Storing credentials of your Python programs in the keyring

err_speech

As I introduced in previous posts I’m a happy user of ErrBot (My second bot).
My main concern was to be able to control some functions in some machines without having to connect via ssh or exposing web pages to the world.

I couldn’t feel comfortable with the idea of storing my credentials in the config.py file which is the suggested way to connect to the services with the backend selected (‘username’ and ‘password’).

In order to avoid this I’m proposing here an alternative approach, based on the keyring module. Provided you have it correctly installed, you can store your credentials there and use them from your Python programs. In this case, from ErrBot.

You can see there the way to store your credentials and so on, we will not replicate them here.

Notice that the credentials storage will rely on the operating system and depending on the configuration anybody logged into your account will have access to them without password (you’ll need this if you want a bot that can start in an unattended way). We are only obtaining the added security of not having the credentials stored in the config.py file but not much more.

Then you need to make some changes in the config.py file. First of all, importing the module:

import keyring

Later, before the BOT_IDENTITY section you can add three variables, for the server (needed in order to select the account in the keyring) and the username:

server = 'jabber-fernand0movilizado'
username = 'fernand0movilizado@gmail.com'
password = keyring.get_password(server,username)

Finally, in the BOT_IDENTITY structure, in the backend you have selected, you
can put (XMPP backend, for example):

    'username': username,  # The JID of the user you have created for the bot
    'password': password,       # The corresponding password for this user

In this way when the bot starts it gets the credential from the keyring. You can use a similar approach in your programs and, if you do not need to autostart the program you can protect with a password the keyring entries.

Advertisements

Sending an image by mail in Python

Once we are able to take a picture with our webcam (A camera for my Raspberry Pi ) the next step is to see the picture from wher we are.

There are lots of texts explaining how to configure a web server for this
but I didn’t want to publish a web server with my raspi to the internet.
You’d need to setup the server, open some ports in the router and take into
account the problem of not having a fixed IP.
It found this approach not very robuts.
There is also the possibility of somebody cracking your server and
accessing our network in some way (maybe difficult, but not impossible).

I also evaluated the possibility of sending the images by means of an
instant messaging app but I’m not sure if this can be done, or maybe it is
just that I’ve not been able to find the adequate documentantion, so I
discarded this option.

The final election was the old and reliable email. My bot is going to be
able to get petitions by different ways (XMPP, IRC, …) and it will send
the images as a reply by email.

There are lots of documents explaining how to prepare a message with an
attachment. In fact, I had a program from previous experiments and this was
the one I decided to use.
It can be seen at mail.py.

It basically constructs a message from its components (From, To, Subject, Attachments, …)

It needs some parameters, that need to be configured. The way to do this
is by means of an auxiliar module that is imported at the beginning of the program.

import mailConfig

The only content for this file are the variables whose values need to be
adapted. Our program just reads them (it could of course use them
directly).

destaddr = mailConfig.ADDRESS
fromaddr = mailConfig.FROMADD
toaddrs = mailConfig.TOADDRS
subject = mailConfig.SUBJECT
smtpsrv = mailConfig.SMTPSRV
loginId = mailConfig.LOGINID
loginPw = mailConfig.LOGINPW

imgFile = ‘/tmp/imagen.png’

We are selecting also a default filename for the image, and we can choose a
different one from the command line.

We also setup a default address for sending emails to (destaddr) but we can
also include a different one in the command line (not very robust, there is
not validation of the email address).

From this, we can construct the message.

Detection and filling the parameters for the object we are sending:

format, enc = mimetypes.guess_type(imgFile)
main, sub = format.split('/')
adjunto = MIMEBase(main, sub)

Notice that in this way, the program can be used for sending other files
that need not to be just images.

Now we construct the attachment, with the adequate condification and we
attach it to the message:

adjunto.set_payload(open(imgFile,"rb").read())
Encoders.encode_base64(adjunto)
adjunto.add_header('Content-Disposition', 'attachment; filename="%s"' % imgFile)
mensaje.attach(adjunto)

Finally, we add the other parameters:

mensaje['Subject'] = subject
mensaje['From'] = fromaddr
mensaje['To'] = destaddr
mensaje['Cc'] = toaddrs

The message is empty, it does not contain text (Exercice for the reader:
can you add some text? Something like: ‘This picture was taken on day
xx-xx-xxxx at hh:mm’).

And finally, we send the message (direct negotiation with the smtp server):

server = smtplib.SMTP()

server.connect(smtpsrv)
server.ehlo()
server.starttls()
server.login(loginId, loginPw)
server.sendmail(fromaddr, [destaddr]+[toaddrs], mensaje.as_string(0))
server.quit()

In this way we have a small Python program that will send by mail a file.
We can provide the name of the file in the command line and we can also
provide an email address.
By default it will send a image with the fixed name to the pre-configured
address.
As a sort of backup and logging system the program will always send a copy of the mail to the ‘toaddrs’.

On the configuration side, we need ‘destaddr’, ‘fromaddr’ and ‘toaddrs’ to be valid email addresses.

The server ‘smtpsrv’ can be any server that we can use and the program uses
authenticated sending (and this is the reason for needing the user and
password). For example, we can use the Google servers, and the
configuration would be:

smtpsrv='smtp.gmail.com:587'

And we could use some user and password for a pre-existing account.