4.64.0

app/.github/workflows/main.yml

@@ -1,6 +1,12 @@
-name: Test and lint
+name: SimpleLogin actions
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*
+  pull_request:
 
 jobs:
   lint:
@@ -9,35 +15,34 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v3
 
-      - name: Install poetry
-        run: pipx install poetry
-
-      - uses: actions/setup-python@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
         with:
-          python-version: '3.10'
-          cache: 'poetry'
+          # Install a specific version of uv.
+          version: "0.5.21"
+          enable-cache: true
 
       - name: Install OS dependencies
-        if: ${{ matrix.python-version }} == '3.10'
         run: |
           sudo apt update
           sudo apt install -y libre2-dev libpq-dev
 
+      - name: "Set up Python"
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: "pyproject.toml"
+
       - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction
+        if: steps.setup-uv.outputs.cache-hit != 'true'
+        run: uv sync --locked --all-extras
 
       - name: Check formatting & linting
         run: |
-          poetry run pre-commit run --all-files
+          uv run pre-commit run --all-files
 
 
   test:
     runs-on: ubuntu-latest
-    strategy:
-      max-parallel: 4
-      matrix:
-        python-version: ["3.10"]
 
     # service containers to run with `postgres-job`
     services:
@@ -69,23 +74,26 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v3
 
-      - name: Install poetry
-        run: pipx install poetry
-
-      - uses: actions/setup-python@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
         with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
+          # Install a specific version of uv.
+          version: "0.5.21"
+          enable-cache: true
 
       - name: Install OS dependencies
-        if: ${{ matrix.python-version }} == '3.10'
         run: |
           sudo apt update
           sudo apt install -y libre2-dev libpq-dev
 
+      - name: "Set up Python"
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: "pyproject.toml"
+
       - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction
+        if: steps.setup-uv.outputs.cache-hit != 'true'
+        run: uv sync --locked --all-extras
 
 
       - name: Start Redis v6
@@ -95,7 +103,7 @@ jobs:
 
       - name: Run db migration
         run: |
-          CONFIG=tests/test.env poetry run alembic upgrade head
+          CONFIG=tests/test.env uv run alembic upgrade head
 
       - name: Prepare version file
         run: |
@@ -104,7 +112,7 @@ jobs:
 
       - name: Test with pytest
         run: |
-          poetry run pytest
+          uv run pytest
         env:
           GITHUB_ACTIONS_TEST: true
 

app/.python-version

@@ -0,0 +1 @@
+3.10.16

app/CONTRIBUTING.md

@@ -20,7 +20,7 @@ SimpleLogin backend consists of 2 main components:
 ## Install dependencies
 
 The project requires:
-- Python 3.10 and poetry to manage dependencies
+- Python 3.10 and uv to manage dependencies
 - Node v10 for front-end.
 - Postgres 13+
 
@@ -28,7 +28,7 @@ First, install all dependencies by running the following command.
 Feel free to use `virtualenv` or similar tools to isolate development environment.
 
 ```bash
-poetry sync
+uv sync
 ```
 
 On Mac, sometimes you might need to install some other packages via `brew`:
@@ -55,7 +55,7 @@ brew install -s re2 pybind11
 We use pre-commit to run all our linting and static analysis checks. Please run
 
 ```bash
-poetry run pre-commit install
+uv run pre-commit install
 ```
 
 To install it in your development environment.
@@ -160,25 +160,25 @@ Here are the small sum-ups of the directory structures and their roles:
 The code is formatted using [ruff](https://github.com/astral-sh/ruff), to format the code, simply run
 
 ```
-poetry run ruff format .
+uv run ruff format .
 ```
 
 The code is also checked with `flake8`, make sure to run `flake8` before creating the pull request by
 
 ```bash
-poetry run flake8
+uv run flake8
 ```
 
 For HTML templates, we use `djlint`. Before creating a pull request, please run
 
 ```bash
-poetry run djlint --check templates
+uv run djlint --check templates
 ```
 
 If some files aren't properly formatted, you can format all files with
 
 ```bash
-poetry run djlint --reformat .
+uv run djlint --reformat .
 ```
 
 ## Test sending email
@@ -239,15 +239,15 @@ brew install python3.10
 # make sure to update the PATH so python, pip point to Python3
 # for us it can be done by adding "export PATH=/opt/homebrew/opt/python@3.10/libexec/bin:$PATH" to .zprofile
 
-# Although pipx is the recommended way to install poetry,
+# Although pipx is the recommended way to install uv,
 # install pipx via brew will automatically install python 3.12
-# and poetry will then use python 3.12
-# so we recommend using poetry this way instead
-curl -sSL https://install.python-poetry.org | python3 -
+# and uv will then use python 3.12
+# so we recommend using uv this way instead
+curl -sSL https://install.python-uv.org | python3 -
 
-poetry install
+uv install
 
 # activate the virtualenv and you should be good to go!
 source .venv/bin/activate
 
-```
+```

app/Dockerfile

@@ -4,43 +4,47 @@ WORKDIR /code
 COPY ./static/package*.json /code/static/
 RUN cd /code/static && npm ci
 
-# Main image
-FROM python:3.10
+FROM --platform=linux/amd64 ubuntu:22.04
+
+ARG UV_VERSION="0.5.21"
+ARG UV_HASH="e108c300eafae22ad8e6d94519605530f18f8762eb58d2b98a617edfb5d088fc"
 
 # Keeps Python from generating .pyc files in the container
-ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONDONTWRITEBYTECODE=1
 # Turns off buffering for easier container logging
-ENV PYTHONUNBUFFERED 1
+ENV PYTHONUNBUFFERED=1
 
-# Add poetry to PATH
-ENV PATH="${PATH}:/root/.local/bin"
 
 WORKDIR /code
 
-# Copy poetry files
-COPY poetry.lock pyproject.toml ./
+# Copy dependency files
+COPY pyproject.toml uv.lock .python-version ./
 
-# Install and setup poetry
-RUN pip install -U pip \
-    && apt-get update \
-    && apt install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev cmake ninja-build\
-    && curl -sSL https://install.python-poetry.org | python3 - \
-    # Remove curl and netcat from the image
-    && apt-get purge -y curl netcat-traditional \
-    # Run poetry
-    && poetry config virtualenvs.create false \
-    && poetry install  --no-interaction --no-ansi --no-root \
-    # Clear apt cache \
-    && apt-get purge -y libre2-dev cmake ninja-build\
+# Install deps
+RUN apt-get update \
+    && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \
+    && curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \
+    && echo "${UV_HASH}  uv.tar.gz" | sha256sum -c - \
+    && tar xf uv.tar.gz -C /tmp/ \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \
+    && rm -rf /tmp/uv* \
+    && rm -f uv.tar.gz \
+    && uv python install `cat .python-version` \
+    && uv sync --locked \
+    && apt-get autoremove -y \
+    && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang\
+    && apt-get autoremove -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Copy code
+COPY . .
+
 # copy npm packages
 COPY --from=npm /code /code
 
-# copy everything else into /code
-COPY . .
-
+ENV PATH="/code/.venv/bin:$PATH"
 EXPOSE 7777
 
 #gunicorn wsgi:app -b 0.0.0.0:7777 -w 2 --timeout 15 --log-level DEBUG

app/README.md

@@ -84,7 +84,7 @@ For email gurus, we have chosen 1024 key length instead of 2048 for DNS simplici
 
 ### DNS
 
-Please note that DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 minute or so in our test). In DNS setup, we usually use domain with a trailing dot (`.`) at the end to to force using absolute domain.
+Please note that DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 minute or so in our test). In DNS setup, we usually use domain with a trailing dot (`.`) at the end to force using absolute domain.
 
 
 #### MX record

app/app/account_linking.py

@@ -4,8 +4,10 @@ from enum import Enum
 from typing import Optional
 
 import arrow
+import sqlalchemy.exc
 from arrow import Arrow
 from newrelic import agent
+from psycopg2.errors import UniqueViolation
 from sqlalchemy import or_
 
 from app.db import Session
@@ -34,6 +36,7 @@ from app.utils import random_string
 class SLPlanType(Enum):
     Free = 1
     Premium = 2
+    PremiumLifetime = 3
 
 
 @dataclass
@@ -74,6 +77,7 @@ def send_user_plan_changed_event(partner_user: PartnerUser) -> Optional[int]:
 
 def set_plan_for_partner_user(partner_user: PartnerUser, plan: SLPlan):
     sub = PartnerSubscription.get_by(partner_user_id=partner_user.id)
+    is_lifetime = plan.type == SLPlanType.PremiumLifetime
     if plan.type == SLPlanType.Free:
         if sub is not None:
             LOG.i(
@@ -82,25 +86,30 @@ def set_plan_for_partner_user(partner_user: PartnerUser, plan: SLPlan):
             PartnerSubscription.delete(sub.id)
             agent.record_custom_event("PlanChange", {"plan": "free"})
     else:
+        end_time = plan.expiration
+        if plan.type == SLPlanType.PremiumLifetime:
+            end_time = None
         if sub is None:
             LOG.i(
-                f"Creating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}]"
+                f"Creating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}] with {end_time} / {is_lifetime}"
             )
             create_partner_subscription(
                 partner_user=partner_user,
-                expiration=plan.expiration,
+                expiration=end_time,
+                lifetime=is_lifetime,
                 msg="Upgraded via partner. User did not have a previous partner subscription",
             )
             agent.record_custom_event("PlanChange", {"plan": "premium", "type": "new"})
         else:
-            if sub.end_at != plan.expiration:
-                LOG.i(
-                    f"Updating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}]"
-                )
+            if sub.end_at != plan.expiration or sub.lifetime != is_lifetime:
                 agent.record_custom_event(
                     "PlanChange", {"plan": "premium", "type": "extension"}
                 )
-                sub.end_at = plan.expiration
+                sub.end_at = plan.expiration if not is_lifetime else None
+                sub.lifetime = is_lifetime
+                LOG.i(
+                    f"Updating partner_subscription [user_id={partner_user.user_id}] [partner_id={partner_user.partner_id}] to {sub.end_at} / {sub.lifetime} "
+                )
                 emit_user_audit_log(
                     user=partner_user.user,
                     action=UserAuditLogAction.SubscriptionExtended,
@@ -160,15 +169,56 @@ class ClientMergeStrategy(ABC):
 
 class NewUserStrategy(ClientMergeStrategy):
     def process(self) -> LinkResult:
-        # Will create a new SL User with a random password
         canonical_email = canonicalize_email(self.link_request.email)
-        new_user = User.create(
-            email=canonical_email,
-            name=self.link_request.name,
-            password=random_string(20),
-            activated=True,
-            from_partner=self.link_request.from_partner,
+        try:
+            # Will create a new SL User with a random password
+            new_user = User.create(
+                email=canonical_email,
+                name=self.link_request.name,
+                password=random_string(20),
+                activated=True,
+                from_partner=self.link_request.from_partner,
+            )
+            self.create_partner_user(new_user)
+            Session.commit()
+
+            if not new_user.created_by_partner:
+                send_welcome_email(new_user)
+
+            agent.record_custom_event(
+                "PartnerUserCreation", {"partner": self.partner.name}
+            )
+
+            return LinkResult(
+                user=new_user,
+                strategy=self.__class__.__name__,
+            )
+        except (UniqueViolation, sqlalchemy.exc.IntegrityError) as e:
+            LOG.debug(f"Got the duplicate user error: {e}")
+            return self.create_missing_link(canonical_email)
+
+    def create_missing_link(self, canonical_email: str):
+        # If there's a unique key violation due to race conditions try to create only the partner if needed
+        partner_user = PartnerUser.get_by(
+            external_user_id=self.link_request.external_user_id,
+            partner_id=self.partner.id,
         )
+        if partner_user is None:
+            # Get the user by canonical email and if not by normal email
+            user = User.get_by(email=canonical_email) or User.get_by(
+                email=self.link_request.email
+            )
+            if not user:
+                raise RuntimeError(
+                    "Tried to create only partner on UniqueViolation but cannot find the user"
+                )
+            partner_user = self.create_partner_user(user)
+            Session.commit()
+        return LinkResult(
+            user=partner_user.user, strategy=ExistingUnlinkedUserStrategy.__name__
+        )
+
+    def create_partner_user(self, new_user: User):
         partner_user = create_partner_user(
             user=new_user,
             partner_id=self.partner.id,
@@ -182,17 +232,7 @@ class NewUserStrategy(ClientMergeStrategy):
             partner_user,
             self.link_request.plan,
         )
-        Session.commit()
-
-        if not new_user.created_by_partner:
-            send_welcome_email(new_user)
-
-        agent.record_custom_event("PartnerUserCreation", {"partner": self.partner.name})
-
-        return LinkResult(
-            user=new_user,
-            strategy=self.__class__.__name__,
-        )
+        return partner_user
 
 
 class ExistingUnlinkedUserStrategy(ClientMergeStrategy):

app/app/admin_model.py

@@ -8,14 +8,16 @@ from flask_admin.form import SecureForm
 from flask_admin.model.template import EndpointLinkRowAction
 from markupsafe import Markup
 
-from app import models, s3
+from app import models, s3, config
 from flask import redirect, url_for, request, flash, Response
 from flask_admin import expose, AdminIndexView
 from flask_admin.actions import action
 from flask_admin.contrib import sqla
 from flask_login import current_user
 
+from app.custom_domain_validation import CustomDomainValidation, DomainValidationResult
 from app.db import Session
+from app.dns_utils import get_network_dns_client
 from app.events.event_dispatcher import EventDispatcher
 from app.events.generated.event_pb2 import EventContent, UserPlanChanged
 from app.models import (
@@ -39,6 +41,7 @@ from app.models import (
     AliasMailbox,
     AliasAuditLog,
     UserAuditLog,
+    CustomDomain,
 )
 from app.newsletter_utils import send_newsletter_to_user, send_newsletter_to_address
 from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
@@ -773,21 +776,22 @@ class InvalidMailboxDomainAdmin(SLModelView):
 
 
 class EmailSearchResult:
-    no_match: bool = True
-    alias: Optional[Alias] = None
-    alias_audit_log: Optional[List[AliasAuditLog]] = None
-    mailbox: List[Mailbox] = []
-    mailbox_count: int = 0
-    deleted_alias: Optional[DeletedAlias] = None
-    deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
-    domain_deleted_alias: Optional[DomainDeletedAlias] = None
-    domain_deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
-    user: Optional[User] = None
-    user_audit_log: Optional[List[UserAuditLog]] = None
-    query: str
+    def __init__(self):
+        self.no_match: bool = True
+        self.alias: Optional[Alias] = None
+        self.alias_audit_log: Optional[List[AliasAuditLog]] = None
+        self.mailbox: List[Mailbox] = []
+        self.mailbox_count: int = 0
+        self.deleted_alias: Optional[DeletedAlias] = None
+        self.deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
+        self.domain_deleted_alias: Optional[DomainDeletedAlias] = None
+        self.domain_deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
+        self.user: Optional[User] = None
+        self.user_audit_log: Optional[List[UserAuditLog]] = None
+        self.query: str
 
     @staticmethod
-    def from_email(email: str) -> EmailSearchResult:
+    def from_request_email(email: str) -> EmailSearchResult:
         output = EmailSearchResult()
         output.query = email
         alias = Alias.get_by(email=email)
@@ -799,7 +803,11 @@ class EmailSearchResult:
                 .all()
             )
             output.no_match = False
-        user = User.get_by(email=email)
+        try:
+            user_id = int(email)
+            user = User.get(user_id)
+        except ValueError:
+            user = User.get_by(email=email)
         if user:
             output.user = user
             output.user_audit_log = (
@@ -908,7 +916,7 @@ class EmailSearchAdmin(BaseView):
         email = request.args.get("email")
         if email is not None and len(email) > 0:
             email = email.strip()
-            search = EmailSearchResult.from_email(email)
+            search = EmailSearchResult.from_request_email(email)
 
         return self.render(
             "admin/email_search.html",
@@ -916,3 +924,106 @@ class EmailSearchAdmin(BaseView):
             data=search,
             helper=EmailSearchHelpers,
         )
+
+
+class CustomDomainWithValidationData:
+    def __init__(self, domain: CustomDomain):
+        self.domain: CustomDomain = domain
+        self.ownership_expected: Optional[str] = None
+        self.ownership_validation: Optional[DomainValidationResult] = None
+        self.mx_expected: Optional[str] = None
+        self.mx_validation: Optional[DomainValidationResult] = None
+        self.spf_expected: Optional[str] = None
+        self.spf_validation: Optional[DomainValidationResult] = None
+        self.dkim_expected: {str: str} = {}
+        self.dkim_validation: {str: str} = {}
+
+
+class CustomDomainSearchResult:
+    def __init__(self):
+        self.no_match: bool = False
+        self.user: Optional[User] = None
+        self.domains: list[CustomDomainWithValidationData] = []
+
+    @staticmethod
+    def from_user(user: Optional[User]) -> CustomDomainSearchResult:
+        out = CustomDomainSearchResult()
+        if user is None:
+            out.no_match = True
+            return out
+        out.user = user
+        dns_client = get_network_dns_client()
+        validator = CustomDomainValidation(
+            dkim_domain=config.EMAIL_DOMAIN,
+            partner_domains=config.PARTNER_DNS_CUSTOM_DOMAINS,
+            partner_domains_validation_prefixes=config.PARTNER_CUSTOM_DOMAIN_VALIDATION_PREFIXES,
+            dns_client=dns_client,
+        )
+        for custom_domain in user.custom_domains:
+            validation_data = CustomDomainWithValidationData(custom_domain)
+            if not custom_domain.ownership_verified:
+                validation_data.ownership_expected = (
+                    validator.get_ownership_verification_record(custom_domain)
+                )
+                validation_data.ownership_validation = (
+                    validator.validate_domain_ownership(custom_domain)
+                )
+            if not custom_domain.verified:
+                validation_data.mx_expected = validator.get_expected_mx_records(
+                    custom_domain
+                )
+                validation_data.mx_validation = validator.validate_mx_records(
+                    custom_domain
+                )
+            if not custom_domain.spf_verified:
+                validation_data.spf_expected = validator.get_expected_spf_record(
+                    custom_domain
+                )
+                validation_data.spf_validation = validator.validate_spf_records(
+                    custom_domain
+                )
+            if not custom_domain.dkim_verified:
+                validation_data.dkim_expected = validator.get_dkim_records(
+                    custom_domain
+                )
+                validation_data.dkim_validation = validator.validate_dkim_records(
+                    custom_domain
+                )
+            out.domains.append(validation_data)
+            print(validation_data.dkim_expected, validation_data.dkim_validation)
+
+        return out
+
+
+class CustomDomainSearchAdmin(BaseView):
+    def is_accessible(self):
+        return current_user.is_authenticated and current_user.is_admin
+
+    def inaccessible_callback(self, name, **kwargs):
+        # redirect to login page if user doesn't have access
+        flash("You don't have access to the admin page", "error")
+        return redirect(url_for("dashboard.index", next=request.url))
+
+    @expose("/", methods=["GET", "POST"])
+    def index(self):
+        query = request.args.get("user")
+        if query is None:
+            search = CustomDomainSearchResult()
+        else:
+            try:
+                user_id = int(query)
+                user = User.get_by(id=user_id)
+            except ValueError:
+                user = User.get_by(email=query)
+                if user is None:
+                    cd = CustomDomain.get_by(domain=query)
+                    if cd is not None:
+                        user = cd.user
+            search = CustomDomainSearchResult.from_user(user)
+            print("NEW", search.domains)
+
+        return self.render(
+            "admin/custom_domain_search.html",
+            data=search,
+            query=query,
+        )

app/app/alias_suffix.py

@@ -58,7 +58,7 @@ def verify_prefix_suffix(
 
     # alias_domain must be either one of user custom domains or built-in domains
     if alias_domain not in user.available_alias_domains(alias_options=alias_options):
-        LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
+        LOG.i("wrong alias suffix %s, user %s", alias_suffix, user)
         return False
 
     # SimpleLogin domain case:
@@ -75,17 +75,17 @@ def verify_prefix_suffix(
         and not config.DISABLE_ALIAS_SUFFIX
     ):
         if not alias_domain_prefix.startswith("."):
-            LOG.e("User %s submits a wrong alias suffix %s", user, alias_suffix)
+            LOG.i("User %s submits a wrong alias suffix %s", user, alias_suffix)
             return False
 
     else:
         if alias_domain not in user_custom_domains:
             if not config.DISABLE_ALIAS_SUFFIX:
-                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
+                LOG.i("wrong alias suffix %s, user %s", alias_suffix, user)
                 return False
 
             if alias_domain not in available_sl_domains:
-                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
+                LOG.i("wrong alias suffix %s, user %s", alias_suffix, user)
                 return False
 
     return True

app/app/api/views/alias.py

@@ -299,7 +299,10 @@ def update_alias(alias_id):
         changed = True
 
     if "mailbox_ids" in data:
-        mailbox_ids = [int(m_id) for m_id in data.get("mailbox_ids")]
+        try:
+            mailbox_ids = [int(m_id) for m_id in data.get("mailbox_ids")]
+        except ValueError:
+            return jsonify(error="Invalid mailbox_id"), 400
         err = set_mailboxes_for_alias(
             user_id=user.id, alias=alias, mailbox_ids=mailbox_ids
         )

app/app/api/views/new_custom_alias.py

@@ -1,3 +1,4 @@
+from email_validator import EmailNotValidError
 from flask import g
 from flask import jsonify, request
 
@@ -93,12 +94,15 @@ def new_custom_alias_v2():
             400,
         )
 
-    alias = Alias.create(
-        user_id=user.id,
-        email=full_alias,
-        mailbox_id=user.default_mailbox_id,
-        note=note,
-    )
+    try:
+        alias = Alias.create(
+            user_id=user.id,
+            email=full_alias,
+            mailbox_id=user.default_mailbox_id,
+            note=note,
+        )
+    except EmailNotValidError:
+        return jsonify(error="Email is not valid"), 400
 
     Session.commit()
 
@@ -153,8 +157,17 @@ def new_custom_alias_v3():
     if not isinstance(data, dict):
         return jsonify(error="request body does not follow the required format"), 400
 
-    alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
+    alias_prefix_data = data.get("alias_prefix", "") or ""
+
+    if not isinstance(alias_prefix_data, str):
+        return jsonify(error="request body does not follow the required format"), 400
+
+    alias_prefix = alias_prefix_data.strip().lower().replace(" ", "")
     signed_suffix = data.get("signed_suffix", "") or ""
+
+    if not isinstance(signed_suffix, str):
+        return jsonify(error="request body does not follow the required format"), 400
+
     signed_suffix = signed_suffix.strip()
 
     mailbox_ids = data.get("mailbox_ids")

app/app/dashboard/views/alias_contact_manager.py

@@ -227,7 +227,10 @@ def alias_contact_manager(alias_id):
 
     page = 0
     if request.args.get("page"):
-        page = int(request.args.get("page"))
+        try:
+            page = int(request.args.get("page"))
+        except ValueError:
+            pass
 
     query = request.args.get("query") or ""
 

app/app/dashboard/views/index.py

@@ -71,7 +71,10 @@ def index():
 
     page = 0
     if request.args.get("page"):
-        page = int(request.args.get("page"))
+        try:
+            page = int(request.args.get("page"))
+        except ValueError:
+            pass
 
     highlight_alias_id = None
     if request.args.get("highlight_alias_id"):

app/app/dashboard/views/notification.py

@@ -43,7 +43,10 @@ def notification_route(notification_id):
 def notifications_route():
     page = 0
     if request.args.get("page"):
-        page = int(request.args.get("page"))
+        try:
+            page = int(request.args.get("page"))
+        except ValueError:
+            pass
 
     notifications = (
         Notification.filter_by(user_id=current_user.id)

app/app/dashboard/views/setting.py

@@ -174,7 +174,12 @@ def setting():
             flash("Your preference has been updated", "success")
             return redirect(url_for("dashboard.setting"))
         elif request.form.get("form-name") == "random-alias-suffix":
-            scheme = int(request.form.get("random-alias-suffix-generator"))
+            try:
+                scheme = int(request.form.get("random-alias-suffix-generator"))
+            except ValueError:
+                flash("Invalid value", "error")
+                return redirect(url_for("dashboard.setting"))
+
             if AliasSuffixEnum.has_value(scheme):
                 current_user.random_alias_suffix = scheme
                 Session.commit()

app/app/email_utils.py

@@ -1345,17 +1345,16 @@ def get_queue_id(msg: Message) -> Optional[str]:
 
     received_header = str(msg[headers.RECEIVED])
     if not received_header:
-        return
+        return None
 
     # received_header looks like 'from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434])\r\n\t(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\r\n\t(No client certificate requested)\r\n\tby mx1.simplelogin.co (Postfix) with ESMTPS id 4FxQmw1DXdz2vK2\r\n\tfor <jglfdjgld@alias.com>; Fri,  4 Jun 2021 14:55:43 +0000 (UTC)'
-    search_result = re.search("with ESMTPS id [0-9a-zA-Z]{1,}", received_header)
-    if not search_result:
-        return
-
-    # the "with ESMTPS id 4FxQmw1DXdz2vK2" part
-    with_esmtps = received_header[search_result.start() : search_result.end()]
-
-    return with_esmtps[len("with ESMTPS id ") :]
+    search_result = re.search(r"with E?SMTP[AS]? id ([0-9a-zA-Z]{1,})", received_header)
+    if search_result:
+        return search_result.group(1)
+    search_result = re.search("\(Postfix\)\r\n\tid ([a-zA-Z0-9]{1,});", received_header)
+    if search_result:
+        return search_result.group(1)
+    return None
 
 
 def should_ignore_bounce(mail_from: str) -> bool:

app/app/mailbox_utils.py

@@ -12,11 +12,13 @@ from app.email_utils import (
     email_can_be_used_as_mailbox,
     send_email,
     render,
+    get_email_domain_part,
 )
 from app.email_validation import is_valid_email
 from app.log import LOG
-from app.models import User, Mailbox, Job, MailboxActivation
+from app.models import User, Mailbox, Job, MailboxActivation, Alias
 from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
+from app.utils import canonicalize_email, sanitize_email
 
 
 @dataclasses.dataclass
@@ -52,6 +54,7 @@ def create_mailbox(
     use_digit_codes: bool = False,
     send_link: bool = True,
 ) -> CreateMailboxOutput:
+    email = sanitize_email(email)
     if not user.is_premium():
         LOG.i(
             f"User {user} has tried to create mailbox with {email} but is not premium"
@@ -104,7 +107,10 @@ def create_mailbox(
 
 
 def delete_mailbox(
-    user: User, mailbox_id: int, transfer_mailbox_id: Optional[int]
+    user: User,
+    mailbox_id: int,
+    transfer_mailbox_id: Optional[int],
+    send_mail: bool = True,
 ) -> Mailbox:
     mailbox = Mailbox.get(mailbox_id)
 
@@ -150,6 +156,7 @@ def delete_mailbox(
             "transfer_mailbox_id": transfer_mailbox_id
             if transfer_mailbox_id and transfer_mailbox_id > 0
             else None,
+            "send_mail": send_mail,
         },
         run_at=arrow.now(),
         commit=True,
@@ -328,3 +335,56 @@ def perform_mailbox_email_change(mailbox_id: int) -> MailboxEmailChangeResult:
             message="Invalid link",
             message_category="error",
         )
+
+
+def __get_alias_mailbox_from_email(
+    email_address: str, alias: Alias
+) -> Optional[Mailbox]:
+    for mailbox in alias.mailboxes:
+        if mailbox.email == email_address:
+            return mailbox
+
+        for authorized_address in mailbox.authorized_addresses:
+            if authorized_address.email == email_address:
+                LOG.d(
+                    "Found an authorized address for %s %s %s",
+                    alias,
+                    mailbox,
+                    authorized_address,
+                )
+                return mailbox
+    return None
+
+
+def __get_alias_mailbox_from_email_or_canonical_email(
+    email_address: str, alias: Alias
+) -> Optional[Mailbox]:
+    # We need to first check for the uncanonicalized version because we still have users in the db with the
+    # email non canonicalized. So if it matches the already existing one use that, otherwise check the canonical one
+    mbox = __get_alias_mailbox_from_email(email_address, alias)
+    if mbox is not None:
+        return mbox
+    canonical_email = canonicalize_email(email_address)
+    if canonical_email != email_address:
+        return __get_alias_mailbox_from_email(canonical_email, alias)
+    return None
+
+
+def get_mailbox_for_reply_phase(
+    envelope_mail_from: str, header_mail_from: str, alias
+) -> Optional[Mailbox]:
+    """return the corresponding mailbox given the mail_from and alias
+    Usually the mail_from=mailbox.email but it can also be one of the authorized address
+    """
+    mbox = __get_alias_mailbox_from_email_or_canonical_email(envelope_mail_from, alias)
+    if mbox is not None:
+        return mbox
+    if not header_mail_from:
+        return None
+    envelope_from_domain = get_email_domain_part(envelope_mail_from)
+    header_from_domain = get_email_domain_part(header_mail_from)
+    if envelope_from_domain != header_from_domain:
+        return None
+    # For services that use VERP sending (envelope from has encoded data to account for bounces)
+    # if the domain is the same in the header from as the envelope from we can use the header from
+    return __get_alias_mailbox_from_email_or_canonical_email(header_mail_from, alias)

app/app/models.py

@@ -158,6 +158,8 @@ class File(Base, ModelMixin):
     path = sa.Column(sa.String(128), unique=True, nullable=False)
     user_id = sa.Column(sa.ForeignKey("users.id", ondelete="cascade"), nullable=True)
 
+    __table_args__ = (sa.Index("ix_file_user_id", "user_id"),)
+
     def get_url(self, expires_in=3600):
         return s3.get_url(self.path, expires_in)
 
@@ -319,6 +321,8 @@ class HibpNotifiedAlias(Base, ModelMixin):
 
     notified_at = sa.Column(ArrowType, default=arrow.utcnow, nullable=False)
 
+    __table_args__ = (sa.Index("ix_hibp_notified_alias_user_id", "user_id"),)
+
 
 class Fido(Base, ModelMixin):
     __tablename__ = "fido"
@@ -333,11 +337,13 @@ class Fido(Base, ModelMixin):
     name = sa.Column(sa.String(128), nullable=False, unique=False)
     user_id = sa.Column(sa.ForeignKey("users.id", ondelete="cascade"), nullable=True)
 
+    __table_args__ = (sa.Index("ix_fido_user_id", "user_id"),)
+
 
 class User(Base, ModelMixin, UserMixin, PasswordOracle):
     __tablename__ = "users"
 
-    FLAG_DISABLE_CREATE_CONTACTS = 1 << 0
+    FLAG_FREE_DISABLE_CREATE_CONTACTS = 1 << 0
     FLAG_CREATED_FROM_PARTNER = 1 << 1
     FLAG_FREE_OLD_ALIAS_LIMIT = 1 << 2
     FLAG_CREATED_ALIAS_FROM_PARTNER = 1 << 3
@@ -544,7 +550,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
     # bitwise flags. Allow for future expansion
     flags = sa.Column(
         sa.BigInteger,
-        default=FLAG_DISABLE_CREATE_CONTACTS,
+        default=FLAG_FREE_DISABLE_CREATE_CONTACTS,
         server_default="0",
         nullable=False,
     )
@@ -565,6 +571,11 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
             "ix_users_activated_trial_end_lifetime", activated, trial_end, lifetime
         ),
         sa.Index("ix_users_delete_on", delete_on),
+        sa.Index("ix_users_default_mailbox_id", default_mailbox_id),
+        sa.Index(
+            "ix_users_default_alias_custom_domain_id", default_alias_custom_domain_id
+        ),
+        sa.Index("ix_users_profile_picture_id", profile_picture_id),
     )
 
     @property
@@ -629,7 +640,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
         # If the user is created from partner, do not notify
         # nor give a trial
         if from_partner:
-            user.flags = User.FLAG_CREATED_FROM_PARTNER
+            user.flags = user.flags | User.FLAG_CREATED_FROM_PARTNER
             user.notification = False
             user.trial_end = None
             Job.create(
@@ -1178,7 +1189,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
     def can_create_contacts(self) -> bool:
         if self.is_premium():
             return True
-        if self.flags & User.FLAG_DISABLE_CREATE_CONTACTS == 0:
+        if self.flags & User.FLAG_FREE_DISABLE_CREATE_CONTACTS == 0:
             return True
         return not config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS
 
@@ -1221,6 +1232,8 @@ class ActivationCode(Base, ModelMixin):
 
     expired = sa.Column(ArrowType, nullable=False, default=_expiration_1h)
 
+    __table_args__ = (sa.Index("ix_activation_code_user_id", "user_id"),)
+
     def is_expired(self):
         return self.expired < arrow.now()
 
@@ -1237,6 +1250,8 @@ class ResetPasswordCode(Base, ModelMixin):
 
     expired = sa.Column(ArrowType, nullable=False, default=_expiration_1h)
 
+    __table_args__ = (sa.Index("ix_reset_password_code_user_id", "user_id"),)
+
     def is_expired(self):
         return self.expired < arrow.now()
 
@@ -1279,6 +1294,8 @@ class MfaBrowser(Base, ModelMixin):
 
     user = orm.relationship(User)
 
+    __table_args__ = (sa.Index("ix_mfa_browser_user_id", "user_id"),)
+
     @classmethod
     def create_new(cls, user, token_length=64) -> "MfaBrowser":
         found = False
@@ -1337,6 +1354,12 @@ class Client(Base, ModelMixin):
     user = orm.relationship(User)
     referral = orm.relationship("Referral")
 
+    __table_args__ = (
+        sa.Index("ix_client_user_id", "user_id"),
+        sa.Index("ix_client_icon_id", "icon_id"),
+        sa.Index("ix_client_referral_id", "referral_id"),
+    )
+
     def nb_user(self):
         return ClientUser.filter_by(client_id=self.id).count()
 
@@ -1385,6 +1408,8 @@ class RedirectUri(Base, ModelMixin):
 
     client = orm.relationship(Client, backref="redirect_uris")
 
+    __table_args__ = (sa.Index("ix_redirect_uri_client_id", "client_id"),)
+
 
 class AuthorizationCode(Base, ModelMixin):
     __tablename__ = "authorization_code"
@@ -1406,6 +1431,11 @@ class AuthorizationCode(Base, ModelMixin):
 
     expired = sa.Column(ArrowType, nullable=False, default=_expiration_5m)
 
+    __table_args__ = (
+        sa.Index("ix_authorization_code_client_id", "client_id"),
+        sa.Index("ix_authorization_code_user_id", "user_id"),
+    )
+
     def is_expired(self):
         return self.expired < arrow.now()
 
@@ -1428,6 +1458,11 @@ class OauthToken(Base, ModelMixin):
 
     expired = sa.Column(ArrowType, nullable=False, default=_expiration_1h)
 
+    __table_args__ = (
+        sa.Index("ix_oauth_token_user_id", "user_id"),
+        sa.Index("ix_oauth_token_client_id", "client_id"),
+    )
+
     def is_expired(self):
         return self.expired < arrow.now()
 
@@ -1581,6 +1616,7 @@ class Alias(Base, ModelMixin):
             postgresql_ops={"note": "gin_trgm_ops"},
             postgresql_using="gin",
         ),
+        Index("ix_alias_original_owner_id", "original_owner_id"),
     )
 
     user = orm.relationship(User, foreign_keys=[user_id])
@@ -1623,7 +1659,7 @@ class Alias(Base, ModelMixin):
         return False
 
     @staticmethod
-    def get_custom_domain(alias_address) -> Optional["CustomDomain"]:
+    def get_custom_domain(alias_address: str) -> Optional["CustomDomain"]:
         alias_domain = validate_email(
             alias_address, check_deliverability=False, allow_smtputf8=False
         ).domain
@@ -1666,6 +1702,11 @@ class Alias(Base, ModelMixin):
             custom_domain = Alias.get_custom_domain(email)
             if custom_domain:
                 new_alias.custom_domain_id = custom_domain.id
+        else:
+            custom_domain = CustomDomain.get(kw["custom_domain_id"])
+        # If it comes from a custom domain created from partner. Mark it as created from partner
+        if custom_domain is not None and custom_domain.partner_id is not None:
+            new_alias.flags = (new_alias.flags or 0) | Alias.FLAG_PARTNER_CREATED
 
