4.22.5

.drone.yml

@@ -31,9 +31,15 @@ steps:
 
 - name: notify
   image: plugins/slack
+  when:
+    status:
+    - success
+    - failure
   settings:
     webhook: 
       from_secret: slack_webhook
+    icon_url:
+      from_secret: slack_avatar
 
 trigger:
   event:

README.md

@@ -1,7 +1,9 @@
-# Simple Login
-
-This repo exists to automatically capture any releases of the SaaS edition of SimpleLogin. It checks once a day, and builds the latest one automatically if it is newer than the currentlty built version.
-
-This exists to simplify deployment of SimpleLogin in a self-hosted capacity, while also allowing the use of the latest version; SimpleLogin do not provide an up-to-date version for this use.
-
+# Simple Login
+
+[![Build Status](https://drone.mrmeeb.stream/api/badges/MrMeeb/simple-login/status.svg?ref=refs/heads/main)](https://drone.mrmeeb.stream/MrMeeb/simple-login)
+
+This repo exists to automatically capture any releases of the SaaS edition of SimpleLogin. It checks once a day, and builds the latest one automatically if it is newer than the currentlty built version.
+
+This exists to simplify deployment of SimpleLogin in a self-hosted capacity, while also allowing the use of the latest version; SimpleLogin do not provide an up-to-date version for this use.
+
 The image is built for amd64 and arm64 devices.

app/.pre-commit-config.yaml

@@ -21,3 +21,4 @@ repos:
       - id: djlint-jinja
         files: '.*\.html'
         entry: djlint --reformat
+

app/app/account_linking.py

@@ -9,13 +9,17 @@ from newrelic import agent
 from app.db import Session
 from app.email_utils import send_welcome_email
 from app.utils import sanitize_email
-from app.errors import AccountAlreadyLinkedToAnotherPartnerException
+from app.errors import (
+    AccountAlreadyLinkedToAnotherPartnerException,
+    AccountIsUsingAliasAsEmail,
+)
 from app.log import LOG
 from app.models import (
     PartnerSubscription,
     Partner,
     PartnerUser,
     User,
+    Alias,
 )
 from app.utils import random_string
 
@@ -192,11 +196,18 @@ def get_login_strategy(
     return ExistingUnlinkedUserStrategy(link_request, user, partner)
 
 
+def check_alias(email: str) -> bool:
+    alias = Alias.get_by(email=email)
+    if alias is not None:
+        raise AccountIsUsingAliasAsEmail()
+
+
 def process_login_case(
     link_request: PartnerLinkRequest, partner: Partner
 ) -> LinkResult:
     # Sanitize email just in case
     link_request.email = sanitize_email(link_request.email)
+    check_alias(link_request.email)
     # Try to find a SimpleLogin user registered with that partner user id
     partner_user = PartnerUser.get_by(
         partner_id=partner.id, external_user_id=link_request.external_user_id

app/app/admin_model.py

@@ -620,3 +620,8 @@ class MetricAdmin(SLModelView):
     column_exclude_list = ["created_at", "updated_at", "id"]
 
     can_export = True
+
+
+class InvalidMailboxDomainAdmin(SLModelView):
+    can_create = True
+    can_delete = True

app/app/email/status.py

@@ -60,4 +60,5 @@ E522 = (
 )
 E523 = "550 SL E523 Unknown error"
 E524 = "550 SL E524 Wrong use of reverse-alias"
+E525 = "550 SL E525 Alias loop"
 # endregion

app/app/errors.py

@@ -71,7 +71,7 @@ class ErrContactErrorUpgradeNeeded(SLException):
     """raised when user cannot create a contact because the plan doesn't allow it"""
 
     def error_for_user(self) -> str:
-        return f"Please upgrade to premium to create reverse-alias"
+        return "Please upgrade to premium to create reverse-alias"
 
 
 class ErrAddressInvalid(SLException):
@@ -108,3 +108,8 @@ class AccountAlreadyLinkedToAnotherPartnerException(LinkException):
 class AccountAlreadyLinkedToAnotherUserException(LinkException):
     def __init__(self):
         super().__init__("This account is linked to another user")
+
+
+class AccountIsUsingAliasAsEmail(LinkException):
+    def __init__(self):
+        super().__init__("Your account has an alias as it's email address")

app/app/mail_sender.py

@@ -17,7 +17,7 @@ from attr import dataclass
 from app import config
 from app.email import headers
 from app.log import LOG
-from app.message_utils import message_to_bytes
+from app.message_utils import message_to_bytes, message_format_base64_parts
 
