def autorelease(self, uuid):
"release a message without logging in"
releasereq = get_releasereq(uuid)
if not releasereq:
abort(404)
released = False
msgid = releasereq.messageid
to_address = _('Unknown')
errormsg = _('The message has already been released,'
' you can only use the release link once')
if releasereq.released is False:
try:
msg = Session.query(Message)\
.filter(Message.id == releasereq.messageid)\
.one()
except (NoResultFound, MultipleResultsFound):
abort(404)
msgid = msg.messageid
to_address = msg.to_address
try:
if msg.isdangerous and c.user and c.user.is_peleb:
raise ValueError
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
cdte = convert_date(msg.timestamp, localtmz).strftime('%Y%m%d')
task = release_message.apply_async(
args=[msg.messageid,
cdte,
msg.from_address,
msg.to_address.split(','),
msg.msgfiles],
routing_key=system_hostname() if
asbool(config.get('ms.quarantine.shared', 'false'))
else msg.hostname.strip())
task.wait(30)
if task.status == 'SUCCESS':
result = task.result
if result['success']:
update_autorelease.apply_async(args=[uuid])
errormsg = result['error']
released = result['success']
except (ValueError, socket.error, TimeoutError, QueueNotFound):
released = False
errormsg = _('Processing of message failed')
log.info(errormsg)
result = dict(success=False, error=errormsg)
c.messageid = msgid
c.errormsg = errormsg
c.released = released
c.releaseaddress = to_address
return self.render('/messages/autorelease.html')
def autorelease(self, uuid):
"release a message without logging in"
releasereq = get_releasereq(uuid)
if not releasereq:
abort(404)
released = False
msgid = releasereq.messageid
to_address = _('Unknown')
errormsg = _('The message has already been released,'
' you can only use the release link once')
if releasereq.released is False:
try:
msg = Session.query(Message)\
.filter(Message.id == releasereq.messageid)\
.one()
except (NoResultFound, MultipleResultsFound):
abort(404)
msgid = msg.messageid
to_address = msg.to_address
try:
if msg.isdangerous and c.user and c.user.is_peleb:
raise ValueError
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
cdte = convert_date(msg.timestamp, localtmz).strftime('%Y%m%d')
task = release_message.apply_async(
args=[
msg.messageid, cdte, msg.from_address,
msg.to_address.split(','), msg.msgfiles
],
routing_key=system_hostname() if asbool(
config.get('ms.quarantine.shared',
'false')) else msg.hostname.strip())
task.wait(30)
if task.status == 'SUCCESS':
result = task.result
if result['success']:
update_autorelease.apply_async(args=[uuid])
errormsg = result['error']
released = result['success']
except (ValueError, socket.error, TimeoutError, QueueNotFound):
released = False
errormsg = _('Processing of message failed')
log.info(errormsg)
result = dict(success=False, error=errormsg)
c.messageid = msgid
c.errormsg = errormsg
c.released = released
c.releaseaddress = to_address
return self.render('/messages/autorelease.html')
def autorelease(self, uuid):
"release a message without logging in"
releasereq = self._get_releasereq(uuid)
if not releasereq:
abort(404)
released = False
msgid = releasereq.messageid
to_address = _('Unknown')
errormsg = _('The message has already been released,'
' you can only use the release link once')
if releasereq.released == False:
try:
msg = Session.query(Message)\
.filter(Message.id == releasereq.messageid)\
.one()
except (NoResultFound, MultipleResultsFound):
abort(404)
msgid = msg.messageid
to_address = msg.to_address
try:
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
task = release_message.apply_async(
args=[msg.messageid,
convert_date(msg.timestamp, localtmz).strftime('%Y%m%d'),
msg.from_address,
msg.to_address.split(',')],
queue=msg.hostname)
task.wait(30)
if task.status == 'SUCCESS':
result = task.result
if result['success']:
update_autorelease.apply_async(args=[uuid])
errormsg = result['error']
released = result['success']
except (ValueError, socket.error, TimeoutError, QueueNotFound):
released = False
errormsg = _('Processing of message failed')
result = dict(success=False, error=errormsg)
c.messageid = msgid
c.errormsg = errormsg
c.released = released
c.releaseaddress = to_address
return render('/messages/autorelease.html')
def preview(self, id, archive=None, attachment=None, img=None,
allowimgs=None):
"""Preview a message stored in the quarantine
:param id: the database message id
:param archive: optional. message archived status
:param attachment: optional. request is for an attachmeny
:param img: optional request is for an image
:param allowimgs: optional allow display of remote images
"""
if archive:
message = self._get_archive(id)
else:
message = self._get_message(id)
