#5878 Password protected messages compliance (#5879)

* feat: password protected messages compliance

* feat: added link support

* feat: target blank

* fix: term match

* fix: pr reviews

Author: Ioan Moldovan

conf/tsconfig.content_scripts.json

@@ -20,7 +20,9 @@
       "openpgp": ["../node_modules/openpgp/openpgp.d.ts"],
       "@openpgp/web-stream-tools": ["../node_modules/@openpgp/web-stream-tools/lib/index.d.ts"],
       "squire-rte": ["../node_modules/squire-rte/dist/types/Squire.d.ts"],
-      "undici-types": ["../node_modules/undici-types/index.d.ts", "COMMENT"]
+      "undici-types": ["../node_modules/undici-types/index.d.ts", "COMMENT"],
+      "linkifyHtml": ["../node_modules/linkify-html/dist/linkify-html.es.d.ts", "COMMENT"],
+      "linkifyjs": ["../node_modules/linkifyjs/dist/linkify.es.d.ts", "COMMENT"]
     },
     "typeRoots": ["../extension/types", "../extension/js/common/core/types"]
   },

extension/chrome/elements/compose-modules/compose-err-module.ts

@@ -16,6 +16,8 @@ import { ViewModule } from '../../../js/common/view-module.js';
 import { ComposeView } from '../compose.js';
 import { AjaxErrMsgs } from '../../../js/common/api/shared/api-error.js';
 import { Lang } from '../../../js/common/lang.js';
+import linkifyHtml from 'linkifyHtml';
+import { MsgUtil } from '../../../js/common/core/crypto/pgp/msg-util.js';
 
 export class ComposerUserError extends Error {}
 class ComposerNotReadyError extends ComposerUserError {}
@@ -160,6 +162,11 @@ export class ComposeErrModule extends ViewModule<ComposeView> {
   };
 
   public throwIfEncryptionPasswordInvalidOrDisabled = async ({ subject, pwd }: { subject: string; pwd?: string }) => {
+    const disallowedPasswordMessageTerms = this.view.clientConfiguration.getDisallowPasswordMessagesForTerms();
+    const disallowedPasswordMessageErrorText = this.view.clientConfiguration.getDisallowPasswordMessagesErrorText();
+    if (disallowedPasswordMessageErrorText && disallowedPasswordMessageTerms && !MsgUtil.isPasswordMessageEnabled(subject, disallowedPasswordMessageTerms)) {
+      throw new ComposerUserError(linkifyHtml(disallowedPasswordMessageErrorText, { target: '_blank' }));
+    }
     // When DISABLE_FLOWCRYPT_HOSTED_PASSWORD_MESSAGES present, and recipients are missing a public key, and the user is using flowcrypt.com/shared-tenant-fes (not FES)
     if (this.view.clientConfiguration.shouldDisableFlowCryptHostedPasswordMessages() && !this.view.isCustomerUrlFesUsed()) {
       throw new ComposerUserError(Lang.compose.addMissingRecipientPubkeys);

extension/chrome/elements/compose.htm

@@ -254,6 +254,8 @@ <h1 id="header_title" data-test="header-title">New Secure Message</h1>
     <script src="/lib/zxcvbn.js"></script>
     <script src="/lib/iso-8859-2.js"></script>
     <script src="/lib/forge.js"></script>
+    <script src="/lib/linkify.min.js"></script>
+    <script src="/lib/linkify-html.min.js"></script>
     <script src="compose.js" type="module"></script>
   </body>
 </html>

extension/js/common/client-configuration.ts

@@ -33,6 +33,8 @@ export type ClientConfigurationJson = {
   enforce_keygen_expire_months?: number;
   in_memory_pass_phrase_session_length?: number;
   prv_backup_to_designated_mailbox?: string;
+  disallow_password_messages_for_terms?: string[];
+  disallow_password_messages_error_text?: string;
 };
 /* eslint-enable @typescript-eslint/naming-convention */
 
@@ -110,6 +112,21 @@ export class ClientConfiguration {
     return this.clientConfigurationJson.enforce_keygen_expire_months;
   };
 
+  /**
+   * An array of strings to check against the subject of the composed password-protected message.
+   * If any string in this array is found in the subject, an error alert must be displayed.
+   */
+  public getDisallowPasswordMessagesForTerms = (): string[] | undefined => {
+    return this.clientConfigurationJson.disallow_password_messages_for_terms?.filter(term => !!term);
+  };
+
+  /**
+   * The text to be displayed in the password message terms error alert
+   */
+  public getDisallowPasswordMessagesErrorText = (): string | undefined => {
+    return this.clientConfigurationJson.disallow_password_messages_error_text;
+  };
+
   /**
    * pass phrase session length to be configurable with client configuraiton
    * default 4 hours

extension/js/common/core/crypto/pgp/msg-util.ts

@@ -306,6 +306,31 @@ export class MsgUtil {
     return diagnosis;
   }
 
+  public static isPasswordMessageEnabled(subject: string, disallowTerms: string[]) {
+    if (!subject || !Array.isArray(disallowTerms)) {
+      return true; // If no subject or no terms to disallow, assume enabled
+    }
+
+    const lowerSubject = subject.toLowerCase();
+
+    for (const term of disallowTerms) {
+      // Escape term for regex
+      const escapedTerm = term.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      // Use regex to ensure the term appears as a separate token
+      // (^|\W) ensures the term is at start or preceded by non-word char
+      // (\W|$) ensures the term is followed by non-word char or end
+      const regex = new RegExp(`(^|\\W)${escapedTerm}(\\W|$)`, 'i');
+
+      if (regex.test(lowerSubject)) {
+        // Found a disallowed term as a separate token
+        return false;
+      }
+    }
+
+    // No disallowed terms found as exact matches
+    return true;
+  }
+
   private static async getSortedKeys(kiWithPp: KeyInfoWithIdentityAndOptionalPp[], msg: OpenPGP.Message<OpenPGP.Data>): Promise<SortedKeysForDecrypt> {
     const keys: SortedKeysForDecrypt = {
       encryptedFor: [],

