oncall-engine/engine/apps/twilioapp/views.py

import logging

from django.http import HttpResponse
from rest_framework import status
from rest_framework.permissions import BasePermission
from rest_framework.response import Response
from rest_framework.views import APIView
from twilio.request_validator import RequestValidator

from apps.base.utils import live_settings
from common.api_helpers.utils import create_engine_url

from .gather import process_gather_data
from .status_callback import update_twilio_call_status, update_twilio_sms_status

logger = logging.getLogger(__name__)


class AllowOnlyTwilio(BasePermission):
    # https://www.twilio.com/docs/usage/tutorials/how-to-secure-your-django-project-by-validating-incoming-twilio-requests
    # https://www.django-rest-framework.org/api-guide/permissions/
    def has_permission(self, request, view):
        request_account_sid = request.data.get("AccountSid")
        if not request_account_sid:
            return False

        from apps.twilioapp.models import TwilioAccount

        account = TwilioAccount.objects.filter(account_sid=request_account_sid).first()
        if account:
            return self.validate_request(request, account.account_sid, account.auth_token)

        return self.validate_request(request, live_settings.TWILIO_ACCOUNT_SID, live_settings.TWILIO_AUTH_TOKEN)

    def validate_request(self, request, expected_account_sid, auth_token):
        if auth_token:
            validator = RequestValidator(auth_token)
            location = create_engine_url(request.get_full_path())
            request_valid = validator.validate(
                request.build_absolute_uri(location=location),
                request.POST,
                request.META.get("HTTP_X_TWILIO_SIGNATURE", ""),
            )
            return request_valid
        else:
            return expected_account_sid == request.data["AccountSid"]


class HealthCheckView(APIView):
    def get(self, request):
        return Response("OK")


class GatherView(APIView):
    permission_classes = [AllowOnlyTwilio]

    def post(self, request):
        call_sid = request.POST.get("CallSid")
        digit = request.POST.get("Digits")
        response = process_gather_data(call_sid, digit)
        return HttpResponse(str(response), content_type="application/xml; charset=utf-8")


# Receive SMS Status Update from Twilio
class SMSStatusCallback(APIView):
    permission_classes = [AllowOnlyTwilio]

    def post(self, request):
        message_sid = request.POST.get("MessageSid")
        message_status = request.POST.get("MessageStatus")

        update_twilio_sms_status(message_sid=message_sid, message_status=message_status)
        return Response(data="", status=status.HTTP_204_NO_CONTENT)


# Receive Call Status Update from Twilio
class CallStatusCallback(APIView):
    permission_classes = [AllowOnlyTwilio]

    def post(self, request):
        call_sid = request.POST.get("CallSid")
        call_status = request.POST.get("CallStatus")

        update_twilio_call_status(call_sid=call_sid, call_status=call_status)
        return Response(data="", status=status.HTTP_204_NO_CONTENT)
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`import logging`

			`from django.http import HttpResponse`
			`from rest_framework import status`
			`from rest_framework.permissions import BasePermission`
			`from rest_framework.response import Response`
			`from rest_framework.views import APIView`
			`from twilio.request_validator import RequestValidator`

			`from apps.base.utils import live_settings`
Revert "Revert fix for twilio path prefix, not working needs more testing (#293)" (#296) This reverts commit 573122021b9aa660b0cfe96e805d7550fb77ff3a. 2022-07-26 12:57:39 -06:00			`from common.api_helpers.utils import create_engine_url`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00
Phone provider refactoring (#1713) # What this PR does This PR moves phone notification logic into separate object PhoneBackend and introduces PhoneProvider interface to hide actual implementation of external phone services provider. It should allow add new phone providers just by implementing one class (See SimplePhoneProvider for example). # Why [Asterisk PR](https://github.com/grafana/oncall/pull/1282) showed that our phone notification system is not flexible. However this is one of the most frequent community questions - how to add "X" phone provider. Also, this refactoring move us one step closer to unifying all notification backends, since with PhoneBackend all phone notification logic is collected in one place and independent from concrete realisation. # Highligts 1. PhoneBackend object - contains all phone notifications business logic. 2. PhoneProvider - interface to external phone services provider. 3. TwilioPhoneProvider and SimplePhoneProvider - two examples of PhoneProvider implementation. 4. PhoneCallRecord and SMSRecord models. I introduced these models to keep phone notification limits logic decoupled from external providers. Existing TwilioPhoneCall and TwilioSMS objects will be migrated to the new table to not to reset limits counter. To be able to receive status callbacks and gather from Twilio TwilioPhoneCall and TwilioSMS still exists, but they are linked to PhoneCallRecord and SMSRecord via fk, to not to leat twilio logic into core code. --------- Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2023-05-24 14:27:48 +08:00			`from .gather import process_gather_data`
			`from .status_callback import update_twilio_call_status, update_twilio_sms_status`

World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`logger = logging.getLogger(__name__)`


			`class AllowOnlyTwilio(BasePermission):`
Use same account for status callback when using TwilioSender (#2083) Fixes an issue where if a sender is defined for a certain country code and that sender belongs to a different account than the default from the environment the status callback would get a 443 response from OnCall back to Twilio. Checking permission on status callbacks will now use the same account as was used to send the original message, verify, or make the call. 2023-06-02 11:19:36 -06:00			`# https://www.twilio.com/docs/usage/tutorials/how-to-secure-your-django-project-by-validating-incoming-twilio-requests`
			`# https://www.django-rest-framework.org/api-guide/permissions/`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`def has_permission(self, request, view):`
Use same account for status callback when using TwilioSender (#2083) Fixes an issue where if a sender is defined for a certain country code and that sender belongs to a different account than the default from the environment the status callback would get a 443 response from OnCall back to Twilio. Checking permission on status callbacks will now use the same account as was used to send the original message, verify, or make the call. 2023-06-02 11:19:36 -06:00			`request_account_sid = request.data.get("AccountSid")`
			`if not request_account_sid:`
			`return False`

`apps.get_model` -> `import` (#2619) # What this PR does Remove [`apps.get_model`](https://docs.djangoproject.com/en/3.2/ref/applications/#django.apps.apps.get_model) invocations and use inline `import` statements in places where models are imported within functions/methods to avoid circular imports. I believe `import` statements are more appropriate for most use cases as they allow for better static code analysis & formatting, and solve the issue of circular imports without being unnecessarily dynamic as `apps.get_model`. With `import` statements, it's possible to: - Jump to model definitions in most IDEs - Automatically sort inline imports with `isort` - Find import errors faster/easier (most IDEs highlight broken imports) - Have more consistency across regular & inline imports when importing models This PR also adds a flake8 rule to ban imports of `django.apps.apps`, so it's harder to use `apps.get_model` by mistake (it's possible to ignore this rule by using `# noqa: I251`). The rule is not enforced on directories with migration files, because `apps.get_model` is often used to get a historical state of a model, which is useful when writing migrations ([see this SO answer for more details](https://stackoverflow.com/a/37769213)). So `apps.get_model` is considered OK in migrations (even necessary in some cases). ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) 2023-07-25 10:43:23 +01:00			`from apps.twilioapp.models import TwilioAccount`

Use same account for status callback when using TwilioSender (#2083) Fixes an issue where if a sender is defined for a certain country code and that sender belongs to a different account than the default from the environment the status callback would get a 443 response from OnCall back to Twilio. Checking permission on status callbacks will now use the same account as was used to send the original message, verify, or make the call. 2023-06-02 11:19:36 -06:00			`account = TwilioAccount.objects.filter(account_sid=request_account_sid).first()`
			`if account:`
			`return self.validate_request(request, account.account_sid, account.auth_token)`

			`return self.validate_request(request, live_settings.TWILIO_ACCOUNT_SID, live_settings.TWILIO_AUTH_TOKEN)`

			`def validate_request(self, request, expected_account_sid, auth_token):`
			`if auth_token:`
			`validator = RequestValidator(auth_token)`
Add simple check if using API key instead of AUTH token 2022-11-09 21:52:42 -07:00			`location = create_engine_url(request.get_full_path())`
			`request_valid = validator.validate(`
			`request.build_absolute_uri(location=location),`
			`request.POST,`
			`request.META.get("HTTP_X_TWILIO_SIGNATURE", ""),`
			`)`
			`return request_valid`
			`else:`
Use same account for status callback when using TwilioSender (#2083) Fixes an issue where if a sender is defined for a certain country code and that sender belongs to a different account than the default from the environment the status callback would get a 443 response from OnCall back to Twilio. Checking permission on status callbacks will now use the same account as was used to send the original message, verify, or make the call. 2023-06-02 11:19:36 -06:00			`return expected_account_sid == request.data["AccountSid"]`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00

			`class HealthCheckView(APIView):`
			`def get(self, request):`
			`return Response("OK")`


			`class GatherView(APIView):`
			`permission_classes = [AllowOnlyTwilio]`

			`def post(self, request):`
			`call_sid = request.POST.get("CallSid")`
Phone provider refactoring (#1713) # What this PR does This PR moves phone notification logic into separate object PhoneBackend and introduces PhoneProvider interface to hide actual implementation of external phone services provider. It should allow add new phone providers just by implementing one class (See SimplePhoneProvider for example). # Why [Asterisk PR](https://github.com/grafana/oncall/pull/1282) showed that our phone notification system is not flexible. However this is one of the most frequent community questions - how to add "X" phone provider. Also, this refactoring move us one step closer to unifying all notification backends, since with PhoneBackend all phone notification logic is collected in one place and independent from concrete realisation. # Highligts 1. PhoneBackend object - contains all phone notifications business logic. 2. PhoneProvider - interface to external phone services provider. 3. TwilioPhoneProvider and SimplePhoneProvider - two examples of PhoneProvider implementation. 4. PhoneCallRecord and SMSRecord models. I introduced these models to keep phone notification limits logic decoupled from external providers. Existing TwilioPhoneCall and TwilioSMS objects will be migrated to the new table to not to reset limits counter. To be able to receive status callbacks and gather from Twilio TwilioPhoneCall and TwilioSMS still exists, but they are linked to PhoneCallRecord and SMSRecord via fk, to not to leat twilio logic into core code. --------- Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2023-05-24 14:27:48 +08:00			`digit = request.POST.get("Digits")`
			`response = process_gather_data(call_sid, digit)`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`return HttpResponse(str(response), content_type="application/xml; charset=utf-8")`


			`# Receive SMS Status Update from Twilio`
			`class SMSStatusCallback(APIView):`
			`permission_classes = [AllowOnlyTwilio]`

			`def post(self, request):`
			`message_sid = request.POST.get("MessageSid")`
			`message_status = request.POST.get("MessageStatus")`

Phone provider refactoring (#1713) # What this PR does This PR moves phone notification logic into separate object PhoneBackend and introduces PhoneProvider interface to hide actual implementation of external phone services provider. It should allow add new phone providers just by implementing one class (See SimplePhoneProvider for example). # Why [Asterisk PR](https://github.com/grafana/oncall/pull/1282) showed that our phone notification system is not flexible. However this is one of the most frequent community questions - how to add "X" phone provider. Also, this refactoring move us one step closer to unifying all notification backends, since with PhoneBackend all phone notification logic is collected in one place and independent from concrete realisation. # Highligts 1. PhoneBackend object - contains all phone notifications business logic. 2. PhoneProvider - interface to external phone services provider. 3. TwilioPhoneProvider and SimplePhoneProvider - two examples of PhoneProvider implementation. 4. PhoneCallRecord and SMSRecord models. I introduced these models to keep phone notification limits logic decoupled from external providers. Existing TwilioPhoneCall and TwilioSMS objects will be migrated to the new table to not to reset limits counter. To be able to receive status callbacks and gather from Twilio TwilioPhoneCall and TwilioSMS still exists, but they are linked to PhoneCallRecord and SMSRecord via fk, to not to leat twilio logic into core code. --------- Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2023-05-24 14:27:48 +08:00			`update_twilio_sms_status(message_sid=message_sid, message_status=message_status)`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`return Response(data="", status=status.HTTP_204_NO_CONTENT)`


			`# Receive Call Status Update from Twilio`
			`class CallStatusCallback(APIView):`
			`permission_classes = [AllowOnlyTwilio]`

			`def post(self, request):`
			`call_sid = request.POST.get("CallSid")`
			`call_status = request.POST.get("CallStatus")`

Phone provider refactoring (#1713) # What this PR does This PR moves phone notification logic into separate object PhoneBackend and introduces PhoneProvider interface to hide actual implementation of external phone services provider. It should allow add new phone providers just by implementing one class (See SimplePhoneProvider for example). # Why [Asterisk PR](https://github.com/grafana/oncall/pull/1282) showed that our phone notification system is not flexible. However this is one of the most frequent community questions - how to add "X" phone provider. Also, this refactoring move us one step closer to unifying all notification backends, since with PhoneBackend all phone notification logic is collected in one place and independent from concrete realisation. # Highligts 1. PhoneBackend object - contains all phone notifications business logic. 2. PhoneProvider - interface to external phone services provider. 3. TwilioPhoneProvider and SimplePhoneProvider - two examples of PhoneProvider implementation. 4. PhoneCallRecord and SMSRecord models. I introduced these models to keep phone notification limits logic decoupled from external providers. Existing TwilioPhoneCall and TwilioSMS objects will be migrated to the new table to not to reset limits counter. To be able to receive status callbacks and gather from Twilio TwilioPhoneCall and TwilioSMS still exists, but they are linked to PhoneCallRecord and SMSRecord via fk, to not to leat twilio logic into core code. --------- Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2023-05-24 14:27:48 +08:00			`update_twilio_call_status(call_sid=call_sid, call_status=call_status)`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`return Response(data="", status=status.HTTP_204_NO_CONTENT)`