Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9fd2fa9a78 | |||
| 3c77f8af4b | |||
| 545eeda79b | |||
| 01dba12ed0 | |||
| c872d43c3d | |||
| 3e6867bc17 | |||
| a829074584 | |||
| 25834e8f61 | |||
| a62b43b7c4 | |||
| 44fda2d94e | |||
| bc48198bb1 |
@ -84,7 +84,7 @@ For email gurus, we have chosen 1024 key length instead of 2048 for DNS simplici
|
||||
|
||||
### DNS
|
||||
|
||||
Please note that DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 minute or so in our test). In DNS setup, we usually use domain with a trailing dot (`.`) at the end to to force using absolute domain.
|
||||
Please note that DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 minute or so in our test). In DNS setup, we usually use domain with a trailing dot (`.`) at the end to force using absolute domain.
|
||||
|
||||
|
||||
#### MX record
|
||||
|
||||
@ -7,8 +7,4 @@ If you want be up to date on security patches, make sure your SimpleLogin image
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you've found a security vulnerability, you can disclose it responsibly by sending a summary to security@simplelogin.io.
|
||||
We will review the potential threat and fix it as fast as we can.
|
||||
|
||||
We are incredibly thankful for people who disclose vulnerabilities, unfortunately we do not have a bounty program in place yet.
|
||||
|
||||
If you want to report a vulnerability, please take a look at our bug bounty program at https://proton.me/security/bug-bounty.
|
||||
|
||||
@ -3,12 +3,17 @@ from dataclasses import dataclass
|
||||
from enum import Enum
|
||||
from typing import Optional
|
||||
|
||||
import arrow
|
||||
import sqlalchemy.exc
|
||||
from arrow import Arrow
|
||||
from newrelic import agent
|
||||
from psycopg2.errors import UniqueViolation
|
||||
from sqlalchemy import or_
|
||||
|
||||
from app.db import Session
|
||||
from app.email_utils import send_welcome_email
|
||||
from app.events.event_dispatcher import EventDispatcher
|
||||
from app.events.generated.event_pb2 import UserPlanChanged, EventContent
|
||||
from app.partner_user_utils import create_partner_user, create_partner_subscription
|
||||
from app.utils import sanitize_email, canonicalize_email
|
||||
from app.errors import (
|
||||
@ -31,6 +36,7 @@ from app.utils import random_string
|
||||
class SLPlanType(Enum):
|
||||
Free = 1
|
||||
Premium = 2
|
||||
PremiumLifetime = 3
|
||||
|
||||
|
||||
@dataclass
|
||||
@ -54,8 +60,24 @@ class LinkResult:
|
||||
strategy: str
|
||||
|
||||
|
||||
def send_user_plan_changed_event(partner_user: PartnerUser) -> Optional[int]:
|
||||
subscription_end = partner_user.user.get_active_subscription_end(
|
||||
include_partner_subscription=False
|
||||
)
|
||||
end_timestamp = None
|
||||
if partner_user.user.lifetime:
|
||||
end_timestamp = arrow.get("2038-01-01").timestamp
|
||||
elif subscription_end:
|
||||
end_timestamp = subscription_end.timestamp
|
||||
event = UserPlanChanged(plan_end_time=end_timestamp)
|
||||
EventDispatcher.send_event(partner_user.user, EventContent(user_plan_change=event))
|
||||
Session.flush()
|
||||
return end_timestamp
|
||||
|
||||
|
||||
def set_plan_for_partner_user(partner_user: PartnerUser, plan: SLPlan):
|
||||
sub = PartnerSubscription.get_by(partner_user_id=partner_user.id)
|
||||
is_lifetime = plan.type == SLPlanType.PremiumLifetime
|
||||
if plan.type == SLPlanType.Free:
|
||||
if sub is not None:
|
||||
LOG.i(
|
||||
@ -64,30 +86,37 @@ def set_plan_for_partner_user(partner_user: PartnerUser, plan: SLPlan):
|
||||
PartnerSubscription.delete(sub.id)
|
||||
agent.record_custom_event("PlanChange", {"plan": "free"})
|
||||
else:
|
||||
end_time = plan.expiration
|
||||
if plan.type == SLPlanType.PremiumLifetime:
|
||||
end_time = None
|
||||
if sub is None:
|
||||
LOG.i(
|
||||
f"Creating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}]"
|
||||
f"Creating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}] with {end_time} / {is_lifetime}"
|
||||
)
|
||||
create_partner_subscription(
|
||||
partner_user=partner_user,
|
||||
expiration=plan.expiration,
|
||||
expiration=end_time,
|
||||
lifetime=is_lifetime,
|
||||
msg="Upgraded via partner. User did not have a previous partner subscription",
|
||||
)
|
||||
agent.record_custom_event("PlanChange", {"plan": "premium", "type": "new"})
|
||||
else:
|
||||
if sub.end_at != plan.expiration:
|
||||
LOG.i(
|
||||
f"Updating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}]"
|
||||
)
|
||||
if sub.end_at != plan.expiration or sub.lifetime != is_lifetime:
|
||||
agent.record_custom_event(
|
||||
"PlanChange", {"plan": "premium", "type": "extension"}
|
||||
)
|
||||
sub.end_at = plan.expiration
|
||||
sub.end_at = plan.expiration if not is_lifetime else None
|
||||
sub.lifetime = is_lifetime
|
||||
LOG.i(
|
||||
f"Updating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}] to {sub.end_at} / {sub.lifetime} "
|
||||
)
|
||||
emit_user_audit_log(
|
||||
user=partner_user.user,
|
||||
action=UserAuditLogAction.SubscriptionExtended,
|
||||
message="Extended partner subscription",
|
||||
)
|
||||
Session.flush()
|
||||
send_user_plan_changed_event(partner_user)
|
||||
Session.commit()
|
||||
|
||||
|
||||
@ -112,6 +141,7 @@ def ensure_partner_user_exists_for_user(
|
||||
partner_email=link_request.email,
|
||||
external_user_id=link_request.external_user_id,
|
||||
)
|
||||
|
||||
Session.commit()
|
||||
LOG.i(
|
||||
f"Created new partner_user for partner:{partner.id} user:{sl_user.id} external_user_id:{link_request.external_user_id}. PartnerUser.id is {res.id}"
|
||||
@ -139,15 +169,56 @@ class ClientMergeStrategy(ABC):
|
||||
|
||||
class NewUserStrategy(ClientMergeStrategy):
|
||||
def process(self) -> LinkResult:
|
||||
# Will create a new SL User with a random password
|
||||
canonical_email = canonicalize_email(self.link_request.email)
|
||||
new_user = User.create(
|
||||
email=canonical_email,
|
||||
name=self.link_request.name,
|
||||
password=random_string(20),
|
||||
activated=True,
|
||||
from_partner=self.link_request.from_partner,
|
||||
try:
|
||||
# Will create a new SL User with a random password
|
||||
new_user = User.create(
|
||||
email=canonical_email,
|
||||
name=self.link_request.name,
|
||||
password=random_string(20),
|
||||
activated=True,
|
||||
from_partner=self.link_request.from_partner,
|
||||
)
|
||||
self.create_partner_user(new_user)
|
||||
Session.commit()
|
||||
|
||||
if not new_user.created_by_partner:
|
||||
send_welcome_email(new_user)
|
||||
|
||||
agent.record_custom_event(
|
||||
"PartnerUserCreation", {"partner": self.partner.name}
|
||||
)
|
||||
|
||||
return LinkResult(
|
||||
user=new_user,
|
||||
strategy=self.__class__.__name__,
|
||||
)
|
||||
except (UniqueViolation, sqlalchemy.exc.IntegrityError) as e:
|
||||
LOG.debug(f"Got the duplicate user error: {e}")
|
||||
return self.create_missing_link(canonical_email)
|
||||
|
||||
def create_missing_link(self, canonical_email: str):
|
||||
# If there's a unique key violation due to race conditions try to create only the partner if needed
|
||||
partner_user = PartnerUser.get_by(
|
||||
external_user_id=self.link_request.external_user_id,
|
||||
partner_id=self.partner.id,
|
||||
)
|
||||
if partner_user is None:
|
||||
# Get the user by canonical email and if not by normal email
|
||||
user = User.get_by(email=canonical_email) or User.get_by(
|
||||
email=self.link_request.email
|
||||
)
|
||||
if not user:
|
||||
raise RuntimeError(
|
||||
"Tried to create only partner on UniqueViolation but cannot find the user"
|
||||
)
|
||||
partner_user = self.create_partner_user(user)
|
||||
Session.commit()
|
||||
return LinkResult(
|
||||
user=partner_user.user, strategy=ExistingUnlinkedUserStrategy.__name__
|
||||
)
|
||||
|
||||
def create_partner_user(self, new_user: User):
|
||||
partner_user = create_partner_user(
|
||||
user=new_user,
|
||||
partner_id=self.partner.id,
|
||||
@ -161,17 +232,7 @@ class NewUserStrategy(ClientMergeStrategy):
|
||||
partner_user,
|
||||
self.link_request.plan,
|
||||
)
|
||||
Session.commit()
|
||||
|
||||
if not new_user.created_by_partner:
|
||||
send_welcome_email(new_user)
|
||||
|
||||
agent.record_custom_event("PartnerUserCreation", {"partner": self.partner.name})
|
||||
|
||||
return LinkResult(
|
||||
user=new_user,
|
||||
strategy=self.__class__.__name__,
|
||||
)
|
||||
return partner_user
|
||||
|
||||
|
||||
class ExistingUnlinkedUserStrategy(ClientMergeStrategy):
|
||||
|
||||
@ -16,6 +16,8 @@ from flask_admin.contrib import sqla
|
||||
from flask_login import current_user
|
||||
|
||||
from app.db import Session
|
||||
from app.events.event_dispatcher import EventDispatcher
|
||||
from app.events.generated.event_pb2 import EventContent, UserPlanChanged
|
||||
from app.models import (
|
||||
User,
|
||||
ManualSubscription,
|
||||
@ -39,6 +41,7 @@ from app.models import (
|
||||
UserAuditLog,
|
||||
)
|
||||
from app.newsletter_utils import send_newsletter_to_user, send_newsletter_to_address
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
|
||||
|
||||
def _admin_action_formatter(view, context, model, name):
|
||||
@ -115,7 +118,7 @@ class SLAdminIndexView(AdminIndexView):
|
||||
if not current_user.is_authenticated or not current_user.is_admin:
|
||||
return redirect(url_for("auth.login", next=request.url))
|
||||
|
||||
return redirect("/admin/user")
|
||||
return redirect("/admin/email_search")
|
||||
|
||||
|
||||
class UserAdmin(SLModelView):
|
||||
@ -351,17 +354,42 @@ def manual_upgrade(way: str, ids: [int], is_giveaway: bool):
|
||||
manual_sub.end_at = manual_sub.end_at.shift(years=1)
|
||||
else:
|
||||
manual_sub.end_at = arrow.now().shift(years=1, days=1)
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.Upgrade,
|
||||
message=f"Admin {current_user.email} extended manual subscription to user {user.email}",
|
||||
)
|
||||
EventDispatcher.send_event(
|
||||
user=user,
|
||||
content=EventContent(
|
||||
user_plan_change=UserPlanChanged(
|
||||
plan_end_time=manual_sub.end_at.timestamp
|
||||
)
|
||||
),
|
||||
)
|
||||
flash(f"Subscription extended to {manual_sub.end_at.humanize()}", "success")
|
||||
continue
|
||||
else:
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.Upgrade,
|
||||
message=f"Admin {current_user.email} created manual subscription to user {user.email}",
|
||||
)
|
||||
manual_sub = ManualSubscription.create(
|
||||
user_id=user.id,
|
||||
end_at=arrow.now().shift(years=1, days=1),
|
||||
comment=way,
|
||||
is_giveaway=is_giveaway,
|
||||
)
|
||||
EventDispatcher.send_event(
|
||||
user=user,
|
||||
content=EventContent(
|
||||
user_plan_change=UserPlanChanged(
|
||||
plan_end_time=manual_sub.end_at.timestamp
|
||||
)
|
||||
),
|
||||
)
|
||||
|
||||
ManualSubscription.create(
|
||||
user_id=user.id,
|
||||
end_at=arrow.now().shift(years=1, days=1),
|
||||
comment=way,
|
||||
is_giveaway=is_giveaway,
|
||||
)
|
||||
|
||||
flash(f"New {way} manual subscription for {user} is created", "success")
|
||||
flash(f"New {way} manual subscription for {user} is created", "success")
|
||||
Session.commit()
|
||||
|
||||
|
||||
@ -453,14 +481,7 @@ class ManualSubscriptionAdmin(SLModelView):
|
||||
"Extend 1 year more?",
|
||||
)
|
||||
def extend_1y(self, ids):
|
||||
for ms in ManualSubscription.filter(ManualSubscription.id.in_(ids)):
|
||||
ms.end_at = ms.end_at.shift(years=1)
|
||||
flash(f"Extend subscription for 1 year for {ms.user}", "success")
|
||||
AdminAuditLog.extend_subscription(
|
||||
current_user.id, ms.user.id, ms.end_at, "1 year"
|
||||
)
|
||||
|
||||
Session.commit()
|
||||
self.__extend_manual_subscription(ids, msg="1 year", years=1)
|
||||
|
||||
@action(
|
||||
"extend_1m",
|
||||
@ -468,11 +489,26 @@ class ManualSubscriptionAdmin(SLModelView):
|
||||
"Extend 1 month more?",
|
||||
)
|
||||
def extend_1m(self, ids):
|
||||
self.__extend_manual_subscription(ids, msg="1 month", months=1)
|
||||
|
||||
def __extend_manual_subscription(self, ids: List[int], msg: str, **kwargs):
|
||||
for ms in ManualSubscription.filter(ManualSubscription.id.in_(ids)):
|
||||
ms.end_at = ms.end_at.shift(months=1)
|
||||
flash(f"Extend subscription for 1 month for {ms.user}", "success")
|
||||
sub: ManualSubscription = ms
|
||||
sub.end_at = sub.end_at.shift(**kwargs)
|
||||
flash(f"Extend subscription for {msg} for {sub.user}", "success")
|
||||
emit_user_audit_log(
|
||||
user=sub.user,
|
||||
action=UserAuditLogAction.Upgrade,
|
||||
message=f"Admin {current_user.email} extended manual subscription for {msg} for {sub.user}",
|
||||
)
|
||||
AdminAuditLog.extend_subscription(
|
||||
current_user.id, ms.user.id, ms.end_at, "1 month"
|
||||
current_user.id, sub.user.id, sub.end_at, msg
|
||||
)
|
||||
EventDispatcher.send_event(
|
||||
user=sub.user,
|
||||
content=EventContent(
|
||||
user_plan_change=UserPlanChanged(plan_end_time=sub.end_at.timestamp)
|
||||
),
|
||||
)
|
||||
|
||||
Session.commit()
|
||||
@ -743,13 +779,17 @@ class EmailSearchResult:
|
||||
mailbox: List[Mailbox] = []
|
||||
mailbox_count: int = 0
|
||||
deleted_alias: Optional[DeletedAlias] = None
|
||||
deleted_custom_alias: Optional[DomainDeletedAlias] = None
|
||||
deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
|
||||
domain_deleted_alias: Optional[DomainDeletedAlias] = None
|
||||
domain_deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
|
||||
user: Optional[User] = None
|
||||
user_audit_log: Optional[List[UserAuditLog]] = None
|
||||
query: str
|
||||
|
||||
@staticmethod
|
||||
def from_email(email: str) -> EmailSearchResult:
|
||||
output = EmailSearchResult()
|
||||
output.query = email
|
||||
alias = Alias.get_by(email=email)
|
||||
if alias:
|
||||
output.alias = alias
|
||||
@ -768,6 +808,15 @@ class EmailSearchResult:
|
||||
.all()
|
||||
)
|
||||
output.no_match = False
|
||||
|
||||
user_audit_log = (
|
||||
UserAuditLog.filter_by(user_email=email)
|
||||
.order_by(UserAuditLog.created_at.desc())
|
||||
.all()
|
||||
)
|
||||
if user_audit_log:
|
||||
output.user_audit_log = user_audit_log
|
||||
output.no_match = False
|
||||
mailboxes = (
|
||||
Mailbox.filter_by(email=email).order_by(Mailbox.id.desc()).limit(10).all()
|
||||
)
|
||||
@ -778,10 +827,20 @@ class EmailSearchResult:
|
||||
deleted_alias = DeletedAlias.get_by(email=email)
|
||||
if deleted_alias:
|
||||
output.deleted_alias = deleted_alias
|
||||
output.deleted_alias_audit_log = (
|
||||
AliasAuditLog.filter_by(alias_email=deleted_alias.email)
|
||||
.order_by(AliasAuditLog.created_at.desc())
|
||||
.all()
|
||||
)
|
||||
output.no_match = False
|
||||
domain_deleted_alias = DomainDeletedAlias.get_by(email=email)
|
||||
if domain_deleted_alias:
|
||||
output.domain_deleted_alias = domain_deleted_alias
|
||||
output.domain_deleted_alias_audit_log = (
|
||||
AliasAuditLog.filter_by(alias_email=domain_deleted_alias.email)
|
||||
.order_by(AliasAuditLog.created_at.desc())
|
||||
.all()
|
||||
)
|
||||
output.no_match = False
|
||||
return output
|
||||
|
||||
|
||||
@ -58,7 +58,7 @@ def verify_prefix_suffix(
|
||||
|
||||
# alias_domain must be either one of user custom domains or built-in domains
|
||||
if alias_domain not in user.available_alias_domains(alias_options=alias_options):
|
||||
LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||
LOG.i("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||
return False
|
||||
|
||||
# SimpleLogin domain case:
|
||||
@ -75,17 +75,17 @@ def verify_prefix_suffix(
|
||||
and not config.DISABLE_ALIAS_SUFFIX
|
||||
):
|
||||
if not alias_domain_prefix.startswith("."):
|
||||
LOG.e("User %s submits a wrong alias suffix %s", user, alias_suffix)
|
||||
LOG.i("User %s submits a wrong alias suffix %s", user, alias_suffix)
|
||||
return False
|
||||
|
||||
else:
|
||||
if alias_domain not in user_custom_domains:
|
||||
if not config.DISABLE_ALIAS_SUFFIX:
|
||||
LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||
LOG.i("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||
return False
|
||||
|
||||
if alias_domain not in available_sl_domains:
|
||||
LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||
LOG.i("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
@ -419,9 +419,8 @@ def create_contact_route(alias_id):
|
||||
if not data:
|
||||
return jsonify(error="request body cannot be empty"), 400
|
||||
|
||||
alias: Alias = Alias.get(alias_id)
|
||||
|
||||
if alias.user_id != g.user.id:
|
||||
alias: Optional[Alias] = Alias.get_by(id=alias_id, user_id=g.user.id)
|
||||
if not alias:
|
||||
return jsonify(error="Forbidden"), 403
|
||||
|
||||
contact_address = data.get("contact")
|
||||
|
||||
@ -23,6 +23,7 @@ from app.events.auth_event import LoginEvent, RegisterEvent
|
||||
from app.extensions import limiter
|
||||
from app.log import LOG
|
||||
from app.models import User, ApiKey, SocialAuth, AccountActivation
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
from app.utils import sanitize_email, canonicalize_email
|
||||
|
||||
|
||||
@ -187,6 +188,11 @@ def auth_activate():
|
||||
|
||||
LOG.d("activate user %s", user)
|
||||
user.activated = True
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.ActivateUser,
|
||||
message=f"User has been activated: {user.email}",
|
||||
)
|
||||
AccountActivation.delete(account_activation.id)
|
||||
Session.commit()
|
||||
|
||||
|
||||
@ -38,7 +38,11 @@ def create_mailbox():
|
||||
the new mailbox dict
|
||||
"""
|
||||
user = g.user
|
||||
mailbox_email = sanitize_email(request.get_json().get("email"))
|
||||
email = request.get_json().get("email")
|
||||
if not email:
|
||||
return jsonify(error="Invalid email"), 400
|
||||
|
||||
mailbox_email = sanitize_email(email)
|
||||
|
||||
try:
|
||||
new_mailbox = mailbox_utils.create_mailbox(user, mailbox_email).mailbox
|
||||
|
||||
@ -153,7 +153,8 @@ def new_custom_alias_v3():
|
||||
if not isinstance(data, dict):
|
||||
return jsonify(error="request body does not follow the required format"), 400
|
||||
|
||||
alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
|
||||
alias_prefix_data = data.get("alias_prefix", "") or ""
|
||||
alias_prefix = alias_prefix_data.strip().lower().replace(" ", "")
|
||||
signed_suffix = data.get("signed_suffix", "") or ""
|
||||
signed_suffix = signed_suffix.strip()
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ from app.db import Session
|
||||
from app.extensions import limiter
|
||||
from app.log import LOG
|
||||
from app.models import ActivationCode
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
from app.utils import sanitize_next_url
|
||||
|
||||
|
||||
@ -47,6 +48,11 @@ def activate():
|
||||
|
||||
user = activation_code.user
|
||||
user.activated = True
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.ActivateUser,
|
||||
message=f"User has been activated: {user.email}",
|
||||
)
|
||||
login_user(user)
|
||||
|
||||
# activation code is to be used only once
|
||||
|
||||
@ -10,6 +10,7 @@ from app.events.auth_event import LoginEvent
|
||||
from app.extensions import limiter
|
||||
from app.log import LOG
|
||||
from app.models import User
|
||||
from app.pw_models import PasswordOracle
|
||||
from app.utils import sanitize_email, sanitize_next_url, canonicalize_email
|
||||
|
||||
|
||||
@ -43,6 +44,13 @@ def login():
|
||||
user = User.get_by(email=email) or User.get_by(email=canonical_email)
|
||||
|
||||
if not user or not user.check_password(form.password.data):
|
||||
if not user:
|
||||
# Do the hash to avoid timing attacks nevertheless
|
||||
dummy_pw = PasswordOracle()
|
||||
dummy_pw.password = (
|
||||
"$2b$12$ZWqpL73h4rGNfLkJohAFAu0isqSw/bX9p/tzpbWRz/To5FAftaW8u"
|
||||
)
|
||||
dummy_pw.check_password(form.password.data)
|
||||
# Trigger rate limiter
|
||||
g.deduct_limit = True
|
||||
form.password.data = None
|
||||
|
||||
@ -9,6 +9,7 @@ from app.auth.views.login_utils import after_login
|
||||
from app.db import Session
|
||||
from app.extensions import limiter
|
||||
from app.models import ResetPasswordCode
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
|
||||
|
||||
class ResetPasswordForm(FlaskForm):
|
||||
@ -59,6 +60,11 @@ def reset_password():
|
||||
|
||||
# this can be served to activate user too
|
||||
user.activated = True
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.ResetPassword,
|
||||
message="User has reset their password",
|
||||
)
|
||||
|
||||
# remove all reset password codes
|
||||
ResetPasswordCode.filter_by(user_id=user.id).delete()
|
||||
|
||||
@ -309,6 +309,7 @@ JOB_DELETE_DOMAIN = "delete-domain"
|
||||
JOB_SEND_USER_REPORT = "send-user-report"
|
||||
JOB_SEND_PROTON_WELCOME_1 = "proton-welcome-1"
|
||||
JOB_SEND_ALIAS_CREATION_EVENTS = "send-alias-creation-events"
|
||||
JOB_SEND_EVENT_TO_WEBHOOK = "send-event-to-webhook"
|
||||
|
||||
# for pagination
|
||||
PAGE_LIMIT = 20
|
||||
|
||||
@ -16,6 +16,7 @@ from app.utils import sanitize_email
|
||||
class ContactCreateError(Enum):
|
||||
InvalidEmail = "Invalid email"
|
||||
NotAllowed = "Your plan does not allow to create contacts"
|
||||
Unknown = "Unknown error when trying to create contact"
|
||||
|
||||
|
||||
@dataclass
|
||||
@ -87,8 +88,10 @@ def create_contact(
|
||||
return __update_contact_if_needed(contact, name, mail_from)
|
||||
# Create the contact
|
||||
reply_email = generate_reply_email(email, alias)
|
||||
alias_id = alias.id
|
||||
try:
|
||||
flags = Contact.FLAG_PARTNER_CREATED if from_partner else 0
|
||||
is_invalid_email = email == ""
|
||||
contact = Contact.create(
|
||||
user_id=alias.user_id,
|
||||
alias_id=alias.id,
|
||||
@ -98,9 +101,10 @@ def create_contact(
|
||||
mail_from=mail_from,
|
||||
automatic_created=automatic_created,
|
||||
flags=flags,
|
||||
invalid_email=email == "",
|
||||
invalid_email=is_invalid_email,
|
||||
commit=True,
|
||||
)
|
||||
contact_id = contact.id
|
||||
if automatic_created:
|
||||
trail = ". Automatically created"
|
||||
else:
|
||||
@ -108,17 +112,27 @@ def create_contact(
|
||||
emit_alias_audit_log(
|
||||
alias=alias,
|
||||
action=AliasAuditLogAction.CreateContact,
|
||||
message=f"Created contact {contact.id} ({contact.email}){trail}",
|
||||
message=f"Created contact {contact_id} ({email}){trail}",
|
||||
commit=True,
|
||||
)
|
||||
LOG.d(
|
||||
f"Created contact {contact} for alias {alias} with email {email} invalid_email={contact.invalid_email}"
|
||||
f"Created contact {contact} for alias {alias} with email {email} invalid_email={is_invalid_email}"
|
||||
)
|
||||
return ContactCreateResult(contact, created=True, error=None)
|
||||
except IntegrityError:
|
||||
Session.rollback()
|
||||
LOG.info(
|
||||
f"Contact with email {email} for alias_id {alias.id} already existed, fetching from DB"
|
||||
f"Contact with email {email} for alias_id {alias_id} already existed, fetching from DB"
|
||||
)
|
||||
contact = Contact.get_by(alias_id=alias.id, website_email=email)
|
||||
return __update_contact_if_needed(contact, name, mail_from)
|
||||
return ContactCreateResult(contact, created=True, error=None)
|
||||
contact: Optional[Contact] = Contact.get_by(
|
||||
alias_id=alias_id, website_email=email
|
||||
)
|
||||
if contact:
|
||||
return __update_contact_if_needed(contact, name, mail_from)
|
||||
else:
|
||||
LOG.warning(
|
||||
f"Could not find contact with email {email} for alias_id {alias_id} and it should exist"
|
||||
)
|
||||
return ContactCreateResult(
|
||||
None, created=False, error=ContactCreateError.Unknown
|
||||
)
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
import secrets
|
||||
|
||||
import arrow
|
||||
from flask import (
|
||||
render_template,
|
||||
@ -163,7 +165,7 @@ def send_reset_password_email(user):
|
||||
"""
|
||||
# the activation code is valid for 1h
|
||||
reset_password_code = ResetPasswordCode.create(
|
||||
user_id=user.id, code=random_string(60)
|
||||
user_id=user.id, code=secrets.token_urlsafe(32)
|
||||
)
|
||||
Session.commit()
|
||||
|
||||
|
||||
@ -227,7 +227,10 @@ def alias_contact_manager(alias_id):
|
||||
|
||||
page = 0
|
||||
if request.args.get("page"):
|
||||
page = int(request.args.get("page"))
|
||||
try:
|
||||
page = int(request.args.get("page"))
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
query = request.args.get("query") or ""
|
||||
|
||||
|
||||
@ -71,7 +71,10 @@ def index():
|
||||
|
||||
page = 0
|
||||
if request.args.get("page"):
|
||||
page = int(request.args.get("page"))
|
||||
try:
|
||||
page = int(request.args.get("page"))
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
highlight_alias_id = None
|
||||
if request.args.get("highlight_alias_id"):
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
import arrow
|
||||
from flask import render_template, flash, redirect, url_for
|
||||
from flask_login import login_required, current_user
|
||||
from flask_wtf import FlaskForm
|
||||
@ -7,6 +8,8 @@ from app.config import ADMIN_EMAIL
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.db import Session
|
||||
from app.email_utils import send_email
|
||||
from app.events.event_dispatcher import EventDispatcher
|
||||
from app.events.generated.event_pb2 import UserPlanChanged, EventContent
|
||||
from app.models import LifetimeCoupon
|
||||
|
||||
|
||||
@ -40,6 +43,14 @@ def lifetime_licence():
|
||||
current_user.lifetime_coupon_id = coupon.id
|
||||
if coupon.paid:
|
||||
current_user.paid_lifetime = True
|
||||
EventDispatcher.send_event(
|
||||
user=current_user,
|
||||
content=EventContent(
|
||||
user_plan_change=UserPlanChanged(
|
||||
plan_end_time=arrow.get("2038-01-01").timestamp
|
||||
)
|
||||
),
|
||||
)
|
||||
Session.commit()
|
||||
|
||||
# notify admin
|
||||
|
||||
@ -121,10 +121,16 @@ def mailbox_route():
|
||||
@login_required
|
||||
def mailbox_verify():
|
||||
mailbox_id = request.args.get("mailbox_id")
|
||||
if not mailbox_id:
|
||||
LOG.i("Missing mailbox_id")
|
||||
flash("You followed an invalid link", "error")
|
||||
return redirect(url_for("dashboard.mailbox_route"))
|
||||
|
||||
code = request.args.get("code")
|
||||
if not code:
|
||||
# Old way
|
||||
return verify_with_signed_secret(mailbox_id)
|
||||
|
||||
try:
|
||||
mailbox = mailbox_utils.verify_mailbox_code(current_user, mailbox_id, code)
|
||||
except mailbox_utils.MailboxError as e:
|
||||
|
||||
@ -43,7 +43,10 @@ def notification_route(notification_id):
|
||||
def notifications_route():
|
||||
page = 0
|
||||
if request.args.get("page"):
|
||||
page = int(request.args.get("page"))
|
||||
try:
|
||||
page = int(request.args.get("page"))
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
notifications = (
|
||||
Notification.filter_by(user_id=current_user.id)
|
||||
|
||||
@ -174,7 +174,12 @@ def setting():
|
||||
flash("Your preference has been updated", "success")
|
||||
return redirect(url_for("dashboard.setting"))
|
||||
elif request.form.get("form-name") == "random-alias-suffix":
|
||||
scheme = int(request.form.get("random-alias-suffix-generator"))
|
||||
try:
|
||||
scheme = int(request.form.get("random-alias-suffix-generator"))
|
||||
except ValueError:
|
||||
flash("Invalid value", "error")
|
||||
return redirect(url_for("dashboard.setting"))
|
||||
|
||||
if AliasSuffixEnum.has_value(scheme):
|
||||
current_user.random_alias_suffix = scheme
|
||||
Session.commit()
|
||||
|
||||
@ -1345,17 +1345,16 @@ def get_queue_id(msg: Message) -> Optional[str]:
|
||||
|
||||
received_header = str(msg[headers.RECEIVED])
|
||||
if not received_header:
|
||||
return
|
||||
return None
|
||||
|
||||
# received_header looks like 'from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434])\r\n\t(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\r\n\t(No client certificate requested)\r\n\tby mx1.simplelogin.co (Postfix) with ESMTPS id 4FxQmw1DXdz2vK2\r\n\tfor <jglfdjgld@alias.com>; Fri, 4 Jun 2021 14:55:43 +0000 (UTC)'
|
||||
search_result = re.search("with ESMTPS id [0-9a-zA-Z]{1,}", received_header)
|
||||
if not search_result:
|
||||
return
|
||||
|
||||
# the "with ESMTPS id 4FxQmw1DXdz2vK2" part
|
||||
with_esmtps = received_header[search_result.start() : search_result.end()]
|
||||
|
||||
return with_esmtps[len("with ESMTPS id ") :]
|
||||
search_result = re.search(r"with E?SMTP[AS]? id ([0-9a-zA-Z]{1,})", received_header)
|
||||
if search_result:
|
||||
return search_result.group(1)
|
||||
search_result = re.search("\(Postfix\)\r\n\tid ([a-zA-Z0-9]{1,});", received_header)
|
||||
if search_result:
|
||||
return search_result.group(1)
|
||||
return None
|
||||
|
||||
|
||||
def should_ignore_bounce(mail_from: str) -> bool:
|
||||
|
||||
70
app/app/jobs/send_event_job.py
Normal file
70
app/app/jobs/send_event_job.py
Normal file
@ -0,0 +1,70 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import base64
|
||||
from typing import Optional
|
||||
|
||||
import arrow
|
||||
|
||||
from app import config
|
||||
from app.errors import ProtonPartnerNotSetUp
|
||||
from app.events.generated import event_pb2
|
||||
from app.events.generated.event_pb2 import EventContent
|
||||
from app.models import (
|
||||
User,
|
||||
Job,
|
||||
PartnerUser,
|
||||
)
|
||||
from app.proton.utils import get_proton_partner
|
||||
from events.event_sink import EventSink
|
||||
|
||||
|
||||
class SendEventToWebhookJob:
|
||||
def __init__(self, user: User, event: EventContent):
|
||||
self._user: User = user
|
||||
self._event: EventContent = event
|
||||
|
||||
def run(self, sink: EventSink) -> bool:
|
||||
# Check if the current user has a partner_id
|
||||
try:
|
||||
proton_partner_id = get_proton_partner().id
|
||||
except ProtonPartnerNotSetUp:
|
||||
return False
|
||||
|
||||
# It has. Retrieve the information for the PartnerUser
|
||||
partner_user = PartnerUser.get_by(
|
||||
user_id=self._user.id, partner_id=proton_partner_id
|
||||
)
|
||||
if partner_user is None:
|
||||
return True
|
||||
event = event_pb2.Event(
|
||||
user_id=self._user.id,
|
||||
external_user_id=partner_user.external_user_id,
|
||||
partner_id=partner_user.partner_id,
|
||||
content=self._event,
|
||||
)
|
||||
|
||||
serialized = event.SerializeToString()
|
||||
return sink.send_data_to_webhook(serialized)
|
||||
|
||||
@staticmethod
|
||||
def create_from_job(job: Job) -> Optional[SendEventToWebhookJob]:
|
||||
user = User.get(job.payload["user_id"])
|
||||
if not user:
|
||||
return None
|
||||
event_data = base64.b64decode(job.payload["event"])
|
||||
event = event_pb2.EventContent()
|
||||
event.ParseFromString(event_data)
|
||||
|
||||
return SendEventToWebhookJob(user=user, event=event)
|
||||
|
||||
def store_job_in_db(self, run_at: Optional[arrow.Arrow]) -> Job:
|
||||
stub = self._event.SerializeToString()
|
||||
return Job.create(
|
||||
name=config.JOB_SEND_EVENT_TO_WEBHOOK,
|
||||
payload={
|
||||
"user_id": self._user.id,
|
||||
"event": base64.b64encode(stub).decode("utf-8"),
|
||||
},
|
||||
run_at=run_at if run_at is not None else arrow.now(),
|
||||
commit=True,
|
||||
)
|
||||
@ -1,6 +1,5 @@
|
||||
import dataclasses
|
||||
import secrets
|
||||
import random
|
||||
from enum import Enum
|
||||
from typing import Optional
|
||||
import arrow
|
||||
@ -13,11 +12,13 @@ from app.email_utils import (
|
||||
email_can_be_used_as_mailbox,
|
||||
send_email,
|
||||
render,
|
||||
get_email_domain_part,
|
||||
)
|
||||
from app.email_validation import is_valid_email
|
||||
from app.log import LOG
|
||||
from app.models import User, Mailbox, Job, MailboxActivation
|
||||
from app.models import User, Mailbox, Job, MailboxActivation, Alias
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
from app.utils import canonicalize_email, sanitize_email
|
||||
|
||||
|
||||
@dataclasses.dataclass
|
||||
@ -37,8 +38,9 @@ class OnlyPaidError(MailboxError):
|
||||
|
||||
|
||||
class CannotVerifyError(MailboxError):
|
||||
def __init__(self, msg: str):
|
||||
def __init__(self, msg: str, deleted_activation_code: bool = False):
|
||||
self.msg = msg
|
||||
self.deleted_activation_code = deleted_activation_code
|
||||
|
||||
|
||||
MAX_ACTIVATION_TRIES = 3
|
||||
@ -52,6 +54,7 @@ def create_mailbox(
|
||||
use_digit_codes: bool = False,
|
||||
send_link: bool = True,
|
||||
) -> CreateMailboxOutput:
|
||||
email = sanitize_email(email)
|
||||
if not user.is_premium():
|
||||
LOG.i(
|
||||
f"User {user} has tried to create mailbox with {email} but is not premium"
|
||||
@ -104,7 +107,10 @@ def create_mailbox(
|
||||
|
||||
|
||||
def delete_mailbox(
|
||||
user: User, mailbox_id: int, transfer_mailbox_id: Optional[int]
|
||||
user: User,
|
||||
mailbox_id: int,
|
||||
transfer_mailbox_id: Optional[int],
|
||||
send_mail: bool = True,
|
||||
) -> Mailbox:
|
||||
mailbox = Mailbox.get(mailbox_id)
|
||||
|
||||
@ -150,6 +156,7 @@ def delete_mailbox(
|
||||
"transfer_mailbox_id": transfer_mailbox_id
|
||||
if transfer_mailbox_id and transfer_mailbox_id > 0
|
||||
else None,
|
||||
"send_mail": send_mail,
|
||||
},
|
||||
run_at=arrow.now(),
|
||||
commit=True,
|
||||
@ -171,17 +178,17 @@ def verify_mailbox_code(user: User, mailbox_id: int, code: str) -> Mailbox:
|
||||
f"User {user} failed to verify mailbox {mailbox_id} because it does not exist"
|
||||
)
|
||||
raise MailboxError("Invalid mailbox")
|
||||
if mailbox.user_id != user.id:
|
||||
LOG.i(
|
||||
f"User {user} failed to verify mailbox {mailbox_id} because it's owned by another user"
|
||||
)
|
||||
raise MailboxError("Invalid mailbox")
|
||||
if mailbox.verified:
|
||||
LOG.i(
|
||||
f"User {user} failed to verify mailbox {mailbox_id} because it's already verified"
|
||||
)
|
||||
clear_activation_codes_for_mailbox(mailbox)
|
||||
return mailbox
|
||||
if mailbox.user_id != user.id:
|
||||
LOG.i(
|
||||
f"User {user} failed to verify mailbox {mailbox_id} because it's owned by another user"
|
||||
)
|
||||
raise MailboxError("Invalid mailbox")
|
||||
|
||||
activation = (
|
||||
MailboxActivation.filter(MailboxActivation.mailbox_id == mailbox_id)
|
||||
@ -196,7 +203,10 @@ def verify_mailbox_code(user: User, mailbox_id: int, code: str) -> Mailbox:
|
||||
if activation.tries >= MAX_ACTIVATION_TRIES:
|
||||
LOG.i(f"User {user} failed to verify mailbox {mailbox_id} more than 3 times")
|
||||
clear_activation_codes_for_mailbox(mailbox)
|
||||
raise CannotVerifyError("Invalid activation code. Please request another code.")
|
||||
raise CannotVerifyError(
|
||||
"Invalid activation code. Please request another code.",
|
||||
deleted_activation_code=True,
|
||||
)
|
||||
if activation.created_at < arrow.now().shift(minutes=-15):
|
||||
LOG.i(
|
||||
f"User {user} failed to verify mailbox {mailbox_id} because code is too old"
|
||||
@ -229,7 +239,7 @@ def generate_activation_code(
|
||||
if config.MAILBOX_VERIFICATION_OVERRIDE_CODE:
|
||||
code = config.MAILBOX_VERIFICATION_OVERRIDE_CODE
|
||||
else:
|
||||
code = "{:06d}".format(random.randint(1, 999999))
|
||||
code = "{:06d}".format(secrets.randbelow(1000000))[:6]
|
||||
else:
|
||||
code = secrets.token_urlsafe(16)
|
||||
return MailboxActivation.create(
|
||||
@ -325,3 +335,56 @@ def perform_mailbox_email_change(mailbox_id: int) -> MailboxEmailChangeResult:
|
||||
message="Invalid link",
|
||||
message_category="error",
|
||||
)
|
||||
|
||||
|
||||
def __get_alias_mailbox_from_email(
|
||||
email_address: str, alias: Alias
|
||||
) -> Optional[Mailbox]:
|
||||
for mailbox in alias.mailboxes:
|
||||
if mailbox.email == email_address:
|
||||
return mailbox
|
||||
|
||||
for authorized_address in mailbox.authorized_addresses:
|
||||
if authorized_address.email == email_address:
|
||||
LOG.d(
|
||||
"Found an authorized address for %s %s %s",
|
||||
alias,
|
||||
mailbox,
|
||||
authorized_address,
|
||||
)
|
||||
return mailbox
|
||||
return None
|
||||
|
||||
|
||||
def __get_alias_mailbox_from_email_or_canonical_email(
|
||||
email_address: str, alias: Alias
|
||||
) -> Optional[Mailbox]:
|
||||
# We need to first check for the uncanonicalized version because we still have users in the db with the
|
||||
# email non canonicalized. So if it matches the already existing one use that, otherwise check the canonical one
|
||||
mbox = __get_alias_mailbox_from_email(email_address, alias)
|
||||
if mbox is not None:
|
||||
return mbox
|
||||
canonical_email = canonicalize_email(email_address)
|
||||
if canonical_email != email_address:
|
||||
return __get_alias_mailbox_from_email(canonical_email, alias)
|
||||
return None
|
||||
|
||||
|
||||
def get_mailbox_for_reply_phase(
|
||||
envelope_mail_from: str, header_mail_from: str, alias
|
||||
) -> Optional[Mailbox]:
|
||||
"""return the corresponding mailbox given the mail_from and alias
|
||||
Usually the mail_from=mailbox.email but it can also be one of the authorized address
|
||||
"""
|
||||
mbox = __get_alias_mailbox_from_email_or_canonical_email(envelope_mail_from, alias)
|
||||
if mbox is not None:
|
||||
return mbox
|
||||
if not header_mail_from:
|
||||
return None
|
||||
envelope_from_domain = get_email_domain_part(envelope_mail_from)
|
||||
header_from_domain = get_email_domain_part(header_mail_from)
|
||||
if envelope_from_domain != header_from_domain:
|
||||
return None
|
||||
# For services that use VERP sending (envelope from has encoded data to account for bounces)
|
||||
# if the domain is the same in the header from as the envelope from we can use the header from
|
||||
return __get_alias_mailbox_from_email_or_canonical_email(header_mail_from, alias)
|
||||
|
||||
@ -24,6 +24,7 @@ from sqlalchemy import text, desc, CheckConstraint, Index, Column
|
||||
from sqlalchemy.dialects.postgresql import TSVECTOR
|
||||
from sqlalchemy.ext.declarative import declarative_base
|
||||
from sqlalchemy.orm import deferred
|
||||
from sqlalchemy.orm.exc import ObjectDeletedError
|
||||
from sqlalchemy.sql import and_
|
||||
from sqlalchemy_utils import ArrowType
|
||||
|
||||
@ -157,6 +158,8 @@ class File(Base, ModelMixin):
|
||||
path = sa.Column(sa.String(128), unique=True, nullable=False)
|
||||
user_id = sa.Column(sa.ForeignKey("users.id", ondelete="cascade"), nullable=True)
|
||||
|
||||
__table_args__ = (sa.Index("ix_file_user_id", "user_id"),)
|
||||
|
||||
def get_url(self, expires_in=3600):
|
||||
return s3.get_url(self.path, expires_in)
|
||||
|
||||
@ -318,6 +321,8 @@ class HibpNotifiedAlias(Base, ModelMixin):
|
||||
|
||||
notified_at = sa.Column(ArrowType, default=arrow.utcnow, nullable=False)
|
||||
|
||||
__table_args__ = (sa.Index("ix_hibp_notified_alias_user_id", "user_id"),)
|
||||
|
||||
|
||||
class Fido(Base, ModelMixin):
|
||||
__tablename__ = "fido"
|
||||
@ -332,6 +337,8 @@ class Fido(Base, ModelMixin):
|
||||
name = sa.Column(sa.String(128), nullable=False, unique=False)
|
||||
user_id = sa.Column(sa.ForeignKey("users.id", ondelete="cascade"), nullable=True)
|
||||
|
||||
__table_args__ = (sa.Index("ix_fido_user_id", "user_id"),)
|
||||
|
||||
|
||||
class User(Base, ModelMixin, UserMixin, PasswordOracle):
|
||||
__tablename__ = "users"
|
||||
@ -564,6 +571,11 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
|
||||
"ix_users_activated_trial_end_lifetime", activated, trial_end, lifetime
|
||||
),
|
||||
sa.Index("ix_users_delete_on", delete_on),
|
||||
sa.Index("ix_users_default_mailbox_id", default_mailbox_id),
|
||||
sa.Index(
|
||||
"ix_users_default_alias_custom_domain_id", default_alias_custom_domain_id
|
||||
),
|
||||
sa.Index("ix_users_profile_picture_id", profile_picture_id),
|
||||
)
|
||||
|
||||
@property
|
||||
@ -616,6 +628,15 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
|
||||
if "alternative_id" not in kwargs:
|
||||
user.alternative_id = str(uuid.uuid4())
|
||||
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
|
||||
trail = ". Created from partner" if from_partner else ""
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.CreateUser,
|
||||
message=f"Created user {email}{trail}",
|
||||
)
|
||||
|
||||
# If the user is created from partner, do not notify
|
||||
# nor give a trial
|
||||
if from_partner:
|
||||
@ -1211,6 +1232,8 @@ class ActivationCode(Base, ModelMixin):
|
||||
|
||||
expired = sa.Column(ArrowType, nullable=False, default=_expiration_1h)
|
||||
|
||||
__table_args__ = (sa.Index("ix_activation_code_user_id", "user_id"),)
|
||||
|
||||
def is_expired(self):
|
||||
return self.expired < arrow.now()
|
||||
|
||||
@ -1227,6 +1250,8 @@ class ResetPasswordCode(Base, ModelMixin):
|
||||
|
||||
expired = sa.Column(ArrowType, nullable=False, default=_expiration_1h)
|
||||
|
||||
__table_args__ = (sa.Index("ix_reset_password_code_user_id", "user_id"),)
|
||||
|
||||
def is_expired(self):
|
||||
return self.expired < arrow.now()
|
||||
|
||||
@ -1269,6 +1294,8 @@ class MfaBrowser(Base, ModelMixin):
|
||||
|
||||
user = orm.relationship(User)
|
||||
|
||||
__table_args__ = (sa.Index("ix_mfa_browser_user_id", "user_id"),)
|
||||
|
||||
@classmethod
|
||||
def create_new(cls, user, token_length=64) -> "MfaBrowser":
|
||||
found = False
|
||||
@ -1327,6 +1354,12 @@ class Client(Base, ModelMixin):
|
||||
user = orm.relationship(User)
|
||||
referral = orm.relationship("Referral")
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_client_user_id", "user_id"),
|
||||
sa.Index("ix_client_icon_id", "icon_id"),
|
||||
sa.Index("ix_client_referral_id", "referral_id"),
|
||||
)
|
||||
|
||||
def nb_user(self):
|
||||
return ClientUser.filter_by(client_id=self.id).count()
|
||||
|
||||
@ -1375,6 +1408,8 @@ class RedirectUri(Base, ModelMixin):
|
||||
|
||||
client = orm.relationship(Client, backref="redirect_uris")
|
||||
|
||||
__table_args__ = (sa.Index("ix_redirect_uri_client_id", "client_id"),)
|
||||
|
||||
|
||||
class AuthorizationCode(Base, ModelMixin):
|
||||
__tablename__ = "authorization_code"
|
||||
@ -1396,6 +1431,11 @@ class AuthorizationCode(Base, ModelMixin):
|
||||
|
||||
expired = sa.Column(ArrowType, nullable=False, default=_expiration_5m)
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_authorization_code_client_id", "client_id"),
|
||||
sa.Index("ix_authorization_code_user_id", "user_id"),
|
||||
)
|
||||
|
||||
def is_expired(self):
|
||||
return self.expired < arrow.now()
|
||||
|
||||
@ -1418,6 +1458,11 @@ class OauthToken(Base, ModelMixin):
|
||||
|
||||
expired = sa.Column(ArrowType, nullable=False, default=_expiration_1h)
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_oauth_token_user_id", "user_id"),
|
||||
sa.Index("ix_oauth_token_client_id", "client_id"),
|
||||
)
|
||||
|
||||
def is_expired(self):
|
||||
return self.expired < arrow.now()
|
||||
|
||||
@ -1571,6 +1616,7 @@ class Alias(Base, ModelMixin):
|
||||
postgresql_ops={"note": "gin_trgm_ops"},
|
||||
postgresql_using="gin",
|
||||
),
|
||||
Index("ix_alias_original_owner_id", "original_owner_id"),
|
||||
)
|
||||
|
||||
user = orm.relationship(User, foreign_keys=[user_id])
|
||||
@ -1656,6 +1702,11 @@ class Alias(Base, ModelMixin):
|
||||
custom_domain = Alias.get_custom_domain(email)
|
||||
if custom_domain:
|
||||
new_alias.custom_domain_id = custom_domain.id
|
||||
else:
|
||||
custom_domain = CustomDomain.get(kw["custom_domain_id"])
|
||||
# If it comes from a custom domain created from partner. Mark it as created from partner
|
||||
if custom_domain is not None and custom_domain.partner_id is not None:
|
||||
new_alias.flags = (new_alias.flags or 0) | Alias.FLAG_PARTNER_CREATED
|
||||
|
||||
Session.add(new_alias)
|
||||
DailyMetric.get_or_create_today_metric().nb_alias += 1
|
||||
@ -2059,7 +2110,12 @@ class Contact(Base, ModelMixin):
|
||||
|
||||
class EmailLog(Base, ModelMixin):
|
||||
__tablename__ = "email_log"
|
||||
__table_args__ = (Index("ix_email_log_created_at", "created_at"),)
|
||||
__table_args__ = (
|
||||
Index("ix_email_log_created_at", "created_at"),
|
||||
Index("ix_email_log_mailbox_id", "mailbox_id"),
|
||||
Index("ix_email_log_bounced_mailbox_id", "bounced_mailbox_id"),
|
||||
Index("ix_email_log_refused_email_id", "refused_email_id"),
|
||||
)
|
||||
|
||||
user_id = sa.Column(
|
||||
sa.ForeignKey(User.id, ondelete="cascade"), nullable=False, index=True
|
||||
@ -2335,6 +2391,7 @@ class AliasUsedOn(Base, ModelMixin):
|
||||
|
||||
__table_args__ = (
|
||||
sa.UniqueConstraint("alias_id", "hostname", name="uq_alias_used"),
|
||||
sa.Index("ix_alias_used_on_user_id", "user_id"),
|
||||
)
|
||||
|
||||
alias_id = sa.Column(
|
||||
@ -2361,6 +2418,11 @@ class ApiKey(Base, ModelMixin):
|
||||
|
||||
user = orm.relationship(User)
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_api_key_code", "code"),
|
||||
sa.Index("ix_api_key_user_id", "user_id"),
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def create(cls, user_id, name=None, **kwargs):
|
||||
code = random_string(60)
|
||||
@ -2519,6 +2581,7 @@ class AutoCreateRule(Base, ModelMixin):
|
||||
sa.UniqueConstraint(
|
||||
"custom_domain_id", "order", name="uq_auto_create_rule_order"
|
||||
),
|
||||
sa.Index("ix_auto_create_rule_custom_domain_id", "custom_domain_id"),
|
||||
)
|
||||
|
||||
custom_domain_id = sa.Column(
|
||||
@ -2562,6 +2625,7 @@ class DomainDeletedAlias(Base, ModelMixin):
|
||||
|
||||
__table_args__ = (
|
||||
sa.UniqueConstraint("domain_id", "email", name="uq_domain_trash"),
|
||||
sa.Index("ix_domain_deleted_alias_user_id", "user_id"),
|
||||
)
|
||||
|
||||
email = sa.Column(sa.String(256), nullable=False)
|
||||
@ -2622,6 +2686,8 @@ class Coupon(Base, ModelMixin):
|
||||
# a coupon can have an expiration
|
||||
expires_date = sa.Column(ArrowType, nullable=True)
|
||||
|
||||
__table_args__ = (sa.Index("ix_coupon_used_by_user_id", "used_by_user_id"),)
|
||||
|
||||
|
||||
class Directory(Base, ModelMixin):
|
||||
__tablename__ = "directory"
|
||||
@ -2636,6 +2702,8 @@ class Directory(Base, ModelMixin):
|
||||
"Mailbox", secondary="directory_mailbox", lazy="joined"
|
||||
)
|
||||
|
||||
__table_args__ = (sa.Index("ix_directory_user_id", "user_id"),)
|
||||
|
||||
@property
|
||||
def mailboxes(self):
|
||||
if self._mailboxes:
|
||||
@ -2737,7 +2805,10 @@ class Mailbox(Base, ModelMixin):
|
||||
|
||||
generic_subject = sa.Column(sa.String(78), nullable=True)
|
||||
|
||||
__table_args__ = (sa.UniqueConstraint("user_id", "email", name="uq_mailbox_user"),)
|
||||
__table_args__ = (
|
||||
sa.UniqueConstraint("user_id", "email", name="uq_mailbox_user"),
|
||||
sa.Index("ix_mailbox_pgp_finger_print", "pgp_finger_print"),
|
||||
)
|
||||
|
||||
user = orm.relationship(User, foreign_keys=[user_id])
|
||||
|
||||
@ -2874,6 +2945,8 @@ class RefusedEmail(Base, ModelMixin):
|
||||
# toggle this when email content (stored at full_report_path & path are deleted)
|
||||
deleted = sa.Column(sa.Boolean, nullable=False, default=False, server_default="0")
|
||||
|
||||
__table_args__ = (sa.Index("ix_refused_email_user_id", "user_id"),)
|
||||
|
||||
def get_url(self, expires_in=3600):
|
||||
if self.path:
|
||||
return s3.get_url(self.path, expires_in)
|
||||
@ -2896,6 +2969,8 @@ class Referral(Base, ModelMixin):
|
||||
|
||||
user = orm.relationship(User, foreign_keys=[user_id], backref="referrals")
|
||||
|
||||
__table_args__ = (sa.Index("ix_referral_user_id", "user_id"),)
|
||||
|
||||
@property
|
||||
def nb_user(self) -> int:
|
||||
return User.filter_by(referral_id=self.id, activated=True).count()
|
||||
@ -2935,6 +3010,8 @@ class SentAlert(Base, ModelMixin):
|
||||
to_email = sa.Column(sa.String(256), nullable=False)
|
||||
alert_type = sa.Column(sa.String(256), nullable=False)
|
||||
|
||||
__table_args__ = (sa.Index("ix_sent_alert_user_id", "user_id"),)
|
||||
|
||||
|
||||
class AliasMailbox(Base, ModelMixin):
|
||||
__tablename__ = "alias_mailbox"
|
||||
@ -3180,6 +3257,11 @@ class BatchImport(Base, ModelMixin):
|
||||
file = orm.relationship(File)
|
||||
user = orm.relationship(User)
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_batch_import_file_id", "file_id"),
|
||||
sa.Index("ix_batch_import_user_id", "user_id"),
|
||||
)
|
||||
|
||||
def nb_alias(self):
|
||||
return Alias.filter_by(batch_import_id=self.id).count()
|
||||
|
||||
@ -3200,6 +3282,7 @@ class AuthorizedAddress(Base, ModelMixin):
|
||||
|
||||
__table_args__ = (
|
||||
sa.UniqueConstraint("mailbox_id", "email", name="uq_authorize_address"),
|
||||
sa.Index("ix_authorized_address_user_id", "user_id"),
|
||||
)
|
||||
|
||||
mailbox = orm.relationship(Mailbox, backref="authorized_addresses")
|
||||
@ -3341,6 +3424,8 @@ class Payout(Base, ModelMixin):
|
||||
|
||||
user = orm.relationship(User)
|
||||
|
||||
__table_args__ = (sa.Index("ix_payout_user_id", "user_id"),)
|
||||
|
||||
|
||||
class IgnoredEmail(Base, ModelMixin):
|
||||
"""If an email has mail_from and rcpt_to present in this table, discard it by returning 250 status."""
