Include username in email headers #28981
Conversation
GiteaBot
added
the
lgtm/need 2
pull-request-size
bot
added
the
size/S
services/mailer/mail.go
Outdated
| msg := NewMessageFrom(recipient.Email, ctx.Doer.DisplayName(), setting.MailService.FromEmail, subject, mailBody.String()) | ||
| msg := NewMessageFrom( | ||
| recipient.Email, | ||
| fmt.Sprintf("%s (@%s)", ctx.Doer.DisplayName(), ctx.Doer.Name), |
There was a problem hiding this comment.
I think this value should be offered as a method in /models/user/user.go instead.
Perhaps something like GetCompleteName?
That way, it can be used by other parts as well.
Emails from Gitea comments do not contain the username of the commenter anywhere, only their display name, so it is not possible to verify who made a comment from the email itself: From: "Alice" <email@gitea> X-Gitea-Sender: Alice X-Gitea-Recipient: Bob X-GitHub-Sender: Alice X-GitHub-Recipient: Bob This comment looks like it's from @alice. The X-Gitea/X-GitHub headers also use display names, which is not very reliable for filtering, and inconsistent with GitHub's behavior: X-GitHub-Sender: lunny X-GitHub-Recipient: gwymor This change includes both the display name and username in the From header, and switches the other headers from display name to username: From: "Alice (@fakeAlice)" <email@gitea> X-Gitea-Sender: fakealice X-Gitea-Recipient: bob X-GitHub-Sender: fakealice X-GitHub-Recipient: bob This comment looks like it's from @alice.
gwymor
force-pushed
the
username-in-email-headers
branch
from
0faf27f
to
6d8f2e1
Compare
pull-request-size
bot
added
size/M
GiteaBot
added
lgtm/need 1
GiteaBot
added
lgtm/done
| // GetCompleteName returns the the full name and username in the form of | ||
| // "Full Name (@username)" if full name is not empty, otherwise it returns | ||
| // "@username". | ||
| func (u *User) GetCompleteName() string { |
There was a problem hiding this comment.
It is quite confusing to introduce this "common" function into the User model.
For example:
- There is already
GetDisplayNameandDisplayName - Why the
GetCompleteNamehas an@, is it a general approch .....
(I know the old code is not good, but introducing a new GetCompleteName here makes things more complex ....)
* giteaofficial/main: Add `must-change-password` cli parameter (go-gitea#27626) Include username in email headers (go-gitea#28981) Update tool dependencies (go-gitea#29030) Add artifacts v4 jwt to job message and accept it (go-gitea#28885) Pass es2020 to esbuild-loader as well (go-gitea#29027) Fix default avatar image size in PR diff page (go-gitea#28971) Update JS and PY dependencies, build for `es2020` browsers (go-gitea#28977)
|
And maybe it should be reverted (or fixed):
|
|
@wxiaoguang What displays that message? Are you aware of email providers/stacks that will take that as a sign of spam/phishing and flag the message? I would hope nothing would make that mistake as there's no user-part before the If email providers do, we should probably drop the When a user has no display name the sender currently falls back to |
I copied this screenshot from a user's feedback. I think the root problem is that using (ps: I just shared the information here, but I haven't really looked into the problem nor I need this feature 🤣 ) |
|
I don't want this to get lost, so I'm gonna open a new issue about it, and lock this thread. I'll ping everyone here, over there. |
Emails from Gitea comments do not contain the username of the commenter
anywhere, only their display name, so it is not possible to verify who
made a comment from the email itself:
The X-Gitea/X-GitHub headers also use display names, which is not very
reliable for filtering, and inconsistent with GitHub's behavior:
This change includes both the display name and username in the From
header, and switches the other headers from display name to username: