def process_mail_creation(self, session, tid, data): user_id = data['user']['id'] language = data['user']['language'] # Do not spool emails if the receiver has disabled notifications if not data['user']['notification'] or ('tip' in data and not data['tip']['enable_notifications']): log.debug("Discarding emails for %s due to receiver's preference.", user_id) return data['node'] = self.serialize_config(session, 'node', tid, language) data['submission_statuses'] = db_get_submission_statuses(session, tid, language) if data['node']['mode'] == 'default': data['notification'] = self.serialize_config(session, 'notification', tid, language) else: data['notification'] = self.serialize_config(session, 'notification', 1, language) subject, body = Templating().get_mail_subject_and_body(data) # If the receiver has encryption enabled encrypt the mail body if data['user']['pgp_key_public']: pgpctx = PGPContext(self.state.settings.tmp_path) fingerprint = pgpctx.load_key(data['user']['pgp_key_public'])['fingerprint'] body = pgpctx.encrypt_message(fingerprint, body) session.add(models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': tid, }))
def process_mail_creation(self, store, data): # https://github.com/globaleaks/GlobaLeaks/issues/798 # TODO: the current solution is global and configurable only by the admin receiver_id = data['receiver']['id'] sent_emails = GLSettings.get_mail_counter(receiver_id) if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour: log.debug( "Discarding emails for receiver %s due to threshold already exceeded for the current hour" % receiver_id) return GLSettings.increment_mail_counter(receiver_id) if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour: log.info( "Reached threshold of %d emails with limit of %d for receiver %s" % (sent_emails, GLSettings.memory_copy.notification_threshold_per_hour, receiver_id)) # simply changing the type of the notification causes # to send the notification_limit_reached data['type'] = u'receiver_notification_limit_reached' data['notification'] = db_get_notification( store, data['receiver']['language']) data['node'] = db_admin_serialize_node(store, data['receiver']['language']) if not data['node']['allow_unencrypted'] and data['receiver'][ 'pgp_key_status'] != u'enabled': return subject, body = Templating().get_mail_subject_and_body(data) # If the receiver has encryption enabled encrypt the mail body if data['receiver']['pgp_key_status'] == u'enabled': gpob = GLBPGP() try: gpob.load_key(data['receiver']['pgp_key_public']) body = gpob.encrypt_message( data['receiver']['pgp_key_fingerprint'], body) except Exception as excep: log.err( "Error in PGP interface object (for %s: %s)! (notification+encryption)" % (data['receiver']['username'], str(excep))) return finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() mail = models.Mail({ 'address': data['receiver']['mail_address'], 'subject': subject, 'body': body }) store.add(mail)
def certificate_mail_creation(self, store, expiration_date): for user_desc in db_get_admin_users(store): lang = user_desc['language'] template_vars = { 'type': 'https_certificate_expiration', 'expiration_date': expiration_date, 'node': db_admin_serialize_node(store, lang), 'notification': db_get_notification(store, lang) } subject, body = Templating().get_mail_subject_and_body( template_vars) # encrypt the notification if the admin has configured the issue. pub_key = user_desc['pgp_key_public'] if len(pub_key) > 0: body = encrypt_pgp_message(pub_key, user_desc['pgp_key_fingerprint'], body) store.add( models.Mail({ 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def process_mail_creation(self, session, tid, data): user_id = data['user']['id'] # Do not spool emails if the receiver has opted out of ntfns for this tip. if not data['tip']['enable_notifications']: log.debug("Discarding emails for %s due to receiver's preference.", user_id) return # https://github.com/globaleaks/GlobaLeaks/issues/798 # TODO: the current solution is global and configurable only by the admin sent_emails = self.state.get_mail_counter(user_id) if sent_emails >= self.state.tenant_cache[ tid].notification.notification_threshold_per_hour: log.debug( "Discarding emails for receiver %s due to threshold already exceeded for the current hour", user_id) return self.state.increment_mail_counter(user_id) if sent_emails >= self.state.tenant_cache[ tid].notification.notification_threshold_per_hour: log.info( "Reached threshold of %d emails with limit of %d for receiver %s", sent_emails, self.state.tenant_cache[tid].notification. notification_threshold_per_hour, user_id, tid=tid) # simply changing the type of the notification causes # to send the notification_limit_reached data['type'] = u'receiver_notification_limit_reached' data['node'] = self.serialize_config(session, 'node', tid, data['user']['language']) if data['node']['mode'] != u'whistleblowing.it': data['notification'] = self.serialize_config( session, 'notification', tid, data['user']['language']) else: data['notification'] = self.serialize_config( session, 'notification', 1, data['user']['language']) subject, body = Templating().get_mail_subject_and_body(data) # If the receiver has encryption enabled encrypt the mail body if data['user']['pgp_key_public']: pgpctx = PGPContext(self.state.settings.tmp_path) fingerprint = pgpctx.load_key( data['user']['pgp_key_public'])['fingerprint'] body = pgpctx.encrypt_message(fingerprint, body) session.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': tid, }))
def check_for_expiring_submissions(self, store): threshold = datetime_now() - timedelta( GLSettings.memory_copy.tip_expiration_threshold) for itip in store.find(models.InternalTip, models.InternalTip.expiration_date < threshold): for rtip in itip.receivertips: user = rtip.receiver.user language = user.language node_desc = db_admin_serialize_node(store, language) notification_desc = db_get_notification(store, language) context_desc = admin_serialize_context( store, rtip.internaltip.context, language) receiver_desc = admin_serialize_receiver( rtip.receiver, language) tip_desc = serialize_rtip(store, rtip, user.language) data = { 'type': u'tip_expiration', 'node': node_desc, 'context': context_desc, 'receiver': receiver_desc, 'notification': notification_desc, 'tip': tip_desc } subject, body = Templating().get_mail_subject_and_body(data) mail = models.Mail({ 'address': data['receiver']['mail_address'], 'subject': subject, 'body': body }) store.add(mail)
def db_create_identityaccessrequest_notifications(session, tid, itip, rtip, iar): users = session.query(models.User).filter(models.User.role == u'custodian', models.User.notification == True) for user in users: node = db_admin_serialize_node(session, tid, user.language) context = session.query(models.Context).filter( models.Context.id == itip.context_id, models.Context.tid == tid).one() data = {'type': 'identity_access_request'} data['user'] = user_serialize_user(session, user, user.language) data['tip'] = serialize_rtip(session, rtip, itip, user.language) data['context'] = admin_serialize_context(session, context, user.language) data['iar'] = serialize_identityaccessrequest(session, iar) data['node'] = db_admin_serialize_node(session, tid, user.language) if data['node']['mode'] == u'default': data['notification'] = db_get_notification(session, tid, user.language) else: data['notification'] = db_get_notification(session, 1, user.language) subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': tid }))
def db_prepare_mail(self, store, data): subject, body = self.get_mail_subject_and_body(data) mail = models.Mail({ 'address': data['address'], 'subject': subject, 'body': body })
def format_and_send(store, user_desc, template_vars): subject, body = Templating().get_mail_subject_and_body(template_vars) if user_desc['pgp_key_public']: body = encrypt_message(user_desc['pgp_key_public'], body) store.add(models.Mail({ 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def process_mail_creation(self, store, data): user_id = data['user']['id'] # Do not spool emails if the receiver has opted out of ntfns for this tip. if not data['tip']['enable_notifications']: log.debug("Discarding emails for %s due to receiver's preference.", user_id) return # https://github.com/globaleaks/GlobaLeaks/issues/798 # TODO: the current solution is global and configurable only by the admin sent_emails = State.get_mail_counter(user_id) if sent_emails >= State.tenant_cache[ 1].notif.notification_threshold_per_hour: log.debug( "Discarding emails for receiver %s due to threshold already exceeded for the current hour", user_id) return State.increment_mail_counter(user_id) if sent_emails >= State.tenant_cache[ 1].notif.notification_threshold_per_hour: log.info( "Reached threshold of %d emails with limit of %d for receiver %s", sent_emails, State.tenant_cache[1].notif.notification_threshold_per_hour, user_id) # simply changing the type of the notification causes # to send the notification_limit_reached data['type'] = u'receiver_notification_limit_reached' data['notification'] = self.serialize_config(store, 'notification', data['user']['language']) data['node'] = self.serialize_config(store, 'node', data['user']['language']) if not data['node']['allow_unencrypted'] and len( data['user']['pgp_key_public']) == 0: return subject, body = Templating().get_mail_subject_and_body(data) # If the receiver has encryption enabled encrypt the mail body if data['user']['pgp_key_public']: body = encrypt_message(data['user']['pgp_key_public'], body) store.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body }))
def db_check_for_expiring_submissions(self, session): for tid in self.state.tenant_state: threshold = datetime_now() + timedelta( hours=self.state.tenant_cache[tid].notification. tip_expiration_threshold) for user in session.query(models.User).filter( models.User.role == u'receiver', models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid): itip_ids = [ id[0] for id in session.query(models.InternalTip.id).filter( models.InternalTip.tid == tid, models.ReceiverTip. internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.ReceiverTip.receiver_id == user.id) ] if not len(itip_ids): continue earliest_expiration_date = session.query(func.min(models.InternalTip.expiration_date)) \ .filter(models.InternalTip.id.in_(itip_ids)).one()[0] user_desc = user_serialize_user(session, user, user.language) data = { 'type': u'tip_expiration_summary', 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language), 'user': user_desc, 'expiring_submission_count': len(itip_ids), 'earliest_expiration_date': datetime_to_ISO8601(earliest_expiration_date) } subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'tid': tid, 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def format_and_send_mail(self, session, tid, user_desc, template_vars): subject, body = Templating().get_mail_subject_and_body(template_vars) if user_desc.get('pgp_key_public', ''): pgpctx = PGPContext(self.settings.tmp_path) fingerprint = pgpctx.load_key(user_desc['pgp_key_public'])['fingerprint'] body = pgpctx.encrypt_message(fingerprint, body) session.add(models.Mail({ 'address': user_desc['mail_address'], 'subject': subject, 'body': body, 'tid': tid, }))
def db_create_identity_access_reply_notifications(session, itip, rtip, iar): """ Transaction for the creation of notifications related to identity access replies :param session: An ORM session :param itip: A itip ID of the tip involved in the request :param iar: A identity access request model """ from globaleaks.handlers.rtip import serialize_rtip for user in session.query(models.User) \ .filter(models.User.id == rtip.receiver_id, models.User.notification.is_(True)): context = session.query( models.Context).filter(models.Context.id == itip.context_id).one() data = { 'type': 'identity_access_authorized' if iar.reply == 'authorized' else 'identity_access_denied' } data['user'] = user_serialize_user(session, user, user.language) data['tip'] = serialize_rtip(session, rtip, itip, user.language) data['context'] = admin_serialize_context(session, context, user.language) data['iar'] = serialize_identityaccessrequest(session, iar) data['node'] = db_admin_serialize_node(session, user.tid, user.language) if data['node']['mode'] == 'default': data['notification'] = db_get_notification(session, user.tid, user.language) else: data['notification'] = db_get_notification(session, 1, user.language) subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': user.tid }))
def db_check_for_expiring_submissions(self, session, tid): threshold = datetime_now() + timedelta( hours=self.state.tenant_cache[tid].notification. tip_expiration_threshold) result = session.query(models.User, func.count(models.InternalTip.id), func.min(models.InternalTip.expiration_date)) \ .filter(models.InternalTip.tid == tid, models.ReceiverTip.internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.User.id == models.ReceiverTip.receiver_id) \ .group_by(models.User.id) \ .having(func.count(models.InternalTip.id) > 0) \ .all() for x in result: user = x[0] expiring_submission_count = x[1] earliest_expiration_date = x[2] user_desc = user_serialize_user(session, user, user.language) data = { 'type': u'tip_expiration_summary', 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language), 'user': user_desc, 'expiring_submission_count': expiring_submission_count, 'earliest_expiration_date': datetime_to_ISO8601(earliest_expiration_date) } subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'tid': tid, 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def _generate_admin_alert_mail(store, alert): for user_desc in db_get_admin_users(store): user_language = user_desc['language'] data = { 'type': u'admin_anomaly', 'node': db_admin_serialize_node(store, user_language), 'notification': db_get_notification(store, user_language), 