I am trying to create a function that only works if an admin user runs it and returns an exception otherwise. However, I'm not entirely sure how to go about getting your own credentials. That is, I simply want to check the current user's access_role.
To get other people's access_role, I could simple run api.User.get_all(), which returns something like this:
{'handle': 'someone#somesite.com', 'name': None, 'access_role': 'st', 'verified': False, 'disabled': False, 'is_admin': False, 'role': None, 'email': 'Someone#SomeSite.com', 'icon': 'https://secure.gravatar.com/avatar/000000000000000000000000000000000?s=00&z=retro'}
The access_role field displays one of 3 options:
adm ~ admin user
st ~ standard user
ro ~ read-only user
What I've been trying to do is to create a get_me() function that takes no parameters and returns all this information, but for whoever is calling it.
As far as the get_me() function goes, I'm having a touch time finding resources online.
# Function that returns the current users information
def get_me():
# If there is a command to do this, I'd put it here...
return api.User.some_command();
Hopefully though, I can apply the end result to a function like delete() as such:
# Deletes a dashboard iff the user is an admin user
def delete(self, idno):
cred = self.get_me();
if cred['access_role'] == 'adm':
print 'Dashboard successfully deleted!'
return api.Dashboard.delete(idno);
else:
print 'Not authorized to delete this Dashboard!'
return api.Dashboard.get(idno);
Does the code have access to the email of the user? If yes, then you should be able to use the single "get user" api and feed the email into it. The response you would get includes lots of interesting stuff for this use-case, like so:
'access_role': 'st', # etc
'disabled': False,
'role': None,
'is_admin': False,
Also, dashboards do have a "permissions" setting with which you can set the dashboards to be "read-only" for anyone who is not the dashboard creator / an admin. That should be set-able via the api too.
The API only verifies through API/ App keys, which are pretty much admin users. There isn't any way to add user-level authentication to the endpoints.
You would need to have some kind of authentication on your end that proves who a user is, then compare that with the admin list on DD, then, if they are legit, call your API script. Maybe skip all that have a machine that only DD admin users can access and run the API script from there.
Citing Google App Engine inter module communication authorization the problem I have is that in the Docs (communication between modules) says:
You can configure any manual or basic scaling module to accept
requests from other modules in your app by restricting its handler to
only allow administrator accounts, specifying login: admin for the
appropriate handler in the module's configuration file. With this
restriction in place, any URLFetch from any other module in the app
will be automatically authenticated by App Engine, and any request
that is not from the application will be rejected.
And this is exactly the configuration I have for my module called "api1". In my app.yaml file I have:
# can accept requests from other modules.
# with login: admin and they are authenticated automatically.
- url: /.*
script: _go_app
login: admin
I'm trying now, from a different module in the same app, to make a service call as suggested in the doc using urfetch.fetch() method, and my implementation is:
from google.appengine.api import urlfetch, modules, app_identity
from rest_framework.response import Response, status
#api_view(['POST'])
def validate_email(request):
url = "http://%s/" % modules.get_hostname(module="api1")
payload = json.dumps({"SOME_KEY":"SOME_VALUE"})
appid = app_identity.get_application_id()
result = urlfetch.fetch(url + "emails/validate/document",
follow_redirects=False,
method=urlfetch.POST,
payload=payload,
headers={"Content-Type":"application/json")
return Response({
'status_code': result.status_code,
'content': result.content
}, status=status.HTTP_200_OK)
According to the documentation, having specified the follow_redirects=False, fetch() will automatically insert an header in my call (I've even tried to add it explicitly) with the "X-Appengine-Inbound-Appid" : MY-APP-ID.
Unfortunately I get as result of the fetch call a 302 redirect, if I follow it, it's a redirect to the authentication form. This occurs in Development server as well as in Production.
Can you please let me know how can I call my api1 service inside my validate_email method (belonging to a different module in the same app)?
Is there another way to authenticate the call since it seems the way suggested inside the documentation is not working?
Thank you
As written here this is a tracked issue now on google appengine public issue tracker. So everyone can go there to check for updates.
In the meanwhile I solved the issue removing the login: admin from the app.yaml and in the handler of my service I've checked manually for the existence of the header X-Appengine-Inbound-Appid and its value.
According to the documentation, if DEBUG is set to False and something is provided under the ADMINS setting, Django will send an email whenever the code raises a 500 status code. I have the email settings filled out properly (as I can use send_mail fine) but whenever I intentionally put up erroneous code I get my 500.html template but no error email is sent. What could cause Django to not do this?
In my case the cause was missing SERVER_EMAIL setting.
The default for SERVER_EMAIL is root#localhost. But many of email servers including
my email provider do not accept emails from such suspicious addresses. They silently drop the emails.
Changing the sender email address to django#my-domain.example solved the problem. In settings.py:
SERVER_EMAIL = 'django#my-domain.example'
Another possibility for error is trouble with your ADMINS setting. The following setting will cause the sending of mail to admins to fail quietly:
ADMINS = (
('your name', 'me#mydomain.example')
)
What's wrong with that? Well ADMINS needs to be a tuple of tuples, so the above needs to be formatted as
ADMINS = (
('your name', 'me#mydomain.example'),
)
Note the trailing comma. Without the failing comma, the 'to' address on the email will be incorrectly formatted (and then probably discarded silently by your SMTP server).
I had the same situation. I created a new project and app and it worked, so I knew it was my code. I tracked it down to the LOGGING dictionary in settings.py. I had made some changes a few weeks back for logging with Sentry, but for some reason the error just started today. I changed back to the original and got it working:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'mail_admins': {
'level': 'ERROR',
'class': 'django.utils.log.AdminEmailHandler'
}
},
'loggers': {
'django.request': {
'handlers': ['mail_admins'],
'level': 'ERROR',
'propagate': True,
},
}
}
Then, I made some changes slowly and got it working with Sentry and emailing the ADMINS as well.
Additionally, the LOGGING configuration gets merged with DEFAULT_LOGGING by default, so it's useful to have a look at the source code of django.utils.log.DEFAULT_LOGGING to understand what else may have an effect on your particular situation.
Make sure your EMAIL_HOST and EMAIL_PORT are set up right in settings.py (these refer to your SMTP server). It might be assuming that you have an SMTP server running on localhost.
To test this locally, run Python's built-in test SMTP server:
python -m smtpd -n -c DebuggingServer localhost:1025
Then set these values in your settings.py
EMAIL_HOST='localhost'
EMAIL_PORT=1025
Trigger a 500 error, and you should see the e-mail appear in the python smtpd terminal window.
My web hosting provider - Webfaction - only allows emails to be sent From an email that has been explicitly created in the administrator panel. Creating one fixed the problem.
Another thing worth noting here is that settings handler500 might bypass the mechanism that sends errors on a 500 if the response from the view doesn't have a status code of 500.
If you have a handler500 set, then in that view respond with something like this.
t = loader.get_template('500.html')
response = HttpResponseServerError(
t.render(RequestContext(request, {'custom_context_var':
'IT BROKE OMG FIRE EVERYONE'})))
response.status_code = 500
return response
Sorry if it is too naive, but in my case the emails were sent but were going directly to the SPAM folder. Before trying more complicated things check your SPAM folder first.
If, for some reason, you set DEBUG_PROPAGATE_EXCEPTIONS to True (it's False by default), email to admin will not work.
Just had the same issue after upgraded to Django 2.1 from Django 1.11. Apparently the ADMINS sections in settings.py has a change. It takes a list of tuples now, rather than the old tuple of tuples. This fixed for me.
##### old #####
ADMINS = (
("Your Name", "your_email#company.example")
)
##### new #####
ADMINS = [
("Your Name", "your_email#company.example")
]
Re: https://docs.djangoproject.com/en/2.1/ref/settings/#admins
Try this
# ./manage shell
>>> from django.core.mail import send_mail
>>> send_mail('Subject here', 'Here is the message.', 'from#example.com',['to#example.com'], fail_silently=False)
With a to#example.com that you actually get email at.
Make sure you have DEBUG = False
This problem annoyed me sufficiently to motivate a post. I provide here the steps I took to resolve this problem (cutting a long story short):
Set-up test page to fail (by re-naming test_template.html)
Check email validations through views for test page in production using send_mail('Hello', 'hello, world', info#xyz.example, [('Name', 'name.name#xyz.example'),], fail_silently=False) where SERVER_EMAIL = info#xyz.example and ADMINS = [('Name', 'name.name#xyz.example'),] in Django settings. In my case, I received the 'hello world' email, but not the Django admin email (which was a pain).
Set-up a simple custom logger to report to a file on the server:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'errors_file': {
'level': 'ERROR',
'class': 'logging.FileHandler',
'filename': 'logs/debug.log',
},
},
'loggers': {
'django': {
'handlers': ['errors_file'],
'level': 'ERROR',
'propagate': True,
},
},
}
In my case, navigating to the test page did not generate output in the debug.log file under the logs directory from my project root directory. This indicates that the logger was failing to reach an ERROR 'level'.
Downgrade the threshold for reporting for the custom logger from ERROR to DEBUG. Now, navigating to the test page should deliver some detail. Inspecting this detail revealed in my case that the default 500 page was re-directed (inadvertedly) to an alternative template file called 500.html. This template file made use of a variable for caching, and as the template was not being called through a view that made the variable available in the context, the cache call failed with a missing key reference. Re-naming 500.html solved my problem.
Although it's been a while, here's my response, so that other people can benefit in the future.
In my case, what was preventing emails to be sent to the ADMINS list, when an error occured, was an application specific setting. I was using django-piston, which provides the setting attributes PISTON_EMAIL_ERRORS and PISTON_DISPLAY_ERRORS. Setting these accordingly, enabled the application server to notify my by mail, whenever piston would crash.
... and then there's the facepalm error, when you've used this in development to prevent emails from going out, and then accidentally copy the setting to production:
# Print emails to console
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
(of course you don't see them being printed to console when using a wsgi server). Removing the setting from production fixed this for me.
And yet another thing that can go wrong (I'll just add it to the list, for those people that end up here despite all the great answers above):
Our django setup used SendGrid as the smtp host and had a single admin email-address defined in the django settings. This worked fine for some time, but at some point, mails stopped arriving.
As it turns out, the mail address ended up in the SendGrid 'Bounced' list for some unknown reason, causing emails to that address to be silently dropped forever after. Removing the address from that list, and whitelisting it, fixed the issue.
If you are using or would want to use SendGrid, use the settings below in production.
Install the package
pip install sendgrid-django
Add these settings in settings.py(production)
DEBUG = False
EMAIL_BACKEND = "sendgrid_backend.SendgridBackend"
SENDGRID_API_KEY = "That you generate in sendgrid account"
ADMINS = (
("Your Name", "your_email#company.example")
)
While likely not ideal, I have found using Gmail as the SMTP host works just fine. There is a useful guide at nathanostgard.com.
Feel free to post your relevant settings.py sections (including EMAIL_*, SERVER_EMAIL, ADMINS (just take out your real email), MANAGERS, and DEBUG) if you want an extra set of eyes to check for typos!
For what it's worth I had this issue and none of these suggestions worked for me. It turns out that my problem was that SERVER_EMAIL was set to an address that the server (Webfaction) didn't recognise. If this site were hosted on Webfaction (as my other sites are), this wouldn't be a problem, but as this was on a different server, the Webfaction servers not only check the authentication of the email being sent, but also the From: value as well.
In my case, it's the include_html in mail_admins.
When I set include_html to True,the email server reject to send my email because it think that my emails are spam.
Everything works just fine when I set include_html to False.
I had the same problem and it turned out the mail server did not have the domain name of the email address. I was trying to send from a registered one (it was a new site for a different part of the business). I used an email address that was already valid under the old domain in SERVER_EMAIL. That resolved my issue.
The below info is given in https://docs.djangoproject.com/en/2.1/howto/error-reporting/#email-reports
EMAIL_HOST = "email host"
EMAIL_HOST_USER = "Email username"
EMAIL_HOST_PASSWORD = "Email Password"
DEBUG = False
ADMINS = (
("Your Name", "your_email#company.example")
)
In order to send email, Django requires a few settings telling it how
to connect to your mail server. At the very least, you’ll need to
specify EMAIL_HOST and possibly EMAIL_HOST_USER and
EMAIL_HOST_PASSWORD, though other settings may be also required
depending on your mail server’s configuration. Consult the Django
settings documentation for a full list of email-related settings.
The setting for server_email has a default of root#localhost but so many email carriers don't accept email from such email_servers and that's why the admin emails is not receiving the emails.
This first answer from this trend helped me
Sending email from DebuggingServer localhost:1025 not working
Or you change your DEFAULT_FROM_EMAIL to something else.