def testOk(self):
self.mox.StubOutWithMock(util.mail, 'EmailMessage', True)
recipients = ['*****@*****.**', '*****@*****.**']
reply_to = '*****@*****.**'
sender = '*****@*****.**'
subject = 'This is only a test!'
body = 'Only a unit test.\nReally.\nNothing to see here.'
bcc_recipients = ['*****@*****.**']
mock_email = self.mox.CreateMockAnything()
util.mail.EmailMessage(to=recipients,
reply_to=reply_to,
sender=sender,
subject=subject,
body=body).AndReturn(mock_email)
mock_email.send().AndReturn(None)
self.mox.ReplayAll()
orig_dev = util.settings.DEVELOPMENT
util.settings.DEVELOPMENT = False
util.SendEmail(recipients,
subject,
body,
sender=sender,
reply_to=reply_to,
bcc_recipients=bcc_recipients)
util.settings.DEVELOPMENT = orig_dev
self.mox.VerifyAll()
def SendRetrievalEmail(self, entity, user):
"""Sends a retrieval notification email to the owner of a Mac.
Args:
entity: models.FileVaultVolume object that was retrieved.
user: models.User object of the user that retrieved the passphrase.
"""
body = settings.RETRIEVAL_EMAIL_BODY % {
'retrieved_by': user.user.email(),
'hostname': entity.hostname,
'platform_uuid': entity.platform_uuid,
'serial': entity.serial or '',
'hdd_serial': entity.hdd_serial,
'volume_uuid': entity.volume_uuid,
'helpdesk_name': settings.HELPDESK_NAME,
}
user_email = user.user.email()
try:
# If the user has access to "silently" retrieve keys without the owner
# being notified, email only SILENT_AUDIT_ADDRESSES.
self.VerifyPermissions(permissions.SILENT_RETRIEVE, user)
to = [user_email] + settings.SILENT_AUDIT_ADDRESSES
except models.FileVaultAccessDeniedError:
# Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES.
owner_email = '%s@%s' % (entity.owner,
settings.DEFAULT_EMAIL_DOMAIN)
to = [owner_email, user_email] + settings.RETRIEVE_AUDIT_ADDRESSES
# In case of empty owner.
to = [x for x in to if x]
util.SendEmail(to, settings.RETRIEVAL_EMAIL_SUBJECT, body)
def testByPermReadUserWithNoOwner(self):
mock_user = self.mox.CreateMockAnything(models.User)
mock_user.user = self.mox.CreateMockAnything(users.User)
mock_user.user.email = lambda: '*****@*****.**'
mock_entity = models.LuksVolume
mock_entity.owner = None
self.mox.StubOutWithMock(self.c, 'RenderTemplate')
data = self._GetDataDict(mock_entity, mock_user)
self.c.RenderTemplate('retrieval_email.txt', data,
response_out=False).AndReturn('body')
self.mox.StubOutWithMock(util, 'SendEmail')
self.mox.StubOutWithMock(settings, 'RETRIEVE_AUDIT_ADDRESSES')
settings.RETRIEVE_AUDIT_ADDRESSES = ['*****@*****.**']
self.mox.StubOutWithMock(self.c, 'VerifyPermissions')
self.c.VerifyPermissions(permissions.SILENT_RETRIEVE,
user=mock_user).AndRaise(
models.AccessDeniedError('test'))
owner_email = '%s@%s' % (mock_entity.owner,
settings.DEFAULT_EMAIL_DOMAIN)
user_email = mock_user.user.email()
util.SendEmail([user_email] + settings.RETRIEVE_AUDIT_ADDRESSES,
settings.LUKS_RETRIEVAL_EMAIL_SUBJECT, 'body')
self.mox.ReplayAll()
self.c.SendRetrievalEmail(mock_entity, mock_user)
self.mox.VerifyAll()
def testByPermSilentRetrieveUser(self):
mock_user = self.mox.CreateMockAnything(models.User)
mock_user.user = self.mox.CreateMockAnything(users.User)
