FEATURE: Allow email image embed with secure media (#10563)

This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2025-02-25 18:55:32 -06:00 · 2020-09-10 09:50:16 +10:00
parent d260e42c8a
commit dede942007
11 changed files with 248 additions and 98 deletions
--- a/lib/email/styles.rb
+++ b/lib/email/styles.rb
@@ -198,7 +198,6 @@ module Email
      style('code', 'background-color: #f1f1ff; padding: 2px 5px;')
      style('pre code', 'display: block; background-color: #f1f1ff; padding: 5px;')
      style('.featured-topic a', "text-decoration: none; font-weight: bold; color: #{SiteSetting.email_link_color}; line-height:1.5em;")
-      style('.secure-image-notice', 'font-style: italic; background-color: #f1f1ff; padding: 5px;')
      style('.summary-email', "-moz-box-sizing:border-box;-ms-text-size-adjust:100%;-webkit-box-sizing:border-box;-webkit-text-size-adjust:100%;box-sizing:border-box;color:#0a0a0a;font-family:Helvetica,Arial,sans-serif;font-size:14px;font-weight:400;line-height:1.3;margin:0;min-width:100%;padding:0;width:100%")

      style('.previous-discussion', 'font-size: 17px; color: #444; margin-bottom:10px;')
@@ -237,10 +236,40 @@ module Email
      @@plugin_callbacks.each { |block| block.call(@fragment, @opts) }
    end

+    def inline_secure_images(attachments)
+      stripped_media = @fragment.css('[data-stripped-secure-media]')
+      upload_shas = {}
+      stripped_media.each do |div|
+        url = div['data-stripped-secure-media']
+        filename = File.basename(url)
+        sha1 = filename.gsub(File.extname(filename), "")
+        upload_shas[url] = sha1
+      end
+      uploads = Upload.select(:original_filename, :sha1).where(sha1: upload_shas.values)
+
+      stripped_media.each do |div|
+        upload = uploads.find { |upl| upl.sha1 == upload_shas[div['data-stripped-secure-media']] }
+        next if !upload
+
+        original_filename = upload.original_filename
+
+        if attachments[original_filename]
+          url = attachments[original_filename].url
+
+          div.add_next_sibling(
+            "<img src=\"#{url}\" data-embedded-secure-image=\"true\" style=\"max-width: 50%; max-height: 400px;\" />"
+          )
+          div.remove
+        end
+      end
+    end
+
    def to_html
+      # needs to be before class + id strip because we need to style redacted
+      # media and also not double-redact already redacted from lower levels
+      replace_secure_media_urls
      strip_classes_and_ids
      replace_relative_urls
-      replace_secure_media_urls

      if SiteSetting.preserve_email_structure_when_styling
        @fragment.to_html
@@ -249,6 +278,10 @@ module Email
      end
    end

+    def to_s
+      @fragment.to_s
+    end
+
    def include_body?
      @html =~ /<body>/i
    end
@@ -267,8 +300,6 @@ module Email
          img.remove
        end
      end
-
-      @fragment.to_s
    end

    def make_all_links_absolute
@@ -298,19 +329,12 @@ module Email
    end

    def replace_secure_media_urls
-      @fragment.css('[href]').each do |a|
-        if Upload.secure_media_url?(a['href'])
-          a.add_next_sibling "<p class='secure-media-notice'>#{I18n.t("emails.secure_media_placeholder")}</p>"
-          a.remove
-        end
-      end
+      # strip again, this can be done at a lower level like in the user
+      # notification template but that may not catch everything
+      PrettyText.strip_secure_media(@fragment)

-      @fragment.search('img[src]').each do |img|
-        if Upload.secure_media_url?(img['src'])
-          img.add_next_sibling "<p class='secure-media-notice'>#{I18n.t("emails.secure_media_placeholder")}</p>"
-          img.remove
-        end
-      end
+      style('div.secure-media-notice', 'border: 5px solid #e9e9e9; padding: 5px; display: inline-block;')
+      style('div.secure-media-notice a', "color: #{SiteSetting.email_link_color}")
    end

    def correct_first_body_margin