-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #571 from crim-ca/fix-email-notify
- Loading branch information
Showing
11 changed files
with
273 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -148,6 +148,7 @@ weaver.wps_email_encrypt_rounds = 100000 | |
weaver.wps_email_notify_smtp_host = | ||
weaver.wps_email_notify_from_addr = [email protected] | ||
weaver.wps_email_notify_password = 123456 | ||
weaver.wps_email_notify_timeout = 10 | ||
weaver.wps_email_notify_port = 25 | ||
weaver.wps_email_notify_ssl = true | ||
weaver.wps_email_notify_template_dir = | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,150 @@ | ||
import os | ||
import smtplib | ||
import tempfile | ||
import uuid | ||
|
||
import mock | ||
import pytest | ||
|
||
from weaver.notify import encrypt_email | ||
from weaver.datatype import Job | ||
from weaver.notify import decrypt_email, encrypt_email, notify_job_complete | ||
from weaver.status import Status | ||
|
||
|
||
def test_encrypt_email_valid(): | ||
def test_encrypt_decrypt_email_valid(): | ||
settings = { | ||
"weaver.wps_email_encrypt_salt": "salty-email", | ||
} | ||
email = encrypt_email("[email protected]", settings) | ||
assert email == "a1724b030d999322e2ecc658453f992472c63867cd3cef3b3d829d745bd80f34" | ||
email = "[email protected]" | ||
token = encrypt_email(email, settings) | ||
assert token != email | ||
value = decrypt_email(token, settings) | ||
assert value == email | ||
|
||
|
||
def test_encrypt_email_random(): | ||
email = "[email protected]" | ||
settings = {"weaver.wps_email_encrypt_salt": "salty-email"} | ||
token1 = encrypt_email(email, settings) | ||
token2 = encrypt_email(email, settings) | ||
token3 = encrypt_email(email, settings) | ||
assert token1 != token2 != token3 | ||
|
||
# although encrypted are all different, they should all decrypt back to the original! | ||
email1 = decrypt_email(token1, settings) | ||
email2 = decrypt_email(token2, settings) | ||
email3 = decrypt_email(token3, settings) | ||
assert email1 == email2 == email3 == email | ||
|
||
|
||
def test_encrypt_email_raise(): | ||
@pytest.mark.parametrize("email_func", [encrypt_email, decrypt_email]) | ||
def test_encrypt_decrypt_email_raise(email_func): | ||
with pytest.raises(TypeError): | ||
encrypt_email("", {}) | ||
email_func("", {}) | ||
pytest.fail("Should have raised for empty email") | ||
with pytest.raises(TypeError): | ||
encrypt_email(1, {}) | ||
email_func(1, {}) # type: ignore | ||
pytest.fail("Should have raised for wrong type") | ||
with pytest.raises(ValueError): | ||
encrypt_email("[email protected]", {}) | ||
email_func("[email protected]", {}) | ||
pytest.fail("Should have raised for invalid/missing settings") | ||
|
||
|
||
def test_notify_job_complete(): | ||
test_url = "https://test-weaver.example.com" | ||
settings = { | ||
"weaver.url": test_url, | ||
"weaver.wps_email_notify_smtp_host": "xyz.test.com", | ||
"weaver.wps_email_notify_from_addr": "[email protected]", | ||
"weaver.wps_email_notify_password": "super-secret", | ||
"weaver.wps_email_notify_port": 12345, | ||
"weaver.wps_email_notify_timeout": 1, # quick fail if invalid | ||
} | ||
notify_email = "[email protected]" | ||
test_job = Job( | ||
task_id=uuid.uuid4(), | ||
process="test-process", | ||
settings=settings, | ||
) | ||
test_job_err_url = f"{test_url}/processes/{test_job.process}/jobs/{test_job.id}/exceptions" | ||
test_job_out_url = f"{test_url}/processes/{test_job.process}/jobs/{test_job.id}/results" | ||
test_job_log_url = f"{test_url}/processes/{test_job.process}/jobs/{test_job.id}/logs" | ||
|
||
with mock.patch("smtplib.SMTP_SSL", autospec=smtplib.SMTP_SSL) as mock_smtp: | ||
mock_smtp.return_value.sendmail.return_value = None # sending worked | ||
|
||
test_job.status = Status.SUCCEEDED | ||
notify_job_complete(test_job, notify_email, settings) | ||
mock_smtp.assert_called_with("xyz.test.com", 12345, timeout=1) | ||
assert mock_smtp.return_value.sendmail.call_args[0][0] == "[email protected]" | ||
assert mock_smtp.return_value.sendmail.call_args[0][1] == notify_email | ||
message_encoded = mock_smtp.return_value.sendmail.call_args[0][2] | ||
assert message_encoded | ||
message = message_encoded.decode("utf8") | ||
assert "From: Weaver" in message | ||
assert f"To: {notify_email}" in message | ||
assert f"Subject: Job {test_job.process} Succeeded" | ||
assert test_job_out_url in message | ||
assert test_job_log_url in message | ||
assert test_job_err_url not in message | ||
|
||
test_job.status = Status.FAILED | ||
notify_job_complete(test_job, notify_email, settings) | ||
assert mock_smtp.return_value.sendmail.call_args[0][0] == "[email protected]" | ||
