4.64.0

app/.github/workflows/main.yml

@@ -1,6 +1,12 @@
-name: Test and lint
+name: SimpleLogin actions
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*
+  pull_request:
 
 jobs:
   lint:
@@ -9,35 +15,34 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v3
 
-      - name: Install poetry
+      - name: Install uv
-        run: pipx install poetry
+        uses: astral-sh/setup-uv@v5
-
-      - uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
+          # Install a specific version of uv.
-          cache: 'poetry'
+          version: "0.5.21"
+          enable-cache: true
 
       - name: Install OS dependencies
-        if: ${{ matrix.python-version }} == '3.10'
         run: |
           sudo apt update
           sudo apt install -y libre2-dev libpq-dev
 
+      - name: "Set up Python"
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: "pyproject.toml"
+
       - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+        if: steps.setup-uv.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction
+        run: uv sync --locked --all-extras
 
       - name: Check formatting & linting
         run: |
-          poetry run pre-commit run --all-files
+          uv run pre-commit run --all-files
 
 
   test:
     runs-on: ubuntu-latest
-    strategy:
-      max-parallel: 4
-      matrix:
-        python-version: ["3.10"]
 
     # service containers to run with `postgres-job`
     services:
@@ -69,23 +74,26 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v3
 
-      - name: Install poetry
+      - name: Install uv
-        run: pipx install poetry
+        uses: astral-sh/setup-uv@v5
-
-      - uses: actions/setup-python@v4
         with:
-          python-version: ${{ matrix.python-version }}
+          # Install a specific version of uv.
-          cache: 'poetry'
+          version: "0.5.21"
+          enable-cache: true
 
       - name: Install OS dependencies
-        if: ${{ matrix.python-version }} == '3.10'
         run: |
           sudo apt update
           sudo apt install -y libre2-dev libpq-dev
 
+      - name: "Set up Python"
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: "pyproject.toml"
+
       - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+        if: steps.setup-uv.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction
+        run: uv sync --locked --all-extras
 
 
       - name: Start Redis v6
@@ -95,7 +103,7 @@ jobs:
 
       - name: Run db migration
         run: |
-          CONFIG=tests/test.env poetry run alembic upgrade head
+          CONFIG=tests/test.env uv run alembic upgrade head
 
       - name: Prepare version file
         run: |
@@ -104,7 +112,7 @@ jobs:
 
       - name: Test with pytest
         run: |
-          poetry run pytest
+          uv run pytest
         env:
           GITHUB_ACTIONS_TEST: true
 

app/.python-version

@@ -0,0 +1 @@
+3.10.16

app/CONTRIBUTING.md

@@ -20,7 +20,7 @@ SimpleLogin backend consists of 2 main components:
 ## Install dependencies
 
 The project requires:
-- Python 3.10 and poetry to manage dependencies
+- Python 3.10 and uv to manage dependencies
 - Node v10 for front-end.
 - Postgres 13+
 
@@ -28,7 +28,7 @@ First, install all dependencies by running the following command.
 Feel free to use `virtualenv` or similar tools to isolate development environment.
 
 ```bash
-poetry sync
+uv sync
 ```
 
 On Mac, sometimes you might need to install some other packages via `brew`:
@@ -55,7 +55,7 @@ brew install -s re2 pybind11
 We use pre-commit to run all our linting and static analysis checks. Please run
 
 ```bash
-poetry run pre-commit install
+uv run pre-commit install
 ```
 
 To install it in your development environment.
@@ -160,25 +160,25 @@ Here are the small sum-ups of the directory structures and their roles:
 The code is formatted using [ruff](https://github.com/astral-sh/ruff), to format the code, simply run
 
 ```
-poetry run ruff format .
+uv run ruff format .
 ```
 
 The code is also checked with `flake8`, make sure to run `flake8` before creating the pull request by
 
 ```bash
-poetry run flake8
+uv run flake8
 ```
 
 For HTML templates, we use `djlint`. Before creating a pull request, please run
 
 ```bash
-poetry run djlint --check templates
+uv run djlint --check templates
 ```
 
 If some files aren't properly formatted, you can format all files with
 
 ```bash
-poetry run djlint --reformat .
+uv run djlint --reformat .
 ```
 
 ## Test sending email
@@ -239,13 +239,13 @@ brew install python3.10
 # make sure to update the PATH so python, pip point to Python3
 # for us it can be done by adding "export PATH=/opt/homebrew/opt/python@3.10/libexec/bin:$PATH" to .zprofile
 
-# Although pipx is the recommended way to install poetry,
+# Although pipx is the recommended way to install uv,
 # install pipx via brew will automatically install python 3.12
-# and poetry will then use python 3.12
+# and uv will then use python 3.12
-# so we recommend using poetry this way instead
+# so we recommend using uv this way instead
-curl -sSL https://install.python-poetry.org | python3 -
+curl -sSL https://install.python-uv.org | python3 -
 
-poetry install
+uv install
 
 # activate the virtualenv and you should be good to go!
 source .venv/bin/activate

app/Dockerfile

@@ -4,43 +4,47 @@ WORKDIR /code
 COPY ./static/package*.json /code/static/
 RUN cd /code/static && npm ci
 
-# Main image
+FROM --platform=linux/amd64 ubuntu:22.04
-FROM python:3.10
+
+ARG UV_VERSION="0.5.21"
+ARG UV_HASH="e108c300eafae22ad8e6d94519605530f18f8762eb58d2b98a617edfb5d088fc"
 
 # Keeps Python from generating .pyc files in the container
-ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONDONTWRITEBYTECODE=1
 # Turns off buffering for easier container logging
-ENV PYTHONUNBUFFERED 1
+ENV PYTHONUNBUFFERED=1
 
-# Add poetry to PATH
-ENV PATH="${PATH}:/root/.local/bin"
 
 WORKDIR /code
 
-# Copy poetry files
+# Copy dependency files
-COPY poetry.lock pyproject.toml ./
+COPY pyproject.toml uv.lock .python-version ./
 
-# Install and setup poetry
+# Install deps
-RUN pip install -U pip \
+RUN apt-get update \
-    && apt-get update \
+    && apt-get install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev build-essential pkg-config cmake ninja-build bash clang \
-    && apt install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev cmake ninja-build\
+    && curl -sSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" > uv.tar.gz \
-    && curl -sSL https://install.python-poetry.org | python3 - \
+    && echo "${UV_HASH}  uv.tar.gz" | sha256sum -c - \
-    # Remove curl and netcat from the image
+    && tar xf uv.tar.gz -C /tmp/ \
-    && apt-get purge -y curl netcat-traditional \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uv /usr/bin/uv \
-    # Run poetry
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx /usr/bin/uvx \
-    && poetry config virtualenvs.create false \
+    && rm -rf /tmp/uv* \
-    && poetry install  --no-interaction --no-ansi --no-root \
+    && rm -f uv.tar.gz \
-    # Clear apt cache \
+    && uv python install `cat .python-version` \
-    && apt-get purge -y libre2-dev cmake ninja-build\
+    && uv sync --locked \
+    && apt-get autoremove -y \
+    && apt-get purge -y curl netcat-traditional build-essential pkg-config cmake ninja-build python3-dev clang\
+    && apt-get autoremove -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Copy code
+COPY . .
+
 # copy npm packages
 COPY --from=npm /code /code
 
-# copy everything else into /code
+ENV PATH="/code/.venv/bin:$PATH"
-COPY . .
-
 EXPOSE 7777
 
