Merge pull request #343 from simple-login/disable-directory

Able to disable directory on-the-fly alias creation
2020-12-07 11:13:53 +01:00 · 2020-12-07 11:13:53 +01:00 · 982d4e692a
parent a40bbe74fe ce3dae2a07
commit 982d4e692a
9 changed files with 153 additions and 7 deletions
--- a/app/alias_utils.py
+++ b/app/alias_utils.py
@ -8,6 +8,7 @@ from app.email_utils import (
    send_cannot_create_directory_alias,
    send_cannot_create_domain_alias,
    can_create_directory_for_address,
+    send_cannot_create_directory_alias_disabled,
 )
 from app.errors import AliasInTrashError
 from app.extensions import db
@ -66,6 +67,12 @@ def try_auto_create_directory(address: str) -> Optional[Alias]:
            send_cannot_create_directory_alias(dir_user, address, directory_name)
            return None

+        if directory.disabled:
+            send_cannot_create_directory_alias_disabled(
+                dir_user, address, directory_name
+            )
+            return None
+
        try:
            LOG.d("create alias %s for directory %s", address, directory)

--- a/app/config.py
+++ b/app/config.py
@ -324,6 +324,9 @@ ALERT_MAILBOX_IS_ALIAS = "mailbox_is_alias"

 AlERT_WRONG_MX_RECORD_CUSTOM_DOMAIN = "custom_domain_mx_record_issue"

+# alert when a new alias is about to be created on a disabled directory
+ALERT_DIRECTORY_DISABLED_ALIAS_CREATION = "alert_directory_disabled_alias_creation"
+
 # <<<<< END ALERT EMAIL >>>>

 # Disable onboarding emails
--- a/app/dashboard/templates/dashboard/directory.html
+++ b/app/dashboard/templates/dashboard/directory.html
@ -61,9 +61,35 @@
            <div class="card" style="">
              <div class="card-body">
                <h5 class="card-title">
-                  {{ dir.name }}
+                  <div class="d-flex">
+                    {{ dir.name }}
+
+                    <form method="post">
+                      <input type="hidden" name="form-name" value="toggle-directory">
+                      <input type="hidden" name="dir-id" value="{{ dir.id }}">
+
+                      <label class="custom-switch cursor" style="padding-left: 1rem"
+                             data-toggle="tooltip"
+                          {% if dir.disabled %}
+                             title="Enable directory on-the-fly alias creation"
+                          {% else %}
+                             title="Disable directory on-the-fly alias creation"
+                          {% endif %}
+                      >
+                        <input type="checkbox" class="custom-switch-input" name="dir-status"
+                            {{ "" if dir.disabled else "checked" }}>
+                        <span class="custom-switch-indicator"></span>
+                      </label>
+                    </form>
+                  </div>
                </h5>
+
                <h6 class="card-subtitle mb-2 text-muted">
+                  {% if dir.disabled %}
+                    <div class="mb-3">
+                      ⚠️ On-the-fly alias creation is disabled, you can't create new aliases with this directory.
+                    </div>
+                  {% endif %}
                  Created {{ dir.created_at | dt }} <br>
                  <span class="font-weight-bold">{{ dir.nb_alias() }}</span> aliases.

@ -195,5 +221,9 @@

    $('.mailbox-select').multipleSelect();

+    $(".custom-switch-input").change(function (e) {
+      $(this).closest("form").submit();
+    });
+
  </script>
 {% endblock %}
--- a/app/dashboard/views/directory.py
+++ b/app/dashboard/views/directory.py
@ -46,6 +46,26 @@ def directory():
            flash(f"Directory {name} has been deleted", "success")

            return redirect(url_for("dashboard.directory"))
+
+        if request.form.get("form-name") == "toggle-directory":
+            dir_id = request.form.get("dir-id")
+            dir = Directory.get(dir_id)
+
+            if not dir or dir.user_id != current_user.id:
+                flash("Unknown error. Refresh the page", "warning")
+                return redirect(url_for("dashboard.directory"))
+
+            if request.form.get("dir-status") == "on":
+                dir.disabled = False
+                flash(f"On-the-fly is enabled for {dir.name}", "success")
+            else:
+                dir.disabled = True
+                flash(f"On-the-fly is disabled for {dir.name}", "warning")
+
+            db.session.commit()
+
+            return redirect(url_for("dashboard.directory"))
+
        elif request.form.get("form-name") == "update":
            dir_id = request.form.get("dir-id")
            dir = Directory.get(dir_id)
--- a/app/email_utils.py
+++ b/app/email_utils.py
@ -37,6 +37,7 @@ from app.config import (
    URL,
    LANDING_PAGE_URL,
    EMAIL_DOMAIN,
+    ALERT_DIRECTORY_DISABLED_ALIAS_CREATION,
 )
 from app.dns_utils import get_mx_domains
 from app.extensions import db
@ -152,24 +153,48 @@ def send_test_email_alias(email, name):
    )


