Merge pull request strongdm#314 from strongdm/feat/fix-wrong-sender-email-on-msteams

Fix wrong sender email when using ms teams alternative emails

Author: camposer

e2e/slack/test_accessbot_slack_access.py

@@ -783,7 +783,7 @@ def mocked_testbot(self, testbot, mocked_user_profile):
         config['SENDER_EMAIL_OVERRIDE'] = None
         testbot.bot.sender.userid = 'XXX'
         testbot.bot.find_user_profile = MagicMock(return_value=mocked_user_profile)
-        return inject_config(testbot, config)
+        return inject_config(testbot, config, account_email=alternative_email)
 
     def test_alternative_email(self, mocked_testbot):
         mocked_testbot.push_message("access to Xxx")
@@ -801,7 +801,7 @@ class Test_override_email(ErrBotExtraTestSettings):
     def mocked_testbot(self, testbot):
         config = create_config()
         config['SENDER_EMAIL_OVERRIDE'] = self.override_email
-        return inject_config(testbot, config)
+        return inject_config(testbot, config, account_email=self.override_email)
 
     def test_override_email(self, mocked_testbot):
         mocked_testbot.push_message("access to Xxx")
@@ -822,7 +822,7 @@ def mocked_testbot(self, testbot):
         config['SENDER_EMAIL_OVERRIDE'] = None
         config['SENDER_NICK_OVERRIDE'] = None
         config['EMAIL_SUBADDRESS'] = self.email_subaddress
-        return inject_config(testbot, config, admins=[f'@{account_name}'])
+        return inject_config(testbot, config, admins=[f'@{account_name}'], account_email=self.account_name_with_subaddress)
 
     def test_email_subaddress(self, mocked_testbot):
         mocked_testbot._bot.callback_message = MagicMock(side_effect=callback_message_fn(
@@ -1150,7 +1150,7 @@ def test_dont_delete_account_grant_when_flag_is_disabled(self, mocked_testbot):
 
 # pylint: disable=dangerous-default-value
 def inject_config(testbot, config, admins=["gbin@localhost"], tags={}, resources_by_role=[], account_grant_exists=False,
-                  resources=[], account_tags={}):
+                  resources=[], account_tags={}, account_email=account_name):
     accessbot = testbot.bot.plugin_manager.plugins['AccessBot']
     accessbot.config = config
     # The default implementation is not compatible with the backend identifier.
@@ -1159,8 +1159,9 @@ def inject_config(testbot, config, admins=["gbin@localhost"], tags={}, resources
     accessbot.get_admins = MagicMock(return_value=admins)
     accessbot.get_api_access_key = MagicMock(return_value="api-access_key")
     accessbot.get_api_secret_key = MagicMock(return_value="c2VjcmV0LWtleQ==")  # valid base64 string
-    accessbot.get_sdm_service = MagicMock(
-        return_value=create_sdm_service_mock(tags, resources_by_role, account_grant_exists, resources, account_tags))
+    accessbot.get_sdm_service = MagicMock(return_value=create_sdm_service_mock(
+        tags, resources_by_role, account_grant_exists, resources, account_tags, account_email=account_email
+    ))
     accessbot.get_resource_grant_helper = MagicMock(return_value=create_resource_grant_helper(accessbot))
     accessbot.get_approve_helper = MagicMock(return_value=create_approve_helper(accessbot))
     testbot._bot.init_access_form_bot = MagicMock(return_value=None)
@@ -1174,13 +1175,13 @@ def create_resource_grant_helper(accessbot):
 def create_approve_helper(accessbot):
     return ApproveHelper(accessbot)
 
-def create_sdm_service_mock(tags, resources_by_role, account_grant_exists, resources, account_tags):
+def create_sdm_service_mock(tags, resources_by_role, account_grant_exists, resources, account_tags, account_email=account_name):
     mock = MagicMock()
     if len(resources) > 0:
         mock.get_resource_by_name = MagicMock(side_effect=raise_no_resource_found)
     else:
         mock.get_resource_by_name = MagicMock(return_value=create_resource_mock(tags))
-    mock.get_account_by_email = MagicMock(return_value=create_account_mock(account_tags=account_tags))
+    mock.get_account_by_email = MagicMock(return_value=create_account_mock(account_tags=account_tags, account_email=account_email))
     mock.grant_temporary_access = MagicMock()
     mock.get_all_resources_by_role = MagicMock(return_value=resources_by_role)
     mock.account_grant_exists = MagicMock(return_value=account_grant_exists)

plugins/sdm/accessbot.py

@@ -484,3 +484,6 @@ def __get_account_alternative_emails(self, frm):
 
     def user_is_member_of_channel(self, user, channel):
         return self.__platform.user_is_member_of_channel(user, channel)
+
+    def get_platform(self):
+        return self.__platform

plugins/sdm/lib/helper/approve_helper.py

@@ -31,7 +31,7 @@ def __approve_assign_role(self, grant_request):
             yield str(e)
             return
         self._bot.add_thumbsup_reaction(grant_request['message'])
-        yield from self.__notify_assign_role_request_granted(grant_request['message'], grant_request['sdm_object'].name)
+        yield from self.__notify_assign_role_request_granted(grant_request)
         self._bot.get_metrics_helper().increment_manual_approvals()
 
     def __approve_access_resource(self, grant_request):
@@ -45,7 +45,7 @@ def __approve_access_resource(self, grant_request):
         self.__grant_temporal_access(grant_request['sdm_object'], grant_request['sdm_account'].id, duration)
         self._bot.add_thumbsup_reaction(grant_request['message'])
         self._bot.remove_grant_request(grant_request['id'])
-        yield from self.__notify_access_request_granted(grant_request['message'], resource, duration, needs_renewal)
+        yield from self.__notify_access_request_granted(grant_request, resource, duration, needs_renewal)
         self._bot.get_metrics_helper().increment_manual_approvals()
 
     def __grant_temporal_access_by_role(self, role_name, account_id):
@@ -74,8 +74,9 @@ def __grant_temporal_access(self, resource, account_id: str, duration: str):
         grant_valid_until = grant_start_from + datetime.timedelta(minutes=self.__get_resource_grant_timeout(resource, duration=duration))
         self.__sdm_service.grant_temporary_access(resource.id, account_id, grant_start_from, grant_valid_until)
 
-    def __notify_access_request_granted(self, message, resource, duration: str, is_renewal: bool):
-        sender_email = self._bot.get_sender_email(message.frm)
+    def __notify_access_request_granted(self, grant_request, resource, duration: str, is_renewal: bool):
+        message = grant_request['message']
+        sender_email = grant_request['sdm_account'].email
         sender_nick = self._bot.get_sender_nick(message.frm)
         if duration:
             duration_flag_timedelta = convert_duration_flag_to_timedelta(duration)
@@ -88,8 +89,10 @@ def __notify_access_request_granted(self, message, resource, duration: str, is_r
                                                           ' was created, you might need to reconnect to the resource.')
         yield f"{sender_nick}: Granting {sender_email} access to '{resource.name}' for {grant_timeout} minutes"
 
-    def __notify_assign_role_request_granted(self, message, role_name):
-        sender_email = self._bot.get_sender_email(message.frm)
+    def __notify_assign_role_request_granted(self, grant_request):
+        message = grant_request['message']
+        role_name = grant_request['sdm_object'].name
+        sender_email = grant_request['sdm_account'].email
         sender_nick = self._bot.get_sender_nick(message.frm)
         yield f"{sender_nick}: Granting {sender_email} access to resources in role '{role_name}' for {self._bot.config['GRANT_TIMEOUT']} minutes"
 

plugins/sdm/lib/helper/base_evaluate_request_helper.py

@@ -1,6 +1,7 @@
 import shortuuid
 from abc import ABC, abstractmethod
 
+from ..platform.ms_teams_platform import MSTeamsPlatform
 from ..util import get_approvers_channel
 
 

plugins/sdm/lib/helper/deny_helper.py

@@ -10,7 +10,7 @@ def evaluate(self, request_id, **kwargs):
     def __notify_access_request_denied(self, admin, denial_reason, grant_request):
         requester = grant_request['message'].frm
         sdm_object_name = grant_request['sdm_object'].name
-        sender_email = self._bot.get_sender_email(requester)
+        sender_email = grant_request['sdm_account'].email
         sender_nick = self._bot.get_sender_nick(requester)
         admin_nick = self._bot.get_sender_nick(admin)
         denial_message = f"Your request **{grant_request['id']}** has been denied by admin {admin_nick}"