Use GraphQL to send audit event emails

2022-11-10 10:19:45 +01:00 · 2022-11-10 10:19:45 +01:00 · 7e34d121ba
parent 50691dca1c
commit 7e34d121ba
1 changed files with 30 additions and 10 deletions
--- a/metasrht/audit.py
+++ b/metasrht/audit.py
@ -1,11 +1,15 @@
 from datetime import datetime, timedelta
 from flask import request
 from ipaddress import ip_address
-from metasrht.email import send_email
+from metasrht.email import send_email_notification
 from metasrht.types import AuditLogEntry
 from srht.config import cfg
 from srht.database import db
 from srht.oauth import current_user
+from string import Template
+
+owner_name = cfg("sr.ht", "owner-name")
+site_name = cfg("sr.ht", "site-name")

 def audit_log(event_type, details=None, user=None,
        email=False, subject=None, email_details=None):
@ -17,17 +21,33 @@ def audit_log(event_type, details=None, user=None,
    event = AuditLogEntry(user.id, event_type, ip_address(addr), details)
    db.session.add(event)
    if email:
-        if user.pgp_key:
-            encrypt_key = user.pgp_key.key
-        else:
-            encrypt_key = None
+        tmpl = Template("""Subject: $subject
+Reply-To: $reply_to
+
+~$username,
+
+This email was sent to inform you that the following security-sensitive
+event has taken place for your account on $site_name:
+
+$email_details
+
+If you did not expect this to occur, please reply to this email urgently
+to contact support. Otherwise, no action is required.
+
+-- 
+$owner_name
+""")
        reply_to =f"{cfg('sr.ht', 'owner-name')} <{cfg('sr.ht', 'owner-email')}>"
        reply_to = cfg("sr.ht", "security-address", default=reply_to)
-        send_email("audit_event", user.email, subject, headers={
-            "From": f"{cfg('mail', 'smtp-from')}",
-            "To": f"{user.username} <{user.email}>",
-            "Reply-To": reply_to,
-        }, user=user, encrypt_key=encrypt_key, email_details=email_details)
+        rendered = tmpl.substitute(**{
+                'subject': subject,
+                'reply_to': reply_to,
+                'username': user.username,
+                'site_name': site_name,
+                'email_details': email_details,
+                'owner_name': owner_name
+            })
+        send_email_notification(user.username, rendered)

 def expire_audit_logs():
    cutoff = datetime.now() - timedelta(days=14)