src/backend/mailbox_manager/utils/dimail.py

"""A minimalist client to synchronize with mailbox provisioning API."""

from logging import getLogger

from django.conf import settings
from django.core import exceptions

import requests
from rest_framework import status
from urllib3.util import Retry

logger = getLogger(__name__)

adapter = requests.adapters.HTTPAdapter(
    max_retries=Retry(
        total=4,
        backoff_factor=0.1,
        status_forcelist=[500, 502],
        allowed_methods=["PATCH"],
    )
)

session = requests.Session()
session.mount("http://", adapter)
session.mount("https://", adapter)


class DimailAPIClient:
    """A dimail-API client."""

    API_URL = settings.MAIL_PROVISIONING_API_URL
    API_CREDENTIALS = settings.MAIL_PROVISIONING_API_CREDENTIALS

    def get_headers(self):
        """
        Build headers dictionary. Requires MAIL_PROVISIONING_API_CREDENTIALS setting,
        to get a token from dimail /token/ endpoint.
        """
        headers = {"Content-Type": "application/json"}

        response = requests.get(
            f"{self.API_URL}/token/",
            headers={"Authorization": f"Basic {self.API_CREDENTIALS}"},
            timeout=20,
        )

        if response.status_code == status.HTTP_200_OK:
            headers["Authorization"] = f"Bearer {response.json()['access_token']}"
            logger.info("Token succesfully granted by mail-provisioning API.")
            return headers

        if response.status_code == status.HTTP_403_FORBIDDEN:
            logger.error(
                "[DIMAIL] 403 Forbidden: Could not retrieve a token,\
                please check 'MAIL_PROVISIONING_API_CREDENTIALS' setting.",
            )
            raise exceptions.PermissionDenied(
                "Token denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."
            )

        return self.pass_dimail_unexpected_response(response)

    def send_mailbox_request(self, mailbox):
        """Send a CREATE mailbox request to mail provisioning API."""

        payload = {
            "givenName": mailbox["first_name"],
            "surName": mailbox["last_name"],
            "displayName": f"{mailbox['first_name']} {mailbox['last_name']}",
        }
        headers = self.get_headers()

        try:
            response = session.post(
                f"{self.API_URL}/domains/{mailbox['domain']}/mailboxes/{mailbox['local_part']}/",
                json=payload,
                headers=headers,
                verify=True,
                timeout=10,
            )
        except requests.exceptions.ConnectionError as error:
            logger.error(
                "Connection error while trying to reach %s.",
                self.API_URL,
                exc_info=error,
            )
            raise error

        if response.status_code == status.HTTP_201_CREATED:
            extra = {"response": response.content.decode("utf-8")}
            # This a temporary broken solution. Password will soon be sent
            # from OX servers but their prod is not ready.
            # In the meantime, we log mailbox info (including password !)
            logger.info(
                "Mailbox successfully created on domain %s",
                str(mailbox["domain"]),
                extra=extra,
            )
            return response

        if response.status_code == status.HTTP_403_FORBIDDEN:
            raise exceptions.PermissionDenied(
                "Permission denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."
            )

        return self.pass_dimail_unexpected_response(response)

    def pass_dimail_unexpected_response(self, response):
        """Raise error when encountering an unexpected error in dimail."""
        error_content = response.content.decode("utf-8")

        logger.error("[DIMAIL] unexpected error : %s", error_content)
        raise SystemError(f"Unexpected response from dimail: {error_content}")
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`"""A minimalist client to synchronize with mailbox provisioning API."""`

			`from logging import getLogger`

			`from django.conf import settings`
			`from django.core import exceptions`

			`import requests`
			`from rest_framework import status`
			`from urllib3.util import Retry`

			`logger = getLogger(__name__)`

			`adapter = requests.adapters.HTTPAdapter(`
			`max_retries=Retry(`
			`total=4,`
			`backoff_factor=0.1,`
			`status_forcelist=[500, 502],`
			`allowed_methods=["PATCH"],`
			`)`
			`)`

			`session = requests.Session()`
			`session.mount("http://", adapter)`
			`session.mount("https://", adapter)`


			`class DimailAPIClient:`
			`"""A dimail-API client."""`

👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`API_URL = settings.MAIL_PROVISIONING_API_URL`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`API_CREDENTIALS = settings.MAIL_PROVISIONING_API_CREDENTIALS`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00
🗃️(models) remove 'secret' field from mailbox model We remove 'secret' field, as it won't be of use in interactions between la Régie and dimail. Régie credentials will be stored and used as project variable. 2024-08-30 15:49:04 +02:00			`def get_headers(self):`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`"""`
			`Build headers dictionary. Requires MAIL_PROVISIONING_API_CREDENTIALS setting,`
			`to get a token from dimail /token/ endpoint.`
			`"""`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`headers = {"Content-Type": "application/json"}`

			`response = requests.get(`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`f"{self.API_URL}/token/",`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`headers={"Authorization": f"Basic {self.API_CREDENTIALS}"},`
🐛(dimail) improve handling of dimail errors on failed mailbox creation dimail is called twice when creating a mailbox (once for the token, and once for the post on mailbox endpoint). we want to clarify the status_codes and messages of each error to inform user and ease debug 2024-09-03 18:29:28 +02:00			`timeout=20,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`