 #gunicorn wsgi:app -b 0.0.0.0:7777 -w 2 --timeout 15 --log-level DEBUG

app/app/admin_model.py

@@ -8,14 +8,16 @@ from flask_admin.form import SecureForm
 from flask_admin.model.template import EndpointLinkRowAction
 from markupsafe import Markup
 
-from app import models, s3
+from app import models, s3, config
 from flask import redirect, url_for, request, flash, Response
 from flask_admin import expose, AdminIndexView
 from flask_admin.actions import action
 from flask_admin.contrib import sqla
 from flask_login import current_user
 
+from app.custom_domain_validation import CustomDomainValidation, DomainValidationResult
 from app.db import Session
+from app.dns_utils import get_network_dns_client
 from app.events.event_dispatcher import EventDispatcher
 from app.events.generated.event_pb2 import EventContent, UserPlanChanged
 from app.models import (
@@ -39,6 +41,7 @@ from app.models import (
     AliasMailbox,
     AliasAuditLog,
     UserAuditLog,
+    CustomDomain,
 )
 from app.newsletter_utils import send_newsletter_to_user, send_newsletter_to_address
 from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
@@ -773,21 +776,22 @@ class InvalidMailboxDomainAdmin(SLModelView):
 
 
 class EmailSearchResult:
-    no_match: bool = True
+    def __init__(self):
-    alias: Optional[Alias] = None
+        self.no_match: bool = True
-    alias_audit_log: Optional[List[AliasAuditLog]] = None
+        self.alias: Optional[Alias] = None
-    mailbox: List[Mailbox] = []
+        self.alias_audit_log: Optional[List[AliasAuditLog]] = None
-    mailbox_count: int = 0
+        self.mailbox: List[Mailbox] = []
-    deleted_alias: Optional[DeletedAlias] = None
+        self.mailbox_count: int = 0
-    deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
+        self.deleted_alias: Optional[DeletedAlias] = None
-    domain_deleted_alias: Optional[DomainDeletedAlias] = None
+        self.deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
-    domain_deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
+        self.domain_deleted_alias: Optional[DomainDeletedAlias] = None
-    user: Optional[User] = None
+        self.domain_deleted_alias_audit_log: Optional[List[AliasAuditLog]] = None
-    user_audit_log: Optional[List[UserAuditLog]] = None
+        self.user: Optional[User] = None
-    query: str
+        self.user_audit_log: Optional[List[UserAuditLog]] = None
+        self.query: str
 
     @staticmethod
-    def from_email(email: str) -> EmailSearchResult:
+    def from_request_email(email: str) -> EmailSearchResult:
         output = EmailSearchResult()
         output.query = email
         alias = Alias.get_by(email=email)
@@ -799,6 +803,10 @@ class EmailSearchResult:
                 .all()
             )
             output.no_match = False
+        try:
+            user_id = int(email)
+            user = User.get(user_id)
+        except ValueError:
             user = User.get_by(email=email)
         if user:
             output.user = user
@@ -908,7 +916,7 @@ class EmailSearchAdmin(BaseView):
         email = request.args.get("email")
         if email is not None and len(email) > 0:
             email = email.strip()
-            search = EmailSearchResult.from_email(email)
+            search = EmailSearchResult.from_request_email(email)
 
         return self.render(
             "admin/email_search.html",
@@ -916,3 +924,106 @@ class EmailSearchAdmin(BaseView):
             data=search,
             helper=EmailSearchHelpers,
         )
+
+
+class CustomDomainWithValidationData:
+    def __init__(self, domain: CustomDomain):
+        self.domain: CustomDomain = domain
+        self.ownership_expected: Optional[str] = None
+        self.ownership_validation: Optional[DomainValidationResult] = None
+        self.mx_expected: Optional[str] = None
+        self.mx_validation: Optional[DomainValidationResult] = None
+        self.spf_expected: Optional[str] = None
+        self.spf_validation: Optional[DomainValidationResult] = None
+        self.dkim_expected: {str: str} = {}
+        self.dkim_validation: {str: str} = {}
+
+
+class CustomDomainSearchResult:
+    def __init__(self):
+        self.no_match: bool = False
+        self.user: Optional[User] = None
+        self.domains: list[CustomDomainWithValidationData] = []
+
+    @staticmethod
+    def from_user(user: Optional[User]) -> CustomDomainSearchResult:
+        out = CustomDomainSearchResult()
+        if user is None:
+            out.no_match = True
+            return out
+        out.user = user
+        dns_client = get_network_dns_client()
+        validator = CustomDomainValidation(
+            dkim_domain=config.EMAIL_DOMAIN,
+            partner_domains=config.PARTNER_DNS_CUSTOM_DOMAINS,
+            partner_domains_validation_prefixes=config.PARTNER_CUSTOM_DOMAIN_VALIDATION_PREFIXES,
+            dns_client=dns_client,
+        )
+        for custom_domain in user.custom_domains:
+            validation_data = CustomDomainWithValidationData(custom_domain)
+            if not custom_domain.ownership_verified:
+                validation_data.ownership_expected = (
+                    validator.get_ownership_verification_record(custom_domain)
+                )
+                validation_data.ownership_validation = (
+                    validator.validate_domain_ownership(custom_domain)
+                )
+            if not custom_domain.verified:
+                validation_data.mx_expected = validator.get_expected_mx_records(
+                    custom_domain
+                )
+                validation_data.mx_validation = validator.validate_mx_records(
+                    custom_domain
+                )
+            if not custom_domain.spf_verified:
+                validation_data.spf_expected = validator.get_expected_spf_record(
+                    custom_domain
+                )
+                validation_data.spf_validation = validator.validate_spf_records(
+                    custom_domain
+                )
+            if not custom_domain.dkim_verified:
+                validation_data.dkim_expected = validator.get_dkim_records(
+                    custom_domain
+                )
+                validation_data.dkim_validation = validator.validate_dkim_records(
+                    custom_domain
+                )
+            out.domains.append(validation_data)
+            print(validation_data.dkim_expected, validation_data.dkim_validation)
+
+        return out
+
+
+class CustomDomainSearchAdmin(BaseView):
+    def is_accessible(self):
+        return current_user.is_authenticated and current_user.is_admin
+
+    def inaccessible_callback(self, name, **kwargs):
+        # redirect to login page if user doesn't have access
+        flash("You don't have access to the admin page", "error")
+        return redirect(url_for("dashboard.index", next=request.url))
+
+    @expose("/", methods=["GET", "POST"])
+    def index(self):
+        query = request.args.get("user")
+        if query is None:
+            search = CustomDomainSearchResult()
+        else:
+            try:
+                user_id = int(query)
+                user = User.get_by(id=user_id)
+            except ValueError:
+                user = User.get_by(email=query)
+                if user is None:
+                    cd = CustomDomain.get_by(domain=query)
+                    if cd is not None:
+                        user = cd.user
+            search = CustomDomainSearchResult.from_user(user)
+            print("NEW", search.domains)
+
+        return self.render(
+            "admin/custom_domain_search.html",
+            data=search,
+            query=query,
+        )

app/app/api/views/alias.py

@@ -299,7 +299,10 @@ def update_alias(alias_id):
         changed = True
 
     if "mailbox_ids" in data:
+        try:
             mailbox_ids = [int(m_id) for m_id in data.get("mailbox_ids")]
+        except ValueError:
+            return jsonify(error="Invalid mailbox_id"), 400
         err = set_mailboxes_for_alias(
             user_id=user.id, alias=alias, mailbox_ids=mailbox_ids
         )

app/app/api/views/new_custom_alias.py

@@ -1,3 +1,4 @@
+from email_validator import EmailNotValidError
 from flask import g
 from flask import jsonify, request
 
