BE & FE store secret in DB. Unsubscribing works
This commit is contained in:
parent
372e0612a6
commit
c7aa87cb3b
|
@ -18,7 +18,7 @@ class Mailbot(Bot):
|
|||
# returns a list of Report objects
|
||||
def crawl(self, user):
|
||||
reports = []
|
||||
mails = mailbox.mbox('/var/mail/test') # todo: adjust to actual mailbox file
|
||||
mails = mailbox.mbox('/var/mail/test') # todo: adjust to actual mailbox
|
||||
for msg in mails:
|
||||
if get_date_from_header(msg['Date']) > user.get_seen_mail():
|
||||
reports.append(make_report(msg, user))
|
||||
|
@ -27,12 +27,13 @@ class Mailbot(Bot):
|
|||
# post/boost Report object
|
||||
def post(self, user, report):
|
||||
recipients = user.get_mailinglist()
|
||||
print(recipients) # debug
|
||||
for rec in recipients:
|
||||
rec = rec[0]
|
||||
unsubscribe_text = "\n_______\nYou don't want to receive those messages? Unsubscribe with this link: "
|
||||
body = report.text + unsubscribe_text + config['web']['host'] + "/city/mail/unsubscribe/" \
|
||||
+ db.mail_subscription_token(rec, user.get_city())
|
||||
print(body)
|
||||
print(body) # debug
|
||||
if report.author != rec:
|
||||
try:
|
||||
sendmail.sendmail(rec, "Ticketfrei " + user.get_city() +
|
||||
|
|
30
db.py
30
db.py
|
@ -14,7 +14,7 @@ class DB(object):
|
|||
self.conn = sqlite3.connect(dbfile)
|
||||
self.cur = self.conn.cursor()
|
||||
self.create()
|
||||
self.secret = urandom(32)
|
||||
self.secret = self.get_secret()
|
||||
|
||||
def execute(self, *args, **kwargs):
|
||||
return self.cur.execute(*args, **kwargs)
|
||||
|
@ -138,8 +138,30 @@ class DB(object):
|
|||
FOREIGN KEY(user_id) REFERENCES user(id),
|
||||
UNIQUE(user_id, city) ON CONFLICT IGNORE
|
||||
);
|
||||
CREATE TABLE IF NOT EXISTS secret (
|
||||
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
|
||||
secret BLOB
|
||||
);
|
||||
''')
|
||||
|
||||
def get_secret(self):
|
||||
"""
|
||||
At __init__(), the db needs a secret. It tries to fetch it from the db,
|
||||
and if it fails, it generates a new one.
|
||||
|
||||
:return:
|
||||
"""
|
||||
# select only the newest secret. should be only one row anyway.
|
||||
self.execute("SELECT secret FROM secret ORDER BY id DESC LIMIT 1")
|
||||
try:
|
||||
return self.cur.fetchone()[0]
|
||||
except TypeError:
|
||||
new_secret = urandom(32)
|
||||
self.execute("INSERT INTO secret (secret) VALUES (?);",
|
||||
(new_secret, ))
|
||||
self.commit()
|
||||
return new_secret
|
||||
|
||||
def user_token(self, email, password):
|
||||
"""
|
||||
This function is called by the register confirmation process. It wants
|
||||
|
@ -169,15 +191,9 @@ class DB(object):
|
|||
'email': email,
|
||||
'city': city
|
||||
}, self.secret).decode('ascii')
|
||||
print("mail_subscription_token")
|
||||
print(token)
|
||||
print(self.secret)
|
||||
return token
|
||||
|
||||
def confirm_subscription(self, token):
|
||||
print("confirm_subscription")
|
||||
print(token)
|
||||
print(self.secret)
|
||||
json = jwt.decode(token, self.secret)
|
||||
return json['email'], json['city']
|
||||
|
||||
|
|
Loading…
Reference in a new issue