[email] Use token generation from kibicara.webapi.admin

This commit is contained in:
maike 2020-07-07 15:08:18 +02:00 committed by dl6tom
parent 513bff3fc7
commit 1ed95a7352
2 changed files with 36 additions and 34 deletions

View file

@ -3,12 +3,10 @@
# SPDX-License-Identifier: 0BSD # SPDX-License-Identifier: 0BSD
from kibicara.platforms.email.model import EmailSubscribers, Email from kibicara.platforms.email.model import EmailSubscribers, Email
from kibicara.model import Hood
from kibicara.platformapi import Censor, Spawner from kibicara.platformapi import Censor, Spawner
from kibicara.email import send_email from kibicara.email import send_email
from kibicara.config import config from kibicara.config import config
from nacl.encoding import URLSafeBase64Encoder from kibicara.webapi.admin import to_token
from nacl.secret import SecretBox
class EmailBot(Censor): class EmailBot(Censor):
@ -19,29 +17,26 @@ class EmailBot(Censor):
async def run(self): async def run(self):
""" Loop which waits for new messages and sends emails to all subscribers. """ """ Loop which waits for new messages and sends emails to all subscribers. """
hood_name = await Hood.objects.get(id=self.model.hood).name
while True: while True:
message = await self.receive() message = await self.receive()
for subscriber in EmailSubscribers(hood=self.model.hood): for subscriber in EmailSubscribers(hood=self.hood.id):
json = { payload = {
'email': subscriber.email, 'email': subscriber.email,
'hood': self.model.hood, 'hood': self.hood.id,
} }
secretbox = SecretBox(Email.secret) token = to_token(email=subscriber.email, hood=self.hood.id)
token = secretbox.encrypt(json, encoder=URLSafeBase64Encoder)
asciitoken = token.decode('ascii')
unsubscribe_link = ( unsubscribe_link = (
config['root_url'] config['root_url']
+ 'api/' + 'api/'
+ self.model.id + self.model.id
+ '/email/unsubscribe/' + '/email/unsubscribe/'
+ asciitoken + token
) )
message.text += ( message.text += (
"\n\n--\nIf you want to stop receiving these mails, " "\n\n--\nIf you want to stop receiving these mails, "
"follow this link: " + unsubscribe_link "follow this link: " + unsubscribe_link
) )
send_email(subscriber.email, "Kibicara " + hood_name, body=message.text) send_email(subscriber.email, "Kibicara " + self.hood.name, body=message.text)
spawner = Spawner(Email, EmailBot) spawner = Spawner(Email, EmailBot)

