social/mail_tracking_mailgun/controllers/main.py

76 lines
2.9 KiB
Python
Raw Normal View History

[IMP] mail_tracking_mailgun: refactor to support modern webhooks Before this patch, the module was designed after the [deprecated Mailgun webhooks][3]. However Mailgun had the [events API][2] which was quite different. Modern Mailgun has deprecated those webhooks and instead uses new ones that include the same payload as the events API, so you can reuse code. However, this was incorrectly reusing the code inversely: trying to process the events API through the same code prepared for the deprecated webhooks. Besides, both `failed` and `rejected` mailgun events were mapped to `error` state, but that was also wrong because [`mail_tracking` doesn't have an `error` state][1]. So the logic of the whole module is changed, adapting it to process the events API payload, both through controllers (prepared for the new webhooks) and manual updates that directly call the events API. Also, `rejected` is now translated into `reject`, and `failed` is translated into `hard_bounce` or `soft_bounce` depending on the severity, as specified by [mailgun docs][2]. Also, `bounced` and `dropped` mailgun states are removed because they don't exist, and instead `failed` and `rejected` properly get their metadata. Of course, to know the severity, now the method to obtain that info must change, it' can't be a simple dict anymore. Added more parameters because for example modern Mailgun uses different keys for signing payload than for accessing the API. As there are so many parameters, configuration is now possible through `res.config.settings`. Go there to autoregister webhooks too. Since the new webhooks are completely incompatible with the old supposedly-abstract webhooks controllers (that were never really that abstract), support for old webhooks is removed, and it will be removed in the future from `mail_tracking` directly. There is a migration script that attempts to unregister old webhooks and register new ones automatically. [1]: https://github.com/OCA/social/blob/f73de421e28a43d018176f61725a3a59665f715d/mail_tracking/models/mail_tracking_event.py#L31-L42 [2]: https://documentation.mailgun.com/en/latest/api-events.html#event-types [3]: https://documentation.mailgun.com/en/latest/api-webhooks-deprecated.html
2021-10-28 12:33:59 +02:00
# Copyright 2021 Tecnativa - Jairo Llopis
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
import hashlib
import hmac
import logging
from datetime import datetime, timedelta
from werkzeug.exceptions import NotAcceptable
from odoo import _
from odoo.exceptions import ValidationError
from odoo.http import request, route
from ...mail_tracking.controllers import main
from ...web.controllers.main import ensure_db
_logger = logging.getLogger(__name__)
class MailTrackingController(main.MailTrackingController):
def _mail_tracking_mailgun_webhook_verify(self, timestamp, token, signature):
"""Avoid mailgun webhook attacks.
See https://documentation.mailgun.com/en/latest/user_manual.html#securing-webhooks
""" # noqa: E501
# Request cannot be old
processing_time = datetime.utcnow() - datetime.utcfromtimestamp(int(timestamp))
if not timedelta() < processing_time < timedelta(minutes=10):
raise ValidationError(_("Request is too old"))
# Avoid replay attacks
try:
processed_tokens = (
request.env.registry._mail_tracking_mailgun_processed_tokens
)
except AttributeError:
processed_tokens = (
request.env.registry._mail_tracking_mailgun_processed_tokens
) = set()
if token in processed_tokens:
raise ValidationError(_("Request was already processed"))
processed_tokens.add(token)
params = request.env["mail.tracking.email"]._mailgun_values()
# Assert signature
if not params.webhook_signing_key:
_logger.warning(
"Skipping webhook payload verification. "
"Set `mailgun.webhook_signing_key` config parameter to enable"
)
return
hmac_digest = hmac.new(
key=params.webhook_signing_key.encode(),
msg=("{}{}".format(timestamp, token)).encode(),
digestmod=hashlib.sha256,
).hexdigest()
if not hmac.compare_digest(str(signature), str(hmac_digest)):
raise ValidationError(_("Wrong signature"))
@route(["/mail/tracking/mailgun/all"], auth="none", type="json", csrf=False)
def mail_tracking_mailgun_webhook(self):
"""Process webhooks from Mailgun."""
ensure_db()
# Verify and return 406 in case of failure, to avoid retries
# See https://documentation.mailgun.com/en/latest/user_manual.html#routes
try:
self._mail_tracking_mailgun_webhook_verify(
**request.jsonrequest["signature"]
)
except ValidationError as error:
raise NotAcceptable from error
# Process event
request.env["mail.tracking.email"].sudo()._mailgun_event_process(
request.jsonrequest["event-data"],
self._request_metadata(),
)