app-MAIL-temp/app/dashboard/views/mailbox.py

import base64
import binascii
import json

import arrow
from flask import render_template, request, redirect, url_for, flash
from flask_login import login_required, current_user
from flask_wtf import FlaskForm
from itsdangerous import TimestampSigner
from wtforms import validators, IntegerField
from wtforms.fields.html5 import EmailField

from app import parallel_limiter
from app.config import MAILBOX_SECRET, URL, JOB_DELETE_MAILBOX
from app.dashboard.base import dashboard_bp
from app.db import Session
from app.email_utils import (
    email_can_be_used_as_mailbox,
    mailbox_already_used,
    render,
    send_email,
)
from app.email_validation import is_valid_email
from app.log import LOG
from app.models import Mailbox, Job
from app.utils import CSRFValidationForm


class NewMailboxForm(FlaskForm):
    email = EmailField(
        "email", validators=[validators.DataRequired(), validators.Email()]
    )


class DeleteMailboxForm(FlaskForm):
    mailbox_id = IntegerField(
        validators=[validators.DataRequired()],
    )
    transfer_mailbox_id = IntegerField()


@dashboard_bp.route("/mailbox", methods=["GET", "POST"])
@login_required
@parallel_limiter.lock(only_when=lambda: request.method == "POST")
def mailbox_route():
    mailboxes = (
        Mailbox.filter_by(user_id=current_user.id)
        .order_by(Mailbox.created_at.desc())
        .all()
    )

    new_mailbox_form = NewMailboxForm()
    csrf_form = CSRFValidationForm()
    delete_mailbox_form = DeleteMailboxForm()

    if request.method == "POST":
        if request.form.get("form-name") == "delete":
            if not delete_mailbox_form.validate():
                flash("Invalid request", "warning")
                return redirect(request.url)
            mailbox = Mailbox.get(delete_mailbox_form.mailbox_id.data)

            if not mailbox or mailbox.user_id != current_user.id:
                flash("Invalid mailbox. Refresh the page", "warning")
                return redirect(url_for("dashboard.mailbox_route"))

            if mailbox.id == current_user.default_mailbox_id:
                flash("You cannot delete default mailbox", "error")
                return redirect(url_for("dashboard.mailbox_route"))

            transfer_mailbox_id = delete_mailbox_form.transfer_mailbox_id.data
            if transfer_mailbox_id and transfer_mailbox_id > 0:
                transfer_mailbox = Mailbox.get(transfer_mailbox_id)

                if not transfer_mailbox or transfer_mailbox.user_id != current_user.id:
                    flash(
                        "You must transfer the aliases to a mailbox you own.", "error"
                    )
                    return redirect(url_for("dashboard.mailbox_route"))

                if transfer_mailbox.id == mailbox.id:
                    flash(
                        "You can not transfer the aliases to the mailbox you want to delete.",
                        "error",
                    )
                    return redirect(url_for("dashboard.mailbox_route"))

                if not transfer_mailbox.verified:
                    flash("Your new mailbox is not verified", "error")
                    return redirect(url_for("dashboard.mailbox_route"))

            # Schedule delete account job
            LOG.w(
                f"schedule delete mailbox job for {mailbox.id} with transfer to mailbox {transfer_mailbox_id}"
            )
            Job.create(
                name=JOB_DELETE_MAILBOX,
                payload={
                    "mailbox_id": mailbox.id,
                    "transfer_mailbox_id": transfer_mailbox_id
                    if transfer_mailbox_id > 0
                    else None,
                },
                run_at=arrow.now(),
                commit=True,
            )

            flash(
                f"Mailbox {mailbox.email} scheduled for deletion."
                f"You will receive a confirmation email when the deletion is finished",
                "success",
            )

            return redirect(url_for("dashboard.mailbox_route"))
        if request.form.get("form-name") == "set-default":
            if not csrf_form.validate():
                flash("Invalid request", "warning")
                return redirect(request.url)
            mailbox_id = request.form.get("mailbox_id")
            mailbox = Mailbox.get(mailbox_id)

            if not mailbox or mailbox.user_id != current_user.id:
                flash("Unknown error. Refresh the page", "warning")
                return redirect(url_for("dashboard.mailbox_route"))

            if mailbox.id == current_user.default_mailbox_id:
                flash("This mailbox is already default one", "error")
                return redirect(url_for("dashboard.mailbox_route"))

            if not mailbox.verified:
                flash("Cannot set unverified mailbox as default", "error")
                return redirect(url_for("dashboard.mailbox_route"))

            current_user.default_mailbox_id = mailbox.id
            Session.commit()
            flash(f"Mailbox {mailbox.email} is set as Default Mailbox", "success")

            return redirect(url_for("dashboard.mailbox_route"))

        elif request.form.get("form-name") == "create":
            if not current_user.is_premium():
                flash("Only premium plan can add additional mailbox", "warning")
                return redirect(url_for("dashboard.mailbox_route"))

            if new_mailbox_form.validate():
                mailbox_email = (
                    new_mailbox_form.email.data.lower().strip().replace(" ", "")
                )

                if not is_valid_email(mailbox_email):
                    flash(f"{mailbox_email} invalid", "error")
                elif mailbox_already_used(mailbox_email, current_user):
                    flash(f"{mailbox_email} already used", "error")
                elif not email_can_be_used_as_mailbox(mailbox_email):
                    flash(f"You cannot use {mailbox_email}.", "error")
                else:
                    new_mailbox = Mailbox.create(
                        email=mailbox_email, user_id=current_user.id
                    )
                    Session.commit()

                    send_verification_email(current_user, new_mailbox)

                    flash(
                        f"You are going to receive an email to confirm {mailbox_email}.",
                        "success",
                    )

                    return redirect(
                        url_for(
                            "dashboard.mailbox_detail_route",
                            mailbox_id=new_mailbox.id,
                        )
                    )

    return render_template(
        "dashboard/mailbox.html",
        mailboxes=mailboxes,
        new_mailbox_form=new_mailbox_form,
        delete_mailbox_form=delete_mailbox_form,
        csrf_form=csrf_form,
    )


def send_verification_email(user, mailbox):
    s = TimestampSigner(MAILBOX_SECRET)
    encoded_data = json.dumps([mailbox.id, mailbox.email]).encode("utf-8")
    b64_data = base64.urlsafe_b64encode(encoded_data)
    mailbox_id_signed = s.sign(b64_data).decode()
    verification_url = (
        URL + "/dashboard/mailbox_verify" + f"?mailbox_id={mailbox_id_signed}"
    )
    send_email(
        mailbox.email,
        f"Please confirm your mailbox {mailbox.email}",
        render(
            "transactional/verify-mailbox.txt.jinja2",
            user=user,
            link=verification_url,
            mailbox_email=mailbox.email,
        ),
        render(
            "transactional/verify-mailbox.html",
            user=user,
            link=verification_url,
            mailbox_email=mailbox.email,
        ),
    )


@dashboard_bp.route("/mailbox_verify")
def mailbox_verify():
    s = TimestampSigner(MAILBOX_SECRET)
    mailbox_verify_request = request.args.get("mailbox_id")
    try:
        mailbox_raw_data = s.unsign(mailbox_verify_request, max_age=900)
    except Exception:
        flash("Invalid link. Please delete and re-add your mailbox", "error")
        return redirect(url_for("dashboard.mailbox_route"))
    try:
        decoded_data = base64.urlsafe_b64decode(mailbox_raw_data)
    except binascii.Error:
        flash("Invalid link. Please delete and re-add your mailbox", "error")
        return redirect(url_for("dashboard.mailbox_route"))
    mailbox_data = json.loads(decoded_data)
    if not isinstance(mailbox_data, list) or len(mailbox_data) != 2:
        flash("Invalid link. Please delete and re-add your mailbox", "error")
        return redirect(url_for("dashboard.mailbox_route"))
    mailbox_id = mailbox_data[0]
    mailbox = Mailbox.get(mailbox_id)
    if not mailbox:
        flash("Invalid link", "error")
        return redirect(url_for("dashboard.mailbox_route"))
    mailbox_email = mailbox_data[1]
    if mailbox_email != mailbox.email:
        flash("Invalid link", "error")
        return redirect(url_for("dashboard.mailbox_route"))

    mailbox.verified = True
    Session.commit()