@@ -93,12 +94,15 @@ def new_custom_alias_v2():
             400,
         )
 
+    try:
         alias = Alias.create(
             user_id=user.id,
             email=full_alias,
             mailbox_id=user.default_mailbox_id,
             note=note,
         )
+    except EmailNotValidError:
+        return jsonify(error="Email is not valid"), 400
 
     Session.commit()
 
@@ -154,8 +158,16 @@ def new_custom_alias_v3():
         return jsonify(error="request body does not follow the required format"), 400
 
     alias_prefix_data = data.get("alias_prefix", "") or ""
+
+    if not isinstance(alias_prefix_data, str):
+        return jsonify(error="request body does not follow the required format"), 400
+
     alias_prefix = alias_prefix_data.strip().lower().replace(" ", "")
     signed_suffix = data.get("signed_suffix", "") or ""
+
+    if not isinstance(signed_suffix, str):
+        return jsonify(error="request body does not follow the required format"), 400
+
     signed_suffix = signed_suffix.strip()
 
     mailbox_ids = data.get("mailbox_ids")

app/app/models.py

@@ -343,7 +343,7 @@ class Fido(Base, ModelMixin):
 class User(Base, ModelMixin, UserMixin, PasswordOracle):
     __tablename__ = "users"
 
-    FLAG_DISABLE_CREATE_CONTACTS = 1 << 0
+    FLAG_FREE_DISABLE_CREATE_CONTACTS = 1 << 0
     FLAG_CREATED_FROM_PARTNER = 1 << 1
     FLAG_FREE_OLD_ALIAS_LIMIT = 1 << 2
     FLAG_CREATED_ALIAS_FROM_PARTNER = 1 << 3
@@ -550,7 +550,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
     # bitwise flags. Allow for future expansion
     flags = sa.Column(
         sa.BigInteger,
-        default=FLAG_DISABLE_CREATE_CONTACTS,
+        default=FLAG_FREE_DISABLE_CREATE_CONTACTS,
         server_default="0",
         nullable=False,
     )
@@ -640,7 +640,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
         # If the user is created from partner, do not notify
         # nor give a trial
         if from_partner:
-            user.flags = User.FLAG_CREATED_FROM_PARTNER
+            user.flags = user.flags | User.FLAG_CREATED_FROM_PARTNER
             user.notification = False
             user.trial_end = None
             Job.create(
@@ -1189,7 +1189,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
     def can_create_contacts(self) -> bool:
         if self.is_premium():
             return True
-        if self.flags & User.FLAG_DISABLE_CREATE_CONTACTS == 0:
+        if self.flags & User.FLAG_FREE_DISABLE_CREATE_CONTACTS == 0:
             return True
         return not config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS
 
@@ -1659,7 +1659,7 @@ class Alias(Base, ModelMixin):
         return False
 
     @staticmethod
-    def get_custom_domain(alias_address) -> Optional["CustomDomain"]:
+    def get_custom_domain(alias_address: str) -> Optional["CustomDomain"]:
         alias_domain = validate_email(
             alias_address, check_deliverability=False, allow_smtputf8=False
         ).domain

app/crontab.yml

@@ -27,7 +27,7 @@ jobs:
   - name: SimpleLogin HIBP check
     command: python /code/cron.py -j check_hibp
     shell: /bin/bash
-    schedule: "*/5 * * * *"
+    schedule: "13 */4 * * *"
     captureStderr: true
     concurrencyPolicy: Forbid
     onFailure:

app/email_handler.py

@@ -600,6 +600,17 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
         else:
             reply_to_contact = get_or_create_reply_to_contact(reply_to, alias, msg)
 
+    if alias.user.delete_on is not None:
+        LOG.d(f"user {user} is pending to be deleted. Do not forward")
+        EmailLog.create(
+            contact_id=contact.id,
+            user_id=contact.user_id,
+            blocked=True,
+            alias_id=contact.alias_id,
+            commit=True,
+        )
+        return [(True, status.E502)]
+
     if not alias.enabled or contact.block_forward:
         LOG.d("%s is disabled, do not forward", alias)
         EmailLog.create(

app/pyproject.toml

@@ -1,3 +1,84 @@
+[project]
+name = "SimpleLogin"
+version = "0.1.0"
+description = "SimpleLogin partner API"
+authors = [ {name="SimpleLogin", email="dev@simplelogin.io"}]
+license = "MIT"
+repository = "https://github.com/simple-login/app"
+keywords = ["email", "alias", "privacy", "oauth2", "openid"]
+packages = [
+    { include = "app/" },
+    { include = "migrations/" },
+]
+include = ["templates/*", "templates/**/*", "local_data/*.txt"]
+
+requires-python = "~=3.10"
+
+dependencies = [
+    "flask ~= 1.1.2",
+    "flask_login ~= 0.5.0",
+    "wtforms ~= 2.3.3",
+    "unidecode ~= 1.1.1",
+    "gunicorn ~= 20.0.4",
+    "bcrypt ~= 3.2.0",
+    "python-dotenv ~= 0.14.0",
+    "ipython ~= 7.31.1",
+    "sqlalchemy_utils ~= 0.36.8",
+    "psycopg2-binary ~= 2.9.3",
+    "sentry_sdk ~= 2.20.0",
+    "blinker ~= 1.4",
+    "arrow ~= 0.16.0",
+    "Flask-WTF ~= 0.14.3",
+    "boto3 ~= 1.35.37",
+    "Flask-Migrate ~= 2.5.3",
+    "flask_admin ~= 1.5.6",
+    "flask-cors ~= 3.0.9",
+    "watchtower ~= 0.8.0",
+    "sqlalchemy-utils == 0.36.8",
+    "jwcrypto ~= 0.8",
+    "yacron~=0.11.2",
+    "flask-debugtoolbar ~= 0.11.0",
+    "requests_oauthlib ~= 1.3.0",
+    "pyopenssl ~= 19.1.0",
+    "aiosmtpd ~= 1.2",
+    "dnspython==2.0.0",
+    "coloredlogs ~= 14.0",
+    "pycryptodome ~= 3.9.8",
+    "phpserialize ~= 1.3",
+    "dkimpy ~= 1.0.5",
+    "pyotp ~= 2.4.0",
+    "flask_profiler ~= 1.8.1",
+    "facebook-sdk ~= 3.1.0",
+    "google-api-python-client ~= 1.12.3",
+    "google-auth-httplib2 ~= 0.0.4",
+    "python-gnupg ~= 0.4.6",
+    "webauthn ~= 0.4.7",
+    "pyspf ~= 2.0.14",
+    "Flask-Limiter == 1.4",
+    "memory_profiler ~= 0.57.0",
+    "gevent ~= 24.11.1",
+    "email-validator ~= 1.1.3",
+    "PGPy == 0.5.4",
+    "coinbase-commerce ~= 1.0.1",
+    "requests ~= 2.25.1",
+    "newrelic ~= 8.8.0",
+    "flanker ~= 0.9.11",
+    "pyre2 ~= 0.3.6",
+    "tldextract ~= 3.1.2",
+    "flask-debugtoolbar-sqlalchemy ~= 0.2.0",
+    "twilio ~= 7.3.2",
+    "Deprecated ~= 1.2.13",
+    "MarkupSafe~=1.1.1",
+    "cryptography ~= 37.0.1",
+    "SQLAlchemy ~= 1.3.24",
+    "redis==4.6.0",
+    "newrelic-telemetry-sdk ~= 0.5.0",
+    "aiospamc == 0.10",
+    "itsdangerous ~= 1.1.0",
+    "werkzeug ~= 1.0.1",
+    "alembic ~= 1.4.3",
+]
+
 [tool.black]
 target-version = ['py310']
 exclude = '''
@@ -27,7 +108,6 @@ exclude = [".venv", "migrations", "app/events/generated"]
 indent = 2
 profile = "jinja"
 blank_line_after_tag = "if,for,include,load,extends,block,endcall"
-
 # H006: Images should have a height attribute
 # H013: Images should have an alt attribute
 # H016: Missing title tag in html. | False positive on template
@@ -43,92 +123,26 @@ blank_line_after_tag = "if,for,include,load,extends,block,endcall"
 # T001: Variables should be wrapped in a single whitespace. | Messes up with comments
 ignore = "H006,H013,H016,H017,H019,H021,H025,H030,H031,T003,J004,J018,T001"
 
-[tool.poetry]
+[tool.uv]
-name = "SimpleLogin"
+dev-dependencies = [
-version = "0.1.0"
+    "pytest ~= 7.0.0",
-description = "open-source email alias solution"
+    "pytest-cov ~= 3.0.0",
-authors = ["SimpleLogin <dev@simplelogin.io>"]
+    "pre-commit ~= 2.17.0",
-license = "MIT"
+    "black ~= 22.1.0",
-repository = "https://github.com/simple-login/app"
+    "djlint==1.34.1",
-keywords = ["email", "alias", "privacy", "oauth2", "openid"]
+    "pylint ~= 2.14.4",
-packages = [
+    "ruff ~= 0.1.5",
-  { include = "app/" },
-  { include = "migrations/" },
 ]
-include = ["templates/*", "templates/**/*", "local_data/*.txt"]
-
-[tool.poetry.dependencies]
-python = "^3.10"
-flask = "^1.1.2"
-flask_login = "^0.5.0"
-wtforms = "^2.3.3"
-unidecode = "^1.1.1"
-gunicorn = "^20.0.4"
-bcrypt = "^3.2.0"
-python-dotenv = "^0.14.0"
-ipython = "^7.31.1"
-sqlalchemy_utils = "^0.36.8"
-psycopg2-binary = "^2.9.3"
-sentry_sdk = "^2.16.0"
-blinker = "^1.4"
-arrow = "^0.16.0"
-Flask-WTF = "^0.14.3"
-boto3 = "^1.15.9"
-Flask-Migrate = "^2.5.3"
-flask_admin = "^1.5.6"
-flask-cors = "^3.0.9"
-watchtower = "^0.8.0"
-sqlalchemy-utils = "^0.36.8"
-jwcrypto = "^0.8"
-yacron = "^0.11.1"
-flask-debugtoolbar = "^0.11.0"
-requests_oauthlib = "^1.3.0"
-pyopenssl = "^19.1.0"
-aiosmtpd = "^1.2"
-dnspython = "^2.0.0"
-coloredlogs = "^14.0"
-pycryptodome = "^3.9.8"
-phpserialize = "^1.3"
-dkimpy = "^1.0.5"
-pyotp = "^2.4.0"
-flask_profiler = "^1.8.1"
-facebook-sdk = "^3.1.0"
-google-api-python-client = "^1.12.3"
-google-auth-httplib2 = "^0.0.4"
-python-gnupg = "^0.4.6"
-webauthn = "^0.4.7"
-pyspf = "^2.0.14"
-Flask-Limiter = "^1.4"
-memory_profiler = "^0.57.0"
-gevent = "22.10.2"
-email_validator = "^1.1.1"
-PGPy = "0.5.4"
-coinbase-commerce = "^1.0.1"
-requests = "^2.25.1"
-newrelic = "8.8.0"
-flanker = "^0.9.11"
-pyre2 = "^0.3.6"
-tldextract = "^3.1.2"
-flask-debugtoolbar-sqlalchemy = "^0.2.0"
-twilio = "^7.3.2"
-Deprecated = "^1.2.13"
-cryptography = "37.0.1"
-SQLAlchemy = "1.3.24"
-redis = "^4.5.3"
-newrelic-telemetry-sdk = "^0.5.0"
-aiospamc = "0.10"
-
-[tool.poetry.dev-dependencies]
-pytest = "^7.0.0"
-pytest-cov = "^3.0.0"
-black = "^22.1.0"
-djlint = "^1.3.0"
-pylint = "^2.14.4"
-
-[tool.poetry.group.dev.dependencies]
-ruff = "^0.1.5"
-pre-commit = "^3.8.0"
 
 [build-system]
-requires = ["poetry>=0.12"]
+requires = ["hatchling"]
-build-backend = "poetry.masonry.api"
+build-backend = "hatchling.build"
+
+[tool.hatch.metadata]
+allow-direct-references = true
+
+[tool.hatch.build.targets.sdist]
+include = ["app", "local_data", "migrations", "templates"]
+
+[tool.hatch.build.targets.wheel]
+packages = ["app", "local_data", "migrations", "templates"]

