ticketfrei/ticketfrei
10
1
Fork 1
Code Issues Pull requests1 Releases Wiki Activity

BE & FE store secret in DB. Unsubscribing works

Browse source
This commit is contained in:
b3yond 2018-09-08 09:33:40 +02:00
parent 882d086a83
commit adb637c22c
2 changed files with 26 additions and 9 deletions
active_bots
mailbot.py
db.py

5
active_bots/mailbot.py
View file

@ -18,7 +18,7 @@ class Mailbot(Bot):
# returns a list of Report objects # returns a list of Report objects
def crawl(self, user): def crawl(self, user):
reports = [] reports = []
mails = mailbox.mbox('/var/mail/test') # todo: adjust to actual mailbox file mails = mailbox.mbox('/var/mail/test') # todo: adjust to actual mailbox
for msg in mails: for msg in mails:
if get_date_from_header(msg['Date']) > user.get_seen_mail(): if get_date_from_header(msg['Date']) > user.get_seen_mail():
reports.append(make_report(msg, user)) reports.append(make_report(msg, user))
@ -27,12 +27,13 @@ class Mailbot(Bot):
# post/boost Report object # post/boost Report object
def post(self, user, report): def post(self, user, report):
recipients = user.get_mailinglist() recipients = user.get_mailinglist()
print(recipients) # debug
for rec in recipients: for rec in recipients:
rec = rec[0] rec = rec[0]
unsubscribe_text = "\n_______\nYou don't want to receive those messages? Unsubscribe with this link: " unsubscribe_text = "\n_______\nYou don't want to receive those messages? Unsubscribe with this link: "
body = report.text + unsubscribe_text + config['web']['host'] + "/city/mail/unsubscribe/" \ body = report.text + unsubscribe_text + config['web']['host'] + "/city/mail/unsubscribe/" \
+ db.mail_subscription_token(rec, user.get_city()) + db.mail_subscription_token(rec, user.get_city())
print(body) print(body) # debug
if report.author != rec: if report.author != rec:
try: try:
sendmail.sendmail(rec, "Ticketfrei " + user.get_city() + sendmail.sendmail(rec, "Ticketfrei " + user.get_city() +

30
db.py
View file

@ -14,7 +14,7 @@ class DB(object):
self.conn = sqlite3.connect(dbfile) self.conn = sqlite3.connect(dbfile)
self.cur = self.conn.cursor() self.cur = self.conn.cursor()
self.create() self.create()
self.secret = urandom(32) self.secret = self.get_secret()
def execute(self, *args, **kwargs): def execute(self, *args, **kwargs):
return self.cur.execute(*args, **kwargs) return self.cur.execute(*args, **kwargs)
@ -138,8 +138,30 @@ class DB(object):
FOREIGN KEY(user_id) REFERENCES user(id), FOREIGN KEY(user_id) REFERENCES user(id),
UNIQUE(user_id, city) ON CONFLICT IGNORE UNIQUE(user_id, city) ON CONFLICT IGNORE
); );
CREATE TABLE IF NOT EXISTS secret (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
secret BLOB
);
''') ''')
def get_secret(self):
"""
At __init__(), the db needs a secret. It tries to fetch it from the db,
and if it fails, it generates a new one.
:return:
"""
# select only the newest secret. should be only one row anyway.
self.execute("SELECT secret FROM secret ORDER BY id DESC LIMIT 1")
try:
return self.cur.fetchone()[0]
except TypeError:
new_secret = urandom(32)
self.execute("INSERT INTO secret (secret) VALUES (?);",
(new_secret, ))
self.commit()
return new_secret
def user_token(self, email, password): def user_token(self, email, password):
""" """
This function is called by the register confirmation process. It wants This function is called by the register confirmation process. It wants
@ -169,15 +191,9 @@ class DB(object):
'email': email, 'email': email,
'city': city 'city': city
}, self.secret).decode('ascii') }, self.secret).decode('ascii')
print("mail_subscription_token")
print(token)
print(self.secret)
return token return token
def confirm_subscription(self, token): def confirm_subscription(self, token):
print("confirm_subscription")
print(token)
print(self.secret)
json = jwt.decode(token, self.secret) json = jwt.decode(token, self.secret)
return json['email'], json['city'] return json['email'], json['city']