Skip to content

inbound_email: add support for signed email addresses

These utilities allow us to generate addresses of the form <localpart>+<integer>.<signature>@<domain>, where the integer is the primary key of a given object for which we want to track email exchanges. The signature prevents the addresses from being forged, that is, the addresses have to be explicitly generated and displayed by the web app to be discovered.

The counterpart function retrieves all relevant email addresses from the list of recipients of an email message, and validates the signatures to recover the integer values that won't have been tampered with.

These new utilities are expected to be used in the views and signal handlers pertaining to processing of inbound email messages.

Related to T3999

Depends on !778 (closed)

Test Plan

targeted tests have been added


Migrated from D7499 (view on Phabricator)

Merge request reports