|
||||
@ -3442,6 +3527,8 @@ class PhoneReservation(Base, ModelMixin):
|
||||
start = sa.Column(ArrowType, nullable=False)
|
||||
end = sa.Column(ArrowType, nullable=False)
|
||||
|
||||
__table_args__ = (sa.Index("ix_phone_reservation_user_id", "user_id"),)
|
||||
|
||||
|
||||
class PhoneMessage(Base, ModelMixin):
|
||||
__tablename__ = "phone_message"
|
||||
@ -3616,6 +3703,11 @@ class ProviderComplaint(Base, ModelMixin):
|
||||
user = orm.relationship(User, foreign_keys=[user_id])
|
||||
refused_email = orm.relationship(RefusedEmail, foreign_keys=[refused_email_id])
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_provider_complaint_user_id", "user_id"),
|
||||
sa.Index("ix_provider_complaint_refused_email_id", "refused_email_id"),
|
||||
)
|
||||
|
||||
|
||||
class PartnerApiToken(Base, ModelMixin):
|
||||
__tablename__ = "partner_api_token"
|
||||
@ -3686,7 +3778,8 @@ class PartnerSubscription(Base, ModelMixin):
|
||||
)
|
||||
|
||||
# when the partner subscription ends
|
||||
end_at = sa.Column(ArrowType, nullable=False, index=True)
|
||||
end_at = sa.Column(ArrowType, nullable=True, index=True)
|
||||
lifetime = sa.Column(sa.Boolean, default=False, nullable=False, server_default="0")
|
||||
|
||||
partner_user = orm.relationship(PartnerUser)
|
||||
|
||||
@ -3708,7 +3801,9 @@ class PartnerSubscription(Base, ModelMixin):
|
||||
return None
|
||||
|
||||
def is_active(self):
|
||||
return self.end_at > arrow.now().shift(days=-_PARTNER_SUBSCRIPTION_GRACE_DAYS)
|
||||
return self.lifetime or self.end_at > arrow.now().shift(
|
||||
days=-_PARTNER_SUBSCRIPTION_GRACE_DAYS
|
||||
)
|
||||
|
||||
|
||||
# endregion
|
||||
@ -3739,6 +3834,8 @@ class NewsletterUser(Base, ModelMixin):
|
||||
user = orm.relationship(User)
|
||||
newsletter = orm.relationship(Newsletter)
|
||||
|
||||
__table_args__ = (sa.Index("ix_newsletter_user_user_id", "user_id"),)
|
||||
|
||||
|
||||
class ApiToCookieToken(Base, ModelMixin):
|
||||
__tablename__ = "api_cookie_token"
|
||||
@ -3749,6 +3846,11 @@ class ApiToCookieToken(Base, ModelMixin):
|
||||
user = orm.relationship(User)
|
||||
api_key = orm.relationship(ApiKey)
|
||||
|
||||
__table_args__ = (
|
||||
sa.Index("ix_api_to_cookie_token_api_key_id", "api_key_id"),
|
||||
sa.Index("ix_api_to_cookie_token_user_id", "user_id"),
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def create(cls, **kwargs):
|
||||
code = secrets.token_urlsafe(32)
|
||||
@ -3772,15 +3874,18 @@ class SyncEvent(Base, ModelMixin):
|
||||
)
|
||||
|
||||
def mark_as_taken(self, allow_taken_older_than: Optional[Arrow] = None) -> bool:
|
||||
taken_condition = ["taken_time IS NULL"]
|
||||
args = {"taken_time": arrow.now().datetime, "sync_event_id": self.id}
|
||||
if allow_taken_older_than:
|
||||
taken_condition.append("taken_time < :taken_older_than")
|
||||
args["taken_older_than"] = allow_taken_older_than.datetime
|
||||
sql_taken_condition = "({})".format(" OR ".join(taken_condition))
|
||||
sql = f"UPDATE sync_event SET taken_time = :taken_time WHERE id = :sync_event_id AND {sql_taken_condition}"
|
||||
res = Session.execute(sql, args)
|
||||
Session.commit()
|
||||
try:
|
||||
taken_condition = ["taken_time IS NULL"]
|
||||
args = {"taken_time": arrow.now().datetime, "sync_event_id": self.id}
|
||||
if allow_taken_older_than:
|
||||
taken_condition.append("taken_time < :taken_older_than")
|
||||
args["taken_older_than"] = allow_taken_older_than.datetime
|
||||
sql_taken_condition = "({})".format(" OR ".join(taken_condition))
|
||||
sql = f"UPDATE sync_event SET taken_time = :taken_time WHERE id = :sync_event_id AND {sql_taken_condition}"
|
||||
res = Session.execute(sql, args)
|
||||
Session.commit()
|
||||
except ObjectDeletedError:
|
||||
return False
|
||||
|
||||
return res.rowcount > 0
|
||||
|
||||
|
||||
@ -1,8 +1,10 @@
|
||||
from typing import Optional
|
||||
|
||||
import arrow
|
||||
from arrow import Arrow
|
||||
|
||||
from app.models import PartnerUser, PartnerSubscription, User
|
||||
from app import config
|
||||
from app.models import PartnerUser, PartnerSubscription, User, Job
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
|
||||
|
||||
@ -15,6 +17,11 @@ def create_partner_user(
|
||||
partner_email=partner_email,
|
||||
external_user_id=external_user_id,
|
||||
)
|
||||
Job.create(
|
||||
name=config.JOB_SEND_ALIAS_CREATION_EVENTS,
|
||||
payload={"user_id": user.id},
|
||||
run_at=arrow.now(),
|
||||
)
|
||||
emit_user_audit_log(
|
||||
user=user,
|
||||
action=UserAuditLogAction.LinkAccount,
|
||||
@ -26,12 +33,14 @@ def create_partner_user(
|
||||
|
||||
def create_partner_subscription(
|
||||
partner_user: PartnerUser,
|
||||
expiration: Optional[Arrow],
|
||||
expiration: Optional[Arrow] = None,
|
||||
lifetime: bool = False,
|
||||
msg: Optional[str] = None,
|
||||
) -> PartnerSubscription:
|
||||
instance = PartnerSubscription.create(
|
||||
partner_user_id=partner_user.id,
|
||||
end_at=expiration,
|
||||
lifetime=lifetime,
|
||||
)
|
||||
|
||||
message = "User upgraded through partner subscription"
|
||||
|
||||
@ -2,11 +2,9 @@ from dataclasses import dataclass
|
||||
from enum import Enum
|
||||
from flask import url_for
|
||||
from typing import Optional
|
||||
import arrow
|
||||
|
||||
from app import config
|
||||
from app.errors import LinkException
|
||||
from app.models import User, Partner, Job
|
||||
from app.models import User, Partner
|
||||
from app.proton.proton_client import ProtonClient, ProtonUser
|
||||
from app.account_linking import (
|
||||
process_login_case,
|
||||
@ -43,21 +41,12 @@ class ProtonCallbackHandler:
|
||||
def __init__(self, proton_client: ProtonClient):
|
||||
self.proton_client = proton_client
|
||||
|
||||
def _initial_alias_sync(self, user: User):
|
||||
Job.create(
|
||||
name=config.JOB_SEND_ALIAS_CREATION_EVENTS,
|
||||
payload={"user_id": user.id},
|
||||
run_at=arrow.now(),
|
||||
commit=True,
|
||||
)
|
||||
|
||||
def handle_login(self, partner: Partner) -> ProtonCallbackResult:
|
||||
try:
|
||||
user = self.__get_partner_user()
|
||||
if user is None:
|
||||
return generate_account_not_allowed_to_log_in()
|
||||
res = process_login_case(user, partner)
|
||||
self._initial_alias_sync(res.user)
|
||||
return ProtonCallbackResult(
|
||||
redirect_to_login=False,
|
||||
flash_message=None,
|
||||
@ -86,7 +75,6 @@ class ProtonCallbackHandler:
|
||||
if user is None:
|
||||
return generate_account_not_allowed_to_log_in()
|
||||
res = process_link_case(user, current_user, partner)
|
||||
self._initial_alias_sync(res.user)
|
||||
return ProtonCallbackResult(
|
||||
redirect_to_login=False,
|
||||
flash_message="Account successfully linked",
|
||||
|
||||
@ -16,6 +16,7 @@ PROTON_ERROR_CODE_HV_NEEDED = 9001
|
||||
|
||||
PLAN_FREE = 1
|
||||
PLAN_PREMIUM = 2
|
||||
PLAN_PREMIUM_LIFETIME = 3
|
||||
|
||||
|
||||
@dataclass
|
||||
@ -112,10 +113,13 @@ class HttpProtonClient(ProtonClient):
|
||||
if plan_value == PLAN_FREE:
|
||||
plan = SLPlan(type=SLPlanType.Free, expiration=None)
|
||||
elif plan_value == PLAN_PREMIUM:
|
||||
expiration = info.get("PlanExpiration", "1")
|
||||
plan = SLPlan(
|
||||
type=SLPlanType.Premium,
|
||||
expiration=Arrow.fromtimestamp(info["PlanExpiration"], tzinfo="utc"),
|
||||
expiration=Arrow.fromtimestamp(expiration, tzinfo="utc"),
|
||||
)
|
||||
elif plan_value == PLAN_PREMIUM_LIFETIME:
|
||||
plan = SLPlan(SLPlanType.PremiumLifetime, expiration=None)
|
||||
else:
|
||||
raise Exception(f"Invalid value for plan: {plan_value}")
|
||||
|
||||
|
||||
@ -4,6 +4,10 @@ from app.models import User, UserAuditLog
|
||||
|
||||
|
||||
class UserAuditLogAction(Enum):
|
||||
CreateUser = "create_user"
|
||||
ActivateUser = "activate_user"
|
||||
ResetPassword = "reset_password"
|
||||
|
||||
Upgrade = "upgrade"
|
||||
SubscriptionExtended = "subscription_extended"
|
||||
SubscriptionCancelled = "subscription_cancelled"
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
import random
|
||||
import re
|
||||
import secrets
|
||||
import string
|
||||
@ -32,8 +31,9 @@ def random_words(words: int = 2, numbers: int = 0):
|
||||
fields = [secrets.choice(_words) for i in range(words)]
|
||||
|
||||
if numbers > 0:
|
||||
digits = "".join([str(random.randint(0, 9)) for i in range(numbers)])
|
||||
return "_".join(fields) + digits
|
||||
digits = [n for n in range(10)]
|
||||
suffix = "".join([str(secrets.choice(digits)) for i in range(numbers)])
|
||||
return "_".join(fields) + suffix
|
||||
else:
|
||||
return "_".join(fields)
|
||||
|
||||
|
||||
39
app/cron.py
39
app/cron.py
@ -286,8 +286,16 @@ def notify_manual_sub_end():
|
||||
|
||||
def poll_apple_subscription():
|
||||
"""Poll Apple API to update AppleSubscription"""
|
||||
# todo: only near the end of the subscription
|
||||
for apple_sub in AppleSubscription.all():
|
||||
for apple_sub in (
|
||||
AppleSubscription.filter(
|
||||
AppleSubscription.expires_date < arrow.now().shift(days=15)
|
||||
)
|
||||
.enable_eagerloads(False)
|
||||
.yield_per(100)
|
||||
):
|
||||
if not apple_sub.is_valid():
|
||||
# Subscription is not valid anymore and hasn't been renewed
|
||||
continue
|
||||
if not apple_sub.product_id:
|
||||
LOG.d("Ignore %s", apple_sub)
|
||||
continue
|
||||
@ -900,6 +908,24 @@ def check_mailbox_valid_pgp_keys():
|
||||
|
||||
|
||||
def check_custom_domain():
|
||||
# Delete custom domains that haven't been verified in a month
|
||||
for custom_domain in (
|
||||
CustomDomain.filter(
|
||||
CustomDomain.verified == False, # noqa: E712
|
||||
CustomDomain.created_at < arrow.now().shift(months=-1),
|
||||
)
|
||||
.enable_eagerloads(False)
|
||||
.yield_per(100)
|
||||
):
|
||||
alias_count = Alias.filter(Alias.custom_domain_id == custom_domain.id).count()
|
||||
if alias_count > 0:
|
||||
LOG.warn(
|
||||
f"Custom Domain {custom_domain} has {alias_count} aliases. Won't delete"
|
||||
)
|
||||
else:
|
||||
LOG.i(f"Deleting unverified old custom domain {custom_domain}")
|
||||
CustomDomain.delete(custom_domain.id)
|
||||
|
||||
LOG.d("Check verified domain for DNS issues")
|
||||
|
||||
for custom_domain in CustomDomain.filter_by(verified=True): # type: CustomDomain
|
||||
@ -971,7 +997,7 @@ def delete_expired_tokens():
|
||||
LOG.d("Delete api to cookie tokens older than %s, nb row %s", max_time, nb_row)
|
||||
|
||||
|
||||
async def _hibp_check(api_key, queue):
|
||||
async def _hibp_check(api_key: str, queue: asyncio.Queue):
|
||||
"""
|
||||
Uses a single API key to check the queue as fast as possible.
|
||||
|
||||
@ -990,11 +1016,16 @@ async def _hibp_check(api_key, queue):
|
||||
if not alias:
|
||||
continue
|
||||
user = alias.user
|
||||
if user.disabled or not user.is_paid():
|
||||
if user.disabled or not user.is_premium():
|
||||
# Mark it as hibp done to skip it as if it had been checked
|
||||
alias.hibp_last_check = arrow.utcnow()
|
||||
Session.commit()
|
||||
continue
|
||||
if alias.flags & Alias.FLAG_PARTNER_CREATED > 0:
|
||||
# Mark as hibp done
|
||||
alias.hibp_last_check = arrow.utcnow()
|
||||
Session.commit()
|
||||
continue
|
||||
|
||||
LOG.d("Checking HIBP for %s", alias)
|
||||
|
||||
|
||||
@ -14,15 +14,28 @@ jobs:
|
||||
- name: SimpleLogin Custom Domain check
|
||||
command: python /code/cron.py -j check_custom_domain
|
||||
shell: /bin/bash
|
||||
schedule: "15 2 * * *"
|
||||
schedule: "15 */4 * * *"
|
||||
captureStderr: true
|
||||
concurrencyPolicy: Forbid
|
||||
onFailure:
|
||||
retry:
|
||||
maximumRetries: 10
|
||||
initialDelay: 1
|
||||
maximumDelay: 30
|
||||
backoffMultiplier: 2
|
||||
|
||||
- name: SimpleLogin HIBP check
|
||||
command: python /code/cron.py -j check_hibp
|
||||
shell: /bin/bash
|
||||
schedule: "15 3 * * *"
|
||||
schedule: "*/5 * * * *"
|
||||
captureStderr: true
|
||||
concurrencyPolicy: Forbid
|
||||
onFailure:
|
||||
retry:
|
||||
maximumRetries: 10
|
||||
initialDelay: 1
|
||||
maximumDelay: 30
|
||||
backoffMultiplier: 2
|
||||
|
||||
- name: SimpleLogin Notify HIBP breaches
|
||||
command: python /code/cron.py -j notify_hibp
|
||||
@ -31,6 +44,7 @@ jobs:
|
||||
captureStderr: true
|
||||
concurrencyPolicy: Forbid
|
||||
|
||||
|
||||
- name: SimpleLogin Delete Logs
|
||||
command: python /code/cron.py -j delete_logs
|
||||
shell: /bin/bash
|
||||
|
||||
@ -149,6 +149,7 @@ from app.handler.unsubscribe_generator import UnsubscribeGenerator
|
||||
from app.handler.unsubscribe_handler import UnsubscribeHandler
|
||||
from app.log import LOG, set_message_id
|
||||
from app.mail_sender import sl_sendmail
|
||||
from app.mailbox_utils import get_mailbox_for_reply_phase
|
||||
from app.message_utils import message_to_bytes
|
||||
from app.models import (
|
||||
Alias,
|
||||
@ -172,12 +173,14 @@ from app.pgp_utils import (
|
||||
sign_data,
|
||||
load_public_key_and_check,
|
||||
)
|
||||
from app.utils import sanitize_email, canonicalize_email
|
||||
from app.utils import sanitize_email
|
||||
from init_app import load_pgp_public_keys
|
||||
from server import create_light_app
|
||||
|
||||
|
||||
def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Contact:
|
||||
def get_or_create_contact(
|
||||
from_header: str, mail_from: str, alias: Alias
|
||||
) -> Optional[Contact]:
|
||||
"""
|
||||
contact_from_header is the RFC 2047 format FROM header
|
||||
"""
|
||||
@ -208,6 +211,8 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
|
||||
automatic_created=True,
|
||||
from_partner=False,
|
||||
)
|
||||
if contact_result.error:
|
||||
LOG.w(f"Error creating contact: {contact_result.error.value}")
|
||||
return contact_result.contact
|
||||
|
||||
|
||||
@ -558,7 +563,7 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
|
||||
|
||||
if not user.is_active():
|
||||
LOG.w(f"User {user} has been soft deleted")
|
||||
return False, status.E502
|
||||
return [(False, status.E502)]
|
||||
|
||||
if not user.can_send_or_receive():
|
||||
LOG.i(f"User {user} cannot receive emails")
|
||||
@ -579,6 +584,8 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
|
||||
from_header = get_header_unicode(msg[headers.FROM])
|
||||
LOG.d("Create or get contact for from_header:%s", from_header)
|
||||
contact = get_or_create_contact(from_header, envelope.mail_from, alias)
|
||||
if not contact:
|
||||
return [(False, status.E504)]
|
||||
alias = (
|
||||
contact.alias
|
||||
) # In case the Session was closed in the get_or_create we re-fetch the alias
|
||||
@ -1002,7 +1009,6 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
|
||||
return False, status.E503
|
||||
|
||||
user = alias.user
|
||||
mail_from = envelope.mail_from
|
||||
|
||||
if not user.can_send_or_receive():
|
||||
LOG.i(f"User {user} cannot send emails")
|
||||
@ -1016,13 +1022,15 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
|
||||
return False, dmarc_delivery_status
|
||||
|
||||
# Anti-spoofing
|
||||
mailbox = get_mailbox_from_mail_from(mail_from, alias)
|
||||
mailbox = get_mailbox_for_reply_phase(
|
||||
envelope.mail_from, get_header_unicode(msg[headers.FROM]), alias
|
||||
)
|
||||
if not mailbox:
|
||||
if alias.disable_email_spoofing_check:
|
||||
# ignore this error, use default alias mailbox
|
||||
LOG.w(
|
||||
"ignore unknown sender to reverse-alias %s: %s -> %s",
|
||||
mail_from,
|
||||
envelope.mail_from,
|
||||
alias,
|
||||
contact,
|
||||
)
|
||||
@ -1361,32 +1369,6 @@ def replace_original_message_id(alias: Alias, email_log: EmailLog, msg: Message)
|
||||
msg[headers.REFERENCES] = " ".join(new_message_ids)
|
||||
|
||||
|
||||
def get_mailbox_from_mail_from(mail_from: str, alias) -> Optional[Mailbox]:
|
||||
"""return the corresponding mailbox given the mail_from and alias
|
||||
Usually the mail_from=mailbox.email but it can also be one of the authorized address
|
||||
"""
|
||||
|
||||
def __check(email_address: str, alias: Alias) -> Optional[Mailbox]:
|
||||
for mailbox in alias.mailboxes:
|
||||
if mailbox.email == email_address:
|
||||
return mailbox
|
||||
|
||||
for authorized_address in mailbox.authorized_addresses:
|
||||
if authorized_address.email == email_address:
|
||||
LOG.d(
|
||||
"Found an authorized address for %s %s %s",
|
||||
alias,
|
||||
mailbox,
|
||||
authorized_address,
|
||||
)
|
||||
return mailbox
|
||||
return None
|
||||
|
||||
# We need to first check for the uncanonicalized version because we still have users in the db with the
|
||||
# email non canonicalized. So if it matches the already existing one use that, otherwise check the canonical one
|
||||
return __check(mail_from, alias) or __check(canonicalize_email(mail_from), alias)
|
||||
|
||||
|
||||
def handle_unknown_mailbox(
|
||||
envelope, msg, reply_email: str, user: User, alias: Alias, contact: Contact
|
||||
):
|
||||
|
||||
@ -12,6 +12,10 @@ class EventSink(ABC):
|
||||
def process(self, event: SyncEvent) -> bool:
|
||||
pass
|
||||
|
||||
@abstractmethod
|
||||
def send_data_to_webhook(self, data: bytes) -> bool:
|
||||
pass
|
||||
|
||||
|
||||
class HttpEventSink(EventSink):
|
||||
def process(self, event: SyncEvent) -> bool:
|
||||
@ -21,9 +25,16 @@ class HttpEventSink(EventSink):
|
||||
|
||||
LOG.info(f"Sending event {event.id} to {EVENT_WEBHOOK}")
|
||||
|
||||
if self.send_data_to_webhook(event.content):
|
||||
LOG.info(f"Event {event.id} sent successfully to webhook")
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def send_data_to_webhook(self, data: bytes) -> bool:
|
||||
res = requests.post(
|
||||
url=EVENT_WEBHOOK,
|
||||
data=event.content,
|
||||
data=data,
|
||||
headers={"Content-Type": "application/x-protobuf"},
|
||||
verify=not EVENT_WEBHOOK_SKIP_VERIFY_SSL,
|
||||
)
|
||||
@ -36,7 +47,6 @@ class HttpEventSink(EventSink):
|
||||
)
|
||||
return False
|
||||
else:
|
||||
LOG.info(f"Event {event.id} sent successfully to webhook")
|
||||
return True
|
||||
|
||||
|
||||
@ -44,3 +54,7 @@ class ConsoleEventSink(EventSink):
|
||||
def process(self, event: SyncEvent) -> bool:
|
||||
LOG.info(f"Handling event {event.id}")
|
||||
return True
|
||||
|
||||
def send_data_to_webhook(self, data: bytes) -> bool:
|
||||
LOG.info(f"Sending {len(data)} bytes to webhook")
|
||||
return True
|
||||
|
||||
@ -18,6 +18,7 @@ from app.events.event_dispatcher import PostgresDispatcher
|
||||
from app.import_utils import handle_batch_import
|
||||
from app.jobs.event_jobs import send_alias_creation_events_for_user
|
||||
from app.jobs.export_user_data_job import ExportUserDataJob
|
||||
from app.jobs.send_event_job import SendEventToWebhookJob
|
||||
from app.log import LOG
|
||||
from app.models import User, Job, BatchImport, Mailbox, CustomDomain, JobState
|
||||
from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
|
||||
@ -163,6 +164,8 @@ def delete_mailbox_job(job: Job):
|
||||
Session.commit()
|
||||
LOG.d("Mailbox %s %s deleted", mailbox_id, mailbox_email)
|
||||
|
||||
if not job.payload.get("send_mail", True):
|
||||
return
|
||||
if alias_transferred_to:
|
||||
send_email(
|
||||
user.email,
|
||||
@ -300,6 +303,10 @@ def process_job(job: Job):
|
||||
send_alias_creation_events_for_user(
|
||||
user, dispatcher=PostgresDispatcher.get()
|
||||
)
|
||||
elif job.name == config.JOB_SEND_EVENT_TO_WEBHOOK:
|
||||
send_job = SendEventToWebhookJob.create_from_job(job)
|
||||
if send_job:
|
||||
send_job.run()
|
||||
else:
|
||||
LOG.e("Unknown job name %s", job.name)
|
||||
|
||||
|
||||
@ -1,6 +1,4 @@
|
||||
abacus
|
||||
abdomen
|
||||
abdominal
|
||||
abide
|
||||
abiding
|
||||
ability
|
||||
@ -1031,7 +1029,6 @@ chosen
|
||||
chowder
|
||||
chowtime
|
||||
chrome
|
||||
chubby
|
||||
chuck
|
||||
chug
|
||||
chummy
|
||||
@ -2041,8 +2038,6 @@ dwindling
|
||||
dynamic
|
||||
dynamite
|
||||
dynasty
|
||||
dyslexia
|
||||
dyslexic
|
||||
each
|
||||
eagle
|
||||
earache
|
||||
@ -2081,7 +2076,6 @@ eatery
|
||||
eating
|
||||
eats
|
||||
ebay
|
||||
ebony
|
||||
ebook
|
||||
ecard
|
||||
eccentric
|
||||
@ -2375,8 +2369,6 @@ exclude
|
||||
excluding
|
||||
exclusion
|
||||
exclusive
|
||||
excretion
|
||||
excretory
|
||||
excursion
|
||||
excusable
|
||||
excusably
|
||||
@ -2396,8 +2388,6 @@ existing
|
||||
exit
|
||||
exodus
|
||||
exonerate
|
||||
exorcism
|
||||
exorcist
|
||||
expand
|
||||
expanse
|
||||
expansion
|
||||
@ -2483,7 +2473,6 @@ fanning
|
||||
fantasize
|
||||
fantastic
|
||||
fantasy
|
||||
fascism
|
||||
fastball
|
||||
faster
|
||||
fasting
|
||||
@ -3028,7 +3017,6 @@ guiding
|
||||
guileless
|
||||
guise
|
||||
gulf
|
||||
gullible
|
||||
gully
|
||||
gulp
|
||||
gumball
|
||||
@ -3040,10 +3028,6 @@ gurgle
|
||||
gurgling
|
||||
guru
|
||||
gush
|
||||
gusto
|
||||
gusty
|
||||
gutless
|
||||
guts
|
||||
gutter
|
||||
guy
|
||||
guzzler
|
||||
@ -3242,8 +3226,6 @@ humble
|
||||
humbling
|
||||
humbly
|
||||
humid
|
||||
humiliate
|
||||
humility
|
||||
humming
|
||||
hummus
|
||||
humongous
|
||||
@ -3271,7 +3253,6 @@ hurray
|
||||
hurricane
|
||||
hurried
|
||||
hurry
|
||||
hurt
|
||||
husband
|
||||
hush
|
||||
husked
|
||||
@ -3292,8 +3273,6 @@ hypnotic
|
||||
hypnotism
|
||||
hypnotist
|
||||
hypnotize
|
||||
hypocrisy
|
||||
hypocrite
|
||||
ibuprofen
|
||||
ice
|
||||
iciness
|
||||
@ -3323,7 +3302,6 @@ image
|
||||
imaginary
|
||||
imagines
|
||||
imaging
|
||||
imbecile
|
||||
imitate
|
||||
imitation
|
||||
immerse
|
||||
@ -3746,7 +3724,6 @@ machine
|
||||
machinist
|
||||
magazine
|
||||
magenta
|
||||
maggot
|
||||
magical
|
||||
magician
|
||||
magma
|
||||
@ -3968,8 +3945,6 @@ multitude
|
||||
mumble
|
||||
mumbling
|
||||
mumbo
|
||||
mummified
|
||||
mummify
|
||||
mumps
|
||||
munchkin
|
||||
mundane
|
||||
@ -4022,8 +3997,6 @@ napped
|
||||
napping
|
||||
nappy
|
||||
narrow
|
||||
nastily
|
||||
nastiness
|
||||
national
|
||||
native
|
||||
nativity
|
||||
@ -4446,7 +4419,6 @@ pasta
|
||||
pasted
|
||||
pastel
|
||||
pastime
|
||||
pastor
|
||||
pastrami
|
||||
pasture
|
||||
pasty
|
||||
@ -4458,7 +4430,6 @@ path
|
||||
patience
|
||||
patient
|
||||
patio
|
||||
patriarch
|
||||
patriot
|
||||
patrol
|
||||
patronage
|
||||
@ -4549,7 +4520,6 @@ pettiness
|
||||
petty
|
||||
petunia
|
||||
phantom
|
||||
phobia
|
||||
phoenix
|
||||
phonebook
|
||||
phoney
|
||||
@ -4608,7 +4578,6 @@ plot
|
||||
plow
|
||||
ploy
|
||||
pluck
|
||||
plug
|
||||
plunder
|
||||
plunging
|
||||
plural
|
||||
@ -4875,7 +4844,6 @@ pupil
|
||||
puppet
|
||||
puppy
|
||||
purchase
|
||||
pureblood
|
||||
purebred
|
||||
purely
|
||||
pureness
|
||||
@ -5047,7 +5015,6 @@ recharger
|
||||
recipient
|
||||
recital
|
||||
recite
|
||||
reckless
|
||||
reclaim
|
||||
recliner
|
||||
reclining
|
||||
@ -5440,7 +5407,6 @@ rubdown
|
||||
ruby
|
||||
ruckus
|
||||
rudder
|
||||
rug
|
||||
ruined
|
||||
rule
|
||||
rumble
|
||||
@ -5448,7 +5414,6 @@ rumbling
|
||||
rummage
|
||||
rumor
|
||||
runaround
|
||||
rundown
|
||||
runner
|
||||
running
|
||||
runny
|
||||
@ -5518,7 +5483,6 @@ sandpaper
|
||||
sandpit
|
||||
sandstone
|
||||
sandstorm
|
||||
sandworm
|
||||
sandy
|
||||
sanitary
|
||||
sanitizer
|
||||
@ -5541,7 +5505,6 @@ satisfy
|
||||
saturate
|
||||
saturday
|
||||
sauciness
|
||||
saucy
|
||||
sauna
|
||||
savage
|
||||
savanna
|
||||
@ -5552,7 +5515,6 @@ savor
|
||||
saxophone
|
||||
say
|
||||
scabbed
|
||||
scabby
|
||||
scalded
|
||||
scalding
|
||||
scale
|
||||
@ -5587,7 +5549,6 @@ science
|
||||
scientist
|
||||
scion
|
||||
scoff
|
||||
scolding
|
||||
scone
|
||||
scoop
|
||||
scooter
|
||||
@ -5651,8 +5612,6 @@ sedate
|
||||
sedation
|
||||
sedative
|
||||
sediment
|
||||
seduce
|
||||
seducing
|
||||
segment
|
||||
seismic
|
||||
seizing
|
||||
@ -5899,7 +5858,6 @@ skimpily
|
||||
skincare
|
||||
skinless
|
||||
skinning
|
||||
skinny
|
||||
skintight
|
||||
skipper
|
||||
skipping
|
||||
@ -6248,17 +6206,12 @@ stifle
|
||||
stifling
|
||||
stillness
|
||||
stilt
|
||||
stimulant
|
||||
stimulate
|
||||
stimuli
|
||||
stimulus
|
||||
stinger
|
||||
stingily
|
||||
stinging
|
||||
stingray
|
||||
stingy
|
||||
stinking
|
||||
stinky
|
||||
stipend
|
||||
stipulate
|
||||
stir
|
||||
@ -6866,7 +6819,6 @@ unbent
|
||||
unbiased
|
||||
unbitten
|
||||
unblended
|
||||
unblessed
|
||||
unblock
|
||||
unbolted
|
||||
unbounded
|
||||
@ -6947,7 +6899,6 @@ undertone
|
||||
undertook
|
||||
undertow
|
||||
underuse
|
||||
underwear
|
||||
underwent
|
||||
underwire
|
||||
undesired
|
||||
@ -7000,7 +6951,6 @@ unfunded
|
||||
unglazed
|
||||
ungloved
|
||||
unglue
|
||||
ungodly
|
||||
ungraded
|
||||
ungreased
|
||||
unguarded
|
||||
@ -7032,7 +6982,6 @@ uninsured
|
||||
uninvited
|
||||
union
|
||||
uniquely
|
||||
unisexual
|
||||
unison
|
||||
unissued
|
||||
unit
|
||||
@ -7493,8 +7442,6 @@ wheat
|
||||
whenever
|
||||
whiff
|
||||
whimsical
|
||||
whinny
|
||||
whiny
|
||||
whisking
|
||||
whoever
|
||||
whole
|
||||
@ -7600,7 +7547,6 @@ wrongness
|
||||
wrought
|
||||
xbox
|
||||
xerox
|
||||
yahoo
|
||||
yam
|
||||
yanking
|
||||
yapping
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
"""Preserve user id on alias delete
|
||||
|
||||
Revision ID: 4882cc49dde9
|
||||
Revises: 32f25cbf12f6
|
||||
Create Date: 2024-11-06 10:10:40.235991
|
||||
|
||||
"""
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '4882cc49dde9'
|
||||
down_revision = '32f25cbf12f6'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
op.add_column('deleted_alias', sa.Column('user_id', sa.Integer(), server_default=None, nullable=True))
|
||||
with op.get_context().autocommit_block():
|
||||
op.create_index('ix_deleted_alias_user_id_created_at', 'deleted_alias', ['user_id', 'created_at'], unique=False, postgresql_concurrently=True)
|
||||
|
||||
|
||||
def downgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.drop_index('ix_deleted_alias_user_id_created_at', table_name='deleted_alias')
|
||||
op.drop_column('deleted_alias', 'user_id')
|
||||
@ -0,0 +1,28 @@
|
||||
"""Revert user id on deleted alias
|
||||
|
||||
Revision ID: bc9aa210efa3
|
||||
Revises: 4882cc49dde9
|
||||
Create Date: 2024-11-06 12:44:44.129691
|
||||
|
||||
"""
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = 'bc9aa210efa3'
|
||||
down_revision = '4882cc49dde9'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.drop_index('ix_deleted_alias_user_id_created_at', table_name='deleted_alias')
|
||||
op.drop_column('deleted_alias', 'user_id')
|
||||
|
||||
|
||||
def downgrade():
|
||||
op.add_column('deleted_alias', sa.Column('user_id', sa.Integer(), server_default=None, nullable=True))
|
||||
with op.get_context().autocommit_block():
|
||||
op.create_index('ix_deleted_alias_user_id_created_at', 'deleted_alias', ['user_id', 'created_at'], unique=False, postgresql_concurrently=True)
|
||||
@ -0,0 +1,30 @@
|
||||
"""add missing indices on user and mailbox
|
||||
|
||||
Revision ID: 842ac670096e
|
||||
Revises: bc9aa210efa3
|
||||
Create Date: 2024-11-13 15:55:28.798506
|
||||
|
||||
"""
|
||||
import sqlalchemy_utils
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '842ac670096e'
|
||||
down_revision = 'bc9aa210efa3'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.create_index('ix_mailbox_pgp_finger_print', 'mailbox', ['pgp_finger_print'], unique=False)
|
||||
op.create_index('ix_users_default_mailbox_id', 'users', ['default_mailbox_id'], unique=False)
|
||||
# ### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.drop_index('ix_users_default_mailbox_id', table_name='users')
|
||||
op.drop_index('ix_mailbox_pgp_finger_print', table_name='mailbox')
|
||||
@ -0,0 +1,29 @@
|
||||
"""add missing indices on email log
|
||||
|
||||
Revision ID: 12274da2299f
|
||||
Revises: 842ac670096e
|
||||
Create Date: 2024-11-14 10:27:20.371191
|
||||
|
||||
"""
|
||||
import sqlalchemy_utils
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '12274da2299f'
|
||||
down_revision = '842ac670096e'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.create_index('ix_email_log_bounced_mailbox_id', 'email_log', ['bounced_mailbox_id'], unique=False)
|
||||
op.create_index('ix_email_log_mailbox_id', 'email_log', ['mailbox_id'], unique=False)
|
||||
|
||||
|
||||
def downgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.drop_index('ix_email_log_mailbox_id', table_name='email_log')
|
||||
op.drop_index('ix_email_log_bounced_mailbox_id', table_name='email_log')
|
||||
@ -0,0 +1,102 @@
|
||||
"""add missing indices for fk constraints
|
||||
|
||||
Revision ID: 0f3ee15b0014
|
||||
Revises: 12274da2299f
|
||||
Create Date: 2024-11-15 12:29:10.739938
|
||||
|
||||
"""
|
||||
import sqlalchemy_utils
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '0f3ee15b0014'
|
||||
down_revision = '12274da2299f'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.create_index('ix_activation_code_user_id', 'activation_code', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_alias_original_owner_id', 'alias', ['original_owner_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_alias_used_on_user_id', 'alias_used_on', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_api_to_cookie_token_api_key_id', 'api_cookie_token', ['api_key_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_api_to_cookie_token_user_id', 'api_cookie_token', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_api_key_code', 'api_key', ['code'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_api_key_user_id', 'api_key', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_authorization_code_client_id', 'authorization_code', ['client_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_authorization_code_user_id', 'authorization_code', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_authorized_address_user_id', 'authorized_address', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_auto_create_rule_custom_domain_id', 'auto_create_rule', ['custom_domain_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_batch_import_file_id', 'batch_import', ['file_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_batch_import_user_id', 'batch_import', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_client_icon_id', 'client', ['icon_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_client_referral_id', 'client', ['referral_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_client_user_id', 'client', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_coupon_used_by_user_id', 'coupon', ['used_by_user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_directory_user_id', 'directory', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_domain_deleted_alias_user_id', 'domain_deleted_alias', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_email_log_refused_email_id', 'email_log', ['refused_email_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_fido_user_id', 'fido', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_file_user_id', 'file', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_hibp_notified_alias_user_id', 'hibp_notified_alias', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_mfa_browser_user_id', 'mfa_browser', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_newsletter_user_user_id', 'newsletter_user', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_oauth_token_client_id', 'oauth_token', ['client_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_oauth_token_user_id', 'oauth_token', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_payout_user_id', 'payout', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_phone_reservation_user_id', 'phone_reservation', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_provider_complaint_refused_email_id', 'provider_complaint', ['refused_email_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_provider_complaint_user_id', 'provider_complaint', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_redirect_uri_client_id', 'redirect_uri', ['client_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_referral_user_id', 'referral', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_refused_email_user_id', 'refused_email', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_reset_password_code_user_id', 'reset_password_code', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_sent_alert_user_id', 'sent_alert', ['user_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_users_default_alias_custom_domain_id', 'users', ['default_alias_custom_domain_id'], unique=False, postgresql_concurrently=True)
|
||||
op.create_index('ix_users_profile_picture_id', 'users', ['profile_picture_id'], unique=False, postgresql_concurrently=True)
|
||||
|
||||
|
||||
|
||||
def downgrade():
|
||||
with op.get_context().autocommit_block():
|
||||
op.drop_index('ix_users_profile_picture_id', table_name='users')
|
||||
op.drop_index('ix_users_default_alias_custom_domain_id', table_name='users')
|
||||
op.drop_index('ix_sent_alert_user_id', table_name='sent_alert')
|
||||
op.drop_index('ix_reset_password_code_user_id', table_name='reset_password_code')
|
||||
op.drop_index('ix_refused_email_user_id', table_name='refused_email')
|
||||
op.drop_index('ix_referral_user_id', table_name='referral')
|
||||
op.drop_index('ix_redirect_uri_client_id', table_name='redirect_uri')
|
||||
op.drop_index('ix_provider_complaint_user_id', table_name='provider_complaint')
|
||||
op.drop_index('ix_provider_complaint_refused_email_id', table_name='provider_complaint')
|
||||
op.drop_index('ix_phone_reservation_user_id', table_name='phone_reservation')
|
||||
op.drop_index('ix_payout_user_id', table_name='payout')
|
||||
op.drop_index('ix_oauth_token_user_id', table_name='oauth_token')
|
||||
op.drop_index('ix_oauth_token_client_id', table_name='oauth_token')
|
||||
op.drop_index('ix_newsletter_user_user_id', table_name='newsletter_user')
|
||||
op.drop_index('ix_mfa_browser_user_id', table_name='mfa_browser')
|
||||
op.drop_index('ix_hibp_notified_alias_user_id', table_name='hibp_notified_alias')
|
||||
op.drop_index('ix_file_user_id', table_name='file')
|
||||
op.drop_index('ix_fido_user_id', table_name='fido')
|
||||
op.drop_index('ix_email_log_refused_email_id', table_name='email_log')
|
||||
op.drop_index('ix_domain_deleted_alias_user_id', table_name='domain_deleted_alias')
|
||||
op.drop_index('ix_directory_user_id', table_name='directory')
|
||||
op.drop_index('ix_coupon_used_by_user_id', table_name='coupon')
|
||||
op.drop_index('ix_client_user_id', table_name='client')
|
||||
op.drop_index('ix_client_referral_id', table_name='client')
|
||||
op.drop_index('ix_client_icon_id', table_name='client')
|
||||
op.drop_index('ix_batch_import_user_id', table_name='batch_import')
|
||||
op.drop_index('ix_batch_import_file_id', table_name='batch_import')
|
||||
op.drop_index('ix_auto_create_rule_custom_domain_id', table_name='auto_create_rule')
|
||||
op.drop_index('ix_authorized_address_user_id', table_name='authorized_address')
|
||||
op.drop_index('ix_authorization_code_user_id', table_name='authorization_code')
|
||||
op.drop_index('ix_authorization_code_client_id', table_name='authorization_code')
|
||||
op.drop_index('ix_api_key_user_id', table_name='api_key')
|
||||
op.drop_index('ix_api_key_code', table_name='api_key')
|
||||
op.drop_index('ix_api_to_cookie_token_user_id', table_name='api_cookie_token')
|
||||
op.drop_index('ix_api_to_cookie_token_api_key_id', table_name='api_cookie_token')
|
||||
op.drop_index('ix_alias_used_on_user_id', table_name='alias_used_on')
|
||||
op.drop_index('ix_alias_original_owner_id', table_name='alias')
|
||||
op.drop_index('ix_activation_code_user_id', table_name='activation_code')
|
||||
35
app/migrations/versions/2024_112619_085f77996ce3_.py
Normal file
35
app/migrations/versions/2024_112619_085f77996ce3_.py
Normal file
@ -0,0 +1,35 @@
|
||||
"""empty message
|
||||
|
||||
Revision ID: 085f77996ce3
|
||||
Revises: 0f3ee15b0014
|
||||
Create Date: 2024-11-26 19:20:32.227899
|
||||
|
||||
"""
|
||||
import sqlalchemy_utils
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
from sqlalchemy.dialects import postgresql
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '085f77996ce3'
|
||||
down_revision = '0f3ee15b0014'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.add_column('partner_subscription', sa.Column('lifetime', sa.Boolean(), server_default='0', nullable=False))
|
||||
op.alter_column('partner_subscription', 'end_at',
|
||||
existing_type=postgresql.TIMESTAMP(),
|
||||
nullable=True)
|
||||
# ### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade():
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.alter_column('partner_subscription', 'end_at',
|
||||
existing_type=postgresql.TIMESTAMP(),
|
||||
nullable=False)
|
||||
op.drop_column('partner_subscription', 'lifetime')
|
||||
# ### end Alembic commands ###
|
||||
62
app/oneshot/send_lifetime_user_events.py
Normal file
62
app/oneshot/send_lifetime_user_events.py
Normal file
@ -0,0 +1,62 @@
|
||||
#!/usr/bin/env python3
|
||||
import argparse
|
||||
import time
|
||||
|
||||
import arrow
|
||||
from sqlalchemy import func
|
||||
|
||||
from app.events.event_dispatcher import EventDispatcher
|
||||
from app.events.generated.event_pb2 import UserPlanChanged, EventContent
|
||||
from app.models import PartnerUser, User
|
||||
from app.db import Session
|
||||
|
||||
parser = argparse.ArgumentParser(
|
||||
prog="Backfill alias", description="Send lifetime users to proton"
|
||||
)
|
||||
parser.add_argument(
|
||||
"-s", "--start_pu_id", default=0, type=int, help="Initial partner_user_id"
|
||||
)
|
||||
parser.add_argument(
|
||||
"-e", "--end_pu_id", default=0, type=int, help="Last partner_user_id"
|
||||
)
|
||||
|
||||
args = parser.parse_args()
|
||||
pu_id_start = args.start_pu_id
|
||||
max_pu_id = args.end_pu_id
|
||||
if max_pu_id == 0:
|
||||
max_pu_id = Session.query(func.max(PartnerUser.id)).scalar()
|
||||
|
||||
print(f"Checking partner user {pu_id_start} to {max_pu_id}")
|
||||
step = 1000
|
||||
done = 0
|
||||
start_time = time.time()
|
||||
with_lifetime = 0
|
||||
for batch_start in range(pu_id_start, max_pu_id, step):
|
||||
users = (
|
||||
Session.query(User)
|
||||
.join(PartnerUser, PartnerUser.user_id == User.id)
|
||||
.filter(
|
||||
PartnerUser.id >= batch_start,
|
||||
PartnerUser.id < batch_start + step,
|
||||
User.lifetime == True, # noqa :E712
|
||||
)
|
||||
).all()
|
||||
for user in users:
|
||||
# Just in case the == True cond is wonky
|
||||
if not user.lifetime:
|
||||
continue
|
||||
with_lifetime += 1
|
||||
event = UserPlanChanged(plan_end_time=arrow.get("2038-01-01").timestamp)
|
||||
EventDispatcher.send_event(user, EventContent(user_plan_change=event))
|
||||
Session.flush()
|
||||
Session.commit()
|
||||
elapsed = time.time() - start_time
|
||||
last_batch_id = batch_start + step
|
||||
time_per_alias = elapsed / (last_batch_id)
|
||||
remaining = max_pu_id - last_batch_id
|
||||
time_remaining = remaining / time_per_alias
|
||||
hours_remaining = time_remaining / 60.0
|
||||
print(
|
||||
f"\PartnerUser {batch_start}/{max_pu_id} {with_lifetime} {hours_remaining:.2f} mins remaining"
|
||||
)
|
||||
print(f"With SL lifetime {with_lifetime}")
|
||||
@ -2,10 +2,10 @@
|
||||
import argparse
|
||||
import time
|
||||
|
||||
import arrow
|
||||
from sqlalchemy import func
|
||||
|
||||
from app.events.event_dispatcher import EventDispatcher
|
||||
from app.events.generated.event_pb2 import UserPlanChanged, EventContent
|
||||
from app.account_linking import send_user_plan_changed_event
|
||||
from app.models import PartnerUser
|
||||
from app.db import Session
|
||||
|
||||
@ -30,6 +30,7 @@ step = 100
|
||||
updated = 0
|
||||
start_time = time.time()
|
||||
with_premium = 0
|
||||
with_lifetime = 0
|
||||
for batch_start in range(pu_id_start, max_pu_id, step):
|
||||
partner_users = (
|
||||
Session.query(PartnerUser).filter(
|
||||
@ -37,18 +38,12 @@ for batch_start in range(pu_id_start, max_pu_id, step):
|
||||
)
|
||||
).all()
|
||||
for partner_user in partner_users:
|
||||
subscription_end = partner_user.user.get_active_subscription_end(
|
||||
include_partner_subscription=False
|
||||
)
|
||||
end_timestamp = None
|
||||
if subscription_end:
|
||||
with_premium += 1
|
||||
end_timestamp = subscription_end.timestamp
|
||||
event = UserPlanChanged(plan_end_time=end_timestamp)
|
||||
EventDispatcher.send_event(
|
||||
partner_user.user, EventContent(user_plan_change=event)
|
||||
)
|
||||
Session.flush()
|
||||
subscription_end = send_user_plan_changed_event(partner_user)
|
||||
if subscription_end is not None:
|
||||
if subscription_end > arrow.get("2038-01-01").timestamp:
|
||||
with_lifetime += 1
|
||||
else:
|
||||
with_premium += 1
|
||||
updated += 1
|
||||
Session.commit()
|
||||
elapsed = time.time() - start_time
|
||||
@ -60,4 +55,4 @@ for batch_start in range(pu_id_start, max_pu_id, step):
|
||||
print(
|
||||
f"\PartnerUser {batch_start}/{max_pu_id} {updated} {hours_remaining:.2f} mins remaining"
|
||||
)
|
||||
print(f"With SL premium {with_premium}")
|
||||
print(f"With SL premium {with_premium} lifetime {with_lifetime}")
|
||||
|
||||
@ -442,10 +442,10 @@ def init_admin(app):
|
||||
admin = Admin(name="SimpleLogin", template_mode="bootstrap4")
|
||||
|
||||
admin.init_app(app, index_view=SLAdminIndexView())
|
||||
admin.add_view(EmailSearchAdmin(name="Email Search", endpoint="email_search"))
|
||||
admin.add_view(UserAdmin(User, Session))
|
||||
admin.add_view(AliasAdmin(Alias, Session))
|
||||
admin.add_view(MailboxAdmin(Mailbox, Session))
|
||||
admin.add_view(EmailSearchAdmin(name="Email Search", endpoint="email_search"))
|
||||
admin.add_view(CouponAdmin(Coupon, Session))
|
||||
admin.add_view(ManualSubscriptionAdmin(ManualSubscription, Session))
|
||||
admin.add_view(CustomDomainAdmin(CustomDomain, Session))
|
||||
|
||||
@ -1,272 +1,295 @@
|
||||
{% extends 'admin/master.html' %}
|
||||
|
||||
{% macro show_user(user) -%}
|
||||
<h4>User {{ user.email }} with ID {{ user.id }}.</h4>
|
||||
{% set pu = helper.partner_user(user) %}
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">User ID</th>
|
||||
<th scope="col">Email</th>
|
||||
<th scope="col">Status</th>
|
||||
<th scope="col">Paid</th>
|
||||
<th>Subscription</th>
|
||||
<th>Created At</th>
|
||||
<th>Updated At</th>
|
||||
<th>Connected with Proton account</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>{{ user.id }}</td>
|
||||
<td><a href="?email={{ user.email }}">{{ user.email }}</a></td>
|
||||
{% if user.disabled %}
|
||||
<h4>User {{ user.email }} with ID {{ user.id }}.</h4>
|
||||
{% set pu = helper.partner_user(user) %}
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">User ID</th>
|
||||
<th scope="col">Email</th>
|
||||
<th scope="col">Verified</th>
|
||||
<th scope="col">Status</th>
|
||||
<th scope="col">Paid</th>
|
||||
<th scope="col">Premium</th>
|
||||
<th>Subscription</th>
|
||||
<th>Created At</th>
|
||||
<th>Updated At</th>
|
||||
<th>Connected with Proton account</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>{{ user.id }}</td>
|
||||
<td>
|
||||
<a href="?email={{ user.email }}">{{ user.email }}</a>
|
||||
</td>
|
||||
{% if user.activated %}
|
||||
|
||||
<td class="text-danger">Disabled</td>
|
||||
{% else %}
|
||||
<td class="text-success">Enabled</td>
|
||||
{% endif %}
|
||||
<td>{{ "yes" if user.is_paid() else "No" }}</td>
|
||||
<td>{{ user.get_active_subscription() }}</td>
|
||||
<td>{{ user.created_at }}</td>
|
||||
<td>{{ user.updated_at }}</td>
|
||||
{% if pu %}
|
||||
<td class="text-success">Activated</td>
|
||||
{% else %}
|
||||
<td class="text-warning">Pending</td>
|
||||
{% endif %}
|
||||
{% if user.disabled %}
|
||||
|
||||
<td><a href="?email={{ pu.partner_email }}">{{ pu.partner_email }}</a></td>
|
||||
{% else %}
|
||||
<td>No</td>
|
||||
{% endif %}
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<td class="text-danger">Disabled</td>
|
||||
{% else %}
|
||||
<td class="text-success">Enabled</td>
|
||||
{% endif %}
|
||||
<td>{{ "yes" if user.is_paid() else "No" }}</td>
|
||||
<td>{{ "yes" if user.is_premium() else "No" }}</td>
|
||||
<td>{{ user.get_active_subscription() }}</td>
|
||||
<td>{{ user.created_at }}</td>
|
||||
<td>{{ user.updated_at }}</td>
|
||||
{% if pu %}
|
||||
|
||||
<td>
|
||||
<a href="?email={{ pu.partner_email }}">{{ pu.partner_email }}</a>
|
||||
</td>
|
||||
{% else %}
|
||||
<td>No</td>
|
||||
{% endif %}
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
{%- endmacro %}
|
||||
{% macro list_mailboxes(message, mbox_count, mboxes) %}
|
||||
<h4>
|
||||
{{ mbox_count }} {{ message }}.
|
||||
{% if mbox_count>10 %}Showing only the last 10.{% endif %}
|
||||
</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<h4>
|
||||
{{ mbox_count }} {{ message }}.
|
||||
{% if mbox_count>10 %}Showing only the last 10.{% endif %}
|
||||
</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Mailbox ID</th>
|
||||
<th>Email</th>
|
||||
<th>Verified</th>
|
||||
<th>Created At</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for mailbox in mboxes %}
|
||||
<tr>
|
||||
<th>Mailbox ID</th>
|
||||
<th>Email</th>
|
||||
<th>Verified</th>
|
||||
<th>Created At</th>
|
||||
<td>{{ mailbox.id }}</td>
|
||||
<td>
|
||||
<a href="?email={{ mailbox.email }}">{{ mailbox.email }}</a>
|
||||
</td>
|
||||
<td>{{ "Yes" if mailbox.verified else "No" }}</td>
|
||||
<td>{{ mailbox.created_at }}</td>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for mailbox in mboxes %}
|
||||
|
||||
<tr>
|
||||
<td>{{ mailbox.id }}</td>
|
||||
<td><a href="?email={{ mailbox.email }}">{{ mailbox.email }}</a></td>
|
||||
<td>{{ "Yes" if mailbox.verified else "No" }}</td>
|
||||
<td>
|
||||
{{ mailbox.created_at }}
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endmacro %}
|
||||
{% macro list_alias(alias_count, aliases) %}
|
||||
<h4>
|
||||
{{ alias_count }} Aliases found.
|
||||
{% if alias_count>10 %}Showing only the last 10.{% endif %}
|
||||
</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<h4>
|
||||
{{ alias_count }} Aliases found.
|
||||
{% if alias_count>10 %}Showing only the last 10.{% endif %}
|
||||
</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Alias ID</th>
|
||||
<th>Email</th>
|
||||
<th>Enabled</th>
|
||||
<th>Created At</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for alias in aliases %}
|
||||
|
||||
<tr>
|
||||
<th>
|
||||
Alias ID
|
||||
</th>
|
||||
<th>
|
||||
Email
|
||||
</th>
|
||||
<th>
|
||||
Enabled
|
||||
</th>
|
||||
<th>
|
||||
Created At
|
||||
</th>
|
||||
<td>{{ alias.id }}</td>
|
||||
<td>
|
||||
<a href="?email={{ alias.email }}">{{ alias.email }}</a>
|
||||
</td>
|
||||
<td>{{ "Yes" if alias.enabled else "No" }}</td>
|
||||
<td>{{ alias.created_at }}</td>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for alias in aliases %}
|
||||
<tr>
|
||||
<td>{{ alias.id }}</td>
|
||||
<td><a href="?email={{ alias.email }}">{{ alias.email }}</a></td>
|
||||
<td>{{ "Yes" if alias.enabled else "No" }}</td>
|
||||
<td>{{ alias.created_at }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endmacro %}
|
||||
{% macro show_deleted_alias(deleted_alias) -%}
|
||||
<h4>Deleted Alias {{ deleted_alias.email }} with ID {{ deleted_alias.id }}.</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">Deleted Alias ID</th>
|
||||
<th scope="col">Email</th>
|
||||
<th scope="col">Deleted At</th>
|
||||
<th scope="col">Reason</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>{{ deleted_alias.id }}</td>
|
||||
<td>{{ deleted_alias.email }}</td>
|
||||
<td>{{ deleted_alias.created_at }}</td>
|
||||
<td>{{ deleted_alias.reason }}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h4>Deleted Alias {{ deleted_alias.email }} with ID {{ deleted_alias.id }}.</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">Deleted Alias ID</th>
|
||||
<th scope="col">Email</th>
|
||||
<th scope="col">Deleted At</th>
|
||||
<th scope="col">Reason</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>{{ deleted_alias.id }}</td>
|
||||
<td>{{ deleted_alias.email }}</td>
|
||||
<td>{{ deleted_alias.created_at }}</td>
|
||||
<td>{{ deleted_alias.reason }}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
{%- endmacro %}
|
||||
{% macro show_domain_deleted_alias(dom_deleted_alias) -%}
|
||||
<h4>
|
||||
Domain Deleted Alias {{ dom_deleted_alias.email }} with ID {{ dom_deleted_alias.id }} for
|
||||
domain {{ dom_deleted_alias.domain.domain }}
|
||||
</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">Deleted Alias ID</th>
|
||||
<th scope="col">Email</th>
|
||||
<th scope="col">Domain</th>
|
||||
<th scope="col">Domain ID</th>
|
||||
<th scope="col">Domain owner user ID</th>
|
||||
<th scope="col">Domain owner user email</th>
|
||||
<th scope="col">Deleted At</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>{{ dom_deleted_alias.id }}</td>
|
||||
<td>{{ dom_deleted_alias.email }}</td>
|
||||
<td>{{ dom_deleted_alias.domain.domain }}</td>
|
||||
<td>{{ dom_deleted_alias.domain.id }}</td>
|
||||
<td>{{ dom_deleted_alias.domain.user_id }}</td>
|
||||
<td>{{ dom_deleted_alias.created_at }}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
{{ show_user(data.domain_deleted_alias.domain.user) }}
|
||||
<h4>
|
||||
Domain Deleted Alias {{ dom_deleted_alias.email }} with ID {{ dom_deleted_alias.id }} for
|
||||
domain {{ dom_deleted_alias.domain.domain }}
|
||||
</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">Deleted Alias ID</th>
|
||||
<th scope="col">Email</th>
|
||||
<th scope="col">Domain</th>
|
||||
<th scope="col">Domain ID</th>
|
||||
<th scope="col">Domain owner user ID</th>
|
||||
<th scope="col">Domain owner user email</th>
|
||||
<th scope="col">Deleted At</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>{{ dom_deleted_alias.id }}</td>
|
||||
<td>{{ dom_deleted_alias.email }}</td>
|
||||
<td>{{ dom_deleted_alias.domain.domain }}</td>
|
||||
<td>{{ dom_deleted_alias.domain.id }}</td>
|
||||
<td>{{ dom_deleted_alias.domain.user_id }}</td>
|
||||
<td>{{ dom_deleted_alias.created_at }}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
{{ show_user(data.domain_deleted_alias.domain.user) }}
|
||||
{%- endmacro %}
|
||||
{% macro list_alias_audit_log(alias_audit_log) %}
|
||||
<h4>Alias Audit Log</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<h4>Alias Audit Log</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>User ID</th>
|
||||
<th>Alias ID</th>
|
||||
<th>Alias Email</th>
|
||||
<th>Action</th>
|
||||
<th>Message</th>
|
||||
<th>Time</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for entry in alias_audit_log %}
|
||||
|
||||
<tr>
|
||||
<th>User ID</th>
|
||||
<th>Alias ID</th>
|
||||
<th>Alias Email</th>
|
||||
<th>Action</th>
|
||||
<th>Message</th>
|
||||
<th>Time</th>
|
||||
<td>{{ entry.user_id }}</td>
|
||||
<td>{{ entry.alias_id }}</td>
|
||||
<td>
|
||||
<a href="?email={{ entry.alias_email }}">{{ entry.alias_email }}</a>
|
||||
</td>
|
||||
<td>{{ entry.action }}</td>
|
||||
<td>{{ entry.message }}</td>
|
||||
<td>{{ entry.created_at }}</td>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for entry in alias_audit_log %}
|
||||
<tr>
|
||||
<td>{{ entry.user_id }}</td>
|
||||
<td>{{ entry.alias_id }}</td>
|
||||
<td><a href="?email={{ entry.alias_email }}">{{ entry.alias_email }}</a></td>
|
||||
<td>{{ entry.action }}</td>
|
||||
<td>{{ entry.message }}</td>
|
||||
<td>{{ entry.created_at }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endmacro %}
|
||||
{% macro list_user_audit_log(user_audit_log) %}
|
||||
<h4>User Audit Log</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<h4>User Audit Log</h4>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>User email</th>
|
||||
<th>Action</th>
|
||||
<th>Message</th>
|
||||
<th>Time</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for entry in user_audit_log %}
|
||||
|
||||
<tr>
|
||||
<th>User email</th>
|
||||
<th>Action</th>
|
||||
<th>Message</th>
|
||||
<th>Time</th>
|
||||
<td>
|
||||
<a href="?email={{ entry.user_email }}">{{ entry.user_email }}</a>
|
||||
</td>
|
||||
<td>{{ entry.action }}</td>
|
||||
<td>{{ entry.message }}</td>
|
||||
<td>{{ entry.created_at }}</td>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for entry in user_audit_log %}
|
||||
<tr>
|
||||
<td><a href="?email={{ entry.user_email }}">{{ entry.user_email }}</a></td>
|
||||
<td>{{ entry.action }}</td>
|
||||
<td>{{ entry.message }}</td>
|
||||
<td>{{ entry.created_at }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endmacro %}
|
||||
{% block body %}
|
||||
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3">
|
||||
<form method="get">
|
||||
<div class="form-group">
|
||||
<label for="email">Email to search:</label>
|
||||
<input type="text"
|
||||
class="form-control"
|
||||
name="email"
|
||||
value="{{ email or '' }}" />
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary">Submit</button>
|
||||
</form>
|
||||
</div>
|
||||
{% if data.no_match and email %}
|
||||
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
|
||||
role="alert">No user, alias or mailbox found for {{ email }}</div>
|
||||
{% endif %}
|
||||
{% if data.alias %}
|
||||
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3">
|
||||
<form method="get">
|
||||
<div class="form-group">
|
||||
<label for="email">Email to search:</label>
|
||||
<input type="text"
|
||||
class="form-control"
|
||||
name="email"
|
||||
value="{{ email or '' }}"/>
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary">Submit</button>
|
||||
</form>
|
||||
<h3 class="mb-3">Found Alias {{ data.alias.email }}</h3>
|
||||
{{ list_alias(1,[data.alias]) }}
|
||||
{{ list_alias_audit_log(data.alias_audit_log) }}
|
||||
{{ list_mailboxes("Mailboxes for alias", helper.alias_mailbox_count(data.alias) , helper.alias_mailboxes(data.alias)) }}
|
||||
{{ show_user(data.alias.user) }}
|
||||
</div>
|
||||
{% if data.no_match and email %}
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
|
||||
role="alert">No user, alias or mailbox found for {{ email }}</div>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if data.user %}
|
||||
|
||||
{% if data.alias %}
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found Alias {{ data.alias.email }}</h3>
|
||||
{{ list_alias(1,[data.alias]) }}
|
||||
{{ list_alias_audit_log(data.alias_audit_log) }}
|
||||
{{ list_mailboxes("Mailboxes for alias", helper.alias_mailbox_count(data.alias), helper.alias_mailboxes(data.alias)) }}
|
||||
{{ show_user(data.alias.user) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found User {{ data.user.email }}</h3>
|
||||
{{ show_user(data.user) }}
|
||||
{{ list_mailboxes("Mailboxes for user", helper.mailbox_count(data.user) , helper.mailbox_list(data.user) ) }}
|
||||
{{ list_alias(helper.alias_count(data.user) ,helper.alias_list(data.user)) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if data.user_audit_log %}
|
||||
|
||||
{% if data.user %}
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found User {{ data.user.email }}</h3>
|
||||
{{ show_user(data.user) }}
|
||||
{{ list_mailboxes("Mailboxes for user", helper.mailbox_count(data.user) , helper.mailbox_list(data.user) ) }}
|
||||
{{ list_alias(helper.alias_count(data.user) ,helper.alias_list(data.user)) }}
|
||||
{{ list_user_audit_log(data.user_audit_log) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if data.mailbox_count > 10 %}
|
||||
<h3>Found more than 10 mailboxes for {{ email }}. Showing the last 10</h3>
|
||||
{% elif data.mailbox_count > 0 %}
|
||||
<h3>Found {{ data.mailbox_count }} mailbox(es) for {{ email }}</h3>
|
||||
{% endif %}
|
||||
{% for mailbox in data.mailbox %}
|
||||
<div class="border border-dark border-2 mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Audit log entries for user {{ data.query }}</h3>
|
||||
{{ list_user_audit_log(data.user_audit_log) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if data.mailbox_count > 10 %}
|
||||
|
||||
<div class="border border-dark mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found Mailbox {{ mailbox.email }}</h3>
|
||||
{{ list_mailboxes("Mailbox found", 1, [mailbox]) }}
|
||||
{{ show_user(mailbox.user) }}
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% if data.deleted_alias %}
|
||||
<h3>Found more than 10 mailboxes for {{ email }}. Showing the last 10</h3>
|
||||
{% elif data.mailbox_count > 0 %}
|
||||
<h3>Found {{ data.mailbox_count }} mailbox(es) for {{ email }}</h3>
|
||||
{% endif %}
|
||||
{% for mailbox in data.mailbox %}
|
||||
|
||||
<div class="border border-dark mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found DeletedAlias {{ data.deleted_alias.email }}</h3>
|
||||
{{ show_deleted_alias(data.deleted_alias) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if data.domain_deleted_alias %}
|
||||
<div class="border border-dark mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found Mailbox {{ mailbox.email }}</h3>
|
||||
{{ list_mailboxes("Mailbox found", 1, [mailbox]) }}
|
||||
{{ show_user(mailbox.user) }}
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% if data.deleted_alias %}
|
||||
|
||||
<div class="border border-dark mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found DomainDeletedAlias {{ data.domain_deleted_alias.email }}</h3>
|
||||
{{ show_domain_deleted_alias(data.domain_deleted_alias) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
<div class="border border-dark mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found DeletedAlias {{ data.deleted_alias.email }}</h3>
|
||||
{{ show_deleted_alias(data.deleted_alias) }}
|
||||
{{ list_alias_audit_log(data.deleted_alias_audit_log) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if data.domain_deleted_alias %}
|
||||
|
||||
<div class="border border-dark mt-1 mb-2 p-3">
|
||||
<h3 class="mb-3">Found DomainDeletedAlias {{ data.domain_deleted_alias.email }}</h3>
|
||||
{{ show_domain_deleted_alias(data.domain_deleted_alias) }}
|
||||
{{ list_alias_audit_log(data.domain_deleted_alias_audit_log) }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
You can change the plan at any moment.
