4.37.0

app/.pre-commit-config.yaml

@@ -7,18 +7,19 @@ repos:
     hooks:
       - id: check-yaml
       - id: trailing-whitespace
-  - repo: https://github.com/psf/black
-    rev: 22.3.0
-    hooks:
-      - id: black
-  - repo: https://github.com/pycqa/flake8
-    rev: 3.9.2
-    hooks:
-      - id: flake8
   - repo: https://github.com/Riverside-Healthcare/djLint
     rev: v1.3.0
     hooks:
       - id: djlint-jinja
         files: '.*\.html'
         entry: djlint --reformat
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    # Ruff version.
+    rev: v0.1.5
+    hooks:
+      # Run the linter.
+      - id: ruff
+        args: [ --fix ]
+      # Run the formatter.
+      - id: ruff-format
 

app/README.md

@@ -74,7 +74,7 @@ Setting up DKIM is highly recommended to reduce the chance your emails ending up
 First you need to generate a private and public key for DKIM:
 
 ```bash
-openssl genrsa -out dkim.key 1024
+openssl genrsa -out dkim.key -traditional 1024
 openssl rsa -in dkim.key -pubout -out dkim.pub.key
 ```
 
@@ -515,6 +515,8 @@ server {
 }
 ```
 
+Note: If `/etc/nginx/sites-enabled/default` exists, delete it or certbot will fail due to the conflict. The `simplelogin` file should be the only file in `sites-enabled`.
+
 Reload Nginx with the command below
 
 ```bash

app/app/account_linking.py

@@ -168,7 +168,6 @@ class NewUserStrategy(ClientMergeStrategy):
 
 class ExistingUnlinkedUserStrategy(ClientMergeStrategy):
     def process(self) -> LinkResult:
-
         partner_user = ensure_partner_user_exists_for_user(
             self.link_request, self.user, self.partner
         )

app/app/alias_suffix.py

@@ -70,7 +70,6 @@ def verify_prefix_suffix(
         # when DISABLE_ALIAS_SUFFIX is true, alias_domain_prefix is empty
         and not config.DISABLE_ALIAS_SUFFIX
     ):
-
         if not alias_domain_prefix.startswith("."):
             LOG.e("User %s submits a wrong alias suffix %s", user, alias_suffix)
             return False

app/app/api/__init__.py

@@ -16,3 +16,22 @@ from .views import (
     sudo,
     user,
 )
+
+__all__ = [
+    "alias_options",
+    "new_custom_alias",
+    "custom_domain",
+    "new_random_alias",
+    "user_info",
+    "auth",
+    "auth_mfa",
+    "alias",
+    "apple",
+    "mailbox",
+    "notification",
+    "setting",
+    "export",
+    "phone",
+    "sudo",
+    "user",
+]

app/app/api/views/alias.py

@@ -24,12 +24,14 @@ from app.errors import (
     ErrContactAlreadyExists,
     ErrAddressInvalid,
 )
+from app.extensions import limiter
 from app.models import Alias, Contact, Mailbox, AliasMailbox
 
 
 @deprecated
 @api_bp.route("/aliases", methods=["GET", "POST"])
 @require_api_auth
+@limiter.limit("10/minute", key_func=lambda: g.user.id)
 def get_aliases():
     """
     Get aliases
@@ -72,6 +74,7 @@ def get_aliases():
 
 @api_bp.route("/v2/aliases", methods=["GET", "POST"])
 @require_api_auth
+@limiter.limit("50/minute", key_func=lambda: g.user.id)
 def get_aliases_v2():
     """
     Get aliases

app/app/api/views/mailbox.py

@@ -45,7 +45,7 @@ def create_mailbox():
     mailbox_email = sanitize_email(request.get_json().get("email"))
 
     if not user.is_premium():
-        return jsonify(error=f"Only premium plan can add additional mailbox"), 400
+        return jsonify(error="Only premium plan can add additional mailbox"), 400
 
     if not is_valid_email(mailbox_email):
         return jsonify(error=f"{mailbox_email} invalid"), 400

app/app/api/views/new_custom_alias.py

@@ -150,7 +150,7 @@ def new_custom_alias_v3():
     if not data:
         return jsonify(error="request body cannot be empty"), 400
 
-    if type(data) is not dict:
+    if not isinstance(data, dict):
         return jsonify(error="request body does not follow the required format"), 400
 
     alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
@@ -168,7 +168,7 @@ def new_custom_alias_v3():
         return jsonify(error="alias prefix invalid format or too long"), 400
 
     # check if mailbox is not tempered with
-    if type(mailbox_ids) is not list:
+    if not isinstance(mailbox_ids, list):
         return jsonify(error="mailbox_ids must be an array of id"), 400
     mailboxes = []
     for mailbox_id in mailbox_ids:

app/app/api/views/user_info.py

@@ -32,6 +32,7 @@ def user_to_dict(user: User) -> dict:
         "in_trial": user.in_trial(),
         "max_alias_free_plan": user.max_alias_for_free_account(),
         "connected_proton_address": None,
+        "can_create_reverse_alias": user.can_create_contacts(),
     }
 
     if config.CONNECT_WITH_PROTON:
@@ -58,6 +59,7 @@ def user_info():
     - in_trial
     - max_alias_free
     - is_connected_with_proton
+    - can_create_reverse_alias
     """
     user = g.user
 

app/app/auth/__init__.py

@@ -17,3 +17,23 @@ from .views import (
     recovery,
     api_to_cookie,
 )
+
+__all__ = [
+    "login",
+    "logout",
+    "register",
+    "activate",
+    "resend_activation",
+    "reset_password",
+    "forgot_password",
+    "github",
+    "google",
+    "facebook",
+    "proton",
+    "change_email",
+    "mfa",
+    "fido",
+    "social",
+    "recovery",
+    "api_to_cookie",
+]

app/app/auth/views/fido.py

@@ -62,7 +62,7 @@ def fido():
         browser = MfaBrowser.get_by(token=request.cookies.get("mfa"))
         if browser and not browser.is_expired() and browser.user_id == user.id:
             login_user(user)
-            flash(f"Welcome back!", "success")
+            flash("Welcome back!", "success")
             # Redirect user to correct page
             return redirect(next_url or url_for("dashboard.index"))
         else:
@@ -110,7 +110,7 @@ def fido():
 
             session["sudo_time"] = int(time())
             login_user(user)
-            flash(f"Welcome back!", "success")
+            flash("Welcome back!", "success")
 
             # Redirect user to correct page
             response = make_response(redirect(next_url or url_for("dashboard.index")))

app/app/auth/views/mfa.py

@@ -55,7 +55,7 @@ def mfa():
         browser = MfaBrowser.get_by(token=request.cookies.get("mfa"))
         if browser and not browser.is_expired() and browser.user_id == user.id:
             login_user(user)
-            flash(f"Welcome back!", "success")
+            flash("Welcome back!", "success")
             # Redirect user to correct page
             return redirect(next_url or url_for("dashboard.index"))
         else:
@@ -73,7 +73,7 @@ def mfa():
             Session.commit()
 
             login_user(user)
-            flash(f"Welcome back!", "success")
+            flash("Welcome back!", "success")
 
             # Redirect user to correct page
             response = make_response(redirect(next_url or url_for("dashboard.index")))

app/app/auth/views/recovery.py

@@ -53,7 +53,7 @@ def recovery_route():
                 del session[MFA_USER_ID]
 
                 login_user(user)
-                flash(f"Welcome back!", "success")
+                flash("Welcome back!", "success")
 
                 recovery_code.used = True
                 recovery_code.used_at = arrow.now()

app/app/auth/views/register.py

@@ -94,9 +94,7 @@ def register():
                 try:
                     send_activation_email(user, next_url)
                     RegisterEvent(RegisterEvent.ActionType.success).send()
-                    DailyMetric.get_or_create_today_metric().nb_new_web_non_proton_user += (
+                    DailyMetric.get_or_create_today_metric().nb_new_web_non_proton_user += 1
-                        1
-                    )
                     Session.commit()
                 except Exception:
                     flash("Invalid email, are you sure the email is correct?", "error")

app/app/config.py

@@ -179,6 +179,7 @@ AWS_REGION = os.environ.get("AWS_REGION") or "eu-west-3"
 BUCKET = os.environ.get("BUCKET")
 AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID")
 AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY")
+AWS_ENDPOINT_URL = os.environ.get("AWS_ENDPOINT_URL", None)
 
 # Paddle
 try:
@@ -488,7 +489,9 @@ def setup_nameservers():
 
 NAMESERVERS = setup_nameservers()
 