         Session.add(new_alias)
         DailyMetric.get_or_create_today_metric().nb_alias += 1
@@ -2069,7 +2110,12 @@ class Contact(Base, ModelMixin):
 
 class EmailLog(Base, ModelMixin):
     __tablename__ = "email_log"
-    __table_args__ = (Index("ix_email_log_created_at", "created_at"),)
+    __table_args__ = (
+        Index("ix_email_log_created_at", "created_at"),
+        Index("ix_email_log_mailbox_id", "mailbox_id"),
+        Index("ix_email_log_bounced_mailbox_id", "bounced_mailbox_id"),
+        Index("ix_email_log_refused_email_id", "refused_email_id"),
+    )
 
     user_id = sa.Column(
         sa.ForeignKey(User.id, ondelete="cascade"), nullable=False, index=True
@@ -2345,6 +2391,7 @@ class AliasUsedOn(Base, ModelMixin):
 
     __table_args__ = (
         sa.UniqueConstraint("alias_id", "hostname", name="uq_alias_used"),
+        sa.Index("ix_alias_used_on_user_id", "user_id"),
     )
 
     alias_id = sa.Column(
@@ -2371,6 +2418,11 @@ class ApiKey(Base, ModelMixin):
 
     user = orm.relationship(User)
 
+    __table_args__ = (
+        sa.Index("ix_api_key_code", "code"),
+        sa.Index("ix_api_key_user_id", "user_id"),
+    )
+
     @classmethod
     def create(cls, user_id, name=None, **kwargs):
         code = random_string(60)
@@ -2529,6 +2581,7 @@ class AutoCreateRule(Base, ModelMixin):
         sa.UniqueConstraint(
             "custom_domain_id", "order", name="uq_auto_create_rule_order"
         ),
+        sa.Index("ix_auto_create_rule_custom_domain_id", "custom_domain_id"),
     )
 
     custom_domain_id = sa.Column(
@@ -2572,6 +2625,7 @@ class DomainDeletedAlias(Base, ModelMixin):
 
     __table_args__ = (
         sa.UniqueConstraint("domain_id", "email", name="uq_domain_trash"),
+        sa.Index("ix_domain_deleted_alias_user_id", "user_id"),
     )
 
     email = sa.Column(sa.String(256), nullable=False)
@@ -2632,6 +2686,8 @@ class Coupon(Base, ModelMixin):
     # a coupon can have an expiration
     expires_date = sa.Column(ArrowType, nullable=True)
 
+    __table_args__ = (sa.Index("ix_coupon_used_by_user_id", "used_by_user_id"),)
+
 
 class Directory(Base, ModelMixin):
     __tablename__ = "directory"
@@ -2646,6 +2702,8 @@ class Directory(Base, ModelMixin):
         "Mailbox", secondary="directory_mailbox", lazy="joined"
     )
 
+    __table_args__ = (sa.Index("ix_directory_user_id", "user_id"),)
+
     @property
     def mailboxes(self):
         if self._mailboxes:
@@ -2747,7 +2805,10 @@ class Mailbox(Base, ModelMixin):
 
     generic_subject = sa.Column(sa.String(78), nullable=True)
 
-    __table_args__ = (sa.UniqueConstraint("user_id", "email", name="uq_mailbox_user"),)
+    __table_args__ = (
+        sa.UniqueConstraint("user_id", "email", name="uq_mailbox_user"),
+        sa.Index("ix_mailbox_pgp_finger_print", "pgp_finger_print"),
+    )
 
     user = orm.relationship(User, foreign_keys=[user_id])
 
@@ -2884,6 +2945,8 @@ class RefusedEmail(Base, ModelMixin):
     # toggle this when email content (stored at full_report_path & path are deleted)
     deleted = sa.Column(sa.Boolean, nullable=False, default=False, server_default="0")
 
+    __table_args__ = (sa.Index("ix_refused_email_user_id", "user_id"),)
+
     def get_url(self, expires_in=3600):
         if self.path:
             return s3.get_url(self.path, expires_in)
@@ -2906,6 +2969,8 @@ class Referral(Base, ModelMixin):
 
     user = orm.relationship(User, foreign_keys=[user_id], backref="referrals")
 
+    __table_args__ = (sa.Index("ix_referral_user_id", "user_id"),)
+
     @property
     def nb_user(self) -> int:
         return User.filter_by(referral_id=self.id, activated=True).count()
@@ -2945,6 +3010,8 @@ class SentAlert(Base, ModelMixin):
     to_email = sa.Column(sa.String(256), nullable=False)
     alert_type = sa.Column(sa.String(256), nullable=False)
 
+    __table_args__ = (sa.Index("ix_sent_alert_user_id", "user_id"),)
+
 
 class AliasMailbox(Base, ModelMixin):
     __tablename__ = "alias_mailbox"
@@ -3190,6 +3257,11 @@ class BatchImport(Base, ModelMixin):
     file = orm.relationship(File)
     user = orm.relationship(User)
 
+    __table_args__ = (
+        sa.Index("ix_batch_import_file_id", "file_id"),
+        sa.Index("ix_batch_import_user_id", "user_id"),
+    )
+
     def nb_alias(self):
         return Alias.filter_by(batch_import_id=self.id).count()
 
@@ -3210,6 +3282,7 @@ class AuthorizedAddress(Base, ModelMixin):
 
     __table_args__ = (
         sa.UniqueConstraint("mailbox_id", "email", name="uq_authorize_address"),
+        sa.Index("ix_authorized_address_user_id", "user_id"),
     )
 
     mailbox = orm.relationship(Mailbox, backref="authorized_addresses")
@@ -3351,6 +3424,8 @@ class Payout(Base, ModelMixin):
 
     user = orm.relationship(User)
 
+    __table_args__ = (sa.Index("ix_payout_user_id", "user_id"),)
+
 
 class IgnoredEmail(Base, ModelMixin):
     """If an email has mail_from and rcpt_to present in this table, discard it by returning 250 status."""
@@ -3452,6 +3527,8 @@ class PhoneReservation(Base, ModelMixin):
     start = sa.Column(ArrowType, nullable=False)
     end = sa.Column(ArrowType, nullable=False)
 
+    __table_args__ = (sa.Index("ix_phone_reservation_user_id", "user_id"),)
+
 
 class PhoneMessage(Base, ModelMixin):
     __tablename__ = "phone_message"
@@ -3626,6 +3703,11 @@ class ProviderComplaint(Base, ModelMixin):
     user = orm.relationship(User, foreign_keys=[user_id])
     refused_email = orm.relationship(RefusedEmail, foreign_keys=[refused_email_id])
 
+    __table_args__ = (
+        sa.Index("ix_provider_complaint_user_id", "user_id"),
+        sa.Index("ix_provider_complaint_refused_email_id", "refused_email_id"),
+    )
+
 
 class PartnerApiToken(Base, ModelMixin):
     __tablename__ = "partner_api_token"
@@ -3696,7 +3778,8 @@ class PartnerSubscription(Base, ModelMixin):
     )
 
     # when the partner subscription ends
-    end_at = sa.Column(ArrowType, nullable=False, index=True)
+    end_at = sa.Column(ArrowType, nullable=True, index=True)
+    lifetime = sa.Column(sa.Boolean, default=False, nullable=False, server_default="0")
 
     partner_user = orm.relationship(PartnerUser)
 
@@ -3718,7 +3801,9 @@ class PartnerSubscription(Base, ModelMixin):
         return None
 
     def is_active(self):
-        return self.end_at > arrow.now().shift(days=-_PARTNER_SUBSCRIPTION_GRACE_DAYS)
+        return self.lifetime or self.end_at > arrow.now().shift(
+            days=-_PARTNER_SUBSCRIPTION_GRACE_DAYS
+        )
 
 
 # endregion
@@ -3749,6 +3834,8 @@ class NewsletterUser(Base, ModelMixin):
     user = orm.relationship(User)
     newsletter = orm.relationship(Newsletter)
 
+    __table_args__ = (sa.Index("ix_newsletter_user_user_id", "user_id"),)
+
 
 class ApiToCookieToken(Base, ModelMixin):
     __tablename__ = "api_cookie_token"
@@ -3759,6 +3846,11 @@ class ApiToCookieToken(Base, ModelMixin):
     user = orm.relationship(User)
     api_key = orm.relationship(ApiKey)
 
+    __table_args__ = (
+        sa.Index("ix_api_to_cookie_token_api_key_id", "api_key_id"),
+        sa.Index("ix_api_to_cookie_token_user_id", "user_id"),
+    )
+
     @classmethod
     def create(cls, **kwargs):
         code = secrets.token_urlsafe(32)

app/app/partner_user_utils.py

@@ -33,12 +33,14 @@ def create_partner_user(
 
 def create_partner_subscription(
     partner_user: PartnerUser,
-    expiration: Optional[Arrow],
+    expiration: Optional[Arrow] = None,
+    lifetime: bool = False,
     msg: Optional[str] = None,
 ) -> PartnerSubscription:
     instance = PartnerSubscription.create(
         partner_user_id=partner_user.id,
         end_at=expiration,
+        lifetime=lifetime,
     )
 
     message = "User upgraded through partner subscription"

app/app/proton/proton_client.py

@@ -16,6 +16,7 @@ PROTON_ERROR_CODE_HV_NEEDED = 9001
 
 PLAN_FREE = 1
 PLAN_PREMIUM = 2
+PLAN_PREMIUM_LIFETIME = 3
 
 
 @dataclass
@@ -112,10 +113,13 @@ class HttpProtonClient(ProtonClient):
         if plan_value == PLAN_FREE:
             plan = SLPlan(type=SLPlanType.Free, expiration=None)
         elif plan_value == PLAN_PREMIUM:
+            expiration = info.get("PlanExpiration", "1")
             plan = SLPlan(
                 type=SLPlanType.Premium,
-                expiration=Arrow.fromtimestamp(info["PlanExpiration"], tzinfo="utc"),
+                expiration=Arrow.fromtimestamp(expiration, tzinfo="utc"),
             )
+        elif plan_value == PLAN_PREMIUM_LIFETIME:
+            plan = SLPlan(SLPlanType.PremiumLifetime, expiration=None)
         else:
             raise Exception(f"Invalid value for plan: {plan_value}")
 

app/crontab.yml

@@ -14,8 +14,9 @@ jobs:
   - name: SimpleLogin Custom Domain check
     command: python /code/cron.py -j check_custom_domain
     shell: /bin/bash
-    schedule: "15 2 * * *"
+    schedule: "15 */4 * * *"
     captureStderr: true
+    concurrencyPolicy: Forbid
     onFailure:
       retry:
         maximumRetries: 10
@@ -26,7 +27,7 @@ jobs:
   - name: SimpleLogin HIBP check
     command: python /code/cron.py -j check_hibp
     shell: /bin/bash
-    schedule: "16 */4 * * *"
+    schedule: "13 */4 * * *"
     captureStderr: true
     concurrencyPolicy: Forbid
     onFailure:

app/email_handler.py

@@ -149,6 +149,7 @@ from app.handler.unsubscribe_generator import UnsubscribeGenerator
 from app.handler.unsubscribe_handler import UnsubscribeHandler
 from app.log import LOG, set_message_id
 from app.mail_sender import sl_sendmail
+from app.mailbox_utils import get_mailbox_for_reply_phase
 from app.message_utils import message_to_bytes
 from app.models import (
     Alias,
@@ -172,7 +173,7 @@ from app.pgp_utils import (
     sign_data,
     load_public_key_and_check,
 )
-from app.utils import sanitize_email, canonicalize_email
+from app.utils import sanitize_email
 from init_app import load_pgp_public_keys
 from server import create_light_app
 
@@ -599,6 +600,17 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
         else:
             reply_to_contact = get_or_create_reply_to_contact(reply_to, alias, msg)
 
+    if alias.user.delete_on is not None:
+        LOG.d(f"user {user} is pending to be deleted. Do not forward")
+        EmailLog.create(
+            contact_id=contact.id,
+            user_id=contact.user_id,
+            blocked=True,
+            alias_id=contact.alias_id,
+            commit=True,
+        )
+        return [(True, status.E502)]
+
     if not alias.enabled or contact.block_forward:
         LOG.d("%s is disabled, do not forward", alias)
         EmailLog.create(
@@ -1008,7 +1020,6 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
         return False, status.E503
 
     user = alias.user
-    mail_from = envelope.mail_from
 
     if not user.can_send_or_receive():
         LOG.i(f"User {user} cannot send emails")
@@ -1022,13 +1033,15 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
         return False, dmarc_delivery_status
 
     # Anti-spoofing
-    mailbox = get_mailbox_from_mail_from(mail_from, alias)
+    mailbox = get_mailbox_for_reply_phase(
+        envelope.mail_from, get_header_unicode(msg[headers.FROM]), alias
+    )
     if not mailbox:
         if alias.disable_email_spoofing_check:
             # ignore this error, use default alias mailbox
             LOG.w(
                 "ignore unknown sender to reverse-alias %s: %s -> %s",
-                mail_from,
+                envelope.mail_from,
                 alias,
                 contact,
             )
@@ -1367,32 +1380,6 @@ def replace_original_message_id(alias: Alias, email_log: EmailLog, msg: Message)
         msg[headers.REFERENCES] = " ".join(new_message_ids)
 
 
-def get_mailbox_from_mail_from(mail_from: str, alias) -> Optional[Mailbox]:
-    """return the corresponding mailbox given the mail_from and alias
-    Usually the mail_from=mailbox.email but it can also be one of the authorized address
-    """
-
-    def __check(email_address: str, alias: Alias) -> Optional[Mailbox]:
-        for mailbox in alias.mailboxes:
-            if mailbox.email == email_address:
-                return mailbox
-
-            for authorized_address in mailbox.authorized_addresses:
-                if authorized_address.email == email_address:
-                    LOG.d(
-                        "Found an authorized address for %s %s %s",
-                        alias,
-                        mailbox,
-                        authorized_address,
-                    )
-                    return mailbox
-        return None
-
-    # We need to first check for the uncanonicalized version because we still have users in the db with the
-    # email non canonicalized. So if it matches the already existing one use that, otherwise check the canonical one
-    return __check(mail_from, alias) or __check(canonicalize_email(mail_from), alias)
-
-
 def handle_unknown_mailbox(
     envelope, msg, reply_email: str, user: User, alias: Alias, contact: Contact
 ):

app/job_runner.py

@@ -164,6 +164,8 @@ def delete_mailbox_job(job: Job):
     Session.commit()
     LOG.d("Mailbox %s %s deleted", mailbox_id, mailbox_email)
 
+    if not job.payload.get("send_mail", True):
+        return
     if alias_transferred_to:
         send_email(
             user.email,

app/local_data/words.txt

@@ -1,6 +1,4 @@
 abacus
-abdomen
-abdominal
 abide
 abiding
 ability
@@ -1031,7 +1029,6 @@ chosen
 chowder
 chowtime
 chrome
-chubby
 chuck
 chug
 chummy
@@ -2041,8 +2038,6 @@ dwindling
 dynamic
 dynamite
 dynasty
-dyslexia
-dyslexic
 each
 eagle
 earache
@@ -2081,7 +2076,6 @@ eatery
 eating
 eats
 ebay
-ebony
 ebook
 ecard
 eccentric
@@ -2375,8 +2369,6 @@ exclude
 excluding
 exclusion
 exclusive
-excretion
-excretory
 excursion
 excusable
 excusably
@@ -2396,8 +2388,6 @@ existing
 exit
 exodus
 exonerate
-exorcism
-exorcist
 expand
 expanse
 expansion
@@ -2483,7 +2473,6 @@ fanning
 fantasize
 fantastic
 fantasy
-fascism
 fastball
 faster
 fasting
@@ -3028,7 +3017,6 @@ guiding
 guileless
 guise
 gulf
-gullible
 gully
 gulp
 gumball
@@ -3040,10 +3028,6 @@ gurgle
 gurgling
 guru
 gush
-gusto
-gusty
-gutless
-guts
 gutter
 guy
 guzzler
@@ -3242,8 +3226,6 @@ humble
 humbling
 humbly
 humid
-humiliate
-humility
 humming
 hummus
 humongous
@@ -3271,7 +3253,6 @@ hurray
 hurricane
 hurried
 hurry
-hurt
 husband
 hush
 husked
@@ -3292,8 +3273,6 @@ hypnotic
 hypnotism
 hypnotist
 hypnotize
-hypocrisy
-hypocrite
 ibuprofen
 ice
 iciness
@@ -3323,7 +3302,6 @@ image
 imaginary
 imagines
 imaging
-imbecile
 imitate
 imitation
 immerse
@@ -3746,7 +3724,6 @@ machine
 machinist
 magazine
 magenta
-maggot
 magical
 magician
 magma
@@ -3968,8 +3945,6 @@ multitude
 mumble
 mumbling
 mumbo
-mummified
-mummify
 mumps
 munchkin
 mundane
@@ -4022,8 +3997,6 @@ napped
 napping
 nappy
 narrow
-nastily
-nastiness
 national
 native
 nativity
@@ -4446,7 +4419,6 @@ pasta
 pasted
 pastel
 pastime
-pastor
 pastrami
 pasture
 pasty
@@ -4458,7 +4430,6 @@ path
 patience
 patient
 patio
-patriarch
 patriot
 patrol
 patronage
@@ -4549,7 +4520,6 @@ pettiness
 petty
 petunia
 phantom
-phobia
 phoenix
 phonebook
 phoney
@@ -4608,7 +4578,6 @@ plot
 plow
 ploy
 pluck
-plug
 plunder
 plunging
 plural
@@ -4875,7 +4844,6 @@ pupil
 puppet
 puppy
 purchase
-pureblood
 purebred
 purely
 pureness
@@ -5047,7 +5015,6 @@ recharger
 recipient
 recital
 recite
-reckless
 reclaim
 recliner
 reclining
@@ -5440,7 +5407,6 @@ rubdown
 ruby
 ruckus
 rudder
-rug
 ruined
 rule
 rumble
@@ -5448,7 +5414,6 @@ rumbling
 rummage
 rumor
 runaround
-rundown
 runner
 running
 runny
@@ -5518,7 +5483,6 @@ sandpaper
 sandpit
 sandstone
 sandstorm
-sandworm
 sandy
 sanitary
 sanitizer
@@ -5541,7 +5505,6 @@ satisfy
 saturate
 saturday
 sauciness
-saucy
 sauna
 savage
 savanna
@@ -5552,7 +5515,6 @@ savor
 saxophone
 say
 scabbed
-scabby
 scalded
 scalding
 scale
@@ -5587,7 +5549,6 @@ science
 scientist
 scion
 scoff
-scolding
 scone
 scoop
 scooter
@@ -5651,8 +5612,6 @@ sedate
 sedation
 sedative
 sediment
-seduce
-seducing
 segment
 seismic
 seizing
@@ -5899,7 +5858,6 @@ skimpily
 skincare
 skinless
 skinning
-skinny
 skintight
 skipper
 skipping
@@ -6248,17 +6206,12 @@ stifle
 stifling
 stillness
 stilt
-stimulant
-stimulate
-stimuli
 stimulus
 stinger
 stingily
 stinging
 stingray
 stingy
-stinking
-stinky
 stipend
 stipulate
 stir
@@ -6866,7 +6819,6 @@ unbent
 unbiased
 unbitten
 unblended
-unblessed
 unblock
 unbolted
 unbounded
@@ -6947,7 +6899,6 @@ undertone
 undertook
 undertow
 underuse
-underwear
 underwent
 underwire
 undesired
@@ -7000,7 +6951,6 @@ unfunded
 unglazed
 ungloved
 unglue
-ungodly
 ungraded
 ungreased
 unguarded
@@ -7032,7 +6982,6 @@ uninsured
 uninvited
 union
 uniquely
-unisexual
 unison
 unissued
 unit
@@ -7493,8 +7442,6 @@ wheat
 whenever
 whiff
 whimsical
-whinny
-whiny
 whisking
 whoever
 whole
@@ -7600,7 +7547,6 @@ wrongness
 wrought
 xbox
 xerox
-yahoo
 yam
 yanking
 yapping

app/migrations/versions/2024_111315_842ac670096e_add_missing_indices_on_user_and_mailbox.py