    LOG.d("Mailbox %s is verified", mailbox)

    return render_template("dashboard/mailbox_validation.html", mailbox=mailbox)
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`import base64`
			`import binascii`
			`import json`

Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`import arrow`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`from flask import render_template, request, redirect, url_for, flash`
			`from flask_login import login_required, current_user`
			`from flask_wtf import FlaskForm`
Fix: Use timed signers to avoid leaving permanent links (#1524) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-12 12:34:14 +01:00			`from itsdangerous import TimestampSigner`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`from wtforms import validators, IntegerField`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`from wtforms.fields.html5 import EmailField`

Added parallel limiting to creating custom domains, directories, mailboxes and subdomains (#1525) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-11 22:08:52 +01:00			`from app import parallel_limiter`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`from app.config import MAILBOX_SECRET, URL, JOB_DELETE_MAILBOX`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`from app.dashboard.base import dashboard_bp`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`from app.db import Session`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`from app.email_utils import (`
			`email_can_be_used_as_mailbox,`
			`mailbox_already_used,`
			`render,`
			`send_email,`
Add code verification for creating mailboxes (#1725) * Add code verification for creating mailboxes * Added validation checks * Use exceptions * Added delete to the mailbox utils * Fix test * Update package.lock * Fix delete error --------- Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 16:35:58 +02:00			`)`
Sanitize alias, contacts, mailboxes and users before creating them (#1829) * Sanitize alias, contacts, mailboxes and users before creating them * Updated comments and moved crons to run when load is low * Run the stats at the same time as previously --------- Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-08-03 10:20:25 +02:00			`from app.email_validation import is_valid_email`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`from app.log import LOG`
			`from app.models import Mailbox, Job`
Fix: Add csrf verification to directory updates (#1358) * Fix: Add csrf verification to directory updates * Update templates/dashboard/directory.html * Added csrf for delete account form * Fix tests * Added CSRF check for settings page * Added csrf to batch import * Added CSRF to alias dashboard and alias transfer * Added csrf to contact manager * Added csrf to mailbox * Added csrf for mailbox detail * Added csrf to domain detail * Lint Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-10-27 10:04:47 +02:00			`from app.utils import CSRFValidationForm`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00

			`class NewMailboxForm(FlaskForm):`
			`email = EmailField(`
			`"email", validators=[validators.DataRequired(), validators.Email()]`
			`)`


Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`class DeleteMailboxForm(FlaskForm):`
			`mailbox_id = IntegerField(`
			`validators=[validators.DataRequired()],`
			`)`
			`transfer_mailbox_id = IntegerField()`


User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`@dashboard_bp.route("/mailbox", methods=["GET", "POST"])`
			`@login_required`
Added parallel limiting to creating custom domains, directories, mailboxes and subdomains (#1525) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-11 22:08:52 +01:00			`@parallel_limiter.lock(only_when=lambda: request.method == "POST")`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`def mailbox_route():`
Order mailbox by created order 2020-04-28 20:22:37 +02:00			`mailboxes = (`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Mailbox.filter_by(user_id=current_user.id)`
Order mailbox by created order 2020-04-28 20:22:37 +02:00			`.order_by(Mailbox.created_at.desc())`
			`.all()`
			`)`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00
			`new_mailbox_form = NewMailboxForm()`
Fix: Add csrf verification to directory updates (#1358) * Fix: Add csrf verification to directory updates * Update templates/dashboard/directory.html * Added csrf for delete account form * Fix tests * Added CSRF check for settings page * Added csrf to batch import * Added CSRF to alias dashboard and alias transfer * Added csrf to contact manager * Added csrf to mailbox * Added csrf for mailbox detail * Added csrf to domain detail * Lint Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-10-27 10:04:47 +02:00			`csrf_form = CSRFValidationForm()`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`delete_mailbox_form = DeleteMailboxForm()`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00
			`if request.method == "POST":`
			`if request.form.get("form-name") == "delete":`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`if not delete_mailbox_form.validate():`
			`flash("Invalid request", "warning")`
			`return redirect(request.url)`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`mailbox = Mailbox.get(delete_mailbox_form.mailbox_id.data)`

			`if not mailbox or mailbox.user_id != current_user.id:`
			`flash("Invalid mailbox. Refresh the page", "warning")`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`if mailbox.id == current_user.default_mailbox_id:`
			`flash("You cannot delete default mailbox", "error")`
cannot delete default mailbox 2020-02-23 09:41:53 +01:00			`return redirect(url_for("dashboard.mailbox_route"))`

Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`transfer_mailbox_id = delete_mailbox_form.transfer_mailbox_id.data`
			`if transfer_mailbox_id and transfer_mailbox_id > 0:`
			`transfer_mailbox = Mailbox.get(transfer_mailbox_id)`

			`if not transfer_mailbox or transfer_mailbox.user_id != current_user.id:`
			`flash(`
			`"You must transfer the aliases to a mailbox you own.", "error"`
			`)`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`if transfer_mailbox.id == mailbox.id:`
			`flash(`
			`"You can not transfer the aliases to the mailbox you want to delete.",`
			`"error",`
			`)`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`if not transfer_mailbox.verified:`
			`flash("Your new mailbox is not verified", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`# Schedule delete account job`
			`LOG.w(`
			`f"schedule delete mailbox job for {mailbox.id} with transfer to mailbox {transfer_mailbox_id}"`
			`)`
			`Job.create(`
			`name=JOB_DELETE_MAILBOX,`
			`payload={`
			`"mailbox_id": mailbox.id,`
			`"transfer_mailbox_id": transfer_mailbox_id`
			`if transfer_mailbox_id > 0`
			`else None,`
			`},`
			`run_at=arrow.now(),`
			`commit=True,`
			`)`

make mailbox deletion async 2021-08-15 17:50:47 +02:00			`flash(`
			`f"Mailbox {mailbox.email} scheduled for deletion."`
			`f"You will receive a confirmation email when the deletion is finished",`
			`"success",`
			`)`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00
Can set a mailbox as default 2020-02-23 09:51:26 +01:00			`return redirect(url_for("dashboard.mailbox_route"))`
			`if request.form.get("form-name") == "set-default":`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`if not csrf_form.validate():`
			`flash("Invalid request", "warning")`
			`return redirect(request.url)`
			`mailbox_id = request.form.get("mailbox_id")`
Can set a mailbox as default 2020-02-23 09:51:26 +01:00			`mailbox = Mailbox.get(mailbox_id)`

			`if not mailbox or mailbox.user_id != current_user.id:`
			`flash("Unknown error. Refresh the page", "warning")`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`if mailbox.id == current_user.default_mailbox_id:`
			`flash("This mailbox is already default one", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`if not mailbox.verified:`
			`flash("Cannot set unverified mailbox as default", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`

			`current_user.default_mailbox_id = mailbox.id`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
Can set a mailbox as default 2020-02-23 09:51:26 +01:00			`flash(f"Mailbox {mailbox.email} is set as Default Mailbox", "success")`

User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`return redirect(url_for("dashboard.mailbox_route"))`

			`elif request.form.get("form-name") == "create":`
only premium plan can add additional mailbox 2020-02-29 12:12:55 +01:00			`if not current_user.is_premium():`
			`flash("Only premium plan can add additional mailbox", "warning")`
			`return redirect(url_for("dashboard.mailbox_route"))`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00
			`if new_mailbox_form.validate():`
			`mailbox_email = (`
			`new_mailbox_form.email.data.lower().strip().replace(" ", "")`
Add code verification for creating mailboxes (#1725) * Add code verification for creating mailboxes * Added validation checks * Use exceptions * Added delete to the mailbox utils * Fix test * Update package.lock * Fix delete error --------- Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 16:35:58 +02:00			`)`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00
			`if not is_valid_email(mailbox_email):`
			`flash(f"{mailbox_email} invalid", "error")`
			`elif mailbox_already_used(mailbox_email, current_user):`
			`flash(f"{mailbox_email} already used", "error")`
			`elif not email_can_be_used_as_mailbox(mailbox_email):`
			`flash(f"You cannot use {mailbox_email}.", "error")`
			`else:`
			`new_mailbox = Mailbox.create(`
			`email=mailbox_email, user_id=current_user.id`
			`)`
			`Session.commit()`

