fleet/kolide/email.go

package kolide

import (
	"fmt"
	"net/http"
	"time"

	"github.com/jordan-wright/email"
	"github.com/kolide/kolide-ose/errors"
	"github.com/spf13/viper"
)

// CampaignStore manages email campaigns in the database
type EmailStore interface {
	CreatePassworResetRequest(userID uint, expires time.Time, token string) (*PasswordResetRequest, error)
	DeletePasswordResetRequest(req *PasswordResetRequest) error
	FindPassswordResetByID(id uint) (*PasswordResetRequest, error)
	FindPassswordResetsByUserID(id uint) ([]*PasswordResetRequest, error)
	FindPassswordResetByToken(token string) (*PasswordResetRequest, error)
	FindPassswordResetByTokenAndUserID(token string, id uint) (*PasswordResetRequest, error)
}

type EmailType int

const (
	PasswordResetEmail EmailType = iota
)

type PasswordResetRequestEmailParameters struct {
	Name  string
	Token string
}

const (
	NoReplyEmailAddress = "no-reply@kolide.co"
)

type SMTPConnectionPool interface {
	Send(e *email.Email, timeout time.Duration) error
	Close()
}

type MockSMTPConnectionPool struct {
	Emails []*email.Email
}

func NewMockSMTPConnectionPool() *MockSMTPConnectionPool {
	return &MockSMTPConnectionPool{}
}

func (pool *MockSMTPConnectionPool) Send(e *email.Email, timeout time.Duration) error {
	pool.Emails = append(pool.Emails, e)
	return nil
}

func (pool *MockSMTPConnectionPool) Close() {}

func SendEmail(pool SMTPConnectionPool, to, subject string, html, text []byte) error {
	e := email.Email{
		From:    fmt.Sprintf("Kolide <%s>", NoReplyEmailAddress),
		To:      []string{to},
		Subject: subject,
		HTML:    html,
		Text:    text,
	}

	err := pool.Send(&e, time.Second*10)
	if err != nil {
		return errors.NewFromError(err, http.StatusInternalServerError, "Email error")
	}

	return nil
}

func GetEmailBody(t EmailType, params interface{}) (html []byte, text []byte, err error) {
	switch t {
	case PasswordResetEmail:
		resetParams, ok := params.(PasswordResetRequestEmailParameters)
		if !ok {
			err = errors.New("Couldn't get email body", "Parameters were of incorrect type")
			return
		}

		html = []byte(fmt.Sprintf(
			"Hi %s! <a href=\"%s/password/reset?token=%s\">Reset your password!</a>",
			resetParams.Name,
			viper.GetString("app.web_address"),
			resetParams.Token,
		))
		text = []byte(fmt.Sprintf(
			"Hi %s! Reset your password: %s/password/reset?token=%s",
			resetParams.Name,
			viper.GetString("app.web_address"),
			resetParams.Token,
		))
	default:
		err = errors.New(
			"Couldn't get email body",
			fmt.Sprintf("Email type unknown: %d", t),
		)
	}
	return
}

func GetEmailSubject(t EmailType) (string, error) {
	switch t {
	case PasswordResetEmail:
		return "Your Kolide Password Reset Request", nil
	default:
		return "", errors.New(
			"Couldn't get email subject",
			fmt.Sprintf("Email type unknown: %d", t),
		)
	}
}

// PasswordResetRequest represents a database table for
// Password Reset Requests
type PasswordResetRequest struct {
	ID        uint `gorm:"primary_key"`
	CreatedAt time.Time
	UpdatedAt time.Time
	ExpiresAt time.Time
	UserID    uint
	Token     string `gorm:"size:1024"`
}

// NewPasswordResetRequest creates a password reset email campaign
func NewPasswordResetRequest(db EmailStore, userID uint, expires time.Time) (*PasswordResetRequest, error) {
	keySize := viper.GetInt("smtp.token_key_size")
	if keySize == 0 {
		keySize = 24
	}
	token, err := generateRandomText(keySize)
	if err != nil {
		return nil, err
	}

	request, err := db.CreatePassworResetRequest(userID, expires, token)
	if err != nil {
		return nil, err
	}

	return request, nil
}
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`package kolide`
Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00
			`import (`
			`"fmt"`
			`"net/http"`
			`"time"`

			`"github.com/jordan-wright/email"`
			`"github.com/kolide/kolide-ose/errors"`
			`"github.com/spf13/viper"`
			`)`

Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// CampaignStore manages email campaigns in the database`
			`type EmailStore interface {`
			`CreatePassworResetRequest(userID uint, expires time.Time, token string) (*PasswordResetRequest, error)`
			`DeletePasswordResetRequest(req *PasswordResetRequest) error`
			`FindPassswordResetByID(id uint) (*PasswordResetRequest, error)`
Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`FindPassswordResetsByUserID(id uint) ([]*PasswordResetRequest, error)`
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`FindPassswordResetByToken(token string) (*PasswordResetRequest, error)`
			`FindPassswordResetByTokenAndUserID(token string, id uint) (*PasswordResetRequest, error)`
			`}`

Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00			`type EmailType int`

			`const (`
			`PasswordResetEmail EmailType = iota`
			`)`

			`type PasswordResetRequestEmailParameters struct {`
			`Name string`
			`Token string`
			`}`

			`const (`
			`NoReplyEmailAddress = "no-reply@kolide.co"`
			`)`

			`type SMTPConnectionPool interface {`
			`Send(e *email.Email, timeout time.Duration) error`
			`Close()`
			`}`

Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`type MockSMTPConnectionPool struct {`
Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00			`Emails []*email.Email`
			`}`

Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`func NewMockSMTPConnectionPool() *MockSMTPConnectionPool {`
			`return &MockSMTPConnectionPool{}`
Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00			`}`

Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`func (pool MockSMTPConnectionPool) Send(e email.Email, timeout time.Duration) error {`
Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00			`pool.Emails = append(pool.Emails, e)`
			`return nil`
			`}`

Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`func (pool *MockSMTPConnectionPool) Close() {}`
Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00
			`func SendEmail(pool SMTPConnectionPool, to, subject string, html, text []byte) error {`
			`e := email.Email{`
			`From: fmt.Sprintf("Kolide <%s>", NoReplyEmailAddress),`
			`To: []string{to},`
			`Subject: subject,`
			`HTML: html,`
			`Text: text,`
			`}`

			`err := pool.Send(&e, time.Second*10)`
			`if err != nil {`
			`return errors.NewFromError(err, http.StatusInternalServerError, "Email error")`
			`}`

			`return nil`
			`}`

			`func GetEmailBody(t EmailType, params interface{}) (html []byte, text []byte, err error) {`
			`switch t {`
			`case PasswordResetEmail:`
Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`resetParams, ok := params.(PasswordResetRequestEmailParameters)`
Email-based password reset (#54) * No more hard deletes * scaffolding for password reset endpoint * Ensure password reset state is accounted for in VC checks * password reset endpoints and data structures * ability to change password with reset token * smtp server connection pool management * stubbing out the sending of the email * adding mailhog via docker * HTML emails with confgurable host name * fixing typo in the comments * Fixing merge which undid DatabaseError replacement * documentation in the readme * webpack shortcut for components * removing a sneaky merge line that snuck in * temporary email content api * tests for password reset flow * fixing go vet * comments and making all db use `&value` rather than `reference` * more correct usage of the errors library and moving email sending to it's own method * using the wrong error * fixing email mock object error * less incorrect error usage * rebasing and merging * http constants for status code * using ParseAndValidateJSON instead of BindJSON * validate instead of binding in struct tags * NewFromError instead of New 2016-08-12 19:20:29 +00:00			`if !ok {`
			`err = errors.New("Couldn't get email body", "Parameters were of incorrect type")`
			`return`
			`}`

			`html = []byte(fmt.Sprintf(`
			`"Hi %s! <a href=\"%s/password/reset?token=%s\">Reset your password!</a>",`
			`resetParams.Name,`
			`viper.GetString("app.web_address"),`
			`resetParams.Token,`
			`))`
			`text = []byte(fmt.Sprintf(`
			`"Hi %s! Reset your password: %s/password/reset?token=%s",`
			`resetParams.Name,`
			`viper.GetString("app.web_address"),`
			`resetParams.Token,`
			`))`
			`default:`
			`err = errors.New(`
			`"Couldn't get email body",`
			`fmt.Sprintf("Email type unknown: %d", t),`
			`)`
			`}`
			`return`
			`}`

			`func GetEmailSubject(t EmailType) (string, error) {`
			`switch t {`
			`case PasswordResetEmail:`
			`return "Your Kolide Password Reset Request", nil`
			`default:`
			`return "", errors.New(`
			`"Couldn't get email subject",`
			`fmt.Sprintf("Email type unknown: %d", t),`
			`)`
			`}`
			`}`
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00
			`// PasswordResetRequest represents a database table for`
			`// Password Reset Requests`
			`type PasswordResetRequest struct {`
			ID uint `gorm:"primary_key"`
			`CreatedAt time.Time`
			`UpdatedAt time.Time`
			`ExpiresAt time.Time`
			`UserID uint`
			Token string `gorm:"size:1024"`
			`}`

			`// NewPasswordResetRequest creates a password reset email campaign`
			`func NewPasswordResetRequest(db EmailStore, userID uint, expires time.Time) (*PasswordResetRequest, error) {`
Integration tests (#90) * tests for auth endpoints * create user test and fatals instead of panics * more tests * remove init viper config setting * stubbing * more tests * more tests * organizing auth and users files * rest of auth tests * password reset tests 2016-08-20 06:56:49 +00:00			`keySize := viper.GetInt("smtp.token_key_size")`
			`if keySize == 0 {`
			`keySize = 24`
			`}`
			`token, err := generateRandomText(keySize)`
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`request, err := db.CreatePassworResetRequest(userID, expires, token)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return request, nil`
			`}`