-DISABLE_CREATE_CONTACTS_FOR_FREE_USERS = False
+DISABLE_CREATE_CONTACTS_FOR_FREE_USERS = os.environ.get(
+    "DISABLE_CREATE_CONTACTS_FOR_FREE_USERS", False
+)
 PARTNER_API_TOKEN_SECRET = os.environ.get("PARTNER_API_TOKEN_SECRET") or (
     FLASK_SECRET + "partnerapitoken"
 )

app/app/dashboard/__init__.py

@@ -33,3 +33,39 @@ from .views import (
     notification,
     support,
 )
+
+__all__ = [
+    "index",
+    "pricing",
+    "setting",
+    "custom_alias",
+    "subdomain",
+    "billing",
+    "alias_log",
+    "alias_export",
+    "unsubscribe",
+    "api_key",
+    "custom_domain",
+    "alias_contact_manager",
+    "enter_sudo",
+    "mfa_setup",
+    "mfa_cancel",
+    "fido_setup",
+    "coupon",
+    "fido_manage",
+    "domain_detail",
+    "lifetime_licence",
+    "directory",
+    "mailbox",
+    "mailbox_detail",
+    "refused_email",
+    "referral",
+    "contact_detail",
+    "setup_done",
+    "batch_import",
+    "alias_transfer",
+    "app",
+    "delete_account",
+    "notification",
+    "support",
+]

app/app/dashboard/views/alias_contact_manager.py

@@ -51,14 +51,6 @@ def email_validator():
     return _check
 
 
-def user_can_create_contacts(user: User) -> bool:
-    if user.is_premium():
-        return True
-    if user.flags & User.FLAG_FREE_DISABLE_CREATE_ALIAS == 0:
-        return True
-    return not config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS
-
-
 def create_contact(user: User, alias: Alias, contact_address: str) -> Contact:
     """
     Create a contact for a user. Can be restricted for new free users by enabling DISABLE_CREATE_CONTACTS_FOR_FREE_USERS.
@@ -82,7 +74,7 @@ def create_contact(user: User, alias: Alias, contact_address: str) -> Contact:
     if contact:
         raise ErrContactAlreadyExists(contact)
 
-    if not user_can_create_contacts(user):
+    if not user.can_create_contacts():
         raise ErrContactErrorUpgradeNeeded()
 
     contact = Contact.create(
@@ -327,6 +319,6 @@ def alias_contact_manager(alias_id):
         last_page=last_page,
         query=query,
         nb_contact=nb_contact,
-        can_create_contacts=user_can_create_contacts(current_user),
+        can_create_contacts=current_user.can_create_contacts(),
         csrf_form=csrf_form,
     )

app/app/dashboard/views/alias_log.py

@@ -87,6 +87,6 @@ def get_alias_log(alias: Alias, page_id=0) -> [AliasLog]:
             contact=contact,
         )
         logs.append(al)
-    logs = sorted(logs, key=lambda l: l.when, reverse=True)
+    logs = sorted(logs, key=lambda log: log.when, reverse=True)
 
     return logs

app/app/dashboard/views/app.py

@@ -1,14 +1,9 @@
-from app.db import Session
-
-"""
-List of apps that user has used via the "Sign in with SimpleLogin"
-"""
-
 from flask import render_template, request, flash, redirect
 from flask_login import login_required, current_user
 from sqlalchemy.orm import joinedload
 
 from app.dashboard.base import dashboard_bp
+from app.db import Session
 from app.models import (
     ClientUser,
 )
@@ -17,6 +12,10 @@ from app.models import (
 @dashboard_bp.route("/app", methods=["GET", "POST"])
 @login_required
 def app_route():
+    """
+    List of apps that user has used via the "Sign in with SimpleLogin"
+    """
+
     client_users = (
         ClientUser.filter_by(user_id=current_user.id)
         .options(joinedload(ClientUser.client))

app/app/dashboard/views/coupon.py

@@ -100,7 +100,7 @@ def coupon_route():
                     commit=True,
                 )
                 flash(
-                    f"Your account has been upgraded to Premium, thanks for your support!",
+                    "Your account has been upgraded to Premium, thanks for your support!",
                     "success",
                 )
 

app/app/dashboard/views/custom_alias.py

@@ -24,6 +24,7 @@ from app.models import (
     AliasMailbox,
     DomainDeletedAlias,
 )
+from app.utils import CSRFValidationForm
 
 
 @dashboard_bp.route("/custom_alias", methods=["GET", "POST"])
@@ -48,9 +49,13 @@ def custom_alias():
             at_least_a_premium_domain = True
             break
 
+    csrf_form = CSRFValidationForm()
     mailboxes = current_user.mailboxes()
 
     if request.method == "POST":
+        if not csrf_form.validate():
+            flash("Invalid request", "warning")
+            return redirect(request.url)
         alias_prefix = request.form.get("prefix").strip().lower().replace(" ", "")
         signed_alias_suffix = request.form.get("signed-alias-suffix")
         mailbox_ids = request.form.getlist("mailboxes")
@@ -164,4 +169,5 @@ def custom_alias():
         alias_suffixes=alias_suffixes,
         at_least_a_premium_domain=at_least_a_premium_domain,
         mailboxes=mailboxes,
+        csrf_form=csrf_form,
     )

app/app/dashboard/views/directory.py

@@ -67,7 +67,7 @@ def directory():
     if request.method == "POST":
         if request.form.get("form-name") == "delete":
             if not delete_dir_form.validate():
-                flash(f"Invalid request", "warning")
+                flash("Invalid request", "warning")
                 return redirect(url_for("dashboard.directory"))
             dir_obj = Directory.get(delete_dir_form.directory_id.data)
 
@@ -87,7 +87,7 @@ def directory():
 
         if request.form.get("form-name") == "toggle-directory":
             if not toggle_dir_form.validate():
-                flash(f"Invalid request", "warning")
+                flash("Invalid request", "warning")
                 return redirect(url_for("dashboard.directory"))
             dir_id = toggle_dir_form.directory_id.data
             dir_obj = Directory.get(dir_id)
@@ -109,7 +109,7 @@ def directory():
 
         elif request.form.get("form-name") == "update":
             if not update_dir_form.validate():
-                flash(f"Invalid request", "warning")
+                flash("Invalid request", "warning")
                 return redirect(url_for("dashboard.directory"))
             dir_id = update_dir_form.directory_id.data
             dir_obj = Directory.get(dir_id)

app/app/dashboard/views/index.py

@@ -52,12 +52,13 @@ def get_stats(user: User) -> Stats:
 
 
 @dashboard_bp.route("/", methods=["GET", "POST"])
+@login_required
 @limiter.limit(
     ALIAS_LIMIT,
     methods=["POST"],
     exempt_when=lambda: request.form.get("form-name") != "create-random-email",
 )
-@login_required
+@limiter.limit("10/minute", methods=["GET"], key_func=lambda: current_user.id)
 @parallel_limiter.lock(
     name="alias_creation",
     only_when=lambda: request.form.get("form-name") == "create-random-email",

app/app/dashboard/views/setting.py

@@ -128,7 +128,6 @@ def setting():
                 new_email_valid = True
                 new_email = canonicalize_email(change_email_form.email.data)
                 if new_email != current_user.email and not pending_email:
-
                     # check if this email is not already used
                     if personal_email_already_used(new_email) or Alias.get_by(
                         email=new_email

app/app/dashboard/views/unsubscribe.py

@@ -75,12 +75,11 @@ def block_contact(contact_id):
 @dashboard_bp.route("/unsubscribe/encoded/<encoded_request>", methods=["GET"])
 @login_required
 def encoded_unsubscribe(encoded_request: str):
-
     unsub_data = UnsubscribeHandler().handle_unsubscribe_from_request(
         current_user, encoded_request
     )
     if not unsub_data:
-        flash(f"Invalid unsubscribe request", "error")
+        flash("Invalid unsubscribe request", "error")
         return redirect(url_for("dashboard.index"))
     if unsub_data.action == UnsubscribeAction.DisableAlias:
         alias = Alias.get(unsub_data.data)
@@ -97,14 +96,14 @@ def encoded_unsubscribe(encoded_request: str):
             )
         )
     if unsub_data.action == UnsubscribeAction.UnsubscribeNewsletter:
-        flash(f"You've unsubscribed from the newsletter", "success")
+        flash("You've unsubscribed from the newsletter", "success")
         return redirect(
             url_for(
                 "dashboard.index",
             )
         )
     if unsub_data.action == UnsubscribeAction.OriginalUnsubscribeMailto:
-        flash(f"The original unsubscribe request has been forwarded", "success")
+        flash("The original unsubscribe request has been forwarded", "success")
         return redirect(
             url_for(
                 "dashboard.index",

app/app/developer/__init__.py

@@ -1 +1,3 @@
 from .views import index, new_client, client_detail
+
+__all__ = ["index", "new_client", "client_detail"]

app/app/developer/views/client_detail.py

@@ -87,7 +87,7 @@ def client_detail(client_id):
         )
 
         flash(
-            f"Thanks for submitting, we are informed and will come back to you asap!",
+            "Thanks for submitting, we are informed and will come back to you asap!",
             "success",
         )
 

app/app/discover/__init__.py

@@ -1 +1,3 @@
 from .views import index
+
+__all__ = ["index"]

app/app/email_utils.py

@@ -93,7 +93,7 @@ def send_welcome_email(user):
 
     send_email(
         comm_email,
-        f"Welcome to SimpleLogin",
+        "Welcome to SimpleLogin",
         render("com/welcome.txt", user=user, alias=alias),
         render("com/welcome.html", user=user, alias=alias),
         unsubscribe_link,
@@ -104,7 +104,7 @@ def send_welcome_email(user):
 def send_trial_end_soon_email(user):
     send_email(
         user.email,
-        f"Your trial will end soon",
+        "Your trial will end soon",
         render("transactional/trial-end.txt.jinja2", user=user),
         render("transactional/trial-end.html", user=user),
         ignore_smtp_error=True,
@@ -114,7 +114,7 @@ def send_trial_end_soon_email(user):
 def send_activation_email(email, activation_link):
     send_email(
         email,
-        f"Just one more step to join SimpleLogin",
+        "Just one more step to join SimpleLogin",
         render(
             "transactional/activation.txt",
             activation_link=activation_link,
@@ -768,7 +768,7 @@ def get_header_unicode(header: Union[str, Header]) -> str:
     ret = ""
     for to_decoded_str, charset in decode_header(header):
         if charset is None:
-            if type(to_decoded_str) is bytes:
+            if isinstance(to_decoded_str, bytes):
                 decoded_str = to_decoded_str.decode()
             else:
                 decoded_str = to_decoded_str
@@ -805,13 +805,13 @@ def to_bytes(msg: Message):
     for generator_policy in [None, policy.SMTP, policy.SMTPUTF8]:
         try:
             return msg.as_bytes(policy=generator_policy)
-        except:
+        except Exception:
             LOG.w("as_bytes() fails with %s policy", policy, exc_info=True)
 
     msg_string = msg.as_string()
     try:
         return msg_string.encode()
-    except:
+    except Exception:
         LOG.w("as_string().encode() fails", exc_info=True)
 
     return msg_string.encode(errors="replace")
@@ -906,7 +906,7 @@ def add_header(msg: Message, text_header, html_header=None) -> Message:
     if content_type == "text/plain":
         encoding = get_encoding(msg)
         payload = msg.get_payload()
-        if type(payload) is str:
+        if isinstance(payload, str):
             clone_msg = copy(msg)
             new_payload = f"""{text_header}
 ------------------------------
@@ -916,7 +916,7 @@ def add_header(msg: Message, text_header, html_header=None) -> Message:
     elif content_type == "text/html":
         encoding = get_encoding(msg)
         payload = msg.get_payload()
-        if type(payload) is str:
+        if isinstance(payload, str):
             new_payload = f"""<table width="100%" style="width: 100%; -premailer-width: 100%; -premailer-cellpadding: 0;
   -premailer-cellspacing: 0; margin: 0; padding: 0;">
     <tr>
@@ -972,7 +972,7 @@ def add_header(msg: Message, text_header, html_header=None) -> Message:
 
 
 def replace(msg: Union[Message, str], old, new) -> Union[Message, str]:
-    if type(msg) is str:
+    if isinstance(msg, str):
         msg = msg.replace(old, new)
         return msg
 
@@ -995,7 +995,7 @@ def replace(msg: Union[Message, str], old, new) -> Union[Message, str]:
     if content_type in ("text/plain", "text/html"):
         encoding = get_encoding(msg)
         payload = msg.get_payload()
-        if type(payload) is str:
+        if isinstance(payload, str):
             if encoding == EmailEncoding.QUOTED:
                 LOG.d("handle quoted-printable replace %s -> %s", old, new)
                 # first decode the payload

app/app/handler/dmarc.py

@@ -34,10 +34,10 @@ def apply_dmarc_policy_for_forward_phase(
 
     from_header = get_header_unicode(msg[headers.FROM])
 
-    warning_plain_text = f"""This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
+    warning_plain_text = """This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
 More info on https://simplelogin.io/docs/getting-started/anti-phishing/
             """
-    warning_html = f"""
+    warning_html = """
         <p style="color:red">
             This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
             More info on <a href="https://simplelogin.io/docs/getting-started/anti-phishing/">anti-phishing measure</a>

app/app/handler/provider_complaint.py

@@ -221,7 +221,7 @@ def handle_complaint(message: Message, origin: ProviderComplaintOrigin) -> bool:
         return True
 
     if is_deleted_alias(msg_info.sender_address):
-        LOG.i(f"Complaint is for deleted alias. Do nothing")
+        LOG.i("Complaint is for deleted alias. Do nothing")
         return True
 
     contact = Contact.get_by(reply_email=msg_info.sender_address)
@@ -231,7 +231,7 @@ def handle_complaint(message: Message, origin: ProviderComplaintOrigin) -> bool:
         alias = find_alias_with_address(msg_info.rcpt_address)
 
     if is_deleted_alias(msg_info.rcpt_address):
-        LOG.i(f"Complaint is for deleted alias. Do nothing")
+        LOG.i("Complaint is for deleted alias. Do nothing")
         return True
 
     if not alias:

app/app/handler/unsubscribe_encoder.py

@@ -54,9 +54,8 @@ class UnsubscribeEncoder:
     def encode_subject(
         cls, action: UnsubscribeAction, data: Union[int, UnsubscribeOriginalData]
     ) -> str:
-        if (
+        if action != UnsubscribeAction.OriginalUnsubscribeMailto and not isinstance(
-            action != UnsubscribeAction.OriginalUnsubscribeMailto
+            data, int
-            and type(data) is not int
         ):
             raise ValueError(f"Data has to be an int for an action of type {action}")
         if action == UnsubscribeAction.OriginalUnsubscribeMailto:

app/app/import_utils.py

@@ -30,7 +30,7 @@ def handle_batch_import(batch_import: BatchImport):
 
     LOG.d("Download file %s from %s", batch_import.file, file_url)
     r = requests.get(file_url)
-    lines = [line.decode() for line in r.iter_lines()]
+    lines = [line.decode("utf-8") for line in r.iter_lines()]
 
     import_from_csv(batch_import, user, lines)
 

app/app/internal/__init__.py

@@ -1,2 +1,4 @@
 from .integrations import set_enable_proton_cookie
 from .exit_sudo import exit_sudo_mode
+
+__all__ = ["set_enable_proton_cookie", "exit_sudo_mode"]

app/app/jobs/export_user_data_job.py

@@ -39,7 +39,6 @@ from app.models import (
 
 
 class ExportUserDataJob:
-
     REMOVE_FIELDS = {
         "User": ("otp_secret", "password"),
         "Alias": ("ts_vector", "transfer_token", "hibp_last_check"),

app/app/mail_sender.py

@@ -22,7 +22,6 @@ from app.message_utils import message_to_bytes, message_format_base64_parts
 
 @dataclass
 class SendRequest:
-
     SAVE_EXTENSION = "sendrequest"
 
     envelope_from: str

app/app/models.py

@@ -1113,6 +1113,13 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
 
         return random_words(1)
 
+    def can_create_contacts(self) -> bool:
+        if self.is_premium():
+            return True
+        if self.flags & User.FLAG_FREE_DISABLE_CREATE_ALIAS == 0:
+            return True
+        return not config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS
+
     def __repr__(self):
         return f"<User {self.id} {self.name} {self.email}>"
 
@@ -1506,6 +1513,7 @@ class Alias(Base, ModelMixin):
     def mailboxes(self):
         ret = [self.mailbox]
         for m in self._mailboxes:
+            if m.id is not self.mailbox.id:
                 ret.append(m)
 
         ret = [mb for mb in ret if mb.verified]

app/app/monitor/__init__.py

@@ -1 +1,3 @@
 from . import views
+
+__all__ = ["views"]

app/app/oauth/__init__.py

@@ -1 +1,3 @@
 from .views import authorize, token, user_info
+
+__all__ = ["authorize", "token", "user_info"]

app/app/oauth_models.py

@@ -64,7 +64,7 @@ def _split_arg(arg_input: Union[str, list]) -> Set[str]:
     - the response_type/scope passed as a list ?scope=scope_1&scope=scope_2
     """
     res = set()
-    if type(arg_input) is str:
+    if isinstance(arg_input, str):
         if " " in arg_input:
             for x in arg_input.split(" "):
                 if x:

app/app/onboarding/__init__.py

@@ -5,3 +5,11 @@ from .views import (
     account_activated,
     extension_redirect,
 )
+
+__all__ = [
+    "index",
+    "final",
+    "setup_done",
+    "account_activated",
+    "extension_redirect",
+]

app/app/parallel_limiter.py

@@ -39,7 +39,6 @@ class _InnerLock:
             lock_redis.storage.delete(lock_name)
 
     def __call__(self, f: Callable[..., Any]):
-
         if self.lock_suffix is None:
             lock_suffix = f.__name__
         else:

app/app/phone/__init__.py

@@ -5,3 +5,11 @@ from .views import (
     provider1_callback,
     provider2_callback,
 )
+
+__all__ = [
+    "index",
+    "phone_reservation",
+    "twilio_callback",
+    "provider1_callback",
+    "provider2_callback",
+]

app/app/redis_services.py

@@ -6,7 +6,6 @@ from app.session import RedisSessionStore
 
 
 def initialize_redis_services(app: flask.Flask, redis_url: str):
-
     if redis_url.startswith("redis://") or redis_url.startswith("rediss://"):
         storage = limits.storage.RedisStorage(redis_url)
         app.session_interface = RedisSessionStore(storage.storage, storage.storage, app)

app/app/s3.py

@@ -13,17 +13,29 @@ from app.config import (
     LOCAL_FILE_UPLOAD,
     UPLOAD_DIR,
     URL,
+    AWS_ENDPOINT_URL,
 )
-
+from app.log import LOG
-if not LOCAL_FILE_UPLOAD:
-    _session = boto3.Session(
-        aws_access_key_id=AWS_ACCESS_KEY_ID,
-        aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
-        region_name=AWS_REGION,
-    )
 
 
-def upload_from_bytesio(key: str, bs: BytesIO, content_type="string"):
+_s3_client = None
+
+
+def _get_s3client():
+    global _s3_client
+    if _s3_client is None:
+        args = {
+            "aws_access_key_id": AWS_ACCESS_KEY_ID,
+            "aws_secret_access_key": AWS_SECRET_ACCESS_KEY,
+            "region_name": AWS_REGION,
+        }
+        if AWS_ENDPOINT_URL:
+            args["endpoint_url"] = AWS_ENDPOINT_URL
+        _s3_client = boto3.client("s3", **args)
+    return _s3_client
+
+
+def upload_from_bytesio(key: str, bs: BytesIO, content_type="application/octet-stream"):
     bs.seek(0)
 
     if LOCAL_FILE_UPLOAD:
@@ -34,7 +46,8 @@ def upload_from_bytesio(key: str, bs: BytesIO, content_type="string"):
             f.write(bs.read())
 
     else:
-        _session.resource("s3").Bucket(BUCKET).put_object(
+        _get_s3client().put_object(
+            Bucket=BUCKET,
             Key=key,
             Body=bs,
             ContentType=content_type,
@@ -52,7 +65,8 @@ def upload_email_from_bytesio(path: str, bs: BytesIO, filename):
             f.write(bs.read())
 
     else:
-        _session.resource("s3").Bucket(BUCKET).put_object(
+        _get_s3client().put_object(
+            Bucket=BUCKET,
             Key=path,
             Body=bs,
             # Support saving a remote file using Http header
@@ -67,13 +81,10 @@ def download_email(path: str) -> Optional[str]:
         file_path = os.path.join(UPLOAD_DIR, path)
         with open(file_path, "rb") as f:
             return f.read()
-    resp = (
+    resp = _get_s3client().get_object(
-        _session.resource("s3")
+        Bucket=BUCKET,
-        .Bucket(BUCKET)
-        .get_object(
         Key=path,
     )
-    )
     if not resp or "Body" not in resp:
         return None
     return resp["Body"].read
@@ -88,8 +99,7 @@ def get_url(key: str, expires_in=3600) -> str:
     if LOCAL_FILE_UPLOAD:
         return URL + "/static/upload/" + key
     else:
-        s3_client = _session.client("s3")
+        return _get_s3client().generate_presigned_url(
-        return s3_client.generate_presigned_url(
             ExpiresIn=expires_in,
             ClientMethod="get_object",
             Params={"Bucket": BUCKET, "Key": key},
@@ -100,5 +110,15 @@ def delete(path: str):
     if LOCAL_FILE_UPLOAD:
         os.remove(os.path.join(UPLOAD_DIR, path))
     else:
-        o = _session.resource("s3").Bucket(BUCKET).Object(path)
+        _get_s3client().delete_object(Bucket=BUCKET, Key=path)
-        o.delete()
+
+
+def create_bucket_if_not_exists():
+    s3client = _get_s3client()
+    buckets = s3client.list_buckets()
+    for bucket in buckets["Buckets"]:
+        if bucket["Name"] == BUCKET:
+            LOG.i("Bucket already exists")
+            return
+    s3client.create_bucket(Bucket=BUCKET)
+    LOG.i(f"Bucket {BUCKET} created")

app/app/session.py

@@ -75,7 +75,7 @@ class RedisSessionStore(SessionInterface):
             try:
                 data = pickle.loads(val)
                 return ServerSession(data, session_id=session_id)
-            except:
+            except Exception:
                 pass
         return ServerSession(session_id=str(uuid.uuid4()))
 

app/cron.py

@@ -105,7 +105,7 @@ def delete_logs():
     rows_to_delete = EmailLog.filter(EmailLog.created_at < cutoff_time).count()
     expected_queries = int(rows_to_delete / batch_size)
     sql = text(
-        f"DELETE FROM email_log WHERE id IN (SELECT id FROM email_log WHERE created_at < :cutoff_time order by created_at limit :batch_size)"
+        "DELETE FROM email_log WHERE id IN (SELECT id FROM email_log WHERE created_at < :cutoff_time order by created_at limit :batch_size)"
     )
     str_cutoff_time = cutoff_time.isoformat()
     while total_deleted < rows_to_delete:
@@ -161,7 +161,7 @@ def notify_premium_end():
 
             send_email(
                 user.email,
-                f"Your subscription will end soon",
+                "Your subscription will end soon",
                 render(
                     "transactional/subscription-end.txt",
                     user=user,
@@ -218,7 +218,7 @@ def notify_manual_sub_end():
             LOG.d("Remind user %s that their manual sub is ending soon", user)
             send_email(
                 user.email,
-                f"Your subscription will end soon",
+                "Your subscription will end soon",
                 render(
                     "transactional/manual-subscription-end.txt",
                     user=user,
@@ -590,21 +590,21 @@ nb_total_bounced_last_24h: {stats_today.nb_total_bounced_last_24h} - {increase_p
     """
 
     monitoring_report += "\n====================================\n"
-    monitoring_report += f"""
+    monitoring_report += """
 # Account bounce report:
 """
 
     for email, bounces in bounce_report():
         monitoring_report += f"{email}: {bounces}\n"
 
-    monitoring_report += f"""\n
+    monitoring_report += """\n
 # Alias creation report:
 """
 
     for email, nb_alias, date in alias_creation_report():
         monitoring_report += f"{email}, {date}: {nb_alias}\n"
 
-    monitoring_report += f"""\n
+    monitoring_report += """\n
 # Full bounce detail report:
 """
     monitoring_report += all_bounce_report()
@@ -1099,14 +1099,14 @@ def notify_hibp():
         )
 
         LOG.d(
-            f"Send new breaches found email to %s for %s breaches aliases",
+            "Send new breaches found email to %s for %s breaches aliases",
             user,
             len(breached_aliases),
         )
 
         send_email(
             user.email,
-            f"You were in a data breach",
+            "You were in a data breach",
             render(
                 "transactional/hibp-new-breaches.txt.jinja2",
                 user=user,

app/docs/api.md

@@ -388,7 +388,7 @@ Input:
 - (Optional but recommended) `hostname` passed in query string
 - Request Message Body in json (`Content-Type` is `application/json`)
     - alias_prefix: string. The first part of the alias that user can choose.
-    - signed_suffix: should be one of the suffixes returned in the `GET /api/v4/alias/options` endpoint.
+    - signed_suffix: should be one of the suffixes returned in the `GET /api/v5/alias/options` endpoint.
     - mailbox_ids: list of mailbox_id that "owns" this alias
     - (Optional) note: alias note
     - (Optional) name: alias name

app/email_handler.py

@@ -235,7 +235,6 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
             contact.mail_from = mail_from
             Session.commit()
     else:
-
         try:
             contact = Contact.create(
                 user_id=alias.user_id,
@@ -1197,7 +1196,7 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
             )
 
             # replace reverse alias by real address for all contacts
-            for (reply_email, website_email) in contact_query.values(
+            for reply_email, website_email in contact_query.values(
                 Contact.reply_email, Contact.website_email
             ):
                 msg = replace(msg, reply_email, website_email)
@@ -1952,7 +1951,7 @@ def handle_bounce(envelope, email_log: EmailLog, msg: Message) -> str:
             for is_delivered, smtp_status in handle_forward(envelope, msg, alias.email):
                 res.append((is_delivered, smtp_status))
 
-            for (is_success, smtp_status) in res:
+            for is_success, smtp_status in res:
                 # Consider all deliveries successful if 1 delivery is successful
                 if is_success:
                     return smtp_status
@@ -2272,7 +2271,7 @@ def handle(envelope: Envelope, msg: Message) -> str:
     if nb_success > 0 and nb_non_success > 0:
         LOG.e(f"some deliveries fail and some success, {mail_from}, {rcpt_tos}, {res}")
 
-    for (is_success, smtp_status) in res:
+    for is_success, smtp_status in res:
         # Consider all deliveries successful if 1 delivery is successful
         if is_success:
             return smtp_status

app/local_data/test_words.txt

@@ -192,7 +192,6 @@ amigos
 amines
 amnion
 amoeba
-amoral
 amount
 amours
 ampere
@@ -215,7 +214,6 @@ animus
 anions
 ankles
 anklet
-annals
 anneal
 annoys
 annual
@@ -364,7 +362,6 @@ auntie
 aureus
 aurora
 author
-autism
 autumn
 avails
 avatar
@@ -638,14 +635,12 @@ bigwig
 bijoux
 bikers
 biking
-bikini
 bilges
 bilked
 bilker
 billed
 billet
 billow
-bimbos
 binary
 binder
 binged
@@ -710,8 +705,6 @@ blocks
 blokes
 blonde
 blonds
-bloods
-bloody
 blooms
 bloops
 blotch
@@ -817,8 +810,6 @@ bounds
 bounty
 bovine
 bovver
-bowels
-bowers
 bowing
 bowled
 bowleg
@@ -827,10 +818,8 @@ bowman
 bowmen
 bowwow
 boxcar
-boxers
 boxier
 boxing
-boyish
 braced
 bracer
 braces
@@ -861,7 +850,6 @@ breach
 breads
 breaks
 breams
-breast
 breath
 breech
 breeds
@@ -872,9 +860,6 @@ brevet
 brewed
 brewer
 briars
-bribed
-briber
-bribes
 bricks
 bridal
 brides
@@ -926,13 +911,7 @@ buffed
 buffer
 buffet
 bugged
-bugger
-bugled
-bugler
-bugles
 builds
-bulged
-bulges
 bulked
 bulled
 bullet
@@ -1340,8 +1319,6 @@ clingy
 clinic
 clinks
 clique
-cloaca
-cloaks
 cloche
 clocks
 clomps
@@ -1448,7 +1425,6 @@ comply
 compos
 conchs
 concur
-condom
 condor
 condos
 coneys
@@ -1568,8 +1544,6 @@ cranes
 cranks
 cranky
 cranny
-crapes
-crappy
 crated
 crater
 crates
@@ -1585,7 +1559,6 @@ crazes
 creaks
 creaky
 creams
-creamy
 crease
 create
 creche
@@ -1594,8 +1567,6 @@ credos
 creeds
 creeks
 creels
-creeps
-creepy
 cremes
 creole
 crepes
@@ -1728,9 +1699,6 @@ dainty
 daises
 damage
 damask
-dammed
-dammit
-damned
 damped
 dampen
 damper
@@ -1754,7 +1722,6 @@ darers
 daring
 darken
 darker
-darkie
 darkly
 darned
 darner
@@ -1763,8 +1730,6 @@ darter
 dashed
 dasher
 dashes
-daters
-dating
 dative
 daubed
 dauber
@@ -1921,7 +1886,6 @@ dharma
 dhotis
 diadem
 dialog
-diaper
 diatom
 dibble
 dicier
@@ -1943,7 +1907,6 @@ digits
 diking
 diktat
 dilate
-dildos
 dilute
 dimity
 dimmed
@@ -2058,7 +2021,6 @@ dotted
 double
 doubly
 doubts
-douche
 doughy
 dourer
 dourly
@@ -2139,15 +2101,6 @@ duenna
 duffed
 duffer
 dugout
-dulcet
-dulled
-duller
-dumber
-dumbly
-dumbos
-dumdum
-dumped
-dumper
 dunces
 dunged
 dunked
@@ -2285,7 +2238,6 @@ endows
 endued
 endues
 endure
-enemas
 energy
 enfold
 engage
@@ -2333,7 +2285,6 @@ erects
 ermine
 eroded
 erodes
-erotic
 errand
 errant
 errata
@@ -2344,7 +2295,6 @@ eructs
 erupts
 escape
 eschew
-escort
 escrow
 escudo
 espied
@@ -2363,7 +2313,6 @@ ethnic
 etudes
 euchre
 eulogy
-eunuch
 eureka
 evaded
 evader
@@ -2392,7 +2341,6 @@ exempt
 exerts
 exeunt
 exhale
-exhort
 exhume
 exiled
 exiles
@@ -2415,7 +2363,6 @@ extant
 extend
 extent
 extols
-extort
 extras
 exuded
 exudes
@@ -2440,7 +2387,6 @@ faeces
 faerie
 faffed
 fagged
-faggot
 failed
 faille
 fainer
@@ -2473,18 +2419,10 @@ faring
 farmed
 farmer
 farrow
-farted
 fascia
 fasted
 fasten
 faster
-father
-fathom
-fating
-fatsos
-fatten
-fatter
-fatwas
 faucet
 faults
 faulty
@@ -2532,7 +2470,6 @@ fesses
 festal
 fester
 feting
-fetish
 fetter
 fettle
 feudal
@@ -2617,9 +2554,7 @@ flaked
 flakes
 flambe
 flamed
-flamer
 flames
-flange
 flanks
 flared
 flares
@@ -2754,8 +2689,6 @@ franks
 frappe
 frauds
 frayed
-freaks
-freaky
 freely
 freest
 freeze
@@ -2795,8 +2728,6 @@ fryers
 frying
 ftpers
 ftping
-fucked
-fucker
 fuddle
 fudged
 fudges
@@ -2891,10 +2822,7 @@ gasbag
 gashed
 gashes
 gasket
-gasman
-gasmen
 gasped
-gassed
 gasses
 gateau
 gather
@@ -3104,7 +3032,6 @@ grimed
 grimes
 grimly
 grinds
-gringo
 griped
 griper
 gripes
@@ -3186,8 +3113,6 @@ gypsum
 gyrate
 gyving
 habits
-hacked
-hacker
 hackle
 hadith
 haggis
@@ -3195,8 +3120,6 @@ haggle
 hailed
 hairdo
 haired
-hajjes
-hajjis
 halest
 haling
 halite
@@ -3223,11 +3146,8 @@ happen
 haptic
 harass
 harden
-harder
-hardly
 harems
 haring
-harked
 harlot
 harmed
 harped
@@ -3407,7 +3327,6 @@ hoofed
 hoofer
 hookah
 hooked
-hooker
 hookup
 hooped
 hoopla
@@ -3459,8 +3378,6 @@ huffed
 hugely
 hugest
 hugged
-hulled
-huller
 humane
 humans
 humble
@@ -3667,8 +3584,6 @@ jacket
 jading
 jagged
 jaguar
-jailed
-jailer
 jalopy
 jammed
 jangle
@@ -3689,8 +3604,6 @@ jejune
 jelled
 jellos
 jennet
-jerked
-jerkin
 jersey
 jested
 jester
@@ -3814,11 +3727,7 @@ kidded
 kidder
 kiddie
 kiddos
-kidnap
 kidney
-killed
-killer
-kilned
 kilted
 kilter
 kimono
@@ -3827,15 +3736,11 @@ kinder
 kindle
 kindly
 kingly
-kinked
 kiosks
 kipped
 kipper
 kirsch
 kismet
-kissed
-kisser
-kisses
 kiting
 kitsch
 kitted
@@ -3847,10 +3752,6 @@ kluges
 klutzy
 knacks
 knaves
-kneads
-kneels
-knells
-knifed
 knifes
 knight
 knives
@@ -4210,8 +4111,6 @@ lunges
 lupine
 lupins
 luring
-lurked
-lurker
 lusher
 lushes
 lushly
@@ -4608,7 +4507,6 @@ muggle
 mukluk
 mulcts
 mulish
-mullah
 mulled
 mullet
 mumble
@@ -4721,9 +4619,6 @@ nickel
 nicker
 nickle
 nieces
-niggas
-niggaz
-nigger
 niggle
 nigher
 nights
@@ -4736,7 +4631,6 @@ ninjas
 ninths
 nipped
 nipper
-nipple
 nitric
 nitwit
 nixing
@@ -4781,15 +4675,6 @@ nozzle
 nuance
 nubbin
 nubile
-nuclei
-nudest
-nudged
-nudges
-nudism
-nudist
-nudity
-nugget
-nuking
 numbed
 number
 numbly
@@ -4804,7 +4689,6 @@ nutter
 nuzzle
 nybble
 nylons
-nympho
 nymphs
 oafish
 oaring
@@ -4885,7 +4769,6 @@ opting
 option
 opuses
 oracle
-orally
 orange
 orated
 orates
@@ -4897,7 +4780,6 @@ ordeal
 orders
 ordure
 organs
-orgasm
 orgies
 oriels
 orient
@@ -4993,10 +4875,6 @@ pander
 panels
 panics
 panned
-panted
-pantie
-pantos
-pantry
 papacy
 papaya
 papers
@@ -5078,7 +4956,6 @@ pebble
 pebbly
 pecans
 pecked
-pecker
 pectic
 pectin
 pedalo
@@ -5151,9 +5028,6 @@ phenom
 phials
 phlegm
 phloem
-phobia
-phobic
-phoebe
 phoned
 phones
 phoney
@@ -5228,9 +5102,6 @@ piques
 piracy
 pirate
 pirogi
-pissed
-pisser
-pisses
 pistes
 pistil
 pistol
@@ -5311,8 +5182,6 @@ pogrom
 points
 pointy
 poised
-poises
-poison
 pokers
 pokeys
 pokier
@@ -5422,7 +5291,6 @@ preyed
 priced
 prices
 pricey
-pricks
 prided
 prides
 priers
@@ -5602,14 +5470,9 @@ rabbit
 rabble
 rabies
 raceme
-racers
-racial
 racier
 racily
 racing
-racism
-racist
-racked
 racket
 radars
 radial
@@ -5661,8 +5524,6 @@ rapers
 rapids
 rapier
 rapine
-raping
-rapist
 rapped
 rappel
 rapper
@@ -5747,7 +5608,6 @@ recoup
 rectal
 rector
 rectos
-rectum
 recurs
 recuse
 redact
@@ -5891,7 +5751,6 @@ resume
 retail
 retain
 retake
-retard
 retell
 retest
 retied
@@ -6125,8 +5984,6 @@ sadden
 sadder
 saddle
 sadhus
-sadism
-sadist
 safari
 safely
 safest
@@ -6364,16 +6221,6 @@ severs
 sewage
 sewers
 sewing
-sexier
-sexily
-sexing
-sexism
-sexist
-sexpot
-sextet
-sexton
-sexual
-shabby
 shacks
 shaded
 shades
@@ -6383,10 +6230,7 @@ shaggy
 shaken
 shaker
 shakes
-shalom
 shaman
-shamed
-shames
 shandy
 shanks
 shanty
@@ -6432,7 +6276,6 @@ shirks
 shirrs
 shirts
 shirty
-shitty
 shiver
 shoals
 shoats
@@ -6575,9 +6418,6 @@ slangy
 slants
 slated
 slates
-slaved
-slaver
-slaves
 slayed
 slayer
 sleaze
@@ -6672,7 +6512,6 @@ snarks
 snarky
 snarls
 snarly
-snatch
 snazzy
 sneaks
 sneaky
@@ -6716,7 +6555,6 @@ socket
 sodded
 sodden
 sodium
-sodomy
 soever
 soften
 softer
@@ -7468,7 +7306,6 @@ torrid
 torsos
 tortes
 tossed
-tosser
 tosses
 tossup
 totals
@@ -7686,7 +7523,6 @@ unhook
 unhurt
 unions
 unique
-unisex
 unison
 united
 unites
@@ -7793,7 +7629,6 @@ vacant
 vacate
 vacuum
 vagary
-vagina
 vaguer
 vainer
 vainly
@@ -7930,9 +7765,6 @@ votive
 vowels
 vowing
 voyage
-voyeur
-vulgar
-vulvae
 wabbit
 wacker
 wackos
@@ -7975,7 +7807,6 @@ wander
 wangle
 waning
 wanked
-wanker
 wanner
 wanted
 wanton

app/local_data/words.txt

@@ -1944,7 +1944,6 @@ dosage
 dose
 dotted
 doubling
-douche
 dove
 down
 dowry
@@ -3015,7 +3014,6 @@ groom
 groove
 grooving
 groovy
-grope
 ground
 grouped
 grout
@@ -3135,7 +3133,6 @@ happiness
 happy
 harbor
 hardcopy
-hardcore
 hardcover
 harddisk
 hardened
@@ -6553,7 +6550,6 @@ swimmer
 swimming
 swimsuit
 swimwear
-swinger
 swinging
 swipe
 swirl

app/poetry.lock

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.7.0 and should not be changed by hand.
 
 [[package]]
 name = "aiohttp"
@@ -2831,6 +2831,32 @@ files = [
 docs = ["ryd"]
 jinja2 = ["ruamel.yaml.jinja2 (>=0.2)"]
 
+[[package]]
+name = "ruff"
+version = "0.1.5"
+description = "An extremely fast Python linter and code formatter, written in Rust."
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "ruff-0.1.5-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:32d47fc69261c21a4c48916f16ca272bf2f273eb635d91c65d5cd548bf1f3d96"},
+    {file = "ruff-0.1.5-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:171276c1df6c07fa0597fb946139ced1c2978f4f0b8254f201281729981f3c17"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:17ef33cd0bb7316ca65649fc748acc1406dfa4da96a3d0cde6d52f2e866c7b39"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b2c205827b3f8c13b4a432e9585750b93fd907986fe1aec62b2a02cf4401eee6"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bb408e3a2ad8f6881d0f2e7ad70cddb3ed9f200eb3517a91a245bbe27101d379"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:f20dc5e5905ddb407060ca27267c7174f532375c08076d1a953cf7bb016f5a24"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:aafb9d2b671ed934998e881e2c0f5845a4295e84e719359c71c39a5363cccc91"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a4894dddb476597a0ba4473d72a23151b8b3b0b5f958f2cf4d3f1c572cdb7af7"},
+    {file = "ruff-0.1.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a00a7ec893f665ed60008c70fe9eeb58d210e6b4d83ec6654a9904871f982a2a"},
+    {file = "ruff-0.1.5-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:a8c11206b47f283cbda399a654fd0178d7a389e631f19f51da15cbe631480c5b"},
+    {file = "ruff-0.1.5-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:fa29e67b3284b9a79b1a85ee66e293a94ac6b7bb068b307a8a373c3d343aa8ec"},
+    {file = "ruff-0.1.5-py3-none-musllinux_1_2_i686.whl", hash = "sha256:9b97fd6da44d6cceb188147b68db69a5741fbc736465b5cea3928fdac0bc1aeb"},
+    {file = "ruff-0.1.5-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:721f4b9d3b4161df8dc9f09aa8562e39d14e55a4dbaa451a8e55bdc9590e20f4"},
+    {file = "ruff-0.1.5-py3-none-win32.whl", hash = "sha256:f80c73bba6bc69e4fdc73b3991db0b546ce641bdcd5b07210b8ad6f64c79f1ab"},
+    {file = "ruff-0.1.5-py3-none-win_amd64.whl", hash = "sha256:c21fe20ee7d76206d290a76271c1af7a5096bc4c73ab9383ed2ad35f852a0087"},
+    {file = "ruff-0.1.5-py3-none-win_arm64.whl", hash = "sha256:82bfcb9927e88c1ed50f49ac6c9728dab3ea451212693fe40d08d314663e412f"},
+    {file = "ruff-0.1.5.tar.gz", hash = "sha256:5cbec0ef2ae1748fb194f420fb03fb2c25c3258c86129af7172ff8f198f125ab"},
+]
+
 [[package]]
 name = "s3transfer"
 version = "0.3.3"
@@ -3674,4 +3700,4 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.10"
-content-hash = "8bf71c74c8f4d1afe6b1ab0912702cdb47086474168bed8a9230c398abf349dd"
+content-hash = "01afc410d21eeac0a0ac7e8ef6eeb0a991cf4bc091c3351049263462e205ff63"

app/pyproject.toml

@@ -18,6 +18,10 @@ exclude = '''
 )
 '''
 
+[tool.ruff]
+ignore-init-module-imports = true
+exclude = [".venv", "migrations"]
+
 [tool.djlint]
 indent = 2
 profile = "jinja"
@@ -121,6 +125,9 @@ black = "^22.1.0"
 djlint = "^1.3.0"
 pylint = "^2.14.4"
 
+[tool.poetry.group.dev.dependencies]
+ruff = "^0.1.5"
+
 [build-system]
 requires = ["poetry>=0.12"]
 build-backend = "poetry.masonry.api"

app/server.py

@@ -407,8 +407,10 @@ def jinja2_filter(app):
 
     @app.context_processor
     def inject_stage_and_region():
+        now = arrow.now()
         return dict(
-            YEAR=arrow.now().year,
+            YEAR=now.year,
+            NOW=now,
             URL=URL,
             SENTRY_DSN=SENTRY_FRONT_END_DSN,
             VERSION=SHA1,
@@ -641,7 +643,7 @@ def setup_paddle_callback(app: Flask):
 
     @app.route("/paddle_coupon", methods=["GET", "POST"])
     def paddle_coupon():
-        LOG.d(f"paddle coupon callback %s", request.form)
+        LOG.d("paddle coupon callback %s", request.form)
 
         if not paddle_utils.verify_incoming_request(dict(request.form)):
             LOG.e("request not coming from paddle. Request data:%s", dict(request.form))

app/shell.py

@@ -1,13 +1,12 @@
-from time import sleep
-
 import flask_migrate
 from IPython import embed
 from sqlalchemy_utils import create_database, database_exists, drop_database
 
 from app import models
 from app.config import DB_URI
-from app.models import *
+from app.db import Session
-
+from app.log import LOG
+from app.models import User, RecoveryCode
 
 if False:
     # noinspection PyUnreachableCode

app/templates/auth/mfa.html

@@ -15,7 +15,7 @@
         {{ otp_token_form.csrf_token }}
         <input type="hidden" name="form-name" value="create" />
         <div class="font-weight-bold mt-5">Token</div>
-        <div class="small-text mb-3">Please enter the 2FA code from your 2FA authenticator</div>
+        <div class="small-text mb-3">Please enter the 2FA code from your authenticator app</div>
         {{ otp_token_form.token(class="form-control", autofocus="true") }}
         {{ render_field_errors(otp_token_form.token) }}
         <div class="form-check">

app/templates/auth/register.html

@@ -9,7 +9,7 @@
       <h1 class="card-title">Create new account</h1>
       <div class="form-group">
         <label class="form-label">Email address</label>
-        {{ form.email(class="form-control", type="email", placeholder="YourName@protonmail.com") }}
+        {{ form.email(class="form-control", type="email", placeholder="username@proton.me") }}
         <div class="small-text alert alert-info" style="margin-top: 1px">
           Emails sent to your alias will be forwarded to this email address.
           <br>

app/templates/auth/register_waiting_activation.html

@@ -7,6 +7,7 @@
     <div class="card-body p-6 text-center">
       <h1 class="h4">An email to validate your email is on its way.</h1>
       <p>Please check your inbox/spam folder.</p>
+      <p>Make sure to mark the message as not spam so that future messages come to your normal inbox</p>
     </div>
   </div>
 {% endblock %}

app/templates/base.html

@@ -86,7 +86,7 @@
   </head>
   <body>
     <div class="page">
-      {% if current_user.is_authenticated and current_user.should_show_upgrade_button() %}
+      {% if NOW.timestamp < 1701475201 and current_user.is_authenticated and current_user.should_show_upgrade_button() %}
 