'alert': alert } subject, body = Templating().get_mail_subject_and_body(data) store.add(models.Mail({ 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def prepare_user_pgp_alerts(self, store, user_desc): user_language = user_desc['language'] data = { 'type': u'pgp_alert', 'node': db_admin_serialize_node(store, user_language), 'notification': db_get_notification(store, user_language), 'user': user_desc } subject, body = Templating().get_mail_subject_and_body(data) store.add( models.Mail({ 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def db_create_identityaccessrequest_notifications(session, tid, itip, rtip, iar): """ Transaction for the creation of notifications related to identity access requests :param session: An ORM session :param tid: A tenant ID on which the request is issued :param itip: A itip ID of the tip involved in the request :param rtip: A rtip ID of the rtip involved in the request :param iar: A identity access request model """ for user in session.query(models.User).filter( models.User.role == 'custodian', models.User.tid == tid, models.User.notification.is_(True)): context = session.query(models.Context).filter( models.Context.id == itip.context_id, models.Context.tid == tid).one() data = {'type': 'identity_access_request'} data['user'] = user_serialize_user(session, user, user.language) data['tip'] = serialize_rtip(session, rtip, itip, user.language) data['context'] = admin_serialize_context(session, context, user.language) data['iar'] = serialize_identityaccessrequest(session, iar) data['node'] = db_admin_serialize_node(session, tid, user.language) if data['node']['mode'] == 'default': data['notification'] = db_get_notification(session, tid, user.language) else: data['notification'] = db_get_notification(session, 1, user.language) subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': tid }))
def check_for_expiring_submissions(self, store): threshold = datetime_now() + timedelta( hours=State.tenant_cache[1].notif.tip_expiration_threshold) for user in store.find(models.User, role=u'receiver'): itip_ids = [ id for id in store.find( models.InternalTip.id, models.ReceiverTip.internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.ReceiverTip.receiver_id == models.Receiver.id, models.Receiver.id == user.id) ] if not len(itip_ids): continue earliest_expiration_date = store.find( Min(models.InternalTip.expiration_date), In(models.InternalTip.id, itip_ids)).one() user_desc = user_serialize_user(store, user, user.language) data = { 'type': u'tip_expiration_summary', 'node': db_admin_serialize_node(store, user.language), 'notification': db_get_notification(store, user.language), 'user': user_desc, 'expiring_submission_count': len(itip_ids), 'earliest_expiration_date': earliest_expiration_date } subject, body = Templating().get_mail_subject_and_body(data) store.add( models.Mail({ 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def check_for_expiring_submissions(self, store): threshold = datetime_now() + timedelta( hours=GLSettings.memory_copy.notif.tip_expiration_threshold) receivers = store.find(models.Receiver) for receiver in receivers: rtips = store.find( models.ReceiverTip, models.ReceiverTip.internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.ReceiverTip.receiver_id == models.Receiver.id, models.Receiver.id == receiver.id) if rtips.count() == 0: continue user = receiver.user language = user.language node_desc = db_admin_serialize_node(store, language) notification_desc = db_get_notification(store, language) receiver_desc = admin_serialize_receiver(store, receiver, language) if rtips.count() == 1: rtip = rtips[0] tip_desc = serialize_rtip(store, rtip, user.language) context_desc = admin_serialize_context( store, rtip.internaltip.context, language) data = { 'type': u'tip_expiration', 'node': node_desc, 'context': context_desc, 'receiver': receiver_desc, 'notification': notification_desc, 'tip': tip_desc } else: tips_desc = [] earliest_expiration_date = datetime_never() for rtip in rtips: if rtip.internaltip.expiration_date < earliest_expiration_date: earliest_expiration_date = rtip.internaltip.expiration_date tips_desc.append(serialize_rtip(store, rtip, user.language)) data = { 'type': u'tip_expiration_summary', 'node': node_desc, 'notification': notification_desc, 'receiver': receiver_desc, 'expiring_submission_count': rtips.count(), 'earliest_expiration_date': datetime_to_ISO8601(earliest_expiration_date) } subject, body = Templating().get_mail_subject_and_body(data) mail = models.Mail({ 'address': receiver_desc['mail_address'], 'subject': subject, 'body': body }) store.add(mail)