src/backend/mailbox_manager/utils/dimail.py

"""A minimalist client to synchronize with mailbox provisioning API."""

import smtplib
from logging import getLogger

from django.conf import settings
from django.contrib.sites.models import Site
from django.core import exceptions, mail
from django.template.loader import render_to_string
from django.utils.translation import gettext_lazy as _

import requests
from rest_framework import status
from urllib3.util import Retry

logger = getLogger(__name__)

adapter = requests.adapters.HTTPAdapter(
    max_retries=Retry(
        total=4,
        backoff_factor=0.1,
        status_forcelist=[500, 502],
        allowed_methods=["PATCH"],
    )
)

session = requests.Session()
session.mount("http://", adapter)
session.mount("https://", adapter)


class DimailAPIClient:
    """A dimail-API client."""

    API_URL = settings.MAIL_PROVISIONING_API_URL
    API_CREDENTIALS = settings.MAIL_PROVISIONING_API_CREDENTIALS

    def get_headers(self, user_sub=None):
        """
        Build headers dictionary. Requires MAIL_PROVISIONING_API_CREDENTIALS setting,
        to get a token from dimail /token/ endpoint.
        If provided, request user' sub is used for la regie to log in as this user,
        thus allowing for more precise logs.
        """
        headers = {"Content-Type": "application/json"}
        params = None

        if user_sub:
            params = {"username": str(user_sub)}

        response = requests.get(
            f"{self.API_URL}/token/",
            headers={"Authorization": f"Basic {self.API_CREDENTIALS}"},
            params=params,
            timeout=20,
        )

        if response.status_code == status.HTTP_200_OK:
            headers["Authorization"] = f"Bearer {response.json()['access_token']}"
            logger.info("Token succesfully granted by mail-provisioning API.")
            return headers

        if response.status_code == status.HTTP_403_FORBIDDEN:
            logger.error(
                "[DIMAIL] 403 Forbidden: Could not retrieve a token,\
                please check 'MAIL_PROVISIONING_API_CREDENTIALS' setting.",
            )
            raise exceptions.PermissionDenied(
                "Token denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."
            )

        return self.pass_dimail_unexpected_response(response)

    def send_mailbox_request(self, mailbox, user_sub=None):
        """Send a CREATE mailbox request to mail provisioning API."""

        payload = {
            "givenName": mailbox["first_name"],
            "surName": mailbox["last_name"],
            "displayName": f"{mailbox['first_name']} {mailbox['last_name']}",
        }
        headers = self.get_headers(user_sub)

        try:
            response = session.post(
                f"{self.API_URL}/domains/{mailbox['domain']}/mailboxes/{mailbox['local_part']}/",
                json=payload,
                headers=headers,
                verify=True,
                timeout=10,
            )
        except requests.exceptions.ConnectionError as error:
            logger.error(
                "Connection error while trying to reach %s.",
                self.API_URL,
                exc_info=error,
            )
            raise error

        if response.status_code == status.HTTP_201_CREATED:
            logger.info(
                "Mailbox successfully created on domain %s by user %s",
                str(mailbox["domain"]),
                user_sub,
            )
            return response

        if response.status_code == status.HTTP_403_FORBIDDEN:
            raise exceptions.PermissionDenied(
                "Permission denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."
            )

        return self.pass_dimail_unexpected_response(response)

    def pass_dimail_unexpected_response(self, response):
        """Raise error when encountering an unexpected error in dimail."""
        error_content = response.content.decode("utf-8")

        logger.error("[DIMAIL] unexpected error : %s", error_content)
        raise SystemError(f"Unexpected response from dimail: {error_content}")

    def send_new_mailbox_notification(self, recipient, mailbox_data):
        """
        Send email to confirm mailbox creation
        and send new mailbox information.
        """

        template_vars = {
            "title": _("Your new mailbox information"),
            "site": Site.objects.get_current(),
            "webmail_url": settings.WEBMAIL_URL,
            "mailbox_data": mailbox_data,
        }

        msg_html = render_to_string("mail/html/new_mailbox.html", template_vars)
        msg_plain = render_to_string("mail/text/new_mailbox.txt", template_vars)

        try:
            mail.send_mail(
                template_vars["title"],
                msg_plain,
                settings.EMAIL_FROM,
                [recipient],
                html_message=msg_html,
                fail_silently=False,
            )
            logger.info(
                "Information for mailbox %s sent to %s.",
                mailbox_data["email"],
                recipient,
            )
        except smtplib.SMTPException as exception:
            logger.error(
                "Mailbox confirmation email to %s was not sent: %s",
                recipient,
                exception,
            )
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`"""A minimalist client to synchronize with mailbox provisioning API."""`

✨(mailbox) send new mailbox confirmation email send mailbox information upon creating a new mailbox 2024-09-20 18:08:02 +02:00			`import smtplib`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`from logging import getLogger`

			`from django.conf import settings`
✨(mailbox) send new mailbox confirmation email send mailbox information upon creating a new mailbox 2024-09-20 18:08:02 +02:00			`from django.contrib.sites.models import Site`
			`from django.core import exceptions, mail`
			`from django.template.loader import render_to_string`
			`from django.utils.translation import gettext_lazy as _`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`import requests`
			`from rest_framework import status`
			`from urllib3.util import Retry`

			`logger = getLogger(__name__)`

			`adapter = requests.adapters.HTTPAdapter(`
			`max_retries=Retry(`
			`total=4,`
			`backoff_factor=0.1,`
			`status_forcelist=[500, 502],`
			`allowed_methods=["PATCH"],`
			`)`
			`)`

			`session = requests.Session()`
			`session.mount("http://", adapter)`
			`session.mount("https://", adapter)`


			`class DimailAPIClient:`
			`"""A dimail-API client."""`

👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`API_URL = settings.MAIL_PROVISIONING_API_URL`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`API_CREDENTIALS = settings.MAIL_PROVISIONING_API_CREDENTIALS`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`def get_headers(self, user_sub=None):`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`"""`
			`Build headers dictionary. Requires MAIL_PROVISIONING_API_CREDENTIALS setting,`
			`to get a token from dimail /token/ endpoint.`
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`If provided, request user' sub is used for la regie to log in as this user,`
			`thus allowing for more precise logs.`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`"""`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`headers = {"Content-Type": "application/json"}`
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`params = None`

			`if user_sub:`
			`params = {"username": str(user_sub)}`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`response = requests.get(`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`f"{self.API_URL}/token/",`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`headers={"Authorization": f"Basic {self.API_CREDENTIALS}"},`
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`params=params,`
🐛(dimail) improve handling of dimail errors on failed mailbox creation dimail is called twice when creating a mailbox (once for the token, and once for the post on mailbox endpoint). we want to clarify the status_codes and messages of each error to inform user and ease debug 2024-09-03 18:29:28 +02:00			`timeout=20,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`

♻️(dimail) refacto to better handle 500 errors from dimail simple refacto to catch all 500 errors, including when asking for new token. 2024-09-06 17:18:27 +02:00			`if response.status_code == status.HTTP_200_OK:`
			`headers["Authorization"] = f"Bearer {response.json()['access_token']}"`
			`logger.info("Token succesfully granted by mail-provisioning API.")`
			`return headers`

🐛(dimail) improve handling of dimail errors on failed mailbox creation dimail is called twice when creating a mailbox (once for the token, and once for the post on mailbox endpoint). we want to clarify the status_codes and messages of each error to inform user and ease debug 2024-09-03 18:29:28 +02:00			`if response.status_code == status.HTTP_403_FORBIDDEN:`
			`logger.error(`
🗃️(models) remove 'secret' field from mailbox model We remove 'secret' field, as it won't be of use in interactions between la Régie and dimail. Régie credentials will be stored and used as project variable. 2024-08-30 15:49:04 +02:00			`"[DIMAIL] 403 Forbidden: Could not retrieve a token,\`
			`please check 'MAIL_PROVISIONING_API_CREDENTIALS' setting.",`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`raise exceptions.PermissionDenied(`
			`"Token denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."`
			`)`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
♻️(dimail) refacto to better handle 500 errors from dimail simple refacto to catch all 500 errors, including when asking for new token. 2024-09-06 17:18:27 +02:00			`return self.pass_dimail_unexpected_response(response)`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`def send_mailbox_request(self, mailbox, user_sub=None):`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`"""Send a CREATE mailbox request to mail provisioning API."""`

			`payload = {`
♻️(serializers) move dimail calls to serializers we move all business logic from model to serializer. all API calls (direct and from front) will keep on triggering expected 3rd party calls while admin actions will uniquely trigger modifications in our database. 2024-09-19 18:47:08 +02:00			`"givenName": mailbox["first_name"],`
			`"surName": mailbox["last_name"],`
			`"displayName": f"{mailbox['first_name']} {mailbox['last_name']}",`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`}`
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`headers = self.get_headers(user_sub)`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`try:`
			`response = session.post(`
♻️(serializers) move dimail calls to serializers we move all business logic from model to serializer. all API calls (direct and from front) will keep on triggering expected 3rd party calls while admin actions will uniquely trigger modifications in our database. 2024-09-19 18:47:08 +02:00			`f"{self.API_URL}/domains/{mailbox['domain']}/mailboxes/{mailbox['local_part']}/",`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`json=payload,`
♻️(dimail) separate headers request from mailbox request I want to separate headers request form mailbox request, as we were previously catching the same errors twice. It should be clearer now. 2024-09-09 19:03:59 +02:00			`headers=headers,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`verify=True,`
			`timeout=10,`
			`)`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`except requests.exceptions.ConnectionError as error:`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`logger.error(`
			`"Connection error while trying to reach %s.",`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`self.API_URL,`
			`exc_info=error,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`raise error`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00
			`if response.status_code == status.HTTP_201_CREATED:`
			`logger.info(`
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`"Mailbox successfully created on domain %s by user %s",`
♻️(serializers) move dimail calls to serializers we move all business logic from model to serializer. all API calls (direct and from front) will keep on triggering expected 3rd party calls while admin actions will uniquely trigger modifications in our database. 2024-09-19 18:47:08 +02:00			`str(mailbox["domain"]),`
✨(dimail) allow la regie to request a token for another user allow la regie to request a token for another dimail user, to better track who created/modified which ressource. 2024-09-20 16:31:41 +02:00			`user_sub,`
✨(mailboxes) add mail provisioning api integration We want people to create new mailboxes in La Régie. This commit adds integration with intermediary dimail-api, which will in turn send our email creation request to Open-Xchange. 2024-08-05 12:20:44 +02:00			`)`
🐛(dimail) improve handling of dimail errors on failed mailbox creation dimail is called twice when creating a mailbox (once for the token, and once for the post on mailbox endpoint). we want to clarify the status_codes and messages of each error to inform user and ease debug 2024-09-03 18:29:28 +02:00			`return response`

			`if response.status_code == status.HTTP_403_FORBIDDEN:`
✨(mailboxes) manage bad secret sent to dimail API - manage 403 returned by dimail API when mail domain secret is not valid - improve some tests - improve MailboxFactory to mock success for dimail API POST call - override 403.html to return a nice failing error in django admin - an error message is displayed on mailbox creation form of frontend 2024-08-08 18:28:01 +02:00			`raise exceptions.PermissionDenied(`
🗃️(models) remove 'secret' field from mailbox model We remove 'secret' field, as it won't be of use in interactions between la Régie and dimail. Régie credentials will be stored and used as project variable. 2024-08-30 15:49:04 +02:00			`"Permission denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."`
👽️(mailboxes) fix mailbox creation after dimail api improvement Latest dimail modification lead to a bug in our app, preventing mailbox creation from working properly. I swapped old dimail url to new one, mirrored dimail modification and fixed tests and tada! 2024-08-26 19:10:43 +02:00			`)`

♻️(dimail) refacto to better handle 500 errors from dimail simple refacto to catch all 500 errors, including when asking for new token. 2024-09-06 17:18:27 +02:00			`return self.pass_dimail_unexpected_response(response)`

			`def pass_dimail_unexpected_response(self, response):`
			`"""Raise error when encountering an unexpected error in dimail."""`
			`error_content = response.content.decode("utf-8")`

			`logger.error("[DIMAIL] unexpected error : %s", error_content)`
			`raise SystemError(f"Unexpected response from dimail: {error_content}")`
✨(mailbox) send new mailbox confirmation email send mailbox information upon creating a new mailbox 2024-09-20 18:08:02 +02:00
			`def send_new_mailbox_notification(self, recipient, mailbox_data):`
			`"""`
			`Send email to confirm mailbox creation`
			`and send new mailbox information.`
			`"""`

			`template_vars = {`
			`"title": _("Your new mailbox information"),`
			`"site": Site.objects.get_current(),`
			`"webmail_url": settings.WEBMAIL_URL,`
			`"mailbox_data": mailbox_data,`
			`}`

			`msg_html = render_to_string("mail/html/new_mailbox.html", template_vars)`
			`msg_plain = render_to_string("mail/text/new_mailbox.txt", template_vars)`

			`try:`
			`mail.send_mail(`
			`template_vars["title"],`
			`msg_plain,`
			`settings.EMAIL_FROM,`
			`[recipient],`
			`html_message=msg_html,`
			`fail_silently=False,`
			`)`
			`logger.info(`
			`"Information for mailbox %s sent to %s.",`
			`mailbox_data["email"],`
			`recipient,`
			`)`
			`except smtplib.SMTPException as exception:`
			`logger.error(`
			`"Mailbox confirmation email to %s was not sent: %s",`
			`recipient,`
			`exception,`
			`)`