Adds a new setting key-expiration-emails to [meta.sr.ht::settings],
which, when enabled, will make metasrht-daily send out reminders for PGP
keys that are about to expire (for now, in a month). Assuming
metasrht-daily is not run more than once day, only a single email will
be sent for each key.
---
v2: changed "to" in subject to "on"
config.example.ini | 4 ++++
metasrht-daily | 41 ++++++++++++++++++++++++++++++++++++++++-
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/config.example.ini b/config.example.ini
index 5a12fdc..89f8b95 100644
--- a/config.example.ini
+++ b/config.example.ini
@@ -157,6 +157,10 @@ registration=no
#
# Where to redirect new users upon registration
onboarding-redirect=http://example.org
+#
+# If "yes", the user will be sent an email reminder if their registered PGP key
+# will expire soon (requires cron to be configured properly).
+key-expiration-emails=no
[meta.sr.ht::aliases]
#
diff --git a/metasrht-daily b/metasrht-daily
index f547102..29f57f9 100755
--- a/metasrht-daily
+++ b/metasrht-daily
@@ -2,7 +2,7 @@
from srht.config import cfg
from srht.database import DbSession
db = DbSession(cfg("meta.sr.ht", "connection-string"))
-from metasrht.types import User, UserType, PaymentInterval
+from metasrht.types import User, UserType, PaymentInterval, PGPKey
db.init()
import sys
@@ -153,3 +153,42 @@ $site_name
user.welcome_emails += 1
db.session.commit()
nsent += 1
+
+if cfg("meta.sr.ht::settings", "key-expiration-emails", default="no") == "yes":
+ print("Sending key expiration emails")
+ keys = (PGPKey.query
+ .filter(PGPKey.expiration < datetime.utcnow() + timedelta(days=31))
+ .filter(PGPKey.expiration > datetime.utcnow() + timedelta(days=30))
+ ).all()
+ nsent = 0
+ for key in keys:
+ user = key.user
+ print(f"Sending to ~{user.username} for key {key.id} ({nsent + 1}/{len(users)})")
+ try:
+ tmpl = Template("""Subject: Your PGP key uploaded on $site_name expires soon
+Reply-To: $owner_name <$owner_email>
+
+Hi ~$username!
+
+This is a once-only reminder that the following PGP key associated with your
+account will expire soon:
+
+Fingerprint: $fingerprint
+Expires: $expiration
+
+--
+$owner_name
+$site_name
+""")
+ rendered = tmpl.substitute(**{
+ 'site_name': site_name,
+ 'owner_name': owner_name,
+ 'owner_email': owner_email,
+ 'username': user.username,
+ 'fingerprint': key.fingerprint_hex,
+ 'expiration': key.expiration,
+ })
+ send_email(user.email, rendered)
+ except:
+ print("Failed")
+ nsent += 1
--
2.43.0
The code that uses it has alway looked for it in [meta.sr.ht::settings],
it was apparently put in the wrong section by accident when it was first
added to the example config.
---
config.example.ini | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/config.example.ini b/config.example.ini
index 89f8b95..3018311 100644
--- a/config.example.ini
+++ b/config.example.ini
@@ -117,11 +117,6 @@ migrate-on-upgrade=yes
#
# The redis connection used for the webhooks worker
webhooks=redis://localhost:6379/1
-#
-# If "yes", the user will be sent the stock sourcehut welcome emails after
-# signup (requires cron to be configured properly). These are specific to the
-# sr.ht instance so you probably want to patch these before enabling this.
-welcome-emails=no
#
# Origin URL for the API
@@ -158,6 +153,11 @@ registration=no
# Where to redirect new users upon registration
onboarding-redirect=http://example.org
#
+# If "yes", the user will be sent the stock sourcehut welcome emails after
+# signup (requires cron to be configured properly). These are specific to the
+# sr.ht instance so you probably want to patch these before enabling this.
+welcome-emails=no
+#
# If "yes", the user will be sent an email reminder if their registered PGP key
# will expire soon (requires cron to be configured properly).
key-expiration-emails=no
--
2.43.0