app-MAIL-temp/app/api/views/mailbox.py

from smtplib import SMTPRecipientsRefused

from flask import g
from flask import jsonify
from flask import request

from app import mailbox_utils
from app.api.base import api_bp, require_api_auth
from app.dashboard.views.mailbox_detail import verify_mailbox_change
from app.db import Session
from app.email_utils import (
    mailbox_already_used,
    email_can_be_used_as_mailbox,
)
from app.models import Mailbox
from app.utils import sanitize_email


def mailbox_to_dict(mailbox: Mailbox):
    return {
        "id": mailbox.id,
        "email": mailbox.email,
        "verified": mailbox.verified,
        "default": mailbox.user.default_mailbox_id == mailbox.id,
        "creation_timestamp": mailbox.created_at.timestamp,
        "nb_alias": mailbox.nb_alias(),
    }


@api_bp.route("/mailboxes", methods=["POST"])
@require_api_auth
def create_mailbox():
    """
    Create a new mailbox. User needs to verify the mailbox via an activation email.
    Input:
        email: in body
    Output:
        the new mailbox dict
    """
    user = g.user
    mailbox_email = sanitize_email(request.get_json().get("email"))

    try:
        new_mailbox = mailbox_utils.create_mailbox(user, mailbox_email)
    except mailbox_utils.MailboxError as e:
        return jsonify(error=e.msg), 400

    return (
        jsonify(mailbox_to_dict(new_mailbox)),
        201,
    )


@api_bp.route("/mailboxes/<int:mailbox_id>", methods=["DELETE"])
@require_api_auth
def delete_mailbox(mailbox_id):
    """
    Delete mailbox
    Input:
        mailbox_id: in url
        (optional) transfer_aliases_to: in body. Id of the new mailbox for the aliases.
                                        If omitted or the value is set to -1,
                                        the aliases of the mailbox will be deleted too.
    Output:
        200 if deleted successfully

    """
    user = g.user
    data = request.get_json() or {}
    transfer_mailbox_id = data.get("transfer_aliases_to")
    if transfer_mailbox_id and int(transfer_mailbox_id) >= 0:
        transfer_mailbox_id = int(transfer_mailbox_id)
    else:
        transfer_mailbox_id = None

    try:
        mailbox_utils.delete_mailbox(user, mailbox_id, transfer_mailbox_id)
    except mailbox_utils.MailboxError as e:
        return jsonify(error=e.msg), 400

    return jsonify(deleted=True), 200


@api_bp.route("/mailboxes/<int:mailbox_id>", methods=["PUT"])
@require_api_auth
def update_mailbox(mailbox_id):
    """
    Update mailbox
    Input:
        mailbox_id: in url
        (optional) default: in body. Set a mailbox as the default mailbox.
        (optional) email: in body. Change a mailbox email.
        (optional) cancel_email_change: in body. Cancel mailbox email change.
    Output:
        200 if updated successfully

    """
    user = g.user
    mailbox = Mailbox.get(mailbox_id)

    if not mailbox or mailbox.user_id != user.id:
        return jsonify(error="Forbidden"), 403

    data = request.get_json() or {}
    changed = False
    if "default" in data:
        is_default = data.get("default")
        if is_default:
            if not mailbox.verified:
                return (
                    jsonify(
                        error="Unverified mailbox cannot be used as default mailbox"
                    ),
                    400,
                )
            user.default_mailbox_id = mailbox.id
            changed = True

    if "email" in data:
        new_email = sanitize_email(data.get("email"))

        if mailbox_already_used(new_email, user):
            return jsonify(error=f"{new_email} already used"), 400
        elif not email_can_be_used_as_mailbox(new_email):
            return (
                jsonify(
                    error=f"{new_email} cannot be used. Please note a mailbox cannot "
                    f"be a disposable email address"
                ),
                400,
            )

        try:
            verify_mailbox_change(user, mailbox, new_email)
        except SMTPRecipientsRefused:
            return jsonify(error=f"Incorrect mailbox, please recheck {new_email}"), 400
        else:
            mailbox.new_email = new_email
            changed = True

    if "cancel_email_change" in data:
        cancel_email_change = data.get("cancel_email_change")
        if cancel_email_change:
            mailbox.new_email = None
            changed = True

    if changed:
        Session.commit()

    return jsonify(updated=True), 200


@api_bp.route("/mailboxes", methods=["GET"])
@require_api_auth
def get_mailboxes():
    """
    Get verified mailboxes
    Output:
        - mailboxes: list of mailbox dict
    """
    user = g.user

    return (
        jsonify(mailboxes=[mailbox_to_dict(mb) for mb in user.mailboxes()]),
        200,
    )


@api_bp.route("/v2/mailboxes", methods=["GET"])
@require_api_auth
def get_mailboxes_v2():
    """
    Get all mailboxes - including unverified mailboxes
    Output:
        - mailboxes: list of mailbox dict
    """
    user = g.user
    mailboxes = []

    for mailbox in Mailbox.filter_by(user_id=user.id):
        mailboxes.append(mailbox)

    return (
        jsonify(mailboxes=[mailbox_to_dict(mb) for mb in mailboxes]),
        200,
    )
can update mailbox email 2020-05-23 16:40:28 +02:00			`from smtplib import SMTPRecipientsRefused`

remove unused imports 2020-05-23 19:18:35 +02:00			`from flask import g`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`from flask import jsonify`
			`from flask import request`

Move mailbox management to a module (#2164) 2024-07-30 13:36:48 +02:00			`from app import mailbox_utils`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`from app.api.base import api_bp, require_api_auth`
can update mailbox email 2020-05-23 16:40:28 +02:00			`from app.dashboard.views.mailbox_detail import verify_mailbox_change`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`from app.db import Session`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`from app.email_utils import (`
			`mailbox_already_used,`
rename email_domain_can_be_used_as_mailbox -> email_can_be_used_as_mailbox 2020-10-15 16:05:47 +02:00			`email_can_be_used_as_mailbox,`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`)`
Move mailbox management to a module (#2164) 2024-07-30 13:36:48 +02:00			`from app.models import Mailbox`
Restore /alias/custom/new as currently used by safari 2021-03-31 14:41:32 +02:00			`from app.utils import sanitize_email`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00

use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`def mailbox_to_dict(mailbox: Mailbox):`
			`return {`
			`"id": mailbox.id,`
			`"email": mailbox.email,`
			`"verified": mailbox.verified,`
			`"default": mailbox.user.default_mailbox_id == mailbox.id,`
			`"creation_timestamp": mailbox.created_at.timestamp,`
			`"nb_alias": mailbox.nb_alias(),`
			`}`


add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`@api_bp.route("/mailboxes", methods=["POST"])`
			`@require_api_auth`
			`def create_mailbox():`
			`"""`
			`Create a new mailbox. User needs to verify the mailbox via an activation email.`
			`Input:`
			`email: in body`
			`Output:`
use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`the new mailbox dict`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`"""`
			`user = g.user`
use sanitize_email instead of .lower().strip().replace(" ", "") 2021-01-11 12:29:40 +01:00			`mailbox_email = sanitize_email(request.get_json().get("email"))`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00
Move mailbox management to a module (#2164) 2024-07-30 13:36:48 +02:00			`try:`
			`new_mailbox = mailbox_utils.create_mailbox(user, mailbox_email)`
			`except mailbox_utils.MailboxError as e:`
			`return jsonify(error=e.msg), 400`
Revert "Add code verification for creating mailboxes (#1725)" (#1727) This reverts commit a5e7da10ddbaf92fce3c95e01a400bbf3e440120. Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-05-09 18:04:04 +02:00
Move mailbox management to a module (#2164) 2024-07-30 13:36:48 +02:00			`return (`
			`jsonify(mailbox_to_dict(new_mailbox)),`
			`201,`
			`)`
Add DELETE /api/mailboxes/:mailbox_id 2020-05-23 16:18:12 +02:00

Enforce int params in routes (#1159) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-15 17:10:00 +02:00			`@api_bp.route("/mailboxes/<int:mailbox_id>", methods=["DELETE"])`
Add DELETE /api/mailboxes/:mailbox_id 2020-05-23 16:18:12 +02:00			`@require_api_auth`
			`def delete_mailbox(mailbox_id):`
			`"""`
			`Delete mailbox`
			`Input:`
			`mailbox_id: in url`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`(optional) transfer_aliases_to: in body. Id of the new mailbox for the aliases.`
			`If omitted or the value is set to -1,`
			`the aliases of the mailbox will be deleted too.`
Add DELETE /api/mailboxes/:mailbox_id 2020-05-23 16:18:12 +02:00			`Output:`
			`200 if deleted successfully`

			`"""`
			`user = g.user`
Tranfer aliases to a new mailbox when deleting mailboxes (#1534) * Set up npm clean install instead of npm install in order to keep the version of npm packages 🎨 * Add option to transfer the alias to a new mailbox when a mailbox is deleted * Moved alias transfer to job * Lint * Update forms * Revert dockerfile change Co-authored-by: ewen <ewen.coppens@a1.digital> Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-01-17 11:55:34 +01:00			`data = request.get_json() or {}`
			`transfer_mailbox_id = data.get("transfer_aliases_to")`
			`if transfer_mailbox_id and int(transfer_mailbox_id) >= 0:`
Move mailbox management to a module (#2164) 2024-07-30 13:36:48 +02:00			`transfer_mailbox_id = int(transfer_mailbox_id)`
			`else:`
			`transfer_mailbox_id = None`

			`try:`
			`mailbox_utils.delete_mailbox(user, mailbox_id, transfer_mailbox_id)`
			`except mailbox_utils.MailboxError as e:`
			`return jsonify(error=e.msg), 400`
Add DELETE /api/mailboxes/:mailbox_id 2020-05-23 16:18:12 +02:00
			`return jsonify(deleted=True), 200`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00

Enforce int params in routes (#1159) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-15 17:10:00 +02:00			`@api_bp.route("/mailboxes/<int:mailbox_id>", methods=["PUT"])`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`@require_api_auth`
			`def update_mailbox(mailbox_id):`
			`"""`
			`Update mailbox`
			`Input:`
			`mailbox_id: in url`
can update mailbox email 2020-05-23 16:40:28 +02:00			`(optional) default: in body. Set a mailbox as the default mailbox.`
			`(optional) email: in body. Change a mailbox email.`
user can cancel mailbox email change 2020-05-23 16:43:48 +02:00			`(optional) cancel_email_change: in body. Cancel mailbox email change.`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`Output:`
			`200 if updated successfully`

			`"""`
			`user = g.user`
			`mailbox = Mailbox.get(mailbox_id)`

			`if not mailbox or mailbox.user_id != user.id:`
			`return jsonify(error="Forbidden"), 403`

			`data = request.get_json() or {}`
			`changed = False`
			`if "default" in data:`
			`is_default = data.get("default")`
			`if is_default:`
make sure only verified mailbox can be used as default 2020-11-03 12:43:01 +01:00			`if not mailbox.verified:`
			`return (`
			`jsonify(`
			`error="Unverified mailbox cannot be used as default mailbox"`
			`),`
			`400,`
			`)`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`user.default_mailbox_id = mailbox.id`
			`changed = True`

can update mailbox email 2020-05-23 16:40:28 +02:00			`if "email" in data:`
use sanitize_email instead of .lower().strip().replace(" ", "") 2021-01-11 12:29:40 +01:00			`new_email = sanitize_email(data.get("email"))`
can update mailbox email 2020-05-23 16:40:28 +02:00
			`if mailbox_already_used(new_email, user):`
			`return jsonify(error=f"{new_email} already used"), 400`
rename email_domain_can_be_used_as_mailbox -> email_can_be_used_as_mailbox 2020-10-15 16:05:47 +02:00			`elif not email_can_be_used_as_mailbox(new_email):`
can update mailbox email 2020-05-23 16:40:28 +02:00			`return (`
			`jsonify(`
			`error=f"{new_email} cannot be used. Please note a mailbox cannot "`
			`f"be a disposable email address"`
			`),`
			`400,`
			`)`

			`try:`
			`verify_mailbox_change(user, mailbox, new_email)`
			`except SMTPRecipientsRefused:`
			`return jsonify(error=f"Incorrect mailbox, please recheck {new_email}"), 400`
			`else:`
			`mailbox.new_email = new_email`
			`changed = True`

user can cancel mailbox email change 2020-05-23 16:43:48 +02:00			`if "cancel_email_change" in data:`
			`cancel_email_change = data.get("cancel_email_change")`
			`if cancel_email_change:`
			`mailbox.new_email = None`
			`changed = True`

PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`if changed:`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00
can update mailbox email 2020-05-23 16:40:28 +02:00			`return jsonify(updated=True), 200`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00

			`@api_bp.route("/mailboxes", methods=["GET"])`
			`@require_api_auth`
			`def get_mailboxes():`
			`"""`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00			`Get verified mailboxes`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00			`Output:`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00			`- mailboxes: list of mailbox dict`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00			`"""`
			`user = g.user`

			`return (`
use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`jsonify(mailboxes=[mailbox_to_dict(mb) for mb in user.mailboxes()]),`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00			`200,`
			`)`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00

			`@api_bp.route("/v2/mailboxes", methods=["GET"])`
			`@require_api_auth`
			`def get_mailboxes_v2():`
			`"""`
			`Get all mailboxes - including unverified mailboxes`
			`Output:`
			`- mailboxes: list of mailbox dict`
			`"""`
			`user = g.user`
			`mailboxes = []`

do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`for mailbox in Mailbox.filter_by(user_id=user.id):`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00			`mailboxes.append(mailbox)`

			`return (`
			`jsonify(mailboxes=[mailbox_to_dict(mb) for mb in mailboxes]),`
			`200,`
			`)`