View file

@ -10,10 +10,14 @@ from kibicara.config import config
from kibicara.email import send_email from kibicara.email import send_email
from kibicara.webapi.hoods import get_hood from kibicara.webapi.hoods import get_hood
from pydantic import BaseModel from pydantic import BaseModel
from ormantic.exceptions import NoMatch
from sqlite3 import IntegrityError from sqlite3 import IntegrityError
from nacl.encoding import URLSafeBase64Encoder from kibicara.webapi.admin import from_token, to_token
from nacl.secret import SecretBox
from os import urandom from os import urandom
from logging import getLogger
logger = getLogger(__name__)
class BodyMessage(BaseModel): class BodyMessage(BaseModel):
@ -30,6 +34,13 @@ class Subscriber(BaseModel):
email: str email: str
async def get_email(hood=Depends(get_hood)):
try:
return await Email.objects.get(hood=hood)
except NoMatch:
return HTTPException(status.HTTP_404_NOT_FOUND)
router = APIRouter() router = APIRouter()
@ -41,9 +52,9 @@ async def email_create(hood=Depends(get_hood)):
:return: Email row of the new email bot. :return: Email row of the new email bot.
""" """
try: try:
emailbot = await Email.objects.create(hood=hood, secret=urandom(32).hex()) email_row = await Email.objects.create(hood=hood, secret=urandom(32).hex())
spawner.start(emailbot) spawner.start(email_row)
return emailbot return email_row
except IntegrityError: except IntegrityError:
raise HTTPException(status_code=status.HTTP_409_CONFLICT) raise HTTPException(status_code=status.HTTP_409_CONFLICT)
@ -55,10 +66,10 @@ async def email_delete(hood=Depends(get_hood)):
:param hood: Hood the Email bot belongs to. :param hood: Hood the Email bot belongs to.
""" """
email_bot = await Email.objects.get(hood=hood.id) email_row = await get_email(hood=hood)
spawner.stop(email_bot) spawner.stop(email_row)
await EmailSubscribers.objects.delete_many(hood=hood.id) await EmailSubscribers.objects.delete_many(hood=hood.id)
await email_bot.delete() await email_row.delete()
@router.post('/subscribe/') @router.post('/subscribe/')
@ -69,14 +80,11 @@ async def email_subscribe(subscriber: Subscriber, hood=Depends(get_hood)):
:param hood: Hood the Email bot belongs to. :param hood: Hood the Email bot belongs to.
:return: Returns status code 200 after sending confirmation email. :return: Returns status code 200 after sending confirmation email.
""" """
secretbox = SecretBox(Email.secret) token = to_token(email=subscriber.email)
token = secretbox.encrypt(
{'email': subscriber.email,}, encoder=URLSafeBase64Encoder
)
asciitoken = token.decode('ascii')
confirm_link = ( confirm_link = (
config['root_url'] + "api/" + hood.id + "/email/subscribe/confirm/" + asciitoken config['root_url'] + "api/" + str(hood.id) + "/email/subscribe/confirm/" + token
) )
logger.debug("Subscription confirmation link: " + confirm_link)
send_email( send_email(
subscriber.email, subscriber.email,
"Subscribe to Kibicara " + hood.name, "Subscribe to Kibicara " + hood.name,
@ -94,10 +102,9 @@ async def email_subscribe_confirm(token, hood=Depends(get_hood)):
:param hood: Hood the Email bot belongs to. :param hood: Hood the Email bot belongs to.
:return: Returns status code 200 after adding the subscriber to the database. :return: Returns status code 200 after adding the subscriber to the database.
""" """
secretbox = SecretBox(Email.secret) payload = from_token(token)
json = secretbox.decrypt(token.encode('ascii'), encoder=URLSafeBase64Encoder)
try: try:
await EmailSubscribers.objects.create(hood=hood.id, email=json['email']) await EmailSubscribers.objects.create(hood=hood.id, email=payload['email'])
return status.HTTP_201_CREATED return status.HTTP_201_CREATED
except IntegrityError: except IntegrityError:
raise HTTPException(status_code=status.HTTP_409_CONFLICT) raise HTTPException(status_code=status.HTTP_409_CONFLICT)
@ -110,12 +117,12 @@ async def email_unsubscribe(token, hood=Depends(get_hood)):
:param token: encrypted JSON token, holds subscriber email + hood.id. :param token: encrypted JSON token, holds subscriber email + hood.id.
:param hood: Hood the Email bot belongs to. :param hood: Hood the Email bot belongs to.
""" """
secretbox = SecretBox(Email.secret) email_row = await get_email(hood)
json = secretbox.decrypt(token.encode('ascii'), encoder=URLSafeBase64Encoder) payload = from_token(token)
# If token.hood and url.hood are different, raise an error: # If token.hood and url.hood are different, raise an error:
if hood.id is not json['hood']: if hood.id is not payload['hood']:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
await EmailSubscribers.objects.delete_many(hood=json['hood'], email=json['email']) await EmailSubscribers.objects.delete_many(hood=payload['hood'], email=payload['email'])
@router.post('/messages/') @router.post('/messages/')
@ -127,7 +134,7 @@ async def email_message_create(message: BodyMessage, hood=Depends(get_hood)):
:return: returns status code 201 if the message is accepted by the censor. :return: returns status code 201 if the message is accepted by the censor.
""" """
# get bot via "To:" header # get bot via "To:" header
email_row = await Email.objects.get(hood=hood) email_row = await get_email(hood)
# check API secret # check API secret
if message.secret is not email_row.secret: if message.secret is not email_row.secret:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)