def process_mail_creation(self, session, tid, data):
user_id = data['user']['id']
language = data['user']['language']
# Do not spool emails if the receiver has disabled notifications
if not data['user']['notification'] or ('tip' in data and not data['tip']['enable_notifications']):
log.debug("Discarding emails for %s due to receiver's preference.", user_id)
return
data['node'] = self.serialize_config(session, 'node', tid, language)
data['submission_statuses'] = db_get_submission_statuses(session, tid, language)
if data['node']['mode'] == 'default':
data['notification'] = self.serialize_config(session, 'notification', tid, language)
else:
data['notification'] = self.serialize_config(session, 'notification', 1, language)
subject, body = Templating().get_mail_subject_and_body(data)
# If the receiver has encryption enabled encrypt the mail body
if data['user']['pgp_key_public']:
pgpctx = PGPContext(self.state.settings.tmp_path)
fingerprint = pgpctx.load_key(data['user']['pgp_key_public'])['fingerprint']
body = pgpctx.encrypt_message(fingerprint, body)
session.add(models.Mail({
'address': data['user']['mail_address'],
'subject': subject,
'body': body,
'tid': tid,
}))
def process_mail_creation(self, store, data):
# https://github.com/globaleaks/GlobaLeaks/issues/798
# TODO: the current solution is global and configurable only by the admin
receiver_id = data['receiver']['id']
sent_emails = GLSettings.get_mail_counter(receiver_id)
if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour:
log.debug(
"Discarding emails for receiver %s due to threshold already exceeded for the current hour"
% receiver_id)
return
GLSettings.increment_mail_counter(receiver_id)
if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour:
log.info(
"Reached threshold of %d emails with limit of %d for receiver %s"
% (sent_emails,
GLSettings.memory_copy.notification_threshold_per_hour,
receiver_id))
# simply changing the type of the notification causes
# to send the notification_limit_reached
data['type'] = u'receiver_notification_limit_reached'
data['notification'] = db_get_notification(
store, data['receiver']['language'])
data['node'] = db_admin_serialize_node(store,
data['receiver']['language'])
if not data['node']['allow_unencrypted'] and data['receiver'][
'pgp_key_status'] != u'enabled':
return
subject, body = Templating().get_mail_subject_and_body(data)
# If the receiver has encryption enabled encrypt the mail body
if data['receiver']['pgp_key_status'] == u'enabled':
gpob = GLBPGP()
try:
gpob.load_key(data['receiver']['pgp_key_public'])
body = gpob.encrypt_message(
data['receiver']['pgp_key_fingerprint'], body)
except Exception as excep:
log.err(
"Error in PGP interface object (for %s: %s)! (notification+encryption)"
% (data['receiver']['username'], str(excep)))
return
finally:
# the finally statement is always called also if
# except contains a return or a raise
gpob.destroy_environment()
mail = models.Mail({
'address': data['receiver']['mail_address'],
'subject': subject,
'body': body
})
store.add(mail)
def certificate_mail_creation(self, store, expiration_date):
for user_desc in db_get_admin_users(store):
lang = user_desc['language']
template_vars = {
'type': 'https_certificate_expiration',
'expiration_date': expiration_date,
'node': db_admin_serialize_node(store, lang),
'notification': db_get_notification(store, lang)
}
subject, body = Templating().get_mail_subject_and_body(
template_vars)
# encrypt the notification if the admin has configured the issue.
pub_key = user_desc['pgp_key_public']
if len(pub_key) > 0:
body = encrypt_pgp_message(pub_key,
user_desc['pgp_key_fingerprint'],
body)
store.add(
models.Mail({
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def process_mail_creation(self, session, tid, data):
user_id = data['user']['id']
# Do not spool emails if the receiver has opted out of ntfns for this tip.
if not data['tip']['enable_notifications']:
log.debug("Discarding emails for %s due to receiver's preference.",
user_id)
return
# https://github.com/globaleaks/GlobaLeaks/issues/798
# TODO: the current solution is global and configurable only by the admin
sent_emails = self.state.get_mail_counter(user_id)
if sent_emails >= self.state.tenant_cache[
tid].notification.notification_threshold_per_hour:
log.debug(
"Discarding emails for receiver %s due to threshold already exceeded for the current hour",
user_id)
return
self.state.increment_mail_counter(user_id)
if sent_emails >= self.state.tenant_cache[
tid].notification.notification_threshold_per_hour:
log.info(
"Reached threshold of %d emails with limit of %d for receiver %s",
sent_emails,
self.state.tenant_cache[tid].notification.