			`send_verification_email(current_user, new_mailbox)`

			`flash(`
			`f"You are going to receive an email to confirm {mailbox_email}.",`
			`"success",`
			`)`

			`return redirect(`
			`url_for(`
			`"dashboard.mailbox_detail_route",`
			`mailbox_id=new_mailbox.id,`
			`)`
redirect user to mailbox detail page when creating new mailbox 2020-03-08 22:59:19 +01:00			`)`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00
			`return render_template(`
			`"dashboard/mailbox.html",`
			`mailboxes=mailboxes,`
			`new_mailbox_form=new_mailbox_form,`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`delete_mailbox_form=delete_mailbox_form,`
Fix: Add csrf verification to directory updates (#1358) * Fix: Add csrf verification to directory updates * Update templates/dashboard/directory.html * Added csrf for delete account form * Fix tests * Added CSRF check for settings page * Added csrf to batch import * Added CSRF to alias dashboard and alias transfer * Added csrf to contact manager * Added csrf to mailbox * Added csrf for mailbox detail * Added csrf to domain detail * Lint Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-10-27 10:04:47 +02:00			`csrf_form=csrf_form,`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`)`


Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`def send_verification_email(user, mailbox):`
			`s = TimestampSigner(MAILBOX_SECRET)`
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`encoded_data = json.dumps([mailbox.id, mailbox.email]).encode("utf-8")`
			`b64_data = base64.urlsafe_b64encode(encoded_data)`
			`mailbox_id_signed = s.sign(b64_data).decode()`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00			`verification_url = (`
			`URL + "/dashboard/mailbox_verify" + f"?mailbox_id={mailbox_id_signed}"`
			`)`
			`send_email(`
			`mailbox.email,`
			`f"Please confirm your mailbox {mailbox.email}",`
			`render(`
			`"transactional/verify-mailbox.txt.jinja2",`
			`user=user,`
			`link=verification_url,`
			`mailbox_email=mailbox.email,`
			`),`
			`render(`
			`"transactional/verify-mailbox.html",`
			`user=user,`
			`link=verification_url,`
			`mailbox_email=mailbox.email,`
			`),`
			`)`


User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`@dashboard_bp.route("/mailbox_verify")`
			`def mailbox_verify():`
Fix: Use timed signers to avoid leaving permanent links (#1524) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-12 12:34:14 +01:00			`s = TimestampSigner(MAILBOX_SECRET)`
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`mailbox_verify_request = request.args.get("mailbox_id")`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`try:`
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`mailbox_raw_data = s.unsign(mailbox_verify_request, max_age=900)`
Handle unsign can generate other exceptions 2020-03-09 09:17:40 +01:00			`except Exception:`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00			`flash("Invalid link. Please delete and re-add your mailbox", "error")`
Handle unsign can generate other exceptions 2020-03-09 09:17:40 +01:00			`return redirect(url_for("dashboard.mailbox_route"))`
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`try:`
			`decoded_data = base64.urlsafe_b64decode(mailbox_raw_data)`
			`except binascii.Error:`
			`flash("Invalid link. Please delete and re-add your mailbox", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`
			`mailbox_data = json.loads(decoded_data)`
			`if not isinstance(mailbox_data, list) or len(mailbox_data) != 2:`
			`flash("Invalid link. Please delete and re-add your mailbox", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`
			`mailbox_id = mailbox_data[0]`
			`mailbox = Mailbox.get(mailbox_id)`
			`if not mailbox:`
			`flash("Invalid link", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`
			`mailbox_email = mailbox_data[1]`
			`if mailbox_email != mailbox.email:`
			`flash("Invalid link", "error")`
			`return redirect(url_for("dashboard.mailbox_route"))`
Handle the case where a deleted mailbox verification link is clicked 2020-05-06 10:06:05 +02:00
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`mailbox.verified = True`
			`Session.commit()`
User can add/delete/verify mailbox 2020-02-10 17:17:05 +01:00
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`LOG.d("Mailbox %s is verified", mailbox)`
Use a better mailbox validation page 2020-03-14 14:45:37 +01:00
Fix: send also mailbox email to verify so that mailbox changes are not allowed (#1777) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-21 18:56:22 +02:00			`return render_template("dashboard/mailbox_validation.html", mailbox=mailbox)`