app/requirements-dev.lock

@@ -0,0 +1,469 @@
+# generated by rye
+# use `rye lock` or `rye sync` to update this lockfile
+#
+# last locked with the following flags:
+#   pre: false
+#   features: []
+#   all-features: false
+#   with-sources: false
+#   generate-hashes: false
+#   universal: false
+
+-e file:.
+aiohappyeyeballs==2.4.4
+    # via aiohttp
+aiohttp==3.11.11
+    # via yacron
+aiosignal==1.3.2
+    # via aiohttp
+aiosmtpd==1.4.6
+    # via simplelogin
+aiosmtplib==3.0.2
+    # via yacron
+aiospamc==0.10.0
+    # via simplelogin
+alembic==1.14.0
+    # via flask-migrate
+appnope==0.1.4
+    # via ipython
+arrow==0.16.0
+    # via simplelogin
+astroid==2.11.7
+    # via pylint
+async-timeout==5.0.1
+    # via aiohttp
+    # via redis
+atpublic==5.0
+    # via aiosmtpd
+attrs==24.3.0
+    # via aiohttp
+    # via aiosmtpd
+    # via flanker
+    # via pytest
+backcall==0.2.0
+    # via ipython
+bcrypt==3.2.2
+    # via simplelogin
+black==22.1.0
+blinker==1.9.0
+    # via flask-debugtoolbar
+    # via simplelogin
+boto3==1.35.99
+    # via simplelogin
+    # via watchtower
+botocore==1.35.99
+    # via boto3
+    # via s3transfer
+cachetools==5.5.0
+    # via google-auth
+cbor2==5.6.5
+    # via webauthn
+certifi==2024.12.14
+    # via aiospamc
+    # via requests
+    # via sentry-sdk
+cffi==1.17.1
+    # via bcrypt
+    # via cryptography
+cfgv==3.4.0
+    # via pre-commit
+chardet==4.0.0
+    # via flanker
+    # via requests
+click==8.1.8
+    # via black
+    # via djlint
+    # via flask
+    # via typer
+coinbase-commerce==1.0.1
+    # via simplelogin
+colorama==0.4.6
+    # via djlint
+coloredlogs==14.3
+    # via simplelogin
+coverage==7.6.10
+    # via pytest-cov
+crontab==0.22.8
+    # via yacron
+cryptography==37.0.4
+    # via flanker
+    # via jwcrypto
+    # via pgpy
+    # via pyopenssl
+    # via simplelogin
+    # via webauthn
+decorator==5.1.1
+    # via ipython
+deprecated==1.2.15
+    # via jwcrypto
+    # via limits
+    # via simplelogin
+dill==0.3.9
+    # via pylint
+distlib==0.3.9
+    # via virtualenv
+djlint==1.3.0
+dkimpy==1.0.6
+    # via simplelogin
+dnspython==2.6.1
+    # via dkimpy
+    # via email-validator
+    # via simplelogin
+email-validator==1.1.3
+    # via simplelogin
+facebook-sdk==3.1.0
+    # via simplelogin
+filelock==3.16.1
+    # via tldextract
+    # via virtualenv
+flanker==0.9.11
+    # via simplelogin
+flask==1.1.2
+    # via flask-admin
+    # via flask-cors
+    # via flask-debugtoolbar
+    # via flask-httpauth
+    # via flask-limiter
+    # via flask-login
+    # via flask-migrate
+    # via flask-profiler
+    # via flask-sqlalchemy
+    # via flask-wtf
+    # via simplelogin
+flask-admin==1.5.8
+    # via simplelogin
+flask-cors==3.0.10
+    # via simplelogin
+flask-debugtoolbar==0.11.0
+    # via flask-debugtoolbar-sqlalchemy
+    # via simplelogin
+flask-debugtoolbar-sqlalchemy==0.2.0
+    # via simplelogin
+flask-httpauth==4.8.0
+    # via flask-profiler
+flask-limiter==1.4
+    # via simplelogin
+flask-login==0.5.0
+    # via simplelogin
+flask-migrate==2.5.3
+    # via simplelogin
+flask-profiler==1.8.1
+    # via simplelogin
+flask-sqlalchemy==2.5.1
+    # via flask-migrate
+flask-wtf==0.14.3
+    # via simplelogin
+frozenlist==1.5.0
+    # via aiohttp
+    # via aiosignal
+future==1.0.0
+    # via webauthn
+gevent==24.11.1
+    # via simplelogin
+google-api-core==2.24.0
+    # via google-api-python-client
+google-api-python-client==1.12.11
+    # via simplelogin
+google-auth==2.37.0
+    # via google-api-core
+    # via google-api-python-client
+    # via google-auth-httplib2
+google-auth-httplib2==0.0.4
+    # via google-api-python-client
+    # via simplelogin
+googleapis-common-protos==1.66.0
+    # via google-api-core
+greenlet==3.1.1
+    # via gevent
+gunicorn==20.0.4
+    # via simplelogin
+html-tag-names==0.1.2
+    # via djlint
+html-void-elements==0.1.0
+    # via djlint
+httplib2==0.22.0
+    # via google-api-python-client
+    # via google-auth-httplib2
+humanfriendly==10.0
+    # via coloredlogs
+identify==2.6.5
+    # via pre-commit
+idna==2.10
+    # via email-validator
+    # via flanker
+    # via requests
+    # via tldextract
+    # via yarl
+importlib-metadata==4.13.0
+    # via djlint
+iniconfig==2.0.0
+    # via pytest
+ipython==7.31.1
+    # via simplelogin
+isort==5.13.2
+    # via pylint
+itsdangerous==1.1.0
+    # via flask
+    # via flask-debugtoolbar
+    # via flask-wtf
+    # via simplelogin
+jedi==0.19.2
+    # via ipython
+jinja2==2.11.3
+    # via flask
+    # via yacron
+jmespath==1.0.1
+    # via boto3
+    # via botocore
+jwcrypto==0.9.1
+    # via simplelogin
+lazy-object-proxy==1.10.0
+    # via astroid
+limits==4.0.0
+    # via flask-limiter
+loguru==0.7.3
+    # via aiospamc
+mako==1.3.8
+    # via alembic
+markupsafe==1.1.1
+    # via jinja2
+    # via mako
+    # via simplelogin