|
||||
<br />
|
||||
Please note that the new billing cycle starts instantly
|
||||
i.e. you will be charged <b>immediately</b> the annual fee ($30) when switching from monthly plan or vice-versa
|
||||
i.e. you will be charged <b>immediately</b> the annual fee ($36) when switching from monthly plan or vice-versa
|
||||
<b>without pro rata computation </b>.
|
||||
<br />
|
||||
To change the plan you can also cancel the current one and subscribe a new one <b>by the end</b> of this plan.
|
||||
|
||||
@ -94,4 +94,3 @@
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
|
||||
@ -91,7 +91,6 @@
|
||||
<br />
|
||||
Some domain registrars (Namecheap, CloudFlare, etc) might also use <em>@</em> for the root domain.
|
||||
</div>
|
||||
|
||||
{% for record in expected_mx_records %}
|
||||
|
||||
<div class="mb-3 p-3 dns-record">
|
||||
@ -108,7 +107,6 @@
|
||||
data-clipboard-text="{{ record.domain }}">{{ record.domain }}</em>
|
||||
</div>
|
||||
{% endfor %}
|
||||
|
||||
<form method="post" action="#mx-form">
|
||||
{{ csrf_form.csrf_token }}
|
||||
<input type="hidden" name="form-name" value="check-mx">
|
||||
|
||||
@ -22,7 +22,8 @@
|
||||
<p>Alternatively you can use your Proton credentials to ensure it's you.</p>
|
||||
</div>
|
||||
<a class="btn btn-primary btn-block mt-2 proton-button"
|
||||
href="{{ url_for('auth.proton_login', next=next) }}" style="max-width: 400px">
|
||||
href="{{ url_for('auth.proton_login', next=next) }}"
|
||||
style="max-width: 400px">
|
||||
<img class="mr-2" src="/static/images/proton.svg" />
|
||||
Authenticate with Proton
|
||||
</a>
|
||||
@ -38,4 +39,4 @@
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
{% endblock %}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<div>
|
||||
<a class="buy-with-crypto"
|
||||
data-custom="{{ current_user.id }}"
|
||||
href="{{ coinbase_url }}">Extend for 1 year - $30</a>
|
||||
href="{{ coinbase_url }}">Extend for 1 year - $36</a>
|
||||
<script src="https://commerce.coinbase.com/v1/checkout.js?version=201807"></script>
|
||||
</div>
|
||||
<div class="mt-2">
|
||||
|
||||
@ -57,24 +57,19 @@
|
||||
{% endblock %}
|
||||
{% block default_content %}
|
||||
|
||||
{% if NOW.timestamp < 1701475201 %}
|
||||
{% if NOW.timestamp < 1733184000 %}
|
||||
|
||||
<div class="alert alert-info">
|
||||
Black Friday Deal: 33% off on the yearly plan for the <b>first</b> year ($20 instead of $30).
|
||||
<div class="alert alert-primary">
|
||||
Lifetime deal for SimpleLogin Premium and Proton Pass Plus for $199
|
||||
<a class="btn btn-primary"
|
||||
href="https://proton.me/pass/black-friday"
|
||||
target="_blank">Buy now</a>
|
||||
<br>
|
||||
Please use this coupon code
|
||||
<em data-toggle="tooltip"
|
||||
title="Click to copy"
|
||||
class="clipboard"
|
||||
data-clipboard-text="BF2023">BF2023</em> during the checkout.
|
||||
<br>
|
||||
<img src="/static/images/coupon.png" class="m-2" style="max-width: 300px">
|
||||
<br>
|
||||
Available until December 1, 2023.
|
||||
Available until December 3, 2024.
|
||||
</div>
|
||||
{% endif %}
|
||||
<div class="pb-8">
|
||||
<div class="text-center mx-md-auto mb-8 mt-6">
|
||||
<div class="text-center mx-md-auto mb-4 mt-4">
|
||||
<h1>Upgrade to unlock premium features</h1>
|
||||
</div>
|
||||
{% if manual_sub %}
|
||||
@ -126,6 +121,11 @@
|
||||
aria-selected="true">Yearly<span class="badge badge-success position-absolute tab-yearly__badge"
|
||||
style="font-size: 12px">Save $18</span></a>
|
||||
</div>
|
||||
<div class="alert alert-info">
|
||||
<span class="badge badge-success">new</span> SimpleLogin Premium now includes Proton Pass premium features.
|
||||
<a href="https://simplelogin.io/blog/sl-premium-including-pass-plus/"
|
||||
target="_blank">Learn more ↗</a>
|
||||
</div>
|
||||
<div class="tab-content mb-8">
|
||||
<!-- monthly tab content -->
|
||||
<div class="tab-pane"
|
||||
@ -218,12 +218,12 @@
|
||||
<div class="card card-md flex-grow-1">
|
||||
<div class="card-body">
|
||||
<div class="text-center">
|
||||
<div class="h3">Proton plan</div>
|
||||
<div class="h3">Proton Unlimited</div>
|
||||
<div class="h3 my-3">Starts at $12.99 / month</div>
|
||||
<div class="text-center mt-4 mb-6">
|
||||
<a class="btn btn-lg btn-outline-primary w-100"
|
||||
role="button"
|
||||
href="https://account.proton.me/u/0/mail/upgrade"
|
||||
href="https://account.proton.me/u/0/pass/upgrade"
|
||||
target="_blank">Upgrade your Proton account</a>
|
||||
</div>
|
||||
</div>
|
||||
@ -306,7 +306,7 @@
|
||||
<div class="card-body">
|
||||
<div class="text-center">
|
||||
<div class="h3">SimpleLogin Premium</div>
|
||||
<div class="h3 my-3">$30 / year</div>
|
||||
<div class="h3 my-3">$36 / year</div>
|
||||
<div class="text-center mt-4 mb-6">
|
||||
<button class="btn btn-primary btn-lg w-100"
|
||||
onclick="upgradePaddle({{ PADDLE_YEARLY_PRODUCT_ID }})">Upgrade to Premium</button>
|
||||
@ -357,12 +357,12 @@
|
||||
<div class="card card-md flex-grow-1">
|
||||
<div class="card-body">
|
||||
<div class="text-center">
|
||||
<div class="h3">Proton plan</div>
|
||||
<div class="h3">Proton Unlimited</div>
|
||||
<div class="h3 my-3">Starts at $119.88 / year</div>
|
||||
<div class="text-center mt-4 mb-6">
|
||||
<a class="btn btn-lg btn-outline-primary w-100"
|
||||
role="button"
|
||||
href="https://account.proton.me/u/0/mail/upgrade"
|
||||
href="https://account.proton.me/u/0/pass/upgrade"
|
||||
target="_blank">Upgrade your Proton account</a>
|
||||
</div>
|
||||
</div>
|
||||
@ -471,7 +471,7 @@
|
||||
rel="noopener noreferrer">
|
||||
Upgrade to Premium - cryptocurrency
|
||||
<br />
|
||||
$30 / year
|
||||
$36 / year
|
||||
<i class="fe fe-external-link"></i>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -79,7 +79,14 @@
|
||||
</a>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if partner_sub %}<div>Premium subscription managed by {{ partner_name }}.</div>{% endif %}
|
||||
{% if partner_sub %}
|
||||
{% if partner_sub.lifetime %}
|
||||
|
||||
<div>Premium lifetime subscription managed by {{ partner_name }}.</div>
|
||||
{% else %}
|
||||
<div>Premium subscription managed by {{ partner_name }}.</div>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% elif current_user.in_trial() %}
|
||||
Your Premium trial expires {{ current_user.trial_end | dt }}.
|
||||
{% else %}
|
||||
|
||||
@ -511,6 +511,19 @@ def test_create_contact_route_invalid_alias(flask_client):
|
||||
assert r.status_code == 403
|
||||
|
||||
|
||||
def test_create_contact_route_non_existing_alias(flask_client):
|
||||
user, api_key = get_new_user_and_api_key()
|
||||
Session.commit()
|
||||
|
||||
r = flask_client.post(
|
||||
url_for("api.create_contact_route", alias_id=99999999),
|
||||
headers={"Authentication": api_key.code},
|
||||
json={"contact": "First Last <first@example.com>"},
|
||||
)
|
||||
|
||||
assert r.status_code == 403
|
||||
|
||||
|
||||
def test_create_contact_route_free_users(flask_client):
|
||||
user, api_key = get_new_user_and_api_key()
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ from app.models import Mailbox
|
||||
from tests.utils import login
|
||||
|
||||
|
||||
def test_create_mailbox(flask_client):
|
||||
def test_create_mailbox_valid(flask_client):
|
||||
login(flask_client)
|
||||
|
||||
r = flask_client.post(
|
||||
@ -21,10 +21,34 @@ def test_create_mailbox(flask_client):
|
||||
assert r.json["default"] is False
|
||||
assert r.json["nb_alias"] == 0
|
||||
|
||||
# invalid email address
|
||||
|
||||
def test_create_mailbox_invalid_email(flask_client):
|
||||
login(flask_client)
|
||||
r = flask_client.post(
|
||||
"/api/mailboxes",
|
||||
json={"email": "gmail.com"},
|
||||
json={"email": "gmail.com"}, # not an email address
|
||||
)
|
||||
|
||||
assert r.status_code == 400
|
||||
assert r.json == {"error": "Invalid email"}
|
||||
|
||||
|
||||
def test_create_mailbox_empty_payload(flask_client):
|
||||
login(flask_client)
|
||||
r = flask_client.post(
|
||||
"/api/mailboxes",
|
||||
json={},
|
||||
)
|
||||
|
||||
assert r.status_code == 400
|
||||
assert r.json == {"error": "Invalid email"}
|
||||
|
||||
|
||||
def test_create_mailbox_empty_email(flask_client):
|
||||
login(flask_client)
|
||||
r = flask_client.post(
|
||||
"/api/mailboxes",
|
||||
json={"email": ""},
|
||||
)
|
||||
|
||||
assert r.status_code == 400
|
||||
|
||||
@ -36,6 +36,24 @@ def test_delete_mailbox_transfer_mailbox_primary(flask_client):
|
||||
assert str(mails_sent[0].msg).find("alias have been transferred") > -1
|
||||
|
||||
|
||||
@mail_sender.store_emails_test_decorator
|
||||
def test_delete_mailbox_no_email(flask_client):
|
||||
user = create_new_user()
|
||||
m1 = Mailbox.create(
|
||||
user_id=user.id, email=random_email(), verified=True, flush=True
|
||||
)
|
||||
job = Job.create(
|
||||
name=JOB_DELETE_MAILBOX,
|
||||
payload={"mailbox_id": m1.id, "transfer_mailbox_id": None, "send_mail": False},
|
||||
run_at=arrow.now(),
|
||||
commit=True,
|
||||
)
|
||||
Session.commit()
|
||||
delete_mailbox_job(job)
|
||||
mails_sent = mail_sender.get_stored_emails()
|
||||
assert len(mails_sent) == 0
|
||||
|
||||
|
||||
@mail_sender.store_emails_test_decorator
|
||||
def test_delete_mailbox_transfer_mailbox_in_list(flask_client):
|
||||
user = create_new_user()
|
||||
|
||||
40
app/tests/jobs/test_send_event_to_webhook.py
Normal file
40
app/tests/jobs/test_send_event_to_webhook.py
Normal file
@ -0,0 +1,40 @@
|
||||
import arrow
|
||||
|
||||
from app import config
|
||||
from app.events.generated.event_pb2 import EventContent, AliasDeleted
|
||||
from app.jobs.send_event_job import SendEventToWebhookJob
|
||||
from app.models import PartnerUser
|
||||
from app.proton.utils import get_proton_partner
|
||||
from events.event_sink import ConsoleEventSink
|
||||
from tests.utils import create_new_user, random_token
|
||||
|
||||
|
||||
def test_serialize_and_deserialize_job():
|
||||
user = create_new_user()
|
||||
alias_id = 34
|
||||
alias_email = "a@b.c"
|
||||
event = EventContent(alias_deleted=AliasDeleted(id=alias_id, email=alias_email))
|
||||
run_at = arrow.now().shift(hours=10)
|
||||
db_job = SendEventToWebhookJob(user, event).store_job_in_db(run_at=run_at)
|
||||
assert db_job.run_at == run_at
|
||||
assert db_job.name == config.JOB_SEND_EVENT_TO_WEBHOOK
|
||||
job = SendEventToWebhookJob.create_from_job(db_job)
|
||||
assert job._user.id == user.id
|
||||
assert job._event.alias_deleted.id == alias_id
|
||||
assert job._event.alias_deleted.email == alias_email
|
||||
|
||||
|
||||
def test_send_event_to_webhook():
|
||||
user = create_new_user()
|
||||
PartnerUser.create(
|
||||
user_id=user.id,
|
||||
partner_id=get_proton_partner().id,
|
||||
external_user_id=random_token(10),
|
||||
flush=True,
|
||||
)
|
||||
alias_id = 34
|
||||
alias_email = "a@b.c"
|
||||
event = EventContent(alias_deleted=AliasDeleted(id=alias_id, email=alias_email))
|
||||
job = SendEventToWebhookJob(user, event)
|
||||
sink = ConsoleEventSink()
|
||||
assert job.run(sink)
|
||||
@ -1,5 +1,5 @@
|
||||
from app.db import Session
|
||||
from app.models import Alias, Mailbox, AliasMailbox, User
|
||||
from app.models import Alias, Mailbox, AliasMailbox, User, CustomDomain
|
||||
from tests.utils import create_new_user, random_email
|
||||
|
||||
|
||||
@ -29,3 +29,23 @@ def test_alias_create_from_partner_flags_also_the_user():
|
||||
flush=True,
|
||||
)
|
||||
assert alias.user.flags & User.FLAG_CREATED_ALIAS_FROM_PARTNER > 0
|
||||
|
||||
|
||||
def test_alias_create_from_partner_domain_flags_the_alias():
|
||||
user = create_new_user()
|
||||
domain = CustomDomain.create(
|
||||
domain=random_email(),
|
||||
verified=True,
|
||||
user_id=user.id,
|
||||
partner_id=1,
|
||||
)
|
||||
Session.flush()
|
||||
email = random_email()
|
||||
alias = Alias.create(
|
||||
user_id=user.id,
|
||||
email=email,
|
||||
mailbox_id=user.default_mailbox_id,
|
||||
custom_domain_id=domain.id,
|
||||
flush=True,
|
||||
)
|
||||
assert alias.flags & Alias.FLAG_PARTNER_CREATED > 0
|
||||
|
||||
100
app/tests/proton/test_account_linking.py
Normal file
100
app/tests/proton/test_account_linking.py
Normal file
@ -0,0 +1,100 @@
|
||||
import arrow
|
||||
|
||||
from app.account_linking import (
|
||||
SLPlan,
|
||||
SLPlanType,
|
||||
set_plan_for_partner_user,
|
||||
)
|
||||
from app.db import Session
|
||||
from app.models import User, PartnerUser, PartnerSubscription
|
||||
from app.proton.utils import get_proton_partner
|
||||
from app.utils import random_string
|
||||
from tests.utils import random_email
|
||||
|
||||
partner_user_id: int = 0
|
||||
|
||||
|
||||
def setup_module():
|
||||
global partner_user_id
|
||||
email = random_email()
|
||||
external_id = random_string()
|
||||
sl_user = User.create(email, commit=True)
|
||||
partner_user_id = PartnerUser.create(
|
||||
user_id=sl_user.id,
|
||||
partner_id=get_proton_partner().id,
|
||||
external_user_id=external_id,
|
||||
partner_email=email,
|
||||
commit=True,
|
||||
).id
|
||||
|
||||
|
||||
def setup_function(func):
|
||||
Session.query(PartnerSubscription).delete()
|
||||
|
||||
|
||||
def test_free_plan_removes_sub():
|
||||
pu = PartnerUser.get(partner_user_id)
|
||||
sub_id = PartnerSubscription.create(
|
||||
partner_user_id=partner_user_id,
|
||||
end_at=arrow.utcnow(),
|
||||
lifetime=False,
|
||||
commit=True,
|
||||
).id
|
||||
set_plan_for_partner_user(pu, plan=SLPlan(type=SLPlanType.Free, expiration=None))
|
||||
assert PartnerSubscription.get(sub_id) is None
|
||||
|
||||
|
||||
def test_premium_plan_updates_expiration():
|
||||
pu = PartnerUser.get(partner_user_id)
|
||||
sub_id = PartnerSubscription.create(
|
||||
partner_user_id=partner_user_id,
|
||||
end_at=arrow.utcnow(),
|
||||
lifetime=False,
|
||||
commit=True,
|
||||
).id
|
||||
new_expiration = arrow.utcnow().shift(days=+10)
|
||||
set_plan_for_partner_user(
|
||||
pu, plan=SLPlan(type=SLPlanType.Premium, expiration=new_expiration)
|
||||
)
|
||||
assert PartnerSubscription.get(sub_id).end_at == new_expiration
|
||||
|
||||
|
||||
def test_premium_plan_creates_sub():
|
||||
pu = PartnerUser.get(partner_user_id)
|
||||
new_expiration = arrow.utcnow().shift(days=+10)
|
||||
set_plan_for_partner_user(
|
||||
pu, plan=SLPlan(type=SLPlanType.Premium, expiration=new_expiration)
|
||||
)
|
||||
assert (
|
||||
PartnerSubscription.get_by(partner_user_id=partner_user_id).end_at
|
||||
== new_expiration
|
||||
)
|
||||
|
||||
|
||||
def test_lifetime_creates_sub():
|
||||
pu = PartnerUser.get(partner_user_id)
|
||||
new_expiration = arrow.utcnow().shift(days=+10)
|
||||
set_plan_for_partner_user(
|
||||
pu, plan=SLPlan(type=SLPlanType.PremiumLifetime, expiration=new_expiration)
|
||||
)
|
||||
sub = PartnerSubscription.get_by(partner_user_id=partner_user_id)
|
||||
assert sub is not None
|
||||
assert sub.end_at is None
|
||||
assert sub.lifetime
|
||||
|
||||
|
||||
def test_lifetime_updates_sub():
|
||||
pu = PartnerUser.get(partner_user_id)
|
||||
sub_id = PartnerSubscription.create(
|
||||
partner_user_id=partner_user_id,
|
||||
end_at=arrow.utcnow(),
|
||||
lifetime=False,
|
||||
commit=True,
|
||||
).id
|
||||
set_plan_for_partner_user(
|
||||
pu, plan=SLPlan(type=SLPlanType.PremiumLifetime, expiration=arrow.utcnow())
|
||||
)
|
||||
sub = PartnerSubscription.get(sub_id)
|
||||
assert sub is not None
|
||||
assert sub.end_at is None
|
||||
assert sub.lifetime
|
||||
@ -25,15 +25,17 @@ class MockProtonClient(ProtonClient):
|
||||
return self.user
|
||||
|
||||
|
||||
def check_initial_sync_job(user: User):
|
||||
def check_initial_sync_job(user: User, expected: bool):
|
||||
found = False
|
||||
for job in Job.yield_per_query(10).filter_by(
|
||||
name=config.JOB_SEND_ALIAS_CREATION_EVENTS,
|
||||
state=JobState.ready.value,
|
||||
):
|
||||
if job.payload.get("user_id") == user.id:
|
||||
found = True
|
||||
Job.delete(job.id)
|
||||
return
|
||||
assert False
|
||||
break
|
||||
assert expected == found
|
||||
|
||||
|
||||
def test_proton_callback_handler_unexistant_sl_user():
|
||||
@ -69,10 +71,9 @@ def test_proton_callback_handler_unexistant_sl_user():
|
||||
)
|
||||
assert partner_user is not None
|
||||
assert partner_user.external_user_id == external_id
|
||||
check_initial_sync_job(res.user)
|
||||
|
||||
|
||||
def test_proton_callback_handler_existant_sl_user():
|
||||
def test_proton_callback_handler_existing_sl_user():
|
||||
email = random_email()
|
||||
sl_user = User.create(email, commit=True)
|
||||
|
||||
@ -98,7 +99,43 @@ def test_proton_callback_handler_existant_sl_user():
|
||||
sa = PartnerUser.get_by(user_id=sl_user.id, partner_id=get_proton_partner().id)
|
||||
assert sa is not None
|
||||
assert sa.partner_email == user.email
|
||||
check_initial_sync_job(res.user)
|
||||
check_initial_sync_job(res.user, True)
|
||||
|
||||
|
||||
def test_proton_callback_handler_linked_sl_user():
|
||||
email = random_email()
|
||||
external_id = random_string()
|
||||
sl_user = User.create(email, commit=True)
|
||||
PartnerUser.create(
|
||||
user_id=sl_user.id,
|
||||
