diff --git a/ixc_django_docker/settings/email_bandit.py b/ixc_django_docker/settings/email_bandit.py index 6800027..d540cf0 100644 --- a/ixc_django_docker/settings/email_bandit.py +++ b/ixc_django_docker/settings/email_bandit.py @@ -1,12 +1,19 @@ import os + +# When loaded by django-split-settings __name__ gives us the *includer* file's +# name, not the name of this *included* file. +REAL_MODULE_NAME = ".".join([__package__, "email_bandit"]) + + # Hijack django-post-office backend if project is using that lib... -if 'POST_OFFICE' in locals(): +try: + # Lookup of POST_OFFICE setting should fail if post-office isn't used HIJACKED_EMAIL_BACKEND = POST_OFFICE['BACKENDS']['default'] POST_OFFICE['BACKENDS']['default'] = \ 'ixc_django_docker.bandit.HijackedEmailBackend' # ...otherwise hijack default Django backend -else: +except NameError: HIJACKED_EMAIL_BACKEND = EMAIL_BACKEND EMAIL_BACKEND = 'ixc_django_docker.bandit.HijackedEmailBackend' @@ -22,7 +29,7 @@ ] else: BANDIT_EMAIL = None -print("%s: BANDIT_EMAIL = %r" % (__name__, BANDIT_EMAIL)) +print("%s: BANDIT_EMAIL = %r" % (REAL_MODULE_NAME, BANDIT_EMAIL)) # Whitelist outgoing emails to these specific addresses or domains to let # them through, instead of redirecting them to the BANDIT_EMAIL address. @@ -34,9 +41,27 @@ for wl in os.environ['BANDIT_WHITELIST'].split(',') if wl.strip() ] - print("%s: BANDIT_WHITELIST = %r" % (__name__, BANDIT_WHITELIST)) else: - print("%s: BANDIT_WHITELIST is not set" % __name__) + BANDIT_WHITELIST = [] +print("%s: BANDIT_WHITELIST = %r" % (REAL_MODULE_NAME, BANDIT_WHITELIST)) + +# Print the additional emails whitelisted by Bandit by default, to make it +# clearer that this is what Bandit does. See logic in +# `bandit.backends.base:HijackBackendMixin.send_messages()` +admin_emails = [email for name, email in ADMINS] +extra_whitelisted = admin_emails + [SERVER_EMAIL] +print( + "%s: Emails automatically whitelisted by Bandit, from `settings.ADMINS` and" + " `settings.SERVER_EMAIL` = %r" % (REAL_MODULE_NAME, extra_whitelisted) +) + +# Ensure that BANDIT_EMAIL is set appropriately: it is always required and +# must contain at least one value +if not BANDIT_EMAIL: + raise ValueError( + "BANDIT_EMAIL environment variable must be set with at least one" + " email address. If you do not want to hijack email, remove" + " 'email_bandit.py' from the BASE_SETTINGS environment variable") # Make it clear that emails have been hijacked and from which site. # NOTE: This only applies to emails sent with admin-specific methods: