Skip to content

fix(notification): make security-critical mails non-suppressible#3850

Merged
davidleomay merged 2 commits into
developfrom
fix/account-merge-mail-suppression
Jun 9, 2026
Merged

fix(notification): make security-critical mails non-suppressible#3850
davidleomay merged 2 commits into
developfrom
fix/account-merge-mail-suppression

Conversation

@davidleomay

@davidleomay davidleomay commented Jun 9, 2026

Copy link
Copy Markdown
Member

Closes #3842

Summary

  • ACCOUNT_MERGE_REQUEST, CHANGED_MAIL, ADDED_ADDRESS, ACCOUNT_DEACTIVATION remapped from MailContextType.INFO to null
  • null causes isDisabledMailWallet to short-circuit (mailContextType && → falsy), so these mails bypass wallet mailConfig checks entirely — same behaviour as MONITORING, WEBHOOK, SEPA
  • Widened MailContextTypeMapper value type from MailContextType to MailContextType | null (was already implicitly required by the existing null entries)

Why these four

Context Reason
ACCOUNT_MERGE_REQUEST Blocks account access if not confirmed — must always arrive
CHANGED_MAIL Security notification — suppressing it is a blind spot
ADDED_ADDRESS Security notification — suppressing it is a blind spot
ACCOUNT_DEACTIVATION Users must know their account is being deactivated

Test plan

  • Account merge request mail is delivered even when receiver's wallet disables Info
  • Changed mail / added address notifications still sent for wallets with Info disabled
  • Account deactivation mail still sent for wallets with Info disabled
  • Mails still suppressed for BLACK_SQUAD, LIMIT_REQUEST, CUSTOM, RECOMMENDATION_* (remain on INFO)

@davidleomay
chore: remove legacy Azure DEV workflow (DEV now runs on dfxdev)
4c79d09
@davidleomay
fix(notification): make security-critical mails non-suppressible
4caaf1d 
ACCOUNT_MERGE_REQUEST, CHANGED_MAIL, ADDED_ADDRESS and ACCOUNT_DEACTIVATION
were mapped to MailContextType.INFO, causing them to be silently dropped for
users whose wallet disables the Info mail type. These are mandatory
account-blocking or security notifications and must always be delivered.

Maps them to null (same as MONITORING/WEBHOOK/SEPA) so isDisabledMailWallet
short-circuits and the mails bypass wallet mailConfig checks entirely.

Closes #3842
@davidleomay davidleomay requested a review from TaprootFreak as a code owner June 9, 2026 11:11
@davidleomay davidleomay merged commit dba1ff9 into develop Jun 9, 2026
7 checks passed
@davidleomay davidleomay deleted the fix/account-merge-mail-suppression branch June 9, 2026 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TaprootFreak TaprootFreak Awaiting requested review from TaprootFreak TaprootFreak is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Account-merge confirmation mail silently dropped when receiver wallet disables "Info" mails

1 participant

@davidleomay