Guess holding pen emails based on having a correct hash and an incorrect id. Closes #117

1 files changed, 27 insertions, 10 deletions

diff --git a/app/models/info_request.rb b/app/models/info_request.rb
index 158e6319e..419546c99 100644
--- a/app/models/info_request.rb
+++ b/app/models/info_request.rb
@@ -17,7 +17,6 @@
 #  allow_new_responses_from  :string(255)     default("anybody"), not null
 #  handle_rejected_responses :string(255)     default("bounce"), not null
 #
-
 # models/info_request.rb:
 # A Freedom of Information request.
 #
@@ -309,13 +308,20 @@ public
 
     # Return list of info requests which *might* be right given email address
     # e.g. For the id-hash email addresses, don't match the hash.
-    def InfoRequest.guess_by_incoming_email(incoming_email)
-        id, hash = InfoRequest._extract_id_hash_from_email(incoming_email)
-        begin
-            return [InfoRequest.find(id)]
-        rescue ActiveRecord::RecordNotFound
-            return []
+    def InfoRequest.guess_by_incoming_email(incoming_message)
+        guesses = []
+        # 1. Try to guess based on the email address(es)
+        addresses =
+            (incoming_message.mail.to || []) + 
+            (incoming_message.mail.cc || []) +
+            (incoming_message.mail.envelope_to || [])
+        addresses.uniq!
+        for address in addresses
+            id, hash = InfoRequest._extract_id_hash_from_email(address)
+            guesses.push(InfoRequest.find_by_id(id))
+            guesses.push(InfoRequest.find_by_idhash(hash))
         end
+        return guesses.select{|x| !x.nil?}.uniq
     end
 
     # Internal function used by find_by_magic_email and guess_by_incoming_email
@@ -326,7 +332,7 @@ public
         # The optional bounce- dates from when we used to have separate emails for the envelope from.
         # (that was abandoned because councils would send hand written responses to them, not just
         # bounce messages)
-        incoming_email =~ /request-(?:bounce-)?(\d+)-([a-z0-9]+)/
+        incoming_email =~ /request-(?:bounce-)?([a-z0-9]+)-([a-z0-9]+)/
         id = $1.to_i
         hash = $2
 
@@ -678,6 +684,7 @@ public
             end
         end
         return nil
+
     end
     def get_last_response_event
         for e in self.info_request_events.reverse
@@ -838,15 +845,25 @@ public
     def InfoRequest.magic_email_for_id(prefix_part, id) 
         magic_email = MySociety::Config.get("INCOMING_EMAIL_PREFIX", "") 
         magic_email += prefix_part + id.to_s
-        magic_email += "-" + Digest::SHA1.hexdigest(id.to_s + MySociety::Config.get("INCOMING_EMAIL_SECRET", 'dummysecret'))[0,8]
+        magic_email += "-" + InfoRequest.hash_from_id(id)
         magic_email += "@" + MySociety::Config.get("INCOMING_EMAIL_DOMAIN", "localhost")
         return magic_email
     end
 
+    before_validation :compute_idhash
+
+    def compute_idhash
+        self.idhash = InfoRequest.hash_from_id(self.id)
+    end
+
+    def InfoRequest.hash_from_id(id)
+        return Digest::SHA1.hexdigest(id.to_s + MySociety::Config.get("INCOMING_EMAIL_SECRET", 'dummysecret'))[0,8]
+    end
+
     # Called by find_by_incoming_email - and used to be called by separate
     # function for envelope from address, until we abandoned it.
     def InfoRequest.find_by_magic_email(id, hash)
-        expected_hash = Digest::SHA1.hexdigest(id.to_s + MySociety::Config.get("INCOMING_EMAIL_SECRET", 'dummysecret'))[0,8]
+        expected_hash = InfoRequest.hash_from_id(id)
         #print "expected: " + expected_hash + "\nhash: " + hash + "\n"
         if hash != expected_hash
             return nil