def SendRetrievalEmail(permission_type, entity, user, template='retrieval_email.txt', skip_emails=None): """Sends a retrieval notification email. Args: permission_type: string, one of permission.TYPE_* variables. entity: base.BasePassphrase instance of retrieved object. user: base.User object of the user that retrieved the secret. template: str message template. skip_emails: list filter emails from recipients. """ data = { 'entity': entity, 'helpdesk_email': settings.HELPDESK_EMAIL, 'helpdesk_name': settings.HELPDESK_NAME, 'retrieved_by': user.user.email(), 'user': user, 'server_hostname': app_identity.get_default_version_hostname(), } body = util.RenderTemplate(template, data) user_email = user.user.email() try: base_handler.VerifyPermissions(permissions.SILENT_RETRIEVE, user, permission_type) return except base.AccessDeniedError: pass try: # If the user has access to "silently" retrieve keys without the owner # being notified, email only SILENT_AUDIT_ADDRESSES. base_handler.VerifyPermissions( permissions.SILENT_RETRIEVE_WITH_AUDIT_EMAIL, user, permission_type) to = [user_email] + settings.SILENT_AUDIT_ADDRESSES except base.AccessDeniedError: # Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES. to = [user_email] + settings.RETRIEVE_AUDIT_ADDRESSES if entity.owner: if '@' in entity.owner: owner_email = entity.owner else: owner_email = '%s@%s' % (entity.owner, settings.DEFAULT_EMAIL_DOMAIN) to.append(owner_email) if skip_emails: to = [email for email in to if email not in skip_emails] subject_var = '%s_RETRIEVAL_EMAIL_SUBJECT' % entity.ESCROW_TYPE_NAME.upper( ) subject = getattr(settings, subject_var, 'Escrow secret retrieval notification.') util.SendEmail(to, subject, body)
def SendRetrievalEmail(permission_type, entity, user): """Sends a retrieval notification email. Args: permission_type: string, one of permission.TYPE_* variables. entity: models instance of retrieved object. (E.G. FileVaultVolume, DuplicityKeyPair, BitLockerVolume, etc.) user: models.User object of the user that retrieved the secret. """ data = { 'entity': entity, 'helpdesk_email': settings.HELPDESK_EMAIL, 'helpdesk_name': settings.HELPDESK_NAME, 'retrieved_by': user.user.email(), 'user': user, } body = util.RenderTemplate('retrieval_email.txt', data) user_email = user.user.email() try: # If the user has access to "silently" retrieve keys without the owner # being notified, email only SILENT_AUDIT_ADDRESSES. VerifyPermissions(permissions.SILENT_RETRIEVE, user, permission_type) to = [user_email] + settings.SILENT_AUDIT_ADDRESSES except models.AccessDeniedError: # Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES. to = [user_email] + settings.RETRIEVE_AUDIT_ADDRESSES if entity.owner: if '@' in entity.owner: owner_email = entity.owner else: owner_email = '%s@%s' % (entity.owner, settings.DEFAULT_EMAIL_DOMAIN) to.append(owner_email) subject_var = '%s_RETRIEVAL_EMAIL_SUBJECT' % entity.ESCROW_TYPE_NAME.upper( ) subject = getattr(settings, subject_var, 'Escrow secret retrieval notification.') util.SendEmail(to, subject, body)