♻️(dimail) refacto to better handle 500 errors from dimail simple refacto to catch all 500 errors, including when asking for new token. 2024-09-06 17:18:27 +02:00			`if response.status_code == status.HTTP_200_OK:`
			`headers["Authorization"] = f"Bearer {response.json()['access_token']}"`
			`logger.info("Token succesfully granted by mail-provisioning API.")`
			`return headers`

🐛(dimail) improve handling of dimail errors on failed mailbox creation dimail is called twice when creating a mailbox (once for the token, and once for the post on mailbox endpoint). we want to clarify the status_codes and messages of each error to inform user and ease debug 2024-09-03 18:29:28 +02:00			`if response.status_code == status.HTTP_403_FORBIDDEN:`
			`logger.error(`
🗃️(models) remove 'secret' field from mailbox model We remove 'secret' field, as it won't be of use in interactions between la Régie and dimail. Régie credentials will be stored and used as project variable. 2024-08-30 15:49:04 +02:00			`"[DIMAIL] 403 Forbidden: Could not retrieve a token,\`
			`please check 'MAIL_PROVISIONING_API_CREDENTIALS' setting.",`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`raise exceptions.PermissionDenied(`
			`"Token denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."`
			`)`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
♻️(dimail) refacto to better handle 500 errors from dimail simple refacto to catch all 500 errors, including when asking for new token. 2024-09-06 17:18:27 +02:00			`return self.pass_dimail_unexpected_response(response)`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`def send_mailbox_request(self, mailbox):`
			`"""Send a CREATE mailbox request to mail provisioning API."""`

			`payload = {`
♻️(serializers) move dimail calls to serializers we move all business logic from model to serializer. all API calls (direct and from front) will keep on triggering expected 3rd party calls while admin actions will uniquely trigger modifications in our database. 2024-09-19 18:47:08 +02:00			`"givenName": mailbox["first_name"],`
			`"surName": mailbox["last_name"],`
			`"displayName": f"{mailbox['first_name']} {mailbox['last_name']}",`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`}`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`headers = self.get_headers()`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`try:`
			`response = session.post(`
♻️(serializers) move dimail calls to serializers we move all business logic from model to serializer. all API calls (direct and from front) will keep on triggering expected 3rd party calls while admin actions will uniquely trigger modifications in our database. 2024-09-19 18:47:08 +02:00			`f"{self.API_URL}/domains/{mailbox['domain']}/mailboxes/{mailbox['local_part']}/",`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`json=payload,`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`headers=headers,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`verify=True,`
			`timeout=10,`
			`)`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`except requests.exceptions.ConnectionError as error:`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`logger.error(`
			`"Connection error while trying to reach %s.",`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`self.API_URL,`
			`exc_info=error,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`raise error`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`if response.status_code == status.HTTP_201_CREATED:`
			`extra = {"response": response.content.decode("utf-8")}`
			`# This a temporary broken solution. Password will soon be sent`
			`# from OX servers but their prod is not ready.`
			`# In the meantime, we log mailbox info (including password !)`
			`logger.info(`
			`"Mailbox successfully created on domain %s",`
♻️(serializers) move dimail calls to serializers we move all business logic from model to serializer. all API calls (direct and from front) will keep on triggering expected 3rd party calls while admin actions will uniquely trigger modifications in our database. 2024-09-19 18:47:08 +02:00			`str(mailbox["domain"]),`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`extra=extra,`
			`)`
🐛(dimail) improve handling of dimail errors on failed mailbox creation dimail is called twice when creating a mailbox (once for the token, and once for the post on mailbox endpoint). we want to clarify the status_codes and messages of each error to inform user and ease debug 2024-09-03 18:29:28 +02:00			`return response`

			`if response.status_code == status.HTTP_403_FORBIDDEN:`
✨(mailboxes) manage bad secret sent to dimail API - manage 403 returned by dimail API when mail domain secret is not valid - improve some tests - improve MailboxFactory to mock success for dimail API POST call - override 403.html to return a nice failing error in django admin - an error message is displayed on mailbox creation form of frontend 2024-08-08 18:28:01 +02:00			`raise exceptions.PermissionDenied(`
🗃️(models) remove 'secret' field from mailbox model We remove 'secret' field, as it won't be of use in interactions between la Régie and dimail. Régie credentials will be stored and used as project variable. 2024-08-30 15:49:04 +02:00			`"Permission denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`)`

♻️(dimail) refacto to better handle 500 errors from dimail simple refacto to catch all 500 errors, including when asking for new token. 2024-09-06 17:18:27 +02:00			`return self.pass_dimail_unexpected_response(response)`

			`def pass_dimail_unexpected_response(self, response):`
			`"""Raise error when encountering an unexpected error in dimail."""`
			`error_content = response.content.decode("utf-8")`

			`logger.error("[DIMAIL] unexpected error : %s", error_content)`
			`raise SystemError(f"Unexpected response from dimail: {error_content}")`