BE & FE store secret in DB. Unsubscribing works

2018-09-08 09:33:40 +02:00 · 2018-09-08 09:33:40 +02:00 · c7aa87cb3b
parent 372e0612a6
commit c7aa87cb3b
2 changed files with 26 additions and 9 deletions
--- a/active_bots/mailbot.py
+++ b/active_bots/mailbot.py
@ -18,7 +18,7 @@ class Mailbot(Bot):
    # returns a list of Report objects
    def crawl(self, user):
        reports = []
-        mails = mailbox.mbox('/var/mail/test')  # todo: adjust to actual mailbox file
+        mails = mailbox.mbox('/var/mail/test')  # todo: adjust to actual mailbox
        for msg in mails:
            if get_date_from_header(msg['Date']) > user.get_seen_mail():
                reports.append(make_report(msg, user))
@ -27,12 +27,13 @@ class Mailbot(Bot):
    # post/boost Report object
    def post(self, user, report):
        recipients = user.get_mailinglist()
+        print(recipients)  # debug
        for rec in recipients:
            rec = rec[0]
            unsubscribe_text = "\n_______\nYou don't want to receive those messages? Unsubscribe with this link: "
            body = report.text + unsubscribe_text + config['web']['host'] + "/city/mail/unsubscribe/" \
                   + db.mail_subscription_token(rec, user.get_city())
-            print(body)
+            print(body)  # debug
            if report.author != rec:
                try:
                    sendmail.sendmail(rec, "Ticketfrei " + user.get_city() +
--- a/db.py
+++ b/db.py
@ -14,7 +14,7 @@ class DB(object):
        self.conn = sqlite3.connect(dbfile)
        self.cur = self.conn.cursor()
        self.create()
-        self.secret = urandom(32)
+        self.secret = self.get_secret()

    def execute(self, *args, **kwargs):
        return self.cur.execute(*args, **kwargs)
@ -138,8 +138,30 @@ class DB(object):
                FOREIGN KEY(user_id) REFERENCES user(id),
                UNIQUE(user_id, city) ON CONFLICT IGNORE 
            );
+            CREATE TABLE IF NOT EXISTS secret (
+                id          INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
+                secret      BLOB
+            );
        ''')

+    def get_secret(self):
+        """
+        At __init__(), the db needs a secret. It tries to fetch it from the db,
+        and if it fails, it generates a new one.
+
+        :return:
+        """
+        # select only the newest secret. should be only one row anyway.
+        self.execute("SELECT secret FROM secret ORDER BY id DESC LIMIT 1")
+        try:
+            return self.cur.fetchone()[0]
+        except TypeError:
+            new_secret = urandom(32)
+            self.execute("INSERT INTO secret (secret) VALUES (?);",
+                         (new_secret, ))
+            self.commit()
+            return new_secret
+
    def user_token(self, email, password):
        """
        This function is called by the register confirmation process. It wants
@ -169,15 +191,9 @@ class DB(object):
            'email': email,
            'city': city
        }, self.secret).decode('ascii')
-        print("mail_subscription_token")
-        print(token)
-        print(self.secret)
        return token

    def confirm_subscription(self, token):
-        print("confirm_subscription")
-        print(token)
-        print(self.secret)
        json = jwt.decode(token, self.secret)
        return json['email'], json['city']