partner_id=get_proton_partner().id,
|
||||
external_user_id=external_id,
|
||||
partner_email=email,
|
||||
commit=True,
|
||||
)
|
||||
|
||||
user = UserInformation(
|
||||
email=email,
|
||||
name=random_string(),
|
||||
id=external_id,
|
||||
plan=SLPlan(type=SLPlanType.Premium, expiration=Arrow.utcnow().shift(hours=2)),
|
||||
)
|
||||
handler = ProtonCallbackHandler(MockProtonClient(user=user))
|
||||
res = handler.handle_login(get_proton_partner())
|
||||
|
||||
assert res.user is not None
|
||||
assert res.user.id == sl_user.id
|
||||
# Ensure the user is not marked as created from partner
|
||||
assert User.FLAG_CREATED_FROM_PARTNER != (
|
||||
res.user.flags & User.FLAG_CREATED_FROM_PARTNER
|
||||
)
|
||||
assert res.user.notification is True
|
||||
assert res.user.trial_end is not None
|
||||
|
||||
sa = PartnerUser.get_by(user_id=sl_user.id, partner_id=get_proton_partner().id)
|
||||
assert sa is not None
|
||||
assert sa.partner_email == user.email
|
||||
check_initial_sync_job(res.user, False)
|
||||
|
||||
|
||||
def test_proton_callback_handler_none_user_login():
|
||||
|
||||
@ -94,10 +94,12 @@ def test_login_case_from_partner():
|
||||
)
|
||||
assert res.user.activated is True
|
||||
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(user_id=res.user.id).all()
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=res.user.id,
|
||||
action=UserAuditLogAction.LinkAccount.value,
|
||||
).all()
|
||||
assert len(audit_logs) == 1
|
||||
assert audit_logs[0].user_id == res.user.id
|
||||
assert audit_logs[0].action == UserAuditLogAction.LinkAccount.value
|
||||
|
||||
|
||||
def test_login_case_from_partner_with_uppercase_email():
|
||||
@ -133,12 +135,30 @@ def test_login_case_from_web():
|
||||
assert 0 == (res.user.flags & User.FLAG_CREATED_FROM_PARTNER)
|
||||
assert res.user.activated is True
|
||||
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(user_id=res.user.id).all()
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=res.user.id,
|
||||
action=UserAuditLogAction.LinkAccount.value,
|
||||
).all()
|
||||
assert len(audit_logs) == 1
|
||||
assert audit_logs[0].user_id == res.user.id
|
||||
assert audit_logs[0].action == UserAuditLogAction.LinkAccount.value
|
||||
|
||||
|
||||
def test_new_user_strategy_create_missing_link():
|
||||
email = random_email()
|
||||
user = User.create(email, commit=True)
|
||||
nus = NewUserStrategy(
|
||||
link_request=random_link_request(
|
||||
email=user.email, external_user_id=random_string(), from_partner=False
|
||||
),
|
||||
user=None,
|
||||
partner=get_proton_partner(),
|
||||
)
|
||||
result = nus.create_missing_link(user.email)
|
||||
assert result.user.id == user.id
|
||||
assert result.strategy == ExistingUnlinkedUserStrategy.__name__
|
||||
|
||||
|
||||
def test_get_strategy_existing_sl_user():
|
||||
email = random_email()
|
||||
user = User.create(email, commit=True)
|
||||
@ -218,7 +238,10 @@ def test_link_account_with_proton_account_same_address(flask_client):
|
||||
)
|
||||
assert partner_user.partner_id == get_proton_partner().id
|
||||
assert partner_user.external_user_id == partner_user_id
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(user_id=res.user.id).all()
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=res.user.id,
|
||||
action=UserAuditLogAction.LinkAccount.value,
|
||||
).all()
|
||||
assert len(audit_logs) == 1
|
||||
assert audit_logs[0].user_id == res.user.id
|
||||
assert audit_logs[0].action == UserAuditLogAction.LinkAccount.value
|
||||
@ -246,7 +269,10 @@ def test_link_account_with_proton_account_different_address(flask_client):
|
||||
assert partner_user.partner_id == get_proton_partner().id
|
||||
assert partner_user.external_user_id == partner_user_id
|
||||
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(user_id=res.user.id).all()
|
||||
audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=res.user.id,
|
||||
action=UserAuditLogAction.LinkAccount.value,
|
||||
).all()
|
||||
assert len(audit_logs) == 1
|
||||
assert audit_logs[0].user_id == res.user.id
|
||||
assert audit_logs[0].action == UserAuditLogAction.LinkAccount.value
|
||||
@ -304,19 +330,19 @@ def test_link_account_with_proton_account_same_address_but_linked_to_other_user(
|
||||
|
||||
# Ensure audit logs for sl_user_1 show the link action
|
||||
sl_user_1_audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=sl_user_1.id
|
||||
user_id=sl_user_1.id,
|
||||
action=UserAuditLogAction.LinkAccount.value,
|
||||
).all()
|
||||
assert len(sl_user_1_audit_logs) == 1
|
||||
assert sl_user_1_audit_logs[0].user_id == sl_user_1.id
|
||||
assert sl_user_1_audit_logs[0].action == UserAuditLogAction.LinkAccount.value
|
||||
|
||||
# Ensure audit logs for sl_user_2 show the unlink action
|
||||
sl_user_2_audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=sl_user_2.id
|
||||
user_id=sl_user_2.id,
|
||||
action=UserAuditLogAction.UnlinkAccount.value,
|
||||
).all()
|
||||
assert len(sl_user_2_audit_logs) == 1
|
||||
assert sl_user_2_audit_logs[0].user_id == sl_user_2.id
|
||||
assert sl_user_2_audit_logs[0].action == UserAuditLogAction.UnlinkAccount.value
|
||||
|
||||
|
||||
def test_link_account_with_proton_account_different_address_and_linked_to_other_user(
|
||||
@ -356,19 +382,19 @@ def test_link_account_with_proton_account_different_address_and_linked_to_other_
|
||||
|
||||
# Ensure audit logs for sl_user_1 show the link action
|
||||
sl_user_1_audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=sl_user_1.id
|
||||
user_id=sl_user_1.id,
|
||||
action=UserAuditLogAction.LinkAccount.value,
|
||||
).all()
|
||||
assert len(sl_user_1_audit_logs) == 1
|
||||
assert sl_user_1_audit_logs[0].user_id == sl_user_1.id
|
||||
assert sl_user_1_audit_logs[0].action == UserAuditLogAction.LinkAccount.value
|
||||
|
||||
# Ensure audit logs for sl_user_2 show the unlink action
|
||||
sl_user_2_audit_logs: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=sl_user_2.id
|
||||
user_id=sl_user_2.id,
|
||||
action=UserAuditLogAction.UnlinkAccount.value,
|
||||
).all()
|
||||
assert len(sl_user_2_audit_logs) == 1
|
||||
assert sl_user_2_audit_logs[0].user_id == sl_user_2.id
|
||||
assert sl_user_2_audit_logs[0].action == UserAuditLogAction.UnlinkAccount.value
|
||||
|
||||
|
||||
def test_cannot_create_instance_of_base_strategy():
|
||||
|
||||
@ -14,7 +14,6 @@ from app.email_utils import generate_verp_email
|
||||
from app.mail_sender import mail_sender
|
||||
from app.models import (
|
||||
Alias,
|
||||
AuthorizedAddress,
|
||||
IgnoredEmail,
|
||||
EmailLog,
|
||||
Notification,
|
||||
@ -24,35 +23,12 @@ from app.models import (
|
||||
)
|
||||
from app.utils import random_string, canonicalize_email
|
||||
from email_handler import (
|
||||
get_mailbox_from_mail_from,
|
||||
should_ignore,
|
||||
is_automatic_out_of_office,
|
||||
)
|
||||
from tests.utils import load_eml_file, create_new_user, random_email
|
||||
|
||||
|
||||
def test_get_mailbox_from_mail_from(flask_client):
|
||||
user = create_new_user()
|
||||
alias = Alias.create_new_random(user)
|
||||
Session.commit()
|
||||
|
||||
mb = get_mailbox_from_mail_from(user.email, alias)
|
||||
assert mb.email == user.email
|
||||
|
||||
mb = get_mailbox_from_mail_from("unauthorized@gmail.com", alias)
|
||||
assert mb is None
|
||||
|
||||
# authorized address
|
||||
AuthorizedAddress.create(
|
||||
user_id=user.id,
|
||||
mailbox_id=user.default_mailbox_id,
|
||||
email="unauthorized@gmail.com",
|
||||
commit=True,
|
||||
)
|
||||
mb = get_mailbox_from_mail_from("unauthorized@gmail.com", alias)
|
||||
assert mb.email == user.email
|
||||
|
||||
|
||||
def test_should_ignore(flask_client):
|
||||
assert should_ignore("mail_from", []) is False
|
||||
|
||||
|
||||
@ -791,12 +791,21 @@ def test_parse_id_from_bounce():
|
||||
assert parse_id_from_bounce("anything+1234+@local") == 1234
|
||||
|
||||
|
||||
def test_get_queue_id():
|
||||
def test_get_queue_id_esmtps():
|
||||
for id_type in ["SMTP", "ESMTP", "ESMTPA", "ESMTPS"]:
|
||||
msg = email.message_from_string(
|
||||
f"Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434])\r\n\t(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\r\n\t(No client certificate requested)\r\n\tby mx1.simplelogin.co (Postfix) with {id_type} id 4FxQmw1DXdz2vK2\r\n\tfor <jglfdjgld@alias.com>; Fri, 4 Jun 2021 14:55:43 +0000 (UTC)"
|
||||
)
|
||||
|
||||
assert get_queue_id(msg) == "4FxQmw1DXdz2vK2", f"Failed for {id_type}"
|
||||
|
||||
|
||||
def test_get_queue_id_postfix():
|
||||
msg = email.message_from_string(
|
||||
"Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434])\r\n\t(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\r\n\t(No client certificate requested)\r\n\tby mx1.simplelogin.co (Postfix) with ESMTPS id 4FxQmw1DXdz2vK2\r\n\tfor <jglfdjgld@alias.com>; Fri, 4 Jun 2021 14:55:43 +0000 (UTC)"
|
||||
"Received: by mailin001.somewhere.net (Postfix)\r\n\tid 4Xz5pb2nMszGrqpL; Wed, 27 Nov 2024 17:21:59 +0000 (UTC)'] by mailin001.somewhere.net (Postfix)"
|
||||
)
|
||||
|
||||
assert get_queue_id(msg) == "4FxQmw1DXdz2vK2"
|
||||
assert get_queue_id(msg) == "4Xz5pb2nMszGrqpL"
|
||||
|
||||
|
||||
def test_get_queue_id_from_double_header():
|
||||
|
||||
@ -6,9 +6,18 @@ import pytest
|
||||
from app import mailbox_utils, config
|
||||
from app.db import Session
|
||||
from app.mail_sender import mail_sender
|
||||
from app.mailbox_utils import MailboxEmailChangeError
|
||||
from app.models import Mailbox, MailboxActivation, User, Job, UserAuditLog
|
||||
from app.mailbox_utils import MailboxEmailChangeError, get_mailbox_for_reply_phase
|
||||
from app.models import (
|
||||
Mailbox,
|
||||
MailboxActivation,
|
||||
User,
|
||||
Job,
|
||||
UserAuditLog,
|
||||
Alias,
|
||||
AuthorizedAddress,
|
||||
)
|
||||
from app.user_audit_log_utils import UserAuditLogAction
|
||||
from app.utils import random_string, canonicalize_email
|
||||
from tests.utils import create_new_user, random_email
|
||||
|
||||
|
||||
@ -50,6 +59,14 @@ def test_already_used():
|
||||
mailbox_utils.create_mailbox(user, user.email)
|
||||
|
||||
|
||||
def test_already_used_with_different_case():
|
||||
user.lifetime = True
|
||||
email = random_email()
|
||||
mailbox_utils.create_mailbox(user, email)
|
||||
with pytest.raises(mailbox_utils.MailboxError):
|
||||
mailbox_utils.create_mailbox(user, email.upper())
|
||||
|
||||
|
||||
@mail_sender.store_emails_test_decorator
|
||||
def test_create_mailbox():
|
||||
email = random_email()
|
||||
@ -286,6 +303,15 @@ def test_verify_other_users_mailbox():
|
||||
mailbox_utils.verify_mailbox_code(user, mailbox.id, "9999999")
|
||||
|
||||
|
||||
def test_verify_other_users_already_verified_mailbox():
|
||||
other = create_new_user()
|
||||
mailbox = Mailbox.create(
|
||||
user_id=other.id, email=random_email(), verified=True, commit=True
|
||||
)
|
||||
with pytest.raises(mailbox_utils.MailboxError):
|
||||
mailbox_utils.verify_mailbox_code(user, mailbox.id, "9999999")
|
||||
|
||||
|
||||
@mail_sender.store_emails_test_decorator
|
||||
def test_verify_fail():
|
||||
output = mailbox_utils.create_mailbox(user, random_email())
|
||||
@ -305,10 +331,13 @@ def test_verify_too_may():
|
||||
output = mailbox_utils.create_mailbox(user, random_email())
|
||||
output.activation.tries = mailbox_utils.MAX_ACTIVATION_TRIES
|
||||
Session.commit()
|
||||
with pytest.raises(mailbox_utils.CannotVerifyError):
|
||||
try:
|
||||
mailbox_utils.verify_mailbox_code(
|
||||
user, output.mailbox.id, output.activation.code
|
||||
)
|
||||
assert False
|
||||
except mailbox_utils.CannotVerifyError as e:
|
||||
assert e.deleted_activation_code
|
||||
|
||||
|
||||
@mail_sender.store_emails_test_decorator
|
||||
@ -351,7 +380,9 @@ def test_perform_mailbox_email_change_valid_id_not_new_email():
|
||||
res = mailbox_utils.perform_mailbox_email_change(mb.id)
|
||||
assert res.error == MailboxEmailChangeError.InvalidId
|
||||
assert res.message_category == "error"
|
||||
audit_log_entries = UserAuditLog.filter_by(user_id=user.id).count()
|
||||
audit_log_entries = UserAuditLog.filter_by(
|
||||
user_id=user.id, action=UserAuditLogAction.UpdateMailbox.value
|
||||
).count()
|
||||
assert audit_log_entries == 0
|
||||
|
||||
|
||||
@ -374,7 +405,9 @@ def test_perform_mailbox_email_change_valid_id_email_already_used():
|
||||
res = mailbox_utils.perform_mailbox_email_change(mb_to_change.id)
|
||||
assert res.error == MailboxEmailChangeError.EmailAlreadyUsed
|
||||
assert res.message_category == "error"
|
||||
audit_log_entries = UserAuditLog.filter_by(user_id=user.id).count()
|
||||
audit_log_entries = UserAuditLog.filter_by(
|
||||
user_id=user.id, action=UserAuditLogAction.UpdateMailbox.value
|
||||
).count()
|
||||
assert audit_log_entries == 0
|
||||
|
||||
|
||||
@ -398,6 +431,79 @@ def test_perform_mailbox_email_change_success():
|
||||
assert db_mailbox.email == new_email
|
||||
assert db_mailbox.new_email is None
|
||||
|
||||
audit_log_entries = UserAuditLog.filter_by(user_id=user.id).all()
|
||||
assert len(audit_log_entries) == 1
|
||||
assert audit_log_entries[0].action == UserAuditLogAction.UpdateMailbox.value
|
||||
audit_log_entries = UserAuditLog.filter_by(
|
||||
user_id=user.id, action=UserAuditLogAction.UpdateMailbox.value
|
||||
).count()
|
||||
assert audit_log_entries == 1
|
||||
|
||||
|
||||
def test_get_mailbox_from_mail_from(flask_client):
|
||||
user = create_new_user()
|
||||
alias = Alias.create_new_random(user)
|
||||
Session.commit()
|
||||
|
||||
mb = get_mailbox_for_reply_phase(user.email, "", alias)
|
||||
assert mb.email == user.email
|
||||
|
||||
mb = get_mailbox_for_reply_phase("unauthorized@gmail.com", "", alias)
|
||||
assert mb is None
|
||||
|
||||
# authorized address
|
||||
AuthorizedAddress.create(
|
||||
user_id=user.id,
|
||||
mailbox_id=user.default_mailbox_id,
|
||||
email="unauthorized@gmail.com",
|
||||
commit=True,
|
||||
)
|
||||
mb = get_mailbox_for_reply_phase("unauthorized@gmail.com", "", alias)
|
||||
assert mb.email == user.email
|
||||
|
||||
|
||||
def test_get_mailbox_from_mail_from_for_canonical_email(flask_client):
|
||||
prefix = random_string(10)
|
||||
email = f"{prefix}+subaddresxs@gmail.com"
|
||||
canonical_email = canonicalize_email(email)
|
||||
assert canonical_email != email
|
||||
|
||||
user = create_new_user()
|
||||
mbox = Mailbox.create(
|
||||
email=canonical_email, user_id=user.id, verified=True, flush=True
|
||||
)
|
||||
alias = Alias.create(user_id=user.id, email=random_email(), mailbox_id=mbox.id)
|
||||
Session.flush()
|
||||
|
||||
mb = get_mailbox_for_reply_phase(email, "", alias)
|
||||
assert mb.email == canonical_email
|
||||
|
||||
mb = get_mailbox_for_reply_phase(canonical_email, "", alias)
|
||||
assert mb.email == canonical_email
|
||||
|
||||
|
||||
def test_get_mailbox_from_mail_from_coming_from_header_if_domain_is_aligned(
|
||||
flask_client,
|
||||
):
|
||||
domain = f"{random_string(10)}.com"
|
||||
envelope_from = f"envelope_verp@{domain}"
|
||||
mail_from = f"mail_from@{domain}"
|
||||
user = create_new_user()
|
||||
mbox = Mailbox.create(email=mail_from, user_id=user.id, verified=True, flush=True)
|
||||
alias = Alias.create(user_id=user.id, email=random_email(), mailbox_id=mbox.id)
|
||||
Session.flush()
|
||||
|
||||
mb = get_mailbox_for_reply_phase(envelope_from, mail_from, alias)
|
||||
assert mb.email == mail_from
|
||||
|
||||
|
||||
def test_get_mailbox_from_mail_from_coming_from_header_if_domain_is_not_aligned(
|
||||
flask_client,
|
||||
):
|
||||
domain = f"{random_string(10)}.com"
|
||||
envelope_from = f"envelope_verp@{domain}"
|
||||
mail_from = f"mail_from@other_{domain}"
|
||||
user = create_new_user()
|
||||
mbox = Mailbox.create(email=mail_from, user_id=user.id, verified=True, flush=True)
|
||||
alias = Alias.create(user_id=user.id, email=random_email(), mailbox_id=mbox.id)
|
||||
Session.flush()
|
||||
|
||||
mb = get_mailbox_for_reply_phase(envelope_from, mail_from, alias)
|
||||
assert mb is None
|
||||
|
||||
@ -27,7 +27,9 @@ def test_emit_alias_audit_log_for_random_data():
|
||||
commit=True,
|
||||
)
|
||||
|
||||
logs_for_user: List[UserAuditLog] = UserAuditLog.filter_by(user_id=user.id).all()
|
||||
logs_for_user: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=user.id, action=action.value
|
||||
).all()
|
||||
assert len(logs_for_user) == 1
|
||||
assert logs_for_user[0].user_id == user.id
|
||||
assert logs_for_user[0].user_email == user.email
|
||||
@ -41,7 +43,10 @@ def test_emit_audit_log_on_mailbox_creation():
|
||||
user=user, email=random_email(), verified=True
|
||||
)
|
||||
|
||||
logs_for_user: List[UserAuditLog] = UserAuditLog.filter_by(user_id=user.id).all()
|
||||
logs_for_user: List[UserAuditLog] = UserAuditLog.filter_by(
|
||||
user_id=user.id,
|
||||
action=UserAuditLogAction.CreateMailbox.value,
|
||||
).all()
|
||||
assert len(logs_for_user) == 1
|
||||
assert logs_for_user[0].user_id == user.id
|
||||
assert logs_for_user[0].user_email == user.email
|
||||
|
||||
Reference in New Issue
Block a user