pwa: use setting or tenant URL to build VAPID JWT sub mailto claim (#87413)

DEFAULT_FROM_EMAIL is usually not read and only Apple accept an http URL
instead of a mailto: URL.

combo/apps/pwa/signals.py

@@ -23,6 +23,7 @@ import urllib.parse
 import pywebpush
 from django.conf import settings
 from django.core.cache import cache
+from django.db import connection
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 from py_vapid import Vapid
@@ -34,13 +35,25 @@ from .models import PushSubscription, PwaSettings
 logger = logging.getLogger(__name__)
 
 
+def get_sub():
+    webpush_mailto = getattr(settings, 'WEBPUSH_MAILTO', None)
+    if webpush_mailto:
+        return webpush_mailto
+
+    tenant_domain_url = getattr(getattr(connection, 'tenant', None), 'domain_url', None)
+    if tenant_domain_url:
+        return f'mailto:webpush@{tenant_domain_url}'
+
+    return 'mailto:webpush@combo.example.net'
+
+
 def get_vapid_headers(private_key, subscription_info):
     url = urllib.parse.urlparse(subscription_info['endpoint'])
     aud = f'{url.scheme}://{url.netloc}'
 
     key_bytes = private_key.encode('ascii')
 
-    cache_key = 'vapid-headers-' + hashlib.sha256(aud.encode() + key_bytes).hexdigest()
+    cache_key = 'v2-vapid-headers-' + hashlib.sha256(aud.encode() + key_bytes).hexdigest()
     headers = cache.get(cache_key)
     if headers:
         return headers
@@ -50,7 +63,7 @@ def get_vapid_headers(private_key, subscription_info):
     headers = pwa_vapid_private_key.sign(
         {
             'aud': aud,
-            'sub': 'mailto:%s' % settings.DEFAULT_FROM_EMAIL,
+            'sub': get_sub(),
             'exp': int(datetime.datetime.now().timestamp() + 3600 * 24),  # expire after 24 hours
         }
     )