-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include username in email headers #28981
Conversation
services/mailer/mail.go
Outdated
msg := NewMessageFrom(recipient.Email, ctx.Doer.DisplayName(), setting.MailService.FromEmail, subject, mailBody.String()) | ||
msg := NewMessageFrom( | ||
recipient.Email, | ||
fmt.Sprintf("%s (@%s)", ctx.Doer.DisplayName(), ctx.Doer.Name), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this value should be offered as a method in /models/user/user.go
instead.
Perhaps something like GetCompleteName
?
That way, it can be used by other parts as well.
Emails from Gitea comments do not contain the username of the commenter anywhere, only their display name, so it is not possible to verify who made a comment from the email itself: From: "Alice" <email@gitea> X-Gitea-Sender: Alice X-Gitea-Recipient: Bob X-GitHub-Sender: Alice X-GitHub-Recipient: Bob This comment looks like it's from @alice. The X-Gitea/X-GitHub headers also use display names, which is not very reliable for filtering, and inconsistent with GitHub's behavior: X-GitHub-Sender: lunny X-GitHub-Recipient: gwymor This change includes both the display name and username in the From header, and switches the other headers from display name to username: From: "Alice (@fakeAlice)" <email@gitea> X-Gitea-Sender: fakealice X-Gitea-Recipient: bob X-GitHub-Sender: fakealice X-GitHub-Recipient: bob This comment looks like it's from @alice.
0faf27f
to
6d8f2e1
Compare
// GetCompleteName returns the the full name and username in the form of | ||
// "Full Name (@username)" if full name is not empty, otherwise it returns | ||
// "@username". | ||
func (u *User) GetCompleteName() string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is quite confusing to introduce this "common" function into the User model.
For example:
- There is already
GetDisplayName
andDisplayName
- Why the
GetCompleteName
has an@
, is it a general approch .....
(I know the old code is not good, but introducing a new GetCompleteName here makes things more complex ....)
* giteaofficial/main: Add `must-change-password` cli parameter (go-gitea#27626) Include username in email headers (go-gitea#28981) Update tool dependencies (go-gitea#29030) Add artifacts v4 jwt to job message and accept it (go-gitea#28885) Pass es2020 to esbuild-loader as well (go-gitea#29027) Fix default avatar image size in PR diff page (go-gitea#28971) Update JS and PY dependencies, build for `es2020` browsers (go-gitea#28977)
@wxiaoguang What displays that message? Are you aware of email providers/stacks that will take that as a sign of spam/phishing and flag the message? I would hope nothing would make that mistake as there's no user-part before the If email providers do, we should probably drop the When a user has no display name the sender currently falls back to |
I copied this screenshot from a user's feedback. I think the root problem is that using (ps: I just shared the information here, but I haven't really looked into the problem nor I need this feature 🤣 ) |
I don't want this to get lost, so I'm gonna open a new issue about it, and lock this thread. I'll ping everyone here, over there. |
Emails from Gitea comments do not contain the username of the commenter
anywhere, only their display name, so it is not possible to verify who
made a comment from the email itself:
The X-Gitea/X-GitHub headers also use display names, which is not very
reliable for filtering, and inconsistent with GitHub's behavior:
This change includes both the display name and username in the From
header, and switches the other headers from display name to username: