Skip to content

Commit 66a09d8

Browse files
arash77arash77
committed
Make requester_email required and requester_name optional, filled server-side
Both fields are now populated from the authenticated user on the backend (trans.user.email / trans.user.username) rather than from the form payload, preventing spoofing. requester_email is always present for registered users; requester_name is optional since usernames are not always set. - ToolRequestNotificationContent: swap required/optional for the two fields - NotificationCard: always render email, conditionally prepend name - Email templates: same conditional rendering logic - schema.ts: regenerated to match
1 parent 10b2e8e commit 66a09d8

6 files changed

Lines changed: 20 additions & 22 deletions

File tree

client/src/api/notifications.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ export interface ToolRequestNotificationContent {
3737
requested_version?: string;
3838
conda_available?: boolean;
3939
test_data_available?: boolean;
40-
requester_name: string;
41-
requester_email?: string;
40+
requester_name?: string;
41+
requester_email: string;
4242
requester_affiliation?: string;
4343
}
4444

client/src/api/schema/schema.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23737,12 +23737,12 @@ export interface components {
2373723737
* Requester email
2373823738
* @description The email address of the requester for follow-up.
2373923739
*/
23740-
requester_email?: string | null;
23740+
requester_email: string;
2374123741
/**
2374223742
* Requester name
2374323743
* @description The name of the person requesting the tool.
2374423744
*/
23745-
requester_name: string;
23745+
requester_name?: string | null;
2374623746
/**
2374723747
* Scientific domain
2374823748
* @description The scientific domain for the requested tool.

client/src/components/Notifications/NotificationCard.vue

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -204,21 +204,19 @@ function markNotificationAsSeen() {
204204
<dt>Version</dt>
205205
<dd>{{ props.notification.content.requested_version }}</dd>
206206
</template>
207-
<template v-if="props.notification.content.requester_name">
208-
<dt>Requested by</dt>
209-
<dd>
207+
<dt>Requested by</dt>
208+
<dd>
209+
<span v-if="props.notification.content.requester_name">
210210
{{ props.notification.content.requester_name }}
211211
<span v-if="props.notification.content.requester_affiliation">
212212
({{ props.notification.content.requester_affiliation }})
213213
</span>
214-
<span v-if="props.notification.content.requester_email">
215-
&mdash;
216-
<BLink :href="`mailto:${props.notification.content.requester_email}`">
217-
{{ props.notification.content.requester_email }}
218-
</BLink>
219-
</span>
220-
</dd>
221-
</template>
214+
&mdash;
215+
</span>
216+
<BLink :href="`mailto:${props.notification.content.requester_email}`">
217+
{{ props.notification.content.requester_email }}
218+
</BLink>
219+
</dd>
222220
</dl>
223221
</template>
224222
<template v-else>

lib/galaxy/config/templates/mail/notifications/tool_request-email.html

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,9 +96,7 @@
9696
<tr>
9797
<td style="padding: 4px 8px; font-weight: bold; white-space: nowrap;">Requested by</td>
9898
<td style="padding: 4px 8px;">
99-
{{ content['requester_name'] }}
100-
{% if content['requester_affiliation'] %} ({{ content['requester_affiliation'] }}){% endif %}
101-
{% if content['requester_email'] %} &mdash; {{ content['requester_email'] }}{% endif %}
99+
{% if content['requester_name'] %}{{ content['requester_name'] }} &mdash; {% endif %}{{ content['requester_email'] }}{% if content['requester_affiliation'] %} ({{ content['requester_affiliation'] }}){% endif %}
102100
</td>
103101
</tr>
104102
</table>

lib/galaxy/config/templates/mail/notifications/tool_request-email.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ Tool name: {{ content['tool_name'] }}
4545
{% endif %}{% if content['conda_available'] is not none %}Conda pkg: {{ "Yes" if content['conda_available'] else "No" }}
4646
{% endif %}{% if content['test_data_available'] is not none %}Test data: {{ "Yes" if content['test_data_available'] else "No" }}
4747
{% endif %}{% if content['workflow_name'] %}Workflow: {{ content['workflow_name'] }}
48-
{% endif %}Requested by: {{ content['requester_name'] }}{% if content['requester_affiliation'] %} ({{ content['requester_affiliation'] }}){% endif %}{% if content['requester_email'] %} {{ content['requester_email'] }}{% endif %}
48+
{% endif %}Requested by: {% if content['requester_name'] %}{{ content['requester_name'] }} — {% endif %}{{ content['requester_email'] }}{% if content['requester_affiliation'] %} ({{ content['requester_affiliation'] }}){% endif %}
4949

5050
{% if galaxy_url %}
5151
You can review the notification in Galaxy: {{ galaxy_url }}/user/notifications

lib/galaxy/schema/notifications.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -137,9 +137,11 @@ class ToolRequestNotificationContent(Model):
137137
test_data_available: Optional[bool] = Field(
138138
None, title="Test data available", description="Whether test data for this tool is available."
139139
)
140-
requester_name: str = Field(..., title="Requester name", description="The name of the person requesting the tool.")
141-
requester_email: Optional[str] = Field(
142-
None, title="Requester email", description="The email address of the requester for follow-up."
140+
requester_name: Optional[str] = Field(
141+
None, title="Requester name", description="The name of the person requesting the tool."
142+
)
143+
requester_email: str = Field(
144+
..., title="Requester email", description="The email address of the requester for follow-up."
143145
)
144146
requester_affiliation: Optional[str] = Field(
145147
None, title="Requester affiliation", description="The affiliation/lab of the requester."

0 commit comments

Comments
 (0)