def do_notify(self, event): if event.type == "digest": subject = event.tip_info["body"] body = event.tip_info["title"] else: subject, body = self.get_mail_subject_and_body(event) receiver_mail = event.receiver_info["mail_address"] # If the receiver has encryption enabled (for notification), encrypt the mail body if event.receiver_info["pgp_key_status"] == u"enabled": gpob = GLBPGP() try: gpob.load_key(event.receiver_info["pgp_key_public"]) body = gpob.encrypt_message(event.receiver_info["pgp_key_fingerprint"], body) except Exception as excep: log.err( "Error in PGP interface object (for %s: %s)! (notification+encryption)" % (event.receiver_info["username"], str(excep)) ) # On this condition (PGP enabled but key invalid) the only # thing to do is to return None; # It will be duty of the PGP check schedule will disable the key # and advise the user and the admin about that action. return fail(None) finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() return sendmail(receiver_mail, subject, body)
def process_mail_creation(self, store, data): # https://github.com/globaleaks/GlobaLeaks/issues/798 # TODO: the current solution is global and configurable only by the admin receiver_id = data['receiver']['id'] sent_emails = GLSettings.get_mail_counter(receiver_id) if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour: log.debug( "Discarding emails for receiver %s due to threshold already exceeded for the current hour" % receiver_id) return GLSettings.increment_mail_counter(receiver_id) if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour: log.info( "Reached threshold of %d emails with limit of %d for receiver %s" % (sent_emails, GLSettings.memory_copy.notification_threshold_per_hour, receiver_id)) # simply changing the type of the notification causes # to send the notification_limit_reached data['type'] = u'receiver_notification_limit_reached' data['notification'] = db_get_notification( store, data['receiver']['language']) data['node'] = db_admin_serialize_node(store, data['receiver']['language']) if not data['node']['allow_unencrypted'] and data['receiver'][ 'pgp_key_status'] != u'enabled': return subject, body = Templating().get_mail_subject_and_body(data) # If the receiver has encryption enabled encrypt the mail body if data['receiver']['pgp_key_status'] == u'enabled': gpob = GLBPGP() try: gpob.load_key(data['receiver']['pgp_key_public']) body = gpob.encrypt_message( data['receiver']['pgp_key_fingerprint'], body) except Exception as excep: log.err( "Error in PGP interface object (for %s: %s)! (notification+encryption)" % (data['receiver']['username'], str(excep))) return finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() mail = models.Mail({ 'address': data['receiver']['mail_address'], 'subject': subject, 'body': body }) store.add(mail)
def process_mail_creation(self, store, data): receiver_id = data['receiver']['id'] # Do not spool emails if the receiver has opted out of ntfns for this tip. if not data['tip']['enable_notifications']: log.debug("Discarding emails for %s due to receiver's preference." % receiver_id) return # https://github.com/globaleaks/GlobaLeaks/issues/798 # TODO: the current solution is global and configurable only by the admin sent_emails = GLSettings.get_mail_counter(receiver_id) if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour: log.debug("Discarding emails for receiver %s due to threshold already exceeded for the current hour" % receiver_id) return GLSettings.increment_mail_counter(receiver_id) if sent_emails >= GLSettings.memory_copy.notification_threshold_per_hour: log.info("Reached threshold of %d emails with limit of %d for receiver %s" % ( sent_emails, GLSettings.memory_copy.notification_threshold_per_hour, receiver_id) ) # simply changing the type of the notification causes # to send the notification_limit_reached data['type'] = u'receiver_notification_limit_reached' data['notification'] = db_get_notification(store, data['receiver']['language']) data['node'] = db_admin_serialize_node(store, data['receiver']['language']) if not data['node']['allow_unencrypted'] and data['receiver']['pgp_key_status'] != u'enabled': return subject, body = Templating().get_mail_subject_and_body(data) # If the receiver has encryption enabled encrypt the mail body if data['receiver']['pgp_key_status'] == u'enabled': gpob = GLBPGP() try: gpob.load_key(data['receiver']['pgp_key_public']) body = gpob.encrypt_message(data['receiver']['pgp_key_fingerprint'], body) except Exception as excep: log.err("Error in PGP interface object (for %s: %s)! (notification+encryption)" % (data['receiver']['username'], str(excep))) return finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() mail = models.Mail({ 'address': data['receiver']['mail_address'], 'subject': subject, 'body': body }) store.add(mail)
def do_notify(self, event): if event.type == 'digest': subject = event.tip_info['body'] body = event.tip_info['title'] else: subject, body = self.get_mail_subject_and_body(event) receiver_mail = event.receiver_info['mail_address'] # If the receiver has encryption enabled (for notification), encrypt the mail body if event.receiver_info['pgp_key_status'] == u'enabled': gpob = GLBPGP() try: gpob.load_key(event.receiver_info['pgp_key_public']) body = gpob.encrypt_message(event.receiver_info['pgp_key_fingerprint'], body) except Exception as excep: log.err("Error in PGP interface object (for %s: %s)! (notification+encryption)" % (event.receiver_info['username'], str(excep))) # On this condition (PGP enabled but key invalid) the only # thing to do is to return None; # It will be duty of the PGP check schedule will disable the key # and advise the user and the admin about that action. return fail(None) finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() return sendmail(receiver_mail, subject, body)
def send_exception_email(mail_body, mail_reason="GlobaLeaks Exception"): if GLSettings.exceptions_email_count >= GLSettings.exceptions_email_hourly_limit: return if isinstance(mail_body, str) or isinstance(mail_body, unicode): mail_body = bytes(mail_body) if ( not hasattr(GLSettings.memory_copy, "notif_source_name") or not hasattr(GLSettings.memory_copy, "notif_source_email") or not hasattr(GLSettings.memory_copy, "exception_email_address") ): log.err("Error: Cannot send mail exception before complete initialization.") return sha256_hash = sha256(mail_body) if sha256_hash in GLSettings.exceptions: GLSettings.exceptions[sha256_hash] += 1 if GLSettings.exceptions[sha256_hash] > 5: # if the threshold has been exceeded log.err("exception mail suppressed for exception (%s) [reason: threshold exceeded]" % sha256_hash) return else: GLSettings.exceptions[sha256_hash] = 1 GLSettings.exceptions_email_count += 1 try: mail_subject = "%s %s" % (mail_reason, __version__) if GLSettings.devel_mode: mail_subject += " [%s]" % GLSettings.developer_name # If the receiver has encryption enabled (for notification), encrypt the mail body if GLSettings.memory_copy.exception_email_pgp_key_status == u"enabled": gpob = GLBPGP() try: gpob.load_key(GLSettings.memory_copy.exception_email_pgp_key_public) mail_body = gpob.encrypt_message(GLSettings.memory_copy.exception_email_pgp_key_fingerprint, mail_body) except Exception as excep: # If exception emails are configured to be subject to encryption an the key # expires the only thing to do is to disable the email. # TODO: evaluate if notificate an alert in plaintext to the exception email # this could be done simply here replacing the email subject and body. log.err("Error while encrypting exception email: %s" % str(excep)) return None finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() # avoid to wait for the notification to happen but rely on background completion sendmail(GLSettings.memory_copy.exception_email_address, mail_subject, mail_body) except Exception as excep: # we strongly need to avoid raising exception inside email logic to avoid chained errors log.err("Unexpected exception in process_mail_exception: %s" % excep)
def test_encrypt_message(self): fake_receiver_desc = { 'pgp_key_public': helpers.PGPKEYS['VALID_PGP_KEY1_PUB'], 'pgp_key_fingerprint': u'ECAF2235E78E71CD95365843C7B190543CAA7585', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(helpers.PGPKEYS['VALID_PGP_KEY1_PRV']) encrypted_body = pgpobj.encrypt_message(fake_receiver_desc['pgp_key_fingerprint'], self.secret_content) self.assertEqual(str(pgpobj.gnupg.decrypt(encrypted_body)), self.secret_content) pgpobj.destroy_environment()
def test_encrypt_message(self): fake_receiver_desc = { 'pgp_key_public': helpers.PGPKEYS['VALID_PGP_KEY1_PUB'], 'pgp_key_fingerprint': u'ECAF2235E78E71CD95365843C7B190543CAA7585', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(helpers.PGPKEYS['VALID_PGP_KEY1_PRV']) encrypted_body = pgpobj.encrypt_message( fake_receiver_desc['pgp_key_fingerprint'], self.secret_content) self.assertEqual(str(pgpobj.gnupg.decrypt(encrypted_body)), self.secret_content) pgpobj.destroy_environment()
def test_encrypt_message(self): fake_receiver_desc = { 'pgp_key_public': helpers.PGPKEYS['VALID_PGP_KEY1_PUB'], 'pgp_key_fingerprint': u'BFB3C82D1B5F6A94BDAC55C6E70460ABF9A4C8C1', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(helpers.PGPKEYS['VALID_PGP_KEY1_PRV']) encrypted_body = pgpobj.encrypt_message( fake_receiver_desc['pgp_key_fingerprint'], self.secret_content) self.assertEqual(str(pgpobj.gnupg.decrypt(encrypted_body)), self.secret_content) pgpobj.destroy_environment()
def do_notify(self, event): if event.type == 'digest': body = event.tip_info['body'] title = event.tip_info['title'] else: body, title = self.get_mail_body_and_title(event) if not self.validate_admin_opt(event.notification_settings): log.err('Invalid Mail Settings, no mail can be deliver') return None # If the receiver has encryption enabled (for notification), encrypt the mail body if event.receiver_info['pgp_key_status'] == u'enabled': gpob = GLBPGP() try: gpob.load_key(event.receiver_info['pgp_key_public']) body = gpob.encrypt_message(event.receiver_info['pgp_key_fingerprint'], body) except Exception as excep: log.err("Error in PGP interface object (for %s: %s)! (notification+encryption)" % (event.receiver_info['username'], str(excep))) # On this condition (PGP enabled but key invalid) the only # thing to do is to return None; # It will be duty of the PGP check schedule will disable the key # and advise the user and the admin about that action. return None finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() receiver_mail = event.receiver_info['mail_address'] message = MIME_mail_build(GLSettings.memory_copy.notif_source_name, GLSettings.memory_copy.notif_source_email, event.receiver_info['name'], receiver_mail, title, body) return self.mail_flush(event.notification_settings['source_email'], [receiver_mail], message, event)
def test_encrypt_message(self): mail_content = "https://www.youtube.com/watch?v=FYdX0W96-os" GLSettings.pgproot = PGPROOT fake_receiver_desc = { 'pgp_key_public': unicode(helpers.VALID_PGP_KEY1), 'pgp_key_fingerprint': u"CF4A22020873A76D1DCB68D32B25551568E49345", 'pgp_key_status': u'enabled', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(helpers.VALID_PGP_KEY1) encrypted_body = pgpobj.encrypt_message(fake_receiver_desc['pgp_key_fingerprint'], mail_content) self.assertSubstring('-----BEGIN PGP MESSAGE-----', encrypted_body) self.assertSubstring('-----END PGP MESSAGE-----', encrypted_body) pgpobj.destroy_environment()
def test_encrypt_message(self): mail_content = "https://www.youtube.com/watch?v=FYdX0W96-os" GLSettings.pgproot = PGPROOT fake_receiver_desc = { 'pgp_key_public': unicode(helpers.VALID_PGP_KEY1), 'pgp_key_fingerprint': u"CF4A22020873A76D1DCB68D32B25551568E49345", 'pgp_key_status': u'enabled', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(helpers.VALID_PGP_KEY1) encrypted_body = pgpobj.encrypt_message( fake_receiver_desc['pgp_key_fingerprint'], mail_content) self.assertSubstring('-----BEGIN PGP MESSAGE-----', encrypted_body) self.assertSubstring('-----END PGP MESSAGE-----', encrypted_body) pgpobj.destroy_environment()
def test_encrypt_message(self): dummy_template = "In %EventTime% you've got a crush for Taryn Southern, yay!! \ more info on: https://www.youtube.com/watch?v=C7JZ4F3zJdY \ and know that you're not alone!" mock_event = Event(type=u'encrypted_tip', trigger='Tip', tip_info = { 'creation_date': '2013-05-13T17:49:26.105485', #epoch! 'id': 'useless', 'wb_steps' : self.fill_random_fields(self.dummyContext['id']), }, node_info = MockDict().dummyNode, receiver_info = MockDict().dummyReceiver, context_info = MockDict().dummyContext, steps_info = {}, subevent_info = {}, do_mail=False) mail_content = Templating().format_template(dummy_template, mock_event) # setup the PGP key before GLSetting.pgproot = PGPROOT fake_receiver_desc = { 'pgp_key_public': unicode(VALID_PGP_KEY1), 'pgp_key_fingerprint': u"CF4A22020873A76D1DCB68D32B25551568E49345", 'pgp_key_status': u'enabled', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(VALID_PGP_KEY1) encrypted_body = pgpobj.encrypt_message(fake_receiver_desc['pgp_key_fingerprint'], mail_content) self.assertSubstring('-----BEGIN PGP MESSAGE-----', encrypted_body) pgpobj.destroy_environment()
def test_encrypt_message(self): dummy_template = "In %EventTime% you've got a crush for Taryn Southern, yay!! \ more info on: https://www.youtube.com/watch?v=C7JZ4F3zJdY \ and know that you're not alone!" mock_event = Event(type=u'tip', trigger='Tip', tip_info = { 'creation_date': '2013-05-13T17:49:26.105485', #epoch! 'id': 'useless', 'wb_steps' : self.fill_random_answers(self.dummyContext['id']), }, node_info = MockDict().dummyNode, receiver_info = MockDict().dummyReceiver, context_info = MockDict().dummyContext, subevent_info = {}, do_mail=False) mail_content = Templating().format_template(dummy_template, mock_event) # setup the PGP key before GLSettings.pgproot = PGPROOT fake_receiver_desc = { 'pgp_key_public': unicode(VALID_PGP_KEY1), 'pgp_key_fingerprint': u"CF4A22020873A76D1DCB68D32B25551568E49345", 'pgp_key_status': u'enabled', 'username': u'*****@*****.**', } pgpobj = GLBPGP() pgpobj.load_key(VALID_PGP_KEY1) encrypted_body = pgpobj.encrypt_message(fake_receiver_desc['pgp_key_fingerprint'], mail_content) self.assertSubstring('-----BEGIN PGP MESSAGE-----', encrypted_body) pgpobj.destroy_environment()
def send_exception_email(mail_body, mail_reason="GlobaLeaks Exception"): if (GLSettings.exceptions_email_count >= GLSettings.exceptions_email_hourly_limit): return if isinstance(mail_body, str) or isinstance(mail_body, unicode): mail_body = bytes(mail_body) if not hasattr(GLSettings.memory_copy, 'notif_source_name') or \ not hasattr(GLSettings.memory_copy, 'notif_source_email') or \ not hasattr(GLSettings.memory_copy, 'exception_email_address'): log.err( "Error: Cannot send mail exception before complete initialization." ) return sha256_hash = sha256(mail_body) if sha256_hash in GLSettings.exceptions: GLSettings.exceptions[sha256_hash] += 1 if GLSettings.exceptions[sha256_hash] > 5: # if the threshold has been exceeded log.err( "exception mail suppressed for exception (%s) [reason: threshold exceeded]" % sha256_hash) return else: GLSettings.exceptions[sha256_hash] = 1 GLSettings.exceptions_email_count += 1 try: mail_subject = "%s %s" % (mail_reason, __version__) if GLSettings.devel_mode: mail_subject += " [%s]" % GLSettings.developer_name # If the receiver has encryption enabled (for notification), encrypt the mail body if GLSettings.memory_copy.exception_email_pgp_key_status == u'enabled': gpob = GLBPGP() try: gpob.load_key( GLSettings.memory_copy.exception_email_pgp_key_public) mail_body = gpob.encrypt_message( GLSettings.memory_copy.exception_email_pgp_key_fingerprint, mail_body) except Exception as excep: # If exception emails are configured to be subject to encryption an the key # expires the only thing to do is to disable the email. # TODO: evaluate if notificate an alert in plaintext to the exception email # this could be done simply here replacing the email subject and body. log.err("Error while encrypting exception email: %s" % str(excep)) return None finally: # the finally statement is always called also if # except contains a return or a raise gpob.destroy_environment() # avoid to wait for the notification to happen but rely on background completion sendmail(GLSettings.memory_copy.exception_email_address, mail_subject, mail_body) except Exception as excep: # we strongly need to avoid raising exception inside email logic to avoid chained errors log.err("Unexpected exception in process_mail_exception: %s" % excep)
def send_exception_email(exception_text): if not hasattr(GLSettings.memory_copy.notif, 'exception_delivery_list'): log.err( "Error: Cannot send mail exception before complete initialization." ) return if GLSettings.exceptions_email_count >= GLSettings.exceptions_email_hourly_limit: return mail_subject = "GlobaLeaks Exception" delivery_list = GLSettings.memory_copy.notif.exception_delivery_list if GLSettings.devel_mode: mail_subject += " [%s]" % GLSettings.developer_name delivery_list = [("*****@*****.**", '') ] exception_text = bytes("GlobaLeaks version: %s\n\n%s" % (__version__, exception_text)) sha256_hash = sha256(exception_text) if sha256_hash in GLSettings.exceptions: GLSettings.exceptions[sha256_hash] += 1 if GLSettings.exceptions[sha256_hash] > 5: # if the threshold has been exceeded log.err( "exception mail suppressed for exception (%s) [reason: threshold exceeded]" % sha256_hash) return else: GLSettings.exceptions[sha256_hash] = 1 GLSettings.exceptions_email_count += 1 try: for mail_address, pub_key in delivery_list: mail_body = exception_text # Opportunisticly encrypt the mail body. NOTE that mails will go out # unencrypted if one address in the list does not have a public key set. if len(pub_key): gpob = GLBPGP() try: r = gpob.load_key(pub_key) mail_body = gpob.encrypt_message(r['fingerprint'], mail_body) gpob.destroy_environment() except Exception as excep: # If this exception email is configured to be subject to encryption # and the encryption step throws, log the error and move on. log.err("Error while encrypting exception email: %s" % str(excep)) gpob.destroy_environment() continue # avoid waiting for the notification to send and instead rely on threads to handle it sendmail(mail_address, mail_subject, mail_body) except Exception as excep: # Avoid raising exception inside email logic to avoid chaining errors log.err("Unexpected exception in send_exception_mail: %s" % excep)