Commit 4cccd524 authored by Georgios Gousios's avatar Georgios Gousios
Browse files

Prepare a shared key encrypted URL and format the outgoing email

parent 5889031b
from datetime import timedelta
import base64
from django.conf import settings
from django.core.exceptions import ValidationError
from django.db import transaction
......@@ -10,8 +13,11 @@ from django.views.decorators.csrf import csrf_protect
from synnefo.api.common import method_not_allowed
from synnefo.db.models import Invitations, SynnefoUser
from synnefo.logic import users
from synnefo.logic import email
from Crypto.Cipher import AES
def send_emails(request):
def process_form(request):
errors = []
valid_inv = filter(lambda x: x.startswith("name_"), request.POST.keys())
......@@ -25,7 +31,8 @@ def send_emails(request):
validate_name(name)
validate_email(email)
add_invitation(request.user, name, email)
inv = add_invitation(request.user, name, email)
queue_email(inv)
except Exception as e:
errors += ["Invitation to %s <%s> not sent. Reason: %s"%(name, email, e.messages[0])]
......@@ -55,21 +62,18 @@ def invitations_for_user(request):
invitations = []
for inv in Invitations.objects.filter(source = request.user):
invitations.append(invitation_to_dict(inv))
return invitations
invitation = {}
def invitation_to_dict(inv):
invitation = {}
invitation['sourcename'] = inv.source.realname
invitation['source'] = inv.source.uniq
invitation['targetname'] = inv.target.realname
invitation['target'] = inv.target.uniq
invitation['accepted'] = inv.accepted
invitation['sent'] = inv.created
invitation['sourcename'] = inv.source.realname
invitation['source'] = inv.source.uniq
invitation['targetname'] = inv.target.realname
invitation['target'] = inv.target.uniq
invitation['accepted'] = inv.accepted
invitation['sent'] = inv.created
invitations.append(invitation)
return invitation
return invitations
@csrf_protect
def inv_demux(request):
......@@ -79,10 +83,31 @@ def inv_demux(request):
context_instance=RequestContext(request))
return HttpResponse(data)
elif request.method == 'POST':
return send_emails(request)
return process_form(request)
else:
method_not_allowed(request)
def queue_email(invitation):
email = {}
email['invitee'] = invitation.target.realname
email['inviter'] = invitation.source.realname
valid = timedelta(days = settings.INVITATION_VALID_DAYS)
valid_until = invitation.created + valid
email['valid_until'] = valid_until.strftime('%A, %d %B %Y')
PADDING = '{'
pad = lambda s: s + (32 - len(s) % 32) * PADDING
EncodeAES = lambda c, s: base64.b64encode(c.encrypt(pad(s)))
cipher = AES.new(settings.INVITATION_ENCR_KEY)
encoded = EncodeAES(cipher, invitation.target.auth_token)
email['url'] = settings.APP_INSTALL_URL + "/invitations/login?key=" + encoded
data = render_to_string('invitation.txt', {'email': email})
email.send_async()
@transaction.commit_on_success
def add_invitation(source, name, email):
"""
......@@ -111,6 +136,7 @@ def add_invitation(source, name, email):
inv.source = source
inv.target = target[0]
inv.save()
return inv
@transaction.commit_on_success
def invitation_accepted(invitation):
......
......@@ -241,4 +241,15 @@ LOGIN_PATH = "/login"
AUTH_TOKEN_DURATION = 30 * 24
#Max number of invitations allowed per user
MAX_INVITATIONS = 20
\ No newline at end of file
MAX_INVITATIONS = 20
#Key to encrypt X-Auth-Token with when sending invitations
INVITATION_ENCR_KEY = '8d342f6e7a0366c632978a80257019af'
#Days during which an invitation is active
INVITATION_VALID_DAYS = 30
#SMTP server for the system
SMTP_SERVER="127.0.0.1"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment