py3: Switch almost all shebang lines to use `python3`.
This causes `upgrade-zulip-from-git`, as well as a no-option run of
`tools/build-release-tarball`, to produce a Zulip install running
Python 3, rather than Python 2. In particular this means that the
virtualenv we create, in which all application code runs, is Python 3.
One shebang line, on `zulip-ec2-configure-interfaces`, explicitly
keeps Python 2, and at least one external ops script, `wal-e`, also
still runs on Python 2. See discussion on the respective previous
commits that made those explicit. There may also be some other
third-party scripts we use, outside of this source tree and running
outside our virtualenv, that still run on Python 2.
2017-08-02 23:15:16 +02:00
|
|
|
#!/usr/bin/env python3
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2020-01-30 21:32:09 +01:00
|
|
|
"""Postfix implementation of the incoming email gateway's helper for
|
|
|
|
forwarding emails into Zulip.
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2020-10-27 22:30:35 +01:00
|
|
|
https://zulip.readthedocs.io/en/latest/production/email-gateway.html
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2020-01-30 21:32:09 +01:00
|
|
|
The email gateway supports two major modes of operation: An email
|
2020-10-23 02:43:28 +02:00
|
|
|
server (using Postfix) where the email address configured in
|
2020-01-30 21:32:09 +01:00
|
|
|
EMAIL_GATEWAY_PATTERN delivers emails directly to Zulip (this) or a
|
|
|
|
cron job that connects to an IMAP inbox (which receives the emails)
|
|
|
|
periodically.
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
Zulip's Puppet configuration takes care of configuring Postfix to
|
|
|
|
execute this script when emails are received by Postfix, piping the
|
2020-01-30 21:32:09 +01:00
|
|
|
email content via standard input (and the destination email address in
|
|
|
|
the ORIGINAL_RECIPIENT environment variable).
|
2017-04-18 17:28:55 +02:00
|
|
|
|
|
|
|
In Postfix, you can express that via an /etc/aliases entry like this:
|
|
|
|
|/home/zulip/deployments/current/scripts/lib/email-mirror-postfix -r ${original_recipient}
|
|
|
|
|
2020-01-30 21:32:09 +01:00
|
|
|
To manage DoS issues, this script does very little work (just sending
|
|
|
|
an HTTP request to queue the message for processing) to avoid
|
|
|
|
importing expensive libraries.
|
|
|
|
|
2017-04-18 17:28:55 +02:00
|
|
|
Also you can use optional keys to configure the script and change default values:
|
|
|
|
|
|
|
|
-s SHARED_SECRET For adding shared secret key if it is not contained in
|
2020-01-30 21:32:09 +01:00
|
|
|
"/etc/zulip/zulip-secrets.conf". This key is used to authenticate
|
|
|
|
the HTTP requests made by this tool.
|
2017-04-18 17:28:55 +02:00
|
|
|
|
|
|
|
-d HOST Destination Zulip host for email uploading. Address must contain type of
|
2023-10-09 21:28:43 +02:00
|
|
|
HTTP protocol, e.g. "https://example.com". Default value: "https://127.0.0.1".
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2024-02-08 20:15:01 +01:00
|
|
|
-u URL Destination relative for email uploading. Default value: "/api/internal/email_mirror_message".
|
2017-04-18 17:28:55 +02:00
|
|
|
|
|
|
|
-n Disable checking ssl certificate. This option is used for
|
|
|
|
self-signed certificates. Default value: False.
|
|
|
|
|
|
|
|
-t Disable sending request to the Zulip server. Default value: False.
|
|
|
|
"""
|
2023-12-05 18:45:07 +01:00
|
|
|
|
2020-06-11 00:54:34 +02:00
|
|
|
import argparse
|
2020-06-05 23:35:52 +02:00
|
|
|
import base64
|
2020-06-11 00:54:34 +02:00
|
|
|
import json
|
2017-04-18 17:28:55 +02:00
|
|
|
import os
|
2020-06-11 00:54:34 +02:00
|
|
|
import posix
|
2017-04-30 19:05:12 +02:00
|
|
|
import ssl
|
2017-04-18 17:28:55 +02:00
|
|
|
import sys
|
2017-11-06 03:10:47 +01:00
|
|
|
from configparser import RawConfigParser
|
2022-12-04 08:47:12 +01:00
|
|
|
from typing import NoReturn
|
2020-06-11 00:54:34 +02:00
|
|
|
from urllib.error import HTTPError
|
2023-12-05 21:25:00 +01:00
|
|
|
from urllib.parse import urlencode, urljoin, urlsplit
|
2020-06-11 00:54:34 +02:00
|
|
|
from urllib.request import Request, urlopen
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2020-10-31 16:44:13 +01:00
|
|
|
sys.path.append(os.path.join(os.path.dirname(__file__), "..", ".."))
|
2024-03-05 17:16:31 +01:00
|
|
|
from scripts.lib.zulip_tools import get_config, get_config_file
|
2020-10-31 16:44:13 +01:00
|
|
|
|
2017-11-10 01:57:41 +01:00
|
|
|
parser = argparse.ArgumentParser()
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
parser.add_argument("-r", "--recipient", default="", help="Original recipient.")
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
parser.add_argument("-s", "--shared-secret", default="", help="Secret access key.")
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
parser.add_argument(
|
2021-02-12 08:20:45 +01:00
|
|
|
"-d",
|
|
|
|
"--dst-host",
|
2021-02-12 08:19:30 +01:00
|
|
|
dest="host",
|
2020-10-31 16:44:13 +01:00
|
|
|
default="127.0.0.1",
|
2021-02-12 08:19:30 +01:00
|
|
|
help="Destination server address for uploading email from email mirror. "
|
2020-10-31 16:44:13 +01:00
|
|
|
"Address must contain a HTTP protocol. Otherwise, default value is assumed "
|
|
|
|
"based on the http_only setting.",
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
parser.add_argument(
|
2021-02-12 08:20:45 +01:00
|
|
|
"-u",
|
|
|
|
"--dst-url",
|
2021-02-12 08:19:30 +01:00
|
|
|
dest="url",
|
2024-02-08 20:15:01 +01:00
|
|
|
default="/api/internal/email_mirror_message",
|
2021-02-12 08:19:30 +01:00
|
|
|
help="Destination relative URL for uploading email from email mirror.",
|
|
|
|
)
|
|
|
|
|
|
|
|
parser.add_argument(
|
2021-02-12 08:20:45 +01:00
|
|
|
"-n",
|
|
|
|
"--not-verify-ssl",
|
2021-02-12 08:19:30 +01:00
|
|
|
dest="verify_ssl",
|
2021-02-12 08:20:45 +01:00
|
|
|
action="store_false",
|
2021-02-12 08:19:30 +01:00
|
|
|
help="Disable ssl certificate verifying for self-signed certificates",
|
|
|
|
)
|
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
parser.add_argument("-t", "--test", action="store_true", help="Test mode.")
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2017-11-10 01:57:41 +01:00
|
|
|
options = parser.parse_args()
|
2017-04-18 17:28:55 +02:00
|
|
|
|
|
|
|
MAX_ALLOWED_PAYLOAD = 25 * 1024 * 1024
|
|
|
|
|
2017-04-30 19:05:12 +02:00
|
|
|
|
2022-12-04 08:47:12 +01:00
|
|
|
def process_response_error(e: HTTPError) -> NoReturn:
|
2017-04-30 19:05:12 +02:00
|
|
|
if e.code == 400:
|
|
|
|
response_content = e.read()
|
2020-10-30 01:18:43 +01:00
|
|
|
response_data = json.loads(response_content)
|
2021-02-12 08:20:45 +01:00
|
|
|
print(response_data["msg"])
|
2022-12-04 08:47:12 +01:00
|
|
|
sys.exit(posix.EX_NOUSER)
|
2017-04-30 19:05:12 +02:00
|
|
|
else:
|
|
|
|
print("4.4.2 Connection dropped: Internal server error.")
|
2022-12-04 08:47:12 +01:00
|
|
|
sys.exit(1)
|
2017-04-30 19:05:12 +02:00
|
|
|
|
|
|
|
|
python: Convert function type annotations to Python 3 style.
Generated by com2ann (slightly patched to avoid also converting
assignment type annotations, which require Python 3.6), followed by
some manual whitespace adjustment, and six fixes for runtime issues:
- def __init__(self, token: Token, parent: Optional[Node]) -> None:
+ def __init__(self, token: Token, parent: "Optional[Node]") -> None:
-def main(options: argparse.Namespace) -> NoReturn:
+def main(options: argparse.Namespace) -> "NoReturn":
-def fetch_request(url: str, callback: Any, **kwargs: Any) -> Generator[Callable[..., Any], Any, None]:
+def fetch_request(url: str, callback: Any, **kwargs: Any) -> "Generator[Callable[..., Any], Any, None]":
-def assert_server_running(server: subprocess.Popen[bytes], log_file: Optional[str]) -> None:
+def assert_server_running(server: "subprocess.Popen[bytes]", log_file: Optional[str]) -> None:
-def server_is_up(server: subprocess.Popen[bytes], log_file: Optional[str]) -> bool:
+def server_is_up(server: "subprocess.Popen[bytes]", log_file: Optional[str]) -> bool:
- method_kwarg_pairs: List[FuncKwargPair],
+ method_kwarg_pairs: "List[FuncKwargPair]",
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-19 03:48:37 +02:00
|
|
|
def send_email_mirror(
|
2021-02-12 08:19:30 +01:00
|
|
|
rcpt_to: str,
|
|
|
|
shared_secret: str,
|
|
|
|
host: str,
|
|
|
|
url: str,
|
|
|
|
test: bool,
|
|
|
|
verify_ssl: bool,
|
python: Convert function type annotations to Python 3 style.
Generated by com2ann (slightly patched to avoid also converting
assignment type annotations, which require Python 3.6), followed by
some manual whitespace adjustment, and six fixes for runtime issues:
- def __init__(self, token: Token, parent: Optional[Node]) -> None:
+ def __init__(self, token: Token, parent: "Optional[Node]") -> None:
-def main(options: argparse.Namespace) -> NoReturn:
+def main(options: argparse.Namespace) -> "NoReturn":
-def fetch_request(url: str, callback: Any, **kwargs: Any) -> Generator[Callable[..., Any], Any, None]:
+def fetch_request(url: str, callback: Any, **kwargs: Any) -> "Generator[Callable[..., Any], Any, None]":
-def assert_server_running(server: subprocess.Popen[bytes], log_file: Optional[str]) -> None:
+def assert_server_running(server: "subprocess.Popen[bytes]", log_file: Optional[str]) -> None:
-def server_is_up(server: subprocess.Popen[bytes], log_file: Optional[str]) -> bool:
+def server_is_up(server: "subprocess.Popen[bytes]", log_file: Optional[str]) -> bool:
- method_kwarg_pairs: List[FuncKwargPair],
+ method_kwarg_pairs: "List[FuncKwargPair]",
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-19 03:48:37 +02:00
|
|
|
) -> None:
|
2017-04-18 17:28:55 +02:00
|
|
|
if not rcpt_to:
|
|
|
|
print("5.1.1 Bad destination mailbox address: No missed message email address.")
|
2022-12-04 08:47:12 +01:00
|
|
|
sys.exit(posix.EX_NOUSER)
|
2020-06-05 23:35:52 +02:00
|
|
|
msg_bytes = sys.stdin.buffer.read(MAX_ALLOWED_PAYLOAD + 1)
|
|
|
|
if len(msg_bytes) > MAX_ALLOWED_PAYLOAD:
|
2017-04-18 17:28:55 +02:00
|
|
|
# We're not at EOF, reject large mail.
|
|
|
|
print("5.3.4 Message too big for system: Max size is 25MiB")
|
2022-12-04 08:47:12 +01:00
|
|
|
sys.exit(posix.EX_DATAERR)
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2017-04-30 19:05:12 +02:00
|
|
|
secrets_file = RawConfigParser()
|
2017-04-18 17:28:55 +02:00
|
|
|
secrets_file.read("/etc/zulip/zulip-secrets.conf")
|
|
|
|
if not shared_secret:
|
2021-02-12 08:20:45 +01:00
|
|
|
shared_secret = secrets_file.get("secrets", "shared_secret")
|
2017-04-18 17:28:55 +02:00
|
|
|
|
|
|
|
if test:
|
2022-12-04 08:47:12 +01:00
|
|
|
return
|
2017-04-18 17:28:55 +02:00
|
|
|
|
2023-12-05 21:25:00 +01:00
|
|
|
if not urlsplit(host).scheme:
|
2020-10-31 16:44:13 +01:00
|
|
|
config_file = get_config_file()
|
2024-03-05 17:16:31 +01:00
|
|
|
http_only = get_config(config_file, "application_server", "http_only", False)
|
2020-10-31 16:44:13 +01:00
|
|
|
scheme = "http://" if http_only else "https://"
|
|
|
|
host = scheme + host
|
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
if host == "https://127.0.0.1":
|
2017-04-18 17:28:55 +02:00
|
|
|
# Don't try to verify SSL when posting to 127.0.0.1; it won't
|
|
|
|
# work, and connections to 127.0.0.1 are secure without SSL.
|
|
|
|
verify_ssl = False
|
|
|
|
|
2020-10-15 11:43:44 +02:00
|
|
|
# Because this script is run from postfix, it does not have any
|
|
|
|
# http proxy environment variables set which might interfere with
|
|
|
|
# access to localhost.
|
|
|
|
|
2019-08-10 00:30:33 +02:00
|
|
|
context = None
|
|
|
|
if not verify_ssl:
|
|
|
|
context = ssl.create_default_context()
|
|
|
|
context.check_hostname = False
|
|
|
|
context.verify_mode = ssl.CERT_NONE
|
2020-06-05 23:35:52 +02:00
|
|
|
data = {
|
|
|
|
"rcpt_to": rcpt_to,
|
|
|
|
"msg_base64": base64.b64encode(msg_bytes).decode(),
|
|
|
|
"secret": shared_secret,
|
|
|
|
}
|
2021-08-02 23:20:39 +02:00
|
|
|
req = Request(url=urljoin(host, url), data=urlencode(data).encode())
|
2017-04-30 19:05:12 +02:00
|
|
|
try:
|
2019-08-10 00:30:33 +02:00
|
|
|
urlopen(req, context=context)
|
2017-04-30 19:05:12 +02:00
|
|
|
except HTTPError as err:
|
|
|
|
process_response_error(err)
|
|
|
|
|
|
|
|
|
|
|
|
recipient = str(os.environ.get("ORIGINAL_RECIPIENT", options.recipient))
|
2021-02-12 08:19:30 +01:00
|
|
|
send_email_mirror(
|
|
|
|
recipient, options.shared_secret, options.host, options.url, options.test, options.verify_ssl
|
|
|
|
)
|