-
Notifications
You must be signed in to change notification settings - Fork 308
Support queueing emails without participants #4548
Conversation
Rebased, was 3d2430c. |
3d2430c
to
b80f821
Compare
Brainstorm: can we decouple participant entirely from the email queue? Is that a cleaner architecture?
|
b80f821
to
4bc67bc
Compare
Participant is related to throttling. I think we might be able to simplify throttling to only be about verified emails, rather than the generic |
Yeah, from a review of |
That means we can resolve #4545, too! |
Alright, let's try to keep this PR focused though ... |
Refactoring throttling will make it easier to extricate |
I've almost got a throttling rewrite done, which I plan to make as a separate PR ahead of this one. But now I think that we actually want both: throttling based on "N per time", and only allowing one open verification at a time. The reason is that we still need to allow resending verification messages, and you can be sure we'll get turkies flooding some poor maintainer with N00 verification resends if we don't throttle that. I guess we could also do that as N resends per address? Anyway, the point is that to implement (some variant) of both protections we'll need to upgrade |
Throttling redo started in #4571. Turning to permanentizing email messages table ... |
Email saving in #4572. |
Throttling redo redone in #4579. In addition to better protection against verification spam/phishing, the other abuse protection we need before we can start mailing just any ol' email address is a blacklist/unsubscribe. |
We should probably treat unsubscribes as locks against claims via that email address across all packages. |
Moving out of review, we need unsubscribe as part of this. We can't start sending messages to random email addresses without an unsubscribe/blacklist mechanism. |
4bc67bc
to
27d4c8f
Compare
I'm seeing confusion in the So far in 27d4c8f on this PR we are bumping I think we need to update the
I'm not sure yet how to think about unsubscribe/blacklisting, but the above should be cleaned up one way or another, maybe in its own PR. |
84350d6
to
c61f4d7
Compare
Interesting! I want to set up fixture using the old API, meaning old code old slug. But no |
Note to self: account for the case where we want to send payday charge notifications but the participant doesn't have an email address on file (cf. gratipay/inside.gratipay.com#1149 (comment)) |
c61f4d7
to
8902792
Compare
Rebased, was c61f4d7. |
84945c1
to
fa6d28f
Compare
8902792
to
83bacdf
Compare
Alright, upon closer inspection, |
And |
We have two presenting use cases for sending email messages to addresses unassociated with a participant:
Under (2) these are going to be system-generated messages, so we don't need to worry about throttling (well, we need to worry a lot about it, but it's on us to throttle ourselves! :D). Under (1) we do want to throttle on the receiver (mailbombing is annoying) but even moreso on the sender (mass-mailbombing is worse, and mass-phishing is worser). That'll probably require logging IPs, out of scope on this PR. |
83bacdf
to
89a3ed3
Compare
fa6d28f
to
93aa1c8
Compare
89a3ed3
to
13a8cc9
Compare
Half-baked notes on my desktop from when I was offline:
|
Crap. Wrong base. :-/ |
So now my options are:
|
I meant @kaguillera, not @dowski. Honest! 🐭 |
Yh umm.. I'm confused - what did you intend to merge this into? |
Yes. |
← "Ready to verify" (#4584)
#4547
Extracted out a few tests from→ Factor out email tests #4570test_email.py
intotest_participant_emails.py
. Now, the tests intest_email.py
only test stuff ingratipay/email.py
email
from withincontext
to a new field in the DB. This helps in visibility + simplifies DB queries and constraintsTodo