[#792] Send email when mail_handler gets an email from an unknown user

app/models/mail_handler.rb

@@ -69,6 +69,7 @@ class MailHandler < ActionMailer::Base
       else
         # Default behaviour, emails from unknown users are ignored
         logger.info  "MailHandler: ignoring email from unknown user [#{sender_email}]" if logger && logger.info
+        Mailer.deliver_mail_handler_unauthorized_action(user, email.subject.to_s, :to => sender_email) if Setting.mail_handler_confirmation_on_failure
         return false
       end
     end

app/models/mailer.rb

@@ -309,6 +309,13 @@ class Mailer < ActionMailer::Base
     render_multipart('mail_handler_confirmation', body)
   end
 
+  def mail_handler_unauthorized_action(user, email_subject, options={})
+    recipients options[:to] || user.mail
+    subject l(:label_mail_handler_failure, :subject => email_subject)
+    body({})
+    render_multipart('mail_handler_unauthorized_action', body)
+  end
+  
   def test(user)
     redmine_headers 'Type' => "Test"
     set_language_if_valid(user.language)

app/views/mailer/mail_handler_unauthorized_action.text.html.rhtml

@@ -0,0 +1 @@
+<%= l(:notice_not_authorized_action) %>

app/views/mailer/mail_handler_unauthorized_action.text.plain.rhtml

@@ -0,0 +1 @@
+<%= l(:notice_not_authorized_action) %>

config/locales/en.yml

@@ -157,6 +157,7 @@ en:
   notice_file_not_found: The page you were trying to access doesn't exist or has been removed.
   notice_locking_conflict: Data has been updated by another user.
   notice_not_authorized: You are not authorized to access this page.
+  notice_not_authorized_action: You are not authorized to perform this action.
   notice_not_authorized_archived_project: The project you're trying to access has been archived.
   notice_email_sent: "An email was sent to %{value}"
   notice_email_error: "An error occurred while sending mail (%{value})"
@@ -819,6 +820,7 @@ en:
   label_deleted_custom_field: '(deleted custom field)'
   label_toc: "Contents"
   label_mail_handler_confirmation: "Confirmation of email submission: %{subject}"
+  label_mail_handler_failure: "Failed email submission: %{subject}"
   
   button_login: Login
   button_submit: Submit

test/unit/mail_handler_test.rb

@@ -450,6 +450,21 @@ class MailHandlerTest < ActiveSupport::TestCase
     assert_equal issue.subject, 'New ticket on a given project with a very long subject line which exceeds 255 chars and should not be ignored but chopped off. And if the subject line is still not long enough, we just add more text. And more text. Wow, this is really annoying. Especially, if you have nothing to say...'[0,255]
   end
 
+  context "with an email that performs an unauthorized action" do
+    should "deliver an email error confirmation" do
+      ActionMailer::Base.deliveries.clear
+      issue = submit_email('ticket_by_unknown_user.eml')
+      assert_equal false, issue
+      
+      assert_equal 1, ActionMailer::Base.deliveries.size
+      mail = ActionMailer::Base.deliveries.last
+      assert_not_nil mail
+      assert mail.to.include?('john.doe@somenet.foo')
+      assert mail.subject.include?('Failed email submission: Ticket by unknown user')
+      assert mail.body.include?('You are not authorized to perform this action')
+    end
+  end
+
   context "#receive_issue" do
     should "deliver an email confirmation when configured" do
       ActionMailer::Base.deliveries.clear
@@ -483,7 +498,7 @@ class MailHandlerTest < ActiveSupport::TestCase
       ActionMailer::Base.deliveries.clear
       m = submit_email('message_reply.eml')
 
-      assert_equal 2, ActionMailer::Base.deliveries.size
+      assert_equal 3, ActionMailer::Base.deliveries.size
       mail = ActionMailer::Base.deliveries.last
       assert_not_nil mail
       assert mail.subject.include?('[eCookbook]'), "Project name missing"