app-MAIL-temp/app/api/views/mailbox.py

from smtplib import SMTPRecipientsRefused

import arrow
from flask import g
from flask import jsonify
from flask import request

from app.api.base import api_bp, require_api_auth
from app.config import JOB_DELETE_MAILBOX
from app.dashboard.views.mailbox import send_verification_email
from app.dashboard.views.mailbox_detail import verify_mailbox_change
from app.db import Session
from app.email_utils import (
    mailbox_already_used,
    email_can_be_used_as_mailbox,
    is_valid_email,
)
from app.log import LOG
from app.models import Mailbox, Job
from app.utils import sanitize_email


def mailbox_to_dict(mailbox: Mailbox):
    return {
        "id": mailbox.id,
        "email": mailbox.email,
        "verified": mailbox.verified,
        "default": mailbox.user.default_mailbox_id == mailbox.id,
        "creation_timestamp": mailbox.created_at.timestamp,
        "nb_alias": mailbox.nb_alias(),
    }


@api_bp.route("/mailboxes", methods=["POST"])
@require_api_auth
def create_mailbox():
    """
    Create a new mailbox. User needs to verify the mailbox via an activation email.
    Input:
        email: in body
    Output:
        the new mailbox dict
    """
    user = g.user
    mailbox_email = sanitize_email(request.get_json().get("email"))

    if not user.is_premium():
        return jsonify(error=f"Only premium plan can add additional mailbox"), 400

    if not is_valid_email(mailbox_email):
        return jsonify(error=f"{mailbox_email} invalid"), 400
    elif mailbox_already_used(mailbox_email, user):
        return jsonify(error=f"{mailbox_email} already used"), 400
    elif not email_can_be_used_as_mailbox(mailbox_email):
        return (
            jsonify(
                error=f"{mailbox_email} cannot be used. Please note a mailbox cannot "
                f"be a disposable email address"
            ),
            400,
        )
    else:
        new_mailbox = Mailbox.create(email=mailbox_email, user_id=user.id)
        Session.commit()

        send_verification_email(user, new_mailbox)

        return (
            jsonify(mailbox_to_dict(new_mailbox)),
            201,
        )


@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])
@require_api_auth
def delete_mailbox(mailbox_id):
    """
    Delete mailbox
    Input:
        mailbox_id: in url
    Output:
        200 if deleted successfully

    """
    user = g.user
    mailbox = Mailbox.get(mailbox_id)

    if not mailbox or mailbox.user_id != user.id:
        return jsonify(error="Forbidden"), 403

    if mailbox.id == user.default_mailbox_id:
        return jsonify(error="You cannot delete the default mailbox"), 400

    # Schedule delete account job
    LOG.w("schedule delete mailbox job for %s", mailbox)
    Job.create(
        name=JOB_DELETE_MAILBOX,
        payload={"mailbox_id": mailbox.id},
        run_at=arrow.now(),
        commit=True,
    )

    return jsonify(deleted=True), 200


@api_bp.route("/mailboxes/<mailbox_id>", methods=["PUT"])
@require_api_auth
def update_mailbox(mailbox_id):
    """
    Update mailbox
    Input:
        mailbox_id: in url
        (optional) default: in body. Set a mailbox as the default mailbox.
        (optional) email: in body. Change a mailbox email.
        (optional) cancel_email_change: in body. Cancel mailbox email change.
    Output:
        200 if updated successfully

    """
    user = g.user
    mailbox = Mailbox.get(mailbox_id)

    if not mailbox or mailbox.user_id != user.id:
        return jsonify(error="Forbidden"), 403

    data = request.get_json() or {}
    changed = False
    if "default" in data:
        is_default = data.get("default")
        if is_default:
            if not mailbox.verified:
                return (
                    jsonify(
                        error="Unverified mailbox cannot be used as default mailbox"
                    ),
                    400,
                )
            user.default_mailbox_id = mailbox.id
            changed = True

    if "email" in data:
        new_email = sanitize_email(data.get("email"))

        if mailbox_already_used(new_email, user):
            return jsonify(error=f"{new_email} already used"), 400
        elif not email_can_be_used_as_mailbox(new_email):
            return (
                jsonify(
                    error=f"{new_email} cannot be used. Please note a mailbox cannot "
                    f"be a disposable email address"
                ),
                400,
            )

        try:
            verify_mailbox_change(user, mailbox, new_email)
        except SMTPRecipientsRefused:
            return jsonify(error=f"Incorrect mailbox, please recheck {new_email}"), 400
        else:
            mailbox.new_email = new_email
            changed = True

    if "cancel_email_change" in data:
        cancel_email_change = data.get("cancel_email_change")
        if cancel_email_change:
            mailbox.new_email = None
            changed = True

    if changed:
        Session.commit()

    return jsonify(updated=True), 200


@api_bp.route("/mailboxes", methods=["GET"])
@require_api_auth
def get_mailboxes():
    """
    Get verified mailboxes
    Output:
        - mailboxes: list of mailbox dict
    """
    user = g.user

    return (
        jsonify(mailboxes=[mailbox_to_dict(mb) for mb in user.mailboxes()]),
        200,
    )


@api_bp.route("/v2/mailboxes", methods=["GET"])
@require_api_auth
def get_mailboxes_v2():
    """
    Get all mailboxes - including unverified mailboxes
    Output:
        - mailboxes: list of mailbox dict
    """
    user = g.user
    mailboxes = []

    for mailbox in Mailbox.filter_by(user_id=user.id):
        mailboxes.append(mailbox)

    return (
        jsonify(mailboxes=[mailbox_to_dict(mb) for mb in mailboxes]),
        200,
    )
can update mailbox email 2020-05-23 16:40:28 +02:00			`from smtplib import SMTPRecipientsRefused`

use job system for deleting mailbox 2021-10-13 11:40:15 +02:00			`import arrow`
remove unused imports 2020-05-23 19:18:35 +02:00			`from flask import g`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`from flask import jsonify`
			`from flask import request`

			`from app.api.base import api_bp, require_api_auth`
use job system for deleting mailbox 2021-10-13 11:40:15 +02:00			`from app.config import JOB_DELETE_MAILBOX`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`from app.dashboard.views.mailbox import send_verification_email`
can update mailbox email 2020-05-23 16:40:28 +02:00			`from app.dashboard.views.mailbox_detail import verify_mailbox_change`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`from app.db import Session`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`from app.email_utils import (`
			`mailbox_already_used,`
rename email_domain_can_be_used_as_mailbox -> email_can_be_used_as_mailbox 2020-10-15 16:05:47 +02:00			`email_can_be_used_as_mailbox,`
make sure mailbox email is valid 2020-11-22 12:18:31 +01:00			`is_valid_email,`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`)`
use job system for deleting mailbox 2021-10-13 11:40:15 +02:00			`from app.log import LOG`
			`from app.models import Mailbox, Job`
Restore /alias/custom/new as currently used by safari 2021-03-31 14:41:32 +02:00			`from app.utils import sanitize_email`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00

use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`def mailbox_to_dict(mailbox: Mailbox):`
			`return {`
			`"id": mailbox.id,`
			`"email": mailbox.email,`
			`"verified": mailbox.verified,`
			`"default": mailbox.user.default_mailbox_id == mailbox.id,`
			`"creation_timestamp": mailbox.created_at.timestamp,`
			`"nb_alias": mailbox.nb_alias(),`
			`}`


add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`@api_bp.route("/mailboxes", methods=["POST"])`
			`@require_api_auth`
			`def create_mailbox():`
			`"""`
			`Create a new mailbox. User needs to verify the mailbox via an activation email.`
			`Input:`
			`email: in body`
			`Output:`
use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`the new mailbox dict`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`"""`
			`user = g.user`
use sanitize_email instead of .lower().strip().replace(" ", "") 2021-01-11 12:29:40 +01:00			`mailbox_email = sanitize_email(request.get_json().get("email"))`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00
make sure only premium user can create new mailbox via API 2021-06-02 17:17:28 +02:00			`if not user.is_premium():`
			`return jsonify(error=f"Only premium plan can add additional mailbox"), 400`

make sure mailbox email is valid 2020-11-22 12:18:31 +01:00			`if not is_valid_email(mailbox_email):`
			`return jsonify(error=f"{mailbox_email} invalid"), 400`
			`elif mailbox_already_used(mailbox_email, user):`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`return jsonify(error=f"{mailbox_email} already used"), 400`
rename email_domain_can_be_used_as_mailbox -> email_can_be_used_as_mailbox 2020-10-15 16:05:47 +02:00			`elif not email_can_be_used_as_mailbox(mailbox_email):`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`return (`
			`jsonify(`
			`error=f"{mailbox_email} cannot be used. Please note a mailbox cannot "`
			`f"be a disposable email address"`
			`),`
			`400,`
			`)`
			`else:`
			`new_mailbox = Mailbox.create(email=mailbox_email, user_id=user.id)`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00
			`send_verification_email(user, new_mailbox)`

			`return (`
use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`jsonify(mailbox_to_dict(new_mailbox)),`
add POST /api/mailboxes: create a new mailbox 2020-05-23 16:09:06 +02:00			`201,`
			`)`
Add DELETE /api/mailboxes/:mailbox_id 2020-05-23 16:18:12 +02:00

			`@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])`
			`@require_api_auth`
			`def delete_mailbox(mailbox_id):`
			`"""`
			`Delete mailbox`
			`Input:`
			`mailbox_id: in url`
			`Output:`
			`200 if deleted successfully`

			`"""`
			`user = g.user`
			`mailbox = Mailbox.get(mailbox_id)`

			`if not mailbox or mailbox.user_id != user.id:`
			`return jsonify(error="Forbidden"), 403`