 
 @dataclass
@@ -173,8 +173,12 @@ class MailSender:
                 self._save_request_to_unsent_dir(send_request)
                 return False
 
-    def _save_request_to_unsent_dir(self, send_request: SendRequest):
-        file_name = f"DeliveryFail-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
+    def _save_request_to_unsent_dir(
+        self, send_request: SendRequest, prefix: str = "DeliveryFail"
+    ):
+        file_name = (
+            f"{prefix}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
+        )
         file_path = os.path.join(config.SAVE_UNSENT_DIR, file_name)
         file_contents = send_request.to_bytes()
         with open(file_path, "wb") as fd:
@@ -256,7 +260,7 @@ def sl_sendmail(
     send_request = SendRequest(
         envelope_from,
         envelope_to,
-        msg,
+        message_format_base64_parts(msg),
         mail_options,
         rcpt_options,
         is_forward,

app/app/message_utils.py

@@ -1,21 +1,42 @@
+import re
 from email import policy
 from email.message import Message
 
+from app.email import headers
 from app.log import LOG
 
+# Spam assassin might flag as spam with a different line length
+BASE64_LINELENGTH = 76
+
 
 def message_to_bytes(msg: Message) -> bytes:
     """replace Message.as_bytes() method by trying different policies"""
     for generator_policy in [None, policy.SMTP, policy.SMTPUTF8]:
         try:
             return msg.as_bytes(policy=generator_policy)
-        except:
+        except Exception:
             LOG.w("as_bytes() fails with %s policy", policy, exc_info=True)
 
     msg_string = msg.as_string()
     try:
         return msg_string.encode()
-    except:
+    except Exception:
         LOG.w("as_string().encode() fails", exc_info=True)
 
     return msg_string.encode(errors="replace")
+
+
+def message_format_base64_parts(msg: Message) -> Message:
+    for part in msg.walk():
+        if part.get(
+            headers.CONTENT_TRANSFER_ENCODING
+        ) == "base64" and part.get_content_type() in ("text/plain", "text/html"):
+            # Remove line breaks
+            body = re.sub("[\r\n]", "", part.get_payload())
+            # Split in 80 column  lines
+            chunks = [
+                body[i : i + BASE64_LINELENGTH]
+                for i in range(0, len(body), BASE64_LINELENGTH)
+            ]
+            part.set_payload("\r\n".join(chunks))
+    return msg

app/email_handler.py

@@ -693,6 +693,36 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
             LOG.d("%s unverified, do not forward", mailbox)
             ret.append((False, status.E517))
         else:
+            # Check if the mailbox is also an alias and stop the loop
+            mailbox_as_alias = Alias.get_by(email=mailbox.email)
+            if mailbox_as_alias is not None:
+                LOG.info(
+                    f"Mailbox {mailbox.id} has email {mailbox.email} that is also alias {alias.id}. Stopping loop"
+                )
+                mailbox.verified = False
+                Session.commit()
+                mailbox_url = f"{URL}/dashboard/mailbox/{mailbox.id}/"
+                send_email_with_rate_control(
+                    user,
+                    ALERT_MAILBOX_IS_ALIAS,
+                    user.email,
+                    f"Your mailbox {mailbox.email} is an alias",
+                    render(
+                        "transactional/mailbox-invalid.txt.jinja2",
+                        mailbox=mailbox,
+                        mailbox_url=mailbox_url,
+                        alias=alias,
+                    ),
+                    render(
+                        "transactional/mailbox-invalid.html",
+                        mailbox=mailbox,
+                        mailbox_url=mailbox_url,
+                        alias=alias,
+                    ),
+                    max_nb_alert=1,
+                )
+                ret.append((False, status.E525))
+                continue
             # create a copy of message for each forward
             ret.append(
                 forward_email_to_mailbox(
@@ -840,10 +870,12 @@ def forward_email_to_mailbox(
             orig_subject = msg[headers.SUBJECT]
             orig_subject = get_header_unicode(orig_subject)
             add_or_replace_header(msg, "Subject", mailbox.generic_subject)
+            sender = msg[headers.FROM]
+            sender = get_header_unicode(sender)
             msg = add_header(
                 msg,
-                f"""Forwarded by SimpleLogin to {alias.email} with "{orig_subject}" as subject""",
-                f"""Forwarded by SimpleLogin to {alias.email} with <b>{orig_subject}</b> as subject""",
+                f"""Forwarded by SimpleLogin to {alias.email} from "{sender}" with "{orig_subject}" as subject""",
+                f"""Forwarded by SimpleLogin to {alias.email} from "{sender}" with <b>{orig_subject}</b> as subject""",
             )
 
         try:

app/server.py

@@ -44,6 +44,7 @@ from app.admin_model import (
     NewsletterUserAdmin,
     DailyMetricAdmin,
     MetricAdmin,
+    InvalidMailboxDomainAdmin,
 )
 from app.api.base import api_bp
 from app.auth.base import auth_bp
@@ -105,6 +106,7 @@ from app.models import (
     NewsletterUser,
     DailyMetric,
     Metric2,
+    InvalidMailboxDomain,
 )
 from app.monitor.base import monitor_bp
 from app.newsletter_utils import send_newsletter_to_user
@@ -764,6 +766,7 @@ def init_admin(app):
     admin.add_view(NewsletterUserAdmin(NewsletterUser, Session))
     admin.add_view(DailyMetricAdmin(DailyMetric, Session))
     admin.add_view(MetricAdmin(Metric2, Session))
+    admin.add_view(InvalidMailboxDomainAdmin(InvalidMailboxDomain, Session))
 
 
 def register_custom_commands(app):

app/templates/dashboard/alias_contact_manager.html

@@ -50,7 +50,9 @@
         </p>
         <p>
           This Youtube video can also quickly walk you through the steps:
-          <a href="https://www.youtube.com/watch?v=VsypF-DBaow" target="_blank">
+          <a href="https://www.youtube.com/watch?v=VsypF-DBaow"
+             target="_blank"
+             rel="noopener noreferrer">
             How to send emails from an alias <i class="fe fe-external-link"></i>
           </a>
         </p>

app/templates/dashboard/custom_domain.html

@@ -23,7 +23,9 @@
 
         <div class="alert alert-danger" role="alert">
           This feature is only available on Premium plan.
-          <a href="{{ URL }}/dashboard/pricing" target="_blank" rel="noopener">
+          <a href="{{ URL }}/dashboard/pricing"
+             target="_blank"
+             rel="noopener noreferrer">
             Upgrade<i class="fe fe-external-link"></i>
           </a>
         </div>

app/templates/dashboard/domain_detail/auto-create.html

@@ -78,7 +78,7 @@
                 data-clipboard-text=".*suffix">.*suffix</em>
             <br />
             To test out regex, we recommend using regex tester tool like
-            <a href="https://regex101.com" target="_blank">https://regex101.com↗</a>
+            <a href="https://regex101.com" target="_blank" rel="noopener noreferrer">https://regex101.com↗</a>
           </div>
         </div>
         <div class="form-group">

app/templates/dashboard/domain_detail/dns.html

@@ -158,7 +158,7 @@
           SPF
           <a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework"
              target="_blank"
-             rel="noopener">(Wikipedia↗)</a>
+             rel="noopener noreferrer">(Wikipedia↗)</a>
           is an email
           authentication method
           designed to detect forging sender addresses during the delivery of the email.
@@ -229,7 +229,7 @@
           DKIM
           <a href="https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail"
              target="_blank"
-             rel="noopener">(Wikipedia↗)</a>
+             rel="noopener noreferrer">(Wikipedia↗)</a>
           is an
           email
           authentication method
@@ -335,7 +335,7 @@
           DMARC
           <a href="https://en.wikipedia.org/wiki/DMARC"
              target="_blank"
-             rel="noopener">
+             rel="noopener noreferrer">
             (Wikipedia↗)
           </a>
           is designed to protect the domain from unauthorized use, commonly known as email spoofing.

