4.31.0

4.30.1
4.30.0
2023-06-30 11:00:06 +00:00 · 2023-06-28 11:00:03 +00:00 · 2023-06-27 11:00:04 +00:00 · 2023-06-07 11:00:05 +00:00 · 2023-06-01 11:00:05 +00:00 · 2023-05-16 11:00:09 +00:00
79 changed files with 12936 additions and 323701 deletions
--- a/app/CONTRIBUTING.md
+++ b/app/CONTRIBUTING.md
@ -34,7 +34,7 @@ poetry install
 On Mac, sometimes you might need to install some other packages via `brew`:
 ```bash
-brew install pkg-config libffi openssl postgresql
+brew install pkg-config libffi openssl postgresql@13
 ```
 You also need to install `gpg` tool, on Mac it can be done with:
--- a/app/Dockerfile
+++ b/app/Dockerfile
@ -23,10 +23,10 @@ COPY poetry.lock pyproject.toml ./
 # Install and setup poetry
 RUN pip install -U pip \
    && apt-get update \
-    && apt install -y curl netcat gcc python3-dev gnupg git libre2-dev \
+    && apt install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev \
    && curl -sSL https://install.python-poetry.org | python3 - \
    # Remove curl and netcat from the image
-    && apt-get purge -y curl netcat \
+    && apt-get purge -y curl netcat-traditional \
    # Run poetry
    && poetry config virtualenvs.create false \
    && poetry install  --no-interaction --no-ansi --no-root \
--- a/app/app/account_linking.py
+++ b/app/app/account_linking.py
@ -207,13 +207,14 @@ def process_login_case(
 ) -> LinkResult:
    # Sanitize email just in case
    link_request.email = sanitize_email(link_request.email)
    check_alias(link_request.email)
    # Try to find a SimpleLogin user registered with that partner user id
    partner_user = PartnerUser.get_by(
        partner_id=partner.id, external_user_id=link_request.external_user_id
    )
    if partner_user is None:
        # We didn't find any SimpleLogin user registered with that partner user id
        # Make sure they aren't using an alias as their link email
        check_alias(link_request.email)
        # Try to find it using the partner's e-mail address
        user = User.get_by(email=link_request.email)
        return get_login_strategy(link_request, user, partner).process()
--- a/app/app/alias_suffix.py
+++ b/app/app/alias_suffix.py
@ -6,8 +6,7 @@ from typing import Optional
 import itsdangerous
 from app import config
 from app.log import LOG
-from app.models import User
+from app.models import User, AliasOptions, SLDomain
 signer = itsdangerous.TimestampSigner(config.CUSTOM_ALIAS_SECRET)
@ -43,7 +42,9 @@ def check_suffix_signature(signed_suffix: str) -> Optional[str]:
        return None
-def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
+def verify_prefix_suffix(
    user: User, alias_prefix, alias_suffix, alias_options: Optional[AliasOptions] = None
 ) -> bool:
    """verify if user could create an alias with the given prefix and suffix"""
    if not alias_prefix or not alias_suffix:  # should be caught on frontend
        return False
@ -56,7 +57,7 @@ def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
    alias_domain_prefix, alias_domain = alias_suffix.split("@", 1)
    # alias_domain must be either one of user custom domains or built-in domains
-    if alias_domain not in user.available_alias_domains():
+    if alias_domain not in user.available_alias_domains(alias_options=alias_options):
        LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
        return False
@ -64,7 +65,7 @@ def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
    # 1) alias_suffix must start with "." and
    # 2) alias_domain_prefix must come from the word list
    if (
-        alias_domain in user.available_sl_domains()
+        alias_domain in user.available_sl_domains(alias_options=alias_options)
        and alias_domain not in user_custom_domains
        # when DISABLE_ALIAS_SUFFIX is true, alias_domain_prefix is empty
        and not config.DISABLE_ALIAS_SUFFIX
@ -80,14 +81,18 @@ def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
                return False
-            if alias_domain not in user.available_sl_domains():
+            if alias_domain not in user.available_sl_domains(
                alias_options=alias_options
            ):
                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
                return False
    return True
-def get_alias_suffixes(user: User) -> [AliasSuffix]:
+def get_alias_suffixes(
    user: User, alias_options: Optional[AliasOptions] = None
 ) -> [AliasSuffix]:
    """
    Similar to as get_available_suffixes() but also return custom domain that doesn't have MX set up.
    """
@ -99,7 +104,9 @@ def get_alias_suffixes(user: User) -> [AliasSuffix]:
    # for each user domain, generate both the domain and a random suffix version
    for custom_domain in user_custom_domains:
        if custom_domain.random_prefix_generation:
-            suffix = "." + user.get_random_alias_suffix() + "@" + custom_domain.domain
+            suffix = (
                f".{user.get_random_alias_suffix(custom_domain)}@{custom_domain.domain}"
            )
            alias_suffix = AliasSuffix(
                is_custom=True,
                suffix=suffix,
@ -113,7 +120,7 @@ def get_alias_suffixes(user: User) -> [AliasSuffix]:
            else:
                alias_suffixes.append(alias_suffix)
-        suffix = "@" + custom_domain.domain
+        suffix = f"@{custom_domain.domain}"
        alias_suffix = AliasSuffix(
            is_custom=True,
            suffix=suffix,
@ -134,16 +141,13 @@ def get_alias_suffixes(user: User) -> [AliasSuffix]:
            alias_suffixes.append(alias_suffix)
    # then SimpleLogin domain
-    for sl_domain in user.get_sl_domains():
+    sl_domains = user.get_sl_domains(alias_options=alias_options)
-        suffix = (
+    default_domain_found = False
-            (
+    for sl_domain in sl_domains:
-                ""
+        prefix = (
-                if config.DISABLE_ALIAS_SUFFIX
+            "" if config.DISABLE_ALIAS_SUFFIX else f".{user.get_random_alias_suffix()}"
                else "." + user.get_random_alias_suffix()
            )
            + "@"
            + sl_domain.domain
        )
        suffix = f"{prefix}@{sl_domain.domain}"
        alias_suffix = AliasSuffix(
            is_custom=False,
            suffix=suffix,
@ -152,11 +156,36 @@ def get_alias_suffixes(user: User) -> [AliasSuffix]:
            domain=sl_domain.domain,
            mx_verified=True,
        )
-
+        # No default or this is not the default
-        # put the default domain to top
+        if (
-        if user.default_alias_public_domain_id == sl_domain.id:
+            user.default_alias_public_domain_id is None
-            alias_suffixes.insert(0, alias_suffix)
+            or user.default_alias_public_domain_id != sl_domain.id
-        else:
+        ):
            alias_suffixes.append(alias_suffix)
        else:
            default_domain_found = True
            alias_suffixes.insert(0, alias_suffix)
    if not default_domain_found:
        domain_conditions = {"id": user.default_alias_public_domain_id, "hidden": False}
        if not user.is_premium():
            domain_conditions["premium_only"] = False
        sl_domain = SLDomain.get_by(**domain_conditions)
        if sl_domain:
            prefix = (
                ""
                if config.DISABLE_ALIAS_SUFFIX
                else f".{user.get_random_alias_suffix()}"
            )
            suffix = f"{prefix}@{sl_domain.domain}"
            alias_suffix = AliasSuffix(
                is_custom=False,
                suffix=suffix,
                signed_suffix=signer.sign(suffix).decode(),
                is_premium=sl_domain.premium_only,
                domain=sl_domain.domain,
                mx_verified=True,
            )
            alias_suffixes.insert(0, alias_suffix)
    return alias_suffixes
--- a/app/app/alias_utils.py
+++ b/app/app/alias_utils.py
@ -57,6 +57,8 @@ def get_user_if_alias_would_auto_create(
    domain_and_rule = check_if_alias_can_be_auto_created_for_custom_domain(
        address, notify_user=notify_user
    )
    if DomainDeletedAlias.get_by(email=address):
        return None
    if domain_and_rule:
        return domain_and_rule[0].user
    directory = check_if_alias_can_be_auto_created_for_a_directory(
--- a/app/app/api/views/apple.py
+++ b/app/app/api/views/apple.py
@ -9,6 +9,7 @@ from requests import RequestException
 from app.api.base import api_bp, require_api_auth
 from app.config import APPLE_API_SECRET, MACAPP_APPLE_API_SECRET
 from app.subscription_webhook import execute_subscription_webhook
 from app.db import Session
 from app.log import LOG
 from app.models import PlanEnum, AppleSubscription
@ -50,6 +51,7 @@ def apple_process_payment():
    apple_sub = verify_receipt(receipt_data, user, password)
    if apple_sub:
        execute_subscription_webhook(user)
        return jsonify(ok=True), 200
    return jsonify(error="Processing failed"), 400
@ -282,6 +284,7 @@ def apple_update_notification():
            apple_sub.plan = plan
            apple_sub.product_id = transaction["product_id"]
            Session.commit()
            execute_subscription_webhook(user)
            return jsonify(ok=True), 200
        else:
            LOG.w(
@ -554,6 +557,7 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
            product_id=latest_transaction["product_id"],
        )
    execute_subscription_webhook(user)
    Session.commit()
    return apple_sub
--- a/app/app/api/views/auth.py
+++ b/app/app/api/views/auth.py
@ -357,7 +357,7 @@ def auth_payload(user, device) -> dict:
@api_bp.route("/auth/forgot_password", methods=["POST"])
-@limiter.limit("10/minute")
+@limiter.limit("2/minute")
 def forgot_password():
    """
    User forgot password
--- a/app/app/api/views/user_info.py
+++ b/app/app/api/views/user_info.py
@ -1,4 +1,5 @@
 import base64
 import dataclasses
 from io import BytesIO
 from typing import Optional
@ -7,6 +8,7 @@ from flask import jsonify, g, request, make_response
 from app import s3, config
 from app.api.base import api_bp, require_api_auth
 from app.config import SESSION_COOKIE_NAME
 from app.dashboard.views.index import get_stats
 from app.db import Session
 from app.models import ApiKey, File, PartnerUser, User
 from app.proton.utils import get_proton_partner
@ -136,3 +138,22 @@ def logout():
    response.delete_cookie(SESSION_COOKIE_NAME)
    return response
@api_bp.route("/stats")
@require_api_auth
 def user_stats():
    """
    Return stats
    Output as json
    - nb_alias
    - nb_forward
    - nb_reply
    - nb_block
    """
    user = g.user
    stats = get_stats(user)
    return jsonify(dataclasses.asdict(stats))
--- a/app/app/auth/views/forgot_password.py
+++ b/app/app/auth/views/forgot_password.py
@ -1,4 +1,4 @@
-from flask import request, render_template, redirect, url_for, flash, g
+from flask import request, render_template, flash, g
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators
@ -16,7 +16,7 @@ class ForgotPasswordForm(FlaskForm):
@auth_bp.route("/forgot_password", methods=["GET", "POST"])
@limiter.limit(
-    "10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
+    "10/hour", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
 )
 def forgot_password():
    form = ForgotPasswordForm(request.form)
@ -37,6 +37,5 @@ def forgot_password():
        if user:
            LOG.d("Send forgot password email to %s", user)
            send_reset_password_email(user)
            return redirect(url_for("auth.forgot_password"))
    return render_template("auth/forgot_password.html", form=form)
--- a/app/app/auth/views/reset_password.py
+++ b/app/app/auth/views/reset_password.py
@ -60,8 +60,8 @@ def reset_password():
        # this can be served to activate user too
        user.activated = True
-        # remove the reset password code
+        # remove all reset password codes
-        ResetPasswordCode.delete(reset_password_code.id)
+        ResetPasswordCode.filter_by(user_id=user.id).delete()
        # change the alternative_id to log user out on other browsers
        user.alternative_id = str(uuid.uuid4())
--- a/app/app/config.py
+++ b/app/app/config.py
@ -357,6 +357,7 @@ ALERT_COMPLAINT_TRANSACTIONAL_PHASE = "alert_complaint_transactional_phase"
 ALERT_QUARANTINE_DMARC = "alert_quarantine_dmarc"
 ALERT_DUAL_SUBSCRIPTION_WITH_PARTNER = "alert_dual_sub_with_partner"
 ALERT_WARN_MULTIPLE_SUBSCRIPTIONS = "alert_multiple_subscription"
 # <<<<< END ALERT EMAIL >>>>
@ -531,3 +532,6 @@ if ENABLE_ALL_REVERSE_ALIAS_REPLACEMENT:
 SKIP_MX_LOOKUP_ON_CHECK = False
 DISABLE_RATE_LIMIT = "DISABLE_RATE_LIMIT" in os.environ
 SUBSCRIPTION_CHANGE_WEBHOOK = os.environ.get("SUBSCRIPTION_CHANGE_WEBHOOK", None)
 MAX_API_KEYS = int(os.environ.get("MAX_API_KEYS", 30))
--- a/app/app/dashboard/views/alias_contact_manager.py
+++ b/app/app/dashboard/views/alias_contact_manager.py
@ -90,7 +90,7 @@ def create_contact(user: User, alias: Alias, contact_address: str) -> Contact:
        alias_id=alias.id,
        website_email=contact_email,
        name=contact_name,
-        reply_email=generate_reply_email(contact_email, user),
+        reply_email=generate_reply_email(contact_email, alias),
    )
    LOG.d(
--- a/app/app/dashboard/views/alias_transfer.py
+++ b/app/app/dashboard/views/alias_transfer.py
@ -215,6 +215,12 @@ def alias_transfer_receive_route():
            token,
        )
        transfer(alias, current_user, mailboxes)
        # reset transfer token
        alias.transfer_token = None
        alias.transfer_token_expiration = None
        Session.commit()
        flash(f"You are now owner of {alias.email}", "success")
        return redirect(url_for("dashboard.index", highlight_alias_id=alias.id))
--- a/app/app/dashboard/views/api_key.py
+++ b/app/app/dashboard/views/api_key.py
@ -3,9 +3,11 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators
 from app import config
 from app.dashboard.base import dashboard_bp
 from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
 from app.extensions import limiter
 from app.models import ApiKey
 from app.utils import CSRFValidationForm
@ -14,9 +16,32 @@ class NewApiKeyForm(FlaskForm):
    name = StringField("Name", validators=[validators.DataRequired()])
 def clean_up_unused_or_old_api_keys(user_id: int):
    total_keys = ApiKey.filter_by(user_id=user_id).count()
    # Remove oldest unused
    for api_key in (
        ApiKey.filter_by(user_id=user_id, last_used=None)
        .order_by(ApiKey.created_at.asc())
        .all()
    ):
        Session.delete(api_key)
        total_keys -= 1
        if total_keys <= config.MAX_API_KEYS:
            return
    # Clean up oldest used
    for api_key in (
        ApiKey.filter_by(user_id=user_id).order_by(ApiKey.last_used.asc()).all()
    ):
        Session.delete(api_key)
        total_keys -= 1
        if total_keys <= config.MAX_API_KEYS:
            return
@dashboard_bp.route("/api_key", methods=["GET", "POST"])
@login_required
@sudo_required
@limiter.limit("10/hour")
 def api_key():
    api_keys = (
        ApiKey.filter(ApiKey.user_id == current_user.id)
@ -50,6 +75,7 @@ def api_key():
        elif request.form.get("form-name") == "create":
            if new_api_key_form.validate():
                clean_up_unused_or_old_api_keys(current_user.id)
                new_api_key = ApiKey.create(
                    name=new_api_key_form.name.data, user_id=current_user.id
                )
--- a/app/app/dashboard/views/coupon.py
+++ b/app/app/dashboard/views/coupon.py
@ -68,9 +68,14 @@ def coupon_route():
                )
                return redirect(request.url)
-            coupon.used_by_user_id = current_user.id
+            updated = (
-            coupon.used = True
+                Session.query(Coupon)
-            Session.commit()
+                .filter_by(code=code, used=False)
                .update({"used_by_user_id": current_user.id, "used": True})
            )
            if updated != 1:
                flash("Coupon is not valid", "error")
                return redirect(request.url)
            manual_sub: ManualSubscription = ManualSubscription.get_by(
                user_id=current_user.id
--- a/app/app/dashboard/views/custom_alias.py
+++ b/app/app/dashboard/views/custom_alias.py
@ -120,18 +120,11 @@ def custom_alias():
                    email=full_alias
                )
                custom_domain = domain_deleted_alias.domain
-                if domain_deleted_alias.user_id == current_user.id:
+                flash(
-                    flash(
+                    f"You have deleted this alias before. You can restore it on "
-                        f"You have deleted this alias before. You can restore it on "
+                    f"{custom_domain.domain} 'Deleted Alias' page",
-                        f"{custom_domain.domain} 'Deleted Alias' page",
+                    "error",
-                        "error",
+                )
                    )
                else:
                    # should never happen as user can only choose their domains
                    LOG.e(
                        "Deleted Alias %s does not belong to user %s",
                        domain_deleted_alias,
                    )
            elif DeletedAlias.get_by(email=full_alias):
                flash(general_error_msg, "error")
--- a/app/app/dashboard/views/mailbox.py
+++ b/app/app/dashboard/views/mailbox.py
@ -1,3 +1,7 @@
 import base64
 import binascii
 import json
 import arrow
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user
@ -180,7 +184,9 @@ def mailbox_route():
 def send_verification_email(user, mailbox):
    s = TimestampSigner(MAILBOX_SECRET)
-    mailbox_id_signed = s.sign(str(mailbox.id)).decode()
+    encoded_data = json.dumps([mailbox.id, mailbox.email]).encode("utf-8")
    b64_data = base64.urlsafe_b64encode(encoded_data)
    mailbox_id_signed = s.sign(b64_data).decode()
    verification_url = (
        URL + "/dashboard/mailbox_verify" + f"?mailbox_id={mailbox_id_signed}"
    )
@ -205,22 +211,34 @@ def send_verification_email(user, mailbox):
@dashboard_bp.route("/mailbox_verify")
 def mailbox_verify():
    s = TimestampSigner(MAILBOX_SECRET)
-    mailbox_id = request.args.get("mailbox_id")
+    mailbox_verify_request = request.args.get("mailbox_id")
    try:
-        r_id = int(s.unsign(mailbox_id, max_age=900))
+        mailbox_raw_data = s.unsign(mailbox_verify_request, max_age=900)
    except Exception:
        flash("Invalid link. Please delete and re-add your mailbox", "error")
        return redirect(url_for("dashboard.mailbox_route"))
-    else:
+    try:
-        mailbox = Mailbox.get(r_id)
+        decoded_data = base64.urlsafe_b64decode(mailbox_raw_data)
-        if not mailbox:
+    except binascii.Error:
-            flash("Invalid link", "error")
+        flash("Invalid link. Please delete and re-add your mailbox", "error")
-            return redirect(url_for("dashboard.mailbox_route"))
+        return redirect(url_for("dashboard.mailbox_route"))
    mailbox_data = json.loads(decoded_data)
    if not isinstance(mailbox_data, list) or len(mailbox_data) != 2:
        flash("Invalid link. Please delete and re-add your mailbox", "error")
        return redirect(url_for("dashboard.mailbox_route"))
    mailbox_id = mailbox_data[0]
    mailbox = Mailbox.get(mailbox_id)
    if not mailbox:
        flash("Invalid link", "error")
        return redirect(url_for("dashboard.mailbox_route"))
    mailbox_email = mailbox_data[1]
    if mailbox_email != mailbox.email:
        flash("Invalid link", "error")
        return redirect(url_for("dashboard.mailbox_route"))
-        mailbox.verified = True
+    mailbox.verified = True
-        Session.commit()
+    Session.commit()
-        LOG.d("Mailbox %s is verified", mailbox)
+    LOG.d("Mailbox %s is verified", mailbox)
-        return render_template("dashboard/mailbox_validation.html", mailbox=mailbox)
+    return render_template("dashboard/mailbox_validation.html", mailbox=mailbox)
--- a/app/app/dashboard/views/pricing.py
+++ b/app/app/dashboard/views/pricing.py
@ -80,8 +80,9 @@ def pricing():
@dashboard_bp.route("/subscription_success")
@login_required
 def subscription_success():
-    flash("Thanks so much for supporting SimpleLogin!", "success")
+    return render_template(
-    return redirect(url_for("dashboard.index"))
+        "dashboard/thank-you.html",
    )
@dashboard_bp.route("/coinbase_checkout")
--- a/app/app/dashboard/views/setting.py
+++ b/app/app/dashboard/views/setting.py
@ -198,6 +198,16 @@ def setting():
                        )
                        return redirect(url_for("dashboard.setting"))
                    if current_user.profile_picture_id is not None:
                        current_profile_file = File.get_by(
                            id=current_user.profile_picture_id
                        )
                        if (
                            current_profile_file is not None
                            and current_profile_file.user_id == current_user.id
                        ):
                            s3.delete(current_profile_file.path)
                    file_path = random_string(30)
                    file = File.create(user_id=current_user.id, path=file_path)
@ -451,8 +461,13 @@ def send_change_email_confirmation(user: User, email_change: EmailChange):
@dashboard_bp.route("/resend_email_change", methods=["GET", "POST"])
@limiter.limit("5/hour")
@login_required
 def resend_email_change():
    form = CSRFValidationForm()
    if not form.validate():
        flash("Invalid request. Please try again", "warning")
        return redirect(url_for("dashboard.setting"))
    email_change = EmailChange.get_by(user_id=current_user.id)
    if email_change:
        # extend email change expiration
@ -472,6 +487,10 @@ def resend_email_change():
@dashboard_bp.route("/cancel_email_change", methods=["GET", "POST"])
@login_required
 def cancel_email_change():
    form = CSRFValidationForm()
    if not form.validate():
        flash("Invalid request. Please try again", "warning")
        return redirect(url_for("dashboard.setting"))
    email_change = EmailChange.get_by(user_id=current_user.id)
    if email_change:
        EmailChange.delete(email_change.id)
--- a/app/app/email/headers.py
+++ b/app/app/email/headers.py
@ -20,6 +20,7 @@ X_SPAM_STATUS = "X-Spam-Status"
 LIST_UNSUBSCRIBE = "List-Unsubscribe"
 LIST_UNSUBSCRIBE_POST = "List-Unsubscribe-Post"
 RETURN_PATH = "Return-Path"
 AUTHENTICATION_RESULTS = "Authentication-Results"
 # headers used to DKIM sign in order of preference
 DKIM_HEADERS = [
@ -32,6 +33,7 @@ DKIM_HEADERS = [
 SL_DIRECTION = "X-SimpleLogin-Type"
 SL_EMAIL_LOG_ID = "X-SimpleLogin-EmailLog-ID"
 SL_ENVELOPE_FROM = "X-SimpleLogin-Envelope-From"
 SL_ORIGINAL_FROM = "X-SimpleLogin-Original-From"
 SL_ENVELOPE_TO = "X-SimpleLogin-Envelope-To"
 SL_CLIENT_IP = "X-SimpleLogin-Client-IP"
--- a/app/app/email_utils.py
+++ b/app/app/email_utils.py
@ -54,6 +54,7 @@ from app.models import (
    IgnoreBounceSender,
    InvalidMailboxDomain,
    VerpType,
    available_sl_email,
 )
 from app.utils import (
    random_string,
@ -1043,7 +1044,7 @@ def replace(msg: Union[Message, str], old, new) -> Union[Message, str]:
    return msg
-def generate_reply_email(contact_email: str, user: User) -> str:
+def generate_reply_email(contact_email: str, alias: Alias) -> str:
    """
    generate a reply_email (aka reverse-alias), make sure it isn't used by any contact
    """
@ -1054,6 +1055,7 @@ def generate_reply_email(contact_email: str, user: User) -> str:
    include_sender_in_reverse_alias = False
    user = alias.user
    # user has set this option explicitly
    if user.include_sender_in_reverse_alias is not None:
        include_sender_in_reverse_alias = user.include_sender_in_reverse_alias
@ -1068,6 +1070,12 @@ def generate_reply_email(contact_email: str, user: User) -> str:
        contact_email = contact_email.replace(".", "_")
        contact_email = convert_to_alphanumeric(contact_email)
    reply_domain = config.EMAIL_DOMAIN
    alias_domain = get_email_domain_part(alias.email)
    sl_domain = SLDomain.get_by(domain=alias_domain)
    if sl_domain and sl_domain.use_as_reverse_alias:
        reply_domain = alias_domain
    # not use while to avoid infinite loop
    for _ in range(1000):
        if include_sender_in_reverse_alias and contact_email:
@ -1075,15 +1083,15 @@ def generate_reply_email(contact_email: str, user: User) -> str:
            reply_email = (
                # do not use the ra+ anymore
                # f"ra+{contact_email}+{random_string(random_length)}@{config.EMAIL_DOMAIN}"
-                f"{contact_email}_{random_string(random_length)}@{config.EMAIL_DOMAIN}"
+                f"{contact_email}_{random_string(random_length)}@{reply_domain}"
            )
        else:
            random_length = random.randint(20, 50)
            # do not use the ra+ anymore
            # reply_email = f"ra+{random_string(random_length)}@{config.EMAIL_DOMAIN}"
-            reply_email = f"{random_string(random_length)}@{config.EMAIL_DOMAIN}"
+            reply_email = f"{random_string(random_length)}@{reply_domain}"
-        if not Contact.get_by(reply_email=reply_email):
+        if available_sl_email(reply_email):
            return reply_email
    raise Exception("Cannot generate reply email")
--- a/app/app/handler/unsubscribe_generator.py
+++ b/app/app/handler/unsubscribe_generator.py
@ -9,6 +9,7 @@ from app.handler.unsubscribe_encoder import (
    UnsubscribeData,
    UnsubscribeOriginalData,
 )
 from app.log import LOG
 from app.models import Alias, Contact, UnsubscribeBehaviourEnum
@ -30,6 +31,7 @@ class UnsubscribeGenerator:
        """
        unsubscribe_data = message[headers.LIST_UNSUBSCRIBE]
        if not unsubscribe_data:
            LOG.info("Email has no unsubscribe header")
            return message
        raw_methods = [method.strip() for method in unsubscribe_data.split(",")]
        mailto_unsubs = None
@ -44,7 +46,9 @@ class UnsubscribeGenerator:
            if url_data.scheme == "mailto":
                query_data = urllib.parse.parse_qs(url_data.query)
                mailto_unsubs = (url_data.path, query_data.get("subject", [""])[0])
                LOG.debug(f"Unsub is mailto to {mailto_unsubs}")
            else:
                LOG.debug(f"Unsub has {url_data.scheme} scheme")
                other_unsubs.append(method)
        # If there are non mailto unsubscribe methods, use those in the header
        if other_unsubs:
@ -56,18 +60,19 @@ class UnsubscribeGenerator:
            add_or_replace_header(
                message, headers.LIST_UNSUBSCRIBE_POST, "List-Unsubscribe=One-Click"
            )
            LOG.debug(f"Adding click unsub methods to header {other_unsubs}")
            return message
-        if not mailto_unsubs:
+        elif not mailto_unsubs:
-            message = delete_header(message, headers.LIST_UNSUBSCRIBE)
+            LOG.debug("No unsubs. Deleting all unsub headers")
-            message = delete_header(message, headers.LIST_UNSUBSCRIBE_POST)
+            delete_header(message, headers.LIST_UNSUBSCRIBE)
            delete_header(message, headers.LIST_UNSUBSCRIBE_POST)
            return message
-        return self._add_unsubscribe_header(
+        unsub_data = UnsubscribeData(
-            message,
+            UnsubscribeAction.OriginalUnsubscribeMailto,
-            UnsubscribeData(
+            UnsubscribeOriginalData(alias.id, mailto_unsubs[0], mailto_unsubs[1]),
                UnsubscribeAction.OriginalUnsubscribeMailto,
                UnsubscribeOriginalData(alias.id, mailto_unsubs[0], mailto_unsubs[1]),
            ),
        )
        LOG.debug(f"Adding unsub data {unsub_data}")
        return self._add_unsubscribe_header(message, unsub_data)
    def _add_unsubscribe_header(
        self, message: Message, unsub: UnsubscribeData
--- a/app/app/jobs/export_user_data_job.py
+++ b/app/app/jobs/export_user_data_job.py
@ -41,7 +41,7 @@ from app.models import (
 class ExportUserDataJob:
    REMOVE_FIELDS = {
-        "User": ("otp_secret",),
+        "User": ("otp_secret", "password"),
        "Alias": ("ts_vector", "transfer_token", "hibp_last_check"),
        "CustomDomain": ("ownership_txt_token",),
    }
--- a/app/app/mail_sender.py
+++ b/app/app/mail_sender.py
@ -32,6 +32,7 @@ class SendRequest:
    rcpt_options: Dict = {}
    is_forward: bool = False
    ignore_smtp_errors: bool = False
    retries: int = 0
    def to_bytes(self) -> bytes:
        if not config.SAVE_UNSENT_DIR:
@ -67,6 +68,30 @@ class SendRequest:
            is_forward=decoded_data["is_forward"],
        )
    def save_request_to_unsent_dir(self, prefix: str = "DeliveryFail"):
        file_name = (
            f"{prefix}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
        )
        file_path = os.path.join(config.SAVE_UNSENT_DIR, file_name)
        self.save_request_to_file(file_path)
    @staticmethod
    def save_request_to_failed_dir(self, prefix: str = "DeliveryRetryFail"):
        file_name = (
            f"{prefix}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
        )
        dir_name = os.path.join(config.SAVE_UNSENT_DIR, "failed")
        if not os.path.isdir(dir_name):
            os.makedirs(dir_name)
        file_path = os.path.join(dir_name, file_name)
        self.save_request_to_file(file_path)
    def save_request_to_file(self, file_path: str):
        file_contents = self.to_bytes()
        with open(file_path, "wb") as fd:
            fd.write(file_contents)
        LOG.i(f"Saved unsent message {file_path}")
 class MailSender:
    def __init__(self):
@ -170,21 +195,10 @@ class MailSender:
                LOG.e(
                    f"Could not send message to smtp server {config.POSTFIX_SERVER}:{config.POSTFIX_PORT}"
                )
-                self._save_request_to_unsent_dir(send_request)
+                if config.SAVE_UNSENT_DIR:
                    send_request.save_request_to_unsent_dir()
                return False
    def _save_request_to_unsent_dir(
        self, send_request: SendRequest, prefix: str = "DeliveryFail"
    ):
        file_name = (
            f"{prefix}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
        )
        file_path = os.path.join(config.SAVE_UNSENT_DIR, file_name)
        file_contents = send_request.to_bytes()
        with open(file_path, "wb") as fd:
            fd.write(file_contents)
        LOG.i(f"Saved unsent message {file_path}")
 mail_sender = MailSender()
@ -218,6 +232,7 @@ def load_unsent_mails_from_fs_and_resend():
        LOG.i(f"Trying to re-deliver email {filename}")
        try:
            send_request = SendRequest.load_from_file(full_file_path)
            send_request.retries += 1
        except Exception as e:
            LOG.e(f"Cannot load {filename}. Error {e}")
            continue
@ -229,6 +244,11 @@ def load_unsent_mails_from_fs_and_resend():
                    "DeliverUnsentEmail", {"delivered": "true"}
                )
            else:
                if send_request.retries > 2:
                    os.unlink(full_file_path)
                    send_request.save_request_to_failed_dir()
                else:
                    send_request.save_request_to_file(full_file_path)
                newrelic.agent.record_custom_event(
                    "DeliverUnsentEmail", {"delivered": "false"}
                )
--- a/app/app/models.py
+++ b/app/app/models.py
@ -1,6 +1,7 @@
 from __future__ import annotations
 import base64
 import dataclasses
 import enum
 import hashlib
 import hmac
@ -18,7 +19,7 @@ from flanker.addresslib import address
 from flask import url_for
 from flask_login import UserMixin
 from jinja2 import FileSystemLoader, Environment
-from sqlalchemy import orm
+from sqlalchemy import orm, or_
 from sqlalchemy import text, desc, CheckConstraint, Index, Column
 from sqlalchemy.dialects.postgresql import TSVECTOR
 from sqlalchemy.ext.declarative import declarative_base
@ -44,7 +45,6 @@ from app.utils import (
    random_string,
    random_words,
    sanitize_email,
    random_word,
 )
 Base = declarative_base()
@ -274,6 +274,12 @@ class IntEnumType(sa.types.TypeDecorator):
        return self._enum_type(enum_value)
@dataclasses.dataclass
 class AliasOptions:
    show_sl_domains: bool = True
    show_partner_domains: Optional[Partner] = None
 class Hibp(Base, ModelMixin):
    __tablename__ = "hibp"
    name = sa.Column(sa.String(), nullable=False, unique=True, index=True)
@ -292,7 +298,9 @@ class HibpNotifiedAlias(Base, ModelMixin):
    """
    __tablename__ = "hibp_notified_alias"
-    alias_id = sa.Column(sa.ForeignKey("alias.id", ondelete="cascade"), nullable=False)
+    alias_id = sa.Column(
        sa.ForeignKey("alias.id", ondelete="cascade"), nullable=False, index=True
    )
    user_id = sa.Column(sa.ForeignKey("users.id", ondelete="cascade"), nullable=False)
    notified_at = sa.Column(ArrowType, default=arrow.utcnow, nullable=False)
@ -420,7 +428,10 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
    # newsletter is sent to this address
    newsletter_alias_id = sa.Column(
-        sa.ForeignKey("alias.id", ondelete="SET NULL"), nullable=True, default=None
+        sa.ForeignKey("alias.id", ondelete="SET NULL"),
        nullable=True,
        default=None,
        index=True,
    )
    # whether to include the sender address in reverse-alias
@ -434,7 +445,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
    random_alias_suffix = sa.Column(
        sa.Integer,
        nullable=False,
-        default=AliasSuffixEnum.random_string.value,
+        default=AliasSuffixEnum.word.value,
        server_default=str(AliasSuffixEnum.random_string.value),
    )
@ -503,9 +514,8 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
        server_default=BlockBehaviourEnum.return_2xx.name,
    )
    # to keep existing behavior, the server default is TRUE whereas for new user, the default value is FALSE
    include_header_email_header = sa.Column(
-        sa.Boolean, default=False, nullable=False, server_default="1"
+        sa.Boolean, default=True, nullable=False, server_default="1"
    )
    # bitwise flags. Allow for future expansion
@ -519,7 +529,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
    # Keep original unsub behaviour
    unsub_behaviour = sa.Column(
        IntEnumType(UnsubscribeBehaviourEnum),
-        default=UnsubscribeBehaviourEnum.DisableAlias,
+        default=UnsubscribeBehaviourEnum.PreserveOriginal,
        server_default=str(UnsubscribeBehaviourEnum.DisableAlias.value),
        nullable=False,
    )
@ -558,7 +568,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
    @classmethod
    def create(cls, email, name="", password=None, from_partner=False, **kwargs):
-        user: User = super(User, cls).create(email=email, name=name, **kwargs)
+        user: User = super(User, cls).create(email=email, name=name[:100], **kwargs)
        if password:
            user.set_password(password)
@ -569,19 +579,6 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
        Session.flush()
        user.default_mailbox_id = mb.id
        # create a first alias mail to show user how to use when they login
        alias = Alias.create_new(
            user,
            prefix="simplelogin-newsletter",
            mailbox_id=mb.id,
            note="This is your first alias. It's used to receive SimpleLogin communications "
            "like new features announcements, newsletters.",
        )
        Session.flush()
        user.newsletter_alias_id = alias.id
        Session.flush()
        # generate an alternative_id if needed
        if "alternative_id" not in kwargs:
            user.alternative_id = str(uuid.uuid4())
@ -600,6 +597,19 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
            Session.flush()
            return user
        # create a first alias mail to show user how to use when they login
        alias = Alias.create_new(
            user,
            prefix="simplelogin-newsletter",
            mailbox_id=mb.id,
            note="This is your first alias. It's used to receive SimpleLogin communications "
            "like new features announcements, newsletters.",
        )
        Session.flush()
        user.newsletter_alias_id = alias.id
        Session.flush()
        if config.DISABLE_ONBOARDING:
            LOG.d("Disable onboarding emails")
            return user
@ -625,7 +635,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
        return user
    def get_active_subscription(
-        self,
+        self, include_partner_subscription: bool = True
    ) -> Optional[
        Union[
            Subscription
@ -653,19 +663,40 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
        if coinbase_subscription and coinbase_subscription.is_active():
            return coinbase_subscription
-        partner_sub: PartnerSubscription = PartnerSubscription.find_by_user_id(self.id)
+        if include_partner_subscription:
-        if partner_sub and partner_sub.is_active():
+            partner_sub: PartnerSubscription = PartnerSubscription.find_by_user_id(
-            return partner_sub
+                self.id
            )
            if partner_sub and partner_sub.is_active():
                return partner_sub
        return None
    def get_active_subscription_end(
        self, include_partner_subscription: bool = True
    ) -> Optional[arrow.Arrow]:
        sub = self.get_active_subscription(
            include_partner_subscription=include_partner_subscription
        )
        if isinstance(sub, Subscription):
            return arrow.get(sub.next_bill_date)
        if isinstance(sub, AppleSubscription):
            return sub.expires_date
        if isinstance(sub, ManualSubscription):
            return sub.end_at
        if isinstance(sub, CoinbaseSubscription):
            return sub.end_at
        return None
    # region Billing
-    def lifetime_or_active_subscription(self) -> bool:
+    def lifetime_or_active_subscription(
        self, include_partner_subscription: bool = True
    ) -> bool:
        """True if user has lifetime licence or active subscription"""
        if self.lifetime:
            return True
-        return self.get_active_subscription() is not None
+        return self.get_active_subscription(include_partner_subscription) is not None
    def is_paid(self) -> bool:
        """same as _lifetime_or_active_subscription but not include free manual subscription"""
@ -694,14 +725,14 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
        return True
-    def is_premium(self) -> bool:
+    def is_premium(self, include_partner_subscription: bool = True) -> bool:
        """
        user is premium if they:
        - have a lifetime deal or
        - in trial period or
        - active subscription
        """
-        if self.lifetime_or_active_subscription():
+        if self.lifetime_or_active_subscription(include_partner_subscription):
            return True
        if self.trial_end and arrow.now() < self.trial_end:
@ -868,14 +899,16 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
    def custom_domains(self):
        return CustomDomain.filter_by(user_id=self.id, verified=True).all()
-    def available_domains_for_random_alias(self) -> List[Tuple[bool, str]]:
+    def available_domains_for_random_alias(
        self, alias_options: Optional[AliasOptions] = None
    ) -> List[Tuple[bool, str]]:
        """Return available domains for user to create random aliases
        Each result record contains:
        - whether the domain belongs to SimpleLogin
        - the domain
        """
        res = []
-        for domain in self.available_sl_domains():
+        for domain in self.available_sl_domains(alias_options=alias_options):
            res.append((True, domain))
        for custom_domain in self.verified_custom_domains():
@ -960,30 +993,59 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
        return None, "", False
-    def available_sl_domains(self) -> [str]:
+    def available_sl_domains(
        self, alias_options: Optional[AliasOptions] = None
    ) -> [str]:
        """
        Return all SimpleLogin domains that user can use when creating a new alias, including:
        - SimpleLogin public domains, available for all users (ALIAS_DOMAIN)
        - SimpleLogin premium domains, only available for Premium accounts (PREMIUM_ALIAS_DOMAIN)
        """
-        return [sl_domain.domain for sl_domain in self.get_sl_domains()]
+        return [
            sl_domain.domain
            for sl_domain in self.get_sl_domains(alias_options=alias_options)
        ]
-    def get_sl_domains(self) -> List["SLDomain"]:
+    def get_sl_domains(
-        query = SLDomain.filter_by(hidden=False).order_by(SLDomain.order)
+        self, alias_options: Optional[AliasOptions] = None
-
+    ) -> list["SLDomain"]:
-        if self.is_premium():
+        if alias_options is None:
-            return query.all()
+            alias_options = AliasOptions()
        conditions = [SLDomain.hidden == False]  # noqa: E712
        if not self.is_premium():
            conditions.append(SLDomain.premium_only == False)  # noqa: E712
        partner_domain_cond = []  # noqa:E711
        if self.default_alias_public_domain_id is not None:
            partner_domain_cond.append(
                SLDomain.id == self.default_alias_public_domain_id
            )
        if alias_options.show_partner_domains is not None:
            partner_user = PartnerUser.filter_by(
                user_id=self.id, partner_id=alias_options.show_partner_domains.id
            ).first()
            if partner_user is not None:
                partner_domain_cond.append(
                    SLDomain.partner_id == partner_user.partner_id
                )
        if alias_options.show_sl_domains:
            partner_domain_cond.append(SLDomain.partner_id == None)  # noqa:E711
        if len(partner_domain_cond) == 1:
            conditions.append(partner_domain_cond[0])
        else:
-            return query.filter_by(premium_only=False).all()
+            conditions.append(or_(*partner_domain_cond))
        query = Session.query(SLDomain).filter(*conditions).order_by(SLDomain.order)
        return query.all()
-    def available_alias_domains(self) -> [str]:
+    def available_alias_domains(
        self, alias_options: Optional[AliasOptions] = None
    ) -> [str]:
        """return all domains that user can use when creating a new alias, including:
        - SimpleLogin public domains, available for all users (ALIAS_DOMAIN)
        - SimpleLogin premium domains, only available for Premium accounts (PREMIUM_ALIAS_DOMAIN)
        - Verified custom domains
        """
-        domains = self.available_sl_domains()
+        domains = self.available_sl_domains(alias_options=alias_options)
        for custom_domain in self.verified_custom_domains():
            domains.append(custom_domain.domain)
@ -1001,16 +1063,21 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
            > 0
        )
-    def get_random_alias_suffix(self):
+    def get_random_alias_suffix(self, custom_domain: Optional["CustomDomain"] = None):
        """Get random suffix for an alias based on user's preference.
