forked from Disroot/gpg-lacre
Use SQLAlchemy to access database
- Replace hardcoded MySQLdb package with sqlalchemy to support other RDBMS backends. - Provide a script that could eventually replace schema.sql (schema.py). - Update sample configuration.
This commit is contained in:
parent
86b725349f
commit
7aff414fb7
3 changed files with 86 additions and 24 deletions
|
|
@ -21,13 +21,21 @@
|
|||
|
||||
from configparser import RawConfigParser
|
||||
import GnuPG
|
||||
import MySQLdb
|
||||
import sqlalchemy
|
||||
from sqlalchemy.sql import select
|
||||
# import MySQLdb
|
||||
import smtplib
|
||||
import markdown
|
||||
import syslog
|
||||
import os
|
||||
from email.mime.text import MIMEText
|
||||
from email.mime.multipart import MIMEMultipart
|
||||
|
||||
# Environment variable name we read to retrieve configuration path. This is to
|
||||
# enable non-root users to set up and run GPG Mailgate and to make the software
|
||||
# testable.
|
||||
CONFIG_PATH_ENV = "GPG_MAILGATE_CONFIG"
|
||||
|
||||
def appendLog(msg):
|
||||
if 'logging' in cfg and 'file' in cfg['logging']:
|
||||
if cfg['logging'].get('file') == "syslog":
|
||||
|
|
@ -43,6 +51,15 @@ def load_file(name):
|
|||
f.close()
|
||||
return data
|
||||
|
||||
def authenticate_maybe(smtp):
|
||||
if 'smtp' in cfg and 'enabled' in cfg['smtp'] and cfg['smtp']['enabled'] == 'true':
|
||||
smtp.connect(cfg['smtp']['host'],cfg['smtp']['port'])
|
||||
smtp.ehlo()
|
||||
if cfg['smtp']['startls'] == 'true':
|
||||
smtp.starttls()
|
||||
smtp.ehlo()
|
||||
smtp.login(cfg['smtp']['username'], cfg['smtp']['password'])
|
||||
|
||||
def send_msg( mailsubject, messagefile, recipients = None ):
|
||||
mailbody = load_file( cfg['cron']['mail_templates'] + "/" + messagefile)
|
||||
msg = MIMEMultipart("alternative")
|
||||
|
|
@ -57,68 +74,89 @@ def send_msg( mailsubject, messagefile, recipients = None ):
|
|||
if 'relay' in cfg and 'host' in cfg['relay'] and 'enc_port' in cfg['relay']:
|
||||
relay = (cfg['relay']['host'], int(cfg['relay']['enc_port']))
|
||||
smtp = smtplib.SMTP(relay[0], relay[1])
|
||||
if 'smtp' in cfg and 'enabled' in cfg['smtp'] and cfg['smtp']['enabled'] == 'true':
|
||||
smtp.connect(cfg['smtp']['host'],cfg['smtp']['port'])
|
||||
smtp.ehlo()
|
||||
if cfg['smtp']['startls'] == 'true':
|
||||
smtp.starttls()
|
||||
smtp.ehlo()
|
||||
smtp.login(cfg['smtp']['username'], cfg['smtp']['password'])
|
||||
authenticate_maybe(smtp)
|
||||
smtp.sendmail( cfg['cron']['notification_email'], recipients, msg.as_string() )
|
||||
else:
|
||||
appendLog("Could not send mail due to wrong configuration")
|
||||
|
||||
def setup_db_connection(url):
|
||||
engine = sqlalchemy.create_engine(url)
|
||||
return (engine, engine.connect())
|
||||
|
||||
def define_db_schema():
|
||||
meta = sqlalchemy.MetaData()
|
||||
|
||||
gpgmw_keys = sqlalchemy.Table('gpgmw_keys', meta,
|
||||
sqlalchemy.Column('id', sqlalchemy.Integer, primary_key=True),
|
||||
sqlalchemy.Column('email', sqlalchemy.String(256)),
|
||||
sqlalchemy.Column('publickey', sqlalchemy.Text),
