Merge PR #787 into 12.0

Signed-off-by pedrobaeza
OCA · Oct 28, 2021 · cfd5cbd · cfd5cbd
2 parents a523b5d + 0f37487
commit cfd5cbd
Show file tree

Hide file tree

Showing 21 changed files with 811 additions and 469 deletions.
diff --git a/mail_tracking/controllers/main.py b/mail_tracking/controllers/main.py
@@ -39,6 +39,7 @@ def _request_metadata(self):
             'ua_family': request.user_agent.browser or False,
         }
 
+    # TODO Remove useless controller
     @http.route(['/mail/tracking/all/<string:db>',
                  '/mail/tracking/event/<string:db>/<string:event_type>'],
                 type='http', auth='none', csrf=False)

diff --git a/mail_tracking/models/mail_tracking_email.py b/mail_tracking/models/mail_tracking_email.py
@@ -363,6 +363,7 @@ def event_create(self, event_type, metadata):
                 _logger.debug("Concurrent event '%s' discarded", event_type)
         return event_ids
 
+    # TODO Remove useless method
     @api.model
     def event_process(self, request, post, metadata, event_type=None):
         # Generic event process hook, inherit it and

diff --git a/mail_tracking/models/mail_tracking_event.py b/mail_tracking/models/mail_tracking_event.py
@@ -109,6 +109,10 @@ def _process_bounce(self, tracking_email, metadata, event_type, state):
         })
         return self._process_data(tracking_email, metadata, event_type, state)
 
+    @api.model
+    def process_sent(self, tracking_email, metadata):
+        return self._process_status(tracking_email, metadata, "sent", "sent")
+
     @api.model
     def process_delivered(self, tracking_email, metadata):
         return self._process_status(

diff --git a/mail_tracking_mailgun/README.rst b/mail_tracking_mailgun/README.rst
@@ -38,33 +38,27 @@ function used here.
 .. contents::
    :local:
 
-Configuration
-=============
-
-You must configure Mailgun webhooks in order to receive mail events:
-
-1. Got a Mailgun account and validate your sending domain.
-2. Go to Webhook tab and configure the below URL for each event:
+Installation
+============
 
-.. code:: html
+If you're using a multi-database installation (with or without dbfilter option)
+where /web/databse/selector returns a list of more than one database, then
+you need to add ``mail_tracking_mailgun`` addon to wide load addons list
+(by default, only ``web`` addon), setting ``--load`` option.
 
-   https://<your_domain>/mail/tracking/all/<your_database>
+Example: ``--load=web,mail_tracking,mail_tracking_mailgun``
 
-Replace '<your_domain>' with your Odoo install domain name
-and '<your_database>' with your database name.
+Configuration
+=============
 
-In order to validate Mailgun webhooks you have to configure the following system
-parameters:
+To configure this module, you need to:
 
-- `mailgun.apikey`: You can find Mailgun api_key in your validated sending
-  domain.
-- `mailgun.api_url`: It should be fine as it is, but it could change in the
-  future.
-- `mailgun.domain`: In case your sending domain is different from the one
-  configured in `mail.catchall.domain`.
-- `mailgun.validation_key`: If you want to be able to check mail address
-  validity you must config this parameter with your account Public Validation
-  Key.
+#. Go to Mailgun, create an account and validate your sending domain.
+#. Go back to Odoo.
+#. Go to *Settings > General Settings > Discuss > Enable mail tracking with Mailgun*.
+#. Fill all the values. The only one required is the API key.
+#. Optionally click *Unregister Mailgun webhooks* and accept.
+#. Click *Register Mailgun webhooks*.
 
 You can also config partner email autocheck with this system parameter:
 
@@ -94,6 +88,11 @@ Known issues / Roadmap
 
 * There's no support for more than one Mailgun mail server.
 
+* Automate more webhook registration. It would be nice to not have to click the
+  "Unregister Mailgun webhooks" and "Register Mailgun webhooks" when setting up
+  Mailgun in Odoo. However, it doesn't come without its `conceptual complexities
+  <https://github.com/OCA/social/pull/787#discussion_r734275262>`__.
+
 Bug Tracker
 ===========
 
@@ -123,6 +122,7 @@ Contributors
   * David Vidal
   * Rafael Blasco
   * Ernesto Tejeda
+  * Jairo Llopis
 
