app-MAIL-temp/app/dashboard/views/custom_alias.py

from email_validator import validate_email, EmailNotValidError
from flask import render_template, redirect, url_for, flash, request
from flask_login import login_required, current_user
from sqlalchemy.exc import IntegrityError

from app import parallel_limiter
from app.alias_suffix import (
    get_alias_suffixes,
    check_suffix_signature,
    verify_prefix_suffix,
)
from app.alias_utils import check_alias_prefix
from app.config import (
    ALIAS_LIMIT,
)
from app.dashboard.base import dashboard_bp
from app.db import Session
from app.extensions import limiter
from app.log import LOG
from app.models import (
    Alias,
    DeletedAlias,
    Mailbox,
    AliasMailbox,
    DomainDeletedAlias,
)
from app.utils import CSRFValidationForm


@dashboard_bp.route("/custom_alias", methods=["GET", "POST"])
@limiter.limit(ALIAS_LIMIT, methods=["POST"])
@login_required
@parallel_limiter.lock(name="alias_creation")
def custom_alias():
    # check if user has not exceeded the alias quota
    if not current_user.can_create_new_alias():
        LOG.d("%s can't create new alias", current_user)
        flash(
            "You have reached free plan limit, please upgrade to create new aliases",
            "warning",
        )
        return redirect(url_for("dashboard.index"))

    user_custom_domains = [cd.domain for cd in current_user.verified_custom_domains()]
    alias_suffixes = get_alias_suffixes(current_user)
    at_least_a_premium_domain = False
    for alias_suffix in alias_suffixes:
        if not alias_suffix.is_custom and alias_suffix.is_premium:
            at_least_a_premium_domain = True
            break

    csrf_form = CSRFValidationForm()
    mailboxes = current_user.mailboxes()

    if request.method == "POST":
        if not csrf_form.validate():
            flash("Invalid request", "warning")
            return redirect(request.url)
        alias_prefix = request.form.get("prefix").strip().lower().replace(" ", "")
        signed_alias_suffix = request.form.get("signed-alias-suffix")
        mailbox_ids = request.form.getlist("mailboxes")
        alias_note = request.form.get("note")

        if not check_alias_prefix(alias_prefix):
            flash(
                "Only lowercase letters, numbers, dashes (-), dots (.) and underscores (_) "
                "are currently supported for alias prefix. Cannot be more than 40 letters",
                "error",
            )
            return redirect(request.url)

        # check if mailbox is not tempered with
        mailboxes = []
        for mailbox_id in mailbox_ids:
            mailbox = Mailbox.get(mailbox_id)
            if (
                not mailbox
                or mailbox.user_id != current_user.id
                or not mailbox.verified
            ):
                flash("Something went wrong, please retry", "warning")
                return redirect(request.url)
            mailboxes.append(mailbox)

        if not mailboxes:
            flash("At least one mailbox must be selected", "error")
            return redirect(request.url)

        try:
            suffix = check_suffix_signature(signed_alias_suffix)
            if not suffix:
                LOG.w("Alias creation time expired for %s", current_user)
                flash("Alias creation time is expired, please retry", "warning")
                return redirect(request.url)
        except Exception:
            LOG.w("Alias suffix is tampered, user %s", current_user)
            flash("Unknown error, refresh the page", "error")
            return redirect(request.url)

        if verify_prefix_suffix(current_user, alias_prefix, suffix):
            full_alias = alias_prefix + suffix

            if ".." in full_alias:
                flash("Your alias can't contain 2 consecutive dots (..)", "error")
                return redirect(request.url)

            try:
                validate_email(
                    full_alias, check_deliverability=False, allow_smtputf8=False
                )
            except EmailNotValidError as e:
                flash(str(e), "error")
                return redirect(request.url)

            general_error_msg = f"{full_alias} cannot be used"