        Use a shorter suffix in case of custom domain
        Returns:
            str: the random suffix generated
        """
        if self.random_alias_suffix == AliasSuffixEnum.random_string.value:
            return random_string(config.ALIAS_RANDOM_SUFFIX_LENGTH, include_digits=True)
-        return random_word()
+
        if custom_domain is None:
            return random_words(1, 3)
        return random_words(1)
    def __repr__(self):
        return f"<User {self.id} {self.name} {self.email}>"
@ -1255,34 +1322,48 @@ class OauthToken(Base, ModelMixin):
        return self.expired < arrow.now()
-def generate_email(
+def available_sl_email(email: str) -> bool:
    if (
        Alias.get_by(email=email)
        or Contact.get_by(reply_email=email)
        or DeletedAlias.get_by(email=email)
    ):
        return False
    return True
 def generate_random_alias_email(
    scheme: int = AliasGeneratorEnum.word.value,
    in_hex: bool = False,
-    alias_domain=config.FIRST_ALIAS_DOMAIN,
+    alias_domain: str = config.FIRST_ALIAS_DOMAIN,
    retries: int = 10,
 ) -> str:
    """generate an email address that does not exist before
    :param alias_domain: the domain used to generate the alias.
    :param scheme: int, value of AliasGeneratorEnum, indicate how the email is generated
    :param retries: int, How many times we can try to generate an alias in case of collision
    :type in_hex: bool, if the generate scheme is uuid, is hex favorable?
    """
    if retries <= 0:
        raise Exception("Cannot generate alias after many retries")
    if scheme == AliasGeneratorEnum.uuid.value:
        name = uuid.uuid4().hex if in_hex else uuid.uuid4().__str__()
        random_email = name + "@" + alias_domain
    else:
-        random_email = random_words() + "@" + alias_domain
+        random_email = random_words(2, 3) + "@" + alias_domain
    random_email = random_email.lower().strip()
    # check that the client does not exist yet
-    if not Alias.get_by(email=random_email) and not DeletedAlias.get_by(
+    if available_sl_email(random_email):
        email=random_email
    ):
        LOG.d("generate email %s", random_email)
        return random_email
    # Rerun the function
    LOG.w("email %s already exists, generate a new email", random_email)
-    return generate_email(scheme=scheme, in_hex=in_hex)
+    return generate_random_alias_email(
        scheme=scheme, in_hex=in_hex, retries=retries - 1
    )
 class Alias(Base, ModelMixin):
@ -1481,7 +1562,7 @@ class Alias(Base, ModelMixin):
            suffix = user.get_random_alias_suffix()
            email = f"{prefix}.{suffix}@{config.FIRST_ALIAS_DOMAIN}"
-            if not cls.get_by(email=email) and not DeletedAlias.get_by(email=email):
+            if available_sl_email(email):
                break
        return Alias.create(
@ -1510,7 +1591,7 @@ class Alias(Base, ModelMixin):
        if user.default_alias_custom_domain_id:
            custom_domain = CustomDomain.get(user.default_alias_custom_domain_id)
-            random_email = generate_email(
+            random_email = generate_random_alias_email(
                scheme=scheme, in_hex=in_hex, alias_domain=custom_domain.domain
            )
        elif user.default_alias_public_domain_id:
@ -1518,12 +1599,12 @@ class Alias(Base, ModelMixin):
            if sl_domain.premium_only and not user.is_premium():
                LOG.w("%s not premium, cannot use %s", user, sl_domain)
            else:
-                random_email = generate_email(
+                random_email = generate_random_alias_email(
                    scheme=scheme, in_hex=in_hex, alias_domain=sl_domain.domain
                )
        if not random_email:
-            random_email = generate_email(scheme=scheme, in_hex=in_hex)
+            random_email = generate_random_alias_email(scheme=scheme, in_hex=in_hex)
        alias = Alias.create(
            user_id=user.id,
@ -1557,7 +1638,9 @@ class ClientUser(Base, ModelMixin):
    client_id = sa.Column(sa.ForeignKey(Client.id, ondelete="cascade"), nullable=False)
    # Null means client has access to user original email
-    alias_id = sa.Column(sa.ForeignKey(Alias.id, ondelete="cascade"), nullable=True)
+    alias_id = sa.Column(
        sa.ForeignKey(Alias.id, ondelete="cascade"), nullable=True, index=True
    )
    # user can decide to send to client another name
    name = sa.Column(
@ -1676,7 +1759,7 @@ class Contact(Base, ModelMixin):
    is_cc = sa.Column(sa.Boolean, nullable=False, default=False, server_default="0")
    pgp_public_key = sa.Column(sa.Text, nullable=True)
-    pgp_finger_print = sa.Column(sa.String(512), nullable=True)
+    pgp_finger_print = sa.Column(sa.String(512), nullable=True, index=True)
    alias = orm.relationship(Alias, backref="contacts")
    user = orm.relationship(User)
@ -2087,7 +2170,9 @@ class AliasUsedOn(Base, ModelMixin):
        sa.UniqueConstraint("alias_id", "hostname", name="uq_alias_used"),
    )
-    alias_id = sa.Column(sa.ForeignKey(Alias.id, ondelete="cascade"), nullable=False)
+    alias_id = sa.Column(
        sa.ForeignKey(Alias.id, ondelete="cascade"), nullable=False, index=True
    )
    user_id = sa.Column(sa.ForeignKey(User.id, ondelete="cascade"), nullable=False)
    alias = orm.relationship(Alias)
@ -2764,6 +2849,31 @@ class Notification(Base, ModelMixin):
        )
 class Partner(Base, ModelMixin):
    __tablename__ = "partner"
    name = sa.Column(sa.String(128), unique=True, nullable=False)
    contact_email = sa.Column(sa.String(128), unique=True, nullable=False)
    @staticmethod
    def find_by_token(token: str) -> Optional[Partner]:
        hmaced = PartnerApiToken.hmac_token(token)
        res = (
            Session.query(Partner, PartnerApiToken)
            .filter(
                and_(
                    PartnerApiToken.token == hmaced,
                    Partner.id == PartnerApiToken.partner_id,
                )
            )
            .first()
        )
        if res:
            partner, partner_api_token = res
            return partner
        return None
 class SLDomain(Base, ModelMixin):
    """SimpleLogin domains"""
@ -2781,12 +2891,23 @@ class SLDomain(Base, ModelMixin):
        sa.Boolean, nullable=False, default=False, server_default="0"
    )
    partner_id = sa.Column(
        sa.ForeignKey(Partner.id, ondelete="cascade"),
        nullable=True,
        default=None,
        server_default="NULL",
    )
    # if enabled, do not show this domain when user creates a custom alias
    hidden = sa.Column(sa.Boolean, nullable=False, default=False, server_default="0")
    # the order in which the domains are shown when user creates a custom alias
    order = sa.Column(sa.Integer, nullable=False, default=0, server_default="0")
    use_as_reverse_alias = sa.Column(
        sa.Boolean, nullable=False, default=False, server_default="0"
    )
    def __repr__(self):
        return f"<SLDomain {self.domain} {'Premium' if self.premium_only else 'Free'}"
@ -3227,31 +3348,6 @@ class ProviderComplaint(Base, ModelMixin):
    refused_email = orm.relationship(RefusedEmail, foreign_keys=[refused_email_id])
 class Partner(Base, ModelMixin):
    __tablename__ = "partner"
    name = sa.Column(sa.String(128), unique=True, nullable=False)
    contact_email = sa.Column(sa.String(128), unique=True, nullable=False)
    @staticmethod
    def find_by_token(token: str) -> Optional[Partner]:
        hmaced = PartnerApiToken.hmac_token(token)
        res = (
            Session.query(Partner, PartnerApiToken)
            .filter(
                and_(
                    PartnerApiToken.token == hmaced,
                    Partner.id == PartnerApiToken.partner_id,
                )
            )
            .first()
        )
        if res:
            partner, partner_api_token = res
            return partner
        return None
 class PartnerApiToken(Base, ModelMixin):
    __tablename__ = "partner_api_token"
@ -3321,7 +3417,7 @@ class PartnerSubscription(Base, ModelMixin):
    )
    # when the partner subscription ends
-    end_at = sa.Column(ArrowType, nullable=False)
+    end_at = sa.Column(ArrowType, nullable=False, index=True)
    partner_user = orm.relationship(PartnerUser)
--- a/app/app/subscription_webhook.py
+++ b/app/app/subscription_webhook.py
@ -0,0 +1,33 @@
 import requests
 from requests import RequestException
 from app import config
 from app.log import LOG
 from app.models import User
 def execute_subscription_webhook(user: User):
    webhook_url = config.SUBSCRIPTION_CHANGE_WEBHOOK
    if webhook_url is None:
        return
    subscription_end = user.get_active_subscription_end(
        include_partner_subscription=False
    )
    sl_subscription_end = None
    if subscription_end:
        sl_subscription_end = subscription_end.timestamp
    payload = {
        "user_id": user.id,
        "is_premium": user.is_premium(),
        "active_subscription_end": sl_subscription_end,
    }
    try:
        response = requests.post(webhook_url, json=payload, timeout=2)
        if response.status_code == 200:
            LOG.i("Sent request to subscription update webhook successfully")
        else:
            LOG.i(
                f"Request to webhook failed with statue {response.status_code}: {response.text}"
            )
    except RequestException as e:
        LOG.error(f"Subscription request exception: {e}")
--- a/app/app/utils.py
+++ b/app/app/utils.py
@ -1,3 +1,4 @@
 import random
 import re
 import secrets
 import string
@ -25,11 +26,16 @@ def word_exist(word):
    return word in _words
-def random_words():
+def random_words(words: int = 2, numbers: int = 0):
    """Generate a random words. Used to generate user-facing string, for ex email addresses"""
    # nb_words = random.randint(2, 3)
-    nb_words = 2
+    fields = [secrets.choice(_words) for i in range(words)]
-    return "_".join([secrets.choice(_words) for i in range(nb_words)])
+
    if numbers > 0:
        digits = "".join([str(random.randint(0, 9)) for i in range(numbers)])
        return "_".join(fields) + digits
    else:
        return "_".join(fields)
 def random_string(length=10, include_digits=False):
--- a/app/docs/api.md
+++ b/app/docs/api.md
@ -15,6 +15,7 @@
 - [GET /api/user/cookie_token](#get-apiusercookie_token): Get a one time use token to exchange it for a valid cookie
 - [PATCH /api/user_info](#patch-apiuser_info): Update user's information.
 - [POST /api/api_key](#post-apiapi_key): Create a new API key.
 - [GET /api/stats](#get-apistats): Get user's stats.
 - [GET /api/logout](#get-apilogout): Log out.
 [Alias endpoints](#alias-endpoints)
@ -226,6 +227,22 @@ Input:
 Output: same as GET /api/user_info
 #### GET /api/stats
 Given the API Key, return stats about the number of aliases, number of emails forwarded/replied/blocked
 Input:
 - `Authentication` header that contains the api key
 Output: if api key is correct, return a json with the following fields:
 ```json
 {"nb_alias": 1, "nb_block": 0, "nb_forward": 0, "nb_reply": 0}
 ```
 If api key is incorrect, return 401.
 #### PATCH /api/sudo
 Enable sudo mode
@ -694,7 +711,7 @@ Return 200 and `existed=true` if contact is already added.
 It can return 403 with an error if the user cannot create reverse alias.
-``json
+```json
 {
  "error": "Please upgrade to create a reverse-alias"
 }
--- a/app/email_handler.py
+++ b/app/email_handler.py
@ -161,6 +161,7 @@ from app.models import (
    MessageIDMatching,
    Notification,
    VerpType,
    SLDomain,
 )
 from app.pgp_utils import (
    PGPException,
@ -243,7 +244,7 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
                website_email=contact_email,
                name=contact_name,
                mail_from=mail_from,
-                reply_email=generate_reply_email(contact_email, alias.user)
+                reply_email=generate_reply_email(contact_email, alias)
                if is_valid_email(contact_email)
                else NOREPLY,
                automatic_created=True,
@ -304,7 +305,7 @@ def get_or_create_reply_to_contact(
                alias_id=alias.id,
                website_email=contact_address,
                name=contact_name,
-                reply_email=generate_reply_email(contact_address, alias.user),
+                reply_email=generate_reply_email(contact_address, alias),
                automatic_created=True,
            )
            Session.commit()
@ -372,7 +373,7 @@ def replace_header_when_forward(msg: Message, alias: Alias, header: str):
                    alias_id=alias.id,
                    website_email=contact_email,
                    name=full_address.display_name,
-                    reply_email=generate_reply_email(contact_email, alias.user),
+                    reply_email=generate_reply_email(contact_email, alias),
                    is_cc=header.lower() == "cc",
                    automatic_created=True,
                )
@ -845,22 +846,23 @@ def forward_email_to_mailbox(
            f"""Email sent to {alias.email} from an invalid address and cannot be replied""",
        )
-    delete_all_headers_except(
+    headers_to_keep = [
-        msg,
+        headers.FROM,
-        [
+        headers.TO,
-            headers.FROM,
+        headers.CC,
-            headers.TO,
+        headers.SUBJECT,
-            headers.CC,
+        headers.DATE,
-            headers.SUBJECT,
+        # do not delete original message id
-            headers.DATE,
+        headers.MESSAGE_ID,
-            # do not delete original message id
+        # References and In-Reply-To are used for keeping the email thread
-            headers.MESSAGE_ID,
+        headers.REFERENCES,
-            # References and In-Reply-To are used for keeping the email thread
+        headers.IN_REPLY_TO,
-            headers.REFERENCES,
+        headers.LIST_UNSUBSCRIBE,
-            headers.IN_REPLY_TO,
+        headers.LIST_UNSUBSCRIBE_POST,
-        ]
+    ] + headers.MIME_HEADERS
-        + headers.MIME_HEADERS,
+    if user.include_header_email_header:
-    )
+        headers_to_keep.append(headers.AUTHENTICATION_RESULTS)
    delete_all_headers_except(msg, headers_to_keep)
    # create PGP email if needed
    if mailbox.pgp_enabled() and user.is_premium() and not alias.disable_pgp:
@ -897,6 +899,11 @@ def forward_email_to_mailbox(
    msg[headers.SL_EMAIL_LOG_ID] = str(email_log.id)
    if user.include_header_email_header:
        msg[headers.SL_ENVELOPE_FROM] = envelope.mail_from
        if contact.name:
            original_from = f"{contact.name} <{contact.website_email}>"
        else:
            original_from = contact.website_email
        msg[headers.SL_ORIGINAL_FROM] = original_from
    # when an alias isn't in the To: header, there's no way for users to know what alias has received the email
    msg[headers.SL_ENVELOPE_TO] = alias.email
@ -945,10 +952,11 @@ def forward_email_to_mailbox(
        envelope.rcpt_options,
    )
    contact_domain = get_email_domain_part(contact.reply_email)
    try:
        sl_sendmail(
            # use a different envelope sender for each forward (aka VERP)
-            generate_verp_email(VerpType.bounce_forward, email_log.id),
+            generate_verp_email(VerpType.bounce_forward, email_log.id, contact_domain),
            mailbox.email,
            msg,
            envelope.mail_options,
@ -1017,10 +1025,14 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
    reply_email = rcpt_to
-    # reply_email must end with EMAIL_DOMAIN
+    reply_domain = get_email_domain_part(reply_email)
    # reply_email must end with EMAIL_DOMAIN or a domain that can be used as reverse alias domain
    if not reply_email.endswith(EMAIL_DOMAIN):
-        LOG.w(f"Reply email {reply_email} has wrong domain")
+        sl_domain: SLDomain = SLDomain.get_by(domain=reply_domain)
-        return False, status.E501
+        if sl_domain is None:
            LOG.w(f"Reply email {reply_email} has wrong domain")
            return False, status.E501
    # handle case where reply email is generated with non-allowed char
    reply_email = normalize_reply_email(reply_email)
@ -1032,7 +1044,7 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
    alias = contact.alias
    alias_address: str = contact.alias.email
-    alias_domain = alias_address[alias_address.find("@") + 1 :]
+    alias_domain = get_email_domain_part(alias_address)
    # Sanity check: verify alias domain is managed by SimpleLogin
    # scenario: a user have removed a domain but due to a bug, the aliases are still there
--- a/app/init_app.py
+++ b/app/init_app.py
@ -42,14 +42,16 @@ def add_sl_domains():
            LOG.d("%s is already a SL domain", alias_domain)
        else:
            LOG.i("Add %s to SL domain", alias_domain)
-            SLDomain.create(domain=alias_domain)
+            SLDomain.create(domain=alias_domain, use_as_reverse_alias=True)
    for premium_domain in PREMIUM_ALIAS_DOMAINS:
        if SLDomain.get_by(domain=premium_domain):
            LOG.d("%s is already a SL domain", premium_domain)
        else:
            LOG.i("Add %s to SL domain", premium_domain)
-            SLDomain.create(domain=premium_domain, premium_only=True)
+            SLDomain.create(
                domain=premium_domain, premium_only=True, use_as_reverse_alias=True
            )
    Session.commit()
--- a/app/local_data/words.txt
+++ b/app/local_data/words.txt
--- a/app/migrations/versions/2023_040318_5f4a5625da66_.py
+++ b/app/migrations/versions/2023_040318_5f4a5625da66_.py
@ -0,0 +1,31 @@
 """empty message
 Revision ID: 5f4a5625da66
 Revises: 2c2093c82bc0
 Create Date: 2023-04-03 18:30:46.488231
 """
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = '5f4a5625da66'
 down_revision = '2c2093c82bc0'
 branch_labels = None
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.add_column('public_domain', sa.Column('partner_id', sa.Integer(), nullable=True))
    op.create_foreign_key(None, 'public_domain', 'partner', ['partner_id'], ['id'], ondelete='cascade')
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_constraint(None, 'public_domain', type_='foreignkey')
    op.drop_column('public_domain', 'partner_id')
    # ### end Alembic commands ###
--- a/app/migrations/versions/2023_041418_893c0d18475f_.py
+++ b/app/migrations/versions/2023_041418_893c0d18475f_.py
@ -0,0 +1,29 @@
 """empty message
 Revision ID: 893c0d18475f
 Revises: 5f4a5625da66
 Create Date: 2023-04-14 18:20:03.807367
 """
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = '893c0d18475f'
 down_revision = '5f4a5625da66'
 branch_labels = None
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_index(op.f('ix_contact_pgp_finger_print'), 'contact', ['pgp_finger_print'], unique=False)
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_index(op.f('ix_contact_pgp_finger_print'), table_name='contact')
    # ### end Alembic commands ###
--- a/app/migrations/versions/2023_041419_bc496c0a0279_.py
+++ b/app/migrations/versions/2023_041419_bc496c0a0279_.py
@ -0,0 +1,35 @@
 """empty message
 Revision ID: bc496c0a0279
 Revises: 893c0d18475f
 Create Date: 2023-04-14 19:09:38.540514
 """
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = 'bc496c0a0279'
 down_revision = '893c0d18475f'
 branch_labels = None
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_index(op.f('ix_alias_used_on_alias_id'), 'alias_used_on', ['alias_id'], unique=False)
    op.create_index(op.f('ix_client_user_alias_id'), 'client_user', ['alias_id'], unique=False)
    op.create_index(op.f('ix_hibp_notified_alias_alias_id'), 'hibp_notified_alias', ['alias_id'], unique=False)
    op.create_index(op.f('ix_users_newsletter_alias_id'), 'users', ['newsletter_alias_id'], unique=False)
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_index(op.f('ix_users_newsletter_alias_id'), table_name='users')
    op.drop_index(op.f('ix_hibp_notified_alias_alias_id'), table_name='hibp_notified_alias')
    op.drop_index(op.f('ix_client_user_alias_id'), table_name='client_user')
    op.drop_index(op.f('ix_alias_used_on_alias_id'), table_name='alias_used_on')
    # ### end Alembic commands ###
--- a/app/migrations/versions/2023_041520_2d89315ac650_.py
+++ b/app/migrations/versions/2023_041520_2d89315ac650_.py
@ -0,0 +1,29 @@
 """empty message
 Revision ID: 2d89315ac650
 Revises: bc496c0a0279
 Create Date: 2023-04-15 20:43:44.218020
 """
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = '2d89315ac650'
 down_revision = 'bc496c0a0279'
 branch_labels = None
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_index(op.f('ix_partner_subscription_end_at'), 'partner_subscription', ['end_at'], unique=False)
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_index(op.f('ix_partner_subscription_end_at'), table_name='partner_subscription')
    # ### end Alembic commands ###
--- a/app/migrations/versions/2023_041916_01e2997e90d3_.py
+++ b/app/migrations/versions/2023_041916_01e2997e90d3_.py
@ -0,0 +1,29 @@
 """empty message
 Revision ID: 01e2997e90d3
 Revises: 893c0d18475f
 Create Date: 2023-04-19 16:09:11.851588
 """
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = '01e2997e90d3'
 down_revision = '893c0d18475f'
 branch_labels = None
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.add_column('public_domain', sa.Column('use_as_reverse_alias', sa.Boolean(), server_default='0', nullable=False))
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_column('public_domain', 'use_as_reverse_alias')
    # ### end Alembic commands ###
--- a/app/migrations/versions/2023_042011_2634b41f54db_.py
+++ b/app/migrations/versions/2023_042011_2634b41f54db_.py
@ -0,0 +1,25 @@
 """empty message
 Revision ID: 2634b41f54db
 Revises: 01e2997e90d3, 2d89315ac650
 Create Date: 2023-04-20 11:47:43.048536
 """
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = '2634b41f54db'
 down_revision = ('01e2997e90d3', '2d89315ac650')
 branch_labels = None
 depends_on = None
 def upgrade():
    pass
 def downgrade():
    pass
--- a/app/oauth_tester.py
+++ b/app/oauth_tester.py
@ -1,7 +1,7 @@
 """
 This is an example on how to integrate SimpleLogin
 with Requests-OAuthlib, a popular library to work with OAuth in Python.
