Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

16.0 - Migration mail_embed_image #1402

Closed
wants to merge 18 commits into from
Closed

16.0 - Migration mail_embed_image #1402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
583310e
[ADD] mail_embed_image module
Apr 23, 2019
a5497fc
[FIX] solves SMTP line limit error [maximum allowed line length is 998
gfcapalbo Nov 14, 2019
32725e0
[REF] refactor and improvements
gfcapalbo Nov 15, 2019
e290c4e
[FIX]
gfcapalbo Jan 9, 2020
45e109f
[FIX]
gfcapalbo Jan 9, 2020
4ae2560
[add] debug feedback
gfcapalbo Jan 9, 2020
e11fedc
f
gfcapalbo Jan 9, 2020
857d108
[FIX] exacly reproduce super's default values
hbrunn Jan 13, 2020
f05a2ab
[IMP] depend on base
hbrunn Jan 13, 2020
08a7e5c
[FIX] run tests at_install
hbrunn Jan 14, 2020
4178906
[FIX] improve error handling
hbrunn Jan 14, 2020
bc55edf
[FIX] make tests more resilient against different testing envs
hbrunn Jan 14, 2020
bc3323f
[UPD] Update mail_embed_image.pot
oca-travis Apr 23, 2021
14ea417
[UPD] README.rst
OCA-git-bot Apr 23, 2021
8b930f2
Apply dotfiles
TDu Sep 30, 2022
d0f19c2
mail_embed_image 10.0.1.0.1
OCA-git-bot Oct 17, 2022
fe62a97
[UPD] README.rst
OCA-git-bot Sep 3, 2023
8fcc1b9
[16.0][MIG] migrating to 16.0
Jun 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 79 additions & 0 deletions mail_embed_image/README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
================
Mail Embed Image
================

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:a365995cc3558fa6f105e5354c6a4317efd6453f04a5647e0acdff4c5adb3c12
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fsocial-lightgray.png?logo=github
:target: https://github.com/OCA/social/tree/16.0/mail_embed_image
:alt: OCA/social
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/social-16-0/social-16-0-mail_embed_image
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/social&target_branch=16.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

This module finds images attached to outgoing emails and replaces their urls
with cids. This will avoid rendering issues with some email clients.

**Table of contents**

.. contents::
:local:

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/social/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/social/issues/new?body=module:%20mail_embed_image%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* Therp BV

