BLT icon indicating copy to clipboard operation
BLT copied to clipboard
verified publisher icon OWASP-BLT

When someone starts an encrypted chat send the recipient an email with a link to open it

Open DonnieBLT opened this issue 9 months ago β€’ 7 comments

DonnieBLT avatar Mar 08 '25 10:03 DonnieBLT

/assign

rishyym0927 avatar Mar 08 '25 10:03 rishyym0927

Hello @rishyym0927! You've been assigned to OWASP-BLT/BLT issue #3860. You have 24 hours to complete a pull request.

github-actions[bot] avatar Mar 08 '25 10:03 github-actions[bot]

/unassign

rishyym0927 avatar Mar 08 '25 10:03 rishyym0927

You have been unassigned from this issue. It’s now open for others. You can reassign it anytime by typing /assign.

github-actions[bot] avatar Mar 08 '25 10:03 github-actions[bot]

@coderabbit code this solution

igennova avatar Mar 17 '25 20:03 igennova

[!TIP] For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get a high-level overview of the repository structure
find . -type d -name ".git" -prune -o -type d -maxdepth 3 | sort

# Look for files related to encrypted chat
fd -t f -e py -e js "chat|messaging|encrypt" --exec echo {}

# Look for files related to email functionality
fd -t f -e py "email|mail|notification" --exec echo {}

# Let's also look at the issue to understand the requirement better
gh issue view 3860 -R OWASP-BLT/BLT

Length of output: 2023

🏁 Script executed:

#!/bin/bash
# Let's look for chat/messaging/encrypted chat models and views
rg -A 5 -B 5 "class.*Chat" --type py

# Look for any encryption-related code
rg -A 5 -B 5 "encrypt" --type py

# Look for email sender functions/code
rg "send.*email|email.*send" --type py

# Check the email templates directory
find ./website/templates/email -type f | sort

# Let's check the notification signals file as it might be relevant
cat ./website/notification_signals.py

Length of output: 10264

🏁 Script executed:

#!/bin/bash
# Let's look at the models.py file to understand the chat/message models
cat ./website/models.py | grep -A 20 "class Thread" || echo "Thread model not found"
cat ./website/models.py | grep -A 20 "class Message" || echo "Message model not found"

# Let's check how encrypted chats are initiated, looking for views
rg "encrypted.*chat|chat.*encrypt" --type py

# Let's look at any email sending utility functions
rg "def.*email|email.*def" --type py -A 5 -B 5

# Check if we have any chat-related URL routing
rg "path\(.*chat" ./blt/urls.py || echo "No chat paths in main urls.py"
rg "path\(.*chat" ./website/urls.py || echo "No chat paths in website/urls.py"

# Check consumer routing for websockets
cat ./blt/routing.py || echo "routing.py not found"

Length of output: 14685

🏁 Script executed:

#!/bin/bash
# Let's find the chat/messaging views
rg "def.*thread|thread.*def" --type py -A 5 -B 5

# Let's look for any URL patterns related to messaging
cat ./blt/urls.py | grep -i "messaging" || echo "No messaging URLs in main urls.py"

# Let's check if there's a dedicated messaging/chat URLs file
find . -path "*website/*" -name "urls.py" | xargs cat | grep -i "messaging\|chat" || echo "No messaging URLs found in website urls files"

# Let's check views directory for chat-related views
ls -l ./website/views/ || echo "No views directory found"

# Let's check if there's a specific views for messaging/chat
find ./website/views/ -type f | xargs grep -l "thread\|chat\|message" || echo "No messaging views found"

Length of output: 4412

🏁 Script executed:

#!/bin/bash
# Check the user view to examine the start_thread function
cat ./website/views/user.py | grep -A 50 "def start_thread"

# Let's also find how emails are sent in the application
rg "send_mail" --type py -A 3 -B 3

Length of output: 12404

@igennova Based on the repository information I've gathered, I'll implement a solution for sending email notifications when someone starts an encrypted chat. Here's my implementation:

  1. First, let's modify the start_thread function in website/views/user.py to send an email notification:
@login_required
def start_thread(request, user_id):
    if request.method == "POST":
        other_user = get_object_or_404(User, id=user_id)

        # Check if a thread already exists between the two users
        thread = Thread.objects.filter(participants=request.user).filter(participants=other_user).first()

        # Create a new thread if one doesn't exist
        is_new_thread = False
        if not thread:
            # Create a new thread
            thread = Thread.objects.create()
            thread.participants.set([request.user, other_user])  # Use set() for ManyToManyField
            is_new_thread = True

        # If this is a new thread, send an email notification to the recipient
        if is_new_thread and other_user.email:
            # Generate the link to the encrypted chat
            current_site = get_current_site(request)
            chat_url = f"https://{current_site.domain}/messaging/?thread={thread.id}"
            
            # Prepare email content
            subject = f"New encrypted chat from {request.user.username}"
            
            # Render email templates
            context = {
                'sender': request.user.username,
                'recipient': other_user.username,
                'chat_url': chat_url,
                'site_name': current_site.name,
            }
            
            msg_plain = render_to_string('email/new_encrypted_chat.html', context)
            msg_html = render_to_string('email/new_encrypted_chat.html', context)
            
            # Send the email notification
            send_mail(
                subject,
                msg_plain,
                settings.EMAIL_TO_STRING,
                [other_user.email],
                html_message=msg_html
            )

        return JsonResponse({"success": True, "thread_id": thread.id})

    return JsonResponse({"success": False, "error": "Invalid request"}, status=400)
  1. Now, let's create an email template at website/templates/email/new_encrypted_chat.html:
{% extends "email/base_email.html" %}

{% block content %}
<p>Hello {{ recipient }},</p>

<p>{{ sender }} has started a new encrypted chat with you.</p>

<p>To view and respond to this chat, please click the button below:</p>

<a href="{{ chat_url }}" style="background-color:#4CAF50;border:none;color:white;padding:15px 32px;text-align:center;text-decoration:none;display:inline-block;font-size:16px;margin:4px 2px;cursor:pointer;border-radius:5px;">
    Open Encrypted Chat
</a>

<p>Or copy and paste this link into your browser:</p>
<p>{{ chat_url }}</p>

<p>This is a secure, end-to-end encrypted conversation. Your messages are protected and can only be read by you and {{ sender }}.</p>

<p>If you did not expect this chat request, you can safely ignore this email.</p>

<p>Best regards,<br>
{{ site_name }} Team</p>
{% endblock %}

This implementation:

  1. Checks if a new thread is being created (to avoid sending emails for existing conversations)
  2. Generates a direct link to the conversation
  3. Creates an HTML email with a clear call-to-action button
  4. Provides context about the encrypted nature of the conversation

The recipient will receive an email notification with a link that takes them directly to the encrypted chat thread.

coderabbitai[bot] avatar Mar 17 '25 20:03 coderabbitai[bot]

@igennova I have already implemented in my new PR thanks!

krrish-sehgal avatar Mar 17 '25 20:03 krrish-sehgal

/assign

Yu-Hu-1909 avatar Nov 03 '25 15:11 Yu-Hu-1909

Hello @Yu-Hu-1909! You've been assigned to OWASP-BLT/BLT issue #3860. You have 24 hours to complete a pull request.

github-actions[bot] avatar Nov 03 '25 15:11 github-actions[bot]

⏰ This issue has been automatically unassigned from Yu-Hu-1909 due to 24 hours of inactivity. The issue is now available for anyone to work on again.

github-actions[bot] avatar Nov 04 '25 17:11 github-actions[bot]