-The step-to-step guide can be found on https://docs.simplelogin.io
+The step-to-step guide can be found on https://simplelogin.io/docs/siwsl/app/
 This example is based on
 https://requests-oauthlib.readthedocs.io/en/latest/examples/real_world_example.html
 """
--- a/app/poetry.lock
+++ b/app/poetry.lock
--- a/app/pyproject.toml
+++ b/app/pyproject.toml
@ -95,13 +95,13 @@ webauthn = "^0.4.7"
 pyspf = "^2.0.14"
 Flask-Limiter = "^1.4"
 memory_profiler = "^0.57.0"
-gevent = "^21.12.0"
+gevent = "22.10.2"
 aiospamc = "^0.6.1"
 email_validator = "^1.1.1"
 PGPy = "0.5.4"
 coinbase-commerce = "^1.0.1"
 requests = "^2.25.1"
-newrelic = "^7.10.0"
+newrelic = "8.8.0"
 flanker = "^0.9.11"
 pyre2 = "^0.3.6"
 tldextract = "^3.1.2"
@ -110,7 +110,7 @@ twilio = "^7.3.2"
 Deprecated = "^1.2.13"
 cryptography = "37.0.1"
 SQLAlchemy = "1.3.24"
-redis = "^4.3.4"
+redis = "^4.5.3"
 [tool.poetry.dev-dependencies]
 pytest = "^7.0.0"
--- a/app/server.py
+++ b/app/server.py
@ -79,6 +79,7 @@ from app.config import (
    MEM_STORE_URI,
 )
 from app.dashboard.base import dashboard_bp
 from app.subscription_webhook import execute_subscription_webhook
 from app.db import Session
 from app.developer.base import developer_bp
 from app.discover.base import discover_bp
@ -491,6 +492,7 @@ def setup_paddle_callback(app: Flask):
                # in case user cancels a plan and subscribes a new plan
                sub.cancelled = False
            execute_subscription_webhook(user)
            LOG.d("User %s upgrades!", user)
            Session.commit()
@ -509,6 +511,7 @@ def setup_paddle_callback(app: Flask):
                ).date()
                Session.commit()
                execute_subscription_webhook(sub.user)
        elif request.form.get("alert_name") == "subscription_cancelled":
            subscription_id = request.form.get("subscription_id")
@ -538,6 +541,7 @@ def setup_paddle_callback(app: Flask):
                        end_date=request.form.get("cancellation_effective_date"),
                    ),
                )
                execute_subscription_webhook(sub.user)
            else:
                # user might have deleted their account
@ -580,6 +584,7 @@ def setup_paddle_callback(app: Flask):
                sub.cancelled = False
                Session.commit()
                execute_subscription_webhook(sub.user)
            else:
                LOG.w(
                    f"update non-exist subscription {subscription_id}. {request.form}"
@ -596,6 +601,7 @@ def setup_paddle_callback(app: Flask):
                Subscription.delete(sub.id)
                Session.commit()
                LOG.e("%s requests a refund", user)
                execute_subscription_webhook(sub.user)
        elif request.form.get("alert_name") == "subscription_payment_refunded":
            subscription_id = request.form.get("subscription_id")
@ -629,6 +635,7 @@ def setup_paddle_callback(app: Flask):
                    LOG.e("Unknown plan_id %s", plan_id)
            else:
                LOG.w("partial subscription_payment_refunded, not handled")
            execute_subscription_webhook(sub.user)
        return "OK"
@ -742,6 +749,7 @@ def handle_coinbase_event(event) -> bool:
                coinbase_subscription=coinbase_subscription,
            ),
        )
    execute_subscription_webhook(user)
    return True
--- a/app/static/js/index.js
+++ b/app/static/js/index.js
@ -155,10 +155,8 @@ $(".pin-alias").change(async function () {
  }
 });
-$(".save-note").on("click", async function () {
+async function handleNoteChange(aliasId, aliasEmail) {
-  let oldValue;
+  const note = document.getElementById(`note-${aliasId}`).value;
  let aliasId = $(this).data("alias");
  let note = $(`#note-${aliasId}`).val();
  try {
    let res = await fetch(`/api/aliases/${aliasId}`, {
@ -172,26 +170,27 @@ $(".save-note").on("click", async function () {
    });
    if (res.ok) {
-      toastr.success(`Saved`);
+      toastr.success(`Description saved for ${aliasEmail}`);
    } else {
      toastr.error("Sorry for the inconvenience! Could you refresh the page & retry please?", "Unknown Error");
      // reset to the original value
      oldValue = !$(this).prop("checked");
      $(this).prop("checked", oldValue);
    }
  } catch (e) {
    toastr.error("Sorry for the inconvenience! Could you refresh the page & retry please?", "Unknown Error");
    // reset to the original value
    oldValue = !$(this).prop("checked");
    $(this).prop("checked", oldValue);
  }
-});
+}
-$(".save-mailbox").on("click", async function () {
+function handleNoteFocus(aliasId) {
-  let oldValue;
+  document.getElementById(`note-focus-message-${aliasId}`).classList.remove('d-none');
-  let aliasId = $(this).data("alias");
+}
-  let mailbox_ids = $(`#mailbox-${aliasId}`).val();
+
 function handleNoteBlur(aliasId) {
  document.getElementById(`note-focus-message-${aliasId}`).classList.add('d-none');
 }
 async function handleMailboxChange(aliasId, aliasEmail) {
  const selectedOptions = document.getElementById(`mailbox-${aliasId}`).selectedOptions;
  const mailbox_ids = Array.from(selectedOptions).map((selectedOption) => selectedOption.value);
  if (mailbox_ids.length === 0) {
    toastr.error("You must select at least a mailbox", "Error");
@ -210,25 +209,18 @@ $(".save-mailbox").on("click", async function () {
    });
    if (res.ok) {
-      toastr.success(`Mailbox Updated`);
+      toastr.success(`Mailbox updated for ${aliasEmail}`);
    } else {
      toastr.error("Sorry for the inconvenience! Could you refresh the page & retry please?", "Unknown Error");
      // reset to the original value
      oldValue = !$(this).prop("checked");
      $(this).prop("checked", oldValue);
    }
  } catch (e) {
    toastr.error("Sorry for the inconvenience! Could you refresh the page & retry please?", "Unknown Error");
    // reset to the original value
    oldValue = !$(this).prop("checked");
    $(this).prop("checked", oldValue);
  }
-});
+}
-$(".save-alias-name").on("click", async function () {
+async function handleDisplayNameChange(aliasId, aliasEmail) {
-  let aliasId = $(this).data("alias");
+  const name = document.getElementById(`alias-name-${aliasId}`).value;
  let name = $(`#alias-name-${aliasId}`).val();
  try {
    let res = await fetch(`/api/aliases/${aliasId}`, {
@ -242,7 +234,7 @@ $(".save-alias-name").on("click", async function () {
    });
    if (res.ok) {
-      toastr.success(`Alias Name Saved`);
+      toastr.success(`Display name saved for ${aliasEmail}`);
    } else {
      toastr.error("Sorry for the inconvenience! Could you refresh the page & retry please?", "Unknown Error");
    }
@ -250,24 +242,41 @@ $(".save-alias-name").on("click", async function () {
    toastr.error("Sorry for the inconvenience! Could you refresh the page & retry please?", "Unknown Error");
  }
-});
+}
 function handleDisplayNameFocus(aliasId) {
  document.getElementById(`display-name-focus-message-${aliasId}`).classList.remove('d-none');
 }
 function handleDisplayNameBlur(aliasId) {
  document.getElementById(`display-name-focus-message-${aliasId}`).classList.add('d-none');
 }
 new Vue({
  el: '#filter-app',
  delimiters: ["[[", "]]"], // necessary to avoid conflict with jinja
  data: {
-    showFilter: false
+    showFilter: false,
    showStats: false
  },
  methods: {
    async toggleFilter() {
      let that = this;
      that.showFilter = !that.showFilter;
      store.set('showFilter', that.showFilter);
    },
    async toggleStats() {
      let that = this;
      that.showStats = !that.showStats;
      store.set('showStats', that.showStats);
    }
  },
  async mounted() {
    if (store.get("showFilter"))
      this.showFilter = true;
    if (store.get("showStats"))
      this.showStats = true;
  }
-});
+});
--- a/app/static/js/utils/drag-drop-into-text.js
+++ b/app/static/js/utils/drag-drop-into-text.js
@ -8,7 +8,8 @@ function enableDragDropForPGPKeys(inputID) {
        let files = event.dataTransfer.files;
        for (let i = 0; i < files.length; i++) {
            let file = files[i];
-            if(file.type !== 'text/plain'){
+            const isValidPgpFile = file.type === 'text/plain' || file.name.endsWith('.asc') || file.name.endsWith('.pub') || file.name.endsWith('.pgp') || file.name.endsWith('.key');
            if (!isValidPgpFile) {
                toastr.warning(`File ${file.name} is not a public key file`);
                continue;
            }
@ -16,6 +17,7 @@ function enableDragDropForPGPKeys(inputID) {
            reader.onloadend = onFileLoaded;
            reader.readAsBinaryString(file);
        }
        dropArea.classList.remove("dashed-outline");
    }
    function onFileLoaded(event) {
@ -24,5 +26,20 @@ function enableDragDropForPGPKeys(inputID) {
    }
    const dropArea = $(inputID).get(0);
    dropArea.addEventListener("dragenter", (event) => {
        event.stopPropagation();
        event.preventDefault();
        dropArea.classList.add("dashed-outline");
    });
    dropArea.addEventListener("dragover", (event) => {
        event.stopPropagation();
        event.preventDefault();
        dropArea.classList.add("dashed-outline");
    });
    dropArea.addEventListener("dragleave", (event) => {
        event.stopPropagation();
        event.preventDefault();
        dropArea.classList.remove("dashed-outline");
    });
    dropArea.addEventListener("drop", drop, false);
-}
+}
--- a/app/static/package-lock.json
+++ b/app/static/package-lock.json
@ -69,12 +69,12 @@
    "font-awesome": {
      "version": "4.7.0",
      "resolved": "https://registry.npmjs.org/font-awesome/-/font-awesome-4.7.0.tgz",
-      "integrity": "sha1-j6jPBBGhoxr9B7BtKQK7n8gVoTM="
+      "integrity": "sha512-U6kGnykA/6bFmg1M/oT9EkFeIYv7JlX3bozwQJWiiLz6L0w3F5vBVPxHlwyX/vtNq1ckcpRKOB9f2Qal/VtFpg=="
    },
    "htmx.org": {
-      "version": "1.6.1",
+      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-1.6.1.tgz",
+      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-1.7.0.tgz",
-      "integrity": "sha512-i+1k5ee2eFWaZbomjckyrDjUpa3FMDZWufatUSBmmsjXVksn89nsXvr1KLGIdAajiz+ZSL7TE4U/QaZVd2U2sA=="
+      "integrity": "sha512-wIQ3yNq7yiLTm+6BhV7Z8qKKTzEQv9xN/I4QsN5FvdGi69SNWTsSMlhH69HPa1rpZ8zSq1A/e7gTbTySxliP8g=="
    },
    "intro.js": {
      "version": "2.9.3",
@ -82,9 +82,9 @@
      "integrity": "sha512-hC+EXWnEuJeA3CveGMat3XHePd2iaXNFJIVfvJh2E9IzBMGLTlhWvPIVHAgKlOpO4lNayCxEqzr4N02VmHFr9Q=="
    },
    "jquery": {
-      "version": "3.5.1",
+      "version": "3.6.4",
-      "resolved": "https://registry.npmjs.org/jquery/-/jquery-3.5.1.tgz",
+      "resolved": "https://registry.npmjs.org/jquery/-/jquery-3.6.4.tgz",
-      "integrity": "sha512-XwIBPqcMn57FxfT+Go5pzySnm4KWkT1Tv7gjrpT1srtf8Weynl6R273VJ5GjkRb51IzMp5nbaPjJXMWeju2MKg=="
+      "integrity": "sha512-v28EW9DWDFpzcD9O5iyJXg3R3+q+mET5JhnjJzQUZMHOv67bpSIHq81GEYpPNZHG+XXHsfSme3nxp/hndKEcsQ=="
    },
    "multiple-select": {
      "version": "1.5.2",
@ -107,7 +107,7 @@
    "toastr": {
      "version": "2.1.4",
      "resolved": "https://registry.npmjs.org/toastr/-/toastr-2.1.4.tgz",
-      "integrity": "sha1-i0O+ZPudDEFIcURvLbjoyk6V8YE=",
+      "integrity": "sha512-LIy77F5n+sz4tefMmFOntcJ6HL0Fv3k1TDnNmFZ0bU/GcvIIfy6eG2v7zQmMiYgaalAiUv75ttFrPn5s0gyqlA==",
      "requires": {
        "jquery": ">=1.12.0"
      }
--- a/app/static/style.css
+++ b/app/static/style.css
@ -217,4 +217,9 @@ textarea.parsley-error {
 .italic {
    font-style: italic;
 }
 /* dashed outline to indicate droppable area */
 .dashed-outline {
    outline: 4px dashed gray;
 }
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -23,7 +23,7 @@
    <!-- Yandex -->
    <meta name="yandex-verification" content="c9e5d4d68bc983a1" />
    <meta name="description"
-          content="Protect your email address with email ALIAS. Create a different email alias for each website. No more phishing, spams."/>
+          content="Protect your email address with email ALIAS. Create a different email alias for each website. No more phishing, or spam."/>
    <link rel="icon" href="/static/favicon.ico" type="image/x-icon" />
    <link rel="shortcut icon" type="image/x-icon" href="/static/favicon.ico" />
    <link rel="canonical" href="{{ CANONICAL_URL }}" />
--- a/app/templates/dashboard/contact_detail.html
+++ b/app/templates/dashboard/contact_detail.html
@ -43,7 +43,7 @@
            {% endif %}
            <div class="form-group">
              <label class="form-label">PGP Public Key</label>
-              <textarea name="pgp" {% if not current_user.is_premium() %} disabled {% endif %} class="form-control" rows=10 id="pgp-public-key" placeholder="-----BEGIN PGP PUBLIC KEY BLOCK-----">{{ contact.pgp_public_key or "" }}</textarea>
+              <textarea name="pgp" {% if not current_user.is_premium() %} disabled {% endif %} class="form-control" rows=10 id="pgp-public-key" placeholder="(Drag and drop or paste your pgp public key here)&#10;-----BEGIN PGP PUBLIC KEY BLOCK-----">{{ contact.pgp_public_key or "" }}</textarea>
            </div>
            <button class="btn btn-primary" name="action" {% if not current_user.is_premium() %}
               disabled {% endif %} value="save">
--- a/app/templates/dashboard/domain_detail/dns.html
+++ b/app/templates/dashboard/domain_detail/dns.html
@ -266,7 +266,9 @@
          <i>dkim._domainkey.{{ custom_domain.domain }}</i> as domain value instead.
          <br />
          If you are using a subdomain, e.g. <i>subdomain.domain.com</i>,
-          you need to use <i>dkim._domainkey.subdomain</i> as domain value instead.
+          you need to use <i>dkim._domainkey.subdomain</i> as the domain instead.
          <br />
          That means, if your domain is <i>mail.domain.com</i> you should enter <i>dkim._domainkey.mail.domain.com</i> as the Domain.
          <br />
        </div>
        <div class="alert alert-info">
--- a/app/templates/dashboard/index.html
+++ b/app/templates/dashboard/index.html
@ -31,63 +31,11 @@
 {% block title %}Alias{% endblock %}
 {% block default_content %}
  <!-- Global Stats -->
  <div class="row">
    <div class="col-12 col-md-6 col-lg-3">
      <div class="card">
        <div class="card-body">
          <div class="d-flex align-items-center">
            <div class="subheader">Aliases</div>
            <div class="text-muted"
                 style="order: 2; margin-left: auto; font-size: .8rem">All time</div>
          </div>
          <div class="h1 m-0">{{ stats.nb_alias }}</div>
        </div>
      </div>
    </div>
    <div class="col-12 col-md-6 col-lg-3">
      <div class="card">
        <div class="card-body">
          <div class="d-flex align-items-center">
            <div class="subheader">Forwarded</div>
            <div class="text-muted"
                 style="order: 2; margin-left: auto; font-size: .8rem">Last 14 days</div>
          </div>
          <div class="h1 m-0">{{ stats.nb_forward }}</div>
        </div>
      </div>
    </div>
    <div class="col-12 col-md-6 col-lg-3">
      <div class="card">
        <div class="card-body">
          <div class="d-flex align-items-center">
            <div class="subheader">Replies/Sent</div>
            <div class="text-muted"
                 style="order: 2; margin-left: auto; font-size: .8rem">Last 14 days</div>
          </div>
          <div class="h1 m-0">{{ stats.nb_reply }}</div>
        </div>
      </div>
    </div>
    <div class="col-12 col-md-6 col-lg-3">
      <div class="card">
        <div class="card-body">
          <div class="d-flex align-items-center">
            <div class="subheader">Blocked</div>
            <div class="text-muted"
                 style="order: 2; margin-left: auto; font-size: .8rem">Last 14 days</div>
          </div>
          <div class="h1 m-0">{{ stats.nb_block }}</div>
        </div>
      </div>
    </div>
  </div>
  <!-- END Global Stats -->
  <!-- Controls: buttons & search -->
  <div id="filter-app">
    <div class="row mb-3">
-      <div class="col d-flex">
+      <div class="col d-flex flex-wrap justify-content-between">
-        <div>
+        <div class="mb-1">
          <div class="btn-group" role="group">
            <form method="post">
              {{ csrf_form.csrf_token }}
@ -141,17 +89,86 @@
            </div>
          </div>
        </div>
-        <div style="margin-left: auto">
+        <div>
          <div class="btn-group">
-            <a v-if="!showFilter"
+            <a @click="toggleStats()" class="btn btn-outline-secondary">
-               @click="toggleFilter()"
+              <span v-if="!showStats">
-               class="btn btn-outline-secondary">
+                <i class="fe fe-chevrons-down"></i>
-              <i class="fe fe-chevrons-down"></i> Filters
+                Show stats
              </span>
              <span v-else>
                <i class="fe fe-chevrons-up"></i>
                Hide stats
              </span>
            </a>
          </div>
          <div class="btn-group">
            <a @click="toggleFilter()" class="btn btn-outline-secondary">
              <span v-if="!showFilter">
                <i class="fe fe-chevrons-down"></i>
                Show filters
              </span>
              <span v-else>
                <i class="fe fe-chevrons-up"></i>
                Hide filters
              </span>
            </a>
          </div>
        </div>
      </div>
    </div>
    <!-- Global Stats -->
    <div class="row" v-if="showStats">
      <div class="col-12 col-md-6 col-lg-3">
        <div class="card mb-3">
          <div class="card-body py-3">
            <div class="d-flex align-items-center">
              <div class="subheader">Aliases</div>
              <div class="text-muted"
                   style="order: 2; margin-left: auto; font-size: .8rem">All time</div>
            </div>
            <div class="h1 m-0">{{ stats.nb_alias }}</div>
          </div>
        </div>
      </div>
      <div class="col-12 col-md-6 col-lg-3">
        <div class="card mb-3">
          <div class="card-body py-3">
            <div class="d-flex align-items-center">
              <div class="subheader">Forwarded</div>
              <div class="text-muted"
                   style="order: 2; margin-left: auto; font-size: .8rem">Last 14 days</div>
            </div>
            <div class="h1 m-0">{{ stats.nb_forward }}</div>
          </div>
        </div>
      </div>
      <div class="col-12 col-md-6 col-lg-3">
        <div class="card mb-3">
          <div class="card-body py-3">
            <div class="d-flex align-items-center">
              <div class="subheader">Replies/Sent</div>
              <div class="text-muted"
                   style="order: 2; margin-left: auto; font-size: .8rem">Last 14 days</div>
            </div>
            <div class="h1 m-0">{{ stats.nb_reply }}</div>
          </div>
        </div>
      </div>
      <div class="col-12 col-md-6 col-lg-3">
        <div class="card mb-3">
          <div class="card-body py-3">
            <div class="d-flex align-items-center">
              <div class="subheader">Blocked</div>
              <div class="text-muted"
                   style="order: 2; margin-left: auto; font-size: .8rem">Last 14 days</div>
            </div>
            <div class="h1 m-0">{{ stats.nb_block }}</div>
          </div>
        </div>
      </div>
    </div>
    <!-- END Global Stats -->
    <div class="row mb-2" v-if="showFilter" id="filter-control">
      <!-- Filter Control -->
      <div class="col d-flex">
@ -223,11 +240,6 @@
            <a href="{{ url_for('dashboard.index') }}"
               class="btn btn-outline-secondary">Reset</a>
          {% endif %}
          <a v-if="showFilter"
             @click="toggleFilter()"
             class="btn btn-outline-secondary">
            <i class="fe fe-chevrons-up"></i>
          </a>
        </div>
      </div>
    </div>
@ -342,17 +354,11 @@
      </div>
      <!-- END Email Activity -->
      <div class="small-text mt-1">
-        Alias description
+        Alias description <span id="note-focus-message-{{ alias.id }}" class="d-none font-italic">(automatically saved when you click outside the field)</span>
      </div>
      <div class="d-flex mb-2">
        <div class="flex-grow-1 mr-2">
-          <textarea id="note-{{ alias.id }}" name="note" class="form-control" style="font-size: 12px" rows="2" placeholder="e.g. where the alias is used or why is it created">{{ alias.note or "" }}</textarea>
+          <textarea id="note-{{ alias.id }}" name="note" class="form-control" style="font-size: 12px" rows="2" placeholder="e.g. where the alias is used or why is it created" onchange="handleNoteChange({{ alias.id }}, '{{ alias.email }}')" onfocus="handleNoteFocus({{ alias.id }})" onblur="handleNoteBlur({{ alias.id }})">{{ alias.note or "" }}</textarea>
        </div>
        <div>
          <a data-alias="{{ alias.id }}"
             class="save-note btn btn-sm btn-outline-success w-100">
            Save
          </a>
        </div>
      </div>
      <!-- Send Email && More button -->
@ -421,7 +427,8 @@
                    data-width="100%"
                    class="mailbox-select"
                    multiple
-                    name="mailbox">
+                    name="mailbox"
                    onchange="handleMailboxChange({{ alias.id }}, '{{ alias.email }}')">
              {% for mailbox in mailboxes %}
                <option value="{{ mailbox.id }}" {% if alias_info.contain_mailbox(mailbox.id) %}
@ -431,12 +438,6 @@
              {% endfor %}
            </select>
          </div>
          <div>
            <a data-alias="{{ alias.id }}"
               class="save-mailbox btn btn-sm btn-outline-info w-100">
              Update
            </a>
          </div>
        </div>
      {% elif alias_info.mailbox != None and alias_info.mailbox.email != current_user.email %}
        <div class="small-text">
@ -448,19 +449,18 @@
           title="When sending an email from this alias, the email will have 'Display Name <{{ alias.email }}>' as sender.">
        Display name
        <i class="fe fe-help-circle"></i>
        <span id="display-name-focus-message-{{ alias.id }}"
              class="d-none font-italic">(automatically saved when you click outside the field or press Enter)</span>
      </div>
      <div class="d-flex">
        <div class="flex-grow-1 mr-2">
          <input id="alias-name-{{ alias.id }}"
                 value="{{ alias.name or '' }}"
                 class="form-control"
-                 placeholder="{{ alias.custom_domain.name or "Alias name" }}">
+                 placeholder="{{ alias.custom_domain.name or "Alias name" }}"
-        </div>
+                 onchange="handleDisplayNameChange({{ alias.id }}, '{{ alias.email }}')"
-        <div>
+                 onfocus="handleDisplayNameFocus({{ alias.id }})"
-          <a data-alias="{{ alias.id }}"
+                 onblur="handleDisplayNameBlur({{ alias.id }})">
             class="save-alias-name btn btn-sm btn-outline-primary w-100">
            Save
          </a>
        </div>
      </div>
      {% if alias.mailbox_support_pgp() %}
--- a/app/templates/dashboard/mailbox_detail.html
+++ b/app/templates/dashboard/mailbox_detail.html
@ -112,7 +112,7 @@
            {{ csrf_form.csrf_token }}
            <div class="form-group">
              <label class="form-label">PGP Public Key</label>
-              <textarea name="pgp" {% if not current_user.is_premium() %} disabled {% endif %} class="form-control" rows=10 id="pgp-public-key" placeholder="-----BEGIN PGP PUBLIC KEY BLOCK-----">{{ mailbox.pgp_public_key or "" }}</textarea>
+              <textarea name="pgp" {% if not current_user.is_premium() %} disabled {% endif %} class="form-control" rows=10 id="pgp-public-key" placeholder="(Drag and drop or paste your pgp public key here)&#10;-----BEGIN PGP PUBLIC KEY BLOCK-----">{{ mailbox.pgp_public_key or "" }}</textarea>
            </div>
            <input type="hidden" name="form-name" value="pgp">
            <button class="btn btn-primary" name="action" {% if not current_user.is_premium() %}
--- a/app/templates/dashboard/pricing.html
+++ b/app/templates/dashboard/pricing.html
@ -8,10 +8,11 @@
  <script>
    if (window.Paddle === undefined) {
      console.log("cannot load Paddle from CDN");
-      document.write('<script src="/static/vendor/paddle.js"><\/script>')
+      // split string to avoid djlint incorrectly formatting the file
      document.write('<' + 'script src="/static/vendor/paddle.js"><\/script' + '>');
    }
-</script>
+  </script>
-<style type="text/css">
+  <style type="text/css">
      html.mvc__a.mvc__lot.mvc__of.mvc__classes.mvc__to.mvc__increase.mvc__the.mvc__odds.mvc__of.mvc__winning.mvc__specificity, html.mvc__a.mvc__lot.mvc__of.mvc__classes.mvc__to.mvc__increase.mvc__the.mvc__odds.mvc__of.mvc__winning.mvc__specificity > body {
          position: static;
      }
@ -25,190 +26,737 @@
      [data-toggle="collapse"]:not(.collapsed) .if-collapsed {
          display: none;
      }
-</style>
+
      .btn-no-pointer {
        pointer-events: none !important;
      }
      .tab-yearly__badge {
        top: -8px !important;
        left: 52px !important;
      }
      .border-2 {
        border-width: 2px !important;
      }
      .text-start {
        text-align: start !important;
      }
  </style>
 {% endblock %}
 {% block announcement %}
-{#  TODO: to remove#}
+  {#  TODO: to remove#}
-{#  <div class="alert alert-danger text-center mb-0" role="alert">#}
+  {#  <div class="alert alert-danger text-center mb-0" role="alert">#}
-{#    Our payment provider Paddle is experiencing#}
+  {#    Our payment provider Paddle is experiencing#}
-{#    <a href="https://paddle.status.io" target="_blank">server issue <i class="fe fe-external-link"></i></a>#}
+  {#    <a href="https://paddle.status.io" target="_blank">server issue <i class="fe fe-external-link"></i></a>#}
-{#    that can make our checkout page unusable. <br />#}
+  {#    that can make our checkout page unusable. <br />#}
-{#    Please retry later and sorry for this issue!#}
+  {#    Please retry later and sorry for this issue!#}
-{#  </div>#}
+  {#  </div>#}
 {% endblock %}
 {% block default_content %}
-<div class="row">
+  <div class="pb-8">
-<div class="col-sm-6 col-lg-6">
+    <div class="text-center mx-md-auto mb-8 mt-6">
-<div class="card">
+      <h1>Upgrade to unlock premium features</h1>
-<div class="card-body text-center">
+    </div>
-<div class="h3">Premium</div>
+    {% if manual_sub %}
 <ul class="list-unstyled leading-loose mb-3">
 <li>
 <i class="fe fe-check text-success mr-2" aria-hidden="true"></i>
 Unlimited aliases
 </li>
 <li>
 <i class="fe fe-check text-success mr-2" aria-hidden="true"></i>
 Unlimited custom domains
 </li>
 <li>
 <i class="fe fe-check text-success mr-2" aria-hidden="true"></i>
 Catch-all (or wildcard) aliases
 </li>
 <li>
 <i class="fe fe-check text-success mr-2" aria-hidden="true"></i>
 Up to 50 directories (or usernames)
 </li>
 <li>
 <i class="fe fe-check text-success mr-2" aria-hidden="true"></i>
 Unlimited mailboxes
 </li>
 <li>
 <i class="fe fe-check text-success mr-2" aria-hidden="true"></i>
 PGP Encryption
 </li>
 </ul>
 <div class="small-text">
 More information on our
 <a href="https://simplelogin.io/pricing" target="_blank" rel="noopener noreferrer">
 Pricing
 Page <i class="fe fe-external-link"></i>
 </a>
 </div>
 </div>
 </div>
 </div>
 <div class="col-sm-6 col-lg-6">
 {% if manual_sub %}
-<div class="alert alert-info">
+      <div class="alert alert-info mt-0 mb-6">
-You currently have a subscription until <b>{{ manual_sub.end_at.format("YYYY-MM-DD") }}</b>
+        You currently have a subscription until <b>{{ manual_sub.end_at.format("YYYY-MM-DD") }}</b>
-({{ (manual_sub.end_at - now).days }} days left).
+        ({{ (manual_sub.end_at - now).days }} days left).
-<br />
+        <br />
-Please note that the time left will <b>not</b> be taken into account in a new subscription.
+        Please note that the time left will <b>not</b> be taken into account in a new subscription.
-</div>
+      </div>
-<hr />
+      <hr />
-{% endif %}
+    {% endif %}
-{% if proton_upgrade %}
+    {% set sub = current_user.get_paddle_subscription() %}
    {% if sub and sub.cancelled %}
-<div id="proton-upgrade">
+      <div class="alert alert-primary mt-0 mb-6" role="alert">
-<h4>Proton Unlimited, Business and Visionary plans include SimpleLogin premium and more!</h4>
+        You have an active subscription until {{ sub.next_bill_date.strftime("%Y-%m-%d") }}.
-<a class="btn btn-primary" role="button" href="https://account.proton.me/u/0/mail/upgrade">
+        <br />
-<b>Upgrade your Proton account</b>
+        Please note that if you re-subscribe now, this will be a completely
-</a>
+        new subscription and
-<p class="mt-2 small">
+        your payment method will be charged <b>immediately</b>.
-Starts at $9.99/month (billed yearly), starting with 500GB of storage, VPN, encrypted
+      </div>
-calendar & file storage and more.
+    {% endif %}
-</p>
+    {% if coinbase_sub %}
 <div class="middle-line my-5 h4">OR</div>
 <div id="normal-upgrade-button">
 <a class="btn btn-secondary collapsed" data-toggle="collapse" href="#normal-upgrade" role="button">
 Upgrade your SimpleLogin account
 <span class="if-collapsed">
 <i class="fe fe-chevron-down"></i>
 </span>
 <span class="if-not-collapsed">
 <i class="fe fe-chevron-up"></i>
 </span>
 </a>
 <p class="mt-2 small">Starts at $2.5/month (billed yearly)</p>
 </div>
 </div>
 {% endif %}
 <div id="normal-upgrade" class="{% if proton_upgrade %} collapse{% endif %}">
 <div class="display-6 my-3">
 🔐 Secure payments by
 <a href="https://paddle.com" target="_blank" rel="noopener noreferrer">
 Paddle <i class="fe fe-external-link"></i>
 </a>
 </div>
 {% set sub = current_user.get_paddle_subscription() %}
 {% if sub and sub.cancelled %}
-<div class="alert alert-primary" role="alert">
+      <div class="alert alert-info mt-0 mb-6">
-You have an active subscription until {{ sub.next_bill_date.strftime("%Y-%m-%d") }}.
+        You currently have a Coinbase subscription until <b>{{ coinbase_sub.end_at.format("YYYY-MM-DD") }}</b>
-<br />
+        ({{ (coinbase_sub.end_at - now).days }} days left).
-Please note that if you re-subscribe now, this will be a completely
+        <br />
-new subscription and
+        Please note that the time left will <b>not</b> be taken into account in a new Paddle subscription.
-your payment method will be charged <b>immediately</b>.
+      </div>
-</div>
+    {% endif %}
-{% endif %}
+    <div class="nav btn-group mb-4 justify-content-center position-relative flex-nowrap d-flex"
-{% if coinbase_sub %}
+         id="pills-tab"
         role="tablist">
      <a class="btn btn-outline-primary flex-grow-0 px-8 py-2"
         id="monthly-plan-tab"
         data-toggle="tab"
         href="#monthly-plan"
         role="tab"
         aria-controls="monthly-plan"
         aria-selected="false">Monthly</a>
      <a class="btn btn-outline-primary flex-grow-0 px-8 py-2 position-relative active"
         id="yearly-plan-tab"
         data-toggle="tab"
         href="#yearly-plan"
         role="tab"
         aria-controls="yearly-plan"
         aria-selected="true">Yearly<span class="badge badge-success position-absolute tab-yearly__badge"
      style="font-size: 12px">Save $18</span></a>
    </div>
    <div class="tab-content mb-8">
      <!-- monthly tab content -->
      <div class="tab-pane"
           id="monthly-plan"
           role="tabpanel"
           aria-labelledby="monthly-plan-tab">
        <div class="row row-cards">
          <!-- monthly free plan -->
          <div class="{{ 'col-md-6 col-lg-4' if proton_upgrade else 'col-md-6' }}">
            <div class="card card-md flex-grow-1">
              <div class="card-body">
                <div class="text-center">
                  <div class="h3">Free</div>
                  <div class="h3 my-3">$0</div>
                  <div class="text-center mt-4 mb-6">
                    {% set sub = current_user.get_paddle_subscription() %}
                    <button class="{{ 'invisible' if sub or manual_sub or coinbase_sub }} btn btn-lg btn-outline-secondary w-100 btn-no-pointer"
                            aria-disabled="true"
                            disabled>
                      Current plan
                    </button>
                  </div>
                </div>
                <ul class="list-unstyled">
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    10 aliases
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    1 mailbox
                  </li>
                </ul>
              </div>
            </div>
          </div>
          <!-- END monthly free plan -->
          <!-- monthly premium plan -->
          <div class="{{ 'col-md-6 col-lg-4' if proton_upgrade else 'col-md-6' }}">
            <div class="card card-md flex-grow-1 border-primary border-2">
              <div class="card-body">
                <div class="text-center">
                  <div class="h3">SimpleLogin Premium</div>
                  <div class="h3 my-3">$4 / month</div>
                  <div class="text-center mt-4 mb-6">
                    <button class="btn btn-primary btn-lg w-100"
                            onclick="upgradePaddle({{ PADDLE_MONTHLY_PRODUCT_ID }})">
                      Upgrade to Premium
                    </button>
                  </div>
                </div>
                <ul class="list-unstyled">
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Unlimited aliases
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Unlimited mailboxes
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Custom domains: bring your own domain to create aliases like contact@your-domain.com
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Catch-all (or wildcard) domain
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Initiate a new email from your alias
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    5 subdomains
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    50 directories
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    PGP Encryption
                  </li>
                </ul>
              </div>
            </div>
          </div>
          <!-- END monthly premium plan -->
          <!-- monthly Proton plan -->
          {% if proton_upgrade %}
-<div class="alert alert-info">
+            <div class="col-md-6 col-lg-4">
-You currently have a Coinbase subscription until <b>{{ coinbase_sub.end_at.format("YYYY-MM-DD") }}</b>
+              <div class="card card-md flex-grow-1">
-({{ (coinbase_sub.end_at - now).days }} days left).
+                <div class="card-body">
-<br />
+                  <div class="text-center">
-Please note that the time left will <b>not</b> be taken into account in a new Paddle subscription.
+                    <div class="h3">Proton plan</div>
-</div>
+                    <div class="h3 my-3">Starts at $11.99 / month</div>
-{% endif %}
+                    <div class="text-center mt-4 mb-6">
-<div class="mb-3">
+                      <a class="btn btn-lg btn-outline-primary w-100"
-Paddle supports bank cards
+                         role="button"
-(Mastercard, Visa, American Express, etc) and PayPal.
+                         href="https://account.proton.me/u/0/mail/upgrade"
-</div>
+                         target="_blank">Upgrade your Proton account</a>
-<button class="btn btn-primary" onclick="upgrade({{ PADDLE_YEARLY_PRODUCT_ID }})">
+                    </div>
-Yearly billing
+                  </div>
-<span class="badge badge-success">Save $18</span>
+                  <p>Proton Unlimited / Business plans include:</p>
-<br />
+                  <ul class="list-unstyled">
-<span style="font-size: 18px">$30/year</span>
+                    <li class="d-flex">
-</button>
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-<button class="btn btn-secondary" onclick="upgrade({{ PADDLE_MONTHLY_PRODUCT_ID }})">
+                      SimpleLogin Premium
-Monthly billing
+                    </li>
-<br />
+                    <li class="d-flex">
-<b>
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-$4/month
+                      500 GB storage
-</b>
+                    </li>
-</button>
+                    <li class="d-flex">
-<hr />
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-<i class="fa fa-bitcoin"></i>
+                      15 email addresses
-Payment via
+                    </li>
-<a href="https://commerce.coinbase.com/?lang=en" target="_blank" rel="noopener noreferrer">
+                    <li class="d-flex">
-Coinbase Commerce<i class="fe fe-external-link"></i>
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-</a>
+                      Unlimited folders, labels, and filters
-<br />
+                    </li>
-Currently Bitcoin, Bitcoin Cash, Dai, Ethereum, Litecoin and USD Coin are supported.
+                    <li class="d-flex">
-<br />
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-<a class="btn btn-outline-primary" href="{{ url_for('dashboard.coinbase_checkout_route') }}" target="_blank" rel="noopener noreferrer">
+                      Unlimited messages per day
-Yearly billing - Crypto
+                    </li>
-<br />
+                    <li class="d-flex">
-$30/year
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-<i class="fe fe-external-link"></i>
+                      15 email addresses
-</a>
+                    </li>
-<hr />
+                    <li class="d-flex">
-If you have bought a coupon, please go to the
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-<a href="{{ url_for('dashboard.coupon_route') }}">coupon page</a>
+                      20 Calendars
-to apply the coupon code.
+                    </li>
-</div>
+                    <li class="d-flex">
-</div>
+                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
-</div>
+                      10 high-speed VPN connections
-<script type="text/javascript">
+                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      3 custom email domains
                    </li>
                  </ul>
                </div>
              </div>
            </div>
          {% endif %}
          <!-- END monthly Proton plan -->
        </div>
      </div>
      <!-- END monthly tab content -->
      <!-- yearly tab content -->
      <div class="tab-pane show active"
           id="yearly-plan"
           role="tabpanel"
           aria-labelledby="yearly-plan-tab">
        <div class="row row-cards">
          <!-- yearly free plan (identical to monthly) -->
          <div class="{{ 'col-md-6 col-lg-4' if proton_upgrade else 'col-md-6' }}">
            <div class="card card-md flex-grow-1">
              <div class="card-body">
                <div class="text-center">
                  <div class="h3">Free</div>
                  <div class="h3 my-3">$0</div>
                  <div class="text-center mt-4 mb-6">
                    {% set sub = current_user.get_paddle_subscription() %}
                    <button class="{{ 'invisible' if sub or manual_sub or coinbase_sub }} btn btn-lg btn-outline-secondary w-100 btn-no-pointer"
                            aria-disabled="true"
                            disabled>
                      Current plan
                    </button>
                  </div>
                </div>
                <ul class="list-unstyled">
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    10 aliases
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    1 mailbox
                  </li>
                </ul>
              </div>
            </div>
          </div>
          <!-- END yearly free plan -->
          <!-- yearly premium plan -->
          <div class="{{ 'col-md-6 col-lg-4' if proton_upgrade else 'col-md-6' }}">
            <div class="card card-md flex-grow-1 border-primary border-2">
              <div class="card-body">
                <div class="text-center">
                  <div class="h3">SimpleLogin Premium</div>
                  <div class="h3 my-3">$30 / year</div>
                  <div class="text-center mt-4 mb-6">
                    <button class="btn btn-primary btn-lg w-100"
                            onclick="upgradePaddle({{ PADDLE_YEARLY_PRODUCT_ID }})">
                      Upgrade to Premium
                    </button>
                  </div>
                </div>
                <ul class="list-unstyled">
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Unlimited aliases
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Unlimited mailboxes
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Custom domains: bring your own domain to create aliases like contact@your-domain.com
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Catch-all (or wildcard) domain
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    Initiate a new email from your alias
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    5 subdomains
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    50 directories
                  </li>
                  <li class="d-flex">
                    <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                    PGP Encryption
                  </li>
                </ul>
              </div>
            </div>
          </div>
          <!-- END yearly premium plan -->
          <!-- yearly Proton plan -->
          {% if proton_upgrade %}
            <div class="col-md-6 col-lg-4">
              <div class="card card-md flex-grow-1">
                <div class="card-body">
                  <div class="text-center">
                    <div class="h3">Proton plan</div>
                    <div class="h3 my-3">Starts at $119.88 / year</div>
                    <div class="text-center mt-4 mb-6">
                      <a class="btn btn-lg btn-outline-primary w-100"
                         role="button"
                         href="https://account.proton.me/u/0/mail/upgrade"
                         target="_blank">Upgrade your Proton account</a>
                    </div>
                  </div>
                  <p>Proton Unlimited / Business plans include:</p>
                  <ul class="list-unstyled">
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      SimpleLogin Premium
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      500 GB storage
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      15 email addresses/aliases
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      Unlimited folders, labels, and filters
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      Unlimited messages per day
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      15 email addresses/aliases
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      20 Calendars
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      10 high-speed VPN connections
                    </li>
                    <li class="d-flex">
                      <i class="fe fe-check text-success mr-2 mt-1" aria-hidden="true"></i>
                      3 custom email domains
                    </li>
                  </ul>
                </div>
              </div>
            </div>
          {% endif %}
          <!-- END yearly Proton plan -->
        </div>
      </div>
      <!-- END yearly tab content -->
    </div>
    <hr />
    <!-- FAQ section -->
    <div>
      <h3 class="text-center mb-5 mt-7">Frequently asked questions</h3>
      <div id="pricing-faq">
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-payment-methods">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-payment-methods"
                      aria-controls="pricing-faq-answer-payment-methods"
                      aria-expanded="false">
                <span class="text-start">Which payment methods (credit cards, PayPal, cryptocurrencies...) do you support?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-payment-methods"
               class="collapse"
               aria-labelledby="pricing-faq-question-payment-methods"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                We use <a href="https://paddle.com" target="_blank" rel="noopener noreferrer">Paddle <i class="fe fe-external-link"></i></a> by default for handling payments via credit cards and PayPal. Paddle currently supports the following payment methods:
              </p>
              <ul>
                <li>
                  Cards (including Mastercard, Visa, Maestro, American Express, Discover, Diners Club, JCB, UnionPay, and Mada)
                </li>
                <li>
                  PayPal
                </li>
                <li>
                  Apple Pay
                </li>
                <li>
                  Wire Transfers (ACH/SEPA/BACS)
                </li>
              </ul>
              <p>
                More information can be found on
                <a href="https://paddle.com/support/which-payment-methods-do-you-support/"
                   target="_blank"
                   rel="noopener noreferrer">
                  Paddle supported payment methods <i class="fe fe-external-link"></i>
                </a>.
              </p>
              <hr />
              <p>
                Furthermore we also support cryptocurrencies for the yearly plan via
                <a href="https://commerce.coinbase.com"
                   target="_blank"
                   rel="noopener noreferrer">
                  Coinbase Commerce <i class="fe fe-external-link"></i>
                </a>, which currently supports Bitcoin, Bitcoin Cash, DAI, ApeCoin, Dogecoin, Ethereum, Litecoin, SHIBA INU, Tether and USD Coin.
              </p>
              <p>
                In the future, we are going to support Monero as well. In the meantime, please send us an email at <a href="mailto:support@simplelogin.zendesk.com">support@simplelogin.zendesk.com</a> if you want to use this cryptocurrency.
              </p>
              <div class="d-flex justify-content-center">
                <a class="btn btn-outline-primary text-center"
                   href="{{ url_for('dashboard.coinbase_checkout_route') }}"
                   target="_blank"
                   rel="noopener noreferrer">
                  Upgrade to Premium - cryptocurrency
                  <br />
                  $30 / year
                  <i class="fe fe-external-link"></i>
                </a>
              </div>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-coupon">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-coupon"
                      aria-controls="pricing-faq-answer-coupon"
                      aria-expanded="false">
                <span class="text-start">Where can I redeem / buy a coupon?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-coupon"
               class="collapse"
               aria-labelledby="pricing-faq-question-coupon"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                To redeem or buy a coupon, please go to the
                <a href="{{ url_for('dashboard.coupon_route') }}">coupon page</a>. The coupon code can be used by you or given to someone as a gift.
              </p>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-aliases-sub-stopped">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-aliases-sub-stopped"
                      aria-controls="pricing-faq-answer-aliases-sub-stopped"
                      aria-expanded="false">
                <span class="text-start">What happens to my aliases when I stop the subscription?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-aliases-sub-stopped"
               class="collapse"
               aria-labelledby="pricing-faq-question-aliases-sub-stopped"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                When your subscription ends, all aliases you created continue working normally, both on receiving and
                sending emails. Concretely:
              </p>
              <ul>
                <li>
                  All aliases/domains/directories/mailboxes you have created are kept and continue working normally.
                </li>
                <li>
                  You cannot create new aliases if you exceed the free plan limit, i.e. have more than 10 aliases.
                </li>
                <li>
                  As features like catch-all or directory allow you to create aliases on-the-fly, those aliases cannot be automatically created if you have more than 10 aliases.
                </li>
                <li>
                  You cannot add new domain, directory or mailbox.
                </li>
              </ul>
              <p>
                For example, if you have 100 aliases by the time your subscription ends, these 100 aliases will continue receiving and sending emails normally. You cannot however create new aliases.
              </p>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-aliases-max">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-aliases-max"
                      aria-controls="pricing-faq-answer-aliases-max"
                      aria-expanded="false">
                <span class="text-start">What happens when I reach the maximum number of alias in free plan?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-aliases-max"
               class="collapse"
               aria-labelledby="pricing-faq-question-aliases-max"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                If you are in the free plan, you cannot create new aliases when you reach the maximum number of aliases
                (i.e. 10 aliases).
                <br>
                Aliases that would otherwise be created automatically via the catch-all domain or directory feature also cannot be created.
              </p>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-discounts">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-discounts"
                      aria-controls="pricing-faq-answer-discounts"
                      aria-expanded="false">
                <span class="text-start">Do you offer discounts?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-discounts"
               class="collapse"
               aria-labelledby="pricing-faq-question-discounts"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                We offer important discounts or free premium for:
              </p>
              <ul>
                <li>
                  students, professors or technical staffs working at an educational institute
                </li>
                <li>
                  activists, dissidents or journalists
                </li>
                <li>
                  charity organizations
                </li>
              </ul>
              <p>
                Please send us an email at <a href="mailto:support@simplelogin.zendesk.com">support@simplelogin.zendesk.com</a> for more info.
              </p>
              <p>
                We used to offer free premium accounts for students but this program ended at June 17 2021. Please note this doesn't affect existing accounts who have already benefited from the program or requests sent before this date.
              </p>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-refund">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-refund"
                      aria-controls="pricing-faq-answer-refund"
                      aria-expanded="false">
                <span class="text-start">Do you have a refund policy?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-refund"
               class="collapse"
               aria-labelledby="pricing-faq-question-refund"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                No we don't have a refund policy because SimpleLogin has a trial period where you can try all premium features.
              </p>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-family">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-family"
                      aria-controls="pricing-faq-answer-family"
                      aria-expanded="false">
                <span class="text-start">Do you have a family plan?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-family"
               class="collapse"
               aria-labelledby="pricing-faq-question-family"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                No we don't have a family plan but offer 30% reduction for additional subscriptions. Please contact us at <a href="mailto:support@simplelogin.zendesk.com">support@simplelogin.zendesk.com</a> for more information.
              </p>
            </div>
          </div>
        </div>
        <div class="card mb-3">
          <div class="card-header card-collapse p-0"
               id="pricing-faq-question-other-ways">
            <h5 class="mb-0 w-100">
              <button class="btn btn-link btn-block d-flex justify-content-between card-btn p-4 collapsed text-decoration-none"
                      data-toggle="collapse"
                      data-target="#pricing-faq-answer-other-ways"
                      aria-controls="pricing-faq-answer-other-ways"
                      aria-expanded="false">
                <span class="text-start">Are there other ways to buy SimpleLogin subscriptions?</span>
                <span class="if-collapsed">
                  <i class="fe fe-chevron-down"></i>
                </span>
                <span class="if-not-collapsed">
                  <i class="fe fe-chevron-up"></i>
                </span>
              </button>
            </h5>
          </div>
          <div id="pricing-faq-answer-other-ways"
               class="collapse"
               aria-labelledby="pricing-faq-question-other-ways"
               data-parent="#pricing-faq">
            <div class="card-body">
              <p>
                Yes you can also buy SimpleLogin subscription coupon via <a href="https://proxysto.re/en/index.html" target="_blank">ProxyStore <i class="fe fe-external-link"></i></a>, our official reseller.
              </p>
            </div>
          </div>
        </div>
      </div>
    </div>
    <!-- END FAQ section -->
  </div>
  <script type="text/javascript">
    Paddle.Setup({vendor: {{ PADDLE_VENDOR_ID }}});
-    function upgrade(productId) {
+    function upgradePaddle(productId) {
-      bootbox.dialog({
+      Paddle.Checkout.open({
-        title: `Payment with credit card or PayPal via Paddle`,
+        product: productId,
-        message: `Paddle will ask for an email address for sending out the invoices, please feel free to use an alias. <br />
+        success: "{{ success_url }}",
-        You don't have to use your SimpleLogin account email address`,
+        passthrough: "{\"user_id\": {{current_user.id}} }"
        size: 'large',
        onEscape: true,
        backdrop: true,
        buttons: {
          got_it: {
            label: 'Got it!',
            className: 'btn-outline-primary',
            callback: function () {
              Paddle.Checkout.open({
                product: productId,
                success: "{{ success_url }}",
                passthrough: "{\"user_id\": {{current_user.id}} }"
              });
            }
          },
        }
      });
    }
-</script>
+  </script>
 {% endblock %}
--- a/app/templates/dashboard/refused_email.html
+++ b/app/templates/dashboard/refused_email.html
@ -15,7 +15,7 @@
  <div class="col">
    <h1 class="h3 mb-5">Quarantine & Bounce</h1>
    <div class="alert alert-info">
-      This page shows all emails that are either refused by your mailbox (bounced) or detected as spams/phishing (quarantine) via our
+      This page shows all emails that are either refused by your mailbox (bounced) or detected as spam/phishing (quarantine) via our
      <a href="https://simplelogin.io/docs/getting-started/anti-phishing/"
         target="_blank"
         rel="noopener noreferrer">anti-phishing program ↗</a>
@ -31,7 +31,7 @@
             rel="noopener noreferrer">Setting up filter for SimpleLogin emails ↗</a>
        </li>
        <li>
-          If the email is flagged as spams/phishing, this means that the sender explicitly states their emails should respect
+          If the email is flagged as spam/phishing, this means that the sender explicitly states their emails should respect
          <b>DMARC</b> (an email authentication protocol)
          and any email that violates this should either be quarantined or rejected. If possible, please contact the sender
          so they can update their DMARC setting or fix their SPF/DKIM that cause the DMARC failure.
--- a/app/templates/dashboard/setting.html
+++ b/app/templates/dashboard/setting.html
@ -181,10 +181,10 @@
    <!-- END change name & profile picture -->
    <!-- Change email -->
    <div class="card">
-      <form method="post" enctype="multipart/form-data">
+      <div class="card-body">
-        <input type="hidden" name="form-name" value="update-email">
+        <form method="post" enctype="multipart/form-data">
-        {{ change_email_form.csrf_token }}
+          <input type="hidden" name="form-name" value="update-email">
-        <div class="card-body">
+          {{ change_email_form.csrf_token }}
          <div class="card-title">Account Email</div>
          <div class="mb-3">
            This email address is used to log in to SimpleLogin.
@ -199,26 +199,30 @@
            <!-- Not allow user to change email if there's a pending change -->
            {{ change_email_form.email(class="form-control", value=current_user.email, readonly=pending_email != None) }}
            {{ render_field_errors(change_email_form.email) }}
            {% if pending_email %}
              <div class="mt-2">
                <span class="text-danger">Pending email change: {{ pending_email }}</span>
                <a href="{{ url_for('dashboard.resend_email_change') }}"
                   class="btn btn-secondary btn-sm">
                  Resend
                  confirmation email
                </a>
                <a href="{{ url_for('dashboard.cancel_email_change') }}"
                   class="btn btn-secondary btn-sm">
                  Cancel email
                  change
                </a>
              </div>
            {% endif %}
          </div>
          <button class="btn btn-outline-primary">Change Email</button>
-        </div>
+        </form>
-      </form>
+        {% if pending_email %}
          <div class="mt-2">
            <span class="text-danger float-left">Pending email change: {{ pending_email }}</span>
            <form method="POST"
                  action="{{ url_for('dashboard.resend_email_change') }}"
                  class="float-left ml-2">
              {{ change_email_form.csrf_token }}
              <a onclick="this.closest('form').submit()"
                 class="btn btn-secondary btn-sm">Resend confirmation email</a>
            </form>
            <form method="POST"
                  action="{{ url_for('dashboard.cancel_email_change') }}"
                  class="float-left ml-2">
              {{ change_email_form.csrf_token }}
              <a onclick="this.closest('form').submit()"
                 class="btn btn-secondary btn-sm">Cancel email change</a>
            </form>
          </div>
        {% endif %}
      </div>
    </div>
    <!-- END Change email -->
    <!-- Connect with Proton -->
@ -265,11 +269,15 @@
    <div class="card" id="change_password">
      <div class="card-body">
        <div class="card-title">Password</div>
-        <div class="mb-3">You will receive an email containing instructions on how to change your password.</div>
+        <div class="mb-3">
          You will receive an email containing instructions on how to change your password.
