From 4850860f822d4140829bf5172cfdb456fa8fe103 Mon Sep 17 00:00:00 2001 From: Thomas L Date: Thu, 29 Mar 2018 00:57:17 +0200 Subject: [PATCH 1/4] use local mail daemon for confirmation links --- frontend.py | 23 ++++++++++------------- sendmail.py | 18 +++++++++++++++--- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/frontend.py b/frontend.py index ae706a3..6d1fae5 100755 --- a/frontend.py +++ b/frontend.py @@ -5,9 +5,8 @@ from config import config from db import db import logging import tweepy -import sendmail +from sendmail import sendmail from session import SessionPlugin -import smtplib from mastodon import Mastodon @@ -28,20 +27,18 @@ def register_post(): if db.by_email(email): return dict(error='Email address already in use.') # send confirmation mail - confirm_link = request.url + "/../confirm/" + db.user_token(email, password) - send_confirmation_mail(confirm_link, email) + sendmail( + email, + "[Ticketfrei] Confirm your account", + "Complete your registration here: %s://%s/confirm/%s" % ( + request.urlparts.scheme, + request.urlparts.netloc, + db.user_token(email, password) + ) + ) return dict(info='Confirmation mail sent.') -def send_confirmation_mail(confirm_link, email): - m = sendmail.Mailer() - try: - m.send("Complete your registration here: " + confirm_link, email, - "[Ticketfrei] Confirm your account") - except smtplib.SMTPRecipientsRefused: - return "Please enter a valid E-Mail address." - - @get('/confirm/') @view('template/propaganda.tpl') def confirm(token): diff --git a/sendmail.py b/sendmail.py index 93028d9..f2e754c 100755 --- a/sendmail.py +++ b/sendmail.py @@ -1,11 +1,12 @@ #!/usr/bin/env python3 - -import smtplib -import ssl from config import config from email.mime.text import MIMEText from email.mime.application import MIMEApplication from email.mime.multipart import MIMEMultipart +from getpass import getuser +import smtplib +from socket import getfqdn +import ssl class Mailer(object): @@ -63,6 +64,17 @@ class Mailer(object): return "Sent mail to " + recipient + ": " + subject +def sendmail(to, subject, body): + msg = MIMEMultipart() + msg['From'] = '%s@%s' % (getuser(), getfqdn()) + msg['To'] = to + msg['Subject'] = subject + msg.attach(MIMEText(body)) + + with smtplib.SMTP('localhost') as smtp: + smtp.send_message(msg) + + # For testing: if __name__ == '__main__': m = Mailer() From 93390151013f30806b39ee55ccd3c455004183db Mon Sep 17 00:00:00 2001 From: Thomas L Date: Thu, 29 Mar 2018 00:59:13 +0200 Subject: [PATCH 2/4] fix account confirmation. --- db.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db.py b/db.py index 18e3bb3..d6c52bc 100644 --- a/db.py +++ b/db.py @@ -123,7 +123,7 @@ class DB(object): return None # invalid token if 'passhash' in json.keys(): # create user - self.execute("INSERT INTO user (passhash) VALUES(?, ?);", + self.execute("INSERT INTO user (passhash) VALUES(?);", (json['passhash'], )) uid = self.cur.lastrowid else: From 4981223ee80f47181b7c96b85175b3507b76eadd Mon Sep 17 00:00:00 2001 From: Thomas L Date: Thu, 29 Mar 2018 01:13:53 +0200 Subject: [PATCH 3/4] catch some error cases. --- frontend.py | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/frontend.py b/frontend.py index 6d1fae5..c0b3552 100755 --- a/frontend.py +++ b/frontend.py @@ -27,16 +27,19 @@ def register_post(): if db.by_email(email): return dict(error='Email address already in use.') # send confirmation mail - sendmail( - email, - "[Ticketfrei] Confirm your account", - "Complete your registration here: %s://%s/confirm/%s" % ( - request.urlparts.scheme, - request.urlparts.netloc, - db.user_token(email, password) - ) - ) - return dict(info='Confirmation mail sent.') + try: + sendmail( + email, + "[Ticketfrei] Confirm your account", + "Complete your registration here: %s://%s/confirm/%s" % ( + request.urlparts.scheme, + request.urlparts.netloc, + db.user_token(email, password) + ) + ) + return dict(info='Confirmation mail sent.') + except Exception: + return dict(error='Could not send confirmation mail.') @get('/confirm/') @@ -53,10 +56,14 @@ def confirm(token): @view('template/login.tpl') def login_post(): # check login - if db.by_email(request.forms.get('email', '')) \ - .check_password(request.forms.get('pass', '')): - return redirect('/settings') - return dict(error='Authentication failed.') + try: + if db.by_email(request.forms.get('email', '')) \ + .check_password(request.forms.get('pass', '')): + return redirect('/settings') + except AttributeError: + pass + finally: + return dict(error='Authentication failed.') @get('/settings') From bfc311b6c9f7e22d4369ddb8530c0b1d4681ed21 Mon Sep 17 00:00:00 2001 From: Thomas L Date: Thu, 29 Mar 2018 01:25:17 +0200 Subject: [PATCH 4/4] omit bare except. --- active_bots/mastodonbot.py | 2 +- backend.py | 17 +++++++---------- frontend.py | 2 +- sendmail.py | 2 +- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/active_bots/mastodonbot.py b/active_bots/mastodonbot.py index c0e0240..1a313dc 100755 --- a/active_bots/mastodonbot.py +++ b/active_bots/mastodonbot.py @@ -21,7 +21,7 @@ class MastodonBot(Bot): m = Mastodon(*user.get_masto_credentials()) try: notifications = m.notifications() - except: # mastodon.Mastodon.MastodonAPIError is unfortunately not in __init__.py + except Exception: logger.error("Unknown Mastodon API Error.", exc_info=True) return mentions for status in notifications: diff --git a/backend.py b/backend.py index 601e19a..040aac4 100755 --- a/backend.py +++ b/backend.py @@ -4,7 +4,7 @@ import active_bots from config import config from db import db import logging -import sendmail +from sendmail import sendmail import time @@ -30,12 +30,9 @@ if __name__ == '__main__': for bot2 in bots: bot2.post(user, status) time.sleep(60) # twitter rate limit >.< - except: - logger.error('Shutdown', exc_info=True) - mailer = sendmail.Mailer() - try: - mailer.send('', config['web']['contact'], - 'Ticketfrei Crash Report', - attachment=config['logging']['logpath']) - except: - logger.error('Mail sending failed', exc_info=True) + except Exception: + logger.error('Shutdown.', exc_info=True) + try: + sendmail(config['web']['contact'], 'Ticketfrei Shutdown') + except Exception: + logger.error('Could not inform admin.', exc_info=True) diff --git a/frontend.py b/frontend.py index c0b3552..adef914 100755 --- a/frontend.py +++ b/frontend.py @@ -150,7 +150,7 @@ def login_mastodon(user): return dict( info='Thanks for supporting decentralized social networks!' ) - except: + except Exception: logger.error('Login to Mastodon failed.', exc_info=True) return dict(error='Login to Mastodon failed.') diff --git a/sendmail.py b/sendmail.py index f2e754c..3f23452 100755 --- a/sendmail.py +++ b/sendmail.py @@ -64,7 +64,7 @@ class Mailer(object): return "Sent mail to " + recipient + ": " + subject -def sendmail(to, subject, body): +def sendmail(to, subject, body=''): msg = MIMEMultipart() msg['From'] = '%s@%s' % (getuser(), getfqdn()) msg['To'] = to