if not message:
abort(404)
try:
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
args = [message.messageid,
convert_date(message.timestamp, localtmz).strftime('%Y%m%d'),
attachment,
img,
allowimgs]
task = preview_msg.apply_async(args=args,
queue=message.hostname.strip())
task.wait(30)
if task.result:
if img:
if message.isdangerous and c.user.is_peleb:
abort(404)
response.content_type = task.result['content_type']
if task.result and 'img' in task.result:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username,
1, unicode(info), request.host,
request.remote_addr, now())
return base64.decodestring(task.result['img'])
abort(404)
if attachment:
if message.isdangerous and c.user.is_peleb:
raise ValueError
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username,
1, unicode(info), request.host,
request.remote_addr, now())
response.content_type = task.result['mimetype']
content_disposition = 'attachment; filename="%s"' % \
task.result['name'].encode('ascii', 'replace')
response.headers['Content-Disposition'] = str(content_disposition)
response.headers['Content-Length'] = len(task.result['attachment'])
response.headers['Pragma'] = 'public'
response.headers['Cache-Control'] = 'max-age=0'
return base64.decodestring(task.result['attachment'])
for part in task.result['parts']:
if part['type'] == 'html':
html = fromstring(part['content'])
for element, attribute, link, pos in iterlinks(html):
if not link.startswith('cid:'):
if not allowimgs and attribute == 'src':
element.attrib['src'] = '%simgs/blocked.gif' % media_url()
element.attrib['title'] = link
flash(_('This message contains external images, which have been blocked. ') +
literal(link_to(_('Display images'),
url('message-preview-archived-with-imgs', id=id) \
if archive else url('message-preview-with-imgs', id=id),
class_='uline')))
else:
imgname = link.replace('cid:', '')
element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \
if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id)
part['content'] = tostring(html)
c.message = task.result
info = MSGPREVIEW_MSG % dict(m=message.id)
audit_log(c.user.username,
1, unicode(info), request.host,
request.remote_addr, now())
else:
c.message = {}
except (socket.error, TimeoutError, QueueNotFound):
flash_alert(_('The message could not be previewed, try again later'))
whereto = url('message-archive', id=id) if archive else url('message-detail', id=id)
redirect(whereto)
except ValueError:
flash_alert(_('The attachment is either prohibited or dangerous.'
' Contact your system admin for assistance'))
whereto = url('message-archive', msgid=msgid) if archive \
else url('message-detail', msgid=msgid)
redirect(whereto)
c.messageid = message.messageid
c.id = message.id
c.archived = archive
c.isdangerous = message.isdangerous
return render('/messages/preview.html')
def quarantine(self, page=1, direction='dsc', order_by='timestamp',
section=None, format=None):
"quarantined messages"
filters = session.get('filter_by', None)
num_items = session.get('msgs_num_items', 50)
if direction == 'dsc':
sort = desc(order_by)
else:
sort = order_by
messages = self._get_messages().filter(
Message.isquarantined == 1).order_by(sort)
msgcount = self._get_msg_count().filter(
Message.isquarantined == 1)
query = UserFilter(Session, c.user, messages)
countquery = UserFilter(Session, c.user, msgcount)
messages = query.filter()
msgcount = countquery.filter()
if section:
if section == 'spam':
messages = messages.filter(Message.spam == 1)
msgcount = messages.filter(Message.spam == 1)
else:
messages = messages.filter(Message.spam == 0)
msgcount = messages.filter(Message.spam == 0)
if filters:
dynq = DynaQuery(Message, messages, filters)
dynmsgq = DynaQuery(Message, msgcount, filters)
messages = dynq.generate()
msgcount = dynmsgq.generate()
c.order_by = order_by
c.direction = direction
c.section = section
msgcount = msgcount.count()
c.form = BulkReleaseForm(request.POST, csrf_context=session)
if request.POST:
choices = session.get('bulk_items', [])
else:
pages = paginate.Page(messages, page=int(page),
items_per_page=num_items,
item_count=msgcount)
choices = [(str(message.id), message.id)
for message in pages.items]
session['bulk_items'] = choices
session.save()
c.form.message_id.choices = choices
if request.POST and c.form.validate() and choices:
msgs = Session.query(Message.id,
Message.messageid,
Message.from_address,
Message.timestamp, Message.to_address,
Message.hostname)\
.filter(Message.id.in_(c.form.message_id.data))
query = UserFilter(Session, c.user, msgs)
msgs = query.filter()
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
formvals = (dict(release=c.form.release.data,
learn=c.form.learn.data,
salearn_as=c.form.learnas.data,
todelete=c.form.delete.data,
use_alt=c.form.usealt.data,
altrecipients=c.form.altrecipients.data,
message_id=msg.messageid,
from_address=msg.from_address,
date=convert_date(msg.timestamp, localtmz).strftime('%Y%m%d'),
to_address=msg.to_address,
hostname=msg.hostname,
mid=msg.id)
for msg in msgs)
taskset = TaskSet(tasks=(
process_quarantined_msg.subtask(
args=[formval],
options=dict(queue=formval['hostname'])
) for formval in formvals
)
)
if formvals:
try:
task = taskset.apply_async()
task.save(dbbackend)
session['bulk_items'] = []
if not 'taskids' in session:
session['taskids'] = []
session['taskids'].append(task.taskset_id)
session['bulkprocess-count'] = 1
session.save()
redirect(url('messages-bulk-process',
taskid=task.taskset_id))
except QueueNotFound:
flash_alert(_('The messages could not processed'
', try again later'))
elif request.POST and not c.form.validate():
flash_alert(_(u', '.join([unicode(c.form.errors[err][0])
for err in c.form.errors])))
pages = paginate.Page(messages, page=int(page),
items_per_page=num_items,
item_count=msgcount)
if format == 'json':
response.headers['Content-Type'] = 'application/json'
data = convert_to_json(pages,
direction=direction,
order_by=order_by,
section=section)
return data
c.page = pages
return render('/messages/quarantine.html')
def detail(self, id, archive=None, format=None):
"return message detail"
message = self._get_msg(id, archive)
if not message:
abort(404)
msgstatus = Session.query(MessageStatus)\
.filter(MessageStatus.messageid==message.messageid)\
.all()
show_trail = request.GET.get('t', None)
c.form = ReleaseMsgForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
job = dict(release=c.form.release.data,
learn=c.form.learn.data,
salearn_as=c.form.learnas.data,
todelete=c.form.delete.data,
use_alt=c.form.usealt.data,
altrecipients=c.form.altrecipients.data,
message_id=message.messageid,
from_address=message.from_address,
date=convert_date(message.timestamp, localtmz).strftime('%Y%m%d'),
to_address=message.to_address,
hostname=message.hostname,
mid=message.id)
try:
task = process_quarantined_msg.apply_async(
args=[job], queue=message.hostname)
task.wait(30)
if task.status == 'SUCCESS':
# process response
html = process_release_results(
c, message, task.result,
Session)
self.invalidate = 1
message = self._get_msg(id, archive)
flash(html)
else:
html = _('Processing the request failed')
flash_alert(html)
except (TimeoutError, QueueNotFound):
html = _('Processing the request failed')
flash_alert(html)
if format == 'json':
flash.pop_messages()
response.headers['Content-Type'] = 'application/json'
return json.dumps(dict(result=html))
elif request.POST and not c.form.validate():
flash_alert(_(u', '.join([unicode(c.form.errors[err][0])
for err in c.form.errors])))
if format == 'json':
html = flash.pop_messages()
response.headers['Content-Type'] = 'application/json'
return json.dumps(dict(result=unicode(html[0])))
if format == 'json':
response.headers['Content-Type'] = 'application/json'
return json.dumps(message.tojson)
c.msg = message
c.archived = archive
c.show_trail = show_trail
c.msgstatus = msgstatus
return render('/messages/detail.html')
def preview(self,
msgid,
archive=None,
attachment=None,
img=None,
allowimgs=None,
richformat=None):
"""Preview a message stored in the quarantine
:param msgid: the database message id
:param archive: optional. message archived status
:param attachment: optional. request is for an attachmeny
:param img: optional request is for an image
:param allowimgs: optional allow display of remote images
:param richformat: show html format
"""
if archive:
message = self._get_archive(msgid)
else:
message = self._get_message(msgid)
if not message:
abort(404)
try:
if message.isdangerous and c.user.is_peleb:
raise ValueError
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
cdte = convert_date(message.timestamp, localtmz).strftime('%Y%m%d')
args = [
message.messageid, cdte, message.msgfiles, attachment, img,
allowimgs
]
task = preview_msg.apply_async(
args=args,
routing_key=system_hostname() if asbool(
config.get('ms.quarantine.shared',
'false')) else message.hostname.strip())
task.wait(30)
if task.result:
if img:
if message.isdangerous and c.user.is_peleb:
abort(404)
response.content_type = task.result['content_type']
if task.result and 'img' in task.result:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username, 1, unicode(info),
request.host, request.remote_addr,
arrow.utcnow().datetime)
return base64.decodestring(task.result['img'])
abort(404)
if attachment:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username, 1, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
