-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathemail_bandit.py
More file actions
75 lines (64 loc) · 2.98 KB
/
Copy pathemail_bandit.py
File metadata and controls
75 lines (64 loc) · 2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import os
# When loaded by django-split-settings __name__ gives us the *includer* file's
# name, not the name of this *included* file.
REAL_MODULE_NAME = ".".join([__package__, "email_bandit"])
# Hijack django-post-office backend if project is using that lib...
try:
# Lookup of POST_OFFICE setting should fail if post-office isn't used
HIJACKED_EMAIL_BACKEND = POST_OFFICE['BACKENDS']['default']
POST_OFFICE['BACKENDS']['default'] = \
'ixc_django_docker.bandit.HijackedEmailBackend'
# ...otherwise hijack default Django backend
except NameError:
HIJACKED_EMAIL_BACKEND = EMAIL_BACKEND
EMAIL_BACKEND = 'ixc_django_docker.bandit.HijackedEmailBackend'
# Hijack outgoing emails and send them to these email addresses instead.
# We will generally only use one email address, but multiple are supported.
# Specify envvar as a comma-delimited string, e.g.
# BANDIT_EMAIL='admins@interaction.net.au'
if os.environ.get('BANDIT_EMAIL'):
BANDIT_EMAIL = [
email.strip()
for email in os.environ['BANDIT_EMAIL'].split(',')
if email.strip()
]
else:
BANDIT_EMAIL = None
print("%s: BANDIT_EMAIL = %r" % (REAL_MODULE_NAME, BANDIT_EMAIL))
# Whitelist outgoing emails to these specific addresses or domains to let
# them through, instead of redirecting them to the BANDIT_EMAIL address.
# Specify envvar as a comma-delimited string, e.g.
# BANDIT_WHITELIST='interaction.net.au,user_abc@client.org.au'
if os.environ.get('BANDIT_WHITELIST'):
BANDIT_WHITELIST = [
wl.strip()
for wl in os.environ['BANDIT_WHITELIST'].split(',')
if wl.strip()
]
else:
BANDIT_WHITELIST = []
print("%s: BANDIT_WHITELIST = %r" % (REAL_MODULE_NAME, BANDIT_WHITELIST))
# Print the additional emails whitelisted by Bandit by default, to make it
# clearer that this is what Bandit does. See logic in
# `bandit.backends.base:HijackBackendMixin.send_messages()`
admin_emails = [email for name, email in ADMINS]
extra_whitelisted = admin_emails + [SERVER_EMAIL]
print(
"%s: Emails automatically whitelisted by Bandit, from `settings.ADMINS` and"
" `settings.SERVER_EMAIL` = %r" % (REAL_MODULE_NAME, extra_whitelisted)
)
# Ensure that BANDIT_EMAIL is set appropriately: it is always required and
# must contain at least one value
if not BANDIT_EMAIL:
raise ValueError(
"BANDIT_EMAIL environment variable must be set with at least one"
" email address. If you do not want to hijack email, remove"
" 'email_bandit.py' from the BASE_SETTINGS environment variable")
# Make it clear that emails have been hijacked and from which site.
# NOTE: This only applies to emails sent with admin-specific methods:
# https://docs.djangoproject.com/en/2.2/ref/settings/#email-subject-prefix
EMAIL_SUBJECT_PREFIX = '[hijacked:%s] ' % SITE_DOMAIN
INSTALLED_APPS += ('bandit', )
# Make sure we are hijacking a backend that can actually send emails (e.g. to
# whitelisted recipients).
IXC_DJANGO_DOCKER_EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'