-def send_cannot_create_directory_alias(user, alias, directory):
+def send_cannot_create_directory_alias(user, alias_address, directory_name):
    """when user cancels their subscription, they cannot create alias on the fly.
    If this happens, send them an email to notify
    """
    send_email(
        user.email,
-        f"Alias {alias} cannot be created",
+        f"Alias {alias_address} cannot be created",
        render(
            "transactional/cannot-create-alias-directory.txt",
            name=user.name,
-            alias=alias,
-            directory=directory,
+            alias=alias_address,
+            directory=directory_name,
        ),
        render(
            "transactional/cannot-create-alias-directory.html",
            name=user.name,
-            alias=alias,
-            directory=directory,
+            alias=alias_address,
+            directory=directory_name,
+        ),
+    )
+
+
+def send_cannot_create_directory_alias_disabled(user, alias_address, directory_name):
+    """when the directory is disabled, new alias can't be created on-the-fly.
+    Send user an email to notify of an attempt
+    """
+    send_email_with_rate_control(
+        user,
+        ALERT_DIRECTORY_DISABLED_ALIAS_CREATION,
+        user.email,
+        f"Alias {alias_address} cannot be created",
+        render(
+            "transactional/cannot-create-alias-directory-disabled.txt",
+            name=user.name,
+            alias=alias_address,
+            directory=directory_name,
+        ),
+        render(
+            "transactional/cannot-create-alias-directory-disabled.html",
+            name=user.name,
+            alias=alias_address,
+            directory=directory_name,
        ),
    )

--- a/app/models.py
+++ b/app/models.py
@ -1622,6 +1622,8 @@ class LifetimeCoupon(db.Model, ModelMixin):
 class Directory(db.Model, ModelMixin):
    user_id = db.Column(db.ForeignKey(User.id, ondelete="cascade"), nullable=False)
    name = db.Column(db.String(128), unique=True, nullable=False)
+    # when a directory is disabled, new alias can't be created on the fly
+    disabled = db.Column(db.Boolean, default=False, nullable=False, server_default="0")

    user = db.relationship(User)

--- a/migrations/versions/2020_120710_780a8344914b_.py
+++ b/migrations/versions/2020_120710_780a8344914b_.py
@ -0,0 +1,29 @@
+"""empty message
+
+Revision ID: 780a8344914b
+Revises: c0d91ff18f77
+Create Date: 2020-12-07 10:33:14.157476
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '780a8344914b'
+down_revision = 'c0d91ff18f77'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('directory', sa.Column('disabled', sa.Boolean(), server_default='0', nullable=False))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('directory', 'disabled')
+    # ### end Alembic commands ###
--- a/templates/emails/transactional/cannot-create-alias-directory-disabled.html
+++ b/templates/emails/transactional/cannot-create-alias-directory-disabled.html
@ -0,0 +1,20 @@
+{% extends "base.html" %}
+
+{% block content %}
+  {{ render_text("Hi " + name) }}
+
+  {% call text() %}
+    An email has been sent to the alias <b>{{ alias }}</b> that would be created automatically as you own the directory <b>{{ directory }}</b>
+  {% endcall %}
+
+  {% call text() %}
+    As <b>on-the-fly alias creation is disabled</b> on this directory, the alias isn't created.
+  {% endcall %}
+
+  {% call text() %}
+    If you aren't aware of this alias, that probably means someone has discovered about your directory and is abusing it.
+  {% endcall %}
+
+
+  {{ render_text('Thanks, <br />SimpleLogin Team.') }}
+{% endblock %}
--- a/templates/emails/transactional/cannot-create-alias-directory-disabled.txt
+++ b/templates/emails/transactional/cannot-create-alias-directory-disabled.txt
@ -0,0 +1,10 @@
+Hi {{name}}
+
+An email has been sent to the alias {{alias}} that would be created automatically as you own the directory {{directory}}.
+
+As the directory has the on-the-fly alias creation disabled, the alias isn't created.
+
+If you aren't aware of this alias, that probably means someone has discovered about your directory and is abusing it.
+
+Best,
+SimpleLogin team.