            if Alias.get_by(email=full_alias):
                alias = Alias.get_by(email=full_alias)
                if alias.user_id == current_user.id:
                    flash(f"You already have this alias {full_alias}", "error")
                else:
                    flash(general_error_msg, "error")
            elif DomainDeletedAlias.get_by(email=full_alias):
                domain_deleted_alias: DomainDeletedAlias = DomainDeletedAlias.get_by(
                    email=full_alias
                )
                custom_domain = domain_deleted_alias.domain
                flash(
                    f"You have deleted this alias before. You can restore it on "
                    f"{custom_domain.domain} 'Deleted Alias' page",
                    "error",
                )

            elif DeletedAlias.get_by(email=full_alias):
                flash(general_error_msg, "error")

            else:
                try:
                    alias = Alias.create(
                        user_id=current_user.id,
                        email=full_alias,
                        note=alias_note,
                        mailbox_id=mailboxes[0].id,
                    )
                    Session.flush()
                except IntegrityError:
                    LOG.w("Alias %s already exists", full_alias)
                    Session.rollback()
                    flash("Unknown error, please retry", "error")
                    return redirect(url_for("dashboard.custom_alias"))

                for i in range(1, len(mailboxes)):
                    AliasMailbox.create(
                        alias_id=alias.id,
                        mailbox_id=mailboxes[i].id,
                    )

                Session.commit()
                flash(f"Alias {full_alias} has been created", "success")

                return redirect(url_for("dashboard.index", highlight_alias_id=alias.id))
        # only happen if the request has been "hacked"
        else:
            flash("something went wrong", "warning")

    return render_template(
        "dashboard/custom_alias.html",
        user_custom_domains=user_custom_domains,
        alias_suffixes=alias_suffixes,
        at_least_a_premium_domain=at_least_a_premium_domain,
        mailboxes=mailboxes,
        csrf_form=csrf_form,
    )
validate the alias address before creating 2022-01-09 20:22:41 +01:00			`from email_validator import validate_email, EmailNotValidError`
check if alias is not deleted before in custom-alias page 2020-01-29 17:57:11 +01:00			`from flask import render_template, redirect, url_for, flash, request`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`from flask_login import login_required, current_user`
Handle IntegrityError when creating new alias 2020-10-24 15:50:29 +02:00			`from sqlalchemy.exc import IntegrityError`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00
Feat: Added parallel limiter to prevent sqlalchemy transaction issues (#1360) * Feat: Added parallel limiter to prevent sqlalchemy transaction issues * Remove logs * Moved initialization to its own file * Throw exception * Added test * Add redis to gh actions * Added v6 to the name * Removed debug prints Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-10-27 10:07:02 +02:00			`from app import parallel_limiter`
Refactor alias suffix (#1194) * Extract suffix generation and validation to a module * Updated tests * Make custom alias use signed suffixes * Added the signature check to the module * Fix invalid route * Move more suffix related stuff * Fix tests Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-27 17:40:22 +02:00			`from app.alias_suffix import (`
			`get_alias_suffixes,`
			`check_suffix_signature,`
			`verify_prefix_suffix,`
			`)`
Use check_alias_prefix() to check alias prefix 2020-11-03 10:39:08 +01:00			`from app.alias_utils import check_alias_prefix`
Anti tamper: avoid submitting any suffix 2020-05-02 12:15:03 +02:00			`from app.config import (`
add limiter on custom alias page 2021-03-24 16:52:05 +01:00			`ALIAS_LIMIT,`
Anti tamper: avoid submitting any suffix 2020-05-02 12:15:03 +02:00			`)`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`from app.dashboard.base import dashboard_bp`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`from app.db import Session`
			`from app.extensions import limiter`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`from app.log import LOG`
check if an alias is domain trash before creating it 2020-05-23 11:51:35 +02:00			`from app.models import (`
			`Alias,`
			`DeletedAlias,`
			`Mailbox,`
			`AliasMailbox,`
			`DomainDeletedAlias,`
			`)`
Require CSRF check on custom alias creation (#1977) 2023-12-20 16:15:01 +01:00			`from app.utils import CSRFValidationForm`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00
Sign the whole Alias Suffix Info instead of just the suffix 2021-07-19 20:14:59 +02:00
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`@dashboard_bp.route("/custom_alias", methods=["GET", "POST"])`
add limiter on custom alias page 2021-03-24 16:52:05 +01:00			`@limiter.limit(ALIAS_LIMIT, methods=["POST"])`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`@login_required`
Feat: Added parallel limiter to prevent sqlalchemy transaction issues (#1360) * Feat: Added parallel limiter to prevent sqlalchemy transaction issues * Remove logs * Moved initialization to its own file * Throw exception * Added test * Add redis to gh actions * Added v6 to the name * Removed debug prints Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-10-27 10:07:02 +02:00			`@parallel_limiter.lock(name="alias_creation")`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`def custom_alias():`
Use the same design as on extension for custom alias: domains are presented in a dropdown list 2020-01-22 00:03:25 +01:00			`# check if user has not exceeded the alias quota`
rename can_create_new_custom_alias -> can_create_new_alias 2019-12-22 17:27:55 +01:00			`if not current_user.can_create_new_alias():`
free trial account can't create more than MAX_NB_EMAIL_FREE_PLAN aliases 2021-04-09 12:40:55 +02:00			`LOG.d("%s can't create new alias", current_user)`
Handle trial period - user can upgrade to lifetime if in trial or free - free or trial user can buy a subscription - user has all features when in trial 2020-01-30 04:52:56 +01:00			`flash(`
			`"You have reached free plan limit, please upgrade to create new aliases",`
			`"warning",`
			`)`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00			`return redirect(url_for("dashboard.index"))`

Use the same design as on extension for custom alias: domains are presented in a dropdown list 2020-01-22 00:03:25 +01:00			`user_custom_domains = [cd.domain for cd in current_user.verified_custom_domains()]`
Sign the whole Alias Suffix Info instead of just the suffix 2021-07-19 20:14:59 +02:00			`alias_suffixes = get_alias_suffixes(current_user)`
display whether a domain is premium 2020-10-20 16:44:22 +02:00			`at_least_a_premium_domain = False`
Sign the whole Alias Suffix Info instead of just the suffix 2021-07-19 20:14:59 +02:00			`for alias_suffix in alias_suffixes:`
			`if not alias_suffix.is_custom and alias_suffix.is_premium:`
display whether a domain is premium 2020-10-20 16:44:22 +02:00			`at_least_a_premium_domain = True`
			`break`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00
Require CSRF check on custom alias creation (#1977) 2023-12-20 16:15:01 +01:00			`csrf_form = CSRFValidationForm()`
Support multiple mailboxes in custom alias page 2020-05-03 16:50:39 +02:00			`mailboxes = current_user.mailboxes()`
User can choose mailbox when creating a new alias 2020-02-10 17:19:42 +01:00
handle custom domain in custom alias 2019-12-02 01:34:54 +01:00			`if request.method == "POST":`
Require CSRF check on custom alias creation (#1977) 2023-12-20 16:15:01 +01:00			`if not csrf_form.validate():`
			`flash("Invalid request", "warning")`
			`return redirect(request.url)`
make sure to remove whitespace in alias 2020-09-02 09:56:16 +02:00			`alias_prefix = request.form.get("prefix").strip().lower().replace(" ", "")`
Sign the whole Alias Suffix Info instead of just the suffix 2021-07-19 20:14:59 +02:00			`signed_alias_suffix = request.form.get("signed-alias-suffix")`
Support multiple mailboxes in custom alias page 2020-05-03 16:50:39 +02:00			`mailbox_ids = request.form.getlist("mailboxes")`
user can set note when creating custom alias 2020-02-05 11:36:06 +01:00			`alias_note = request.form.get("note")`
Use the same design as on extension for custom alias: domains are presented in a dropdown list 2020-01-22 00:03:25 +01:00
Use check_alias_prefix() to check alias prefix 2020-11-03 10:39:08 +01:00			`if not check_alias_prefix(alias_prefix):`
			`flash(`
support dot in alias prefix 2021-04-30 11:37:17 +02:00			`"Only lowercase letters, numbers, dashes (-), dots (.) and underscores (_) "`
make sure alias prefix cannot be more than 40 chars 2020-11-18 10:38:35 +01:00			`"are currently supported for alias prefix. Cannot be more than 40 letters",`
Use check_alias_prefix() to check alias prefix 2020-11-03 10:39:08 +01:00			`"error",`
			`)`
validate the alias address before creating 2022-01-09 20:22:41 +01:00			`return redirect(request.url)`
Use check_alias_prefix() to check alias prefix 2020-11-03 10:39:08 +01:00
User can choose mailbox when creating a new alias 2020-02-10 17:19:42 +01:00			`# check if mailbox is not tempered with`
Support multiple mailboxes in custom alias page 2020-05-03 16:50:39 +02:00			`mailboxes = []`
			`for mailbox_id in mailbox_ids:`
			`mailbox = Mailbox.get(mailbox_id)`
			`if (`
			`not mailbox`
			`or mailbox.user_id != current_user.id`
			`or not mailbox.verified`
			`):`
User can choose mailbox when creating a new alias 2020-02-10 17:19:42 +01:00			`flash("Something went wrong, please retry", "warning")`
validate the alias address before creating 2022-01-09 20:22:41 +01:00			`return redirect(request.url)`
Support multiple mailboxes in custom alias page 2020-05-03 16:50:39 +02:00			`mailboxes.append(mailbox)`