 Other credits
 ~~~~~~~~~~~~~

diff --git a/mail_tracking_mailgun/__init__.py b/mail_tracking_mailgun/__init__.py
@@ -1,3 +1,5 @@
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
+from . import controllers
 from . import models
+from . import wizards
diff --git a/mail_tracking_mailgun/__manifest__.py b/mail_tracking_mailgun/__manifest__.py
@@ -20,5 +20,6 @@
     "data": [
         "views/res_partner.xml",
         "views/mail_tracking_email.xml",
+        "wizards/res_config_settings_views.xml",
     ]
 }
diff --git a/mail_tracking_mailgun/controllers/__init__.py b/mail_tracking_mailgun/controllers/__init__.py
@@ -0,0 +1 @@
+from . import main
diff --git a/mail_tracking_mailgun/controllers/main.py b/mail_tracking_mailgun/controllers/main.py
@@ -0,0 +1,76 @@
+# Copyright 2021 Tecnativa - Jairo Llopis
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import hashlib
+import hmac
+import logging
+
+from datetime import datetime, timedelta
+
+from werkzeug.exceptions import NotAcceptable
+
+from odoo import _
+from odoo.exceptions import ValidationError
+from odoo.http import request, route
+
+from ...mail_tracking.controllers import main
+from ...web.controllers.main import ensure_db
+
+_logger = logging.getLogger(__name__)
+
+
+class MailTrackingController(main.MailTrackingController):
+    def _mail_tracking_mailgun_webhook_verify(self, timestamp, token, signature):
+        """Avoid mailgun webhook attacks.
+
+        See https://documentation.mailgun.com/en/latest/user_manual.html#securing-webhooks
+        """  # noqa: E501
+        # Request cannot be old
+        processing_time = datetime.utcnow() - datetime.utcfromtimestamp(int(timestamp))
+        if not timedelta() < processing_time < timedelta(minutes=10):
+            raise ValidationError(_("Request is too old"))
+        # Avoid replay attacks
+        try:
+            processed_tokens = (
+                request.env.registry._mail_tracking_mailgun_processed_tokens
+            )
+        except AttributeError:
+            processed_tokens = (
+                request.env.registry._mail_tracking_mailgun_processed_tokens
+            ) = set()
+        if token in processed_tokens:
+            raise ValidationError(_("Request was already processed"))
+        processed_tokens.add(token)
+        params = request.env["mail.tracking.email"]._mailgun_values()
+        # Assert signature
+        if not params.webhook_signing_key:
+            _logger.warning(
+                "Skipping webhook payload verification. "
+                "Set `mailgun.webhook_signing_key` config parameter to enable"
+            )
+            return
+        hmac_digest = hmac.new(
+            key=params.webhook_signing_key.encode(),
+            msg=("{}{}".format(timestamp, token)).encode(),
+            digestmod=hashlib.sha256,
+        ).hexdigest()
+        if not hmac.compare_digest(str(signature), str(hmac_digest)):
+            raise ValidationError(_("Wrong signature"))
+
+    @route(["/mail/tracking/mailgun/all"], auth="none", type="json", csrf=False)
+    def mail_tracking_mailgun_webhook(self):
+        """Process webhooks from Mailgun."""
+        ensure_db()
+        # Verify and return 406 in case of failure, to avoid retries
+        # See https://documentation.mailgun.com/en/latest/user_manual.html#routes
+        try:
+            self._mail_tracking_mailgun_webhook_verify(
+                **request.jsonrequest["signature"]
+            )
+        except ValidationError as error:
+            raise NotAcceptable from error
+        # Process event
+        request.env["mail.tracking.email"].sudo()._mailgun_event_process(
+            request.jsonrequest["event-data"],
+            self._request_metadata(),
+        )
diff --git a/mail_tracking_mailgun/migrations/12.0.2.0.0/post-migration.py b/mail_tracking_mailgun/migrations/12.0.2.0.0/post-migration.py
@@ -0,0 +1,32 @@
+# Copyright 2021 Tecnativa - Jairo Llopis
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import logging
+
+from openupgradelib import openupgrade
+
+_logger = logging.getLogger(__name__)
+
+
+@openupgrade.migrate()
+def migrate(env, version):
+    """Update webhooks.
+
+    This version dropped support for legacy webhooks and added support for
+    webhook autoregistering. Do that process now.
+    """
+    settings = env["res.config.settings"].create()
+    if not settings.mail_tracking_mailgun_enabled:
+        _logger.warning("Not updating webhooks because mailgun is not configured")
+        return
+    _logger.info("Updating mailgun webhooks")
+    try:
+        settings.mail_tracking_mailgun_unregister_webhooks()
+        settings.mail_tracking_mailgun_register_webhooks()
+    except Exception:
+        # Don't fail the update if you can't register webhooks; it can be a
+        # failing network condition or air-gapped upgrade, and that's OK, you
+        # can just update them later
+        _logger.warning(
+            "Failed to update mailgun webhooks; do that manually", exc_info=True
+        )