Browse Source

[REF] mailgun: use regular expression in simple security check, don't verify ssl in requests - there is problems with ssl on mailgun

pull/42/head
Ildar Nasyrov 8 years ago
parent
commit
e918be7d2e
  1. 4
      mailgun/controllers/main.py
  2. 2
      mailgun/models.py

4
mailgun/controllers/main.py

@ -5,6 +5,8 @@ import werkzeug
import email
import requests
import simplejson
import re
class MailMailgun(http.Controller):
@ -12,7 +14,7 @@ class MailMailgun(http.Controller):
def mailgun_notify(self, **kw):
# mailgun notification in json format
message_url = kw.get('message-url')
if not message_url.startswith('https://api.mailgun.net/'):
if not re.match('^https://[^/]*api.mailgun.net/', message_url):
# simple security check failed
raise Exception('wrong message-url')
request.env['mail.thread'].sudo().mailgun_fetch_message(message_url)

2
mailgun/models.py

@ -18,7 +18,7 @@ class MailThread(models.AbstractModel):
@api.model
def mailgun_fetch_message(self, message_url):
api_key = self.env['ir.config_parameter'].sudo().get_param('mailgun.apikey')
res = requests.get(message_url, headers={'Accept': 'message/rfc2822'}, auth=('api', api_key))
res = requests.get(message_url, headers={'Accept': 'message/rfc2822'}, auth=('api', api_key), verify=False)
self.message_process(False, res.json().get('body-mime'))

Loading…
Cancel
Save