@@ -0,0 +1,30 @@
+"""add missing indices on user and mailbox
+
+Revision ID: 842ac670096e
+Revises: bc9aa210efa3
+Create Date: 2024-11-13 15:55:28.798506
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '842ac670096e'
+down_revision = 'bc9aa210efa3'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.get_context().autocommit_block():
+        op.create_index('ix_mailbox_pgp_finger_print', 'mailbox', ['pgp_finger_print'], unique=False)
+        op.create_index('ix_users_default_mailbox_id', 'users', ['default_mailbox_id'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    with op.get_context().autocommit_block():
+        op.drop_index('ix_users_default_mailbox_id', table_name='users')
+        op.drop_index('ix_mailbox_pgp_finger_print', table_name='mailbox')

app/migrations/versions/2024_111410_12274da2299f_add_missing_indices_on_email_log.py

@@ -0,0 +1,29 @@
+"""add missing indices on email log
+
+Revision ID: 12274da2299f
+Revises: 842ac670096e
+Create Date: 2024-11-14 10:27:20.371191
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '12274da2299f'
+down_revision = '842ac670096e'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.get_context().autocommit_block():
+        op.create_index('ix_email_log_bounced_mailbox_id', 'email_log', ['bounced_mailbox_id'], unique=False)
+        op.create_index('ix_email_log_mailbox_id', 'email_log', ['mailbox_id'], unique=False)
+
+
+def downgrade():
+    with op.get_context().autocommit_block():
+        op.drop_index('ix_email_log_mailbox_id', table_name='email_log')
+        op.drop_index('ix_email_log_bounced_mailbox_id', table_name='email_log')

app/migrations/versions/2024_111512_0f3ee15b0014_add_missing_indices_for_fk_constraints.py

@@ -0,0 +1,102 @@
+"""add missing indices for fk constraints
+
+Revision ID: 0f3ee15b0014
+Revises: 12274da2299f
+Create Date: 2024-11-15 12:29:10.739938
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '0f3ee15b0014'
+down_revision = '12274da2299f'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.get_context().autocommit_block():
+        op.create_index('ix_activation_code_user_id', 'activation_code', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_alias_original_owner_id', 'alias', ['original_owner_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_alias_used_on_user_id', 'alias_used_on', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_api_to_cookie_token_api_key_id', 'api_cookie_token', ['api_key_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_api_to_cookie_token_user_id', 'api_cookie_token', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_api_key_code', 'api_key', ['code'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_api_key_user_id', 'api_key', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_authorization_code_client_id', 'authorization_code', ['client_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_authorization_code_user_id', 'authorization_code', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_authorized_address_user_id', 'authorized_address', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_auto_create_rule_custom_domain_id', 'auto_create_rule', ['custom_domain_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_batch_import_file_id', 'batch_import', ['file_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_batch_import_user_id', 'batch_import', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_client_icon_id', 'client', ['icon_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_client_referral_id', 'client', ['referral_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_client_user_id', 'client', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_coupon_used_by_user_id', 'coupon', ['used_by_user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_directory_user_id', 'directory', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_domain_deleted_alias_user_id', 'domain_deleted_alias', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_email_log_refused_email_id', 'email_log', ['refused_email_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_fido_user_id', 'fido', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_file_user_id', 'file', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_hibp_notified_alias_user_id', 'hibp_notified_alias', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_mfa_browser_user_id', 'mfa_browser', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_newsletter_user_user_id', 'newsletter_user', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_oauth_token_client_id', 'oauth_token', ['client_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_oauth_token_user_id', 'oauth_token', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_payout_user_id', 'payout', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_phone_reservation_user_id', 'phone_reservation', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_provider_complaint_refused_email_id', 'provider_complaint', ['refused_email_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_provider_complaint_user_id', 'provider_complaint', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_redirect_uri_client_id', 'redirect_uri', ['client_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_referral_user_id', 'referral', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_refused_email_user_id', 'refused_email', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_reset_password_code_user_id', 'reset_password_code', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_sent_alert_user_id', 'sent_alert', ['user_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_users_default_alias_custom_domain_id', 'users', ['default_alias_custom_domain_id'], unique=False, postgresql_concurrently=True)
+        op.create_index('ix_users_profile_picture_id', 'users', ['profile_picture_id'], unique=False, postgresql_concurrently=True)
+
+
+
+def downgrade():
+    with op.get_context().autocommit_block():
+        op.drop_index('ix_users_profile_picture_id', table_name='users')
+        op.drop_index('ix_users_default_alias_custom_domain_id', table_name='users')
+        op.drop_index('ix_sent_alert_user_id', table_name='sent_alert')
+        op.drop_index('ix_reset_password_code_user_id', table_name='reset_password_code')
+        op.drop_index('ix_refused_email_user_id', table_name='refused_email')
+        op.drop_index('ix_referral_user_id', table_name='referral')
+        op.drop_index('ix_redirect_uri_client_id', table_name='redirect_uri')
+        op.drop_index('ix_provider_complaint_user_id', table_name='provider_complaint')
+        op.drop_index('ix_provider_complaint_refused_email_id', table_name='provider_complaint')
+        op.drop_index('ix_phone_reservation_user_id', table_name='phone_reservation')
+        op.drop_index('ix_payout_user_id', table_name='payout')
+        op.drop_index('ix_oauth_token_user_id', table_name='oauth_token')
+        op.drop_index('ix_oauth_token_client_id', table_name='oauth_token')
+        op.drop_index('ix_newsletter_user_user_id', table_name='newsletter_user')
+        op.drop_index('ix_mfa_browser_user_id', table_name='mfa_browser')
+        op.drop_index('ix_hibp_notified_alias_user_id', table_name='hibp_notified_alias')
+        op.drop_index('ix_file_user_id', table_name='file')
+        op.drop_index('ix_fido_user_id', table_name='fido')
+        op.drop_index('ix_email_log_refused_email_id', table_name='email_log')
+        op.drop_index('ix_domain_deleted_alias_user_id', table_name='domain_deleted_alias')
+        op.drop_index('ix_directory_user_id', table_name='directory')
+        op.drop_index('ix_coupon_used_by_user_id', table_name='coupon')
+        op.drop_index('ix_client_user_id', table_name='client')
+        op.drop_index('ix_client_referral_id', table_name='client')
+        op.drop_index('ix_client_icon_id', table_name='client')
+        op.drop_index('ix_batch_import_user_id', table_name='batch_import')
+        op.drop_index('ix_batch_import_file_id', table_name='batch_import')
+        op.drop_index('ix_auto_create_rule_custom_domain_id', table_name='auto_create_rule')
+        op.drop_index('ix_authorized_address_user_id', table_name='authorized_address')
+        op.drop_index('ix_authorization_code_user_id', table_name='authorization_code')
+        op.drop_index('ix_authorization_code_client_id', table_name='authorization_code')
+        op.drop_index('ix_api_key_user_id', table_name='api_key')
+        op.drop_index('ix_api_key_code', table_name='api_key')
+        op.drop_index('ix_api_to_cookie_token_user_id', table_name='api_cookie_token')
+        op.drop_index('ix_api_to_cookie_token_api_key_id', table_name='api_cookie_token')
+        op.drop_index('ix_alias_used_on_user_id', table_name='alias_used_on')
+        op.drop_index('ix_alias_original_owner_id', table_name='alias')
+        op.drop_index('ix_activation_code_user_id', table_name='activation_code')

app/migrations/versions/2024_112619_085f77996ce3_.py

@@ -0,0 +1,35 @@
+"""empty message
+
+Revision ID: 085f77996ce3
+Revises: 0f3ee15b0014
+Create Date: 2024-11-26 19:20:32.227899
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '085f77996ce3'
+down_revision = '0f3ee15b0014'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('partner_subscription', sa.Column('lifetime', sa.Boolean(), server_default='0', nullable=False))
+    op.alter_column('partner_subscription', 'end_at',
+               existing_type=postgresql.TIMESTAMP(),
+               nullable=True)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('partner_subscription', 'end_at',
+               existing_type=postgresql.TIMESTAMP(),
+               nullable=False)
+    op.drop_column('partner_subscription', 'lifetime')
+    # ### end Alembic commands ###

app/pyproject.toml

@@ -1,20 +1,101 @@
+[project]
+name = "SimpleLogin"
+version = "0.1.0"
+description = "SimpleLogin partner API"
+authors = [ {name="SimpleLogin", email="dev@simplelogin.io"}]
+license = "MIT"
+repository = "https://github.com/simple-login/app"
+keywords = ["email", "alias", "privacy", "oauth2", "openid"]
+packages = [
+    { include = "app/" },
+    { include = "migrations/" },
+]
+include = ["templates/*", "templates/**/*", "local_data/*.txt"]
+
+requires-python = "~=3.10"
+
+dependencies = [
+    "flask ~= 1.1.2",
+    "flask_login ~= 0.5.0",
+    "wtforms ~= 2.3.3",
+    "unidecode ~= 1.1.1",
+    "gunicorn ~= 20.0.4",
+    "bcrypt ~= 3.2.0",
+    "python-dotenv ~= 0.14.0",
+    "ipython ~= 7.31.1",
+    "sqlalchemy_utils ~= 0.36.8",
+    "psycopg2-binary ~= 2.9.3",
+    "sentry_sdk ~= 2.20.0",
+    "blinker ~= 1.4",
+    "arrow ~= 0.16.0",
+    "Flask-WTF ~= 0.14.3",
+    "boto3 ~= 1.35.37",
+    "Flask-Migrate ~= 2.5.3",
+    "flask_admin ~= 1.5.6",
+    "flask-cors ~= 3.0.9",
+    "watchtower ~= 0.8.0",
+    "sqlalchemy-utils == 0.36.8",
+    "jwcrypto ~= 0.8",
+    "yacron~=0.11.2",
+    "flask-debugtoolbar ~= 0.11.0",
+    "requests_oauthlib ~= 1.3.0",
+    "pyopenssl ~= 19.1.0",
+    "aiosmtpd ~= 1.2",
+    "dnspython==2.0.0",
+    "coloredlogs ~= 14.0",
+    "pycryptodome ~= 3.9.8",
+    "phpserialize ~= 1.3",
+    "dkimpy ~= 1.0.5",
+    "pyotp ~= 2.4.0",
+    "flask_profiler ~= 1.8.1",
+    "facebook-sdk ~= 3.1.0",
+    "google-api-python-client ~= 1.12.3",
+    "google-auth-httplib2 ~= 0.0.4",
+    "python-gnupg ~= 0.4.6",
+    "webauthn ~= 0.4.7",
+    "pyspf ~= 2.0.14",
+    "Flask-Limiter == 1.4",
+    "memory_profiler ~= 0.57.0",
+    "gevent ~= 24.11.1",
+    "email-validator ~= 1.1.3",
+    "PGPy == 0.5.4",
+    "coinbase-commerce ~= 1.0.1",
+    "requests ~= 2.25.1",
+    "newrelic ~= 8.8.0",
+    "flanker ~= 0.9.11",
+    "pyre2 ~= 0.3.6",
+    "tldextract ~= 3.1.2",
+    "flask-debugtoolbar-sqlalchemy ~= 0.2.0",
+    "twilio ~= 7.3.2",
+    "Deprecated ~= 1.2.13",
+    "MarkupSafe~=1.1.1",
+    "cryptography ~= 37.0.1",
+    "SQLAlchemy ~= 1.3.24",
+    "redis==4.6.0",
+    "newrelic-telemetry-sdk ~= 0.5.0",
+    "aiospamc == 0.10",
+    "itsdangerous ~= 1.1.0",
+    "werkzeug ~= 1.0.1",
+    "alembic ~= 1.4.3",
+]
+
 [tool.black]
 target-version = ['py310']
 exclude = '''
 (
-  /(
-      \.eggs         # exclude a few common directories in the
-    | \.git          # root of the project
-    | \.hg
-    | \.mypy_cache
-    | \.tox
-    | \.venv
-    | _build
-    | buck-out
-    | build
-    | dist
-    | migrations    # migrations/ is generated by alembic
-    | app/events/generated
+ /(
+   \.eggs         # exclude a few common directories in the
+   | \.git          # root of the project
+   | \.hg
+   | \.mypy_cache
+   | \.tox
+   | \.venv
+   | _build
+   | buck-out
+   | build
+   | dist
+   | migrations    # migrations/ is generated by alembic
+   | app/events/generated
   )/
 )
 '''
@@ -27,7 +108,6 @@ exclude = [".venv", "migrations", "app/events/generated"]
 indent = 2
 profile = "jinja"
 blank_line_after_tag = "if,for,include,load,extends,block,endcall"
-
 # H006: Images should have a height attribute
 # H013: Images should have an alt attribute
 # H016: Missing title tag in html. | False positive on template
@@ -43,92 +123,26 @@ blank_line_after_tag = "if,for,include,load,extends,block,endcall"
 # T001: Variables should be wrapped in a single whitespace. | Messes up with comments
 ignore = "H006,H013,H016,H017,H019,H021,H025,H030,H031,T003,J004,J018,T001"
 
-[tool.poetry]
-name = "SimpleLogin"
-version = "0.1.0"
-description = "open-source email alias solution"
-authors = ["SimpleLogin <dev@simplelogin.io>"]
-license = "MIT"
-repository = "https://github.com/simple-login/app"
-keywords = ["email", "alias", "privacy", "oauth2", "openid"]
-packages = [
-  { include = "app/" },
-  { include = "migrations/" },
+[tool.uv]
+dev-dependencies = [
+    "pytest ~= 7.0.0",
+    "pytest-cov ~= 3.0.0",
+    "pre-commit ~= 2.17.0",
+    "black ~= 22.1.0",
+    "djlint==1.34.1",
+    "pylint ~= 2.14.4",
+    "ruff ~= 0.1.5",
 ]
-include = ["templates/*", "templates/**/*", "local_data/*.txt"]
-
-[tool.poetry.dependencies]
-python = "^3.10"
-flask = "^1.1.2"
-flask_login = "^0.5.0"
-wtforms = "^2.3.3"
-unidecode = "^1.1.1"
-gunicorn = "^20.0.4"
-bcrypt = "^3.2.0"
-python-dotenv = "^0.14.0"
-ipython = "^7.31.1"
-sqlalchemy_utils = "^0.36.8"
-psycopg2-binary = "^2.9.3"
-sentry_sdk = "^2.16.0"
-blinker = "^1.4"
-arrow = "^0.16.0"
-Flask-WTF = "^0.14.3"
-boto3 = "^1.15.9"
-Flask-Migrate = "^2.5.3"
-flask_admin = "^1.5.6"
-flask-cors = "^3.0.9"
-watchtower = "^0.8.0"
-sqlalchemy-utils = "^0.36.8"
-jwcrypto = "^0.8"
-yacron = "^0.11.1"
-flask-debugtoolbar = "^0.11.0"
-requests_oauthlib = "^1.3.0"
-pyopenssl = "^19.1.0"
-aiosmtpd = "^1.2"
-dnspython = "^2.0.0"
-coloredlogs = "^14.0"
-pycryptodome = "^3.9.8"
-phpserialize = "^1.3"
-dkimpy = "^1.0.5"
-pyotp = "^2.4.0"
-flask_profiler = "^1.8.1"
-facebook-sdk = "^3.1.0"
-google-api-python-client = "^1.12.3"
-google-auth-httplib2 = "^0.0.4"
-python-gnupg = "^0.4.6"
-webauthn = "^0.4.7"
-pyspf = "^2.0.14"
-Flask-Limiter = "^1.4"
-memory_profiler = "^0.57.0"
-gevent = "22.10.2"
-email_validator = "^1.1.1"
-PGPy = "0.5.4"
-coinbase-commerce = "^1.0.1"
-requests = "^2.25.1"
-newrelic = "8.8.0"
-flanker = "^0.9.11"
-pyre2 = "^0.3.6"
-tldextract = "^3.1.2"
-flask-debugtoolbar-sqlalchemy = "^0.2.0"
-twilio = "^7.3.2"
-Deprecated = "^1.2.13"
-cryptography = "37.0.1"
-SQLAlchemy = "1.3.24"
-redis = "^4.5.3"
-newrelic-telemetry-sdk = "^0.5.0"
-aiospamc = "0.10"
-
-[tool.poetry.dev-dependencies]
-pytest = "^7.0.0"
-pytest-cov = "^3.0.0"
-black = "^22.1.0"
-djlint = "^1.3.0"
-pylint = "^2.14.4"
-
-[tool.poetry.group.dev.dependencies]
-ruff = "^0.1.5"
-pre-commit = "^3.8.0"
 
 [build-system]
-requires = ["poetry>=0.12"]
-build-backend = "poetry.masonry.api"
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.metadata]
+allow-direct-references = true
+
+[tool.hatch.build.targets.sdist]
+include = ["app", "local_data", "migrations", "templates"]
+
+[tool.hatch.build.targets.wheel]
+packages = ["app", "local_data", "migrations", "templates"]

app/requirements-dev.lock

@@ -0,0 +1,469 @@
+# generated by rye
+# use `rye lock` or `rye sync` to update this lockfile
+#
+# last locked with the following flags:
+#   pre: false
+#   features: []
+#   all-features: false
+#   with-sources: false
+#   generate-hashes: false
+#   universal: false
+
+-e file:.
+aiohappyeyeballs==2.4.4
+    # via aiohttp
+aiohttp==3.11.11
+    # via yacron
+aiosignal==1.3.2
+    # via aiohttp
+aiosmtpd==1.4.6
+    # via simplelogin
+aiosmtplib==3.0.2
+    # via yacron
+aiospamc==0.10.0
+    # via simplelogin
+alembic==1.14.0
+    # via flask-migrate
+appnope==0.1.4
+    # via ipython
+arrow==0.16.0
+    # via simplelogin
+astroid==2.11.7
+    # via pylint
+async-timeout==5.0.1
+    # via aiohttp
+    # via redis
+atpublic==5.0
+    # via aiosmtpd
+attrs==24.3.0
+    # via aiohttp
+    # via aiosmtpd
+    # via flanker
+    # via pytest
+backcall==0.2.0
+    # via ipython
+bcrypt==3.2.2
+    # via simplelogin
+black==22.1.0
+blinker==1.9.0
+    # via flask-debugtoolbar
+    # via simplelogin
+boto3==1.35.99
+    # via simplelogin
+    # via watchtower
+botocore==1.35.99
+    # via boto3
+    # via s3transfer
+cachetools==5.5.0
+    # via google-auth
+cbor2==5.6.5
+    # via webauthn
+certifi==2024.12.14
+    # via aiospamc
+    # via requests
+    # via sentry-sdk
+cffi==1.17.1
+    # via bcrypt
+    # via cryptography
+cfgv==3.4.0
+    # via pre-commit
+chardet==4.0.0
+    # via flanker
+    # via requests
+click==8.1.8
+    # via black
+    # via djlint
+    # via flask
+    # via typer
+coinbase-commerce==1.0.1
+    # via simplelogin
+colorama==0.4.6
+    # via djlint
+coloredlogs==14.3
+    # via simplelogin
+coverage==7.6.10
+    # via pytest-cov
+crontab==0.22.8
+    # via yacron
+cryptography==37.0.4
+    # via flanker
+    # via jwcrypto
+    # via pgpy
+    # via pyopenssl
+    # via simplelogin
+    # via webauthn
+decorator==5.1.1
+    # via ipython
+deprecated==1.2.15
+    # via jwcrypto
+    # via limits
+    # via simplelogin
+dill==0.3.9
+    # via pylint
+distlib==0.3.9
+    # via virtualenv
+djlint==1.3.0
+dkimpy==1.0.6
+    # via simplelogin
+dnspython==2.6.1
+    # via dkimpy
+    # via email-validator
+    # via simplelogin
+email-validator==1.1.3
+    # via simplelogin
+facebook-sdk==3.1.0
+    # via simplelogin
+filelock==3.16.1
+    # via tldextract
+    # via virtualenv
+flanker==0.9.11
+    # via simplelogin
+flask==1.1.2
+    # via flask-admin
+    # via flask-cors
+    # via flask-debugtoolbar
+    # via flask-httpauth
+    # via flask-limiter
+    # via flask-login
+    # via flask-migrate
+    # via flask-profiler
+    # via flask-sqlalchemy
+    # via flask-wtf
+    # via simplelogin
+flask-admin==1.5.8
+    # via simplelogin
+flask-cors==3.0.10
+    # via simplelogin
+flask-debugtoolbar==0.11.0
+    # via flask-debugtoolbar-sqlalchemy
+    # via simplelogin
+flask-debugtoolbar-sqlalchemy==0.2.0
+    # via simplelogin
+flask-httpauth==4.8.0
+    # via flask-profiler
+flask-limiter==1.4
+    # via simplelogin
+flask-login==0.5.0
+    # via simplelogin
+flask-migrate==2.5.3
+    # via simplelogin
+flask-profiler==1.8.1
+    # via simplelogin
+flask-sqlalchemy==2.5.1
+    # via flask-migrate
+flask-wtf==0.14.3
+    # via simplelogin
+frozenlist==1.5.0
+    # via aiohttp
+    # via aiosignal
+future==1.0.0
+    # via webauthn
+gevent==24.11.1
+    # via simplelogin
+google-api-core==2.24.0
+    # via google-api-python-client
+google-api-python-client==1.12.11
+    # via simplelogin
+google-auth==2.37.0
+    # via google-api-core
+    # via google-api-python-client
+    # via google-auth-httplib2
+google-auth-httplib2==0.0.4
+    # via google-api-python-client
+    # via simplelogin
+googleapis-common-protos==1.66.0
+    # via google-api-core
+greenlet==3.1.1
+    # via gevent
+gunicorn==20.0.4
+    # via simplelogin
+html-tag-names==0.1.2
+    # via djlint
+html-void-elements==0.1.0
+    # via djlint
+httplib2==0.22.0
+    # via google-api-python-client
+    # via google-auth-httplib2
+humanfriendly==10.0
+    # via coloredlogs
+identify==2.6.5
+    # via pre-commit
+idna==2.10
+    # via email-validator
+    # via flanker
+    # via requests
+    # via tldextract
+    # via yarl
+importlib-metadata==4.13.0
+    # via djlint
+iniconfig==2.0.0
+    # via pytest
+ipython==7.31.1
+    # via simplelogin
+isort==5.13.2
+    # via pylint
+itsdangerous==1.1.0
+    # via flask
+    # via flask-debugtoolbar
+    # via flask-wtf
+    # via simplelogin
+jedi==0.19.2
+    # via ipython
+jinja2==2.11.3
+    # via flask
+    # via yacron
+jmespath==1.0.1
+    # via boto3
+    # via botocore
+jwcrypto==0.9.1
+    # via simplelogin
+lazy-object-proxy==1.10.0
+    # via astroid
+limits==4.0.0
+    # via flask-limiter
+loguru==0.7.3
+    # via aiospamc
+mako==1.3.8
+    # via alembic
+markupsafe==1.1.1
+    # via jinja2
+    # via mako
+    # via simplelogin
+    # via wtforms
+matplotlib-inline==0.1.7
+    # via ipython
+mccabe==0.7.0
+    # via pylint
+memory-profiler==0.57.0
+    # via simplelogin
+multidict==6.1.0
+    # via aiohttp
+    # via yarl
+mypy-extensions==1.0.0
+    # via black
+newrelic==8.8.1
+    # via simplelogin
+newrelic-telemetry-sdk==0.5.1
+    # via simplelogin
+nodeenv==1.9.1
+    # via pre-commit
+oauthlib==3.2.2
+    # via requests-oauthlib
+packaging==24.2
+    # via limits
+    # via pytest
+parso==0.8.4
+    # via jedi
+pathspec==0.9.0
+    # via black
+    # via djlint
+pexpect==4.9.0
+    # via ipython
+pgpy==0.5.4
+    # via simplelogin
+phpserialize==1.3
+    # via simplelogin
+pickleshare==0.7.5
+    # via ipython
+platformdirs==4.3.6
+    # via black
+    # via pylint
+    # via virtualenv
+pluggy==1.5.0
+    # via pytest
+ply==3.11
+    # via flanker
+pre-commit==2.17.0
+prompt-toolkit==3.0.48
+    # via ipython
+propcache==0.2.1
+    # via aiohttp
+    # via yarl
+proto-plus==1.25.0
+    # via google-api-core
+protobuf==5.29.3
+    # via google-api-core
+    # via googleapis-common-protos
+    # via proto-plus
+psutil==6.1.1
+    # via memory-profiler
+psycopg2-binary==2.9.10
+    # via simplelogin
+ptyprocess==0.7.0
+    # via pexpect
+py==1.11.0
+    # via pytest
+pyasn1==0.6.1
+    # via pgpy
+    # via pyasn1-modules
+    # via rsa
+pyasn1-modules==0.4.1
+    # via google-auth
+pycparser==2.22
+    # via cffi
+pycryptodome==3.9.9
+    # via simplelogin
+pygments==2.19.1
+    # via flask-debugtoolbar-sqlalchemy
+    # via ipython
+pyjwt==2.10.1
+    # via twilio
+pylint==2.14.5
+pyopenssl==19.1.0
+    # via simplelogin
+    # via webauthn
+pyotp==2.4.1
+    # via simplelogin
+pyparsing==3.2.1
+    # via httplib2
+pyre2==0.3.6
+    # via simplelogin
+pyspf==2.0.14
+    # via simplelogin
+pytest==7.0.1
+    # via pytest-cov
+pytest-cov==3.0.0
+python-dateutil==2.9.0.post0
+    # via arrow
+    # via botocore
+    # via strictyaml
+python-dotenv==0.14.0
+    # via simplelogin
+python-gnupg==0.4.9
+    # via simplelogin
+pytz==2024.2
+    # via twilio
+    # via yacron
+pyyaml==6.0.2
+    # via djlint
+    # via pre-commit
+redis==4.5.5
+    # via simplelogin
+regex==2022.10.31
+    # via djlint
+    # via flanker
+requests==2.25.1
+    # via coinbase-commerce
+    # via facebook-sdk
+    # via google-api-core
+    # via requests-file
+    # via requests-oauthlib
+    # via simplelogin
+    # via tldextract
+    # via twilio
+requests-file==2.1.0
+    # via tldextract
+requests-oauthlib==1.3.1
+    # via simplelogin
+rsa==4.9
+    # via google-auth
+ruamel-yaml==0.17.4
+    # via yacron
+ruff==0.1.15
+s3transfer==0.10.4
+    # via boto3
+sentry-sdk==2.20.0
+    # via simplelogin
+    # via yacron
+setuptools==75.8.0
+    # via astroid
+    # via gunicorn
+    # via ipython
+    # via zope-event
+    # via zope-interface
+simplejson==3.19.3
+    # via flask-profiler
+six==1.17.0
+    # via coinbase-commerce
+    # via flanker
+    # via flask-cors
+    # via flask-limiter
+    # via google-api-python-client
+    # via google-auth-httplib2
+    # via jwcrypto
+    # via pgpy
+    # via pyopenssl
+    # via python-dateutil
+    # via sqlalchemy-utils
+    # via webauthn
+sqlalchemy==1.3.24
+    # via alembic
+    # via flask-debugtoolbar-sqlalchemy
+    # via flask-sqlalchemy
+    # via simplelogin
+    # via sqlalchemy-utils
+sqlalchemy-utils==0.36.8
+    # via simplelogin
+sqlparse==0.5.3
+    # via flask-debugtoolbar-sqlalchemy
+strictyaml==1.7.3
+    # via yacron
+tld==0.13
+    # via flanker
+tldextract==3.1.2
+    # via simplelogin
+toml==0.10.2
+    # via pre-commit
+tomli==2.2.1
+    # via black
+    # via coverage
+    # via djlint
+    # via pylint
+    # via pytest
+tomlkit==0.13.2
+    # via pylint
+tqdm==4.67.1
+    # via djlint
+traitlets==5.14.3
+    # via ipython
+    # via matplotlib-inline
+twilio==7.3.2
+    # via simplelogin
+typer==0.9.4
+    # via aiospamc
+typing-extensions==4.12.2
+    # via aiospamc
+    # via alembic
+    # via limits
+    # via multidict
+    # via typer
+unidecode==1.1.2
+    # via simplelogin
+uritemplate==3.0.1
+    # via google-api-python-client
+urllib3==1.26.20
+    # via botocore
+    # via newrelic-telemetry-sdk
+    # via requests
+    # via sentry-sdk
+virtualenv==20.29.0
+    # via pre-commit
+watchtower==0.8.0
+    # via simplelogin
+wcwidth==0.2.13
+    # via prompt-toolkit
+webauthn==0.4.7
+    # via simplelogin
+webob==1.8.9
+    # via flanker
+werkzeug==1.0.1
+    # via flask
+    # via flask-debugtoolbar
+    # via simplelogin
+wrapt==1.17.2
+    # via astroid
+    # via deprecated
+wtforms==2.3.3
+    # via flask-admin
+    # via flask-wtf
+    # via simplelogin
+yacron==0.19.0
+    # via simplelogin
+yarl==1.18.3
+    # via aiohttp
+zipp==3.21.0
+    # via importlib-metadata
+zope-event==5.0
+    # via gevent
+zope-interface==7.2
+    # via gevent

app/requirements.lock

@@ -0,0 +1,392 @@
+# generated by rye
+# use `rye lock` or `rye sync` to update this lockfile
+#
+# last locked with the following flags:
+#   pre: false
+#   features: []
+#   all-features: false
+#   with-sources: false
+#   generate-hashes: false
+#   universal: false
+
+-e file:.
+aiohttp==3.8.4
+    # via google-auth
+    # via yacron
+aiosignal==1.2.0
+    # via aiohttp
+aiosmtpd==1.4.2
+    # via simplelogin
+aiosmtplib==1.1.4
+    # via yacron
+aiospamc==0.10.0
+    # via simplelogin
+alembic==1.4.3
+    # via flask-migrate
+appnope==0.1.0
+    # via ipython
+arrow==0.16.0
+    # via simplelogin
+async-timeout==4.0.2
+    # via aiohttp
+    # via redis
+atpublic==2.0
+    # via aiosmtpd
+attrs==20.2.0
+    # via aiohttp
+    # via aiosmtpd
+    # via flanker
+backcall==0.2.0
+    # via ipython
+bcrypt==3.2.0
+    # via simplelogin
+blinker==1.4
+    # via flask-debugtoolbar
+    # via simplelogin
+boto3==1.35.99
+    # via simplelogin
+    # via watchtower
+botocore==1.35.99
+    # via boto3
+    # via s3transfer
+cachetools==4.1.1
+    # via google-auth
+cbor2==5.2.0
+    # via webauthn
+certifi==2019.11.28
+    # via aiospamc
+    # via requests
+    # via sentry-sdk
+cffi==1.14.4
+    # via bcrypt
+    # via cryptography
+chardet==3.0.4
+    # via flanker
+    # via requests
+charset-normalizer==3.4.1
+    # via aiohttp
+click==8.0.3
+    # via flask
+    # via typer
+coinbase-commerce==1.0.1
+    # via simplelogin
+coloredlogs==14.0
+    # via simplelogin
+crontab==0.22.8
+    # via yacron
+cryptography==37.0.1
+    # via flanker
+    # via jwcrypto
+    # via pgpy
+    # via pyopenssl
+    # via simplelogin
+    # via webauthn
+decorator==4.4.2
+    # via ipython
+deprecated==1.2.13
+    # via simplelogin
+dkimpy==1.0.5
+    # via simplelogin
+dnspython==2.6.1
+    # via dkimpy
+    # via email-validator
+    # via simplelogin
+email-validator==1.1.3
+    # via simplelogin
+facebook-sdk==3.1.0
+    # via simplelogin
+filelock==3.15.4
+    # via tldextract
+flanker==0.9.11
+    # via simplelogin
+flask==1.1.2
+    # via flask-admin
+    # via flask-cors
+    # via flask-debugtoolbar
+    # via flask-httpauth
+    # via flask-limiter
+    # via flask-login
+    # via flask-migrate
+    # via flask-profiler
+    # via flask-sqlalchemy
+    # via flask-wtf
+    # via simplelogin
+flask-admin==1.5.7
+    # via simplelogin
+flask-cors==3.0.9
+    # via simplelogin
+flask-debugtoolbar==0.11.0
+    # via flask-debugtoolbar-sqlalchemy
+    # via simplelogin
+flask-debugtoolbar-sqlalchemy==0.2.0
+    # via simplelogin
+flask-httpauth==4.1.0
+    # via flask-profiler
+flask-limiter==1.4
+    # via simplelogin
+flask-login==0.5.0
+    # via simplelogin
+flask-migrate==2.5.3
+    # via simplelogin
+flask-profiler==1.8.1
+    # via simplelogin
+flask-sqlalchemy==2.5.1
+    # via flask-migrate
+flask-wtf==0.14.3
+    # via simplelogin
+frozenlist==1.3.3
+    # via aiohttp
+    # via aiosignal
+future==0.18.3
+    # via webauthn
+gevent==24.11.1
+    # via simplelogin
+google-api-core==1.22.2
+    # via google-api-python-client
+google-api-python-client==1.12.3
+    # via simplelogin
+google-auth==1.22.0
+    # via google-api-core
+    # via google-api-python-client
+    # via google-auth-httplib2
+google-auth-httplib2==0.0.4
+    # via google-api-python-client
+    # via simplelogin
+googleapis-common-protos==1.52.0
+    # via google-api-core
+greenlet==3.1.1
+    # via gevent
+gunicorn==20.0.4
+    # via simplelogin
+httplib2==0.22.0
+    # via google-api-python-client
+    # via google-auth-httplib2
+humanfriendly==8.2
+    # via coloredlogs
+idna==2.10
+    # via email-validator
+    # via flanker
+    # via requests
+    # via tldextract
+    # via yarl
+ipython==7.31.1
+    # via simplelogin
+ipython-genutils==0.2.0
+    # via traitlets
+itsdangerous==1.1.0
+    # via flask
+    # via flask-debugtoolbar
+    # via flask-wtf
+    # via simplelogin
+jedi==0.17.2
+    # via ipython
+jinja2==2.11.3
+    # via flask
+    # via yacron
+jmespath==0.10.0
+    # via boto3
+    # via botocore
+jwcrypto==0.8
+    # via simplelogin
+limits==1.5.1
+    # via flask-limiter
+loguru==0.7.2
+    # via aiospamc
+mako==1.2.4
+    # via alembic
+markupsafe==1.1.1
+    # via jinja2
+    # via mako
+    # via simplelogin
+    # via wtforms
+matplotlib-inline==0.1.3
+    # via ipython
+memory-profiler==0.57.0
+    # via simplelogin
+multidict==4.7.6
+    # via aiohttp
+    # via yarl
+newrelic==8.8.0
+    # via simplelogin
+newrelic-telemetry-sdk==0.5.0
+    # via simplelogin
+oauthlib==3.1.0
+    # via requests-oauthlib
+parso==0.7.1
+    # via jedi
+pexpect==4.8.0
+    # via ipython
+pgpy==0.5.4
+    # via simplelogin
+phpserialize==1.3
+    # via simplelogin
+pickleshare==0.7.5
+    # via ipython
+ply==3.11
+    # via flanker
+prompt-toolkit==3.0.7
+    # via ipython
+protobuf==5.27.1
+    # via google-api-core
+    # via googleapis-common-protos
+psutil==5.7.2
+    # via memory-profiler
+psycopg2-binary==2.9.3
+    # via simplelogin
+ptyprocess==0.6.0
+    # via pexpect
+pyasn1==0.4.8
+    # via pgpy
+    # via pyasn1-modules
+    # via rsa
+pyasn1-modules==0.2.8
+    # via google-auth
+pycparser==2.20
+    # via cffi
+pycryptodome==3.9.8
+    # via simplelogin
+pygments==2.7.4
+    # via flask-debugtoolbar-sqlalchemy
+    # via ipython
+pyjwt==2.4.0
+    # via twilio
+pyopenssl==19.1.0
+    # via simplelogin
+    # via webauthn
+pyotp==2.4.0
+    # via simplelogin
+pyparsing==2.4.7
+    # via httplib2
+pyre2==0.3.6
+    # via simplelogin
+pyspf==2.0.14
+    # via simplelogin
+python-dateutil==2.8.1
+    # via alembic
+    # via arrow
+    # via botocore
+    # via strictyaml
+python-dotenv==0.14.0
+    # via simplelogin
+python-editor==1.0.4
+    # via alembic
+python-gnupg==0.4.6
+    # via simplelogin
+pytz==2020.1
+    # via google-api-core
+    # via twilio
+    # via yacron
+redis==4.5.5
+    # via simplelogin
+regex==2023.12.25
+    # via flanker
+requests==2.25.1
+    # via coinbase-commerce
+    # via facebook-sdk
+    # via google-api-core
+    # via requests-file
+    # via requests-oauthlib
+    # via simplelogin
+    # via tldextract
+    # via twilio
+requests-file==1.5.1
+    # via tldextract
+requests-oauthlib==1.3.0
+    # via simplelogin
+rsa==4.6
+    # via google-auth
+ruamel-yaml==0.17.4
+    # via strictyaml
+    # via yacron
+s3transfer==0.10.4
+    # via boto3
+sentry-sdk==2.20.0
+    # via simplelogin
+    # via yacron
+setuptools==67.6.0
+    # via google-api-core
+    # via google-auth
+    # via gunicorn
+    # via ipython
+    # via zope-event
+    # via zope-interface
+simplejson==3.17.2
+    # via flask-profiler
+six==1.15.0
+    # via bcrypt
+    # via coinbase-commerce
+    # via flanker
+    # via flask-cors
+    # via flask-limiter
+    # via google-api-core
+    # via google-api-python-client
+    # via google-auth
+    # via google-auth-httplib2
+    # via limits
+    # via pgpy
+    # via pyopenssl
+    # via python-dateutil
+    # via requests-file
+    # via sqlalchemy-utils
+    # via webauthn
+sqlalchemy==1.3.24
+    # via alembic
+    # via flask-debugtoolbar-sqlalchemy
+    # via flask-sqlalchemy
+    # via simplelogin
+    # via sqlalchemy-utils
+sqlalchemy-utils==0.36.8
+    # via simplelogin
+sqlparse==0.4.4
+    # via flask-debugtoolbar-sqlalchemy
+strictyaml==1.1.0
+    # via yacron
+tld==0.12.6
+    # via flanker
+tldextract==3.1.2
+    # via simplelogin
+traitlets==5.0.4
+    # via ipython
+    # via matplotlib-inline
+twilio==7.3.2
+    # via simplelogin
+typer==0.9.0
+    # via aiospamc
+typing-extensions==4.8.0
+    # via aiospamc
+    # via typer
+unidecode==1.1.1
+    # via simplelogin
+uritemplate==3.0.1
+    # via google-api-python-client
+urllib3==1.26.20
+    # via botocore
+    # via newrelic-telemetry-sdk
+    # via requests
+    # via sentry-sdk
+watchtower==0.8.0
+    # via simplelogin
+wcwidth==0.2.5
+    # via prompt-toolkit
+webauthn==0.4.7
+    # via simplelogin
+webob==1.8.7
+    # via flanker
+werkzeug==1.0.1
+    # via flask
+    # via flask-debugtoolbar
+    # via simplelogin
+wrapt==1.15.0
+    # via deprecated
+wtforms==2.3.3
+    # via flask-admin
+    # via flask-wtf
+    # via simplelogin
+yacron==0.19.0
+    # via simplelogin
+yarl==1.9.2
+    # via aiohttp
+zope-event==5.0
+    # via gevent
+zope-interface==7.2
+    # via gevent

app/scripts/new-migration.sh

@@ -12,10 +12,10 @@ docker run -p 25432:5432 --name ${container_name} -e POSTGRES_PASSWORD=postgres
 sleep 3
 
 # upgrade the DB to the latest stage and
-env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl poetry run alembic upgrade head
+env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl uv run alembic upgrade head
 
 # generate the migration script.
-env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl poetry run alembic revision --autogenerate $@
+env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl uv run alembic revision --autogenerate $@
 
 # remove the db
 docker rm -f ${container_name}

app/scripts/reset_local_db.sh

@@ -3,5 +3,5 @@
 export DB_URI=postgresql://myuser:mypassword@localhost:15432/simplelogin
 echo 'drop schema public cascade; create schema public;' | psql  $DB_URI
 
-poetry run alembic upgrade head
-poetry run flask dummy-data
+uv run alembic upgrade head
+uv run flask dummy-data

app/scripts/reset_test_db.sh

@@ -3,4 +3,4 @@
 export DB_URI=postgresql://myuser:mypassword@localhost:15432/test
 echo 'drop schema public cascade; create schema public;' | psql  $DB_URI
 
-poetry run alembic upgrade head
+uv run alembic upgrade head

app/scripts/run-test.sh

@@ -10,10 +10,10 @@ docker run -d --name sl-test-db -e POSTGRES_PASSWORD=test -e POSTGRES_USER=test
 sleep 3
 
 # migrate the DB to the latest version
-CONFIG=tests/test.env poetry run alembic upgrade head
+CONFIG=tests/test.env uv run alembic upgrade head
 
 # run test
-poetry run pytest -c pytest.ci.ini
+uv run pytest -c pytest.ci.ini
 
 # Delete the test DB
 docker rm -f sl-test-db

app/server.py

@@ -44,6 +44,7 @@ from app.admin_model import (
     MetricAdmin,
     InvalidMailboxDomainAdmin,
     EmailSearchAdmin,
+    CustomDomainSearchAdmin,
 )
 from app.api.base import api_bp
 from app.auth.base import auth_bp
@@ -443,6 +444,11 @@ def init_admin(app):
 
     admin.init_app(app, index_view=SLAdminIndexView())
     admin.add_view(EmailSearchAdmin(name="Email Search", endpoint="email_search"))
+    admin.add_view(
+        CustomDomainSearchAdmin(
+            name="Custom domain search", endpoint="custom_domain_search"
+        )
+    )
     admin.add_view(UserAdmin(User, Session))
     admin.add_view(AliasAdmin(Alias, Session))
     admin.add_view(MailboxAdmin(Mailbox, Session))

app/templates/admin/custom_domain_search.html

@@ -0,0 +1,118 @@
+{% extends 'admin/master.html' %}
+
+{% macro show_user(user) -%}
+    <h4>User <a href="/admin/email_search?email={{ user.email }}">{{ user.email }}</a> with ID {{ user.id }}.</h4>
+    <table class="table">
+        <thead>
+        <tr>
+            <th scope="col">User ID</th>
+            <th scope="col">Email</th>
+            <th scope="col">Verified</th>
+            <th scope="col">Status</th>
+            <th scope="col">Paid</th>
+            <th scope="col">Premium</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr>
+            <td>{{ user.id }}</td>
+            <td>
+                <a href="/admin/email_search?email={{ user.email }}">{{ user.email }}</a>
+            </td>
+            {% if user.activated %}
+
+                <td class="text-success">Activated</td>
+            {% else %}
+                <td class="text-warning">Pending</td>
+            {% endif %}
+            {% if user.disabled %}
+
+                <td class="text-danger">Disabled</td>
+            {% else %}
+                <td class="text-success">Enabled</td>
+            {% endif %}
+            <td>{{ "yes" if user.is_paid() else "No" }}</td>
+            <td>{{ "yes" if user.is_premium() else "No" }}</td>
+        </tr>
+        </tbody>
+    </table>
+{%- endmacro %}
+
+
+{% macro show_verification(title, expected, errors) -%}
+    {% if not expected %}
+        <h4 class="mb-3">{{ title }} <span class="text-success">Verified</span></h4>
+    {% else %}
+        <h4 class="mb-3">{{ title }}</h4>
+        <p>Expected</p>
+        <p>{{expected}}</p>
+        <p>Current response</p>
+        <ul class="list-group">
+        {% for error in errors %}
+            <li class="list-group-item">{{ error }}</li>
+        {% endfor %}
+        </ul>
+    {% endif %}
+{%- endmacro %}
+
+
+{% macro show_domain(domain_with_data) -%}
+    <h3>Domain {{ domain_with_data.domain.domain }}</h3>
+    {% set domain = domain_with_data.domain %}
+    <ul class="list-group">
+        <li class="list-group-item">
+            {{ show_verification("Ownership", domain_with_data.ownership_expected, domain_with_data.ownership_validation.errors) }}
+        </li>
+        <li class="list-group-item">
+            {{ show_verification("MX", domain_with_data.mx_expected, domain_with_data.mx_validation.errors) }}
+        </li>
+        <li class="list-group-item">
+            {{ show_verification("SPF", domain_with_data.spf_expected, domain_with_data.spf_validation.errors) }}
+        </li>
+        {% for dkim_domain in domain_with_data.dkim_expected %}
+            <li class="list-group-item">
+            {{ show_verification("DKIM {}.{}".format(dkim_domain, domain.domain), domain_with_data.dkim_expected[dkim_domain], [domain_with_data.dkim_validation.get(dkim_domain+"."+domain.domain,'')]) }}
+            </li>
+        {% endfor %}
+    </ul>
+
+{%- endmacro %}
+
+
+{% block body %}
+
+    <div class="border border-dark border-2 mt-1 mb-2 p-3">
+        <form method="get">
+            <div class="form-group">
+                <label for="email">User or domain to search:</label>
+                <input type="text"
+                       class="form-control"
+                       name="user"
+                       value="{{ query or '' }}" />
+            </div>
+            <button type="submit" class="btn btn-primary">Submit</button>
+        </form>
+    </div>
+    {% if data.no_match and query %}
+        <div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
+             role="alert">No user, alias or mailbox found for {{ query }}</div>
+    {% endif %}
+    {% if data.user %}
+        <div class="border border-dark border-2 mt-1 mb-2 p-3">
+            <h3 class="mb-3">Found User {{ data.user.email }}</h3>
+            {{ show_user(data.user) }}
+        </div>
+    {% endif %}
+    <div class="d-flex">
+
+    {% for domain_with_data in data.domains  %}
+        <div class="card m-2 border-dark" style="width: 30rem;">
+        <div class="card-body">
+            {{ show_domain(domain_with_data) }}
+        </div>
+        </div>
+    {% endfor %}
+    </div>
+
+
+{% endblock %}

app/templates/admin/email_search.html

@@ -1,286 +1,295 @@
 {% extends 'admin/master.html' %}
 
 {% macro show_user(user) -%}
-    <h4>User {{ user.email }} with ID {{ user.id }}.</h4>
-    {% set pu = helper.partner_user(user) %}
-    <table class="table">
-        <thead>
-        <tr>
-            <th scope="col">User ID</th>
-            <th scope="col">Email</th>
-            <th scope="col">Verified</th>
-            <th scope="col">Status</th>
-            <th scope="col">Paid</th>
-            <th scope="col">Premium</th>
-            <th>Subscription</th>
-            <th>Created At</th>
-            <th>Updated At</th>
-            <th>Connected with Proton account</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr>
-            <td>{{ user.id }}</td>
-            <td><a href="?email={{ user.email }}">{{ user.email }}</a></td>
-            {% if user.activated %}
-                <td class="text-success">Activated</td>
-            {% else %}
-                <td class="text-warning">Pending</td>
-            {% endif %}
-            {% if user.disabled %}
-                <td class="text-danger">Disabled</td>
-            {% else %}
-                <td class="text-success">Enabled</td>
-            {% endif %}
-            <td>{{ "yes" if user.is_paid() else "No" }}</td>
-            <td>{{ "yes" if user.is_premium() else "No" }}</td>
-            <td>{{ user.get_active_subscription() }}</td>
-            <td>{{ user.created_at }}</td>
-            <td>{{ user.updated_at }}</td>
-            {% if pu %}
+  <h4>User {{ user.email }} with ID {{ user.id }}.</h4>
+  {% set pu = helper.partner_user(user) %}
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">User ID</th>
+        <th scope="col">Email</th>
+        <th scope="col">Verified</th>
+        <th scope="col">Status</th>
+        <th scope="col">Paid</th>
+        <th scope="col">Premium</th>
+        <th>Subscription</th>
+        <th>Created At</th>
+        <th>Updated At</th>
+        <th>Connected with Proton account</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>{{ user.id }}</td>
+        <td>
+          <a href="?email={{ user.email }}">{{ user.email }}</a>
+        </td>
+        {% if user.activated %}
 
-                <td><a href="?email={{ pu.partner_email }}">{{ pu.partner_email }}</a></td>
-            {% else %}
-                <td>No</td>
-            {% endif %}
-        </tr>
-        </tbody>
-    </table>
+          <td class="text-success">Activated</td>
+        {% else %}
+          <td class="text-warning">Pending</td>
+        {% endif %}
+        {% if user.disabled %}
+
+          <td class="text-danger">Disabled</td>
+        {% else %}
+          <td class="text-success">Enabled</td>
+        {% endif %}
+        <td>{{ "yes" if user.is_paid() else "No" }}</td>
+        <td>{{ "yes" if user.is_premium() else "No" }}</td>
+        <td>{{ user.get_active_subscription() }}</td>
+        <td>{{ user.created_at }}</td>
+        <td>{{ user.updated_at }}</td>
+        {% if pu %}
+
+          <td>
+            <a href="?email={{ pu.partner_email }}">{{ pu.partner_email }}</a>
+          </td>
+        {% else %}
+          <td>No</td>
+        {% endif %}
+      </tr>
+    </tbody>
+  </table>
 {%- endmacro %}
 {% macro list_mailboxes(message, mbox_count, mboxes) %}
-    <h4>
-        {{ mbox_count }} {{ message }}.
-        {% if mbox_count>10 %}Showing only the last 10.{% endif %}
-    </h4>
-    <table class="table">
-        <thead>
+  <h4>
+    {{ mbox_count }} {{ message }}.
+    {% if mbox_count>10 %}Showing only the last 10.{% endif %}
+  </h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th>Mailbox ID</th>
+        <th>Email</th>
+        <th>Verified</th>
+        <th>Created At</th>
+      </tr>
+    </thead>
+    <tbody>
+      {% for mailbox in mboxes %}
         <tr>
-            <th>Mailbox ID</th>
-            <th>Email</th>
-            <th>Verified</th>
-            <th>Created At</th>
+          <td>{{ mailbox.id }}</td>
+          <td>
+            <a href="?email={{ mailbox.email }}">{{ mailbox.email }}</a>
+          </td>
+          <td>{{ "Yes" if mailbox.verified else "No" }}</td>
+          <td>{{ mailbox.created_at }}</td>
         </tr>
-        </thead>
-        <tbody>
-        {% for mailbox in mboxes %}
-
-            <tr>
-                <td>{{ mailbox.id }}</td>
-                <td><a href="?email={{ mailbox.email }}">{{ mailbox.email }}</a></td>
-                <td>{{ "Yes" if mailbox.verified else "No" }}</td>
-                <td>
-                    {{ mailbox.created_at }}
-                </td>
-            </tr>
-        {% endfor %}
-        </tbody>
-    </table>
+      {% endfor %}
+    </tbody>
+  </table>
 {% endmacro %}
 {% macro list_alias(alias_count, aliases) %}
-    <h4>
-        {{ alias_count }} Aliases found.
-        {% if alias_count>10 %}Showing only the last 10.{% endif %}
-    </h4>
-    <table class="table">
-        <thead>
+  <h4>
+    {{ alias_count }} Aliases found.
+    {% if alias_count>10 %}Showing only the last 10.{% endif %}
+  </h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th>Alias ID</th>
+        <th>Email</th>
+        <th>Enabled</th>
+        <th>Created At</th>
+      </tr>
+    </thead>
+    <tbody>
+      {% for alias in aliases %}
+
         <tr>
-            <th>
-                Alias ID
-            </th>
-            <th>
-                Email
-            </th>
-            <th>
-                Enabled
-            </th>
-            <th>
-                Created At
-            </th>
+          <td>{{ alias.id }}</td>
+          <td>
+            <a href="?email={{ alias.email }}">{{ alias.email }}</a>
+          </td>
+          <td>{{ "Yes" if alias.enabled else "No" }}</td>
+          <td>{{ alias.created_at }}</td>
         </tr>
-        </thead>
-        <tbody>
-        {% for alias in aliases %}
-            <tr>
-                <td>{{ alias.id }}</td>
-                <td><a href="?email={{ alias.email }}">{{ alias.email }}</a></td>
-                <td>{{ "Yes" if alias.enabled else "No" }}</td>
-                <td>{{ alias.created_at }}</td>
-            </tr>
-        {% endfor %}
-        </tbody>
-    </table>
+      {% endfor %}
+    </tbody>
+  </table>
 {% endmacro %}
 {% macro show_deleted_alias(deleted_alias) -%}
-    <h4>Deleted Alias {{ deleted_alias.email }} with ID {{ deleted_alias.id }}.</h4>
-    <table class="table">
-        <thead>
-        <tr>
-            <th scope="col">Deleted Alias ID</th>
-            <th scope="col">Email</th>
-            <th scope="col">Deleted At</th>
-            <th scope="col">Reason</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr>
-            <td>{{ deleted_alias.id }}</td>
-            <td>{{ deleted_alias.email }}</td>
-            <td>{{ deleted_alias.created_at }}</td>
-            <td>{{ deleted_alias.reason }}</td>
-        </tr>
-        </tbody>
-    </table>
+  <h4>Deleted Alias {{ deleted_alias.email }} with ID {{ deleted_alias.id }}.</h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">Deleted Alias ID</th>
+        <th scope="col">Email</th>
+        <th scope="col">Deleted At</th>
+        <th scope="col">Reason</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>{{ deleted_alias.id }}</td>
+        <td>{{ deleted_alias.email }}</td>
+        <td>{{ deleted_alias.created_at }}</td>
+        <td>{{ deleted_alias.reason }}</td>
+      </tr>
+    </tbody>
+  </table>
 {%- endmacro %}
 {% macro show_domain_deleted_alias(dom_deleted_alias) -%}
-    <h4>
-        Domain Deleted Alias {{ dom_deleted_alias.email }} with ID {{ dom_deleted_alias.id }} for
-        domain {{ dom_deleted_alias.domain.domain }}
-    </h4>
-    <table class="table">
-        <thead>
-        <tr>
-            <th scope="col">Deleted Alias ID</th>
-            <th scope="col">Email</th>
-            <th scope="col">Domain</th>
-            <th scope="col">Domain ID</th>
-            <th scope="col">Domain owner user ID</th>
-            <th scope="col">Domain owner user email</th>
-            <th scope="col">Deleted At</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr>
-            <td>{{ dom_deleted_alias.id }}</td>
-            <td>{{ dom_deleted_alias.email }}</td>
-            <td>{{ dom_deleted_alias.domain.domain }}</td>
-            <td>{{ dom_deleted_alias.domain.id }}</td>
-            <td>{{ dom_deleted_alias.domain.user_id }}</td>
-            <td>{{ dom_deleted_alias.created_at }}</td>
-        </tr>
-        </tbody>
-    </table>
-    {{ show_user(data.domain_deleted_alias.domain.user) }}
+  <h4>
+    Domain Deleted Alias {{ dom_deleted_alias.email }} with ID {{ dom_deleted_alias.id }} for
+    domain {{ dom_deleted_alias.domain.domain }}
+  </h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">Deleted Alias ID</th>
+        <th scope="col">Email</th>
+        <th scope="col">Domain</th>
+        <th scope="col">Domain ID</th>
+        <th scope="col">Domain owner user ID</th>
+        <th scope="col">Domain owner user email</th>
+        <th scope="col">Deleted At</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>{{ dom_deleted_alias.id }}</td>
+        <td>{{ dom_deleted_alias.email }}</td>
+        <td>{{ dom_deleted_alias.domain.domain }}</td>
+        <td>{{ dom_deleted_alias.domain.id }}</td>
+        <td>{{ dom_deleted_alias.domain.user_id }}</td>
+        <td>{{ dom_deleted_alias.created_at }}</td>
+      </tr>
+    </tbody>
+  </table>
+  {{ show_user(data.domain_deleted_alias.domain.user) }}
 {%- endmacro %}
 {% macro list_alias_audit_log(alias_audit_log) %}
-    <h4>Alias Audit Log</h4>
-    <table class="table">
-        <thead>
+  <h4>Alias Audit Log</h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th>User ID</th>
+        <th>Alias ID</th>
+        <th>Alias Email</th>
+        <th>Action</th>
+        <th>Message</th>
+        <th>Time</th>
+      </tr>
+    </thead>
+    <tbody>
+      {% for entry in alias_audit_log %}
+
         <tr>
-            <th>User ID</th>
-            <th>Alias ID</th>
-            <th>Alias Email</th>
-            <th>Action</th>
-            <th>Message</th>
-            <th>Time</th>
+          <td>{{ entry.user_id }}</td>
+          <td>{{ entry.alias_id }}</td>
+          <td>
+            <a href="?email={{ entry.alias_email }}">{{ entry.alias_email }}</a>
+          </td>
+          <td>{{ entry.action }}</td>
+          <td>{{ entry.message }}</td>
+          <td>{{ entry.created_at }}</td>
         </tr>
-        </thead>
-        <tbody>
-        {% for entry in alias_audit_log %}
-            <tr>
-                <td>{{ entry.user_id }}</td>
-                <td>{{ entry.alias_id }}</td>
-                <td><a href="?email={{ entry.alias_email }}">{{ entry.alias_email }}</a></td>
-                <td>{{ entry.action }}</td>
-                <td>{{ entry.message }}</td>
-                <td>{{ entry.created_at }}</td>
-            </tr>
-        {% endfor %}
-        </tbody>
-    </table>
+      {% endfor %}
+    </tbody>
+  </table>
 {% endmacro %}
 {% macro list_user_audit_log(user_audit_log) %}
-    <h4>User Audit Log</h4>
-    <table class="table">
-        <thead>
+  <h4>User Audit Log</h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th>User email</th>
+        <th>Action</th>
+        <th>Message</th>
+        <th>Time</th>
+      </tr>
+    </thead>
+    <tbody>
+      {% for entry in user_audit_log %}
+
         <tr>
-            <th>User email</th>
-            <th>Action</th>
-            <th>Message</th>
-            <th>Time</th>
+          <td>
+            <a href="?email={{ entry.user_email }}">{{ entry.user_email }}</a>
+          </td>
+          <td>{{ entry.action }}</td>
+          <td>{{ entry.message }}</td>
+          <td>{{ entry.created_at }}</td>
         </tr>
-        </thead>
-        <tbody>
-        {% for entry in user_audit_log %}
-            <tr>
-                <td><a href="?email={{ entry.user_email }}">{{ entry.user_email }}</a></td>
-                <td>{{ entry.action }}</td>
-                <td>{{ entry.message }}</td>
-                <td>{{ entry.created_at }}</td>
-            </tr>
-        {% endfor %}
-        </tbody>
-    </table>
+      {% endfor %}
+    </tbody>
+  </table>
 {% endmacro %}
 {% block body %}
 
+  <div class="border border-dark border-2 mt-1 mb-2 p-3">
+    <form method="get">
+      <div class="form-group">
+        <label for="email">Email to search:</label>
+        <input type="text"
+               class="form-control"
+               name="email"
+               value="{{ email or '' }}" />
+      </div>
+      <button type="submit" class="btn btn-primary">Submit</button>
+    </form>
+  </div>
+  {% if data.no_match and email %}
+
+    <div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
+         role="alert">No user, alias or mailbox found for {{ email }}</div>
+  {% endif %}
+  {% if data.alias %}
+
     <div class="border border-dark border-2 mt-1 mb-2 p-3">
-        <form method="get">
-            <div class="form-group">
-                <label for="email">Email to search:</label>
-                <input type="text"
-                       class="form-control"
-                       name="email"
-                       value="{{ email or '' }}"/>
-            </div>
-            <button type="submit" class="btn btn-primary">Submit</button>
-        </form>
+      <h3 class="mb-3">Found Alias {{ data.alias.email }}</h3>
+      {{ list_alias(1,[data.alias]) }}
+      {{ list_alias_audit_log(data.alias_audit_log) }}
+      {{ list_mailboxes("Mailboxes for alias", helper.alias_mailbox_count(data.alias) , helper.alias_mailboxes(data.alias)) }}
+      {{ show_user(data.alias.user) }}
     </div>
-    {% if data.no_match and email %}
-        <div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
-             role="alert">No user, alias or mailbox found for {{ email }}</div>
-    {% endif %}
+  {% endif %}
+  {% if data.user %}
 
-    {% if data.alias %}
-        <div class="border border-dark border-2 mt-1 mb-2 p-3">
-            <h3 class="mb-3">Found Alias {{ data.alias.email }}</h3>
-            {{ list_alias(1,[data.alias]) }}
-            {{ list_alias_audit_log(data.alias_audit_log) }}
-            {{ list_mailboxes("Mailboxes for alias", helper.alias_mailbox_count(data.alias), helper.alias_mailboxes(data.alias)) }}
-            {{ show_user(data.alias.user) }}
-        </div>
-    {% endif %}
+    <div class="border border-dark border-2 mt-1 mb-2 p-3">
+      <h3 class="mb-3">Found User {{ data.user.email }}</h3>
+      {{ show_user(data.user) }}
+      {{ list_mailboxes("Mailboxes for user", helper.mailbox_count(data.user) , helper.mailbox_list(data.user) ) }}
+      {{ list_alias(helper.alias_count(data.user) ,helper.alias_list(data.user)) }}
+    </div>
+  {% endif %}
+  {% if data.user_audit_log %}
 
-    {% if data.user %}
-        <div class="border border-dark border-2 mt-1 mb-2 p-3">
-            <h3 class="mb-3">Found User {{ data.user.email }}</h3>
-            {{ show_user(data.user) }}
-            {{ list_mailboxes("Mailboxes for user", helper.mailbox_count(data.user) , helper.mailbox_list(data.user) ) }}
-            {{ list_alias(helper.alias_count(data.user) ,helper.alias_list(data.user)) }}
-        </div>
-    {% endif %}
-    {% if data.user_audit_log %}
-        <div class="border border-dark border-2 mt-1 mb-2 p-3">
-            <h3 class="mb-3">Audit log entries for user {{ data.query }}</h3>
-            {{ list_user_audit_log(data.user_audit_log) }}
-        </div>
-    {% endif %}
-    {% if data.mailbox_count > 10 %}
-        <h3>Found more than 10 mailboxes for {{ email }}. Showing the last 10</h3>
-    {% elif data.mailbox_count > 0 %}
-        <h3>Found {{ data.mailbox_count }} mailbox(es) for {{ email }}</h3>
-    {% endif %}
-    {% for mailbox in data.mailbox %}
+    <div class="border border-dark border-2 mt-1 mb-2 p-3">
+      <h3 class="mb-3">Audit log entries for user {{ data.query }}</h3>
+      {{ list_user_audit_log(data.user_audit_log) }}
+    </div>
+  {% endif %}
+  {% if data.mailbox_count > 10 %}
 
-        <div class="border border-dark mt-1 mb-2 p-3">
-            <h3 class="mb-3">Found Mailbox {{ mailbox.email }}</h3>
-            {{ list_mailboxes("Mailbox found", 1, [mailbox]) }}
-            {{ show_user(mailbox.user) }}
-        </div>
-    {% endfor %}
-    {% if data.deleted_alias %}
+    <h3>Found more than 10 mailboxes for {{ email }}. Showing the last 10</h3>
+  {% elif data.mailbox_count > 0 %}
+    <h3>Found {{ data.mailbox_count }} mailbox(es) for {{ email }}</h3>
+  {% endif %}
+  {% for mailbox in data.mailbox %}
 
-        <div class="border border-dark mt-1 mb-2 p-3">
-            <h3 class="mb-3">Found DeletedAlias {{ data.deleted_alias.email }}</h3>
-            {{ show_deleted_alias(data.deleted_alias) }}
-            {{ list_alias_audit_log(data.deleted_alias_audit_log) }}
-        </div>
-    {% endif %}
-    {% if data.domain_deleted_alias %}
+    <div class="border border-dark mt-1 mb-2 p-3">
+      <h3 class="mb-3">Found Mailbox {{ mailbox.email }}</h3>
+      {{ list_mailboxes("Mailbox found", 1, [mailbox]) }}
+      {{ show_user(mailbox.user) }}
+    </div>
+  {% endfor %}
+  {% if data.deleted_alias %}
 
-        <div class="border border-dark mt-1 mb-2 p-3">
-            <h3 class="mb-3">Found DomainDeletedAlias {{ data.domain_deleted_alias.email }}</h3>
-            {{ show_domain_deleted_alias(data.domain_deleted_alias) }}
-            {{ list_alias_audit_log(data.domain_deleted_alias_audit_log) }}
-        </div>
-    {% endif %}
+    <div class="border border-dark mt-1 mb-2 p-3">
+      <h3 class="mb-3">Found DeletedAlias {{ data.deleted_alias.email }}</h3>
+      {{ show_deleted_alias(data.deleted_alias) }}
+      {{ list_alias_audit_log(data.deleted_alias_audit_log) }}
+    </div>
+  {% endif %}
+  {% if data.domain_deleted_alias %}
+
+    <div class="border border-dark mt-1 mb-2 p-3">
+      <h3 class="mb-3">Found DomainDeletedAlias {{ data.domain_deleted_alias.email }}</h3>
+      {{ show_domain_deleted_alias(data.domain_deleted_alias) }}
+      {{ list_alias_audit_log(data.domain_deleted_alias_audit_log) }}
+    </div>
+  {% endif %}
 {% endblock %}

app/templates/dashboard/billing.html

@@ -43,7 +43,7 @@
           You can change the plan at any moment.
           <br />
           Please note that the new billing cycle starts instantly
-          i.e. you will be charged <b>immediately</b> the annual fee ($30) when switching from monthly plan or vice-versa
+          i.e. you will be charged <b>immediately</b> the annual fee ($36) when switching from monthly plan or vice-versa
           <b>without pro rata computation </b>.
           <br />
           To change the plan you can also cancel the current one and subscribe a new one <b>by the end</b> of this plan.

app/templates/dashboard/custom_domain.html

@@ -94,4 +94,3 @@
     </div>
   </div>
 {% endblock %}
-

app/templates/dashboard/domain_detail/dns.html

@@ -91,7 +91,6 @@
           <br />
           Some domain registrars (Namecheap, CloudFlare, etc) might also use <em>@</em> for the root domain.
         </div>
-
         {% for record in expected_mx_records %}
 
           <div class="mb-3 p-3 dns-record">
@@ -108,7 +107,6 @@
      data-clipboard-text="{{ record.domain }}">{{ record.domain }}</em>
           </div>
         {% endfor %}
-
         <form method="post" action="#mx-form">
           {{ csrf_form.csrf_token }}
           <input type="hidden" name="form-name" value="check-mx">

app/templates/dashboard/enter_sudo.html

@@ -22,7 +22,8 @@
           <p>Alternatively you can use your Proton credentials to ensure it's you.</p>
         </div>
         <a class="btn btn-primary btn-block mt-2 proton-button"
-           href="{{ url_for('auth.proton_login', next=next) }}" style="max-width: 400px">
+           href="{{ url_for('auth.proton_login', next=next) }}"
+           style="max-width: 400px">
           <img class="mr-2" src="/static/images/proton.svg" />
           Authenticate with Proton
         </a>
@@ -38,4 +39,4 @@
         {% endif %}
       </div>
     </div>
-  {% endblock %}
+  {% endblock %}

app/templates/dashboard/extend_subscription.html

@@ -11,7 +11,7 @@
       <div>
         <a class="buy-with-crypto"
            data-custom="{{ current_user.id }}"
-           href="{{ coinbase_url }}">Extend for 1 year - $30</a>
+           href="{{ coinbase_url }}">Extend for 1 year - $36</a>
         <script src="https://commerce.coinbase.com/v1/checkout.js?version=201807"></script>
       </div>
       <div class="mt-2">

app/templates/dashboard/pricing.html

@@ -57,24 +57,19 @@
 {% endblock %}
 {% block default_content %}
 
-  {% if NOW.timestamp < 1701475201 %}
+  {% if NOW.timestamp < 1733184000 %}
 
-    <div class="alert alert-info">
-      Black Friday Deal: 33% off on the yearly plan for the <b>first</b> year ($20 instead of $30).
+    <div class="alert alert-primary">
+      Lifetime deal for SimpleLogin Premium and Proton Pass Plus for $199
+      <a class="btn btn-primary"
+         href="https://proton.me/pass/black-friday"
+         target="_blank">Buy now</a>
       <br>
-      Please use this coupon code
-      <em data-toggle="tooltip"
-          title="Click to copy"
-          class="clipboard"
-          data-clipboard-text="BF2023">BF2023</em> during the checkout.
-      <br>
-      <img src="/static/images/coupon.png" class="m-2" style="max-width: 300px">
-      <br>
-      Available until December 1, 2023.
+      Available until December 3, 2024.
     </div>
   {% endif %}
   <div class="pb-8">
-    <div class="text-center mx-md-auto mb-8 mt-6">
+    <div class="text-center mx-md-auto mb-4 mt-4">
       <h1>Upgrade to unlock premium features</h1>
     </div>
     {% if manual_sub %}
@@ -126,6 +121,11 @@
          aria-selected="true">Yearly<span class="badge badge-success position-absolute tab-yearly__badge"
       style="font-size: 12px">Save $18</span></a>
     </div>
+    <div class="alert alert-info">
+      <span class="badge badge-success">new</span> SimpleLogin Premium now includes Proton Pass premium features.
+      <a href="https://simplelogin.io/blog/sl-premium-including-pass-plus/"
+         target="_blank">Learn more ↗</a>
+    </div>
     <div class="tab-content mb-8">
       <!-- monthly tab content -->
       <div class="tab-pane"
@@ -218,12 +218,12 @@
               <div class="card card-md flex-grow-1">
                 <div class="card-body">
                   <div class="text-center">
-                    <div class="h3">Proton plan</div>
+                    <div class="h3">Proton Unlimited</div>
                     <div class="h3 my-3">Starts at $12.99 / month</div>
                     <div class="text-center mt-4 mb-6">
                       <a class="btn btn-lg btn-outline-primary w-100"
                          role="button"
-                         href="https://account.proton.me/u/0/mail/upgrade"
+                         href="https://account.proton.me/u/0/pass/upgrade"
                          target="_blank">Upgrade your Proton account</a>
                     </div>
                   </div>
@@ -306,7 +306,7 @@
               <div class="card-body">
                 <div class="text-center">
                   <div class="h3">SimpleLogin Premium</div>
-                  <div class="h3 my-3">$30 / year</div>
+                  <div class="h3 my-3">$36 / year</div>
                   <div class="text-center mt-4 mb-6">
                     <button class="btn btn-primary btn-lg w-100"
                             onclick="upgradePaddle({{ PADDLE_YEARLY_PRODUCT_ID }})">Upgrade to Premium</button>
@@ -357,12 +357,12 @@
               <div class="card card-md flex-grow-1">
                 <div class="card-body">
                   <div class="text-center">
-                    <div class="h3">Proton plan</div>
+                    <div class="h3">Proton Unlimited</div>
                     <div class="h3 my-3">Starts at $119.88 / year</div>
                     <div class="text-center mt-4 mb-6">
                       <a class="btn btn-lg btn-outline-primary w-100"
                          role="button"
-                         href="https://account.proton.me/u/0/mail/upgrade"
+                         href="https://account.proton.me/u/0/pass/upgrade"
                          target="_blank">Upgrade your Proton account</a>
                     </div>
                   </div>
@@ -471,7 +471,7 @@
                    rel="noopener noreferrer">
                   Upgrade to Premium - cryptocurrency
                   <br />
-                  $30 / year
+                  $36 / year
                   <i class="fe fe-external-link"></i>
                 </a>
               </div>

app/templates/dashboard/setting.html

@@ -79,7 +79,14 @@
               </a>
             </div>
           {% endif %}
-          {% if partner_sub %}<div>Premium subscription managed by {{ partner_name }}.</div>{% endif %}
+          {% if partner_sub %}
+            {% if partner_sub.lifetime %}
+
+              <div>Premium lifetime subscription managed by {{ partner_name }}.</div>
+            {% else %}
+              <div>Premium subscription managed by {{ partner_name }}.</div>
+            {% endif %}
+          {% endif %}
         {% elif current_user.in_trial() %}
           Your Premium trial expires {{ current_user.trial_end | dt }}.
         {% else %}

app/tests/api/test_alias.py

@@ -549,7 +549,7 @@ def test_create_contact_route_free_users(flask_client):
     assert r.status_code == 201
 
     # End trial and disallow for new free users. Config should allow it
-    user.flags = User.FLAG_DISABLE_CREATE_CONTACTS
+    user.flags = User.FLAG_FREE_DISABLE_CREATE_CONTACTS
     Session.commit()
     r = flask_client.post(
         url_for("api.create_contact_route", alias_id=alias.id),

app/tests/jobs/test_delete_mailbox_job.py

@@ -36,6 +36,24 @@ def test_delete_mailbox_transfer_mailbox_primary(flask_client):
     assert str(mails_sent[0].msg).find("alias have been transferred") > -1
 
 
+@mail_sender.store_emails_test_decorator
+def test_delete_mailbox_no_email(flask_client):
+    user = create_new_user()
+    m1 = Mailbox.create(
+        user_id=user.id, email=random_email(), verified=True, flush=True
+    )
+    job = Job.create(
+        name=JOB_DELETE_MAILBOX,
+        payload={"mailbox_id": m1.id, "transfer_mailbox_id": None, "send_mail": False},
+        run_at=arrow.now(),
+        commit=True,
+    )
+    Session.commit()
+    delete_mailbox_job(job)
+    mails_sent = mail_sender.get_stored_emails()
+    assert len(mails_sent) == 0
+
+
 @mail_sender.store_emails_test_decorator
 def test_delete_mailbox_transfer_mailbox_in_list(flask_client):
     user = create_new_user()

app/tests/models/test_alias.py

@@ -1,5 +1,5 @@
 from app.db import Session
-from app.models import Alias, Mailbox, AliasMailbox, User
+from app.models import Alias, Mailbox, AliasMailbox, User, CustomDomain
 from tests.utils import create_new_user, random_email
 
 
@@ -29,3 +29,23 @@ def test_alias_create_from_partner_flags_also_the_user():
         flush=True,
     )
     assert alias.user.flags & User.FLAG_CREATED_ALIAS_FROM_PARTNER > 0
+
+
+def test_alias_create_from_partner_domain_flags_the_alias():
+    user = create_new_user()
+    domain = CustomDomain.create(
+        domain=random_email(),
+        verified=True,
+        user_id=user.id,
+        partner_id=1,
+    )
+    Session.flush()
+    email = random_email()
+    alias = Alias.create(
+        user_id=user.id,
+        email=email,
+        mailbox_id=user.default_mailbox_id,
+        custom_domain_id=domain.id,
+        flush=True,
+    )
+    assert alias.flags & Alias.FLAG_PARTNER_CREATED > 0

app/tests/proton/test_account_linking.py

@@ -0,0 +1,100 @@
+import arrow
+
+from app.account_linking import (
+    SLPlan,
+    SLPlanType,
+    set_plan_for_partner_user,
+)
+from app.db import Session
+from app.models import User, PartnerUser, PartnerSubscription
+from app.proton.utils import get_proton_partner
+from app.utils import random_string
+from tests.utils import random_email
+
+partner_user_id: int = 0
+
+
+def setup_module():
+    global partner_user_id
+    email = random_email()
+    external_id = random_string()
+    sl_user = User.create(email, commit=True)
+    partner_user_id = PartnerUser.create(
+        user_id=sl_user.id,
+        partner_id=get_proton_partner().id,
+        external_user_id=external_id,
+        partner_email=email,
+        commit=True,
+    ).id
+
+
+def setup_function(func):
+    Session.query(PartnerSubscription).delete()
+
+
+def test_free_plan_removes_sub():
+    pu = PartnerUser.get(partner_user_id)
+    sub_id = PartnerSubscription.create(
+        partner_user_id=partner_user_id,
+        end_at=arrow.utcnow(),
+        lifetime=False,
+        commit=True,
+    ).id
+    set_plan_for_partner_user(pu, plan=SLPlan(type=SLPlanType.Free, expiration=None))
+    assert PartnerSubscription.get(sub_id) is None
+
+
+def test_premium_plan_updates_expiration():
+    pu = PartnerUser.get(partner_user_id)
+    sub_id = PartnerSubscription.create(
+        partner_user_id=partner_user_id,
+        end_at=arrow.utcnow(),
+        lifetime=False,
+        commit=True,
+    ).id
+    new_expiration = arrow.utcnow().shift(days=+10)
+    set_plan_for_partner_user(
+        pu, plan=SLPlan(type=SLPlanType.Premium, expiration=new_expiration)
+    )
+    assert PartnerSubscription.get(sub_id).end_at == new_expiration
+
+
+def test_premium_plan_creates_sub():
+    pu = PartnerUser.get(partner_user_id)
+    new_expiration = arrow.utcnow().shift(days=+10)
+    set_plan_for_partner_user(
+        pu, plan=SLPlan(type=SLPlanType.Premium, expiration=new_expiration)
+    )
+    assert (
+        PartnerSubscription.get_by(partner_user_id=partner_user_id).end_at
+        == new_expiration
+    )
+
+
+def test_lifetime_creates_sub():
+    pu = PartnerUser.get(partner_user_id)
+    new_expiration = arrow.utcnow().shift(days=+10)
+    set_plan_for_partner_user(
+        pu, plan=SLPlan(type=SLPlanType.PremiumLifetime, expiration=new_expiration)
+    )
+    sub = PartnerSubscription.get_by(partner_user_id=partner_user_id)
+    assert sub is not None
+    assert sub.end_at is None
+    assert sub.lifetime
+
+
+def test_lifetime_updates_sub():
+    pu = PartnerUser.get(partner_user_id)
+    sub_id = PartnerSubscription.create(
+        partner_user_id=partner_user_id,
+        end_at=arrow.utcnow(),
+        lifetime=False,
+        commit=True,
+    ).id
+    set_plan_for_partner_user(
+        pu, plan=SLPlan(type=SLPlanType.PremiumLifetime, expiration=arrow.utcnow())
+    )
+    sub = PartnerSubscription.get(sub_id)
+    assert sub is not None
+    assert sub.end_at is None
+    assert sub.lifetime

app/tests/test_account_linking.py

@@ -144,6 +144,21 @@ def test_login_case_from_web():
     assert audit_logs[0].action == UserAuditLogAction.LinkAccount.value
 
 
+def test_new_user_strategy_create_missing_link():
+    email = random_email()
+    user = User.create(email, commit=True)
+    nus = NewUserStrategy(
+        link_request=random_link_request(
+            email=user.email, external_user_id=random_string(), from_partner=False
+        ),
+        user=None,
+        partner=get_proton_partner(),
+    )
+    result = nus.create_missing_link(user.email)
+    assert result.user.id == user.id
+    assert result.strategy == ExistingUnlinkedUserStrategy.__name__
+
+
 def test_get_strategy_existing_sl_user():
     email = random_email()
     user = User.create(email, commit=True)

app/tests/test_contact_utils.py

@@ -135,7 +135,7 @@ def test_create_contact_free_user():
     assert result.contact is not None
     assert not result.contact.automatic_created
     # Free users with the flag should be able to still create automatic emails
-    user.flags = User.FLAG_DISABLE_CREATE_CONTACTS
+    user.flags = User.FLAG_FREE_DISABLE_CREATE_CONTACTS
     Session.flush()
     result = create_contact(random_email(), alias, automatic_created=True)
     assert result.error is None

app/tests/test_email_handler.py

@@ -2,6 +2,7 @@ import random
 from email.message import EmailMessage
 from typing import List
 
+import arrow
 import pytest
 from aiosmtpd.smtp import Envelope
 
@@ -14,7 +15,6 @@ from app.email_utils import generate_verp_email
 from app.mail_sender import mail_sender
 from app.models import (
     Alias,
-    AuthorizedAddress,
     IgnoredEmail,
     EmailLog,
     Notification,
@@ -24,35 +24,12 @@ from app.models import (
 )
 from app.utils import random_string, canonicalize_email
 from email_handler import (
-    get_mailbox_from_mail_from,
     should_ignore,
     is_automatic_out_of_office,
 )
 from tests.utils import load_eml_file, create_new_user, random_email
 
 
-def test_get_mailbox_from_mail_from(flask_client):
-    user = create_new_user()
-    alias = Alias.create_new_random(user)
-    Session.commit()
-
-    mb = get_mailbox_from_mail_from(user.email, alias)
-    assert mb.email == user.email
-
-    mb = get_mailbox_from_mail_from("unauthorized@gmail.com", alias)
-    assert mb is None
-
-    # authorized address
-    AuthorizedAddress.create(
-        user_id=user.id,
-        mailbox_id=user.default_mailbox_id,
-        email="unauthorized@gmail.com",
-        commit=True,
-    )
-    mb = get_mailbox_from_mail_from("unauthorized@gmail.com", alias)
-    assert mb.email == user.email
-
-
 def test_should_ignore(flask_client):
     assert should_ignore("mail_from", []) is False
 
@@ -411,3 +388,15 @@ def test_preserve_headers(flask_client):
     msg = sent_mails[0].msg
     for header in headers_to_keep:
         assert msg[header] == header + "keep"
+
+
+def test_not_send_to_pending_to_delete_users(flask_client):
+    user = create_new_user()
+    alias = Alias.create_new_random(user)
+    user.delete_on = arrow.utcnow()
+    envelope = Envelope()
+    envelope.mail_from = "somewhere@lo.cal"
+    envelope.rcpt_tos = [alias.email]
+    msg = EmailMessage()
+    result = email_handler.handle(envelope, msg)
+    assert result == status.E504

app/tests/test_email_utils.py

@@ -791,12 +791,21 @@ def test_parse_id_from_bounce():
     assert parse_id_from_bounce("anything+1234+@local") == 1234
 
 
-def test_get_queue_id():
+def test_get_queue_id_esmtps():
+    for id_type in ["SMTP", "ESMTP", "ESMTPA", "ESMTPS"]:
+        msg = email.message_from_string(
+            f"Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434])\r\n\t(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\r\n\t(No client certificate requested)\r\n\tby mx1.simplelogin.co (Postfix) with {id_type} id 4FxQmw1DXdz2vK2\r\n\tfor <jglfdjgld@alias.com>; Fri,  4 Jun 2021 14:55:43 +0000 (UTC)"
+        )
+
+        assert get_queue_id(msg) == "4FxQmw1DXdz2vK2", f"Failed for {id_type}"
+
+
+def test_get_queue_id_postfix():
     msg = email.message_from_string(
-        "Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434])\r\n\t(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\r\n\t(No client certificate requested)\r\n\tby mx1.simplelogin.co (Postfix) with ESMTPS id 4FxQmw1DXdz2vK2\r\n\tfor <jglfdjgld@alias.com>; Fri,  4 Jun 2021 14:55:43 +0000 (UTC)"
+        "Received: by mailin001.somewhere.net (Postfix)\r\n\tid 4Xz5pb2nMszGrqpL; Wed, 27 Nov 2024 17:21:59 +0000 (UTC)'] by mailin001.somewhere.net (Postfix)"
     )
 
-    assert get_queue_id(msg) == "4FxQmw1DXdz2vK2"
+    assert get_queue_id(msg) == "4Xz5pb2nMszGrqpL"
 
 
 def test_get_queue_id_from_double_header():

app/tests/test_mailbox_utils.py

@@ -6,9 +6,18 @@ import pytest
 from app import mailbox_utils, config
 from app.db import Session
 from app.mail_sender import mail_sender
-from app.mailbox_utils import MailboxEmailChangeError
-from app.models import Mailbox, MailboxActivation, User, Job, UserAuditLog
+from app.mailbox_utils import MailboxEmailChangeError, get_mailbox_for_reply_phase
+from app.models import (
+    Mailbox,
+    MailboxActivation,
+    User,
+    Job,
+    UserAuditLog,
+    Alias,
+    AuthorizedAddress,
+)
 from app.user_audit_log_utils import UserAuditLogAction
+from app.utils import random_string, canonicalize_email
 from tests.utils import create_new_user, random_email
 
 
@@ -50,6 +59,14 @@ def test_already_used():
         mailbox_utils.create_mailbox(user, user.email)
 
 
+def test_already_used_with_different_case():
+    user.lifetime = True
+    email = random_email()
+    mailbox_utils.create_mailbox(user, email)
+    with pytest.raises(mailbox_utils.MailboxError):
+        mailbox_utils.create_mailbox(user, email.upper())
+
+
 @mail_sender.store_emails_test_decorator
 def test_create_mailbox():
     email = random_email()
@@ -418,3 +435,75 @@ def test_perform_mailbox_email_change_success():
         user_id=user.id, action=UserAuditLogAction.UpdateMailbox.value
     ).count()
     assert audit_log_entries == 1
+
+
+def test_get_mailbox_from_mail_from(flask_client):
+    user = create_new_user()
+    alias = Alias.create_new_random(user)
+    Session.commit()
+
+    mb = get_mailbox_for_reply_phase(user.email, "", alias)
+    assert mb.email == user.email
+
+    mb = get_mailbox_for_reply_phase("unauthorized@gmail.com", "", alias)
+    assert mb is None
+
+    # authorized address
+    AuthorizedAddress.create(
+        user_id=user.id,
+        mailbox_id=user.default_mailbox_id,
+        email="unauthorized@gmail.com",
+        commit=True,
+    )
+    mb = get_mailbox_for_reply_phase("unauthorized@gmail.com", "", alias)
+    assert mb.email == user.email
+
+
+def test_get_mailbox_from_mail_from_for_canonical_email(flask_client):
+    prefix = random_string(10)
+    email = f"{prefix}+subaddresxs@gmail.com"
+    canonical_email = canonicalize_email(email)
+    assert canonical_email != email
+
+    user = create_new_user()
+    mbox = Mailbox.create(
+        email=canonical_email, user_id=user.id, verified=True, flush=True
+    )
+    alias = Alias.create(user_id=user.id, email=random_email(), mailbox_id=mbox.id)
+    Session.flush()
+
+    mb = get_mailbox_for_reply_phase(email, "", alias)
+    assert mb.email == canonical_email
+
+    mb = get_mailbox_for_reply_phase(canonical_email, "", alias)
+    assert mb.email == canonical_email
+
+
+def test_get_mailbox_from_mail_from_coming_from_header_if_domain_is_aligned(
+    flask_client,
+):
+    domain = f"{random_string(10)}.com"
+    envelope_from = f"envelope_verp@{domain}"
+    mail_from = f"mail_from@{domain}"
+    user = create_new_user()
+    mbox = Mailbox.create(email=mail_from, user_id=user.id, verified=True, flush=True)
+    alias = Alias.create(user_id=user.id, email=random_email(), mailbox_id=mbox.id)
+    Session.flush()
+
+    mb = get_mailbox_for_reply_phase(envelope_from, mail_from, alias)
+    assert mb.email == mail_from
+
+
+def test_get_mailbox_from_mail_from_coming_from_header_if_domain_is_not_aligned(
+    flask_client,
+):
+    domain = f"{random_string(10)}.com"
+    envelope_from = f"envelope_verp@{domain}"
+    mail_from = f"mail_from@other_{domain}"
+    user = create_new_user()
+    mbox = Mailbox.create(email=mail_from, user_id=user.id, verified=True, flush=True)
+    alias = Alias.create(user_id=user.id, email=random_email(), mailbox_id=mbox.id)
+    Session.flush()
+
+    mb = get_mailbox_for_reply_phase(envelope_from, mail_from, alias)
+    assert mb is None