Mirror/app-MAIL-temp
1
0
Fork 0
mirror of https://github.com/simple-login/app.git synced 2024-09-28 20:51:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

check contact address in POST /aliases/<int:alias_id>/contacts

Browse Source
This commit is contained in:
Son NK 2020-11-03 11:10:32 +01:00
parent 72a34e28be
commit 751cc05534
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/api/views/alias.py
View File

@ -16,7 +16,7 @@ from app.api.serializer import (
) )
from app.config import EMAIL_DOMAIN from app.config import EMAIL_DOMAIN
from app.dashboard.views.alias_log import get_alias_log from app.dashboard.views.alias_log import get_alias_log
from app.email_utils import parseaddr_unicode from app.email_utils import parseaddr_unicode, is_valid_email
from app.extensions import db from app.extensions import db
from app.log import LOG from app.log import LOG
from app.models import Alias, Contact, Mailbox, AliasMailbox from app.models import Alias, Contact, Mailbox, AliasMailbox
@ -386,6 +386,9 @@ def create_contact_route(alias_id):
contact_addr = data.get("contact") contact_addr = data.get("contact")
if not contact_addr:
return jsonify(error="Contact cannot be empty"), 400
# generate a reply_email, make sure it is unique # generate a reply_email, make sure it is unique
# not use while to avoid infinite loop # not use while to avoid infinite loop
reply_email = f"ra+{random_string(25)}@{EMAIL_DOMAIN}" reply_email = f"ra+{random_string(25)}@{EMAIL_DOMAIN}"
@ -395,6 +398,8 @@ def create_contact_route(alias_id):
break break
contact_name, contact_email = parseaddr_unicode(contact_addr) contact_name, contact_email = parseaddr_unicode(contact_addr)
if not is_valid_email(contact_email):
return jsonify(error=f"invalid contact email {contact_email}"), 400
# already been added # already been added
if Contact.get_by(alias_id=alias.id, website_email=contact_email): if Contact.get_by(alias_id=alias.id, website_email=contact_email):

27
tests/api/test_alias.py
View File

@ -3,6 +3,7 @@ from flask import url_for
from app.config import PAGE_LIMIT from app.config import PAGE_LIMIT
from app.extensions import db from app.extensions import db
from app.models import User, ApiKey, Alias, Contact, EmailLog, Mailbox from app.models import User, ApiKey, Alias, Contact, EmailLog, Mailbox
from tests.utils import login
def test_get_aliases_error_without_pagination(flask_client): def test_get_aliases_error_without_pagination(flask_client):
@ -503,6 +504,32 @@ def test_create_contact_route(flask_client):
assert r.status_code == 409 assert r.status_code == 409
def test_create_contact_route_empty_contact_address(flask_client):
login(flask_client)
alias = Alias.query.first()
r = flask_client.post(
url_for("api.create_contact_route", alias_id=alias.id),
json={"contact": ""},
)
assert r.status_code == 400
assert r.json["error"] == "Contact cannot be empty"
def test_create_contact_route_invalid_contact_email(flask_client):
login(flask_client)
alias = Alias.query.first()
r = flask_client.post(
url_for("api.create_contact_route", alias_id=alias.id),
json={"contact": "with space@gmail.com"},
)
assert r.status_code == 400
assert r.json["error"] == "invalid contact email with space@gmail.com"
def test_delete_contact(flask_client): def test_delete_contact(flask_client):
user = User.create( user = User.create(
email="a@b.c", password="password", name="Test User", activated=True email="a@b.c", password="password", name="Test User", activated=True