notification_threshold_per_hour,
user_id,
tid=tid)
# simply changing the type of the notification causes
# to send the notification_limit_reached
data['type'] = u'receiver_notification_limit_reached'
data['node'] = self.serialize_config(session, 'node', tid,
data['user']['language'])
if data['node']['mode'] != u'whistleblowing.it':
data['notification'] = self.serialize_config(
session, 'notification', tid, data['user']['language'])
else:
data['notification'] = self.serialize_config(
session, 'notification', 1, data['user']['language'])
subject, body = Templating().get_mail_subject_and_body(data)
# If the receiver has encryption enabled encrypt the mail body
if data['user']['pgp_key_public']:
pgpctx = PGPContext(self.state.settings.tmp_path)
fingerprint = pgpctx.load_key(
data['user']['pgp_key_public'])['fingerprint']
body = pgpctx.encrypt_message(fingerprint, body)
session.add(
models.Mail({
'address': data['user']['mail_address'],
'subject': subject,
'body': body,
'tid': tid,
}))
def check_for_expiring_submissions(self, store):
threshold = datetime_now() - timedelta(
GLSettings.memory_copy.tip_expiration_threshold)
for itip in store.find(models.InternalTip,
models.InternalTip.expiration_date < threshold):
for rtip in itip.receivertips:
user = rtip.receiver.user
language = user.language
node_desc = db_admin_serialize_node(store, language)
notification_desc = db_get_notification(store, language)
context_desc = admin_serialize_context(
store, rtip.internaltip.context, language)
receiver_desc = admin_serialize_receiver(
rtip.receiver, language)
tip_desc = serialize_rtip(store, rtip, user.language)
data = {
'type': u'tip_expiration',
'node': node_desc,
'context': context_desc,
'receiver': receiver_desc,
'notification': notification_desc,
'tip': tip_desc
}
subject, body = Templating().get_mail_subject_and_body(data)
mail = models.Mail({
'address': data['receiver']['mail_address'],
'subject': subject,
'body': body
})
store.add(mail)
def db_create_identityaccessrequest_notifications(session, tid, itip, rtip,
iar):
users = session.query(models.User).filter(models.User.role == u'custodian',
models.User.notification == True)
for user in users:
node = db_admin_serialize_node(session, tid, user.language)
context = session.query(models.Context).filter(
models.Context.id == itip.context_id,
models.Context.tid == tid).one()
data = {'type': 'identity_access_request'}
data['user'] = user_serialize_user(session, user, user.language)
data['tip'] = serialize_rtip(session, rtip, itip, user.language)
data['context'] = admin_serialize_context(session, context,
user.language)
data['iar'] = serialize_identityaccessrequest(session, iar)
data['node'] = db_admin_serialize_node(session, tid, user.language)
if data['node']['mode'] == u'default':
data['notification'] = db_get_notification(session, tid,
user.language)
else:
data['notification'] = db_get_notification(session, 1,
user.language)
subject, body = Templating().get_mail_subject_and_body(data)
session.add(
models.Mail({
'address': data['user']['mail_address'],
'subject': subject,
'body': body,
'tid': tid
}))
def db_prepare_mail(self, store, data):
subject, body = self.get_mail_subject_and_body(data)
mail = models.Mail({
'address': data['address'],
'subject': subject,
'body': body
})
def format_and_send(store, user_desc, template_vars):
subject, body = Templating().get_mail_subject_and_body(template_vars)
if user_desc['pgp_key_public']:
body = encrypt_message(user_desc['pgp_key_public'], body)
store.add(models.Mail({
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def process_mail_creation(self, store, data):
user_id = data['user']['id']
# Do not spool emails if the receiver has opted out of ntfns for this tip.
if not data['tip']['enable_notifications']:
log.debug("Discarding emails for %s due to receiver's preference.",
user_id)
return
# https://github.com/globaleaks/GlobaLeaks/issues/798
# TODO: the current solution is global and configurable only by the admin
sent_emails = State.get_mail_counter(user_id)
if sent_emails >= State.tenant_cache[
1].notif.notification_threshold_per_hour:
log.debug(
"Discarding emails for receiver %s due to threshold already exceeded for the current hour",
user_id)
return
State.increment_mail_counter(user_id)
if sent_emails >= State.tenant_cache[
1].notif.notification_threshold_per_hour:
log.info(
"Reached threshold of %d emails with limit of %d for receiver %s",
sent_emails,
State.tenant_cache[1].notif.notification_threshold_per_hour,
user_id)
# simply changing the type of the notification causes
# to send the notification_limit_reached
data['type'] = u'receiver_notification_limit_reached'
data['notification'] = self.serialize_config(store, 'notification',
data['user']['language'])
data['node'] = self.serialize_config(store, 'node',
data['user']['language'])
if not data['node']['allow_unencrypted'] and len(
data['user']['pgp_key_public']) == 0:
return
subject, body = Templating().get_mail_subject_and_body(data)
# If the receiver has encryption enabled encrypt the mail body
if data['user']['pgp_key_public']:
body = encrypt_message(data['user']['pgp_key_public'], body)
store.add(
models.Mail({
'address': data['user']['mail_address'],
'subject': subject,
'body': body
}))
def db_check_for_expiring_submissions(self, session):
for tid in self.state.tenant_state:
threshold = datetime_now() + timedelta(
hours=self.state.tenant_cache[tid].notification.