mock_user.user.email = lambda: '*****@*****.**'
mock_entity = models.BitLockerVolume()
self.mox.StubOutWithMock(self.c, 'RenderTemplate')
data = self._GetDataDict(mock_entity, mock_user)
self.c.RenderTemplate('retrieval_email.txt', data,
response_out=False).AndReturn('body')
self.mox.StubOutWithMock(util, 'SendEmail')
self.mox.StubOutWithMock(settings, 'RETRIEVE_AUDIT_ADDRESSES')
settings.RETRIEVE_AUDIT_ADDRESSES = ['*****@*****.**']
self.mox.StubOutWithMock(self.c, 'VerifyPermissions')
self.c.VerifyPermissions(permissions.SILENT_RETRIEVE, user=mock_user)
util.SendEmail([mock_user.user.email()] +
settings.SILENT_AUDIT_ADDRESSES,
settings.BITLOCKER_RETRIEVAL_EMAIL_SUBJECT, 'body')
self.mox.ReplayAll()
self.c.SendRetrievalEmail(mock_entity, mock_user)
self.mox.VerifyAll()
def SendRetrievalEmail(permission_type,
entity,
user,
template='retrieval_email.txt',
skip_emails=None):
"""Sends a retrieval notification email.
Args:
permission_type: string, one of permission.TYPE_* variables.
entity: base.BasePassphrase instance of retrieved object.
user: base.User object of the user that retrieved the secret.
template: str message template.
skip_emails: list filter emails from recipients.
"""
data = {
'entity': entity,
'helpdesk_email': settings.HELPDESK_EMAIL,
'helpdesk_name': settings.HELPDESK_NAME,
'retrieved_by': user.user.email(),
'user': user,
'server_hostname': app_identity.get_default_version_hostname(),
}
body = util.RenderTemplate(template, data)
user_email = user.user.email()
try:
base_handler.VerifyPermissions(permissions.SILENT_RETRIEVE, user,
permission_type)
return
except base.AccessDeniedError:
pass
try:
# If the user has access to "silently" retrieve keys without the owner
# being notified, email only SILENT_AUDIT_ADDRESSES.
base_handler.VerifyPermissions(
permissions.SILENT_RETRIEVE_WITH_AUDIT_EMAIL, user,
permission_type)
to = [user_email] + settings.SILENT_AUDIT_ADDRESSES
except base.AccessDeniedError:
# Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES.
to = [user_email] + settings.RETRIEVE_AUDIT_ADDRESSES
if entity.owner:
if '@' in entity.owner:
owner_email = entity.owner
else:
owner_email = '%s@%s' % (entity.owner,
settings.DEFAULT_EMAIL_DOMAIN)
to.append(owner_email)
if skip_emails:
to = [email for email in to if email not in skip_emails]
subject_var = '%s_RETRIEVAL_EMAIL_SUBJECT' % entity.ESCROW_TYPE_NAME.upper(
)
subject = getattr(settings, subject_var,
'Escrow secret retrieval notification.')
util.SendEmail(to, subject, body)
def testWithDefaults(self):
recipients = ['*****@*****.**', '*****@*****.**']
subject = 'This is only a test!'
body = 'Only a unit test.\nReally.\nNothing to see here.'
util.SendEmail(recipients, subject, body, defer=False)
mail_stub = self.testbed.get_stub('mail')
messages = mail_stub.get_sent_messages()
self.assertEqual(1, len(messages))
self.assertEquals(
messages[0].reply_to, util.settings.DEFAULT_EMAIL_REPLY_TO)
def testOkDefaultIsDefer(self, defer):
recipients = ['*****@*****.**', '*****@*****.**']
reply_to = '*****@*****.**'
sender = '*****@*****.**'
subject = 'This is only a test!'
body = 'Only a unit test.\nReally.\nNothing to see here.'
