gets the emails of each admin to send them the compromised_password_check_failure_mail

2024-11-06 12:56:35 +01:00 · 2024-11-06 12:56:35 +01:00 · fa3a5f6616
commit fa3a5f6616
parent b47c949239
2 changed files with 14 additions and 9 deletions
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@ -93,19 +93,25 @@ def compromised_password_validator(form, field):
    except ImportError:
        return None

+    group_user = Backend.instance.query(models.User)
+    emails_of_admins = []
+    for user in group_user:
+        for group in user.groups:
+            if "admins" == group.display_name:
+                emails_of_admins.append(user.emails[0])
+
    hashed_password = sha1(field.data.encode("utf-8")).hexdigest()
    hashed_password_prefix, hashed_password_suffix = (
        hashed_password[:5].upper(),
        hashed_password[5:].upper(),
    )

-    api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
+    api_url = f"https://api2.pwnedpasswords.com/range/{hashed_password_prefix}"

    try:
        response = requests.api.get(api_url, timeout=10)
    except Exception as e:
        print("Error: " + str(e))
-
        if current_app.features.has_smtp and not request_is_htmx():
            if form.user is not None:
                user_name = form.user.user_name
@ -113,10 +119,10 @@ def compromised_password_validator(form, field):
            else:
                user_name = form["user_name"].data
                user_email = form["emails"].data[0]
-
-            send_compromised_password_check_failure_mail(
-                api_url, user_name, user_email, hashed_password_suffix
-            )
+            for admin_email in emails_of_admins:
+                send_compromised_password_check_failure_mail(
+                    api_url, user_name, user_email, hashed_password_suffix, admin_email
+                )

        return None

--- a/canaille/core/mails.py
+++ b/canaille/core/mails.py
@ -213,7 +213,7 @@ def send_registration_mail(email, registration_url):


 def send_compromised_password_check_failure_mail(
-    check_password_url, user_name, user_email, hashed_password
+    check_password_url, user_name, user_email, hashed_password, admin_email
 ):
    base_url = url_for("core.account.index", _external=True)
    logo_cid, logo_filename, logo_raw = logo()
@ -244,8 +244,7 @@ def send_compromised_password_check_failure_mail(

    return send_email(
        subject=subject,
-        # line to change with admin group mails....
-        recipient="sebastien@yaal.coop",
+        recipient=admin_email,
        text=text_body,
        html=html_body,
        attachments=[(logo_cid, logo_filename, logo_raw)] if logo_filename else None,