app/templates/dashboard/pricing.html

@@ -72,7 +72,7 @@ PGP Encryption
 </ul>
 <div class="small-text">
 More information on our
-<a href="https://simplelogin.io/pricing" target="_blank" rel="noopener">
+<a href="https://simplelogin.io/pricing" target="_blank" rel="noopener noreferrer">
 Pricing
 Page <i class="fe fe-external-link"></i>
 </a>
@@ -120,7 +120,7 @@ Upgrade your SimpleLogin account
 <div id="normal-upgrade" class="{% if proton_upgrade %} collapse{% endif %}">
 <div class="display-6 my-3">
 🔐 Secure payments by
-<a href="https://paddle.com" target="_blank" rel="noopener">
+<a href="https://paddle.com" target="_blank" rel="noopener noreferrer">
 Paddle <i class="fe fe-external-link"></i>
 </a>
 </div>
@@ -164,13 +164,13 @@ $4/month
 <hr />
 <i class="fa fa-bitcoin"></i>
 Payment via
-<a href="https://commerce.coinbase.com/?lang=en" target="_blank">
+<a href="https://commerce.coinbase.com/?lang=en" target="_blank" rel="noopener noreferrer">
 Coinbase Commerce<i class="fe fe-external-link"></i>
 </a>
 <br />
 Currently Bitcoin, Bitcoin Cash, Dai, Ethereum, Litecoin and USD Coin are supported.
 <br />
-<a class="btn btn-outline-primary" href="{{ url_for('dashboard.coinbase_checkout_route') }}" target="_blank">
+<a class="btn btn-outline-primary" href="{{ url_for('dashboard.coinbase_checkout_route') }}" target="_blank" rel="noopener noreferrer">
 Yearly billing - Crypto
 <br />
 $30/year

app/templates/dashboard/refused_email.html

@@ -17,7 +17,8 @@
     <div class="alert alert-info">
       This page shows all emails that are either refused by your mailbox (bounced) or detected as spams/phishing (quarantine) via our
       <a href="https://simplelogin.io/docs/getting-started/anti-phishing/"
-         target="_blank">anti-phishing program ↗</a>
+         target="_blank"
+         rel="noopener noreferrer">anti-phishing program ↗</a>
       <ul class="p-4 mb-0">
         <li>
           If the email is indeed spam, this means the alias is now in the hands of a spammer,
@@ -26,7 +27,8 @@
         <li>
           If the email isn't spam and your mailbox refuses the email, we recommend to create a <b>filter</b> to avoid your mailbox provider from blocking legitimate emails. Please refer to
           <a href="https://simplelogin.io/docs/getting-started/troubleshooting/#emails-end-up-in-spam"
-             target="_blank">Setting up filter for SimpleLogin emails ↗</a>
+             target="_blank"
+             rel="noopener noreferrer">Setting up filter for SimpleLogin emails ↗</a>
         </li>
         <li>
           If the email is flagged as spams/phishing, this means that the sender explicitly states their emails should respect

app/templates/dashboard/setting.html

@@ -73,7 +73,8 @@
               Yearly plan subscribed with cryptocurrency which expires on
               {{ coinbase_sub.end_at.format("YYYY-MM-DD") }}.
               <a href="{{ url_for('dashboard.coinbase_checkout_route') }}"
-                 target="_blank">
+                 target="_blank"
+                 rel="noopener noreferrer">
                 Extend Subscription <i class="fe fe-external-link"></i>
               </a>
             </div>

