    :return: if both providers are safe, a recommendation that e2ee might not be needed
+    """
+    safe_providers = ["riseup.net", "systemli.org"]
+    s_domain = sender.split("@")[1]
+    r_domain = receiver.split("@")[1]
+    if s_domain in safe_providers and r_domain in safe_providers:
+        both = f" and {s_domain} both" if s_domain != r_domain else ""
+        recommendation = (
+            f"\n\nBut as {r_domain}{both} encrypt messages on their servers, "
+            "relying on end-to-end encryption is not as critical as with other recipients. "
+            "It is probably safe to send the message unencrypted."
+        )
+        return recommendation
+    return ""
+
+
@hooks.on(events.RawEvent)
 def cleanup(event):
    print(event)
--- a/tests/test_hooks.py
+++ b/tests/test_hooks.py
@ -2,7 +2,7 @@ import os
 from email_validator import validate_email, EmailNotValidError

 import pytest
-from keyserver_bot.hooks import request_key_by_email, delete_data
+from keyserver_bot.hooks import request_key_by_email, delete_data, check_providers
 from deltachat_rpc_client.pytestplugin import acfactory


@ -60,3 +60,30 @@ def test_validate_email(email, valid):
        validate_email(email, check_deliverability=False)
    except EmailNotValidError:
        assert not valid
+
+
+@pytest.mark.parametrize(
+    ("sender", "receiver", "safe"),
+    [
+        ("sen@example.org", "rec@example.org", ""),
+        ("sen@example.org", "rec@riseup.net", ""),
+        ("sen@systemli.org", "rec@example.org", ""),
+        (
+            "sen@systemli.org",
+            "rec@riseup.net",
+            "\n\nBut as riseup.net and systemli.org both encrypt messages on their servers, relying on end-to-end encryption is not as critical as with other recipients. It is probably safe to send the message unencrypted.",
+        ),
+        (
+            "sen@riseup.net",
+            "rec@systemli.org",
+            "\n\nBut as systemli.org and riseup.net both encrypt messages on their servers, relying on end-to-end encryption is not as critical as with other recipients. It is probably safe to send the message unencrypted.",
+        ),
+        (
+            "sen@systemli.org",
+            "rec@systemli.org",
+            "\n\nBut as systemli.org encrypt messages on their servers, relying on end-to-end encryption is not as critical as with other recipients. It is probably safe to send the message unencrypted.",
+        ),
+    ],
+)
+def test_check_providers(sender, receiver, safe):
+    assert check_providers(sender, receiver) == safe