fix: do not add key-contacts to unencrypted groups

Encrypted message may create unencrypted groups if the message does not have a Chat-Group-ID. This can happen if v1 client sends an encrypted message to opportunistically encrypted ad hoc group. In this case `from_id` corresponds to the key-contact, but we should add address-contact of the sender to the member list.
2026-05-03 21:36:29 +03:00 · 2025-08-11 05:37:39 +00:00
parent 6c536f3a9b
commit f41a3970b2
3 changed files with 145 additions and 5 deletions
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -630,8 +630,7 @@ pub(crate) async fn receive_imf_inner(
        return Ok(None);
    };

-    let prevent_rename = (mime_parser.is_mailinglist_message() && !mime_parser.was_encrypted())
-        || mime_parser.get_header(HeaderDef::Sender).is_some();
+    let prevent_rename = should_prevent_rename(&mime_parser);

    // get From: (it can be an address list!) and check if it is known (for known From:'s we add
    // the other To:/Cc: in the 3rd pass)
@@ -1397,7 +1396,6 @@ async fn do_chat_assignment(
                    context,
                    mime_parser,
                    to_ids,
-                    from_id,
                    allow_creation || test_normal_chat.is_some(),
                    create_blocked,
                    is_partial_download.is_some(),
@@ -1567,7 +1565,6 @@ async fn do_chat_assignment(
                    context,
                    mime_parser,
                    to_ids,
-                    from_id,
                    allow_creation,
                    Blocked::Not,
                    is_partial_download.is_some(),
@@ -2464,7 +2461,6 @@ async fn lookup_or_create_adhoc_group(
    context: &Context,
    mime_parser: &MimeMessage,
    to_ids: &[Option<ContactId>],
-    from_id: ContactId,
    allow_creation: bool,
    create_blocked: Blocked,
    is_partial_download: bool,
@@ -2487,6 +2483,20 @@ async fn lookup_or_create_adhoc_group(
        return Ok(None);
    }

+    // Lookup address-contact by the From address.
+    let fingerprint = None;
+    let find_key_contact_by_addr = false;
+    let prevent_rename = should_prevent_rename(mime_parser);
+    let (from_id, _from_id_blocked, _incoming_origin) = from_field_to_contact_id(
+        context,
+        &mime_parser.from,
+        fingerprint,
+        prevent_rename,
+        find_key_contact_by_addr,
+    )
+    .await?
+    .context("Cannot lookup addres-contact by the From field")?;
+
    let grpname = mime_parser
        .get_subject()
        .map(|s| remove_subject_prefix(&s))
@@ -3963,5 +3973,12 @@ async fn lookup_key_contacts_by_address_list(
    Ok(contact_ids)
 }

+/// Returns true if the message should not result in renaming
+/// of the sender contact.
+fn should_prevent_rename(mime_parser: &MimeMessage) -> bool {
+    (mime_parser.is_mailinglist_message() && !mime_parser.was_encrypted())
+        || mime_parser.get_header(HeaderDef::Sender).is_some()
+}
+
 #[cfg(test)]
 mod receive_imf_tests;
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -5352,3 +5352,57 @@ async fn test_group_introduction_no_gossip() -> Result<()> {

    Ok(())
 }
+
+/// Tests reception of an encrypted group message
+/// without Chat-Group-ID.
+///
+/// The message should be displayed as
+/// encrypted and have key-contact `from_id`,
+/// but all group members should be address-contacts.
+///
+/// Due to a bug in v2.10.0 this resulted
+/// in creation of an ad hoc group with a key-contact.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_encrypted_adhoc_group_message() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    // Bob receives encrypted message from Alice
+    // sent to multiple recipients,
+    // but without a group ID.
+    let received = receive_imf(
+        bob,
+        include_bytes!("../../test-data/message/encrypted-group-without-id.eml"),
+        false,
+    )
+    .await?
+    .unwrap();
+    let msg = Message::load_from_db(bob, *received.msg_ids.last().unwrap())
+        .await
+        .unwrap();
+
+    let chat = Chat::load_from_db(bob, msg.chat_id).await.unwrap();
+    assert_eq!(chat.typ, Chattype::Group);
+    assert_eq!(chat.is_encrypted(bob).await?, false);
+
+    let contact_ids = get_chat_contacts(bob, chat.id).await?;
+    assert_eq!(contact_ids.len(), 3);
+    assert!(chat.is_self_in_chat(bob).await?);
+
+    // Since the group is unencrypted, all contacts have
+    // to be address-contacts.
+    for contact_id in contact_ids {
+        let contact = Contact::get_by_id(bob, contact_id).await?;
+        if contact_id != ContactId::SELF {
+            assert_eq!(contact.is_key_contact(), false);
+        }
+    }
+
+    // `from_id` of the message corresponds to key-contact of Alice
+    // even though the message is assigned to unencrypted chat.
+    let alice_contact_id = bob.add_or_lookup_contact_id(alice).await;
+    assert_eq!(msg.from_id, alice_contact_id);
+
+    Ok(())
+}