feat: Add email handler, Gmail API backend, SSO-LDAP user linking (v0.6.0)

New Features:
- Gmail API email backend with service account support
  - Domain-wide delegation for sending as any user
  - Configure via GMAIL_API settings
  - Install with: pip install django-forms-workflows[gmail]
- Email notification handler for post-submission actions
  - Dynamic recipients via email_to_field (read from form fields)
  - Static recipients, CC support, template-based subject/body
  - Django template support for HTML emails
- SSO → LDAP user linking
  - link_to_existing_user pipeline links SSO users to existing LDAP accounts
  - sync_ldap_groups_on_sso syncs LDAP group memberships for SSO users
  - sync_user_ldap_groups utility function for on-demand sync
  - SAML ACS view updated to link users and sync groups
- Lock mechanism (is_locked) prevents duplicate action execution
- ActionExecutionLog model tracks successful action executions
- New condition operators: greater_than_today, less_than_today, is_today,
  is_empty, is_not_empty, not_contains

Configuration:
  EMAIL_BACKEND = 'django_forms_workflows.email_backends.GmailAPIBackend'
  GMAIL_API = {
      'service_account_base64': 'base64-encoded-credentials',
      'delegated_user': 'noreply@yourdomain.com',
  }
  FORMS_WORKFLOWS_SSO = {
      'link_to_existing_user': True,
      'sync_ldap_groups_on_sso': True,
  }

Author: matteius

django_forms_workflows/__init__.py

@@ -3,7 +3,7 @@
 Enterprise-grade, database-driven form builder with approval workflows
 """
 
-__version__ = "0.5.18"
+__version__ = "0.6.0"
 __author__ = "Django Forms Workflows Contributors"
 __license__ = "LGPL-3.0-only"
 

django_forms_workflows/admin.py

@@ -11,6 +11,7 @@
 from django.utils.html import format_html
 
 from .models import (
+    ActionExecutionLog,
     ApprovalTask,
     AuditLog,
     FileUploadConfig,
@@ -532,15 +533,36 @@ class PostSubmissionActionAdmin(admin.ModelAdmin):
                 ),
             },
         ),
+        (
+            "Email Notification Configuration",
+            {
+                "classes": ("collapse",),
+                "fields": (
+                    ("email_to", "email_to_field"),
+                    ("email_cc", "email_cc_field"),
+                    "email_subject_template",
+                    "email_body_template",
+                    "email_template_name",
+                ),
+                "description": (
+                    "Configure email notifications. Use {field_name} for form field values. "
+                    "email_to_field reads recipient from a form field (e.g., 'instructor_email')."
+                ),
+            },
+        ),
         (
             "Conditional Execution",
             {
                 "classes": ("collapse",),
                 "fields": (
                     "condition_field",
                     ("condition_operator", "condition_value"),
+                    "is_locked",
+                ),
+                "description": (
+                    "Execute this action only when the condition is met. "
+                    "Use is_locked to prevent duplicate executions."
                 ),
-                "description": ("Execute this action only when the condition is met."),
             },
         ),
         (
@@ -568,6 +590,40 @@ class PostSubmissionActionAdmin(admin.ModelAdmin):
     readonly_fields = ("created_at", "updated_at")
 
 
+@admin.register(ActionExecutionLog)
+class ActionExecutionLogAdmin(admin.ModelAdmin):
+    list_display = (
+        "id",
+        "action",
+        "submission",
+        "trigger",
+        "success",
+        "executed_at",
+    )
+    list_filter = ("success", "trigger", "action__action_type")
+    search_fields = (
+        "action__name",
+        "submission__id",
+        "message",
+    )
+    readonly_fields = (
+        "action",
+        "submission",
+        "trigger",
+        "success",
+        "message",
+        "executed_at",
+        "execution_data",
+    )
+    ordering = ("-executed_at",)
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+
 @admin.register(FormSubmission)
 class FormSubmissionAdmin(admin.ModelAdmin):
     list_display = (

django_forms_workflows/email_backends/__init__.py

@@ -0,0 +1,4 @@
+# Email backends for django-forms-workflows
+from .gmail_api import GmailAPIBackend
+
+__all__ = ["GmailAPIBackend"]

django_forms_workflows/email_backends/gmail_api.py

@@ -0,0 +1,219 @@
+"""
+Gmail API Email Backend for Django
+
+This backend sends emails using Google's Gmail API with a service account.
+It supports domain-wide delegation to send emails as any user in the domain.
+
+Configuration in settings.py:
+    EMAIL_BACKEND = 'django_forms_workflows.email_backends.GmailAPIBackend'
+
+    GMAIL_API = {
+        'service_account_json': '/path/to/service-account.json',
+        # OR
+        'service_account_base64': 'base64-encoded-json-credentials',
+
+        'delegated_user': 'noreply@yourdomain.com',  # User to impersonate
+        'scopes': ['https://www.googleapis.com/auth/gmail.send'],
+    }
+
+Requirements:
+    pip install google-auth google-api-python-client
+"""
+
+import base64
+import json
+import logging
+from email.mime.base import MIMEBase
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+from django.conf import settings
+from django.core.mail.backends.base import BaseEmailBackend
+
+logger = logging.getLogger(__name__)
+
+
+def get_gmail_service(config):
+    """
+    Create and return an authenticated Gmail API service.
+
+    Args:
+        config: Dictionary with Gmail API configuration
+
+    Returns:
+        Gmail API service object
+    """
+    try:
+        from google.oauth2 import service_account
+        from googleapiclient.discovery import build
+    except ImportError as err:
+        raise ImportError(
+            "Gmail API backend requires google-auth and google-api-python-client. "
+            "Install with: pip install google-auth google-api-python-client"
+        ) from err
+
+    scopes = config.get("scopes", ["https://www.googleapis.com/auth/gmail.send"])
+    delegated_user = config.get("delegated_user")
+
+    # Load credentials from JSON file or base64-encoded string
+    if "service_account_json" in config:
+        credentials = service_account.Credentials.from_service_account_file(
+            config["service_account_json"], scopes=scopes
+        )
+    elif "service_account_base64" in config:
+        # Decode base64 credentials
+        json_str = base64.b64decode(config["service_account_base64"]).decode("utf-8")
+        service_info = json.loads(json_str)
+        credentials = service_account.Credentials.from_service_account_info(
+            service_info, scopes=scopes
+        )
+    else:
+        raise ValueError(
+            "Gmail API config must include either 'service_account_json' "
+            "or 'service_account_base64'"
+        )
+
+    # Delegate to the specified user (required for sending as that user)
+    if delegated_user:
+        credentials = credentials.with_subject(delegated_user)
+
+    # Build the Gmail service
+    service = build("gmail", "v1", credentials=credentials, cache_discovery=False)
+    return service
+
+
+class GmailAPIBackend(BaseEmailBackend):
+    """
+    Django email backend that sends emails via Gmail API.
+
+    This is more reliable than SMTP for Google Workspace environments
+    and supports domain-wide delegation with service accounts.
+    """
+
+    def __init__(self, fail_silently=False, **kwargs):
+        super().__init__(fail_silently=fail_silently, **kwargs)
+        self.config = getattr(settings, "GMAIL_API", {})
+        self._service = None
+
+    @property
+    def service(self):
+        """Lazy-load the Gmail service."""
+        if self._service is None:
+            self._service = get_gmail_service(self.config)
+        return self._service
+
+    def send_messages(self, email_messages):
+        """
+        Send one or more EmailMessage objects and return the number sent.
+        """
+        if not email_messages:
+            return 0
+
+        sent_count = 0
+        for message in email_messages:
+            try:
+                self._send(message)
+                sent_count += 1
+            except Exception as e:
+                logger.error(f"Failed to send email via Gmail API: {e}")
+                if not self.fail_silently:
+                    raise