         <div class="alert alert-success text-center mb-0" role="alert">
           Black Friday: $20 for the first year instead of $30. Available until December 1st.

app/templates/dashboard/alias_contact_manager.html

@@ -59,6 +59,8 @@
       </div>
     </div>
   </div>
+  {% if can_create_contacts %}
+
     <div class="row mb-5">
       <div class="col-12 col-lg-6 pt-1">
         <form method="post">
@@ -79,6 +81,7 @@
           {% endif %}
         </form>
       </div>
+    {% endif %}
     <div class="col-12 col-lg-6 pt-1">
       <div class="float-right d-flex">
         <form method="post">

app/templates/dashboard/custom_alias.html

@@ -17,7 +17,7 @@
               <b>hello@{{ FIRST_ALIAS_DOMAIN }}</b>,
               <b>me@{{ FIRST_ALIAS_DOMAIN }}</b>, etc.
               <br />
-              If you add your own domain, this restriction is removed, and you can fully customize the alias.
+              If you add your own domain (or subdomain), this restriction is removed, and you can fully customize the alias.
               <br />
             </div>
           </div>
@@ -93,6 +93,7 @@
         </div>
         <div class="row">
           <div class="col p-1">
+            {{ csrf_form.csrf_token }}
             <button type="submit" id="create" class="btn btn-primary mt-1">Create</button>
           </div>
         </div>

app/templates/dashboard/mfa_setup.html

@@ -12,7 +12,7 @@
     <div class="card-body">
       <h1 class="h3">Two Factor Authentication - TOTP</h1>
       <p>
-        You will need to use a 2FA application like Google Authenticator or Authy on your phone or PC and scan the following QR Code:
+        You will need to use a 2FA application like Proton Pass or Aegis on your phone or PC and scan the following QR Code:
       </p>
       <canvas id="qr"></canvas>
       <script>

app/templates/dashboard/notification.html

@@ -10,7 +10,7 @@
       <div>{{ notification.message | safe }}</div>
       <form method="post"
             class="float-right mt-3"
-            onsubmit="return confirm('This operation is not reversible, please confirm');">
+            onsubmit="return confirm('This operation is irreversible, please confirm');">
         <button class="btn btn-outline-danger">Delete</button>
       </form>
     </div>

app/templates/dashboard/pricing.html

@@ -57,6 +57,8 @@
 {% endblock %}
 {% block default_content %}
 
+  {% if NOW.timestamp < 1701475201 %}
+
     <div class="alert alert-info">
       Black Friday Deal: 33% off on the yearly plan for the <b>first</b> year ($20 instead of $30).
       <br>
@@ -70,6 +72,7 @@
       <br>
       Available until December 1, 2023.
     </div>
+  {% endif %}
   <div class="pb-8">
     <div class="text-center mx-md-auto mb-8 mt-6">
       <h1>Upgrade to unlock premium features</h1>

app/templates/dashboard/support.html

@@ -18,7 +18,7 @@
           <br />
           For generic questions, i.e. not related to your account, we recommend to post the question on
           our
-          <a href="https://www.reddit.com/r/Simplelogin/">Reddit</a>
+          <a href="https://www.reddit.com/r/Simplelogin/">Reddit</a> or <a href="https://forum.simplelogin.io/">our official forum</a>
           where our community can help answer the question
           and other people with the same question can find the answer there.
         </div>

app/templates/dashboard/unsubscribe.html

@@ -1,17 +1,19 @@
 {% extends "default.html" %}
 
 {% set active_page = "dashboard" %}
-{% block title %}Block an alias{% endblock %}
+{% block title %}Deactivate an alias{% endblock %}
 {% block default_content %}
 
   <div class="card">
     <div class="card-body">
-      <h1 class="h3">Block alias</h1>
+      <h1 class="h3">Deactivate alias</h1>
       <p>
-        You are about to block the alias
+        You are about to deactivate the alias
         <a href="mailto:{{ alias }}" target="_blank">{{ alias }}</a>
       </p>
-      <p>After this, you will stop receiving all emails sent to this alias, please confirm.</p>
+      <p>
+        After this, you will stop receiving all emails sent to this alias, please confirm. You will always be able to re-activate it untill you will decide to delete it.
+      </p>
       <form method="post">
         <button class="btn btn-warning">Confirm</button>
       </form>

app/templates/emails/com/onboarding/welcome-proton-user.html

@@ -43,9 +43,8 @@ Note, if you are a paying Proton Mail user, you automatically receive the premiu
 {% endcall %}
 
 {% call text() %}
-For any question, feedback or feature request, please join our
+For any question or feedback, please join our <a href="https://forum.simplelogin.io/">official forum</a>.
-<a href="https://github.com/simple-login/app/discussions">GitHub forum</a>
+If you want to request a feature, please submit it on our <a href="https://github.com/simple-login/app/discussions">GitHub repo</a>.
-.
 You can also join our
 <a href="https://www.reddit.com/r/Simplelogin/">Reddit</a>
 or follow our

app/templates/emails/com/onboarding/welcome-proton-user.txt.jinja2

@@ -13,7 +13,8 @@ SimpleLogin is also available on Android and iOS so you can manage your aliases
 
 Note, if you are a paying Proton Mail user, you automatically receive the premium version of SimpleLogin.
 
-For any question, feedback or feature request, please join our GitHub forum.
+For any question or feedback, please join our official forum.
+If you want to request a feature, please submit it on our GitHub repo.
 You can also join our Reddit or follow our Twitter.
 
 Best,
@@ -26,7 +27,8 @@ Firefox: https://addons.mozilla.org/firefox/addon/simplelogin/
 Edge: https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff
 Android: https://play.google.com/store/apps/details?id=io.simplelogin.android
 iOS: https://apps.apple.com/app/id1494359858
-Github forum: https://github.com/simple-login/app/discussions
+Github repo: https://github.com/simple-login/app/discussions
+Official forum: https://forum.simplelogin.io/
 Reddit: https://www.reddit.com/r/Simplelogin/
 Twitter: https://twitter.com/simple_login
 

app/templates/emails/com/welcome.html

@@ -71,9 +71,10 @@ Please note that you can't create more than {{ MAX_NB_EMAIL_FREE_PLAN }} aliases
 
 {% endif %}
 {% call text() %}
-For any question, feedback or feature request, please join our
+For any question or feedback,
-<a href="https://github.com/simple-login/app/discussions">GitHub forum</a>
+please join our <a href="https://forum.simplelogin.io/">official forum</a>.
-.
+If you want to request a feature,
+please submit it on our <a href="https://github.com/simple-login/app/discussions">GitHub repo</a>.
 You can also join our
 <a href="https://www.reddit.com/r/Simplelogin/">Reddit</a>
 or follow our

app/templates/emails/com/welcome.txt

@@ -26,6 +26,8 @@ No worries: all aliases you create during this period will continue to work norm
 
 At any time, you can reach out to us by simply replying to this email.
 
-For any question, feedback or feature request, please join our GitHub forum at https://github.com/simple-login/app/discussions
+For any question or feedback, please join our official forum at https://forum.simplelogin.io/
+
+If you want to request a feature, please submit it on our GitHub repo at https://github.com/simple-login/app/discussions
 
 You can also join our Reddit at https://www.reddit.com/r/Simplelogin/ follow our Twitter at https://twitter.com/simplelogin

app/templates/emails/transactional/activation.html

@@ -4,6 +4,7 @@
 
   {{ render_text("Thank you for choosing SimpleLogin.") }}
   {{ render_text("To get started, please confirm that <b>" + email + "</b> is your email address by clicking on the button below within 1 hour.") }}
+  {{ render_text("If it wasn't you, maybe someone entered your email by mistake. In this case you can ignore this mail.") }}
   {{ render_button("Verify email", activation_link) }}
   {{ render_text('Thanks,
   <br />

app/templates/emails/transactional/activation.txt

@@ -4,4 +4,6 @@
 Thank you for choosing SimpleLogin.
 
 To get started, please confirm that {{email}} is your email address using this link {{activation_link}} within 1 hour.
+
+If it wasn't you, maybe someone entered your email by mistake. In this case you can ignore this mail.
 {% endblock %}

app/templates/emails/transactional/warn-multiple-registration.html

@@ -7,7 +7,7 @@
 {% endcall %}
 
 {% call text() %}
-Your have tried to register multiple times to {{ service }}, and this is against the terms of service of SimpleLogin. Please don't do that anymore.
+You have tried to register multiple times to {{ service }}, and this is against the terms of service of SimpleLogin. Please don't do that anymore.
 {% endcall %}
 
 {% call text() %}

app/templates/footer.html

@@ -17,8 +17,7 @@
           SimpleLogin is an <a href="https://github.com/simple-login">open source</a> email alias solution to protect your email address.
         </p>
         <p class="small text-white">
-          SimpleLogin is the product of SimpleLogin SAS, registered in France under the SIREN number 884302134.
+          SimpleLogin is the product of <a href="https://proton.me">Proton AG</a>, registered in Switzerland under number CHE-354.686.492.
-          SimpleLogin SAS is part of <a href="https://proton.me">Proton AG</a>.
         </p>
       </div>
     </div>
@@ -38,12 +37,6 @@
                    alt="GitHub">
             </a>
           </li>
-          <li>
-            <a class="list-group-item text-white footer-item "
-               href="https://github.com/simple-login/app/blob/master/docs/api.md">
-              API Docs
-            </a>
-          </li>
           <li>
             <a class="list-group-item text-white footer-item "
                href="https://status.simplelogin.io/">Status</a>
@@ -61,18 +54,10 @@
             <a class="list-group-item text-white footer-item"
                href="https://simplelogin.io/blog/">Blog</a>
           </li>
-          <li>
-            <a class="list-group-item text-white footer-item"
-               href="https://simplelogin.io/job/">Join Us</a>
-          </li>
           <li>
             <a class="list-group-item text-white footer-item"
                href="https://simplelogin.io/about/">About Us</a>
           </li>
-          <li>
-            <a class="list-group-item text-white footer-item"
-               href="https://github.com/simple-login/app/projects/1">Roadmap</a>
-          </li>
           <li>
             <a class="list-group-item text-white footer-item"
                href="https://simplelogin.io/contact/">Contact Us</a>
@@ -106,37 +91,9 @@
             <a class="list-group-item text-white footer-item "
                href="https://simplelogin.io/docs/">Documentation</a>
           </li>
-        </ul>
-      </div>
-      <div class="col-sm-4 col-lg-2 mb-4">
-        <h3 class="h4 text-white">Comparisons</h3>
-        <ul class="list-group list-group-transparent list-group-white list-group-flush list-group-borderless mb-0 footer-list-group">
           <li>
             <a class="list-group-item text-white footer-item "
-               href="https://simplelogin.io/blog/email-alias-vs-plus-sign/">
+               href="https://forum.simplelogin.io">Forum</a>
-              vs Plus Sign (+) Trick
-            </a>
-          </li>
-          <li>
-            <a class="list-group-item text-white footer-item"
-               href="https://simplelogin.io/blog/vs-firefox-relay/">
-              vs
-              Firefox Relay
-            </a>
-          </li>
-          <li>
-            <a class="list-group-item text-white footer-item"
-               href="https://simplelogin.io/blog/vs-burner-mail/">
-              vs
-              Burner Mail
-            </a>
-          </li>
-          <li>
-            <a class="list-group-item text-white footer-item"
-               href="https://simplelogin.io/blog/alternative-33mail/">
-              vs
-              33mail
-            </a>
           </li>
         </ul>
       </div>

app/templates/header.html

@@ -83,7 +83,14 @@
                 </a>
               </div>
               <div class="dropdown-item">
-                <a href="https://github.com/simple-login/app/discussions"
+                <a href="https://github.com/simple-login/app/"
+                   target="_blank"
+                   rel="noopener noreferrer">
+                  Github repo
+                  <i class="fa fa-external-link" aria-hidden="true"></i>
+                </a>
+                <div class="dropdown-item">
+                  <a href="https://forum.simplelogin.io"
                      target="_blank"
                      rel="noopener noreferrer">
                     Forum

app/templates/menu.html

@@ -106,7 +106,7 @@
             </a>
           </div>
           <div class="dropdown-item">
-            <a href="https://github.com/simple-login/app/discussions"
+            <a href="https://forum.simplelogin.io/"
                target="_blank"
                rel="noopener noreferrer">
               Forum

app/tests/api/test_alias_options.py

@@ -58,7 +58,7 @@ def test_different_scenarios_v4_2(flask_client):
     assert r.json["suffixes"]
     assert r.json["prefix_suggestion"] == ""  # no hostname => no suggestion
 
-    for (suffix, signed_suffix) in r.json["suffixes"]:
+    for suffix, signed_suffix in r.json["suffixes"]:
         assert signed_suffix.startswith(suffix)
 
     # <<< with hostname >>>

app/tests/api/test_user_info.py

@@ -1,6 +1,7 @@
 from flask import url_for
 
 from app import config
+from app.db import Session
 from app.models import User, PartnerUser
 from app.proton.utils import get_proton_partner
 from tests.api.utils import get_new_user_and_api_key
@@ -23,6 +24,7 @@ def test_user_in_trial(flask_client):
         "profile_picture_url": None,
         "max_alias_free_plan": config.MAX_NB_EMAIL_FREE_PLAN,
         "connected_proton_address": None,
+        "can_create_reverse_alias": True,
     }
 
 
@@ -52,9 +54,24 @@ def test_user_linked_to_proton(flask_client):
         "profile_picture_url": None,
         "max_alias_free_plan": config.MAX_NB_EMAIL_FREE_PLAN,
         "connected_proton_address": partner_email,
+        "can_create_reverse_alias": user.can_create_contacts(),
     }
 
 
+def test_cannot_create_reverse_alias(flask_client):
+    user, api_key = get_new_user_and_api_key()
+    user.trial_end = None
+    Session.flush()
+    config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS = True
+
+    r = flask_client.get(
+        url_for("api.user_info"), headers={"Authentication": api_key.code}
+    )
+
+    assert r.status_code == 200
+    assert not r.json["can_create_reverse_alias"]
+
+
 def test_wrong_api_key(flask_client):
     r = flask_client.get(
         url_for("api.user_info"), headers={"Authentication": "Invalid code"}

app/tests/jobs/test_job_runner.py

@@ -56,6 +56,7 @@ def test_get_jobs_to_run(flask_client):
         run_at=now.shift(hours=3),
     )
     # Job out of attempts
+    (
         Job.create(
             name="",
             payload="",
@@ -63,6 +64,7 @@ def test_get_jobs_to_run(flask_client):
             taken_at=now.shift(minutes=-(config.JOB_TAKEN_RETRY_WAIT_MINS + 10)),
             attempts=config.JOB_MAX_ATTEMPTS + 1,
         ),
+    )
     Session.commit()
     jobs = get_jobs_to_run()
     assert len(jobs) == len(expected_jobs_to_run)

app/tests/models/test_alias.py

@@ -0,0 +1,17 @@
+from app.db import Session
+from app.models import Alias, Mailbox, AliasMailbox
+from tests.utils import create_new_user, random_email
+
+
+def test_duplicated_mailbox_is_returned_only_once():
+    user = create_new_user()
+    other_mailbox = Mailbox.create(user_id=user.id, email=random_email(), verified=True)
+    alias = Alias.create_new_random(user)
+    AliasMailbox.create(mailbox_id=other_mailbox.id, alias_id=alias.id)
+    AliasMailbox.create(mailbox_id=user.default_mailbox_id, alias_id=alias.id)
+    Session.flush()
+    alias_mailboxes = alias.mailboxes
+    assert len(alias_mailboxes) == 2
+    alias_mailbox_id = [mailbox.id for mailbox in alias_mailboxes]
+    assert user.default_mailbox_id in alias_mailbox_id
+    assert other_mailbox.id in alias_mailbox_id

app/tests/test_email_utils.py

@@ -7,7 +7,7 @@ import arrow
 import pytest
 
 from app import config
-from app.config import MAX_ALERT_24H, EMAIL_DOMAIN, ROOT_DIR
+from app.config import MAX_ALERT_24H, ROOT_DIR
 from app.db import Session
 from app.email_utils import (
     get_email_domain_part,
@@ -16,7 +16,6 @@ from app.email_utils import (
     delete_header,
     add_or_replace_header,
     send_email_with_rate_control,
-    copy,
     get_spam_from_header,
     get_header_from_bounce,
     add_header,

app/tests/test_jose_utils.py

@@ -17,7 +17,7 @@ def test_encode_decode(flask_client):
 
     jwt_token = make_id_token(client_user)
 
-    assert type(jwt_token) is str
+    assert isinstance(jwt_token, str)
     assert verify_id_token(jwt_token)
 
 

app/tests/test_pgp_utils.py

@@ -49,9 +49,9 @@ def encrypt_decrypt_text(text: str):
     priv = pgpy.PGPKey()
     priv.parse(private_key)
     decrypted = priv.decrypt(encrypted).message
-    if type(decrypted) == str:
+    if isinstance(decrypted, str):
         assert decrypted == text
-    elif type(decrypted) == bytearray:
+    elif isinstance(decrypted, bytearray):
         assert decrypted.decode() == text