From 15f6f57cdcebc7583ddb5a311174d10a7300ae4a Mon Sep 17 00:00:00 2001
From: Blake Erickson <o.blakeerickson@gmail.com>
Date: Fri, 8 Nov 2019 17:28:48 -0700
Subject: [PATCH] DEV: Add update message for an outdated mail-receiver

Previous versions of the mail-receiver used query based api credentials,
if we detect this we will show a message in the admin panel to update
the mail receiver.
---
 app/models/admin_dashboard_data.rb        |  3 ++-
 config/locales/server.en.yml              |  1 +
 lib/auth/default_current_user_provider.rb | 11 +++++++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/models/admin_dashboard_data.rb b/app/models/admin_dashboard_data.rb
index 0ef9960d1b8..288158eb329 100644
--- a/app/models/admin_dashboard_data.rb
+++ b/app/models/admin_dashboard_data.rb
@@ -85,7 +85,8 @@ class AdminDashboardData
       'dashboard.bad_favicon_url',
       'dashboard.poll_pop3_timeout',
       'dashboard.poll_pop3_auth_error',
-      'dashboard.deprecated_api_usage'
+      'dashboard.deprecated_api_usage',
+      'dashboard.update_mail_receiver'
     ]
 
     add_problem_check :rails_env_check, :host_names_check, :force_https_check,
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index dac88f2d938..6d3cefe3056 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -1339,6 +1339,7 @@ en:
     missing_mailgun_api_key: "The server is configured to send emails via Mailgun but you haven't provided an API key used to verify the webhook messages."
     bad_favicon_url: "The favicon is failing to load. Check your favicon setting in <a href='%{base_path}/admin/site_settings'>Site Settings</a>."
     deprecated_api_usage: "We detected an API request using a deprecated authentication method. Please update it to use <a href='https://meta.discourse.org/t/discourse-api-documentation/22706'>header based auth</a>."
+    update_mail_receiver: "We detected an outdated version of mail-receiver. Please ssh into this server and run `/var/discourse/launcher rebuild mail-receiver`."
     poll_pop3_timeout: "Connection to the POP3 server is timing out. Incoming email could not be retrieved. Please check your <a href='%{base_path}/admin/site_settings/category/email'>POP3 settings</a> and service provider."
     poll_pop3_auth_error: "Connection to the POP3 server is failing with an authentication error. Please check your <a href='%{base_path}/admin/site_settings/category/email'>POP3 settings</a>."
     force_https_warning: "Your website is using SSL. But `<a href='%{base_path}/admin/site_settings/category/all_results?filter=force_https'>force_https</a>` is not yet enabled in your site settings."
diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 353555880ec..3f405233ccd 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -283,9 +283,16 @@ class Auth::DefaultCurrentUserProvider
   def lookup_api_user(api_key_value, request)
     if api_key = ApiKey.active.where(key: api_key_value).includes(:user).first
       api_username = header_api_key? ? @env[HEADER_API_USERNAME] : request[API_USERNAME]
+
+      # Check for deprecated api auth
       if !header_api_key?
-        # Notify admins of deprecated auth method
-        AdminDashboardData.add_problem_message('dashboard.deprecated_api_usage', 1.day)
+        if request.path == "/admin/email/handle_mail"
+          # Notify admins that the mail receiver is still using query auth and to update
+          AdminDashboardData.add_problem_message('dashboard.update_mail_receiver', 1.day)
+        else
+          # Notify admins of deprecated auth method
+          AdminDashboardData.add_problem_message('dashboard.deprecated_api_usage', 1.day)
+        end
       end
 
       if api_key.allowed_ips.present? && !api_key.allowed_ips.any? { |ip| ip.include?(request.ip) }