+    # via wtforms
+matplotlib-inline==0.1.7
+    # via ipython
+mccabe==0.7.0
+    # via pylint
+memory-profiler==0.57.0
+    # via simplelogin
+multidict==6.1.0
+    # via aiohttp
+    # via yarl
+mypy-extensions==1.0.0
+    # via black
+newrelic==8.8.1
+    # via simplelogin
+newrelic-telemetry-sdk==0.5.1
+    # via simplelogin
+nodeenv==1.9.1
+    # via pre-commit
+oauthlib==3.2.2
+    # via requests-oauthlib
+packaging==24.2
+    # via limits
+    # via pytest
+parso==0.8.4
+    # via jedi
+pathspec==0.9.0
+    # via black
+    # via djlint
+pexpect==4.9.0
+    # via ipython
+pgpy==0.5.4
+    # via simplelogin
+phpserialize==1.3
+    # via simplelogin
+pickleshare==0.7.5
+    # via ipython
+platformdirs==4.3.6
+    # via black
+    # via pylint
+    # via virtualenv
+pluggy==1.5.0
+    # via pytest
+ply==3.11
+    # via flanker
+pre-commit==2.17.0
+prompt-toolkit==3.0.48
+    # via ipython
+propcache==0.2.1
+    # via aiohttp
+    # via yarl
+proto-plus==1.25.0
+    # via google-api-core
+protobuf==5.29.3
+    # via google-api-core
+    # via googleapis-common-protos
+    # via proto-plus
+psutil==6.1.1
+    # via memory-profiler
+psycopg2-binary==2.9.10
+    # via simplelogin
+ptyprocess==0.7.0
+    # via pexpect
+py==1.11.0
+    # via pytest
+pyasn1==0.6.1
+    # via pgpy
+    # via pyasn1-modules
+    # via rsa
+pyasn1-modules==0.4.1
+    # via google-auth
+pycparser==2.22
+    # via cffi
+pycryptodome==3.9.9
+    # via simplelogin
+pygments==2.19.1
+    # via flask-debugtoolbar-sqlalchemy
+    # via ipython
+pyjwt==2.10.1
+    # via twilio
+pylint==2.14.5
+pyopenssl==19.1.0
+    # via simplelogin
+    # via webauthn
+pyotp==2.4.1
+    # via simplelogin
+pyparsing==3.2.1
+    # via httplib2
+pyre2==0.3.6
+    # via simplelogin
+pyspf==2.0.14
+    # via simplelogin
+pytest==7.0.1
+    # via pytest-cov
+pytest-cov==3.0.0
+python-dateutil==2.9.0.post0
+    # via arrow
+    # via botocore
+    # via strictyaml
+python-dotenv==0.14.0
+    # via simplelogin
+python-gnupg==0.4.9
+    # via simplelogin
+pytz==2024.2
+    # via twilio
+    # via yacron
+pyyaml==6.0.2
+    # via djlint
+    # via pre-commit
+redis==4.5.5
+    # via simplelogin
+regex==2022.10.31
+    # via djlint
+    # via flanker
+requests==2.25.1
+    # via coinbase-commerce
+    # via facebook-sdk
+    # via google-api-core
+    # via requests-file
+    # via requests-oauthlib
+    # via simplelogin
+    # via tldextract
+    # via twilio
+requests-file==2.1.0
+    # via tldextract
+requests-oauthlib==1.3.1
+    # via simplelogin
+rsa==4.9
+    # via google-auth
+ruamel-yaml==0.17.4
+    # via yacron
+ruff==0.1.15
+s3transfer==0.10.4
+    # via boto3
+sentry-sdk==2.20.0
+    # via simplelogin
+    # via yacron
+setuptools==75.8.0
+    # via astroid
+    # via gunicorn
+    # via ipython
+    # via zope-event
+    # via zope-interface
+simplejson==3.19.3
+    # via flask-profiler
+six==1.17.0
+    # via coinbase-commerce
+    # via flanker
+    # via flask-cors
+    # via flask-limiter
+    # via google-api-python-client
+    # via google-auth-httplib2
+    # via jwcrypto
+    # via pgpy
+    # via pyopenssl
+    # via python-dateutil
+    # via sqlalchemy-utils
+    # via webauthn
+sqlalchemy==1.3.24
+    # via alembic
+    # via flask-debugtoolbar-sqlalchemy
+    # via flask-sqlalchemy
+    # via simplelogin
+    # via sqlalchemy-utils
+sqlalchemy-utils==0.36.8
+    # via simplelogin
+sqlparse==0.5.3
+    # via flask-debugtoolbar-sqlalchemy
+strictyaml==1.7.3
+    # via yacron
+tld==0.13
+    # via flanker
+tldextract==3.1.2
+    # via simplelogin
+toml==0.10.2
+    # via pre-commit
+tomli==2.2.1
+    # via black
+    # via coverage
+    # via djlint
+    # via pylint
+    # via pytest
+tomlkit==0.13.2
+    # via pylint
+tqdm==4.67.1
+    # via djlint
+traitlets==5.14.3
+    # via ipython
+    # via matplotlib-inline
+twilio==7.3.2
+    # via simplelogin
+typer==0.9.4
+    # via aiospamc
+typing-extensions==4.12.2
+    # via aiospamc
+    # via alembic
+    # via limits
+    # via multidict
+    # via typer
+unidecode==1.1.2
+    # via simplelogin
+uritemplate==3.0.1
+    # via google-api-python-client
+urllib3==1.26.20
+    # via botocore
+    # via newrelic-telemetry-sdk
+    # via requests
+    # via sentry-sdk
+virtualenv==20.29.0
+    # via pre-commit
+watchtower==0.8.0
+    # via simplelogin
+wcwidth==0.2.13
+    # via prompt-toolkit
+webauthn==0.4.7
+    # via simplelogin
+webob==1.8.9
+    # via flanker
+werkzeug==1.0.1
+    # via flask
+    # via flask-debugtoolbar
+    # via simplelogin
+wrapt==1.17.2
+    # via astroid
+    # via deprecated
+wtforms==2.3.3
+    # via flask-admin
+    # via flask-wtf
+    # via simplelogin
+yacron==0.19.0
+    # via simplelogin
+yarl==1.18.3
+    # via aiohttp
+zipp==3.21.0
+    # via importlib-metadata
+zope-event==5.0
+    # via gevent
+zope-interface==7.2
+    # via gevent