tip_expiration_threshold)
for user in session.query(models.User).filter(
models.User.role == u'receiver',
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid):
itip_ids = [
id[0]
for id in session.query(models.InternalTip.id).filter(
models.InternalTip.tid == tid, models.ReceiverTip.
internaltip_id == models.InternalTip.id,
models.InternalTip.expiration_date < threshold,
models.ReceiverTip.receiver_id == user.id)
]
if not len(itip_ids):
continue
earliest_expiration_date = session.query(func.min(models.InternalTip.expiration_date)) \
.filter(models.InternalTip.id.in_(itip_ids)).one()[0]
user_desc = user_serialize_user(session, user, user.language)
data = {
'type':
u'tip_expiration_summary',
'node':
db_admin_serialize_node(session, tid, user.language),
'notification':
db_get_notification(session, tid, user.language),
'user':
user_desc,
'expiring_submission_count':
len(itip_ids),
'earliest_expiration_date':
datetime_to_ISO8601(earliest_expiration_date)
}
subject, body = Templating().get_mail_subject_and_body(data)
session.add(
models.Mail({
'tid': tid,
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def format_and_send_mail(self, session, tid, user_desc, template_vars):
subject, body = Templating().get_mail_subject_and_body(template_vars)
if user_desc.get('pgp_key_public', ''):
pgpctx = PGPContext(self.settings.tmp_path)
fingerprint = pgpctx.load_key(user_desc['pgp_key_public'])['fingerprint']
body = pgpctx.encrypt_message(fingerprint, body)
session.add(models.Mail({
'address': user_desc['mail_address'],
'subject': subject,
'body': body,
'tid': tid,
}))
def db_create_identity_access_reply_notifications(session, itip, rtip, iar):
"""
Transaction for the creation of notifications related to identity access replies
:param session: An ORM session
:param itip: A itip ID of the tip involved in the request
:param iar: A identity access request model
"""
from globaleaks.handlers.rtip import serialize_rtip
for user in session.query(models.User) \
.filter(models.User.id == rtip.receiver_id,
models.User.notification.is_(True)):
context = session.query(
models.Context).filter(models.Context.id == itip.context_id).one()
data = {
'type':
'identity_access_authorized'
if iar.reply == 'authorized' else 'identity_access_denied'
}
data['user'] = user_serialize_user(session, user, user.language)
data['tip'] = serialize_rtip(session, rtip, itip, user.language)
data['context'] = admin_serialize_context(session, context,
user.language)
data['iar'] = serialize_identityaccessrequest(session, iar)
data['node'] = db_admin_serialize_node(session, user.tid,
user.language)
if data['node']['mode'] == 'default':
data['notification'] = db_get_notification(session, user.tid,
user.language)
else:
data['notification'] = db_get_notification(session, 1,
user.language)
subject, body = Templating().get_mail_subject_and_body(data)
session.add(
models.Mail({
'address': data['user']['mail_address'],
'subject': subject,
'body': body,
'tid': user.tid
}))
def db_check_for_expiring_submissions(self, session, tid):
threshold = datetime_now() + timedelta(
hours=self.state.tenant_cache[tid].notification.