bcc = ['*****@*****.**']
util.SendEmail(
recipients, subject, body, sender=sender, reply_to=reply_to,
bcc_recipients=bcc)
defer.assert_called_once_with(
util._Send, recipients, subject, body, sender, reply_to, bcc)
def testOk(self):
recipients = ['*****@*****.**', '*****@*****.**']
reply_to = '*****@*****.**'
sender = '*****@*****.**'
subject = 'This is only a test!'
body = 'Only a unit test.\nReally.\nNothing to see here.'
bcc_recipients = ['*****@*****.**']
util.SendEmail(
recipients, subject, body, sender=sender, reply_to=reply_to,
bcc_recipients=bcc_recipients, defer=False)
mail_stub = self.testbed.get_stub('mail')
self.assertEqual(1, len(mail_stub.get_sent_messages()))
def SendRetrievalEmail(permission_type, entity, user):
"""Sends a retrieval notification email.
Args:
permission_type: string, one of permission.TYPE_* variables.
entity: models instance of retrieved object. (E.G. FileVaultVolume,
DuplicityKeyPair, BitLockerVolume, etc.)
user: models.User object of the user that retrieved the secret.
"""
data = {
'entity': entity,
'helpdesk_email': settings.HELPDESK_EMAIL,
'helpdesk_name': settings.HELPDESK_NAME,
'retrieved_by': user.user.email(),
'user': user,
}
body = util.RenderTemplate('retrieval_email.txt', data)
user_email = user.user.email()
try:
# If the user has access to "silently" retrieve keys without the owner
# being notified, email only SILENT_AUDIT_ADDRESSES.
VerifyPermissions(permissions.SILENT_RETRIEVE, user, permission_type)
to = [user_email] + settings.SILENT_AUDIT_ADDRESSES
except models.AccessDeniedError:
# Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES.
to = [user_email] + settings.RETRIEVE_AUDIT_ADDRESSES
if entity.owner:
if '@' in entity.owner:
owner_email = entity.owner
else:
owner_email = '%s@%s' % (entity.owner,
settings.DEFAULT_EMAIL_DOMAIN)
to.append(owner_email)
subject_var = '%s_RETRIEVAL_EMAIL_SUBJECT' % entity.ESCROW_TYPE_NAME.upper(
)
subject = getattr(settings, subject_var,
'Escrow secret retrieval notification.')
util.SendEmail(to, subject, body)
def testWithDefaults(self):
self.mox.StubOutWithMock(util.mail, 'EmailMessage', True)
recipients = ['*****@*****.**', '*****@*****.**']
subject = 'This is only a test!'
body = 'Only a unit test.\nReally.\nNothing to see here.'
mock_email = self.mox.CreateMockAnything()
orig_dev = util.settings.DEVELOPMENT
util.settings.DEVELOPMENT = False
util.mail.EmailMessage(to=recipients,
reply_to=util.settings.DEFAULT_EMAIL_REPLY_TO,
sender=util.settings.DEFAULT_EMAIL_SENDER,
subject=subject,
body=body).AndReturn(mock_email)
mock_email.send().AndReturn(None)
self.mox.ReplayAll()
orig_dev = util.settings.DEVELOPMENT
util.settings.DEVELOPMENT = False
util.SendEmail(recipients, subject, body)
util.settings.DEVELOPMENT = orig_dev
self.mox.VerifyAll()
def testOkDefaultIsDefer(self):
self.mox.StubOutWithMock(util.deferred, 'defer', True)
recipients = ['*****@*****.**', '*****@*****.**']
reply_to = '*****@*****.**'
sender = '*****@*****.**'
subject = 'This is only a test!'
body = 'Only a unit test.\nReally.\nNothing to see here.'
bcc_recipients = ['*****@*****.**']
util.deferred.defer(util._Send, recipients, subject, body, sender,
reply_to, bcc_recipients).AndReturn(None)
self.mox.ReplayAll()
orig_dev = util.settings.DEVELOPMENT
util.settings.DEVELOPMENT = False
util.SendEmail(recipients,
subject,
body,
sender=sender,
reply_to=reply_to,
bcc_recipients=bcc_recipients)
util.settings.DEVELOPMENT = orig_dev
self.mox.VerifyAll()