app/requirements.lock

@@ -0,0 +1,392 @@
+# generated by rye
+# use `rye lock` or `rye sync` to update this lockfile
+#
+# last locked with the following flags:
+#   pre: false
+#   features: []
+#   all-features: false
+#   with-sources: false
+#   generate-hashes: false
+#   universal: false
+
+-e file:.
+aiohttp==3.8.4
+    # via google-auth
+    # via yacron
+aiosignal==1.2.0
+    # via aiohttp
+aiosmtpd==1.4.2
+    # via simplelogin
+aiosmtplib==1.1.4
+    # via yacron
+aiospamc==0.10.0
+    # via simplelogin
+alembic==1.4.3
+    # via flask-migrate
+appnope==0.1.0
+    # via ipython
+arrow==0.16.0
+    # via simplelogin
+async-timeout==4.0.2
+    # via aiohttp
+    # via redis
+atpublic==2.0
+    # via aiosmtpd
+attrs==20.2.0
+    # via aiohttp
+    # via aiosmtpd
+    # via flanker
+backcall==0.2.0
+    # via ipython
+bcrypt==3.2.0
+    # via simplelogin
+blinker==1.4
+    # via flask-debugtoolbar
+    # via simplelogin
+boto3==1.35.99
+    # via simplelogin
+    # via watchtower
+botocore==1.35.99
+    # via boto3
+    # via s3transfer
+cachetools==4.1.1
+    # via google-auth
+cbor2==5.2.0
+    # via webauthn
+certifi==2019.11.28
+    # via aiospamc
+    # via requests
+    # via sentry-sdk
+cffi==1.14.4
+    # via bcrypt
+    # via cryptography
+chardet==3.0.4
+    # via flanker
+    # via requests
+charset-normalizer==3.4.1
+    # via aiohttp
+click==8.0.3
+    # via flask
+    # via typer
+coinbase-commerce==1.0.1
+    # via simplelogin
+coloredlogs==14.0
+    # via simplelogin
+crontab==0.22.8
+    # via yacron
+cryptography==37.0.1
+    # via flanker
+    # via jwcrypto
+    # via pgpy
+    # via pyopenssl
+    # via simplelogin
+    # via webauthn
+decorator==4.4.2
+    # via ipython
+deprecated==1.2.13
+    # via simplelogin
+dkimpy==1.0.5
+    # via simplelogin
+dnspython==2.6.1
+    # via dkimpy
+    # via email-validator
+    # via simplelogin
+email-validator==1.1.3
+    # via simplelogin
+facebook-sdk==3.1.0
+    # via simplelogin
+filelock==3.15.4
+    # via tldextract
+flanker==0.9.11
+    # via simplelogin
+flask==1.1.2
+    # via flask-admin
+    # via flask-cors
+    # via flask-debugtoolbar
+    # via flask-httpauth
+    # via flask-limiter
+    # via flask-login
+    # via flask-migrate
+    # via flask-profiler
+    # via flask-sqlalchemy
+    # via flask-wtf
+    # via simplelogin
+flask-admin==1.5.7
+    # via simplelogin
+flask-cors==3.0.9
+    # via simplelogin
+flask-debugtoolbar==0.11.0
+    # via flask-debugtoolbar-sqlalchemy
+    # via simplelogin
+flask-debugtoolbar-sqlalchemy==0.2.0
+    # via simplelogin
+flask-httpauth==4.1.0
+    # via flask-profiler
+flask-limiter==1.4
+    # via simplelogin
+flask-login==0.5.0
+    # via simplelogin
+flask-migrate==2.5.3
+    # via simplelogin
+flask-profiler==1.8.1
+    # via simplelogin
+flask-sqlalchemy==2.5.1
+    # via flask-migrate
+flask-wtf==0.14.3
+    # via simplelogin
+frozenlist==1.3.3
+    # via aiohttp
+    # via aiosignal
+future==0.18.3
+    # via webauthn
+gevent==24.11.1
+    # via simplelogin
+google-api-core==1.22.2
+    # via google-api-python-client
+google-api-python-client==1.12.3
+    # via simplelogin
+google-auth==1.22.0
+    # via google-api-core
+    # via google-api-python-client
+    # via google-auth-httplib2
+google-auth-httplib2==0.0.4
+    # via google-api-python-client
+    # via simplelogin
+googleapis-common-protos==1.52.0
+    # via google-api-core
+greenlet==3.1.1
+    # via gevent
+gunicorn==20.0.4
+    # via simplelogin
+httplib2==0.22.0
+    # via google-api-python-client
+    # via google-auth-httplib2
+humanfriendly==8.2
+    # via coloredlogs
+idna==2.10
+    # via email-validator
+    # via flanker
+    # via requests
+    # via tldextract
+    # via yarl
+ipython==7.31.1
+    # via simplelogin
+ipython-genutils==0.2.0
+    # via traitlets
+itsdangerous==1.1.0
+    # via flask
+    # via flask-debugtoolbar
+    # via flask-wtf
+    # via simplelogin
+jedi==0.17.2
+    # via ipython
+jinja2==2.11.3
+    # via flask
+    # via yacron
+jmespath==0.10.0
+    # via boto3
+    # via botocore
+jwcrypto==0.8
+    # via simplelogin
+limits==1.5.1
+    # via flask-limiter
+loguru==0.7.2
+    # via aiospamc
+mako==1.2.4
+    # via alembic
+markupsafe==1.1.1
+    # via jinja2
+    # via mako
+    # via simplelogin
+    # via wtforms
+matplotlib-inline==0.1.3
+    # via ipython
+memory-profiler==0.57.0
+    # via simplelogin
+multidict==4.7.6
+    # via aiohttp
+    # via yarl
+newrelic==8.8.0
+    # via simplelogin
+newrelic-telemetry-sdk==0.5.0
+    # via simplelogin
+oauthlib==3.1.0
+    # via requests-oauthlib
+parso==0.7.1
+    # via jedi
+pexpect==4.8.0
+    # via ipython
+pgpy==0.5.4
+    # via simplelogin
+phpserialize==1.3
+    # via simplelogin
+pickleshare==0.7.5
+    # via ipython
+ply==3.11
+    # via flanker
+prompt-toolkit==3.0.7
+    # via ipython
+protobuf==5.27.1
+    # via google-api-core
+    # via googleapis-common-protos
+psutil==5.7.2
+    # via memory-profiler
+psycopg2-binary==2.9.3
+    # via simplelogin
+ptyprocess==0.6.0
+    # via pexpect
+pyasn1==0.4.8
+    # via pgpy
+    # via pyasn1-modules
+    # via rsa
+pyasn1-modules==0.2.8
+    # via google-auth
+pycparser==2.20
+    # via cffi
+pycryptodome==3.9.8
+    # via simplelogin
+pygments==2.7.4
+    # via flask-debugtoolbar-sqlalchemy
+    # via ipython
+pyjwt==2.4.0
+    # via twilio
+pyopenssl==19.1.0
+    # via simplelogin
+    # via webauthn
+pyotp==2.4.0
+    # via simplelogin
+pyparsing==2.4.7
+    # via httplib2
+pyre2==0.3.6
+    # via simplelogin
+pyspf==2.0.14
+    # via simplelogin
+python-dateutil==2.8.1
+    # via alembic
+    # via arrow
+    # via botocore
+    # via strictyaml
+python-dotenv==0.14.0
+    # via simplelogin
+python-editor==1.0.4
+    # via alembic
+python-gnupg==0.4.6
+    # via simplelogin
+pytz==2020.1
+    # via google-api-core
+    # via twilio
+    # via yacron
+redis==4.5.5
+    # via simplelogin
+regex==2023.12.25
+    # via flanker
+requests==2.25.1
+    # via coinbase-commerce
+    # via facebook-sdk
+    # via google-api-core
+    # via requests-file
+    # via requests-oauthlib
+    # via simplelogin
+    # via tldextract
+    # via twilio
+requests-file==1.5.1
+    # via tldextract
+requests-oauthlib==1.3.0
+    # via simplelogin
+rsa==4.6
+    # via google-auth
+ruamel-yaml==0.17.4
+    # via strictyaml
+    # via yacron
+s3transfer==0.10.4
+    # via boto3
+sentry-sdk==2.20.0
+    # via simplelogin
+    # via yacron
+setuptools==67.6.0
+    # via google-api-core
+    # via google-auth
+    # via gunicorn
+    # via ipython
+    # via zope-event
+    # via zope-interface
+simplejson==3.17.2
+    # via flask-profiler
+six==1.15.0
+    # via bcrypt
+    # via coinbase-commerce
+    # via flanker
+    # via flask-cors
+    # via flask-limiter
+    # via google-api-core
+    # via google-api-python-client
+    # via google-auth
+    # via google-auth-httplib2
+    # via limits
+    # via pgpy
+    # via pyopenssl
+    # via python-dateutil
+    # via requests-file
+    # via sqlalchemy-utils
+    # via webauthn
+sqlalchemy==1.3.24
+    # via alembic
+    # via flask-debugtoolbar-sqlalchemy
+    # via flask-sqlalchemy
+    # via simplelogin
+    # via sqlalchemy-utils
+sqlalchemy-utils==0.36.8
+    # via simplelogin
+sqlparse==0.4.4
+    # via flask-debugtoolbar-sqlalchemy
+strictyaml==1.1.0
+    # via yacron
+tld==0.12.6
+    # via flanker
+tldextract==3.1.2
+    # via simplelogin
+traitlets==5.0.4
+    # via ipython
+    # via matplotlib-inline
+twilio==7.3.2
+    # via simplelogin
+typer==0.9.0
+    # via aiospamc
+typing-extensions==4.8.0
+    # via aiospamc
+    # via typer
+unidecode==1.1.1
+    # via simplelogin
+uritemplate==3.0.1
+    # via google-api-python-client
+urllib3==1.26.20
+    # via botocore
+    # via newrelic-telemetry-sdk
+    # via requests
+    # via sentry-sdk
+watchtower==0.8.0
+    # via simplelogin
+wcwidth==0.2.5
+    # via prompt-toolkit
+webauthn==0.4.7
+    # via simplelogin
+webob==1.8.7
+    # via flanker
+werkzeug==1.0.1
+    # via flask
+    # via flask-debugtoolbar
+    # via simplelogin
+wrapt==1.15.0
+    # via deprecated
+wtforms==2.3.3
+    # via flask-admin
+    # via flask-wtf
+    # via simplelogin
+yacron==0.19.0
+    # via simplelogin
+yarl==1.9.2
+    # via aiohttp
+zope-event==5.0
+    # via gevent
+zope-interface==7.2
+    # via gevent

app/scripts/new-migration.sh

@@ -12,10 +12,10 @@ docker run -p 25432:5432 --name ${container_name} -e POSTGRES_PASSWORD=postgres
 sleep 3
 
 # upgrade the DB to the latest stage and
-env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl poetry run alembic upgrade head
+env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl uv run alembic upgrade head
 
 # generate the migration script.
-env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl poetry run alembic revision --autogenerate $@
+env DB_URI=postgresql://postgres:postgres@127.0.0.1:25432/sl uv run alembic revision --autogenerate $@
 
 # remove the db
 docker rm -f ${container_name}

app/scripts/reset_local_db.sh

@@ -3,5 +3,5 @@
 export DB_URI=postgresql://myuser:mypassword@localhost:15432/simplelogin
 echo 'drop schema public cascade; create schema public;' | psql  $DB_URI
 
-poetry run alembic upgrade head
+uv run alembic upgrade head
-poetry run flask dummy-data
+uv run flask dummy-data

app/scripts/reset_test_db.sh

@@ -3,4 +3,4 @@
 export DB_URI=postgresql://myuser:mypassword@localhost:15432/test
 echo 'drop schema public cascade; create schema public;' | psql  $DB_URI
 