        </div>
        <form method="post">
          {{ csrf_form.csrf_token }}
          <input type="hidden" name="form-name" value="change-password">
-          <button class="btn btn-outline-primary">Change password</button>
+          <button class="btn btn-outline-primary">
            Change password
          </button>
        </form>
      </div>
    </div>
@ -676,7 +684,8 @@
              SimpleLogin forwards emails to your mailbox from the <b>reverse-alias</b> and not from the <b>original</b>
              sender address.
              <br />
-              If this option is enabled, the original sender addresses is stored in the email header <b>X-SimpleLogin-Envelope-From</b>.
+              If this option is enabled, the original sender addresses is stored in the email header <b>X-SimpleLogin-Envelope-From</b>
              and the original From header is stored in <b>X-SimpleLogin-Original-From<b>.
              You can choose to display this header in your email client.
              <br />
              As email headers aren't encrypted, your mailbox service can know the sender address via this header.
--- a/app/templates/dashboard/thank-you.html
+++ b/app/templates/dashboard/thank-you.html
@ -0,0 +1,18 @@
 {% extends "single.html" %}
 {% set active_page = "dashboard" %}
 {% block title %}Thank you{% endblock %}
 {% block single_content %}
  <div class="card">
    <div class="card-body">
      <h1 class="h3">Thanks so much for supporting SimpleLogin!</h1>
      <p>
        SimpleLogin is 100% funded by the community.
        We do not use your data, track you or show you ads.
      </p>
      <p>Thanks to your support, we can keep the service running and develop new features.</p>
      <a class="btn btn-primary" href="/">Close</a>
    </div>
  </div>
 {% endblock %}
--- a/app/templates/developer/client_details/base.html
+++ b/app/templates/developer/client_details/base.html
@ -31,7 +31,7 @@
          <span class="icon mr-3"><i class="fe fe-alert-octagon"></i></span>Danger
        </a>
      </div>
-      <a href="https://docs.simplelogin.io"
+      <a href="https://simplelogin.io/docs/siwsl/app/"
         target="_blank"
         rel="noopener noreferrer"
         class="btn btn-block btn-secondary mt-4">
--- a/app/templates/developer/client_details/basic_info.html
+++ b/app/templates/developer/client_details/basic_info.html
@ -10,7 +10,7 @@
      <h4 class="alert-heading">Well done!</h4>
      <p>
        Please head to our
-        <a href="https://docs.simplelogin.io"
+        <a href="https://simplelogin.io/docs/siwsl/app/"
           target="_blank"
           rel="noopener noreferrer">
          documentation <i class="fe fe-external-link"></i>
--- a/app/templates/developer/index.html
+++ b/app/templates/developer/index.html
@ -47,7 +47,7 @@
    <div class="col">
      <div class="btn-group" role="group" aria-label="Basic example">
        <a href="{{ url_for('developer.new_client') }}" class="btn btn-primary">New website</a>
-        <a href="https://docs.simplelogin.io"
+        <a href="https://simplelogin.io/docs/siwsl/app/"
           target="_blank"
           rel="noopener noreferrer"
           class="ml-2 btn btn-secondary">
--- a/app/templates/emails/transactional/bounce/bounced-email.html
+++ b/app/templates/emails/transactional/bounce/bounced-email.html
@ -31,7 +31,7 @@ Please consider the following options:
    <a href="{{ disable_alias_link }}">disable the alias</a>
    or
    <a href="{{ block_sender_link }}">block the sender</a>
-    if they send too many spams.
+    if they send too many spam emails.
  </li>
 </ol>
 <br />
--- a/app/templates/emails/transactional/bounce/bounced-email.txt.jinja2
+++ b/app/templates/emails/transactional/bounce/bounced-email.txt.jinja2
@ -12,7 +12,7 @@ Please consider the following options:
 2. If this email is spam, it means your alias {{alias}} is now in the hands of a spammer.
   You can either disable the alias on {{disable_alias_link}}
-   or block the sender on {{ block_sender_link }} if they send too many spams.
+   or block the sender on {{ block_sender_link }} if they send too many spam emails.
 Please note that the alias can be automatically disabled if too many emails sent to it are bounced.
--- a/app/templates/emails/transactional/warn-multiple-registration.html
+++ b/app/templates/emails/transactional/warn-multiple-registration.html
@ -0,0 +1,17 @@
 {% extends "base.html" %}
 {% block content %}
  {% call text() %}
  Hello,
 {% endcall %}
 {% call text() %}
 Your have tried to register multiple times to {{ service }}, and this is against the terms of service of SimpleLogin. Please don't do that anymore.
 {% endcall %}
 {% call text() %}
 If you continue registering multiple accounts to a single service we will have to disable your account.
 {% endcall %}
 {% endblock %}
--- a/app/templates/emails/transactional/warn-multiple-registration.txt.jinja2
+++ b/app/templates/emails/transactional/warn-multiple-registration.txt.jinja2
@ -0,0 +1,9 @@
 {% extends "base.txt.jinja2" %}
 {% block content %}
 Hello,
 Your have tried to register multiple times to {{service}}, and this is against the terms of service of SimpleLogin. Please don't do that anymore.
 If you continue registering multiple accounts to a single service we will have to disable your account.
 {% endblock %}
--- a/app/templates/footer.html
+++ b/app/templates/footer.html
@ -286,6 +286,7 @@
    },
    async mounted() {
      Object.freeze(Object.prototype);
      let that = this;
      let res = await fetch(`/api/notifications?page=${that.page}`, {
        method: "GET",
--- a/app/templates/notification/bounce-forward-phase.html
+++ b/app/templates/notification/bounce-forward-phase.html
@ -19,7 +19,7 @@
      <a href="{{ disable_alias_link }}">disable the alias</a>
      or
      <a href="{{ block_sender_link }}">block the sender</a>
-      if they send too many spams.
+      if they send too many spam emails.
    </li>
  </ol>
 </div>
--- a/app/tests/api/test_setting.py
+++ b/app/tests/api/test_setting.py
@ -17,7 +17,7 @@ def test_get_setting(flask_client):
        "notification": True,
        "random_alias_default_domain": "sl.local",
        "sender_format": "AT",
-        "random_alias_suffix": "random_string",
+        "random_alias_suffix": "word",
    }
@ -95,11 +95,13 @@ def test_get_setting_domains_v2(flask_client):
 def test_update_settings_random_alias_suffix(flask_client):
    user = login(flask_client)
    # default random_alias_suffix is random_string
-    assert user.random_alias_suffix == AliasSuffixEnum.random_string.value
+    assert user.random_alias_suffix == AliasSuffixEnum.word.value
    r = flask_client.patch("/api/setting", json={"random_alias_suffix": "invalid"})
    assert r.status_code == 400
-    r = flask_client.patch("/api/setting", json={"random_alias_suffix": "word"})
+    r = flask_client.patch(
        "/api/setting", json={"random_alias_suffix": "random_string"}
    )
    assert r.status_code == 200
-    assert user.random_alias_suffix == AliasSuffixEnum.word.value
+    assert user.random_alias_suffix == AliasSuffixEnum.random_string.value
--- a/app/tests/api/test_user_info.py
+++ b/app/tests/api/test_user_info.py
@ -129,3 +129,12 @@ def test_change_name(flask_client):
    assert r.json["name"] == "new name"
    assert user.name == "new name"
 def test_stats(flask_client):
    login(flask_client)
    r = flask_client.get("/api/stats")
    assert r.status_code == 200
    assert r.json == {"nb_alias": 1, "nb_block": 0, "nb_forward": 0, "nb_reply": 0}
--- a/app/tests/auth/test_reset_password.py
+++ b/app/tests/auth/test_reset_password.py
@ -0,0 +1,26 @@
 from flask import url_for
 from app.db import Session
 from app.models import User, ResetPasswordCode
 from tests.utils import create_new_user, random_token
 def test_successful_reset_password(flask_client):
    user = create_new_user()
    original_pass_hash = user.password
    user_id = user.id
    reset_code = random_token()
    ResetPasswordCode.create(user_id=user.id, code=reset_code)
    ResetPasswordCode.create(user_id=user.id, code=random_token())
    Session.commit()
    r = flask_client.post(
        url_for("auth.reset_password", code=reset_code),
        data={"password": "1231idsfjaads"},
    )
    assert r.status_code == 302
    assert ResetPasswordCode.get_by(user_id=user_id) is None
    user = User.get(user_id)
    assert user.password != original_pass_hash
--- a/app/tests/dashboard/test_api_keys.py
+++ b/app/tests/dashboard/test_api_keys.py
@ -1,10 +1,13 @@
 from time import time
 import arrow
 from flask import url_for
 from app import config
 from app.dashboard.views.api_key import clean_up_unused_or_old_api_keys
 from app.db import Session
 from app.models import User, ApiKey
-from tests.utils import login
+from tests.utils import login, create_new_user
 def test_api_key_page_requires_password(flask_client):
@ -87,3 +90,26 @@ def test_delete_all_api_keys(flask_client):
    assert (
        ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
    )  # assert that user 2 still has 1 API key
 def test_cleanup_api_keys():
    user = create_new_user()
    ApiKey.create(
        user_id=user.id, name="used", last_used=arrow.utcnow().shift(days=-3), times=1
    )
    ApiKey.create(
        user_id=user.id, name="keep 1", last_used=arrow.utcnow().shift(days=-2), times=1
    )
    ApiKey.create(
        user_id=user.id, name="keep 2", last_used=arrow.utcnow().shift(days=-1), times=1
    )
    ApiKey.create(user_id=user.id, name="not used", last_used=None, times=1)
    Session.flush()
    old_max_api_keys = config.MAX_API_KEYS
    config.MAX_API_KEYS = 2
    clean_up_unused_or_old_api_keys(user.id)
    keys = ApiKey.filter_by(user_id=user.id).all()
    assert len(keys) == 2
    assert keys[0].name.find("keep") == 0
    assert keys[1].name.find("keep") == 0
    config.MAX_API_KEYS = old_max_api_keys
--- a/app/tests/dashboard/test_coupon.py
+++ b/app/tests/dashboard/test_coupon.py
@ -0,0 +1,20 @@
 from flask import url_for
 from app.models import Coupon
 from app.utils import random_string
 from tests.utils import login
 def test_use_coupon(flask_client):
    user = login(flask_client)
    code = random_string(10)
    Coupon.create(code=code, nb_year=1, commit=True)
    r = flask_client.post(
        url_for("dashboard.coupon_route"),
        data={"code": code},
    )
    assert r.status_code == 302
    coupon = Coupon.get_by(code=code)
    assert coupon.used
    assert coupon.used_by_user_id == user.id
--- a/app/tests/dashboard/test_custom_alias.py
+++ b/app/tests/dashboard/test_custom_alias.py
@ -316,6 +316,10 @@ def test_add_alias_in_global_trash(flask_client):
 def test_add_alias_in_custom_domain_trash(flask_client):
    user = login(flask_client)
    for deleted_domain in DomainDeletedAlias.all():
        Session.delete(deleted_domain)
    Session.flush()
    domain = random_domain()
    custom_domain = CustomDomain.create(
        user_id=user.id, domain=domain, ownership_verified=True, commit=True
--- a/app/tests/example_emls/replacement_on_forward_phase.eml
+++ b/app/tests/example_emls/replacement_on_forward_phase.eml
@ -0,0 +1,65 @@
 Received: by mail-ed1-f49.google.com with SMTP id ej4so13657316edb.7
        for <gmail@simplemail.fplante.fr>; Mon, 27 Jun 2022 08:48:15 -0700 (PDT)
 X-Gm-Message-State: AJIora8exR9DGeRFoKAtjzwLtUpH5hqx6Zt3tm8n4gUQQivGQ3fELjUV
 	yT7RQIfeW9Kv2atuOcgtmGYVU4iQ8VBeLmK1xvOYL4XpXfrT7ZrJNQ==
 Authentication-Results: mx.google.com;
       dkim=pass header.i=@matera.eu header.s=fnt header.b=XahYMey7;
       dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b="QOCS/yjt";
       spf=pass (google.com: domain of bounces+14445963-ab4e-csyndic.quartz=gmail.com@front-mail.matera.eu designates 168.245.4.42 as permitted sender) smtp.mailfrom="bounces+14445963-ab4e-csyndic.quartz=gmail.com@front-mail.matera.eu";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=matera.eu
 Received: from out.frontapp.com (unknown)
 	by geopod-ismtpd-3-0 (SG)
 	with ESMTP id d2gM2N7PT7W8d2-UEC4ESA
 	for <csyndic.quartz@gmail.com>;
 	Mon, 27 Jun 2022 15:48:11.014 +0000 (UTC)
 Content-Type: multipart/alternative;
 boundary="----sinikael-?=_1-16563448907660.10629093370416887"
 In-Reply-To:
 <imported@frontapp.com_81c5208b4cff8b0633f167fda4e6e8e8f63b7a9b>
 References:
 <imported@frontapp.com_t:AssembléeGénérale2022-06-25T16:32:03+02:006b3cdade-982b-47cd-8114-6a037dfb7d60>
 <imported@frontapp.com_f924cce139940c9935621f067d46443597394f34>
 <imported@frontapp.com_t:Appeldefonds2022-06-26T10:04:55+02:00d89f5e23-6d98-4f01-95fa-b7c7544b7aa9>
 <imported@frontapp.com_81c5208b4cff8b0633f167fda4e6e8e8f63b7a9b>
 <af07e94a66ece6564ae30a2aaac7a34c@frontapp.com>
 From: {{ sender_address }}
 To: {{ recipient_address }}
 CC: {{ cc_address }}
 Subject: Something
 Message-ID: <af07e94a66ece6564ae30a2aaac7a34c@frontapp.com>
 X-Mailer: Front (1.0; +https://frontapp.com;
 +msgid=af07e94a66ece6564ae30a2aaac7a34c@frontapp.com)
 X-Feedback-ID: 14445963:SG
 X-SG-EID:
 =?us-ascii?Q?XtlxQDg5i3HqMzQY2Upg19JPZBVl1RybInUUL2yta9uBoIU4KU1FMJ5DjWrz6g?=
 =?us-ascii?Q?fJUK5Qmneg2uc46gwp5BdHdp6Foaq5gg3xJriv3?=
 =?us-ascii?Q?9OA=2FWRifeylU9O+ngdNbOKXoeJAkROmp2mCgw9x?=
 =?us-ascii?Q?uud+EclOT9mYVtbZsydOLLm6Y2PPswQl8lnmiku?=
 =?us-ascii?Q?DAhkG15HTz2FbWGWNDFb7VrSsN5ddjAscr6sIHw?=
 =?us-ascii?Q?S48R5fnXmfhPbmlCgqFjr0FGphfuBdNAt6z6w8a?=
 =?us-ascii?Q?o9u1EYDIX7zWHZ+Tr3eyw=3D=3D?=
 X-SG-ID:
 =?us-ascii?Q?N2C25iY2uzGMFz6rgvQsb8raWjw0ZPf1VmjsCkspi=2FI9PhcvqXQTpKqqyZkvBe?=
 =?us-ascii?Q?+2RscnQ4WPkA+BN1vYgz1rezTVIqgp+rlWrKk8o?=
 =?us-ascii?Q?HoB5dzpX6HKWtWCVRi10zwlDN1+pJnySoIUrlaT?=
 =?us-ascii?Q?PA2aqQKmMQbjTl0CUAFryR8hhHcxdS0cQowZSd7?=
 =?us-ascii?Q?XNjJWLvCGF7ODwg=2FKr+4yRE8UvULS2nrdO2wWyQ?=
 =?us-ascii?Q?AiFHdPdZsRlgNomEo=3D?=
 X-Spamd-Result: default: False [-2.00 / 13.00];
 	ARC_ALLOW(-1.00)[google.com:s=arc-20160816:i=1];
 	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 	REPLYTO_ADDR_EQ_FROM(0.00)[];
 	FORGED_RECIPIENTS_FORWARDING(0.00)[];
 	NEURAL_HAM(-0.00)[-0.981];
 	FREEMAIL_TO(0.00)[gmail.com];
 	RCVD_TLS_LAST(0.00)[];
 	FREEMAIL_ENVFROM(0.00)[gmail.com];
 	MIME_TRACE(0.00)[0:+,1:+,2:~];
 	RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.208.49:from]
 ------sinikael-?=_1-16563448907660.10629093370416887
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: quoted-printable
 From {{ sender_address }} To {{ recipient_address }}
 ------sinikael-?=_1-16563448907660.10629093370416887--
--- a/app/tests/handler/test_preserved_headers.py
+++ b/app/tests/handler/test_preserved_headers.py
@ -0,0 +1,74 @@
 from aiosmtpd.smtp import Envelope
 import email_handler
 from app.db import Session
 from app.email import headers, status
 from app.mail_sender import mail_sender
 from app.models import Alias
 from app.utils import random_string
 from tests.utils import create_new_user, load_eml_file, random_email
@mail_sender.store_emails_test_decorator
 def test_original_headers_from_preserved():
    user = create_new_user()
    alias = Alias.create_new_random(user)
    Session.flush()
    assert user.include_header_email_header
    original_sender_address = random_email()
    msg = load_eml_file(
        "replacement_on_forward_phase.eml",
        {
            "sender_address": original_sender_address,
            "recipient_address": alias.email,
            "cc_address": random_email(),
        },
    )
    envelope = Envelope()
    envelope.mail_from = f"env.{original_sender_address}"
    envelope.rcpt_tos = [alias.email]
    result = email_handler.MailHandler()._handle(envelope, msg)
    assert result == status.E200
    send_requests = mail_sender.get_stored_emails()
    assert len(send_requests) == 1
    request = send_requests[0]
    assert request.msg[headers.SL_ENVELOPE_FROM] == envelope.mail_from
    assert request.msg[headers.SL_ORIGINAL_FROM] == original_sender_address
    assert (
        request.msg[headers.AUTHENTICATION_RESULTS]
        == msg[headers.AUTHENTICATION_RESULTS]
    )
@mail_sender.store_emails_test_decorator
 def test_original_headers_from_with_name_preserved():
    user = create_new_user()
    alias = Alias.create_new_random(user)
    Session.flush()
    assert user.include_header_email_header
    original_sender_address = random_email()
    name = random_string(10)
    msg = load_eml_file(
        "replacement_on_forward_phase.eml",
        {
            "sender_address": f"{name} <{original_sender_address}>",
            "recipient_address": alias.email,
            "cc_address": random_email(),
        },
    )
    envelope = Envelope()
    envelope.mail_from = f"env.{original_sender_address}"
    envelope.rcpt_tos = [alias.email]
    result = email_handler.MailHandler()._handle(envelope, msg)
    assert result == status.E200
    send_requests = mail_sender.get_stored_emails()
    assert len(send_requests) == 1
    request = send_requests[0]
    assert request.msg[headers.SL_ENVELOPE_FROM] == envelope.mail_from
    assert (
        request.msg[headers.SL_ORIGINAL_FROM] == f"{name} <{original_sender_address}>"
    )
    assert (
        request.msg[headers.AUTHENTICATION_RESULTS]
        == msg[headers.AUTHENTICATION_RESULTS]
    )
--- a/app/tests/models/test_user.py
+++ b/app/tests/models/test_user.py
@ -1,13 +1,9 @@
 import arrow
 from app import config
 from app.db import Session
-from app.models import User, Job
+from app.models import User, Job, PartnerSubscription, PartnerUser, ManualSubscription
-from tests.utils import create_new_user, random_email
+from app.proton.utils import get_proton_partner
-
+from tests.utils import random_email, random_token
 def test_available_sl_domains(flask_client):
    user = create_new_user()
    assert set(user.available_sl_domains()) == {"d1.test", "d2.test", "sl.local"}
 def test_create_from_partner(flask_client):
@ -17,6 +13,7 @@ def test_create_from_partner(flask_client):
    )
    assert user.notification is False
    assert user.trial_end is None
    assert user.newsletter_alias_id is None
    job = Session.query(Job).order_by(Job.id.desc()).first()
    assert job is not None
    assert job.name == config.JOB_SEND_PROTON_WELCOME_1
@ -29,3 +26,23 @@ def test_user_created_by_partner(flask_client):
    regular_user = User.create(email=random_email())
    assert regular_user.created_by_partner is False
 def test_user_is_premium(flask_client):
    user = User.create(email=random_email(), from_partner=True)
    assert not user.is_premium()
    partner_user = PartnerUser.create(
        user_id=user.id,
        partner_id=get_proton_partner().id,
        partner_email=user.email,
        external_user_id=random_token(),
        flush=True,
    )
    ps = PartnerSubscription.create(
        partner_user_id=partner_user.id, end_at=arrow.now().shift(years=1), flush=True
    )
    assert user.is_premium()
    assert not user.is_premium(include_partner_subscription=False)
    ManualSubscription.create(user_id=user.id, end_at=ps.end_at)
    assert user.is_premium()
    assert user.is_premium(include_partner_subscription=False)
--- a/app/tests/test_alias_suffixes.py
+++ b/app/tests/test_alias_suffixes.py
@ -0,0 +1,152 @@
 import re
 from app.alias_suffix import get_alias_suffixes
 from app.db import Session
 from app.models import SLDomain, PartnerUser, AliasOptions, CustomDomain
 from app.proton.utils import get_proton_partner
 from init_app import add_sl_domains
 from tests.utils import create_new_user, random_token
 def setup_module():
    Session.query(SLDomain).delete()
    SLDomain.create(
        domain="hidden", premium_only=False, flush=True, order=5, hidden=True
    )
    SLDomain.create(domain="free_non_partner", premium_only=False, flush=True, order=4)
    SLDomain.create(
        domain="premium_non_partner", premium_only=True, flush=True, order=3
    )
    SLDomain.create(
        domain="free_partner",
        premium_only=False,
        flush=True,
        partner_id=get_proton_partner().id,
        order=2,
    )
    SLDomain.create(
        domain="premium_partner",
        premium_only=True,
        flush=True,
        partner_id=get_proton_partner().id,
        order=1,
    )
    Session.commit()
 def teardown_module():
    Session.query(SLDomain).delete()
    add_sl_domains()
 def test_get_default_domain_even_if_is_not_allowed():
    user = create_new_user()
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    user.trial_end = None
    default_domain = SLDomain.filter_by(
        hidden=False, partner_id=None, premium_only=False
    ).first()
    user.default_alias_public_domain_id = default_domain.id
    Session.flush()
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    suffixes = get_alias_suffixes(user, alias_options=options)
    assert suffixes[0].domain == default_domain.domain
 def test_get_default_domain_hidden():
    user = create_new_user()
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    user.trial_end = None
    default_domain = SLDomain.filter_by(
        hidden=True, partner_id=None, premium_only=False
    ).first()
    user.default_alias_public_domain_id = default_domain.id
    Session.flush()
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    suffixes = get_alias_suffixes(user, alias_options=options)
    for suffix in suffixes:
        domain = SLDomain.get_by(domain=suffix.domain)
        assert not domain.hidden
    assert suffixes[0].domain != default_domain.domain
 def test_get_default_domain_is_premium_for_free_user():
    user = create_new_user()
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    user.trial_end = None
    default_domain = SLDomain.filter_by(partner_id=None, premium_only=True).first()
    user.default_alias_public_domain_id = default_domain.id
    Session.flush()
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    suffixes = get_alias_suffixes(user, alias_options=options)
    for suffix in suffixes:
        domain = SLDomain.get_by(domain=suffix.domain)
        assert not domain.premium_only
    assert suffixes[0].domain != default_domain.domain
 def test_suffixes_are_valid():
    user = create_new_user()
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    CustomDomain.create(
        user_id=user.id, domain=f"{random_token(10)}.com", verified=True
    )
    user.trial_end = None
    Session.flush()
    options = AliasOptions(
        show_sl_domains=True, show_partner_domains=get_proton_partner()
    )
    alias_suffixes = get_alias_suffixes(user, alias_options=options)
    valid_re = re.compile(r"^(\.[\w_]+)?@[\.\w]+$")
    has_prefix = 0
    for suffix in alias_suffixes:
        match = valid_re.match(suffix.suffix)
        assert match is not None
        if len(match.groups()) >= 1:
            has_prefix += 1
    assert has_prefix > 0
 def test_get_default_domain_is_only_shown_once():
    user = create_new_user()
    default_domain = SLDomain.filter_by(hidden=False).order_by(SLDomain.order).first()
    user.default_alias_public_domain_id = default_domain.id
    Session.flush()
    options = AliasOptions(
        show_sl_domains=True, show_partner_domains=get_proton_partner()
    )
    suffixes = get_alias_suffixes(user, alias_options=options)
    found_default = False
    found_domains = set()
    for suffix in suffixes:
        assert suffix.domain not in found_domains
        found_domains.add(suffix.domain)
        if default_domain.domain == suffix.domain:
            found_default = True
    assert found_default
--- a/app/tests/test_alias_utils.py
+++ b/app/tests/test_alias_utils.py
@ -16,6 +16,7 @@ from app.models import (
    Directory,
    DirectoryMailbox,
    User,
    DomainDeletedAlias,
 )
 from tests.utils import create_new_user, random_domain, random_token
@ -83,6 +84,11 @@ def get_auto_create_alias_tests(user: User) -> List:
        regex="ok-.*",
        flush=True,
    )
    deleted_alias = f"deletedalias@{catchall.domain}"
    Session.add(
        DomainDeletedAlias(email=deleted_alias, domain_id=catchall.id, user_id=user.id)
    )
    Session.flush()
    dir_name = random_token()
    directory = Directory.create(name=dir_name, user_id=user.id, flush=True)
    DirectoryMailbox.create(
@ -101,6 +107,7 @@ def get_auto_create_alias_tests(user: User) -> List:
        (f"{dir_name}+something@{ALIAS_DOMAINS[0]}", True),
        (f"{dir_name}#something@{ALIAS_DOMAINS[0]}", True),
        (f"{dir_name}/something@{ALIAS_DOMAINS[0]}", True),
        (deleted_alias, False),
    ]
--- a/app/tests/test_domains.py
+++ b/app/tests/test_domains.py
@ -0,0 +1,201 @@
 from app.db import Session
 from app.models import SLDomain, PartnerUser, AliasOptions
 from app.proton.utils import get_proton_partner
 from init_app import add_sl_domains
 from tests.utils import create_new_user, random_token
 def setup_module():
    Session.query(SLDomain).delete()
    SLDomain.create(
        domain="hidden", premium_only=False, flush=True, order=5, hidden=True
    )
    SLDomain.create(domain="free_non_partner", premium_only=False, flush=True, order=4)
    SLDomain.create(
        domain="premium_non_partner", premium_only=True, flush=True, order=3
    )
    SLDomain.create(
        domain="free_partner",
        premium_only=False,
        flush=True,
        partner_id=get_proton_partner().id,
        order=2,
    )
    SLDomain.create(
        domain="premium_partner",
        premium_only=True,
        flush=True,
        partner_id=get_proton_partner().id,
        order=1,
    )
    Session.commit()
 def teardown_module():
    Session.query(SLDomain).delete()
    add_sl_domains()
 def test_get_non_partner_domains():
    user = create_new_user()
    domains = user.get_sl_domains()
    # Premium
    assert len(domains) == 2
    assert domains[0].domain == "premium_non_partner"
    assert domains[1].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains()
    # Free
    user.trial_end = None
    Session.flush()
    domains = user.get_sl_domains()
    assert len(domains) == 1
    assert domains[0].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains()
 def test_get_free_with_partner_domains():
    user = create_new_user()
    user.trial_end = None
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    domains = user.get_sl_domains()
    # Default
    assert len(domains) == 1
    assert domains[0].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains()
    # Show partner domains
    options = AliasOptions(
        show_sl_domains=True, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 2
    assert domains[0].domain == "free_partner"
    assert domains[1].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
    # Only partner domains
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 1
    assert domains[0].domain == "free_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
 def test_get_premium_with_partner_domains():
    user = create_new_user()
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    domains = user.get_sl_domains()
    # Default
    assert len(domains) == 2
    assert domains[0].domain == "premium_non_partner"
    assert domains[1].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains()
    # Show partner domains
    options = AliasOptions(
        show_sl_domains=True, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 4
    assert domains[0].domain == "premium_partner"
    assert domains[1].domain == "free_partner"
    assert domains[2].domain == "premium_non_partner"
    assert domains[3].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
    # Only partner domains
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 2
    assert domains[0].domain == "premium_partner"
    assert domains[1].domain == "free_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
 def test_get_partner_and_free_default_domain():
    user = create_new_user()
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    user.default_alias_public_domain_id = (
        SLDomain.filter_by(partner_id=None, hidden=False).first().id
    )
    Session.flush()
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 3
    assert domains[0].domain == "premium_partner"
    assert domains[1].domain == "free_partner"
    assert domains[2].domain == "free_non_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
 def test_get_free_partner_and_premium_default_domain():
    user = create_new_user()
    user.trial_end = None
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    user.default_alias_public_domain_id = (
        SLDomain.filter_by(partner_id=None, hidden=False, premium_only=True).first().id
    )
    Session.flush()
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 1
    assert domains[0].domain == "free_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
 def test_get_free_partner_and_hidden_default_domain():
    user = create_new_user()
    user.trial_end = None
    PartnerUser.create(
        partner_id=get_proton_partner().id,
        user_id=user.id,
        external_user_id=random_token(10),
        flush=True,
    )
    user.default_alias_public_domain_id = SLDomain.filter_by(hidden=True).first().id
    Session.flush()
    options = AliasOptions(
        show_sl_domains=False, show_partner_domains=get_proton_partner()
    )
    domains = user.get_sl_domains(alias_options=options)
    assert len(domains) == 1
    assert domains[0].domain == "free_partner"
    assert [d.domain for d in domains] == user.available_sl_domains(
        alias_options=options
    )
--- a/app/tests/test_email_utils.py
+++ b/app/tests/test_email_utils.py
@ -6,6 +6,7 @@ from email.utils import formataddr
 import arrow
 import pytest
 from app import config
 from app.config import MAX_ALERT_24H, EMAIL_DOMAIN, ROOT_DIR
 from app.db import Session
 from app.email_utils import (
@ -48,6 +49,8 @@ from app.models import (
    IgnoreBounceSender,
    InvalidMailboxDomain,
    VerpType,
    AliasGeneratorEnum,
    SLDomain,
 )
 # flake8: noqa: E101, W191
@ -469,33 +472,55 @@ def test_replace_str():
 def test_generate_reply_email(flask_client):
    user = create_new_user()
-    reply_email = generate_reply_email("test@example.org", user)
+    alias = Alias.create_new_random(user, AliasGeneratorEnum.uuid.value)
-    assert reply_email.endswith(EMAIL_DOMAIN)
+    Session.commit()
    reply_email = generate_reply_email("test@example.org", alias)
    domain = get_email_domain_part(alias.email)
    assert reply_email.endswith(domain)
-    reply_email = generate_reply_email("", user)
+    reply_email = generate_reply_email("", alias)
-    assert reply_email.endswith(EMAIL_DOMAIN)
+    domain = get_email_domain_part(alias.email)
    assert reply_email.endswith(domain)
 def test_generate_reply_email_with_default_reply_domain(flask_client):
    domain = SLDomain.create(domain=random_domain(), use_as_reverse_alias=False)
    user = create_new_user()
    alias = Alias.create(
        user_id=user.id,
        email=f"test@{domain.domain}",
        mailbox_id=user.default_mailbox_id,
    )
    Session.commit()
    reply_email = generate_reply_email("test@example.org", alias)
    domain = get_email_domain_part(reply_email)
    assert domain == config.EMAIL_DOMAIN
 def test_generate_reply_email_include_sender_in_reverse_alias(flask_client):
    # user enables include_sender_in_reverse_alias
    user = create_new_user()
    alias = Alias.create_new_random(user, AliasGeneratorEnum.uuid.value)
    Session.commit()
    user.include_sender_in_reverse_alias = True
-    reply_email = generate_reply_email("test@example.org", user)
+    reply_email = generate_reply_email("test@example.org", alias)
    assert reply_email.startswith("test_at_example_org")
-    assert reply_email.endswith(EMAIL_DOMAIN)
+    domain = get_email_domain_part(alias.email)
    assert reply_email.endswith(domain)
-    reply_email = generate_reply_email("", user)
+    reply_email = generate_reply_email("", alias)
-    assert reply_email.endswith(EMAIL_DOMAIN)
+    domain = get_email_domain_part(alias.email)
    assert reply_email.endswith(domain)
-    reply_email = generate_reply_email("👌汉字@example.org", user)
+    reply_email = generate_reply_email("👌汉字@example.org", alias)
    assert reply_email.startswith("yizi_at_example_org")
    # make sure reply_email only contain lowercase
-    reply_email = generate_reply_email("TEST@example.org", user)
+    reply_email = generate_reply_email("TEST@example.org", alias)
    assert reply_email.startswith("test_at_example_org")
-    reply_email = generate_reply_email("test.dot@example.org", user)
+    reply_email = generate_reply_email("test.dot@example.org", alias)
    assert reply_email.startswith("test_dot_at_example_org")
--- a/app/tests/test_models.py
+++ b/app/tests/test_models.py
@ -8,7 +8,7 @@ from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN, NOREPLY
 from app.db import Session
 from app.email_utils import parse_full_address, generate_reply_email
 from app.models import (
-    generate_email,
+    generate_random_alias_email,
    Alias,
    Contact,
    Mailbox,
@ -22,13 +22,13 @@ from tests.utils import login, create_new_user, random_token
 def test_generate_email(flask_client):
-    email = generate_email()
+    email = generate_random_alias_email()
    assert email.endswith("@" + EMAIL_DOMAIN)
    with pytest.raises(ValueError):
        UUID(email.split("@")[0], version=4)
-    email_uuid = generate_email(scheme=2)
+    email_uuid = generate_random_alias_email(scheme=2)
    assert UUID(email_uuid.split("@")[0], version=4)
@ -312,6 +312,6 @@ def test_create_contact_for_noreply(flask_client):
        user_id=user.id,
        alias_id=alias.id,
        website_email=NOREPLY,
-        reply_email=generate_reply_email(NOREPLY, user),
+        reply_email=generate_reply_email(NOREPLY, alias),
    )
    assert contact.website_email == NOREPLY
--- a/app/tests/test_subscription_webhook.py
+++ b/app/tests/test_subscription_webhook.py
@ -0,0 +1,113 @@
 import http.server
 import json
 import threading
 import arrow
 from app import config
 from app.models import (
    Subscription,
    AppleSubscription,
    CoinbaseSubscription,
    ManualSubscription,
 )
 from tests.utils import create_new_user, random_token
 from app.subscription_webhook import execute_subscription_webhook
 http_server = None
 last_http_request = None
 def setup_module():
    global http_server
    http_server = http.server.ThreadingHTTPServer(("", 0), HTTPTestServer)
    print(http_server.server_port)
    threading.Thread(target=http_server.serve_forever, daemon=True).start()
    config.SUBSCRIPTION_CHANGE_WEBHOOK = f"http://localhost:{http_server.server_port}"
 def teardown_module():
    global http_server
    config.SUBSCRIPTION_CHANGE_WEBHOOK = None
    http_server.shutdown()
 class HTTPTestServer(http.server.BaseHTTPRequestHandler):
    def do_POST(self):
        global last_http_request
        content_len = int(self.headers.get("Content-Length"))
        body_data = self.rfile.read(content_len)
        last_http_request = json.loads(body_data)
        self.send_response(200)
 def test_webhook_with_trial():
    user = create_new_user()
    execute_subscription_webhook(user)
    assert last_http_request["user_id"] == user.id
    assert last_http_request["is_premium"]
    assert last_http_request["active_subscription_end"] is None
 def test_webhook_with_subscription():
    user = create_new_user()
    end_at = arrow.utcnow().shift(days=1).replace(hour=0, minute=0, second=0)
    Subscription.create(
        user_id=user.id,
        cancel_url="",
        update_url="",
        subscription_id=random_token(10),
        event_time=arrow.now(),
        next_bill_date=end_at.date(),
        plan="yearly",
        flush=True,
    )
    execute_subscription_webhook(user)
    assert last_http_request["user_id"] == user.id
    assert last_http_request["is_premium"]
    assert last_http_request["active_subscription_end"] == end_at.timestamp
 def test_webhook_with_apple_subscription():
    user = create_new_user()
    end_at = arrow.utcnow().shift(days=2).replace(hour=0, minute=0, second=0)
    AppleSubscription.create(
        user_id=user.id,
        receipt_data=arrow.now().date().strftime("%Y-%m-%d"),
        expires_date=end_at.date().strftime("%Y-%m-%d"),
        original_transaction_id=random_token(10),
        plan="yearly",
        product_id="",
        flush=True,
    )
    execute_subscription_webhook(user)
    assert last_http_request["user_id"] == user.id
    assert last_http_request["is_premium"]
    assert last_http_request["active_subscription_end"] == end_at.timestamp
 def test_webhook_with_coinbase_subscription():
    user = create_new_user()
    end_at = arrow.utcnow().shift(days=3).replace(hour=0, minute=0, second=0)
    CoinbaseSubscription.create(
        user_id=user.id, end_at=end_at.date().strftime("%Y-%m-%d"), flush=True
    )
    execute_subscription_webhook(user)
    assert last_http_request["user_id"] == user.id
    assert last_http_request["is_premium"]
    assert last_http_request["active_subscription_end"] == end_at.timestamp
 def test_webhook_with_manual_subscription():
    user = create_new_user()
    end_at = arrow.utcnow().shift(days=3).replace(hour=0, minute=0, second=0)
    ManualSubscription.create(
        user_id=user.id, end_at=end_at.date().strftime("%Y-%m-%d"), flush=True
    )
    execute_subscription_webhook(user)
    assert last_http_request["user_id"] == user.id
    assert last_http_request["is_premium"]
    assert last_http_request["active_subscription_end"] == end_at.timestamp
--- a/app/tests/test_utils.py
+++ b/app/tests/test_utils.py
@ -9,7 +9,12 @@ from app.utils import random_string, random_words, sanitize_next_url, canonicali
 def test_random_words():
    s = random_words()
-    assert len(s) > 0
+    assert s.find("_") > 0
    assert s.count("_") == 1
    assert len(s) > 3
    s = random_words(2, 3)
    assert s.count("_") == 1
    assert s[-1] in (str(i) for i in range(10))
 def test_random_string():
Author	SHA1	Message	Date
MrMeeb	38c134d903	4.31.0	2023-06-30 11:00:06 +00:00
MrMeeb	cd77e4cc2d	4.30.1	2023-06-28 11:00:03 +00:00
MrMeeb	87aedf3207	4.30.0	2023-06-27 11:00:04 +00:00
MrMeeb	3523c9fc15	4.29.4	2023-06-07 11:00:05 +00:00
MrMeeb	a6f4995cb5	4.29.3	2023-06-01 11:00:05 +00:00
MrMeeb	727f61a35e	4.28.2	2023-05-16 11:00:09 +00:00
MrMeeb	ce5124605a	4.28.1	2023-05-10 11:00:05 +00:00
MrMeeb	2c82b03f8d	4.27.0	2023-04-25 11:00:05 +00:00
MrMeeb	1b7a6223ac	4.26.1	2023-04-20 11:00:06 +00:00
MrMeeb	75331c62a4	4.25.1	2023-04-15 11:00:05 +00:00
MrMeeb	3f68a3e640	4.24.0	2023-04-11 11:00:05 +00:00
MrMeeb	8ee4f9462e	4.23.0	2023-03-24 12:00:07 +00:00