tip_expiration_threshold)
result = session.query(models.User, func.count(models.InternalTip.id), func.min(models.InternalTip.expiration_date)) \
.filter(models.InternalTip.tid == tid,
models.ReceiverTip.internaltip_id == models.InternalTip.id,
models.InternalTip.expiration_date < threshold,
models.User.id == models.ReceiverTip.receiver_id) \
.group_by(models.User.id) \
.having(func.count(models.InternalTip.id) > 0) \
.all()
for x in result:
user = x[0]
expiring_submission_count = x[1]
earliest_expiration_date = x[2]
user_desc = user_serialize_user(session, user, user.language)
data = {
'type':
u'tip_expiration_summary',
'node':
db_admin_serialize_node(session, tid, user.language),
'notification':
db_get_notification(session, tid, user.language),
'user':
user_desc,
'expiring_submission_count':
expiring_submission_count,
'earliest_expiration_date':
datetime_to_ISO8601(earliest_expiration_date)
}
subject, body = Templating().get_mail_subject_and_body(data)
session.add(
models.Mail({
'tid': tid,
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def _generate_admin_alert_mail(store, alert):
for user_desc in db_get_admin_users(store):
user_language = user_desc['language']
data = {
'type': u'admin_anomaly',
'node': db_admin_serialize_node(store, user_language),
'notification': db_get_notification(store, user_language),
'alert': alert
}
subject, body = Templating().get_mail_subject_and_body(data)
store.add(models.Mail({
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def prepare_user_pgp_alerts(self, store, user_desc):
user_language = user_desc['language']
data = {
'type': u'pgp_alert',
'node': db_admin_serialize_node(store, user_language),
'notification': db_get_notification(store, user_language),
'user': user_desc
}
subject, body = Templating().get_mail_subject_and_body(data)
store.add(
models.Mail({
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def db_create_identityaccessrequest_notifications(session, tid, itip, rtip,
iar):
"""
Transaction for the creation of notifications related to identity access requests
:param session: An ORM session
:param tid: A tenant ID on which the request is issued
:param itip: A itip ID of the tip involved in the request
:param rtip: A rtip ID of the rtip involved in the request
:param iar: A identity access request model
"""
for user in session.query(models.User).filter(
models.User.role == 'custodian', models.User.tid == tid,
models.User.notification.is_(True)):
context = session.query(models.Context).filter(
models.Context.id == itip.context_id,
models.Context.tid == tid).one()
data = {'type': 'identity_access_request'}
data['user'] = user_serialize_user(session, user, user.language)
data['tip'] = serialize_rtip(session, rtip, itip, user.language)
data['context'] = admin_serialize_context(session, context,
user.language)
data['iar'] = serialize_identityaccessrequest(session, iar)
data['node'] = db_admin_serialize_node(session, tid, user.language)
if data['node']['mode'] == 'default':
data['notification'] = db_get_notification(session, tid,
user.language)
else:
data['notification'] = db_get_notification(session, 1,
user.language)
subject, body = Templating().get_mail_subject_and_body(data)
session.add(
models.Mail({
'address': data['user']['mail_address'],
'subject': subject,
'body': body,
'tid': tid
}))
def check_for_expiring_submissions(self, store):
threshold = datetime_now() + timedelta(
hours=State.tenant_cache[1].notif.tip_expiration_threshold)
for user in store.find(models.User, role=u'receiver'):
itip_ids = [
id for id in store.find(
models.InternalTip.id, models.ReceiverTip.internaltip_id ==
models.InternalTip.id, models.InternalTip.expiration_date <
threshold, models.ReceiverTip.receiver_id ==
models.Receiver.id, models.Receiver.id == user.id)
]
if not len(itip_ids):
continue
earliest_expiration_date = store.find(
Min(models.InternalTip.expiration_date),
In(models.InternalTip.id, itip_ids)).one()
user_desc = user_serialize_user(store, user, user.language)
data = {
'type': u'tip_expiration_summary',
'node': db_admin_serialize_node(store, user.language),
'notification': db_get_notification(store, user.language),
'user': user_desc,
'expiring_submission_count': len(itip_ids),
'earliest_expiration_date': earliest_expiration_date
}
subject, body = Templating().get_mail_subject_and_body(data)
store.add(
models.Mail({
'address': user_desc['mail_address'],
'subject': subject,
'body': body
}))
def check_for_expiring_submissions(self, store):
threshold = datetime_now() + timedelta(
hours=GLSettings.memory_copy.notif.tip_expiration_threshold)
receivers = store.find(models.Receiver)
for receiver in receivers:
rtips = store.find(
models.ReceiverTip,
models.ReceiverTip.internaltip_id == models.InternalTip.id,
models.InternalTip.expiration_date < threshold,
models.ReceiverTip.receiver_id == models.Receiver.id,
models.Receiver.id == receiver.id)
if rtips.count() == 0:
continue
user = receiver.user
language = user.language
node_desc = db_admin_serialize_node(store, language)
notification_desc = db_get_notification(store, language)
receiver_desc = admin_serialize_receiver(store, receiver, language)
if rtips.count() == 1:
rtip = rtips[0]
tip_desc = serialize_rtip(store, rtip, user.language)
context_desc = admin_serialize_context(
store, rtip.internaltip.context, language)
data = {
'type': u'tip_expiration',
'node': node_desc,
'context': context_desc,
'receiver': receiver_desc,
'notification': notification_desc,
'tip': tip_desc
}
else:
tips_desc = []
earliest_expiration_date = datetime_never()
for rtip in rtips:
if rtip.internaltip.expiration_date < earliest_expiration_date:
earliest_expiration_date = rtip.internaltip.expiration_date
tips_desc.append(serialize_rtip(store, rtip,
user.language))
data = {
'type':
u'tip_expiration_summary',
'node':
node_desc,
'notification':
notification_desc,
'receiver':
receiver_desc,
'expiring_submission_count':
rtips.count(),
'earliest_expiration_date':
datetime_to_ISO8601(earliest_expiration_date)
}
subject, body = Templating().get_mail_subject_and_body(data)
mail = models.Mail({
'address': receiver_desc['mail_address'],
'subject': subject,
'body': body
})
store.add(mail)