-poetry run alembic upgrade head
+uv run alembic upgrade head

app/scripts/run-test.sh

@@ -10,10 +10,10 @@ docker run -d --name sl-test-db -e POSTGRES_PASSWORD=test -e POSTGRES_USER=test
 sleep 3
 
 # migrate the DB to the latest version
-CONFIG=tests/test.env poetry run alembic upgrade head
+CONFIG=tests/test.env uv run alembic upgrade head
 
 # run test
-poetry run pytest -c pytest.ci.ini
+uv run pytest -c pytest.ci.ini
 
 # Delete the test DB
 docker rm -f sl-test-db

app/server.py

@@ -44,6 +44,7 @@ from app.admin_model import (
     MetricAdmin,
     InvalidMailboxDomainAdmin,
     EmailSearchAdmin,
+    CustomDomainSearchAdmin,
 )
 from app.api.base import api_bp
 from app.auth.base import auth_bp
@@ -443,6 +444,11 @@ def init_admin(app):
 
     admin.init_app(app, index_view=SLAdminIndexView())
     admin.add_view(EmailSearchAdmin(name="Email Search", endpoint="email_search"))
+    admin.add_view(
+        CustomDomainSearchAdmin(
+            name="Custom domain search", endpoint="custom_domain_search"
+        )
+    )
     admin.add_view(UserAdmin(User, Session))
     admin.add_view(AliasAdmin(Alias, Session))
     admin.add_view(MailboxAdmin(Mailbox, Session))

app/templates/admin/custom_domain_search.html

@@ -0,0 +1,118 @@
+{% extends 'admin/master.html' %}
+
+{% macro show_user(user) -%}
+    <h4>User <a href="/admin/email_search?email={{ user.email }}">{{ user.email }}</a> with ID {{ user.id }}.</h4>
+    <table class="table">
+        <thead>
+        <tr>
+            <th scope="col">User ID</th>
+            <th scope="col">Email</th>
+            <th scope="col">Verified</th>
+            <th scope="col">Status</th>
+            <th scope="col">Paid</th>
+            <th scope="col">Premium</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr>
+            <td>{{ user.id }}</td>
+            <td>
+                <a href="/admin/email_search?email={{ user.email }}">{{ user.email }}</a>
+            </td>
+            {% if user.activated %}
+
+                <td class="text-success">Activated</td>
+            {% else %}
+                <td class="text-warning">Pending</td>
+            {% endif %}
+            {% if user.disabled %}
+
+                <td class="text-danger">Disabled</td>
+            {% else %}
+                <td class="text-success">Enabled</td>
+            {% endif %}
+            <td>{{ "yes" if user.is_paid() else "No" }}</td>
+            <td>{{ "yes" if user.is_premium() else "No" }}</td>
+        </tr>
+        </tbody>
+    </table>
+{%- endmacro %}
+
+
+{% macro show_verification(title, expected, errors) -%}
+    {% if not expected %}
+        <h4 class="mb-3">{{ title }} <span class="text-success">Verified</span></h4>
+    {% else %}
+        <h4 class="mb-3">{{ title }}</h4>
+        <p>Expected</p>
+        <p>{{expected}}</p>
+        <p>Current response</p>
+        <ul class="list-group">
+        {% for error in errors %}
+            <li class="list-group-item">{{ error }}</li>
+        {% endfor %}
+        </ul>
+    {% endif %}
+{%- endmacro %}
+
+
+{% macro show_domain(domain_with_data) -%}
+    <h3>Domain {{ domain_with_data.domain.domain }}</h3>
+    {% set domain = domain_with_data.domain %}
+    <ul class="list-group">
+        <li class="list-group-item">
+            {{ show_verification("Ownership", domain_with_data.ownership_expected, domain_with_data.ownership_validation.errors) }}
+        </li>
+        <li class="list-group-item">
+            {{ show_verification("MX", domain_with_data.mx_expected, domain_with_data.mx_validation.errors) }}
+        </li>
+        <li class="list-group-item">
+            {{ show_verification("SPF", domain_with_data.spf_expected, domain_with_data.spf_validation.errors) }}
+        </li>
+        {% for dkim_domain in domain_with_data.dkim_expected %}
+            <li class="list-group-item">
+            {{ show_verification("DKIM {}.{}".format(dkim_domain, domain.domain), domain_with_data.dkim_expected[dkim_domain], [domain_with_data.dkim_validation.get(dkim_domain+"."+domain.domain,'')]) }}
+            </li>
+        {% endfor %}
+    </ul>
+
+{%- endmacro %}
+
+
+{% block body %}
+
+    <div class="border border-dark border-2 mt-1 mb-2 p-3">
+        <form method="get">
+            <div class="form-group">
+                <label for="email">User or domain to search:</label>
+                <input type="text"
+                       class="form-control"
+                       name="user"
+                       value="{{ query or '' }}" />
+            </div>
+            <button type="submit" class="btn btn-primary">Submit</button>
+        </form>
+    </div>
+    {% if data.no_match and query %}
+        <div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
+             role="alert">No user, alias or mailbox found for {{ query }}</div>
+    {% endif %}
+    {% if data.user %}
+        <div class="border border-dark border-2 mt-1 mb-2 p-3">
+            <h3 class="mb-3">Found User {{ data.user.email }}</h3>
+            {{ show_user(data.user) }}
+        </div>
+    {% endif %}
+    <div class="d-flex">
+
+    {% for domain_with_data in data.domains  %}
+        <div class="card m-2 border-dark" style="width: 30rem;">
+        <div class="card-body">
+            {{ show_domain(domain_with_data) }}
+        </div>
+        </div>
+    {% endfor %}
+    </div>
+
+
+{% endblock %}

app/tests/api/test_alias.py

@@ -549,7 +549,7 @@ def test_create_contact_route_free_users(flask_client):
     assert r.status_code == 201
 
     # End trial and disallow for new free users. Config should allow it
-    user.flags = User.FLAG_DISABLE_CREATE_CONTACTS
+    user.flags = User.FLAG_FREE_DISABLE_CREATE_CONTACTS
     Session.commit()
     r = flask_client.post(
         url_for("api.create_contact_route", alias_id=alias.id),

app/tests/test_contact_utils.py

@@ -135,7 +135,7 @@ def test_create_contact_free_user():
     assert result.contact is not None
     assert not result.contact.automatic_created
     # Free users with the flag should be able to still create automatic emails
-    user.flags = User.FLAG_DISABLE_CREATE_CONTACTS
+    user.flags = User.FLAG_FREE_DISABLE_CREATE_CONTACTS
     Session.flush()
     result = create_contact(random_email(), alias, automatic_created=True)
     assert result.error is None

app/tests/test_email_handler.py

@@ -2,6 +2,7 @@ import random
 from email.message import EmailMessage
 from typing import List
 
+import arrow
 import pytest
 from aiosmtpd.smtp import Envelope
 
@@ -387,3 +388,15 @@ def test_preserve_headers(flask_client):
     msg = sent_mails[0].msg
     for header in headers_to_keep:
         assert msg[header] == header + "keep"
+
+
+def test_not_send_to_pending_to_delete_users(flask_client):
+    user = create_new_user()
+    alias = Alias.create_new_random(user)
+    user.delete_on = arrow.utcnow()
+    envelope = Envelope()
+    envelope.mail_from = "somewhere@lo.cal"
+    envelope.rcpt_tos = [alias.email]
+    msg = EmailMessage()
+    result = email_handler.handle(envelope, msg)
+    assert result == status.E504