app/templates/dashboard/subdomain.html

@@ -25,7 +25,7 @@
           This feature is only available on Premium plan.
           <a href="{{ url_for('dashboard.pricing') }}"
              target="_blank"
-             rel="noopener">
+             rel="noopener noreferrer">
             Upgrade<i class="fe fe-external-link"></i>
           </a>
         </div>

app/templates/developer/client_details/base.html

@@ -33,6 +33,7 @@
       </div>
       <a href="https://docs.simplelogin.io"
          target="_blank"
+         rel="noopener noreferrer"
          class="btn btn-block btn-secondary mt-4">
         Documentation <i class="fe fe-external-link"></i>
       </a>

app/templates/developer/client_details/basic_info.html

@@ -10,7 +10,9 @@
       <h4 class="alert-heading">Well done!</h4>
       <p>
         Please head to our
-        <a href="https://docs.simplelogin.io" target="_blank" rel="noopener">
+        <a href="https://docs.simplelogin.io"
+           target="_blank"
+           rel="noopener noreferrer">
           documentation <i class="fe fe-external-link"></i>
         </a>
         to see how to add SIWSL into your app.

app/templates/developer/index.html

@@ -49,6 +49,7 @@
         <a href="{{ url_for('developer.new_client') }}" class="btn btn-primary">New website</a>
         <a href="https://docs.simplelogin.io"
            target="_blank"
+           rel="noopener noreferrer"
            class="ml-2 btn btn-secondary">
           Docs <i class="fe fe-external-link"></i>
         </a>

app/templates/discover/index.html

@@ -13,7 +13,9 @@
 
       <div class="col-sm-4 col-xl-2">
         <div class="card">
-          <a href="{{ client.home_url }}" target="_blank" rel="noopener">
+          <a href="{{ client.home_url }}"
+             target="_blank"
+             rel="noopener noreferrer">
             <img class="card-img-top" src="{{ client.get_icon_url() }}">
           </a>
           <div class="card-body d-flex flex-column">

app/templates/emails/_emailhelpers.html

@@ -46,7 +46,7 @@ https://litmus.com/blog/a-guide-to-bulletproof-buttons-in-email-design -->
               <a href="{{ link }}"
                  class="f-fallback button"
                  target="_blank"
-                 rel="noopener"
+                 rel="noopener noreferrer"
                  style="color: #FFF;
                         border-color: #3869d4;
                         border-style: solid;

app/templates/footer.html

@@ -145,28 +145,28 @@
         <ul class="list-group list-group-transparent list-group-white list-group-flush list-group-borderless mb-0 footer-list-group">
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn">
               Chrome Extension
             </a>
           </li>
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://addons.mozilla.org/firefox/addon/simplelogin/">
               Firefox Add-on
             </a>
           </li>
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff">
               Edge Add-on
             </a>
           </li>
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://apps.apple.com/app/id1494051017">
               Safari
               Extension
@@ -174,7 +174,7 @@
           </li>
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://apps.apple.com/app/id1494359858">
               iOS
               (App Store)
@@ -182,14 +182,14 @@
           </li>
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://play.google.com/store/apps/details?id=io.simplelogin.android">
               Android (Play Store)
             </a>
           </li>
           <li>
             <a class="list-group-item text-white footer-item "
-               rel="noopener"
+               rel="noopener noreferrer"
                href="https://f-droid.org/en/packages/io.simplelogin.android.fdroid/">
               Android (F-Droid)
             </a>

