commit 341aeac1f5d43d09b714d83842b41631a20c518a Author: hiromipaw <hiro@torproject.org> Date: Tue Dec 13 18:22:48 2016 +0100 Cleaning up script and improving gnupg management --- notify.py | 54 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/notify.py b/notify.py index 189ca12..25992d4 100755 --- a/notify.py +++ b/notify.py @@ -2,6 +2,7 @@ import sys import email import re import gnupg +import csv from trac.env import Environment from trac.ticket.model import Ticket from trac.perm import IPermissionRequestor, PermissionCache, PermissionSystem @@ -10,30 +11,39 @@ def read_message(): full_msg = sys.stdin.read() return email.message_from_string("".join(full_msg)) -def verify_email_signature(message): +def verify_email_signature(message, user): gpg = gnupg.GPG(gnupghome='/home/tracadm/.gnupg') - return gpg.verify(message) + verified = gpg.verify(message) + if verified.trust_level is not None and verified.trust_level >= verified.TRUST_UNDEFINED: + with open('bin/map', 'rb') as csvfile: + keysreader = csv.reader(csvfile, delimiter=' ') + for row in keysreader: + k = row[0] + u = row[1].strip() + if k == verified.fingerprint and u == user: + return True def get_message_body(message): - body = "" if message.is_multipart(): + body = '' for payload in message.get_payload(): - body.join(payload.get_payload()) + body = body.join(payload.get_payload()) + return body else: - body.join(message.get_payload()) - - return body + return message.get_payload() def verify_user_permissions(env, user, permission): ps = PermissionSystem(env) permissions_list = ps.get_user_permissions(user) return permissions_list[permission] -def find_or_create_ticket(message, body, env): +def find_or_create_ticket(message, env): # Find the ticket ID if exists summary = message['Subject'] ticket_id = re.search('#(.+?) ', summary) + # Get the message body + body = ''.join(get_message_body(message)) reporter = message['From'] if ticket_id: @@ -57,23 +67,19 @@ def find_or_create_ticket(message, body, env): tkt.insert() # Open logs file -f = open('/home/tracadm/log/test.log', 'w') - -# Define the current trac environment -env = Environment('/current') - -# Build email message -msg = read_message() - -# Get the message body -body = msg.get_payload() +with open('/home/tracadm/log/test.log', 'w') as f: -verified = verify_email_signature(body) + # Define the current trac environment + env = Environment('/current') -if verified.trust_level is not None and verified.trust_level >= verified.TRUST_FULLY: + # Build email message + msg = read_message() - # Find or create ticket - find_or_create_ticket(msg, body, env) + # Read user from email + user = msg['From'].split('@')[0] -# Close log file -f.close + verified = verify_email_signature(msg.as_string(), user) + if verified: + # Find or create ticket + f.write('GPG verified') + find_or_create_ticket(msg, env)