|
||||
sqlalchemy.Column('confirm', sqlalchemy.String(32)),
|
||||
sqlalchemy.Column('status', sqlalchemy.Integer),
|
||||
sqlalchemy.Column('time', sqlalchemy.DateTime))
|
||||
|
||||
return (gpgmw_keys)
|
||||
|
||||
|
||||
# Read configuration from /etc/gpg-mailgate.conf
|
||||
_cfg = RawConfigParser()
|
||||
_cfg.read('/etc/gpg-mailgate.conf')
|
||||
_cfg.read(os.getenv(CONFIG_PATH_ENV, '/etc/gpg-mailgate.conf'))
|
||||
cfg = dict()
|
||||
for sect in _cfg.sections():
|
||||
cfg[sect] = dict()
|
||||
for (name, value) in _cfg.items(sect):
|
||||
cfg[sect][name] = value
|
||||
|
||||
if 'database' in cfg and 'enabled' in cfg['database'] and cfg['database']['enabled'] == 'yes' and 'name' in cfg['database'] and 'host' in cfg['database'] and 'username' in cfg['database'] and 'password' in cfg['database']:
|
||||
connection = MySQLdb.connect(host = cfg['database']['host'], user = cfg['database']['username'], passwd = cfg['database']['password'], db = cfg['database']['name'], port = 3306)
|
||||
cursor = connection.cursor()
|
||||
if 'database' in cfg and 'enabled' in cfg['database'] and cfg['database']['enabled'] == 'yes' and 'url' in cfg['database']:
|
||||
(engine, conn) = setup_db_connection(cfg["database"]["url"])
|
||||
(gpgmw_keys) = define_db_schema()
|
||||
|
||||
# import keys
|
||||
cursor.execute("SELECT publickey, id, email FROM gpgmw_keys WHERE status = 0 AND confirm = '' LIMIT 100")
|
||||
result_set = cursor.fetchall()
|
||||
# Original query: "SELECT publickey, id, email FROM gpgmw_keys WHERE status = 0 AND confirm = '' LIMIT 100"
|
||||
# TODO: add WHERE clause referencing "status" and "confirm" columns.
|
||||
query = select(gpgmw_keys.c.publickey, gpgmw_keys.c.id, gpgmw_keys.c.email).limit(100)
|
||||
result_set = conn.execute(query)
|
||||
|
||||
rowno = 0
|
||||
for row in result_set:
|
||||
# delete any other public keys associated with this confirmed email address
|
||||
cursor.execute("DELETE FROM gpgmw_keys WHERE email = %s AND id != %s", (row[2], row[1],))
|
||||
# TODO: replace with a delete() query generator.
|
||||
conn.execute("DELETE FROM gpgmw_keys WHERE email = %s AND id != %s", (row[2], row[1],))
|
||||
GnuPG.delete_key(cfg['gpg']['keyhome'], row[2])
|
||||
appendLog('Deleted key for <' + row[2] + '> via import request')
|
||||
|
||||
if row[0].strip(): # we have this so that user can submit blank key to remove any encryption
|
||||
if GnuPG.confirm_key(row[0], row[2]):
|
||||
GnuPG.add_key(cfg['gpg']['keyhome'], row[0]) # import the key to gpg
|
||||
cursor.execute("UPDATE gpgmw_keys SET status = 1 WHERE id = %s", (row[1],)) # mark key as accepted
|
||||
# TODO: replace with an update() query generator.
|
||||
conn.execute("UPDATE gpgmw_keys SET status = 1 WHERE id = %s", (row[1],)) # mark key as accepted
|
||||
appendLog('Imported key from <' + row[2] + '>')
|
||||
if 'send_email' in cfg['cron'] and cfg['cron']['send_email'] == 'yes':
|
||||
send_msg( "PGP key registration successful", "registrationSuccess.md", row[2] )
|
||||
else:
|
||||
cursor.execute("DELETE FROM gpgmw_keys WHERE id = %s", (row[1],)) # delete key
|
||||
# TODO: replace with a delete() query generator.
|
||||
conn.execute("DELETE FROM gpgmw_keys WHERE id = %s", (row[1],)) # delete key
|
||||
appendLog('Import confirmation failed for <' + row[2] + '>')
|
||||
if 'send_email' in cfg['cron'] and cfg['cron']['send_email'] == 'yes':
|
||||
send_msg( "PGP key registration failed", "registrationError.md", row[2] )
|
||||
else:
|
||||
# delete key so we don't continue processing it
|
||||
cursor.execute("DELETE FROM gpgmw_keys WHERE id = %s", (row[1],))
|
||||
# TODO: replace with a delete() query generator.
|
||||
conn.execute("DELETE FROM gpgmw_keys WHERE id = %s", (row[1],))
|
||||
if 'send_email' in cfg['cron'] and cfg['cron']['send_email'] == 'yes':
|
||||
send_msg( "PGP key deleted", "keyDeleted.md", row[2])
|
||||
|
||||
connection.commit()
|
||||
# connection.commit()
|
||||
# TODO: see if it's still necessary
|
||||
|
||||
# delete keys
|
||||
cursor.execute("SELECT email, id FROM gpgmw_keys WHERE status = 2 LIMIT 100")
|
||||
result_set = cursor.fetchall()
|
||||
# TODO: replace with a delete() query generator.
|
||||
result_set = conn.execute("SELECT email, id FROM gpgmw_keys WHERE status = 2 LIMIT 100")
|
||||
|
||||
for row in result_set:
|
||||
GnuPG.delete_key(cfg['gpg']['keyhome'], row[0])
|
||||
cursor.execute("DELETE FROM gpgmw_keys WHERE id = %s", (row[1],))
|
||||
# TODO: replace with a delete() query generator.
|
||||
conn.execute("DELETE FROM gpgmw_keys WHERE id = %s", (row[1],))
|
||||
appendLog('Deleted key for <' + row[0] + '>')
|
||||
connection.commit()
|
||||
# connection.commit()
|
||||
# TODO: see if it's still necessary
|
||||
else:
|
||||
print("Warning: doing nothing since database settings are not configured!")
|
||||
|
|
|
|||
20
gpg-mailgate-web/schema.py
Normal file
20
gpg-mailgate-web/schema.py
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
import sqlalchemy
|
||||
|
||||
def define_db_schema():
|
||||
meta = sqlalchemy.MetaData()
|
||||
|
||||
gpgmw_keys = sqlalchemy.Table('gpgmw_keys', meta,
|
||||
sqlalchemy.Column('id', sqlalchemy.Integer, primary_key=True),
|
||||
sqlalchemy.Column('email', sqlalchemy.String(256)),
|
||||
sqlalchemy.Column('publickey', sqlalchemy.Text),
|
||||
sqlalchemy.Column('confirm', sqlalchemy.String(32)),
|
||||
sqlalchemy.Column('status', sqlalchemy.Integer),
|
||||
sqlalchemy.Column('time', sqlalchemy.DateTime))
|
||||
|
||||
return (meta, gpgmw_keys)
|
||||
|
||||
(meta, gpgmw_keys) = define_db_schema()
|
||||
|
||||
test_db = sqlalchemy.create_engine("sqlite:///test.db")
|
||||
|
||||
meta.create_all(test_db)
|
||||
|
|
@ -95,11 +95,15 @@ starttls = true
|
|||
[database]
|
||||
# uncomment the settings below if you want
|
||||
# to read keys from a gpg-mailgate-web database
|
||||
# TODO: see if this section is required by PHP. If not, delete it.
|
||||
enabled = yes
|
||||
name = gpgmw
|
||||
host = localhost
|
||||
username = gpgmw
|
||||
password = password
|
||||
# For other RDBMS backends, see:
|
||||
# https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls
|
||||
url = sqlite:///test.db
|
||||
|
||||
[enc_keymap]
|
||||
# You can find these by running the following command:
|
||||
|
|
|
|||
Loading…
Reference in a new issue