How to customize email content?

17 views
Skip to first unread message

Charles T

unread,
Feb 22, 2021, 4:54:14 PM2/22/21
to Review Board Development
I'm using ReviewBoard in a place that has to protect access to data.  We want to prevent an accidental slip up from someone typing in protected data into the description or comments of a review and then it getting out via email.  It's OK for the data to be in ReviewBoard.  We cannot allow that data to be emailed out.

So is there a mechanism to allow an extension to completely customize the content of all emails? Is there a pre-existing extension that will simply notify users that a review has changed and needs their attention WITHOUT telling them what changed?

Christian Hammond

unread,
Feb 23, 2021, 6:58:25 AM2/23/21
to reviewb...@googlegroups.com
Hi Charles,

I’m afraid there’s no extension support for customizing emails today, but you can certainly disable email support and then implement your own via an extension. The files in this directory control all the current email behavior:

An extension would use SignalHook to listen to various signals (see __init__.py for the list and what they’re connected to for email) and then would have to duplicate or replace the logic you find in those handles (including the logic in the prepare_* calls).

Most of what’s in there is centered around determine the correct users to send to (which are handled via utility functions your extension could use) and defining context for the built-in email templates (much of which you wouldn’t need if not including the full review/review request information), so it shouldn’t be too much work. 

We’ve had long-term plans to extend the current email hooks to let content and email subjects be modified, but it hasn’t been as high a priority as some other tasks that have kept us busy the past couple years. Given your requirements, short-term, a custom extension implementing its own email behavior will be your best bet.

Christian


On Mon, Feb 22, 2021 at 13:54 Charles T <tull...@gmail.com> wrote:
I'm using ReviewBoard in a place that has to protect access to data.  We want to prevent an accidental slip up from someone typing in protected data into the description or comments of a review and then it getting out via email.  It's OK for the data to be in ReviewBoard.  We cannot allow that data to be emailed out.

So is there a mechanism to allow an extension to completely customize the content of all emails? Is there a pre-existing extension that will simply notify users that a review has changed and needs their attention WITHOUT telling them what changed?

--

---
You received this message because you are subscribed to the Google Groups "Review Board Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard-dev/4ef41ec2-927a-4678-b712-2cc9609ed165n%40googlegroups.com.
--
--
Christian Hammond
President/CEO of Beanbag
Makers of Review Board

Charles T

unread,
Feb 23, 2021, 9:07:20 AM2/23/21
to Review Board Development
I expected this was the case but wanted to check before I went down that rabbit hole.  Thank you for the quick feedback!

Jeremy Eagan

unread,
Apr 19, 2021, 6:18:17 PM4/19/21
to Review Board Development
Christian,

I work with Charles and have been looking into how to implement your suggestion.  One thing I have figure out is how to send encrypted email within our internal email system from python.  I noticed ReviewBoard utilizes djblets to send the emails.  If we allow ReviewBoard to format the emails but encrypt the emails prior to sending, that will meet the requirements for data protections.  I'm having trouble narrowing down where the djblets email mechanism resides and if I can extend it.  




I don't find the call to the EmailMessage.send()

The code I would like to implement would be to catch the email prior to send and utilize my own code to copy over the parameters and send using the encryption logic, sample below.   I don't know if the djblets would be able to handle the send if I just encrypted the text.  

Thanks in advance for any suggestions you have and were to start.
Jeremy

def send_encrypted_email(smtp_server_name, user_from_email, user_to_email, email_subject, email_message):
    pem_key = #... generate the key per our organizational infrastructure ...

    # Create the message to encrypt
    unencrypted_email = [
        'To: ' + user_to_email,
        'From: ' + user_from_email,
        'Subject: ' + email_subject,
        '',
        email_message
    ]

    # Encrypt the message
    encrypted_email = smime.encrypt('\n'.join(unencrypted_email), pem_key)

    # Send the message via local SMTP server.
    with smtplib.SMTP(smtp_server_name) as server:
        server.sendmail(user_from_email, user_to_email, encrypted_email)
        server.quit()

On Tuesday, February 23, 2021 at 5:58:25 AM UTC-6 Christian Hammond wrote:

Christian Hammond

unread,
Apr 19, 2021, 11:32:22 PM4/19/21
to reviewb...@googlegroups.com
Hi Jeremy,

Ah, good news! Mail sending is actually handled by pluggable backends in Django, so you should be able to swap that out and set a new one by defining a backend in some Python module and setting it in settings_local.py:


We don't have any of our own, but you could pull up Django 1.6's e-mail backends for example implementations. It'd probably be a light customization/subclass of the standard one, I'd guess?


Christian


Reply all
Reply to author
Forward
0 new messages