WIP: active-sessions #93586
@ -257,3 +257,42 @@ def check_verification_payload(
|
||||
|
||||
log.debug("verification OK")
|
||||
return VerificationResult.OK, payload
|
||||
|
||||
|
||||
def send_new_user_session(session):
|
||||
if not hasattr(session, 'user'):
|
||||
log.error('programming error: called for a session without a user')
|
||||
return False
|
||||
user = session.user
|
||||
|
||||
# sending only a text/plain email to reduce the room for look-alike phishing emails
|
||||
email_body_txt, subject = construct_new_user_session(session)
|
||||
|
||||
email = user.email
|
||||
try:
|
||||
send_mail(
|
||||
subject,
|
||||
message=email_body_txt,
|
||||
from_email=None, # just use the configured default From-address.
|
||||
recipient_list=[email],
|
||||
fail_silently=False,
|
||||
)
|
||||
except (smtplib.SMTPException, OSError):
|
||||
log.exception("failed to send a new user session email for account %s", user.pk)
|
||||
return False
|
||||
log.info("sent a new user session email for account %s", user.pk)
|
||||
return True
|
||||
|
||||
|
||||
def construct_new_user_session(session):
|
||||
context = {
|
||||
"session": session,
|
||||
"user": session.user,
|
||||
"subject": "Blender ID new sign-in",
|
||||
}
|
||||
|
||||
email_body_txt = loader.render_to_string(
|
||||
"bid_main/emails/new_user_session.txt", context
|
||||
)
|
||||
|
||||
return email_body_txt, context["subject"]
|
||||
|
@ -6,7 +6,7 @@ from django.db.models import F
|
||||
from django.db.models.signals import m2m_changed, post_delete
|
||||
from django.dispatch import receiver
|
||||
|
||||
from . import models
|
||||
from . import email, models
|
||||
import bid_main.utils as utils
|
||||
import bid_main.file_utils
|
||||
|
||||
@ -19,8 +19,8 @@ def log_exception(sender, **kwargs):
|
||||
|
||||
|
||||
@receiver(user_logged_in)
|
||||
def update_user_for_login(sender, request, user, **kwargs):
|
||||
"""Updates user fields upon login.
|
||||
def process_new_login(sender, request, user, **kwargs):
|
||||
"""Updates user fields upon login. Sends an email if IP is new.
|
||||
|
||||
Only saves specific fields, so that the webhook trigger knows what changed.
|
||||
"""
|
||||
@ -33,9 +33,11 @@ def update_user_for_login(sender, request, user, **kwargs):
|
||||
if request_ip and user.current_login_ip != request_ip:
|
||||
user.last_login_ip = F("current_login_ip")
|
||||
user.current_login_ip = request_ip
|
||||
|
||||
fields.update({"last_login_ip", "current_login_ip"})
|
||||
|
||||
try:
|
||||
email.send_new_user_session(request.session.create_model_instance({}))
|
||||
except Exception:
|
||||
log.exception('failed to send a new user session email')
|
||||
user.save(update_fields=fields)
|
||||
|
||||
|
||||
|
16
bid_main/templates/bid_main/emails/new_user_session.txt
Normal file
16
bid_main/templates/bid_main/emails/new_user_session.txt
Normal file
@ -0,0 +1,16 @@
|
||||
{% autoescape off %}
|
||||
Dear {{ user.full_name|default:user.email }}!
|
||||
|
||||
A new sign-in for your Blender ID account {{ user.email }}
|
||||
|
||||
IP address: {{ session.ip }}
|
||||
Location: ({{ session.location }})
|
||||
Device: {{ session.device }}
|
||||
|
||||
If this was you, you can ignore this message.
|
||||
If this wasn't you, please change or reset your password.
|
||||
|
||||
--
|
||||
Kind regards,
|
||||
The Blender Web Team
|
||||
{% endautoescape %}
|
Loading…
Reference in New Issue
Block a user