			`if not mailboxes:`
			`flash("At least one mailbox must be selected", "error")`
validate the alias address before creating 2022-01-09 20:22:41 +01:00			`return redirect(request.url)`
User can choose mailbox when creating a new alias 2020-02-10 17:19:42 +01:00
Anti tamper: avoid submitting any suffix 2020-05-02 12:15:03 +02:00			`try:`
Refactor alias suffix (#1194) * Extract suffix generation and validation to a module * Updated tests * Make custom alias use signed suffixes * Added the signature check to the module * Fix invalid route * Move more suffix related stuff * Fix tests Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-27 17:40:22 +02:00			`suffix = check_suffix_signature(signed_alias_suffix)`
			`if not suffix:`
			`LOG.w("Alias creation time expired for %s", current_user)`
			`flash("Alias creation time is expired, please retry", "warning")`
			`return redirect(request.url)`
Anti tamper: avoid submitting any suffix 2020-05-02 12:15:03 +02:00			`except Exception:`
reformat 2021-09-08 11:29:55 +02:00			`LOG.w("Alias suffix is tampered, user %s", current_user)`
Anti tamper: avoid submitting any suffix 2020-05-02 12:15:03 +02:00			`flash("Unknown error, refresh the page", "error")`
validate the alias address before creating 2022-01-09 20:22:41 +01:00			`return redirect(request.url)`
Anti tamper: avoid submitting any suffix 2020-05-02 12:15:03 +02:00
Refactor alias suffix (#1194) * Extract suffix generation and validation to a module * Updated tests * Make custom alias use signed suffixes * Added the signature check to the module * Fix invalid route * Move more suffix related stuff * Fix tests Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-27 17:40:22 +02:00			`if verify_prefix_suffix(current_user, alias_prefix, suffix):`
			`full_alias = alias_prefix + suffix`
fix not setting custom_domain id when creating alias 2020-01-23 11:45:52 +01:00
validate the alias address before creating 2022-01-09 20:22:41 +01:00			`if ".." in full_alias:`
			`flash("Your alias can't contain 2 consecutive dots (..)", "error")`
			`return redirect(request.url)`

			`try:`
			`validate_email(`
			`full_alias, check_deliverability=False, allow_smtputf8=False`
			`)`
			`except EmailNotValidError as e:`
			`flash(str(e), "error")`
			`return redirect(request.url)`

more detailed error message when an alias can't be created 2020-10-09 11:48:52 +02:00			`general_error_msg = f"{full_alias} cannot be used"`

