4.43.0

app/app/dashboard/views/mailbox_detail.py

@@ -11,9 +11,11 @@ from wtforms.fields.html5 import EmailField
 from app.config import ENFORCE_SPF, MAILBOX_SECRET
 from app.config import URL
 from app.dashboard.base import dashboard_bp
+from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
 from app.email_utils import email_can_be_used_as_mailbox
 from app.email_utils import mailbox_already_used, render, send_email
+from app.extensions import limiter
 from app.log import LOG
 from app.models import Alias, AuthorizedAddress
 from app.models import Mailbox
@@ -29,6 +31,8 @@ class ChangeEmailForm(FlaskForm):
 
 @dashboard_bp.route("/mailbox/<int:mailbox_id>/", methods=["GET", "POST"])
 @login_required
+@sudo_required
+@limiter.limit("20/minute", methods=["POST"])
 def mailbox_detail_route(mailbox_id):
     mailbox: Mailbox = Mailbox.get(mailbox_id)
     if not mailbox or mailbox.user_id != current_user.id:
@@ -179,8 +183,15 @@ def mailbox_detail_route(mailbox_id):
 
         elif request.form.get("form-name") == "toggle-pgp":
             if request.form.get("pgp-enabled") == "on":
-                mailbox.disable_pgp = False
-                flash(f"PGP is enabled on {mailbox.email}", "success")
+                if mailbox.is_proton():
+                    mailbox.disable_pgp = True
+                    flash(
+                        "Enabling PGP for a Proton Mail mailbox is redundant and does not add any security benefit",
+                        "info",
+                    )
+                else:
+                    mailbox.disable_pgp = False
+                    flash(f"PGP is enabled on {mailbox.email}", "info")
             else:
                 mailbox.disable_pgp = True
                 flash(f"PGP is disabled on {mailbox.email}", "info")

app/app/dashboard/views/setting.py

@@ -227,6 +227,21 @@ def setting():
             Session.commit()
             flash("Your preference has been updated", "success")
             return redirect(url_for("dashboard.setting"))
+        elif request.form.get("form-name") == "enable_data_breach_check":
+            if not current_user.is_premium():
+                flash("Only premium plan can enable data breach monitoring", "warning")
+                return redirect(url_for("dashboard.setting"))
+            choose = request.form.get("enable_data_breach_check")
+            if choose == "on":
+                LOG.i("User {current_user} has enabled data breach monitoring")
+                current_user.enable_data_breach_check = True
+                flash("Data breach monitoring is enabled", "success")
+            else:
+                LOG.i("User {current_user} has disabled data breach monitoring")
+                current_user.enable_data_breach_check = False
+                flash("Data breach monitoring is disabled", "info")
+            Session.commit()
+            return redirect(url_for("dashboard.setting"))
         elif request.form.get("form-name") == "sender-in-ra":
             choose = request.form.get("enable")
             if choose == "on":