def _SendEmail(exm_key, body):
"""Helper function for sending an Exemption-related email.
Args:
exm_key: The Key of the Exemption.
body: The body of the email.
Raises:
UnsupportedPlatformError: if the platform of the corresponding Host is
unsupported.
"""
platform = exemption_models.Exemption.GetPlatform(exm_key)
host_key = exm_key.parent()
host = host_key.get()
subject = 'Lockdown exemption update: %s' % host.hostname
# Figure out who the email should be sent to.
if platform == constants.PLATFORM.WINDOWS:
to = host.users
elif platform == constants.PLATFORM.MACOS:
to = [host.primary_user]
else:
raise UnsupportedPlatformError(
'Host %s has an unsupported platform: %s' % (host_key.id(), platform))
mail_utils.Send(subject, body, to=to, html=True)
def SetRoles(cls, email_addr, new_roles):
user = User.GetOrInsert(email_addr)
old_roles = set(user.roles)
new_roles = set(new_roles)
all_roles = constants.USER_ROLE.SET_ALL
# Removing all roles would put this user into a bad state, so don't.
if not new_roles:
msg = 'Cannot remove remaining role(s) %s from user %s' % (sorted(
list(old_roles)), user.nickname)
logging.error(msg)
raise NoRolesError(msg)
# Verify that all the roles provided are valid.
invalid_roles = new_roles - all_roles
if invalid_roles:
raise InvalidUserRoleError(', '.join(invalid_roles))
# If no role changes are necessary, bail.
if old_roles == new_roles:
logging.info('No roles changes necessary for %s', user.nickname)
return
# Log the roles changes.
roles_removed = old_roles - new_roles
for role in roles_removed:
logging.info('Removing the %s role from %s', role, user.nickname)
roles_added = new_roles - old_roles
for role in roles_added:
logging.info('Adding the %s role to %s', role, user.nickname)
# Recalculate the voting weight.
voting_weights = settings.VOTING_WEIGHTS
new_vote_weight = max(voting_weights[role] for role in new_roles)
if user.vote_weight != new_vote_weight:
logging.info('Vote weight changing from %d to %d for %s',
user.vote_weight, new_vote_weight, user.nickname)
new_roles = sorted(list(new_roles))
user.roles = new_roles
user.vote_weight = new_vote_weight
user.put()
# Notify the user of the change.
roles_added_str = ', '.join(sorted(roles_added))
roles_removed_str = ', '.join(sorted(roles_removed))
body = template_utils.RenderEmailTemplate(
'user_role_change.html',
roles_added=roles_added_str,
roles_removed=roles_removed_str)
subject = 'Your user roles have changed'
mail_utils.Send(subject, body, to=[user.email], html=True)
# Note the role change in BigQuery.
tables.USER.InsertRow(email=user.email,
timestamp=datetime.datetime.utcnow(),
action=constants.USER_ACTION.ROLE_CHANGE,
roles=new_roles)
def ChangeTransitiveWhitelisting(host_id, enable):
"""Changes the transitive whitelisting state for a SantaHost.
Args:
host_id: The ID of the SantaHost.
enable: Whether to enable or disable transitive whitelisting.
Raises:
UnsupportedClientError: if called against anything other than a SantaHost.
"""
# Only Santa clients are supported.
host = host_models.Host.get_by_id(host_models.Host.NormalizeId(host_id))
if host.GetClientName() != constants.CLIENT.SANTA:
raise UnsupportedClientError(
'Only Santa clients support transitive whitelisting')
# If this is a no-op, just bail now.
if host.transitive_whitelisting_enabled == enable:
logging.warning('Transitive whitelisting is already %s for %s',
'enabled' if enable else 'disabled', host.hostname)
return
# Make the change.
host.transitive_whitelisting_enabled = enable
host.put()
modification = 'enabled' if enable else 'disabled'
logging.info('Transitive whitelisting %s for %s', modification,
host.hostname)
# If enabling transitive whitelisting and the SantaHost has an APPROVED
# Exemption, cancel it.
exm_key = exemption_models.Exemption.CreateKey(host_id)
exm = exm_key.get()
if enable and exm and exm.state == constants.EXEMPTION_STATE.APPROVED:
Cancel(exm_key)
# Notify the user of the mode change.
body = template_utils.RenderEmailTemplate(
'transitive_modified.html',
modification=modification,
device_hostname=host.hostname,
upvote_hostname=env_utils.ENV.HOSTNAME)
subject = 'Developer mode changed: %s' % host.hostname
mail_utils.Send(subject, body, to=[host.primary_user], html=True)
# Note the state change in BigQuery.
comment = 'Transitive whitelisting %s' % modification
tables.HOST.InsertRow(device_id=host_id,
timestamp=datetime.datetime.utcnow(),
action=constants.HOST_ACTION.COMMENT,
hostname=host.hostname,
platform=constants.PLATFORM.MACOS,
users=[host.primary_user],
mode=host.client_mode,
comment=comment)
def testSuccess(self):
mail_utils.Send('subject', 'body', to='to')
self.mock_send.assert_called_once()
def testCheckInitializedException(self):
self.Patch(mail_utils.mail.EmailMessage,
'check_initialized',
side_effect=Exception)
mail_utils.Send('subject', 'body', to='to')
self.mock_send.assert_not_called()
def testNoRecipientsError(self):
with self.assertRaises(mail_utils.NoRecipientsError):
mail_utils.Send('subject', 'body')
self.mock_send.assert_not_called()
def testEmailSent_Prod(self):
self.PatchEnv(settings.ProdEnv)
mail_utils.Send('subject', 'body', to='to')
self.mock_send.assert_called_once()