app/templates/header.html

@@ -75,14 +75,17 @@
             <a href="#" class="dropdown-toggle" data-toggle="dropdown">Help</a>
             <div class="dropdown-menu dropdown-menu-left dropdown-menu-arrow">
               <div class="dropdown-item">
-                <a href="https://simplelogin.io/docs/" target="_blank">
+                <a href="https://simplelogin.io/docs/"
+                   target="_blank"
+                   rel="noopener noreferrer">
                   Docs
                   <i class="fa fa-external-link" aria-hidden="true"></i>
                 </a>
               </div>
               <div class="dropdown-item">
                 <a href="https://github.com/simple-login/app/discussions"
-                   target="_blank">
+                   target="_blank"
+                   rel="noopener noreferrer">
                   Forum
                   <i class="fa fa-external-link" aria-hidden="true"></i>
                 </a>
@@ -94,7 +97,9 @@
           </div>
         {% else %}
           <div class="nav-item">
-            <a href="https://simplelogin.io/docs/" target="_blank">
+            <a href="https://simplelogin.io/docs/"
+               target="_blank"
+               rel="noopener noreferrer">
               Docs
               <i class="fa fa-external-link" aria-hidden="true"></i>
             </a>

app/templates/menu.html

@@ -98,14 +98,17 @@
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Help</a>
         <div class="dropdown-menu dropdown-menu-left dropdown-menu-arrow">
           <div class="dropdown-item">
-            <a href="https://simplelogin.io/docs/" target="_blank">
+            <a href="https://simplelogin.io/docs/"
+               target="_blank"
+               rel="noopener noreferrer">
               Docs
               <i class="fa fa-external-link" aria-hidden="true"></i>
             </a>
           </div>
           <div class="dropdown-item">
             <a href="https://github.com/simple-login/app/discussions"
-               target="_blank">
+               target="_blank"
+               rel="noopener noreferrer">
               Forum
               <i class="fa fa-external-link" aria-hidden="true"></i>
             </a>

app/tests/test_email_handler.py

@@ -368,3 +368,19 @@ def test_send_email_from_non_canonical_matches_already_existing_user(flask_clien
     assert len(email_logs) == 1
     assert email_logs[0].alias_id == alias.id
     assert email_logs[0].mailbox_id == user.default_mailbox_id
+
+
+@mail_sender.store_emails_test_decorator
+def test_break_loop_alias_as_mailbox(flask_client):
+    user = create_new_user()
+    alias = Alias.create_new_random(user)
+    user.default_mailbox.email = alias.email
+    Session.commit()
+    envelope = Envelope()
+    envelope.mail_from = random_email()
+    envelope.rcpt_tos = [alias.email]
+    msg = EmailMessage()
+    msg[headers.TO] = alias.email
+    msg[headers.SUBJECT] = random_string()
+    result = email_handler.handle(envelope, msg)
+    assert result == status.E525

app/tests/test_message_utils.py

@@ -2,7 +2,8 @@ import email
 from app.email_utils import (
     copy,
 )
-from app.message_utils import message_to_bytes
+from app.message_utils import message_to_bytes, message_format_base64_parts
+from tests.utils import load_eml_file
 
 
 def test_copy():
@@ -33,3 +34,13 @@ def test_to_bytes():
 
     msg = email.message_from_string("éèà€")
     assert message_to_bytes(msg).decode() == "\néèà€"
+
+
+def test_base64_line_breaks():
+    msg = load_eml_file("bad_base64format.eml")
+    msg = message_format_base64_parts(msg)
+    for part in msg.walk():
+        if part.get("content-transfer-encoding") == "base64":
+            body = part.get_payload()
+            for line in body.splitlines():
+                assert len(line) <= 76

app/tests/test_utils.py

@@ -66,7 +66,7 @@ def canonicalize_email_cases():
         yield (f"a@{domain}", f"a@{domain}")
         yield (f"a.b@{domain}", f"ab@{domain}")
         yield (f"a.b+c@{domain}", f"ab@{domain}")
-    yield (f"a.b+c@other.com", f"a.b+c@other.com")
+        yield ("a.b+c@other.com", "a.b+c@other.com")
 
 
 @pytest.mark.parametrize("dirty,clean", canonicalize_email_cases())

app/tests/utils.py

@@ -17,7 +17,7 @@ def create_new_user(email: Optional[str] = None, name: Optional[str] = None) ->
     if not email:
         email = f"user_{random_token(10)}@mailbox.test"
     if not name:
-        name = f"Test User"
+        name = "Test User"
     # new user has a different email address
     user = User.create(
         email=email,