BMO/inbound email

bmo inbound email

develop a bmo extension that allow users to comment on bugs by replying to bugmail.

allow creation of comments only:
- no ability to add attachment
- no ability to change any fields/flags
- no ability to create bugs
editbugs required (initially at least)
not valid for bugs where secure-mail is applicable

skip if the recipient user not a member of the editbugs group
skip if the email is encrypted with securemail (X-Bugzilla-Secure-Email exists)
a unique token is generated for each message which encapsulates:
- recipient's user-id
- bug-id
- token creation timestamp
the message-id is set to <reply-$token@$url_base>
the reply-to header is set to <reply@bugzilla.mozilla.org>
the in-reply-to and references headers are set to <bug-$bug_id-$user_id@$url_base> even for "new bug" email
inject a marker into the text "=== Only text above this line is added to the bug ===" or similar

extract token from in-reply-to header
load token data from database (user-id, bug-id)
reject if the user is disabled
reject if the user is not a member of the editbugs group
reject if the bug has secure-mail enabled
reject auto replies
- auto-submitted == auto-generated || auto-replied || auto-notified
- x-autoreply == yes
extract text/plain content as comment
clean comment
- remove content after the injected marker
- remove email signatures
- remove signing wrappers
- remove any quoted content at the end of the comment
- trim whitespace
reject if the comment is emtpy
add comment to bug (no mid-air protection)
delete the token

cleaning junk off the response is by far the most complicated part of this project. an alternative solution which lessens the work here is:

add the following to the top of the email:
- Type your response ABOVE THIS LINE to reply
ignore all content below that line in the reply

tokens can only be used once
tokens are valid for 7 days
if an error occurs during processing an inbound email with a well-formed in-reply-to header, notification will be sent to the sender's of the email