			`if Alias.get_by(email=full_alias):`
			`alias = Alias.get_by(email=full_alias)`
			`if alias.user_id == current_user.id:`
			`flash(f"You already have this alias {full_alias}", "error")`
			`else:`
			`flash(general_error_msg, "error")`
			`elif DomainDeletedAlias.get_by(email=full_alias):`
			`domain_deleted_alias: DomainDeletedAlias = DomainDeletedAlias.get_by(`
			`email=full_alias`
highlight newly created gen-email 2019-08-30 22:42:06 +02:00			`)`
more detailed error message when an alias can't be created 2020-10-09 11:48:52 +02:00			`custom_domain = domain_deleted_alias.domain`
Fix recreate alias from trash (#1641) * no need to check for a deleted alias that belongs to user domain * fix config.SAVE_UNSENT_DIR not set 2023-03-17 15:39:59 +01:00			`flash(`
			`f"You have deleted this alias before. You can restore it on "`
			`f"{custom_domain.domain} 'Deleted Alias' page",`
			`"error",`
			`)`
more detailed error message when an alias can't be created 2020-10-09 11:48:52 +02:00
			`elif DeletedAlias.get_by(email=full_alias):`
			`flash(general_error_msg, "error")`

Use the same design as on extension for custom alias: domains are presented in a dropdown list 2020-01-22 00:03:25 +01:00			`else:`
Handle IntegrityError when creating new alias 2020-10-24 15:50:29 +02:00			`try:`
			`alias = Alias.create(`
			`user_id=current_user.id,`
			`email=full_alias,`
			`note=alias_note,`
			`mailbox_id=mailboxes[0].id,`
			`)`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.flush()`
Handle IntegrityError when creating new alias 2020-10-24 15:50:29 +02:00			`except IntegrityError:`
reformat 2021-09-08 11:29:55 +02:00			`LOG.w("Alias %s already exists", full_alias)`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.rollback()`
Handle IntegrityError when creating new alias 2020-10-24 15:50:29 +02:00			`flash("Unknown error, please retry", "error")`
			`return redirect(url_for("dashboard.custom_alias"))`
Support multiple mailboxes in custom alias page 2020-05-03 16:50:39 +02:00
			`for i in range(1, len(mailboxes)):`
			`AliasMailbox.create(`
black new version 2020-08-27 10:20:48 +02:00			`alias_id=alias.id,`
			`mailbox_id=mailboxes[i].id,`
Support multiple mailboxes in custom alias page 2020-05-03 16:50:39 +02:00			`)`
fix not setting custom_domain id when creating alias 2020-01-23 11:45:52 +01:00
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
Use the same design as on extension for custom alias: domains are presented in a dropdown list 2020-01-22 00:03:25 +01:00			`flash(f"Alias {full_alias} has been created", "success")`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00
rename GenEmail -> Alias, gen_email to alias whenever possible 2020-03-17 11:51:40 +01:00			`return redirect(url_for("dashboard.index", highlight_alias_id=alias.id))`
Use the same design as on extension for custom alias: domains are presented in a dropdown list 2020-01-22 00:03:25 +01:00			`# only happen if the request has been "hacked"`
			`else:`
			`flash("something went wrong", "warning")`
premium user can choose custom alias 2019-07-06 23:25:52 +02:00
refactor custom_alias: create available_suffixes() 2020-05-02 12:34:11 +02:00			`return render_template(`
			`"dashboard/custom_alias.html",`
			`user_custom_domains=user_custom_domains,`
Refactor alias suffix (#1194) * Extract suffix generation and validation to a module * Updated tests * Make custom alias use signed suffixes * Added the signature check to the module * Fix invalid route * Move more suffix related stuff * Fix tests Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-27 17:40:22 +02:00			`alias_suffixes=alias_suffixes,`
display whether a domain is premium 2020-10-20 16:44:22 +02:00			`at_least_a_premium_domain=at_least_a_premium_domain,`
refactor custom_alias: create available_suffixes() 2020-05-02 12:34:11 +02:00			`mailboxes=mailboxes,`
Require CSRF check on custom alias creation (#1977) 2023-12-20 16:15:01 +01:00			`csrf_form=csrf_form,`
refactor custom_alias: create available_suffixes() 2020-05-02 12:34:11 +02:00			`)`