+
+        return sent_count
+
+    def _send(self, email_message):
+        """Send a single EmailMessage via Gmail API."""
+        # Convert Django EmailMessage to MIME message
+        mime_message = self._build_mime_message(email_message)
+
+        # Encode the message
+        raw_message = base64.urlsafe_b64encode(mime_message.as_bytes()).decode("utf-8")
+
+        # Send via Gmail API
+        self.service.users().messages().send(
+            userId="me", body={"raw": raw_message}
+        ).execute()
+
+        logger.info(
+            f"Email sent via Gmail API to {', '.join(email_message.to)}: "
+            f"{email_message.subject}"
+        )
+
+    def _build_mime_message(self, email_message):
+        """
+        Convert a Django EmailMessage to a MIME message.
+
+        Handles plain text, HTML, and multipart messages with attachments.
+        """
+        # Check if this is an HTML email or has alternatives
+        has_html = hasattr(email_message, "alternatives") and email_message.alternatives
+        has_attachments = email_message.attachments
+
+        if has_html or has_attachments:
+            # Multipart message
+            if has_attachments:
+                msg = MIMEMultipart("mixed")
+                msg_body = MIMEMultipart("alternative")
+            else:
+                msg = MIMEMultipart("alternative")
+                msg_body = msg
+
+            # Add plain text body
+            msg_body.attach(MIMEText(email_message.body, "plain", "utf-8"))
+
+            # Add HTML alternatives
+            if has_html:
+                for content, mimetype in email_message.alternatives:
+                    if mimetype == "text/html":
+                        msg_body.attach(MIMEText(content, "html", "utf-8"))
+
+            # If we have attachments, add the body part and attachments
+            if has_attachments:
+                msg.attach(msg_body)
+                for attachment in email_message.attachments:
+                    self._add_attachment(msg, attachment)
+        else:
+            # Simple plain text message
+            msg = MIMEText(email_message.body, "plain", "utf-8")
+
+        # Set headers
+        msg["Subject"] = email_message.subject
+        msg["From"] = email_message.from_email
+        msg["To"] = ", ".join(email_message.to)
+
+        if email_message.cc:
+            msg["Cc"] = ", ".join(email_message.cc)
+        if email_message.bcc:
+            msg["Bcc"] = ", ".join(email_message.bcc)
+        if email_message.reply_to:
+            msg["Reply-To"] = ", ".join(email_message.reply_to)
+
+        return msg
+
+    def _add_attachment(self, msg, attachment):
+        """Add an attachment to the MIME message."""
+        if isinstance(attachment, tuple):
+            filename, content, mimetype = attachment
+        else:
+            # MIMEBase attachment
+            msg.attach(attachment)
+            return
+
+        if mimetype is None:
+            mimetype = "application/octet-stream"
+
+        maintype, subtype = mimetype.split("/", 1)
+
+        if maintype == "text":
+            part = MIMEText(content, _subtype=subtype)
+        else:
+            part = MIMEBase(maintype, subtype)
+            if isinstance(content, str):
+                content = content.encode("utf-8")
+            part.set_payload(content)
+            from email import encoders
+
+            encoders.encode_base64(part)
+
+        part.add_header("Content-Disposition", "attachment", filename=filename)
+        msg.attach(part)

django_forms_workflows/handlers/__init__.py

@@ -5,12 +5,14 @@
 - Updating external databases
 - Updating LDAP attributes
 - Making API calls
+- Sending email notifications
 - Running custom Python code
 - File operations (rename, move, copy, delete, webhooks)
 """
 
 from .api_handler import APICallHandler
 from .database_handler import DatabaseUpdateHandler
+from .email_handler import EmailHandler
 from .file_handler import (
     FileHookExecutor,
     FileOperationHandler,
@@ -25,6 +27,7 @@
     "DatabaseUpdateHandler",
     "LDAPUpdateHandler",
     "APICallHandler",
+    "EmailHandler",
     "FileOperationHandler",
     "FilePatternResolver",
     "WebhookHandler",