test/source/mock/fes/shared-tenant-fes-endpoints.ts

@@ -49,6 +49,8 @@ export type FesClientConfiguration = {
   allow_keys_openpgp_org_search_only_for_domains?: string[];
   disallow_keys_openpgp_org_search_for_domains?: string[];
   prv_backup_to_designated_mailbox?: string;
+  disallow_password_messages_for_terms?: string[];
+  disallow_password_messages_error_text?: string;
 };
 /* eslint-enable @typescript-eslint/naming-convention */
 

test/source/tests/compose.ts

@@ -236,6 +236,43 @@ export const defineComposeTests = (testVariant: TestVariant, testWithBrowser: Te
       })
     );
 
+    test(
+      '[email protected] - disallow password  protected message terms',
+      testWithBrowser(async (t, browser) => {
+        const acct = '[email protected]';
+        const rules = getKeyManagerAutogenRules(t.context.urls!.port!);
+        const disallowedPasswordMessageErrorText = 'Password-protected messages are disabled. Please check https://test.com';
+
+        t.context.mockApi!.configProvider = new ConfigurationProvider({
+          attester: {
+            pubkeyLookup: {},
+          },
+          ekm: {
+            keys: [testConstants.existingPrv],
+          },
+          fes: {
+            clientConfiguration: {
+              ...rules,
+              // eslint-disable-next-line @typescript-eslint/naming-convention
+              disallow_password_messages_for_terms: ['forbidden', 'test'],
+              // eslint-disable-next-line @typescript-eslint/naming-convention
+              disallow_password_messages_error_text: disallowedPasswordMessageErrorText,
+            },
+          },
+        });
+        const settingsPage = await BrowserRecipe.openSettingsLoginApprove(t, browser, acct);
+        await SetupPageRecipe.autoSetupWithEKM(settingsPage);
+        const composePage = await ComposePageRecipe.openStandalone(t, browser, acct);
+        await ComposePageRecipe.fillMsg(composePage, { to: '[email protected]' }, 'forbidden subject');
+        await composePage.waitAndClick('@action-send', { delay: 1 });
+        await PageRecipe.checkModalLink(composePage, 'error', 'https://test.com');
+        await PageRecipe.waitForModalAndRespond(composePage, 'error', {
+          contentToCheck: disallowedPasswordMessageErrorText,
+          clickOn: 'confirm',
+        });
+      })
+    );
+
     test(
       'compose - signed with entered pass phrase + will remember pass phrase in session',
       testWithBrowser(async (t, browser) => {

test/source/tests/page-recipe/abstract-page-recipe.ts

@@ -39,6 +39,16 @@ export abstract class PageRecipe {
     }
   };
 
+  public static checkModalLink = async (controllable: Controllable, type: ModalType, linktoCheck: string) => {
+    const modalContainer = await controllable.waitAny(`.ui-modal-${type}`, { timeout: 15 });
+    const contentElement = await modalContainer.$('.swal2-html-container a');
+
+    const actualLink = await PageRecipe.getElementPropertyJson(contentElement!, 'textContent');
+    if (!actualLink.includes(linktoCheck)) {
+      throw new Error(`Expected link "${linktoCheck}" not found. Actual content: "${actualLink}"`);
+    }
+  };
+
   public static waitForToastToAppearAndDisappear = async (controllable: Controllable, containsText: string | RegExp): Promise<void> => {
     await controllable.waitForContent('.ui-toast-title', containsText);
     await controllable.waitTillGone('.ui-toast-title');

test/source/tests/unit-node.ts

@@ -904,6 +904,31 @@ ${testConstants.smimeCert}`),
       t.pass();
     });
 
+    test('[unit][MsgUtil.isPasswordMesageEnabled] test password protected message compliance', async t => {
+      const disallowTerms = ['[Classification: Data Control: Internal Data Control]', 'droid', 'forbidden data'];
+
+      const subjectsToTestObj: { [key: string]: boolean } = {
+        '[Classification: Data Control: Internal Data Control] Quarter results': false,
+        'Conference information [Classification: Data Control: Internal Data Control]': false,
+        'Classification: Data Control: Internal Data Control - Tomorrow meeting': true,
+        'Internal Data Control - Finance monitoring': true,
+        // term check should work only for exact matches - if we have droid in the list of strings,
+        // password-protected messages shouldn't be disabled for subjects with Android word
+        'Android phone update': true,
+        'droid phone': false,
+        // Check for case insensitive
+        'DROiD phone': false,
+        '[forbidden data] year results': false,
+      };
+
+      for (const subject of Object.keys(subjectsToTestObj)) {
+        const expectedValue = subjectsToTestObj[subject];
+        const result = MsgUtil.isPasswordMessageEnabled(subject, disallowTerms);
+        expect(expectedValue).to.equal(result);
+      }
+      t.pass();
+    });
+
     test('[unit][KeyUtil.parse] Correctly extracting email from SubjectAltName of S/MIME certificate', async t => {
       /*
             // generate a key pair