			`if mailbox.id == user.default_mailbox_id:`
			`return jsonify(error="You cannot delete the default mailbox"), 400`

use job system for deleting mailbox 2021-10-13 11:40:15 +02:00			`# Schedule delete account job`
			`LOG.w("schedule delete mailbox job for %s", mailbox)`
			`Job.create(`
			`name=JOB_DELETE_MAILBOX,`
			`payload={"mailbox_id": mailbox.id},`
			`run_at=arrow.now(),`
			`commit=True,`
			`)`
Add DELETE /api/mailboxes/:mailbox_id 2020-05-23 16:18:12 +02:00
			`return jsonify(deleted=True), 200`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00

			`@api_bp.route("/mailboxes/<mailbox_id>", methods=["PUT"])`
			`@require_api_auth`
			`def update_mailbox(mailbox_id):`
			`"""`
			`Update mailbox`
			`Input:`
			`mailbox_id: in url`
can update mailbox email 2020-05-23 16:40:28 +02:00			`(optional) default: in body. Set a mailbox as the default mailbox.`
			`(optional) email: in body. Change a mailbox email.`
user can cancel mailbox email change 2020-05-23 16:43:48 +02:00			`(optional) cancel_email_change: in body. Cancel mailbox email change.`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`Output:`
			`200 if updated successfully`

			`"""`
			`user = g.user`
			`mailbox = Mailbox.get(mailbox_id)`

			`if not mailbox or mailbox.user_id != user.id:`
			`return jsonify(error="Forbidden"), 403`

			`data = request.get_json() or {}`
			`changed = False`
			`if "default" in data:`
			`is_default = data.get("default")`
			`if is_default:`
make sure only verified mailbox can be used as default 2020-11-03 12:43:01 +01:00			`if not mailbox.verified:`
			`return (`
			`jsonify(`
			`error="Unverified mailbox cannot be used as default mailbox"`
			`),`
			`400,`
			`)`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`user.default_mailbox_id = mailbox.id`
			`changed = True`

can update mailbox email 2020-05-23 16:40:28 +02:00			`if "email" in data:`
use sanitize_email instead of .lower().strip().replace(" ", "") 2021-01-11 12:29:40 +01:00			`new_email = sanitize_email(data.get("email"))`
can update mailbox email 2020-05-23 16:40:28 +02:00
			`if mailbox_already_used(new_email, user):`
			`return jsonify(error=f"{new_email} already used"), 400`
rename email_domain_can_be_used_as_mailbox -> email_can_be_used_as_mailbox 2020-10-15 16:05:47 +02:00			`elif not email_can_be_used_as_mailbox(new_email):`
can update mailbox email 2020-05-23 16:40:28 +02:00			`return (`
			`jsonify(`
			`error=f"{new_email} cannot be used. Please note a mailbox cannot "`
			`f"be a disposable email address"`
			`),`
			`400,`
			`)`

			`try:`
			`verify_mailbox_change(user, mailbox, new_email)`
			`except SMTPRecipientsRefused:`
			`return jsonify(error=f"Incorrect mailbox, please recheck {new_email}"), 400`
			`else:`
			`mailbox.new_email = new_email`
			`changed = True`

user can cancel mailbox email change 2020-05-23 16:43:48 +02:00			`if "cancel_email_change" in data:`
			`cancel_email_change = data.get("cancel_email_change")`
			`if cancel_email_change:`
			`mailbox.new_email = None`
			`changed = True`

PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00			`if changed:`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
PUT /api/mailboxes/:mailbox_id: update mailbox 2020-05-23 16:26:26 +02:00
can update mailbox email 2020-05-23 16:40:28 +02:00			`return jsonify(updated=True), 200`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00

			`@api_bp.route("/mailboxes", methods=["GET"])`
			`@require_api_auth`
			`def get_mailboxes():`
			`"""`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00			`Get verified mailboxes`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00			`Output:`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00			`- mailboxes: list of mailbox dict`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00			`"""`
			`user = g.user`

			`return (`
use same mailbox format for "POST /api/mailboxes" and "GET /api/mailboxes" 2020-11-03 11:22:01 +01:00			`jsonify(mailboxes=[mailbox_to_dict(mb) for mb in user.mailboxes()]),`
move get mailboxes to mailbox.py 2020-05-23 16:46:10 +02:00			`200,`
			`)`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00

			`@api_bp.route("/v2/mailboxes", methods=["GET"])`
			`@require_api_auth`
			`def get_mailboxes_v2():`
			`"""`
			`Get all mailboxes - including unverified mailboxes`
			`Output:`
			`- mailboxes: list of mailbox dict`
			`"""`
			`user = g.user`
			`mailboxes = []`

do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`for mailbox in Mailbox.filter_by(user_id=user.id):`
add GET /api/v2/mailboxes 2020-11-03 12:14:13 +01:00			`mailboxes.append(mailbox)`

			`return (`
			`jsonify(mailboxes=[mailbox_to_dict(mb) for mb in mailboxes]),`
			`200,`
			`)`