Contributors
~~~~~~~~~~~~

* George Daramouskas <gdaramouskas@therp.nl>
* Giovanni Francesco Capalbo <giovanni@therp.nl>
* Italo LOPES <italo.lopes@camptocamp.com>

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

This module is part of the `OCA/social <https://github.com/OCA/social/tree/16.0/mail_embed_image>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
3 changes: 3 additions & 0 deletions mail_embed_image/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Copyright 2019 Therp BV <https://therp.nl>
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
from . import models
16 changes: 16 additions & 0 deletions mail_embed_image/__manifest__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Copyright 2019 Therp BV <https://therp.nl>
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
{
"name": "Mail Embed Image",
"version": "16.0.1.0.0",
"author": "Therp BV,Odoo Community Association (OCA)",
"license": "AGPL-3",
"category": "Social",
"summary": "Replace img.src's which start with http with inline cids",
"website": "https://github.com/OCA/social",
"depends": [
"web",
],
"installable": True,
"application": False,
}
20 changes: 20 additions & 0 deletions mail_embed_image/i18n/mail_embed_image.pot
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * mail_embed_image
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 10.0\n"
"Report-Msgid-Bugs-To: \n"
"Last-Translator: <>\n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"

#. module: mail_embed_image
#: model:ir.model,name:mail_embed_image.model_ir_mail_server
msgid "ir.mail_server"
msgstr ""

3 changes: 3 additions & 0 deletions mail_embed_image/models/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Copyright 2019 Therp BV <https://therp.nl>
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
from . import ir_mail_server
92 changes: 92 additions & 0 deletions mail_embed_image/models/ir_mail_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
import logging
import uuid
from base64 import b64encode
from email.mime.image import MIMEImage

import requests
from lxml.html import fromstring, tostring

from odoo import models

_logger = logging.getLogger(__name__)


class IrMailServer(models.Model):
_inherit = "ir.mail_server"

def build_email(
self,
email_from,
email_to,
subject,
body,
email_cc=None,
email_bcc=None,
reply_to=False,
attachments=None,
message_id=None,
references=None,
object_id=False,
subtype="plain",
headers=None,
body_alternative=None,
subtype_alternative="plain",
):
fileparts = None
if subtype == "html":
body, fileparts = self._build_email_replace_img_src(body)
result = super(IrMailServer, self).build_email(
email_from=email_from,
email_to=email_to,
subject=subject,
body=body,
email_cc=email_cc,
email_bcc=email_bcc,
reply_to=reply_to,
attachments=attachments,
message_id=message_id,
references=references,
object_id=object_id,
subtype=subtype,
headers=headers,
body_alternative=body_alternative,
subtype_alternative=subtype_alternative,
)
if fileparts:
for fpart in fileparts:
result.attach(fpart)
return result

def _build_email_replace_img_src(self, html_body):
"""Replace img src with base64 encoded image."""
if not html_body:
return html_body

Check warning on line 63 in mail_embed_image/models/ir_mail_server.py

View check run for this annotation

Codecov / codecov/patch

mail_embed_image/models/ir_mail_server.py#L63 

Added line #L63 was not covered by tests

root = fromstring(html_body)
images = root.xpath("//img")
fileparts = []
for img in images:
src = img.get("src")
if src and not src.startswith("data:") and not src.startswith("base64:"):
try:
response = requests.get(src, timeout=10)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the reason the original did the fetching in a somewhat roundabout way is that what you do here allows malicious users to craft emails to themselves and have Odoo fetch arbitrary resources from the internal network. Can be harmless, can be catastrophic depending on what's accessible from there

Copy link

@fliot fliot Aug 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May be harmless or catastrophic...
Yes, probably.
Is functionally really expected, yes too.
Thanks @imlopes for this code.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the feedback @hbrunn @fliot
Im really not very comfortable with this kind of module. I've tried to keep as much as I could the original code but lot of changes between the original version and the new one on odoo side.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well as it is I really don't think it should be published.

But what was the problem? Currently you'd call https://github.com/OCA/OCB/blob/16.0/odoo/addons/base/models/ir_http.py#L95 which relieves you from constructing the routing map yourself, and you only need to create a dummy request bound to the public user in a pretty similar way the v10 version does it

_logger.debug("Fetching image from %s", src)
if response.status_code == 200:
cid = uuid.uuid4().hex
# convert cid to rfc2047 encoding
filename_encoded = "=?utf-8?b?%s?=" % b64encode(
cid.encode("utf-8")
).decode("utf-8")
image_content = response.content
filepart = MIMEImage(image_content)
filepart.add_header("Content-ID", f"<{cid}>")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ask : shall not be the cid.encode("utf-8") ?

filepart.add_header(
"Content-Disposition",
"inline",
filename=filename_encoded,
)
img.set("src", f"cid:{cid}")
fileparts.append(filepart)
except Exception as e:
_logger.warning("Could not get %s: %s", img.get("src"), str(e))
return tostring(root, encoding="unicode"), fileparts
3 changes: 3 additions & 0 deletions mail_embed_image/readme/CONTRIBUTORS.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
* George Daramouskas <gdaramouskas@therp.nl>
* Giovanni Francesco Capalbo <giovanni@therp.nl>
* Italo LOPES <italo.lopes@camptocamp.com>
2 changes: 2 additions & 0 deletions mail_embed_image/readme/DESCRIPTION.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
This module finds images attached to outgoing emails and replaces their urls
with cids. This will avoid rendering issues with some email clients.
Binary file added mail_embed_image/static/description/icon.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading