From 052df38541050d2e34f6d1890f8bcd11ace78352 Mon Sep 17 00:00:00 2001 From: Clemens Klug Date: Thu, 18 Oct 2018 09:09:24 +0200 Subject: [PATCH] less spaghetti, more whitelist --- src/spammer.py | 83 ++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 39 deletions(-) diff --git a/src/spammer.py b/src/spammer.py index 262e643..dad83c0 100644 --- a/src/spammer.py +++ b/src/spammer.py @@ -1,12 +1,9 @@ import json -from collections import namedtuple -from string import Formatter from flask import Flask, render_template, request from flask_mail import Mail, Message from jinja2 import Environment, meta, Template -Placeholder = namedtuple("Placeholder", ["name", "type", "desc", "default"]) env = Environment() @@ -15,39 +12,45 @@ def load_config(conf="config.json"): placeholders = [] for i in config["placeholders"]: p_h = config["placeholders"][i] - p = Placeholder( - name=i, - type=p_h.get("type", "text"), - desc=p_h["desc"], - default=p_h.get("default")) + p = { + "name": i, + "type": p_h.get("type", "text"), + "desc": p_h["desc"], + "default": p_h.get("default")} placeholders.append(p) config.pop("placeholders") flat = [] + whitelist = [] for org in config: target = config[org] templates = [] + whitelist.append(config[org]["mail"].lower()) for issue_name in target["templates"]: text = target["templates"][issue_name] ast = env.parse(text) fields = list(meta.find_undeclared_variables(ast)) - #fields = [name for _, name, _, _ in Formatter().parse(text)] name = f"{org}: {issue_name}" value = { "org": org, "name": issue_name, "mail": config[org]["mail"], "text": text, - "placeholders": [i._asdict() for i in placeholders if i.name in fields] + "placeholders": [i for i in placeholders if i["name"] in fields] } flat.append({"name": name, "value": value}) - return flat + return flat, whitelist + +def missing_fields(fields): + return not all([field in request.form for field in fields]) MAIL_SERVER = "smtp.uni-bamberg.de" MAIL_PORT = 587 -#TESTING=True -#MAIL_USE_TLS=True -#MAIL_USE_SSL=True -MAIL_DEBUG=True +#MAIL_DEBUG=True + +sender_whitelist = [ + "@stud.uni-bamberg.de", + "@uni-bamberg.de", +] app = Flask(__name__) app.config.from_object(__name__) @@ -56,7 +59,7 @@ app.config.from_object(__name__) mail = Mail(app) -issues = load_config() +issues, whitelist = load_config() @app.route("/") def index(): @@ -64,28 +67,30 @@ def index(): @app.route("/send", methods=["POST"]) def send(): - if all([field in request.form for field in ("text", "sender", "target")]): - text = request.form["text"] - print("all fields present") - ast = env.parse(text) - fields = list(meta.find_undeclared_variables(ast)) - #fields = [name for _, name, _, _ in Formatter().parse(text)] - if None in fields: - fields.remove(None) - if all([field in request.form for field in fields]): - values = {field: request.form[field] for field in fields} - text = Template(text).render(**values) - sender = request.form["sender"] - recipients = [request.form["target"]] - msg = Message("Störungsmeldung", body=text, sender=sender, recipients=recipients) - print(msg) - result = mail.send(msg) - if result is None: - return f"Success! ({result})" - else: - return f"Fail :( ({result})" + if missing_fields(("text", "sender", "target")): + print([(field,field in request.form) for field in ("text", "sender", "target")]) + print(request.form) + return "1" + print("all fields present") + sender = request.form["sender"].lower() + recipients = [request.form["target"].lower()] + text = request.form["text"] + if not any([sender.endswith(white) for white in sender_whitelist]): + return f"Whitelist error!" + if any([recip not in whitelist for recip in recipients]): + return f"Whitelist error!" + ast = env.parse(text) + fields = list(meta.find_undeclared_variables(ast)) + if None in fields: + fields.remove(None) + if missing_fields(fields): print([(field,field in request.form) for field in fields]) return "2" - print([(field,field in request.form) for field in ("text", "sender", "target")]) - print(request.form) - return "1" + values = {field: request.form[field] for field in fields} + text = Template(text).render(**values) + msg = Message("Störungsmeldung", body=text, sender=sender, recipients=recipients) # TODO: subject? + result = mail.send(msg) + if result is None: + return f"Success! ({result})" + else: + return f"Fail :( ({result})"