diff --git a/aleph/templates/email/api_key_generated.html b/aleph/templates/email/api_key_generated.html new file mode 100644 index 0000000000..6a7f29b1df --- /dev/null +++ b/aleph/templates/email/api_key_generated.html @@ -0,0 +1,13 @@ +{% extends "email/layout.html" %} + +{% block content -%} +{% if event == "regenerated" -%} +{% trans -%} +Your API key has been regenerated. If that wasn’t you, please contact an administrator. +{%- endtrans %} +{% else -%} +{% trans -%} +An API key has been generated for your account. If that wasn’t you, please contact an administrator. +{%- endtrans %} +{%- endif %} +{%- endblock %} \ No newline at end of file diff --git a/aleph/templates/email/api_key_generated.txt b/aleph/templates/email/api_key_generated.txt new file mode 100644 index 0000000000..c41534c31d --- /dev/null +++ b/aleph/templates/email/api_key_generated.txt @@ -0,0 +1,13 @@ +{% extends "email/layout.txt" %} + +{% block content -%} +{% if event == "regenerated" -%} +{% trans -%} +Your API key has been regenerated. If that wasn’t you, please contact an administrator. +{%- endtrans %} +{% else -%} +{% trans -%} +An API key has been generated for your account. If that wasn’t you, please contact an administrator. +{%- endtrans %} +{%- endif %} +{%- endblock %} \ No newline at end of file diff --git a/aleph/tests/test_roles_api.py b/aleph/tests/test_roles_api.py index 6ad12a525a..c7086dbf60 100644 --- a/aleph/tests/test_roles_api.py +++ b/aleph/tests/test_roles_api.py @@ -249,6 +249,32 @@ def test_generate_api_key(self): res = self.client.get(url, headers={"Authorization": new_key}) self.assertEqual(res.status_code, 200) + def test_generate_api_key_notification(self): + role, headers = self.login(email="john.doe@example.org") + url = f"/api/2/roles/{role.id}/generate_api_key" + + with mail.record_messages() as outbox: + assert len(outbox) == 0 + self.client.post(url, headers=headers) + assert len(outbox) == 1 + + msg = outbox[0] + assert msg.recipients == ["john.doe@example.org"] + assert msg.subject == "[Aleph] API key generated" + assert "An API key has been generated for your account" in msg.body + assert "An API key has been generated for your account" in msg.html + + with mail.record_messages() as outbox: + assert len(outbox) == 0 + self.client.post(url, headers=headers) + assert len(outbox) == 1 + + msg = outbox[0] + assert msg.recipients == ["john.doe@example.org"] + assert msg.subject == "[Aleph] API key regenerated" + assert "Your API key has been regenerated" in msg.body + assert "Your API key has been regenerated" in msg.html + def test_new_roles_no_api_key(self): SETTINGS.PASSWORD_LOGIN = True email = "john.doe@example.org" diff --git a/aleph/views/roles_api.py b/aleph/views/roles_api.py index a356c4b5f1..1daca7940e 100644 --- a/aleph/views/roles_api.py +++ b/aleph/views/roles_api.py @@ -1,7 +1,7 @@ import logging from banal import ensure_list from flask_babel import gettext -from flask import Blueprint, request +from flask import Blueprint, request, render_template from itsdangerous import BadSignature from werkzeug.exceptions import BadRequest @@ -10,6 +10,7 @@ from aleph.search import QueryParser, DatabaseQueryResult from aleph.model import Role from aleph.logic.roles import challenge_role, update_role, create_user, get_deep_role +from aleph.logic.mail import email_role from aleph.util import is_auto_admin from aleph.views.serializers import RoleSerializer from aleph.views.util import require, jsonify, parse_request, obj_or_404 @@ -270,6 +271,13 @@ def generate_api_key(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) + event = "regenerated" if role.has_api_key else "generated" + params = {"role": role, "event": event} + plain = render_template("email/api_key_generated.txt", **params) + html = render_template("email/api_key_generated.html", **params) + subject = f"API key {event}" + email_role(role, subject, html=html, plain=plain) + role.generate_api_key() db.session.add(role) db.session.commit()