assert mock_smtp.return_value.sendmail.call_args[0][1] == notify_email | ||
message_encoded = mock_smtp.return_value.sendmail.call_args[0][2] | ||
assert message_encoded | ||
message = message_encoded.decode("utf8") | ||
assert "From: Weaver" in message | ||
assert f"To: {notify_email}" in message | ||
assert f"Subject: Job {test_job.process} Failed" | ||
assert test_job_out_url not in message | ||
assert test_job_log_url in message | ||
assert test_job_err_url in message | ||
|
||
|
||
def test_notify_job_complete_custom_template(): | ||
with tempfile.NamedTemporaryFile(mode="w", encoding="utf-8", suffix=".mako") as email_template_file: | ||
email_template_file.writelines([ | ||
"From: Weaver\n", | ||
"To: ${to}\n", | ||
"Subject: Job ${job.process} ${job.status}\n", | ||
"\n", # end of email header, content below | ||
"Job: ${job.status_url(settings)}\n", | ||
]) | ||
email_template_file.flush() | ||
email_template_file.seek(0) | ||
|
||
mako_dir, mako_name = os.path.split(email_template_file.name) | ||
test_url = "https://test-weaver.example.com" | ||
settings = { | ||
"weaver.url": test_url, | ||
"weaver.wps_email_notify_smtp_host": "xyz.test.com", | ||
"weaver.wps_email_notify_from_addr": "[email protected]", | ||
"weaver.wps_email_notify_password": "super-secret", | ||
"weaver.wps_email_notify_port": 12345, | ||
"weaver.wps_email_notify_timeout": 1, # quick fail if invalid | ||
"weaver.wps_email_notify_template_dir": mako_dir, | ||
"weaver.wps_email_notify_template_default": mako_name, | ||
} | ||
notify_email = "[email protected]" | ||
test_job = Job( | ||
task_id=uuid.uuid4(), | ||
process="test-process", | ||
status=Status.SUCCEEDED, | ||
settings=settings, | ||
) | ||
|
||
with mock.patch("smtplib.SMTP_SSL", autospec=smtplib.SMTP_SSL) as mock_smtp: | ||
mock_smtp.return_value.sendmail.return_value = None # sending worked | ||
notify_job_complete(test_job, notify_email, settings) | ||
|
||
message_encoded = mock_smtp.return_value.sendmail.call_args[0][2] | ||
message = message_encoded.decode("utf8") | ||
assert message == "\n".join([ | ||
"From: Weaver", | ||
f"To: {notify_email}", | ||
f"Subject: Job {test_job.process} {Status.SUCCEEDED}", | ||
"", | ||
f"Job: {test_url}/processes/{test_job.process}/jobs/{test_job.id}", | ||
]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
import contextlib | ||
import copy | ||
import datetime | ||
import logging | ||
import os | ||
|
@@ -34,6 +35,7 @@ | |
from weaver.datatype import Job, Service | ||
from weaver.execute import ExecuteMode, ExecuteResponse, ExecuteTransmissionMode | ||
from weaver.formats import ContentType | ||
from weaver.notify import decrypt_email | ||
from weaver.processes.wps_testing import WpsTestProcess | ||
from weaver.status import JOB_STATUS_CATEGORIES, Status, StatusCategory | ||
from weaver.utils import get_path_kvp, now | ||
|
@@ -543,6 +545,7 @@ def test_get_jobs_page_out_of_range(self): | |
assert "limit" in str(resp.json["cause"]) and "less than minimum" in str(resp.json["cause"]) | ||
assert "limit" in resp.json["value"] and resp.json["value"]["limit"] == str(0) | ||
|
||
@pytest.mark.skip(reason="Obsolete feature. It is not possible to filter by encrypted notification email anymore.") | ||
def test_get_jobs_by_encrypted_email(self): | ||
""" | ||
Verifies that literal email can be used as search criterion although not saved in plain text within db. | ||
|
@@ -562,13 +565,20 @@ def test_get_jobs_by_encrypted_email(self): | |
resp = self.app.post_json(path, params=body, headers=self.json_headers) | ||
assert resp.status_code == 201 | ||
assert resp.content_type == ContentType.APP_JSON | ||
job_id = resp.json["jobID"] | ||
job_id = resp.json["jobID"] | ||
|
||
# submit a second job just to make sure email doesn't match it as well | ||
other_body = copy.deepcopy(body) | ||
other_body["notification_email"] = "[email protected]" | ||
resp = self.app.post_json(path, params=other_body, headers=self.json_headers) | ||
assert resp.status_code == 201 | ||
|
||
# verify the email is not in plain text | ||
job = self.job_store.fetch_by_id(job_id) | ||
assert job.notification_email != email and job.notification_email is not None | ||
assert int(job.notification_email, 16) != 0 # email should be encrypted with hex string | ||
assert decrypt_email(job.notification_email, self.settings) == email, "Email should be recoverable." | ||
|
||
# make sure that jobs searched using email are found with encryption transparently for the user | ||
path = get_path_kvp(sd.jobs_service.path, detail="true", notification_email=email) | ||
resp = self.app.get(path, headers=self.json_headers) | ||
assert resp.status_code == 200 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.