response.content_type = task.result['mimetype']
content_disposition = 'attachment; filename="%s"' % \
task.result['name'].encode('ascii', 'replace')
response.headers['Content-Disposition'] = \
str(content_disposition)
response.headers['Content-Length'] = \
len(task.result['attachment'])
response.headers['Pragma'] = 'public'
response.headers['Cache-Control'] = 'max-age=0'
return base64.decodestring(task.result['attachment'])
for part in task.result['parts']:
if part['type'] == 'text/html':
local_rf = (not task.result['is_multipart']
or richformat)
part['content'] = image_fixups(part['content'], msgid,
archive, local_rf,
allowimgs)
c.message = task.result
info = MSGPREVIEW_MSG % dict(m=message.id)
audit_log(c.user.username, 1, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
c.message = {}
except (socket.error, TimeoutError, QueueNotFound):
lmsg = _('The message could not be previewed, try again later')
flash_alert(lmsg)
log.info(lmsg)
whereto = url('message-archive', msgid=msgid) if archive \
else url('message-detail', msgid=msgid)
redirect(whereto)
except ValueError:
lmsg = _('The message/attachments are either prohibited or'
' dangerous. Contact your system admin for assistance')
flash_alert(lmsg)
log.info(lmsg)
whereto = url('message-archive', msgid=msgid) if archive \
else url('message-detail', msgid=msgid)
redirect(whereto)
c.messageid = message.messageid
c.msgid = message.id
c.archived = archive
c.richformat = richformat
c.isdangerous = message.isdangerous
# print c.message
return self.render('/messages/preview.html')
def quarantine(self,
page=1,
direction='dsc',
order_by='timestamp',
section=None,
format=None):
"quarantined messages"
filters = session.get('filter_by', None)
num_items = session.get('msgs_num_items', 50)
if direction == 'dsc':
sort = desc(order_by)
else:
sort = order_by
messages = get_messages().filter(
Message.isquarantined == 1).order_by(sort)
msgcount = get_msg_count().filter(Message.isquarantined == 1)
query = UserFilter(Session, c.user, messages)
countquery = UserFilter(Session, c.user, msgcount)
messages = query.filter()
msgcount = countquery.filter()
if section:
if section == 'spam':
messages = messages.filter(Message.spam == 1)
msgcount = messages.filter(Message.spam == 1)
else:
messages = messages.filter(Message.spam == 0)
msgcount = messages.filter(Message.spam == 0)
if filters:
dynq = DynaQuery(Message, messages, filters)
dynmsgq = DynaQuery(Message, msgcount, filters)
messages = dynq.generate()
msgcount = dynmsgq.generate()
c.order_by = order_by
c.direction = direction
c.section = section
msgcount = msgcount.count()
c.form = BulkReleaseForm(request.POST, csrf_context=session)
if request.method == 'POST':
choices = session.get('bulk_items', [])
else:
pages = paginate.Page(messages,
page=int(page),
items_per_page=num_items,
item_count=msgcount)
choices = [(str(message.id), message.id)
for message in pages.items]
session['bulk_items'] = choices
session.save()
c.form.message_id.choices = choices
if request.method == 'POST' and c.form.validate() and choices:
msgs = Session.query(Message.id,
Message.messageid,
Message.from_address,
Message.timestamp, Message.to_address,
Message.hostname, Message.msgfiles)\
.filter(Message.id.in_(c.form.message_id.data))
query = UserFilter(Session, c.user, msgs)
msgs = query.filter()
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
formvals = (dict(release=c.form.release.data,
learn=c.form.learn.data,
salearn_as=c.form.learnas.data,
todelete=c.form.delete.data,
use_alt=c.form.usealt.data,
altrecipients=c.form.altrecipients.data,
message_id=msg.messageid,
from_address=msg.from_address,
date=convert_date(msg.timestamp,
localtmz).strftime('%Y%m%d'),
msgfiles=msg.msgfiles,
to_address=msg.to_address,
hostname=msg.hostname,
mid=msg.id,
num=num_items) for msg in msgs)
if formvals:
try:
subtasks = [
process_quarantined_msg.subtask(
args=[formval],
options=dict(
routing_key=system_hostname() if asbool(
config.get('ms.quarantine.shared', 'false')
) else formval['hostname']))
for formval in formvals
]
task = group(subtasks).apply_async()
task.save(backend=RBACKEND)
session['bulk_items'] = []
if 'taskids' not in session:
session['taskids'] = []
session['taskids'].append(task.id)
session['bulkprocess-count'] = 1
session.save()
redirect(url('messages-bulk-process', taskid=task.id))
except (QueueNotFound, OperationalError, IndexError):
flash_alert(
_('The messages could not processed'
', try again later'))
elif request.method == 'POST' and not c.form.validate():
try:
flash_alert(
_(u', '.join([
unicode(c.form.errors[err][0]) for err in c.form.errors
])))
except IndexError:
flash_alert(
_('The messages could not processed'
', an Unknown error occured.'))
pages = paginate.Page(messages,
page=int(page),
items_per_page=num_items,
item_count=msgcount)
if format == 'json':
response.headers['Content-Type'] = 'application/json'
data = convert_to_json(pages,
direction=direction,
order_by=order_by,
section=section)
return data
c.page = pages
return self.render('/messages/quarantine.html')
def detail(self, msgid, archive=None, format=None):
"return message detail"
message = self._get_msg(msgid, archive)
if not message:
abort(404)
msgstatus = Session.query(MessageStatus)\
.filter(MessageStatus.messageid == message.messageid)\
.all()
show_trail = request.GET.get('t', None)
c.form = ReleaseMsgForm(request.POST, csrf_context=session)
if request.method == 'POST' and c.form.validate():
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
job = dict(release=c.form.release.data,
learn=c.form.learn.data,
salearn_as=c.form.learnas.data,
todelete=c.form.delete.data,
use_alt=c.form.usealt.data,
altrecipients=c.form.altrecipients.data,
message_id=message.messageid,
from_address=message.from_address,
date=convert_date(message.timestamp,
localtmz).strftime('%Y%m%d'),
msgfiles=message.msgfiles,
to_address=message.to_address,
hostname=message.hostname,
mid=message.id,
issingle=True)
try:
task = process_quarantined_msg.apply_async(
args=[job],
routing_key=system_hostname() if asbool(
config.get('ms.quarantine.shared',
'false')) else message.hostname)
task.wait(30)
if task.status == 'SUCCESS':
# process response
html = process_release_results(c, message, task.result,
Session, self.render)
self.invalidate = 1
message = self._get_msg(msgid, archive)
flash(html)
else:
html = _('Processing the request failed')
flash_alert(html)
log.info(html)
except (TimeoutError, QueueNotFound):
html = _('Processing the request failed')
flash_alert(html)
log.info(html)
if format == 'json':
flash.pop_messages()
response.headers['Content-Type'] = 'application/json'
return json.dumps(dict(result=html))
elif request.method == 'POST' and not c.form.validate():
flash_alert(
_(u', '.join([
unicode(c.form.errors[err][0]) for err in c.form.errors
])))
if format == 'json':
html = flash.pop_messages()
response.headers['Content-Type'] = 'application/json'
return json.dumps(dict(result=unicode(html[0])))
if format == 'json':
response.headers['Content-Type'] = 'application/json'
return json.dumps(message.tojson)
c.msg = message
c.archived = archive
c.show_trail = show_trail
c.msgstatus = msgstatus
return self.render('/messages/detail.html')
def preview(self, id, archive=None, attachment=None, img=None,
allowimgs=None):
if archive:
message = self._get_archive(id)
else:
message = self._get_message(id)
if not message:
abort(404)
try:
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
args = [message.messageid,
convert_date(message.timestamp, localtmz).strftime('%Y%m%d'),
attachment,
img,
allowimgs]
task = preview_msg.apply_async(args=args,
queue=message.hostname.strip())
task.wait(30)
if task.result:
if img:
response.content_type = task.result['content_type']
if task.result and 'img' in task.result:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username,
1, info, request.host,
request.remote_addr, now())
return base64.decodestring(task.result['img'])
abort(404)
if attachment:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username,
1, info, request.host,
request.remote_addr, now())
response.content_type = task.result['mimetype']
content_disposition = 'attachment; filename="%s"' % \
task.result['name'].encode('ascii', 'replace')
response.headers['Content-Disposition'] = str(content_disposition)
response.headers['Content-Length'] = len(task.result['attachment'])
response.headers['Pragma'] = 'public'
response.headers['Cache-Control'] = 'max-age=0'
return base64.decodestring(task.result['attachment'])
for part in task.result['parts']:
if part['type'] == 'html':
html = fromstring(part['content'])
for element, attribute, link, pos in iterlinks(html):
if not link.startswith('cid:'):
if not allowimgs and attribute == 'src':
element.attrib['src'] = '%simgs/blocked.gif' % media_url()
element.attrib['title'] = link
flash(_('This message contains external images, which have been blocked. ') +
literal(link_to(_('Display images'),
url('message-preview-archived-with-imgs', id=id) \
if archive else url('message-preview-with-imgs', id=id),
class_='uline')))
else:
imgname = link.replace('cid:', '')
element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \
if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id)
part['content'] = tostring(html)
c.message = task.result
info = MSGPREVIEW_MSG % dict(m=message.id)
audit_log(c.user.username,
1, info, request.host,
request.remote_addr, now())
else:
c.message = {}
except (socket.error, TimeoutError, QueueNotFound):
flash_alert(_('The message could not be previewed, try again later'))
whereto = url('message-archive', id=id) if archive else url('message-detail', id=id)
redirect(whereto)
c.messageid = message.messageid
c.id = message.id
c.archived = archive
return render('/messages/preview.html')
def preview(self, msgid, archive=None, attachment=None, img=None,
allowimgs=None, richformat=None):
"""Preview a message stored in the quarantine
:param msgid: the database message id
:param archive: optional. message archived status
:param attachment: optional. request is for an attachmeny
:param img: optional request is for an image
:param allowimgs: optional allow display of remote images
:param richformat: show html format
"""
if archive:
message = self._get_archive(msgid)
else:
message = self._get_message(msgid)
if not message:
abort(404)
try:
if message.isdangerous and c.user.is_peleb:
raise ValueError
localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
cdte = convert_date(message.timestamp, localtmz).strftime('%Y%m%d')
args = [message.messageid,
cdte,
message.msgfiles,
attachment,
img,
allowimgs]
task = preview_msg.apply_async(args=args,
routing_key=system_hostname() if
asbool(config.get('ms.quarantine.shared', 'false'))
else message.hostname.strip())
task.wait(30)
if task.result:
if img:
if message.isdangerous and c.user.is_peleb:
abort(404)
response.content_type = task.result['content_type']
if task.result and 'img' in task.result:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username,
1, unicode(info), request.host,
request.remote_addr, arrow.utcnow().datetime)
return base64.decodestring(task.result['img'])
abort(404)
if attachment:
info = MSGDOWNLOAD_MSG % dict(m=message.id,
a=task.result['name'])
audit_log(c.user.username,
1, unicode(info), request.host,
request.remote_addr, arrow.utcnow().datetime)
response.content_type = task.result['mimetype']
content_disposition = 'attachment; filename="%s"' % \
task.result['name'].encode('ascii', 'replace')
response.headers['Content-Disposition'] = \
str(content_disposition)
response.headers['Content-Length'] = \
len(task.result['attachment'])
response.headers['Pragma'] = 'public'
response.headers['Cache-Control'] = 'max-age=0'
return base64.decodestring(task.result['attachment'])
for part in task.result['parts']:
if part['type'] == 'text/html':
local_rf = (not task.result['is_multipart']
or richformat)
part['content'] = image_fixups(
part['content'],
msgid, archive,
local_rf, allowimgs)
c.message = task.result
info = MSGPREVIEW_MSG % dict(m=message.id)
audit_log(c.user.username,
1, unicode(info), request.host,
request.remote_addr, arrow.utcnow().datetime)
else:
c.message = {}
except (socket.error, TimeoutError, QueueNotFound):
lmsg = _('The message could not be previewed, try again later')
flash_alert(lmsg)
log.info(lmsg)
whereto = url('message-archive', msgid=msgid) if archive \
else url('message-detail', msgid=msgid)
redirect(whereto)
except ValueError:
lmsg = _('The message/attachments are either prohibited or'
' dangerous. Contact your system admin for assistance')
flash_alert(lmsg)
log.info(lmsg)
whereto = url('message-archive', msgid=msgid) if archive \
else url('message-detail', msgid=msgid)
redirect(whereto)
c.messageid = message.messageid
c.msgid = message.id
c.archived = archive
c.richformat = richformat
c.isdangerous = message.isdangerous
# print c.message
return self.render('/messages/preview.html')
